CA INTER

Paper-5: Auditing and Ethics

Transition file

BY CA Sanidhya Saraf

1|Page BY CA Sanidhya Saraf

ABOUT THE AUTHOR

CA by Profession and Teacher by passion, CA Sanidhya Saraf is a

young and dynamic faculty of Audit who has achieved a lot of fame
and success in a short span of time.

His unique methodology of teaching Audit has made him very popular
among students of CA and CMA fraternity.

He has taught more than 30000 students and mentored thousands of

students to achieve success in Audit under his guidance.

This book of Inter Audit has been designed keeping in mind the
examination requirement of students. It is presented in a simpler
version in the form of charts and tables to facilitate ease of learning
for students.

For any suggestions or value additions required to be incorporated in

the material mail us at sanidhyasaraf@[Link]

2|Page BY CA Sanidhya Saraf

 Transition Notes for CA Inter Audit

1. New SA’s inserted

-SQC 1, SA 260, SA 265, SA 330, SA 450, 600, 610

2. SAs having significant changes

- SA 560,570, 580

3. Risk Assessment and Internal Control

. Moderate change in topic “Audit of Automated Environment”

4. Special Features of Audit of Different Type of Entities

.Audit of Trust and Society added

5. Topics Removed
1. SA 240
2. ⁠ SA 402

6. Minor Reshufflings
1. Topics pertaining to Ethics and Independence has been removed from Chapter 1 to
Chapter 11.
2. ⁠ Topics of Audit Sampling and Analytical Procedures have been merged in chapter of
Audit Evidence.

Table of Contents
[Link]. Topic Page no.
1 SQC 1, SA 260, SA 265, SA 330, SA 450, 600, 610 4-45
2 SA 560,570, 580 46-63
3 Risk Assessment and Internal Control (Audit of 64-66
Automated Environment)
4 Special Features of Audit of Different Type of Entities 66-69
(Audit of trust added)

3|Page BY CA Sanidhya Saraf

1. SQC 1, SA 260, SA 265, SA 330, SA 450, 600, 610
SQC – 1 “Quality Control For Firms That Perform Audits & Reviews Of Historical
Financial Information, And Other Assurance & Related Services Engagements
Objective - All firms to have system of quality control that provides reasonable
assurance that:

(a) Firm & personnel comply with professional standards, regulatory & legal
requirements,

(b) Reports issued by firm or partners are appropriate in the circumstances.

4|Page BY CA Sanidhya Saraf

Elements Of A System Of Quality Control

The firm’s system of quality control should include policies and procedures addressing
each of the following elements:

(a) Leadership responsibilities for quality within the firm

The firm should establish policies and procedures designed to promote an internal
culture based on the recognition that quality is essential in performing engagements.
The firm’s chief executive officer (or equivalent) or, if appropriate, the firm’s managing
partners (or equivalent), to assume ultimate responsibility for the firm’s system of
quality control.

It has been laid down clearly that firm’s business strategy is subject to the overriding
requirement for the firm to achieve quality in all the engagements that the firm
performs. Essentially, it implies that audit quality is paramount in all engagements. It is
non-negotiable. In this regard, it should be ensured that: -

i. The firm assigns its management responsibilities so that commercial considerations

do not override the quality of work performed.

ii. The firm’s policies and procedures addressing performance evaluation,

compensation, and promotion (including incentive systems) with regard to its
personnel are designed to demonstrate the firm’s overriding commitment to quality
and

iii. The firm devotes sufficient resources for the development, documentation and
support of its quality control policies and procedures.

(b) Ethical requirements

Establish policies & procedures to reasonable assure that Firm & personnel comply with
relevant ethical requirements of

5|Page BY CA Sanidhya Saraf

1. Integrity. 2. Objectivity. 3. Professional competence & due care. 4. Confidentiality. 5.
Professional behaviour.

Observance of “Independence” in all engagements is the founding requirement. The firm

should establish policies and procedures designed to provide it with reasonable assurance
that the firm, its personnel and (including experts contracted by the firm and network
firm personnel) maintain independence where required by the Code. Such policies and
procedures should enable the firm to-

❖ Communicate its independence requirements to personnel.

❖ Identify and evaluate circumstances and relationships that create threats to

independence, and to take appropriate action to eliminate those threats or reduce
them to an acceptable level by applying safeguards, or, if considered appropriate,
to withdraw from the engagement.

Note :
❖ At least annually, the firm should obtain written confirmation of compliance
with its policies and procedures on independence from all firm personnel
required to be independent in terms of the requirements of the Code.

❖ SQC 1 lays special emphasis on familiarity threat. The familiarity threat is

particularly relevant in the context of financial statement audits of listed
entities. For these audits, the engagement partner should be rotated after
a pre- defined period, normally not more than seven years (except in cases
where audit of listed entities is conducted by a sole practitioner).

(c) Acceptance and continuance of client relationships

Auditor should also obtain necessary information before accepting the audit engagement.
The information which assists the auditor in accepting and continuing of relationship with
client are as follows:

❖ The integrity and competence of TCWG and management of the entity.

❖ Engagement team own’s competence to perform the audit.

❖ Compliance with relevant ethical requirements by firm and the engagement team.

❖ Significant matters that have arisen during the current or previous audit
engagement, and their implications for continuing the relationship.

With regard to the integrity of a client, matters that the firm considers include,
for example:

6|Page BY CA Sanidhya Saraf

❖ The identity and business reputation of the client’s principal owners, key
management, related parties and those charged with its governance.

❖ The nature of the client’s operations, including its business practices.

❖ Information concerning the attitude of the client’s principal owners, key

management and those charged with its governance towards such matters as
aggressive interpretation of accounting standards and the internal control
environment.

❖ Whether the client is aggressively concerned with maintaining the firm’s fees as
low as possible.

❖ Indications of an inappropriate limitation in the scope of work.

❖ Indications that the client might be involved in money laundering or other criminal
activities.

❖ The reasons for the proposed appointment of the firm and non-reappointment of
the previous firm. The extent of knowledge a firm will have regarding the integrity
of a client will generally grow within the context of an ongoing relationship with
that client.

In considering whether the firm has the capabilities, competence, time and resources
to undertake an engagement, following matters have to be taken into consideration:
-

❖ Firm personnel have knowledge of relevant industries or subject matters;

❖ Firm personnel have experience with relevant regulatory or reporting

requirements, or the ability to gain the necessary skills and knowledge effectively;

❖ The firm has sufficient personnel with the necessary capabilities and competence;

❖ Experts are available, if needed;

❖ Individuals meeting the criteria and eligibility requirements to perform engagement

quality control review are available, where applicable; and

❖ The firm would be able to complete the engagement within the reporting deadline.

(d) Human resources

The firm should establish policies and procedures designed to provide it with reasonable
assurance that it has sufficient personnel with the capabilities, competence, and
commitment to ethical principles.

The firm should establish policies and procedures requiring that:

7|Page BY CA Sanidhya Saraf

 (a) The identity and role of the engagement partner are communicated to key
members of the client’s management and those charged with governance;

(b) The engagement partner has the appropriate capabilities, competence, authority
and time to perform the role; and

(c) The responsibilities of the engagement partner are clearly defined and
communicated to that partner

(e) Engagement performance-

Important Aspects of Engagement Performance

1. Supervision- Supervision includes the following:

(i) Tracking the progress of the engagement.

(ii) Considering the capabilities and competence of individual members of the

engagement team, whether they have sufficient time to carry out their work,
whether they understand their instructions and whether the work is being
carried out in accordance with the planned approach to the engagement.

(iii) Addressing significant issues, considering their significance and appropriately

modifying the planned approach.

(iv) Identifying matters for consultation or consideration by more experienced

engagement team members during the engagement.

2. Review- Reviewers consider whether:

(i) The work has been performed in accordance with professional standards and
regulatory and legal requirements;

(ii) Significant matters have been raised for further consideration;

(iii) Appropriate consultations have taken place and the resulting conclusions have
been documented and implemented;

(iv) There is a need to revise the nature, timing and extent of work performed;

(v) The work performed supports the conclusions reached and is appropriately
documented;

(vi) The evidence obtained is sufficient and appropriate to support the report;
and

(vii) The objectives of the engagement procedures have been achieved.

8|Page BY CA Sanidhya Saraf

3. Consultation- The firm should establish policies and procedures designed to provide
it with reasonable assurance that:

(i) Appropriate consultation takes place on difficult or contentious matters;

(ii) Sufficient resources are available to enable appropriate consultation to take

place;

(iii) The nature and scope of such consultations are documented; and

(iv) Conclusions resulting from consultations are documented and implemented.

4. Differences of opinion- The firm should establish policies and procedures for
dealing with and resolving differences of opinion within the engagement team,
where applicable, between the engagement partner and the engagement quality
control reviewer. The report should not be issued until the matter is resolved.
Conclusions reached should be documented and implemented.

5. Engagement Quality Control review-

1. The Engagement partner shall take responsibility for reviews being performed
in accordance with the firm’s review and procedures.

2. For audits of financial statements of listed entities, the Engagement

partner shall

➢ Determine that an engagement quality control reviewer has been

appointed.

➢ Discuss significant matters arising during the audit engagement,

including those identified during the engagement quality control review,
with the engagement quality control reviewer and

➢ Not date the auditor’s report until the completion of the engagement
quality control review. {Further, SA 700 also requires Audit report to
be dated no earlier than the date on which the auditor has obtained
sufficient appropriate audit evidence on which to base the auditor’s
opinion on the financial statements}.

3. The engagement partner shall take responsibility for the direction,

supervision and performance of audit engagement in compliance with
professional standards and regulatory and legal requirements.

6. Engagement documentation –

a) Documentation wrt EQCR - Policies and procedures on documentation of the

engagement quality control review should require documentation that:

9|Page BY CA Sanidhya Saraf

 (i) The procedures required by the firm’s policies on engagement quality
control review have been performed;

(ii) The engagement quality control review has been completed before
the report is issued; and

(iii) The reviewer is not aware of any unresolved matters that would cause
the reviewer to believe that the significant judgments the engagement
team made and the conclusions they reached were not appropriate.

b) Completion of the Assembly of Final Engagement Files- The firm should

establish policies and procedures for engagement teams to complete the
assembly of final engagement files on a timely basis after the engagement
reports have been finalized. In the case of an audit, for example, such a
time limit is ordinarily not more than 60 days after the date of the
auditor’s report.

The firm should establish policies and procedures designed to maintain the
confidentiality, safe custody, integrity, accessibility and retrievability of
engagement documentation.

Retention of Engagement Documentation

The firm should establish policies and procedures for the retention of engagement
documentation for a period sufficient to meet the needs of the firm or as required by
law or regulation. In the specific case of audit engagements, the retention period
ordinarily is no shorter than seven years from the date of the auditor’s report.

(f) Monitoring

The firm should establish policies and procedures designed to provide it with reasonable
assurance that the policies and procedures relating to the system of quality control are
relevant, adequate, operating effectively and complied with in practice. Such policies and
procedures should include an ongoing consideration and evaluation of the firm’s system
of quality control, including a periodic inspection of a selection of completed
engagements.

Quality control of engagements has to be monitored taking into account following

factors:

❖ Deciding whether quality control system of the firm has been appropriately
designed and effectively implemented.

❖ Examining whether new developments in the professional standards, legal and

regulatory requirements have been reflected in the quality control policies.

10 | P a g e BY CA Sanidhya Saraf
❖ Conducting monitoring by entrusting responsibility of monitoring process to a
partner or other persons with sufficient and appropriate experience and authority
in the firm.

❖ Dealing with complaints and allegations against the firm or any employees of it
of non‒ compliance with professional standards or appropriate regulatory
requirements by a person within or outside the firm.

❖ Taking appropriate remedial actions against the personnel who did not conform to
quality control policies.

❖ Taking action when deficiencies in the design or operation of the firm’s quality
control policies and procedures, or non-compliance with the firm’s system of quality
control are identified.

Engagement Quality Control Reviewer

❖ The Engagement quality control reviewer , on performing an engagement quality
control , shall also consider the following :

(a) The engagement team’s evaluation of the firm’s independence in relation to

the audit engagement.

(b) Whether appropriate consultation has taken place on matters involving

differences of opinion or other difficult or contentious matters, and the
conclusions arising from those consultations.

EQCR For Listed Entities

An engagement quality control review for audits of financial statements of listed
entities includes considering the following:

➢ The engagement team’s evaluation of the firm’s independence in relation to the

specific engagement.

➢ Significant risks identified during the engagement and the responses to those risks.

➢ Judgments made, particularly with respect to materiality and significant risks.

➢ Whether appropriate consultation has taken place on matters involving differences

of opinion or other difficult or contentious matters, and the conclusions arising
from those consultations.

➢ The significance and disposition of corrected and uncorrected misstatements

identified during the engagement.

➢ The matters to be communicated to management and those charged with

governance and, where applicable, other parties such as regulatory bodies.

11 | P a g e BY CA Sanidhya Saraf
➢ Whether working papers selected for review reflect the work performed in relation
to the significant judgments and support the conclusions reached.

➢ The appropriateness of the report to be issued.

Dealing With Complaints And Allegations

(i) The firm should establish policies and procedures designed to provide it with
reasonable assurance that it deals appropriately with:

(a) Complaints and allegations that the work performed by the firm fails to
comply with professional standards and regulatory and legal requirements; and

(b) Allegations of non-compliance with the firm’s system of quality control.

(ii) Complaints and allegations (which do not include those that are clearly frivolous)
may originate from within or outside the firm. They may be made by firm personnel,
clients or other third parties. They may be received by engagement team members
or other firm personnel.

(iii) As part of this process, the firm establishes clearly defined channels for firm
personnel to raise any concerns in a manner that enables them to come forward
without fear of reprisals.

(iv) The firm investigates such complaints and allegations in accordance with
established policies and procedures. The investigation is supervised by a partner
with sufficient and appropriate experience and authority within the firm but who
is not otherwise involved in the engagement, and includes involving legal counsel as
necessary.

Small firms and sole practitioners may use the services of a suitably qualified
external person or another firm to carry out the investigation. Complaints,
allegations and the responses to them are documented.

(v) Where the results of the investigations indicate deficiencies in the design or
operation of the firm’s quality control policies and procedures, or non-compliance
with the firm’s system of quality control by an individual or individuals, the firm
takes appropriate action.

Space for Notes

12 | P a g e BY CA Sanidhya Saraf
 Test Your Understanding Questions

Question 1

CA PK Nair is offered appointment as auditor of a company engaged in providing

tourism services. While making due diligence of the proposed client, he comes to
know that there have been raids on premises of the company and residences of its
directors by National Investigation Agency (NIA) on suspicion of links with terror
outfits. It has been followed up with searches by Enforcement Directorate hunting
for illicit money trail. There is a strong suspicion of tourism services provided by
company being façade of terror funds. Should proposed offer be accepted by him?

Answer :

Integrity of principal owners has to be considered before accepting an audit engagement

in accordance with SA 220. In this regard, SA 220 states requirements on lines of SQC
1. SQC 1 clearly states that in cases where there are indications that the client might
be involved in money laundering or other criminal activities, appointment should not be
accepted.

In the instant case, there have been raids of NIA on suspected links with terror outfits
which is a criminal activity. Further, raids by Enforcement Directorate also point towards
money laundering. Therefore, proposed offer should not be accepted.

Question 2

CA Arpita has joined a mid-sized CA firm recently. She finds that partners remain
too busy and the firm is proposing to accept audit work in areas in which it has no
experience or capabilities. The firm is proposing to accept audit of some entities
engaged in emerging “fin-tech” sector. Such audits may be requiring extensive use
of technology and data analytics. However, the said firm has no such capabilities
and trained personnel. Discuss, whether, firm should accept such audits with reason.

Answer :

SQC 1 requires that before accepting an engagement, competence (including capabilities,

time and resources) to perform engagement have to be considered.
In the given case, the proposed engagements involve use of technology and data analytics. The firm
has no prior experience of audits in emerging “fin- tech” sector. The firm does not have trained
personnel to carry out these audits. Hence, offer for these audits should not be accepted.

13 | P a g e BY CA Sanidhya Saraf
SA 260 “COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE”

Scope of this SA

This SA focuses primarily on communications from the auditor to those charged with
governance.

Definition of important terms -

TCWG: Persons with responsibility for overseeing the strategic directions & obligations
related to Accountability. This includes overseeing the financial reporting process.

Management: Person with executive responsibility for conduct of entity’s operation.

In this SA, the Auditor is required to communicate certain matters to TCWG. However,
it may happen that due to low size or structure, the entity may not have a separate
committee for the approval of F/S and Management will be responsible for the same. So,
in these circumstances the auditor shall communicate to Management. Example:
proprietorship entities, partnership firms, LLPs, OPCs, small companies, unlisted
companies etc.

Objectives of Auditor

The objectives of the auditor are: -

(a) To communicate clearly with those charged with governance responsibilities of the
auditor in relation to the financial statement audit, and an overview of the planned
scope and timing of the audit;

(b) To obtain from those charged with governance information relevant to the audit;

(c) To provide those charged with governance with timely observations arising from
the audit that are significant and relevant to their responsibility to oversee the
financial reporting process; and

(d) To promote effective two-way communication between the auditor and those
charged with governance.

Matters to be communicated

1. The Auditor’s Responsibilities in Relation to the Financial Statement Audit- The

auditor is responsible for forming and expressing an opinion on Financial
Statements. It is communicated through letter of engagement.

2. Planned Scope and Timing of the Audit- The auditor shall communicate with those
charged with governance an overview of the planned scope and timing of the audit,
which includes communicating about the significant risks identified by the
auditor.

14 | P a g e BY CA Sanidhya Saraf
3. Significant Findings from the Audit-

(a) Significant findings w.r.t accounting policy, accounting estimate and financial
statement disclosures.

(b) Significant difficulties, if any, encountered during the audit

➢ Delay by the management in providing information.

➢ An unnecessarily brief time within which to complete to audit.

➢ Unavailability of information.

➢ Extensive unexpected efforts required to obtain SAAE.

➢ Restrictions imposed on auditor by the management.

➢ Management’s unwillingness to make or extend its assessment of the

entity’s ability to continue as a going concern when requested

(c) Circumstances that affect the form and content of the auditor’s report, if
any and

(d) Any other significant matters arising during the audit that, in the auditor’s
professional judgment, are relevant to the oversight of the financial reporting
process.

In some circumstances, such difficulties may constitute a scope limitation that

leads to a modification of the auditor’s opinion.

Significant matters that were discussed, or subject to correspondence with

management may include such matters as: -

❖ Significant events or transactions that occurred during the year.

❖ Business conditions affecting the entity, and business plans and strategies
that affect the risks of material misstatement.

❖ Concerns about management’s consultations with other accountants on

accounting or auditing matters.

❖ Discussions or correspondence in connection with the initial or recurring

appointment of the auditor regarding accounting practices, the application of
auditing standards or fees for audit or other services.

❖ Significant matters on which there was disagreement with management,

except for initial differences of opinion because of incomplete facts or
preliminary information that are later resolved by the auditor obtaining
additional relevant facts or information.

4. Communication of Auditor’s Independence in case of Listed Entities

15 | P a g e BY CA Sanidhya Saraf
 In the case of listed entities, the auditor shall communicate with those charged
with governance: -

(a) A statement that the engagement team and others in the firm as appropriate,
the firm and, when applicable, network firms have complied with relevant
ethical requirements regarding independence; and

(b) (i) All relationships and other matters between the firm, network firms, and
the entity that, in the auditor’s professional judgment, may reasonably
be thought to effect on independence. This shall include total fees
charged during the period covered by the financial statements for audit
and non-audit services provided by the firm and network firms to the
entity and components controlled by the entity.

(ii) The related safeguards that have been applied to eliminate identified
threats to independence or reduce them to an acceptable level.

Requirement of additional information in the auditor’s report

Circumstances in which the auditor is required or may otherwise consider it necessary to

include additional information in the auditor’s report in accordance with the SAs, and
for which communication with those charged with governance is required, include when

❖ The auditor expects to modify the opinion in the auditor’s report in accordance with
SA 705.

❖ A material uncertainty related to going concern is reported in accordance with SA

570.

❖ Key audit matters are communicated in accordance with SA 701.

❖ The auditor considers it necessary to include an Emphasis of Matter paragraph or

Other Matter paragraph in accordance with SA 706 or is required to do so by other
SAs.

❖ The auditor has concluded that there is an uncorrected material misstatement of

the other information in accordance with SA 720.

Factors affecting Mode of Communication

The form of communication may be orally or in writing, detailed or summarized,

structured or non‐structured.

The various factors governing mode of communication are:

(a) Whether a discussion of the matter will be included in the auditor’s report. For
example, when key audit matters are communicated in the auditor’s report, the

16 | P a g e BY CA Sanidhya Saraf
 auditor may consider it necessary to communicate in writing about the matters
determined to be key audit matters.

Note :
Key audit matters as given in SA 701 are selected from matters communicated
with those charged with governance. The auditor may communicate preliminary
views about key audit matters while discussing the planned scope and timings of
the audit.

(b) Whether the matter has been satisfactorily resolved.

(c) Whether management has previously communicated the matter.

(d) The size, operating structure, control environment, and legal structure of the
entity.

(e) In the case of an audit of special purpose financial statements, whether the
auditor also audits the entity’s general purpose financial statements.

(f) Legal requirements. In some entities, a written communication with those charged
with governance is required in a prescribed form by local law.

(g) The expectations of those charged with governance, including arrangements made
for periodic meetings or communications with the auditor.

(h) The amount of ongoing contact and dialogue the auditor has with those charged with
governance.

(i) Whether there have been significant changes in the membership of a governing
body.

Communication Process

❖ Communication may be Oral / written, Detail / Summarised & Structured /

Unstructured.

❖ Should be in writing when oral communication is not adequate.

❖ Communication should be on timely basis.

Evaluate adequacy of communication for the purpose of the audit. If not adequate,
evaluate its effect, on the auditor’s assessment of the risks of material misstatement.

Importance of communication

17 | P a g e BY CA Sanidhya Saraf
1. Communication with those charged with governance enables them to be made aware
of the key audit matters that the auditor intends to communicate in the auditor's
report, and provides them with an opportunity to obtain further clarification where
necessary.

2. The auditor may consider it useful to provide those charged with governance with
a draft of the auditor's report to facilitate this discussion.

3. Communication with those charged with governance recognizes their important role
in overseeing the financial reporting process, and provides the opportunity for
those charged with governance to understand the basis for the auditor's decisions
in relation to key audit matters and how these matters will be described in the
auditor's report.

4. It also enables those charged with governance to consider whether new or enhanced
disclosures may be useful in light of the fact that these matters will be
communicated in the auditor's report.

Other factors that may be relevant to the timing of communications include:

❖ The size, operating structure, control environment, and legal structure of the entity
being audited.

❖ Any legal obligation to communicate certain matters within a specified timeframe.

❖ The expectations of those charged with governance, including arrangements made

for periodic meetings or communications with the auditor.

❖ The time at which the auditor identifies certain matters, for example, the auditor
may not identify a particular matter (e.g., noncompliance with a law) in time for
preventive action to be taken, but communication of the matter may enable remedial
action to be taken.

What if the communication between the auditor and those charged with governance
is not adequate and the situation cannot be resolved.

If the two-way communication between the auditor and those charged with governance
is not adequate and the situation cannot be resolved, the auditor may take such actions
as:

❖ Modifying the auditor’s opinion on the basis of a scope limitation.

❖ Obtaining legal advice about the consequences of different courses of action.

❖ Communicating with third parties (e.g., a regulator), or a higher authority in the

governance structure that is outside the entity, such as the owners of a business

18 | P a g e BY CA Sanidhya Saraf
 (e.g., shareholders in a general meeting), or the responsible government minister or
parliament in the public sector.

❖ Withdrawing from the engagement, where withdrawal is possible under applicable

law or regulation.

Reporting to Shareholders Reporting to TCWG

1. SA 700,701,705 and 706 are the 1. SA 260 deals with provisions relating
applicable standards. to reporting to those charged with
governance.
2. Reporting to shareholders generally 2. Matters to be included to TCWG are
focus on true and fair view of auditor’s independence, planned
shareholders. scope and timing of audit, significant
findings from the audit and
independence.
3. Reporting to shareholders is an 3. Reporting to TCWG is an internal
external report and issued in public report and not issued in public
domain. domain.

Space for Notes

19 | P a g e BY CA Sanidhya Saraf
 Test Your Understanding Questions
Question 1

CA. Vallabh Sundar is auditor of a leading private sector bank. “IT Systems and
controls” is under his consideration to be reported as “Key audit matter” in audit
report of the bank due to high level of automation and complexity of the IT
architecture and its impact on the financial reporting system.

At what time he should communicate such identified “Key audit matter”? What are
relevant considerations in this regard and their usefulness?

Answer :

SA 260 requires the auditor to communicate with those charged with governance on a
timely basis.

SA 701 states that the appropriate timing for communications about key audit matters
will vary with the circumstances of the engagement. However, the auditor may
communicate preliminary views about key audit matters when discussing the planned
scope and timing of the audit, and may further discuss such matters when communicating
about audit findings. Doing so may help to alleviate the practical challenges of attempting
to have a robust two - way dialogue about key audit matters at the time the financial
statements are being finalized for issuance.

Communication with those charged with governance enables them to be made aware of
the key audit matters that the auditor intends to communicate in the auditor’s report,
and provides them with an opportunity to obtain further clarification where necessary.
The auditor may consider it useful to provide those charged with governance with a draft
of the auditor’s report to facilitate this discussion.

Communication with those charged with governance recognizes their important role in
overseeing the financial reporting process, and provides the opportunity for those
charged with governance to understand the basis for the auditor’s decisions in relation
to key audit matters and how these matters will be described in the auditor’s report. It
also enables those charged with governance to consider whether new or enhanced
disclosures may be useful in light of the fact that these matters will be communicated
in the auditor’s report.

20 | P a g e BY CA Sanidhya Saraf
SA 265 “COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO TCWG &
MANAGEMENT”

Requirements of the SA

The auditor shall determine whether, on the basis of the audit work performed, the
auditor has identified one or more deficiencies in internal control and identify whether,
individually or in combination, they constitute significant deficiencies. The auditor shall
communicate in writing significant deficiencies in internal control identified during the
audit to those charged with governance on a timely basis.

The auditor shall include in the written communication of significant deficiencies in

internal control:

(a) A description of the deficiencies and an explanation of their potential effects; and

(b) Sufficient information to enable those charged with governance and management
to understand the context of the communication. In particular, the auditor shall
explain that-

(i) The purpose of the audit was for the auditor to express an opinion on the
financial statements;

(ii) The audit included consideration of internal control relevant to the

preparation of the financial statements in order to design audit procedures
that are appropriate in the circumstances, but not for the purpose of
expressing an opinion on the effectiveness of internal control; and

(i) The matters being reported are limited to those deficiencies that the auditor
has identified during the audit and that the auditor has concluded are of
sufficient importance to merit being reported to those charged with
governance.

What is deficiency in Internal Control?

❖ When control is designed, implemented or operated in such a way that it is either

unable to prevent, detect or correct material misstatements on timely basis or
when internal control system does not exist.

❖ If individually or in combination, deficiencies are significant as per professional

judgement of the auditor, he shall communicate to TCWG. He should give
description of deficiencies and its potential effects to facilitate understanding of
TCWG.

The letter describing such weakness in internal control to be communicated in writing to

management and TCWG is also known as letter of weakness.

21 | P a g e BY CA Sanidhya Saraf
Timing for Communication by the auditor

a) For listed entities, communicate ideally before approval date of financial

statements and

b) For unlisted entities in any case within 60 days from issue of audit report
(before assembly of audit files.)

Letter of weakness

a) The letter describing such weakness in internal control to be communicated in

writing to management and TCWG is also known as letter of weakness.

b) Letter of weakness not only contains the lapses in the internal control system
but also remedial actions suggested by the auditor to overcome those
weaknesses.

How to decide if deficiency is significant or not?

Examples of matters that the auditor may consider in determining whether a deficiency
or combination of deficiencies in internal control constitutes a significant deficiency
include:

❖ The likelihood of the deficiencies leading to material misstatements in the financial

statements in the future.

❖ The susceptibility to loss or fraud of the related asset or liability.

❖ The subjectivity and complexity of determining estimated amounts, such as fair

value accounting estimates.

❖ The financial statement amounts exposed to the deficiencies.

❖ The volume of activity that has occurred or could occur in the account balance or
class of transactions exposed to the deficiency or deficiencies.

❖ The importance of the controls to the financial reporting process; for example:

➢ General monitoring controls (such as oversight of management).

➢ Controls over the prevention and detection of fraud.

➢ Controls over the selection and application of significant accounting policies.

➢ Controls over significant transactions with related parties.

➢ Controls over significant transactions outside the entity’s normal course of

business.

22 | P a g e BY CA Sanidhya Saraf
 ➢ Controls over the period-end financial reporting process (such as controls over
non-recurring journal entries).

❖ The cause and frequency of the exceptions detected as a result of the deficiencies
in the controls.

❖ The interaction of the deficiency with other deficiencies in internal control.

Indicators of Significant Deficiencies

❖ Evidence of ineffective aspects of the control environment, such as:

➢ Indications that significant transactions in which management is financially

interested are not being appropriately scrutinised by those charged with
governance.

➢ Identification of management fraud, whether or not material, that was not

prevented by the entity’s internal control.

➢ Management’s failure to implement appropriate remedial action on

significant deficiencies previously communicated.

❖ Absence of a risk assessment process within the entity where such a process would
ordinarily be expected to have been established.

❖ Evidence of an ineffective entity risk assessment process, such as management’s

failure to identify a risk of material misstatement that the auditor would expect
the entity’s risk assessment process to have identified.

❖ Evidence of an ineffective response to identified significant risks (e.g., absence

of controls over such a risk).

❖ Misstatements detected by the auditor’s procedures that were not prevented, or

detected and corrected, by the entity’s internal control.

❖ Disclosure of a material misstatement due to error or fraud as prior period items

in the current year’s Statement of Profit and Loss.

❖ Evidence of management’s inability to oversee the preparation of the financial

statements.

Determining an appropriate level of detail for communication of significant

deficiencies

The level of detail at which auditors communicate significant deficiencies is a matter of

professional judgement.

23 | P a g e BY CA Sanidhya Saraf
Factors that auditor may consider in determining an appropriate level of detail for
communication include-

(i) The nature of entity. For example, the communication required for a public
interest entity might be different for non-public interest entity.
(ii) The size and complexity of the entity. For example, the communication required
for a complex entity might be different from that for an entity which has a simple
business operations.
(iii) The entity’s governance composition. For example, more detail may be needed if
TCWG includes members who don’t have adequate experience in the entity’s
industry.
(iv) Legal or regulatory requirements regarding the communication of specific types
of deficiency in internal control.

24 | P a g e BY CA Sanidhya Saraf
 Test Your Understanding Questions
Question 1

CA. S is statutory auditor of a listed company. On reviewing internal controls of

the company, he is of the view that there can be possible situations where insurance
premiums for keeping insurance policies current in respect of various assets of
company may have become due and payable but internal control systems established
by the company may not be able to capture it. Elaborate how he should proceed to
deal with the above matter.

Answer :

A deficiency in internal control exists when: -

i. A control is designed, implemented or operated in such a way that it is unable to

prevent, or detect and correct, misstatements in the financial statements on a
timely basis or

ii. A control necessary to prevent, or detect and correct, misstatements in the

financial statements on a timely basis is missing.

In above situation, there is a possibility that internal control systems established by the
company may not be able to capture insurance premiums which may have become due and
payable. It is a significant deficiency as failure to keep insurance policies current would
render assets of the company uninsured. It may lead to losses for the company in case
of any eventuality.

Further, in accordance with SA 265, the significance of a deficiency or a combination of

deficiencies in internal control depends not only on whether a misstatement has actually
occurred, but also on the likelihood that a misstatement could occur and the potential
magnitude of the misstatement. Significant deficiencies may, therefore, exist even
though the auditor has not identified misstatements during the audit.

The susceptibility to loss of an asset is a factor in determining whether a deficiency

constitutes significant deficiency in internal control.

The auditor shall communicate in writing significant deficiency in internal control to

those charged with governance and include in the written communication of significant
deficiencies in internal control: -

a) A description of the deficiencies and an explanation of their potential effects and

b) Sufficient information to enable those charged with governance and management

to understand the context of the communication.

25 | P a g e BY CA Sanidhya Saraf
SA 330 “ THE AUDITORS RESPONSES TO ASSESSED RISKS ”

Scope of this SA

This SA deals with the auditor’s responsibility to design and implement responses to the
risks of material misstatement identified and assessed by the auditor in accordance with
SA 315, “Identified and Assessing Risks of Material Misstatements through
Understanding the Entity and its Environment“ in a financial statement audit.

Objective of this SA

The objective of the auditor is to obtain sufficient appropriate audit evidence about
the assessed risks of material misstatement, through designing and implementing
appropriate responses to those risks.

Overall responses to address the assessed risks of material misstatement at the

financial statement level may include:

❖ Emphasizing to the audit team the need to maintain professional skepticism.

❖ Assigning more experienced staff or those with special skills or using experts.

❖ Providing more supervision.

❖ Incorporating additional elements of unpredictability in the selection of further

audit procedures to be performed.

❖ Making general changes to the nature, timing or extent of audit procedures, for
example: performing substantive procedures at the period end instead of at an
interim date; or modifying the nature of audit procedures to obtain more persuasive
audit evidence.

Nature, time and extent of Audit Procedures

NATURE The nature of further audit procedures refers to their purpose

(tests of controls or substantive procedures) and their type,
that is inspection, observation, inquiry, confirmation,
recalculation, re-performance or analytical procedures.
TIME Timing refers to when audit procedures are performed. For
example, the auditor may perform test of controls or substantive
procedures at an interim date or at period date.
EXTENT Extent refers to the quantity of a specific audit procedure to be
performed. For example- sample size.

26 | P a g e BY CA Sanidhya Saraf
Auditor’s Procedures in response to risk at Assertion Level

Test of Controls (ToC) Compliance Substantive Procedures

Procedures - Procedures designed to It is an audit procedure designed to
evaluate the operating effectiveness detect material misstatement at
of controls in preventing, detecting or assertion level.
correcting material misstatements at
Substantive Procedures comprise:
assertion level.
(a) Tests of details (of classes of
❖ Perform test of controls to
transactions, account balances and
ensure that internal control is
disclosures).
designed and effectively
operating throughout the period. (b) Substantive analytical Procedures.

❖ If control risk is high, perform Irrespective of the assessed risk of

more test of controls. material misstatement, the auditor shall
perform substantive procedures for each
❖ Communicate material weakness
material class of transactions, account
in internal control to Those
balances and disclosure.
Charged with Governance.
The auditor's substantive procedures
❖ Depending on the results of test
shall include
of controls, the auditor shall
decide the Nature, Time and (a) Agreeing or reconciling the financial
Extent of Substantive statement with the underlying
Procedures. accounting records; and

(b) Examine material journal entries

and other adjustments made during
the course of preparing the
financial statements.

Result of Responses (ToC + Tod + SAP): - Auditor is required to ascertain whether

on the basis of procedures performed, sufficient appropriate audit evidences obtained
or not.

❖ If obtained, draw conclusion and issue the opinion in form of audit report.

❖ If not obtained, perform additional procedures. If still audit evidences not

obtained, modify the audit opinion.

Special Considerations

Using Audit Evidence obtained in Interim Period:

❖ Obtain audit Evidence for significant changes subsequent to Interim Period.

27 | P a g e BY CA Sanidhya Saraf
❖ Determine the additional Evidence to be obtain for remaining period.

Using Audit Evidence obtained during previous audits: Establish Continuing relevance
of that evidence by determining significant changes subsequent to previous audit

❖ Changes occurs: Test the controls in current audit.

❖ No Change Occurs: Test the controls once in three audits.

Factors warranting re-test of controls

1. Deficient control environment.

2. Deficient monitoring of controls.

3. Significant manual element to relevant controls.

4. Personnel changes that significantly affect the application of control.

5. Changing circumstances that indicate the need for changes in the control.

6. Deficient general IT-controls.

Other situations where external confirmation procedures may provide relevant audit
evidence in responding to assessed risks of material misstatement include:

❖ Bank balances and other information relevant to banking relationships.

❖ Accounts receivable balances and terms.

❖ Inventories held by third parties at bonded warehouses for processing or on

consignment.

❖ Property title deeds held by lawyers or financiers for safe custody or as security.

❖ Investments held for safekeeping by third parties, or purchased from stockbrokers

but not delivered at the balance sheet date.

❖ Amounts due to lenders, including relevant terms of repayment and restrictive

covenants.

❖ Accounts payable balances and terms.

FACTORS THAT MAY ASSIST IN DETERMINING USE OF EXTERNAL

CONFIRMATIONS AS SUBSTANTIVE AUDIT PROCEDURES

As per SA 330 “Responses to Assessed Risks” factors that may assist the auditor in
determining whether external confirmation procedures are to be External confirmations
performed as substantive audit procedures include:

1. The confirming party's knowledge of the subject matter – responses may be more
reliable if provided by a person at the confirming party who has the requisite
knowledge about the information being confirmed.

28 | P a g e BY CA Sanidhya Saraf
2. The ability or willingness of the intended confirming party to respond – for
example, the confirming party:

➢ May not accept responsibility for responding to a confirmation request;

➢ May consider responding too costly or time consuming.

➢ May have concerns about the potential legal liability resulting from responding;

➢ May account for transactions in different currencies; or

➢ May operate in an environment where responding to confirmation requests is

not a significant aspect of day-to-day operations.

In such situations, confirming parties may not respond, may respond in a casual
manner or may attempt to restrict the reliance placed on the response.

3. The objectivity of the intended confirming party – if the confirming party is a

related party of the entity, responses to confirmation requests may be less reliable.

Space for Notes

29 | P a g e BY CA Sanidhya Saraf
SA 450 “EVALUATION OF MISSTATEMENTS IDENTIFIED DURING THE AUDIT”

Meaning of important terms

Misstatement- An item is said to be misstated when it is reported in F/s in a way which

is different from that prescribed in FRF, may be due to error or fraud.

Trivial- something insignificant, carrying very less value.

Objective

The objective of the auditor is to evaluate :

(a) The effect of identified misstatements on the audit and

(b) The effect of uncorrected misstatements, if any, on the financial statements.

Sources of Misstatement

❖ An inaccuracy in gathering or processing data from which FS are prepared ;

❖ An omission of amount or disclosure

❖ An incorrect accounting estimate arising from overlooking , or clear

misinterpretation of facts ; and

❖ Unreasonable judgements of management concerning accounting estimates.

❖ Inappropriate selection & application of accounting policies.

Auditors Responsibilities

1. He shall accumulate misstatement identified during the audit, other than those
clearly trivial.

2. If misstatement is immaterial, obtain WR that that uncorrected misstatement is

immaterial.

3. If Misstatement is material or aggregate of uncorrected misstatement becomes

material,

➢ Consider adjustment of nature, timing and extend of audit procedures

➢ Communicate them to appropriate level of management and request them to

correct it

➢ If management refuses to correct some or all of the misstatements

communicated by the auditor, the auditor shall obtain an understanding of
management’s reasons for not making the corrections and shall take that
understanding into account when evaluating whether the financial statements
as a whole are free from material misstatement.

4. Determine whether overall Audit Strategy and Audit Plan need to be revised if :

30 | P a g e BY CA Sanidhya Saraf
 ➢ Nature of identified misstatements and the circumstances of their
occurrence indicate that other misstatements may exist that, when
aggregated with misstatements accumulated during the audit, could be
material or

➢ The aggregate of misstatements accumulated during the audit approaches

materiality determined in accordance with SA 320.

If, at the auditor’s request, management has examined a class of transactions,

account balance or disclosure and corrected misstatements that were detected,
the auditor shall perform additional audit procedures to determine whether
misstatements remain.

5. The auditor shall determine whether uncorrected misstatements are material,

individually or in aggregate. In making this determination, the auditor shall
consider :

(a) The size and nature of the misstatements, both in relation to particular
classes of transactions, account balances or disclosures and the financial
statements as a whole, and the particular circumstances of their occurrence
and

(b) The effect of uncorrected misstatements related to prior periods on the

relevant classes of transactions, account balances or disclosures, and the
financial statements as a whole.

6. Communication with TCWG

➢ Regarding uncorrected misstatements and the effect that they, individually

or in aggregate, may have on the opinion in the auditor’s report

➢ The auditor’s communication shall identify material uncorrected

misstatements individually

➢ The auditor shall request that uncorrected misstatements be corrected.

➢ Also communicate the effect of uncorrected misstatements related to prior

periods on the relevant classes of transactions, account balances or
disclosures, and the financial statements as a whole.

Documentation

The audit documentation shall include

(a) The amount below which misstatements would be regarded as clearly trivial;

(b) All misstatements accumulated during the audit and whether they have been
corrected; and

31 | P a g e BY CA Sanidhya Saraf
(c) The auditor’s conclusion as to whether uncorrected misstatements are material,
individually or in aggregate, and the basis for that conclusion.

32 | P a g e BY CA Sanidhya Saraf
SA 600 “USING THE WORK OF ANOTHER AUDITOR”

Applicability

It is to be applied in situations where an auditor (referred to herein as the ‘principal

auditor’), reporting on the financial information of an entity, uses the work of another
auditor (referred to herein as the ‘other auditor’) with respect to the financial
information of one or more components included in the financial information of the entity.
It also discusses the principal auditor’s responsibility in relation to his use of the
work of the other auditor. When the principal auditor uses the work of another auditor,
the principal auditor should determine how the work of the other auditor will affect the
audit.

It does not deal with those instances where two or more auditors are appointed as joint
auditors nor does it deal with the auditor’s relationship with a predecessor auditor.

Meaning

Principal Auditor- The auditor with responsibility for reporting on the financial
information of an entity when that financial information includes the financial
information of one or more components audited by another auditor.

Other Auditor- An auditor, other than the principal auditor, with responsibility for
reporting on the financial information of a component which is included in the financial
information audited by the principal auditor.

"Component" means a division, branch, subsidiary, joint venture, associated enterprises

or other entity whose financial information is included in the financial information
audited by the principal auditor.

Considerations by Principal Auditor/ Principal Auditor’s Procedures

❖ Before using the work of another auditor, principal auditor should evaluate the
competence of another auditor if he is not member of ICAI. However, the
principal auditor is not required to evaluate professional competence if that another
auditor happens to be member of ICAI.

❖ Principal auditor should advise another regarding -Areas which need special
consideration, Time table for completion of audit and Significant accounting,
auditing and reporting requirements.

❖ Obtain Sufficient and Appropriate Audit Evidence regarding the fact whether the
work of the other auditor is sufficient for his purpose.

❖ May require him to furnish questionnaire and perform supplementary test.

33 | P a g e BY CA Sanidhya Saraf
❖ In case of foreign components, he should consider another auditor’s qualification
and experience.

❖ If there is modification in another auditor's report then, principal auditor should

consider whether modification in his report is required.

❖ Obtain representation from the other auditor that significant accounting, auditing
and reporting requirements have been complied.

Factors to be considered while accepting the position of Principal auditor:

While accepting the position of Principal Auditor, the auditor should consider whether
the auditor's own participation is sufficient to be able to act as the principal auditor.

For this purpose, the auditor would consider:

(a) The materiality of the portion of the financial information which the principal
auditor audits;

(b) The principal auditor's degree of knowledge regarding the business of the
components;

(c) The risk of material misstatements in the financial information of the

components audited by the other auditor;

(d) The performance of additional procedures as set out in this SA regarding the
components audited by other auditor resulting in the principal auditor having
significant participation in such audit.

The Principal Auditor’s Procedures

1. Right of Principal auditor to visit and examine books of accounts of a

component- Where another auditor has been appointed for the component, the
principal auditor would normally be entitled to rely upon the work of such auditor
unless there are special circumstances to make essential for him to visit the
component and/or to examine the books of account and other records of the said
component.

2. Principal auditor to consider the professional competence of other auditor-

When planning to use the work of another auditor, the principal auditor should
consider the professional competence of the other auditor in the context of
specific assignment if the other auditor is not a member of the Institute of
Chartered Accountants of India.

3. Procedures to be performed by principal auditor when using the work of other

auditor- The principal auditor should perform procedures to obtain sufficient

34 | P a g e BY CA Sanidhya Saraf
 appropriate audit evidence, that the work of the other auditor is adequate for the
principal auditor's purposes,

4. Principal auditor to review– written summary of other auditor’s procedures

The principal auditor might discuss with the other auditor the audit procedures
applied or review a written summary of the other auditor’s procedures and findings
which may be in the form of a completed questionnaire or check-list.

5. The principal auditor should consider the significant findings of the other
auditor- The principal auditor may consider it appropriate to discuss with the other
auditor and the management of the component, the audit findings or other matters
affecting the financial information of the components.

He may also decide as to application of supplementary procedures that supplement

tests of the records or the financial statements of the component, if deemed
necessary. Such tests may, depending upon the circumstances, be performed by the
principal auditor or the other auditor.

6. When other auditor is not a professionally qualified auditor.

In certain circumstances, the other auditor may happen to be a person other than
a professionally qualified auditor.

7. Principal Auditor to document in his working papers the components whose

financial information audited by other auditors. The principal auditor should also
document the procedures performed and the conclusions reached.

Where the other auditor’s report is other than unmodified, the principal auditor
should also document how he has dealt with the qualifications or adverse remarks
contained in the other auditor’s report in framing his own report.

Co-ordination between auditors

The principal auditor should properly co-ordinate with another auditor i.e. there should
be a sufficient liaison between the principal auditor and other auditor. For this
purpose, the principal auditor may find it necessary to issue written communication to
the other auditor.

Other Auditor should coordinate with Principal Auditor:

❖ Adhering to time-table.

❖ Bringing to the attention of Principal Auditor any significant finding.

❖ Compliance with relevant statutory requirements.

❖ Respond to detailed questionnaire.

35 | P a g e BY CA Sanidhya Saraf
Role of Principal Auditor

(i) It is necessary to issue written communication(s) as a principal auditor to the other

auditor.

(ii) The principal auditor should advise the other auditor of any matters that come to
his attention that he thinks may have an important bearing on the other auditor’s
work.

(iii) When considered necessary by him, the principal auditor may require the other
auditor to answer a detailed questionnaire regarding matters on which the
principal auditor requires information for discharging his duties.

Role of Other Auditor

(i) The other auditor, knowing the context in which his work is to be used by the
principal auditor, should co-ordinate with the principal auditor. For example, by
bringing to the principal auditor’s immediate attention any significant findings
requiring to be dealt with at entity level, adhering to the time-table for audit of
the component, etc.

(ii) He should ensure compliance with the relevant statutory requirements.

(iii) The other auditor should respond to the questionnaire on a timely basis sent by
Principal Auditor.

There should be statement of division of responsibility showing to what extent to which

financial statement of component audited by another auditor has been included in
financial statement of entity.

Divisions of Responsibility

The principal auditor would not be responsible in respect of the work entrusted to
the other auditors, except in circumstances which should have aroused his suspicion
about the reliability of the work performed by the other auditors.

When the principal auditor has to base his opinion on the financial information of the
entity as a whole relying upon the statements and reports of the other auditors, his
report should state clearly the division of responsibility for the financial information
of the entity by indicating the extent to which the financial information of components
audited by the other auditors have been included in the financial information of the
entity.

However, if the Principal Auditor notices any material discrepancies, the same has to be
brought to the knowledge of other Auditor. This should be incorporated in the Audit
Report.

36 | P a g e BY CA Sanidhya Saraf
Reporting consideration

❖ When the principal auditor concludes, based on his procedures, that the work of
the other auditor cannot be used and the principal auditor has not been able to
perform sufficient additional procedures regarding the financial information of the
component audited by the other auditor, the principal auditor should express a
qualified opinion or disclaimer of opinion because there is a limitation on the
scope of audit.

❖ In all circumstances, if the other auditor issues, a modified auditor's report,

the principal auditor should consider whether the subject of the modification
is of such nature and significance and whether it requires a modification of the
principal auditor’s report or not.

❖ The principal auditors should also include another matters paragraph to inform
the users of financial statements that components have been audited by some
other auditors.

Documentation

1. Components whose FS are audited by Other Auditor and their significance to the
financial information of the entity as a whole.

2. Names of the other auditors.

3. Any conclusions reached that individual components are not material.

4. Procedures performed regarding components.

5. Conclusions reached.

6. Manner of dealing with Modified Report of Other Auditor while finalising Principal
Auditor’s report.

Space for Notes

37 | P a g e BY CA Sanidhya Saraf
SA 610 “USING THE WORK OF INTERNAL AUDITORS”

Meaning of Internal Audit Function & Direct Assistance

A function of an entity that performs assurance & consulting activities designed to

evaluate and improve the effectiveness of the entity’s governance, risk management
and internal control processes.

Direct Assistance: The use of internal auditors to perform audit procedures under the
direction, supervision and review of the external auditor.

The objectives and scope of internal audit function

The objectives and scope of internal audit functions typically include assurance and
consulting activities designed to evaluate and improve the effectiveness of the entity’s
governance processes, risk management and internal control such as the following:

Activities Relating to Governance

The internal audit function may assess the governance process in its accomplishment of
objectives on :

❖ Ethics and values, performance management and accountability,

❖ Communicating risk and control information.

Activities Relating to Risk Management

❖ The internal audit function may assist the entity by identifying and evaluating
significant exposures to risk.

❖ The internal audit function may perform procedures to assist the entity in the
detection of fraud.

Activities Relating to Internal Control

❖ Evaluation of internal control

❖ Examination of financial and operating information

❖ Review of operating activities.

❖ Review of compliance with laws and regulations.

Scope of this SA

It deals with the external auditor’s responsibilities if using the work of internal auditors.
This includes

(a) using the work of the internal audit function in obtaining audit evidence and

(b) using internal auditors to provide direct assistance under the direction,
supervision and review of the external auditor.

38 | P a g e BY CA Sanidhya Saraf
SA 610 (Revised) does not apply if the entity does not have an internal audit
function.

In some cases, the external auditor may be prohibited, or restricted to some extent, by
law or regulation from using the work of the internal audit function or using internal
auditors to provide direct assistance. The SAs do not override laws or regulations that
govern an audit of financial statements.

Relationship between SA 315 and SA 610

Many entities establish internal audit functions as part of their internal control and
governance structures. SA 315 addresses how the knowledge and experience of the
internal audit function can inform the external auditor’s understanding of the entity
and its environment and identification and assessment of risks of material misstatement.

Depending on whether the internal audit function’s organizational status and relevant
policies and procedures adequately support the objectivity of the internal auditors,
the level of competency of the internal audit function, and whether the function applies
a systematic and disciplined approach, the external auditor may also be able to use
the work of the internal audit function in a constructive and complementary manner.

Factors that external auditor will consider before using the work of internal auditor:

1. Objectivity and its Evaluation

Extend to which internal auditor function’s organizational status & relevant policies and
procedures support objectivity of internal auditor.

Factors that may affect the external auditor’s evaluation in relation to Objectivity
include the following :

1. Whether the organizational status of the internal audit function, including the
function’s authority and accountability, supports the ability of the function to be
free from bias, conflict of interest or undue influence of others to override
professional judgments.

2. Whether those charged with governance oversee employment decisions related to

the internal audit function.

3. Whether there are any constraints or restrictions placed on the internal audit
function by management or those charged with governance, for example, in
communicating the internal audit function’s findings to the external auditor.

4. Whether the internal audit function is free of any conflicting responsibilities, for
example, having managerial or operational duties or responsibilities that are outside
of the internal audit function.

39 | P a g e BY CA Sanidhya Saraf
2. Competence and its Evaluation

Factors that may affect the external auditor’s determination in relation to

competence include the following :

1. Whether the internal audit function is adequately and appropriately resourced

relative to the size of the entity and the nature of its operations.

2. Whether there are established policies for hiring, training and assigning internal
auditors to internal audit engagements.

3. Whether the internal auditors have adequate technical training and proficiency
in auditing.

4. Whether the internal auditors possess the required knowledge relating to the
entity’s financial reporting and the applicable financial reporting framework.

3. Application of a Systematic and Disciplined Approach

Factors that may affect the external auditor’s determination of whether the internal
audit function applies a systematic and disciplined approach include the following :

1. The existence, adequacy and use of documented internal audit procedures or

guidance covering such areas as risk assessments, work programs, documentation
and reporting, the nature and extent of which is commensurate with the size and
circumstances of an entity.

2. Whether the internal audit function has appropriate quality control policies and
procedures.

Further, the external auditor shall not use the work of the internal audit function
if the external auditor determines that:

(i) The function’s organizational status and relevant policies and procedures do not
adequately support the objectivity of internal auditors;

(ii) The function lacks sufficient competence; or

(iii) The function does not apply a systematic and disciplined approach, including
quality control.

Further the auditor will determine in what areas & to what extend work of internal
auditor can be used (Depending on his judgement & assessed risk of material
misstatement, significance of threats, and the objectivity and independence of internal
auditor.)

40 | P a g e BY CA Sanidhya Saraf
Before using the specific work of the internal Auditor, The external auditor shall
ensure the following:

❖ Whether work was performed by internal auditors having adequate technical

training and proficiency;

❖ Whether the work was properly supervised, reviewed and documented;

❖ Whether the internal auditor has obtained adequate audit evidence to draw
reasonable conclusions;

❖ Whether the conclusions reached are appropriate in the circumstances and the
reports prepared by the internal auditors are consistent with the results of the
work performed;

❖ Whether the exceptions or unusual matters, if any, disclosed by the internal

auditors are properly resolved.

DETERMINING THE NATURE AND EXTENT OF WORK OF THE INTERNAL AUDIT

FUNCTION THAT CAN BE USED

The external auditor shall consider the nature and scope of the work performed by
Internal audit function.

Work of the internal audit function that can be used by the external auditor include
the following:

❖ Testing of the operating effectiveness of controls.

❖ Substantive procedures involving limited judgment.

❖ Observations of inventory counts.

❖ Tracing transactions through the information system relevant to financial

reporting.

❖ Testing of compliance with regulatory requirements.

❖ In some circumstances, audits or reviews of the financial information of

subsidiaries that are not significant components to the group (where this does not
conflict with the requirements of SA 600.

Circumstances in which the external auditor shall plan to use less of the work of the
Internal Audit Function and perform more of the work directly

❖ More judgment is involved in Planning and performing relevant audit procedures; and
Evaluating the audit evidence gathered.

❖ The higher the assessed risk of material misstatement at the assertion level, with
special consideration given to risks identified as significant;

41 | P a g e BY CA Sanidhya Saraf
❖ The less the internal audit function’s organizational status and relevant policies and
procedures adequately support the objectivity of the internal auditors; and

❖ The lower the level of competence of the internal audit function.

Concept of Direct Assistance:

The statuary auditor has to determine whether direct assistance can be used i.e.
to use work of the internal auditor under his direction, supervision and review. It is
allowed when

(i) It is not prohibition by law or regulation.

(ii) There should be no significant threats to objectivity of Internal Auditor.

(iii) Internal auditor should be competent and capable.

Further, he will determine the Nature, Time and Extent on which direct assistance
can be taken.

Prior to using of internal auditors for providing direct assistance for purposes of the
audit, the external auditor shall:

(a) Obtain written agreement from an authorized representative of the entity that the
internal auditors will be allowed to follow the external auditor’s instructions, and
that the entity will not intervene in the work the internal auditor performs for the
external auditor; and

(b) Obtain written agreement from the internal auditors that they will keep
confidential specific matters as instructed by the external auditor and inform the
external auditor of any threat to their objectivity.

Direct assistance is not advisable on the following:

(i) Matters involving Significant Judgements in Audit-Significant judgments include

the following:

➢ Assessing the risks of material misstatement;

➢ Evaluating the sufficiency of tests performed;
➢ Evaluating the appropriateness of management’s use of the going concern
assumption;
➢ Evaluating significant accounting estimates; and
➢ Evaluating the adequacy of disclosures in the financial statements, and other
matters affecting the auditor’s report.

(ii) Matters on which Risk of Material Misstatement is high.

(iii) Matters in which Internal Auditor is already involved.

42 | P a g e BY CA Sanidhya Saraf
(iv) When internal auditor is not objective, competent and capable.

The external auditor shall not use an internal auditor to provide direct assistance
if:

❖ There are significant threats to the objectivity of the auditor.

❖ The internal auditor lacks sufficient competence to perform the proposed work. As
the function of Internal Auditor is again a concept of evaluation of Internal Control
mechanism, it would amount to weaknesses in Internal Control System in case
internal auditor does not apply required test procedures considering the Materiality
aspects. This would in turn result in Higher Audit Risks.

Direct Assistance from internal auditor in case of External Confirmation Procedures:

(i) SA 610 provide relevant guidance in determining the nature and extent of work that
may be assigned to internal auditors.

(ii) In determining the nature of work of work that may be assigned to internal auditors,
the external auditor is careful to limit such work to those areas that would be
appropriate to be assigned.

(iii) In accordance with SA 505, the external auditor is required to maintain control
over external confirmation requests and evaluate the results of external
confirmation procedures, it would not be appropriate to assign these
responsibilities to internal auditors.

(iv) It would not be appropriate to use direct assistance w.r.t. obtaining external
confirmation requests and their evaluation. Assistance may be used in assembling
information necessary for the external auditor to resolve exceptions in
confirmation responses.

If the External Auditor uses Internal Auditors to Provide Direct Assistance on the
Audit, the External Auditor shall include in the Audit Documentation

(a) The evaluation of the existence and significance of threats to the objectivity of
the internal auditors, and the level of competence of the internal auditors used to
provide direct assistance;

(b) The basis for the decision regarding the nature and extent of the work performed
by the internal auditors;

(c) Who reviewed the work performed and the date and extent of that review in
accordance with SA 230 Audit Documentation;

43 | P a g e BY CA Sanidhya Saraf
(d) The written agreements obtained from an authorized representative of the entity
and the internal auditors; and

(e) The working papers prepared by the internal auditors who provided direct
assistance on the audit engagement.

Space for Notes

44 | P a g e BY CA Sanidhya Saraf
 Test Your Understanding Questions
Question 1

CA. Keshavraj is conducting statutory audit of a listed company “Live with Nature
Limited”. The company is engaged in producing environment-friendly niche products
for new-born babies. There is also a well-functioning internal audit department in
the company. On perusal of internal audit reports, he finds that not only verification
of inventories was attended by internal auditor at regular intervals during the year,
workings were also made in respect of inventory valuation as at year end.

He has also attended inventory count at end of financial year and no prima facie
adverse inferences were drawn by him. However, on going through inventory reports,
he gathers that inventories are being held for considerably long period before being
sold. The internal audit reports have not taken this aspect into consideration. Should
he choose to rely upon inventory valuation work performed by internal auditor?

Answer :

For a particular account balance, class of transaction or disclosure, the higher an

assessed risk of material misstatement at the assertion level, the more judgment is often
involved in planning and performing the audit procedures and evaluating the results
thereof. In such circumstances, the external auditor will need to perform more
procedures directly and accordingly, make less use of the work of the internal audit
function in obtaining sufficient appropriate audit evidence. Furthermore, as explained in
SA 200, the higher the assessed risks of material misstatement, the more persuasive
the audit evidence required by the external auditor will need to be, and, therefore, the
external auditor will need to perform more of the work directly.

In the given situation, inventories are being held for considerably long period before
being sold. As company is dealing in niche products for new-born babies, there is a risk
of inventory obsolescence due to changes in customer preferences. It carries a
significant risk of material misstatement and requires more judgment on part of
statutory auditor in planning and performing procedures.

In such circumstances, statutory auditor needs to perform procedures directly like

comparing net realizable value of products with costs to verify completeness of
provisions, recomputing of provisions for obsolete stocks etc.

Therefore, in the given situation, he should perform procedures directly in accordance

with SA 610.

45 | P a g e BY CA Sanidhya Saraf
2. SA 560, 570, 580

SA 560 “SUBSEQUENT EVENTS ”

Meaning of Subsequent Events

Events occurring after B/s date, but before date of audit report, and includes the facts
that have become known to the auditor after the date of audit report.

Objectives of the auditor

❖ Obtain sufficient appropriate audit evidence about whether events occurring

between the date of the financial statements and the date of the auditor's report
that require adjustment of, or disclosure in, the financial statements are
appropriately reflected in those financial statements.
❖ Respond appropriately to the facts that become known to the auditor after the
date of the auditor's report, that, had they been known to the auditor at that date,
may have caused the auditor to amend the auditor's report.

Matters to be Inquired by the Auditor from Management to identify Subsequent event

(i) Whether new commitments, borrowings or guarantees have been entered into.
(ii) Whether sales or acquisitions of assets have occurred or are planned.
(iii) Whether there have been increases in capital or issuance of debt instruments, such
as the issue of new shares or debentures, or an agreement to merge or liquidate
has been made or is planned.
(iv) Whether any assets have been appropriated by government or destroyed, for
example, by fire or flood.
(v) Whether there have been any developments regarding contingencies.
(vi) Whether any unusual accounting adjustments have been made or are contemplated.
(vii) Whether any events have occurred or are likely to occur that will bring into question
the appropriateness of accounting policies used in the F.S., as would be the case,
for example, if such events call into question the validity of the going concern
assumption.
(viii) Whether any events have occurred that are relevant to the measurement of
estimates or provisions made in the F.S.
(ix) Whether any events have occurred that are relevant to the recoverability of
assets.

46 | P a g e BY CA Sanidhya Saraf
Types of Subsequent events

AS 4 on " Contingencies and Events Occurring after the Balance Sheet Date" deals
with all those significant events, both favourable and unfavourable, that occur between
the balance sheet date and the date on which the financial statements are approved.

As per Ind-AS 10/AS-4 there are 2 types of events:

Adjusting events- Events the contingency of which exists on the balance sheet date is
required to be adjusted on the financial statements.

Non-adjusting events- Events the contingency of which does not exist on the balance
sheet date are not required to be adjusted. However, non-adjusting events are required
to be disclosed in the director’s report. However, if the events effect the substratum
(going concern) of the enterprise, adjustment is required in the financial statements.
However, there is a difference in treatment in Ind AS 10 w.r.t. matters effecting going
concern and rather then making an adjustment, just disclosure is needed.

Audit procedures relating to events occurring between the date of F/s and the date
of Auditor’s Report

(i) The auditor shall perform audit procedures designed to obtain sufficient
appropriate audit evidence that all events occurring between the date of the
financial statements and the date of the auditor’s report that require adjustment
of, or disclosure in, the financial statements have been identified.
(ii) Auditor’s risk assessment in determining the nature and extent of such audit
procedures, which shall include the following:
a) Obtaining an understanding of any procedure’s management has established
to ensure that subsequent events are identified.
b) Inquiring of management and, where appropriate, those charged with
governance as to whether any subsequent events have occurred which might
affect the financial statements.
c) Reading minutes, if any, of the meetings, of the entity’s owners,
management and TCWG , that have been held after the date of the financial
statements and inquiring about matters discussed at any such meetings for
which minutes are not yet available.
d) Reading the entity’s latest subsequent interim financial statements, if any.
Finally, When the auditor identifies events that require adjustment of, or disclosure in,
the financial statements, the auditor shall determine whether each such event is
appropriately reflected in those financial statements.

Auditors Responsibilities regarding S.E

47 | P a g e BY CA Sanidhya Saraf
(A) Auditor’s responsibilities regarding subsequent events between the date of the
financial statements and the date of the auditor’s report

➢ Perform audit procedures designed to obtain sufficient appropriate audit

evidence that all events occurring between the date of the financial
statements and the date of the auditor’s report that require adjustment of,
or disclosure in, the financial statements have been identified
➢ If such subsequent events that require adjustment of, or disclosure in, the
financial statements have been identified, it shall be determined whether
each such event is appropriately reflected in those financial statements.
➢ Obtain a written representation from management or those charged with
governance that all events occurring subsequent to the date of the financial
statements and for which the applicable financial reporting framework
requires adjustment or disclosure have been adjusted or disclosed.

(B) Auditor’s responsibilities after the date of the auditor’s report but before the
date the financial statements are issued

➢ No obligation for auditor to perform any audit procedures regarding the

financial statements after the date of the auditor’s report. However, when,
after the date of the auditor’s report but before the date the financial
statements are issued, a fact becomes known to the auditor that, had it been
known to the auditor at the date of the auditor’s report, may have caused the
auditor to amend the auditor’s report, the auditor shall
(a) Discuss the matter with management and, where appropriate, those
charged with governance.
(b) Determine whether the financial statements need amendment and, if so,
(c) Inquire how management intends to address the matter in the financial
statements.
➢ If the management amends the financial statements, the auditor shall
(a) carry out the audit procedures necessary in the circumstances on the
amendment
(b) Review the steps taken by management to ensure that anyone in receipt
of the previously issued financial statements together with the auditor’s
report thereon is informed of the situation. Extend the audit
procedures, already referred, to the date of the new auditor’s report
and provide a new auditor’s report on the amended financial statements.
(c) Include in the new auditor’s report an Emphasis of Matter paragraph or
Other Matter(s) paragraph referring to a note to the financial

48 | P a g e BY CA Sanidhya Saraf
 statements that more extensively discusses the reason for the
amendment of the previously issued financial statements and to the
earlier report provided by the auditor.
➢ When management does not amend the financial statements in
circumstances where the auditor believes they need to be amended and
auditor’s report has not been provided to the entity, the auditor shall modify
the opinion as required by SA 705 and then provide the auditor’s report.
➢ If the auditor’s report has already been provided to the entity, the auditor
shall notify management not to issue the financial statements to third parties
before the necessary amendments have been made. If the financial
statements are nevertheless subsequently issued without the necessary
amendments, the auditor shall take appropriate action, to seek to prevent
reliance on the auditor’s report.

(C) Auditor’s responsibilities after the financial statements have been issued

➢ No obligation to perform any audit procedures regarding financial statements

after the financial statements have been issued. However, after financial
statements have been issued, a fact becomes known to the auditor that, had
it been known to the auditor at the date of the auditor’s report, may have
caused the auditor to amend the auditor’s report, the auditor shall
(a) Discuss the matter with management and, where appropriate, those
charged with governance.
(b) Determine whether the financial statements need amendment and, if so,
(c) Inquire how management intends to address the matter in the
➢ If the management amends the financial statements, the auditor shall
(a) carry out the audit procedures necessary in the circumstances on the
amendment
(b) Review the steps taken by management to ensure that anyone in receipt
of the previously issued financial statements together with the auditor’s
report thereon is informed of the situation. Extend the audit
procedures, already referred, to the date of the new auditor’s report
and provide a new auditor’s report on the amended financial statements.
(c) Include in the new auditor’s report an Emphasis of Matter paragraph or
Other Matter(s) paragraph referring to a note to the financial
statements that more extensively discusses the reason for the
amendment of the previously issued financial statements and to the
earlier report provided by the auditor.

49 | P a g e BY CA Sanidhya Saraf
❖ If management does not take the necessary steps to ensure that anyone in
receipt of the previously issued financial statements is informed of the situation
and does not amend the financial statements in circumstances where the auditor
believes they need to be amended, the auditor shall notify management that the
auditor will seek to prevent future reliance on the auditor’s report.
If, despite such notification, management or those charged with governance do not
take these necessary steps, the auditor shall take appropriate action*** to seek
to prevent reliance on the auditor’s report.
*** Appropriate action may include giving a public notice or auditor exercising
his right to attend AGM and inform the members that the issued Fs are not
reliable.**

Space for Notes

50 | P a g e BY CA Sanidhya Saraf
 Test Your Understanding Questions
Question 1

CA Anuj is the auditor of a listed company, and he is in the midst of conducting an

audit of the said company for the financial year ending 31st March 2023. At a
meeting of the Board of Directors held on 17th April 2023, a dividend of ₹1 crore
is proposed to equity shareholders @ ₹10/- per share, and such a proposal has a
good chance of being approved in the AGM of the company to be held after few
months.

His audit procedures are near completion. He is contemplating finalizing the audit
report by 31st July 2023. Is there any responsibility thrust upon him as auditor of
the company?

Answer :

In the given situation, dividend has been proposed by Board of Director on 17th April,
2023. It is an example of condition that arose after the reporting period. No liability
exists for the company on reporting date because there is no obligation to pay at the
reporting date in accordance with Ind AS 1.

Therefore, above situation does not require recognition of above proposed dividend in
financial statements. It is an example of events which does not require adjustments.
However, it should be disclosed in financial statements in notes to accounts. Therefore,
it should be ensured that it is disclosed in notes to accounts in financial statements. He
should verify in accordance with SA 560 that it is so disclosed in notes to accounts.

51 | P a g e BY CA Sanidhya Saraf
SA 570 “ GOING CONCERN”

Meaning and significance of Going Concern

Going concern is one of the fundamental accounting assumptions. The enterprise is

normally viewed as a going concern, that is, as continuing in operation for the foreseeable
future. It is assumed that the enterprise has neither the intention nor the necessity of
liquidation or of curtailing materially the scale of the operations.

Under the going concern basis of accounting, the financial statements are prepared on
the assumption that the entity is a going concern and will continue its operations for the
foreseeable future.

When the use of the going concern basis of accounting is appropriate, assets and
liabilities are recorded on the basis that the entity will be able to realize its assets and
discharge its liabilities in the normal course of business.

When an enterprise is not viewed as a going concern, the financial statements are
prepared on liquidation basis. For example, inventories may need to be written down as
these may be sold for a lower price. Assets may have to be recorded at the likely prices
they will fetch.

Responsibilities for assessment of entity’s ability to continue as Going concern

The preparation of the financial statements requires management to assess the entity’s
ability to continue as a going concern even if the financial reporting framework does not
include an explicit requirement to do so.

Management’s assessment of the entity’s ability to continue as a going concern involves

making a judgment, at a particular point in time, about inherently uncertain future
outcomes of events or conditions.

Responsibilities of the Auditor

❖ The auditor’s responsibilities are to obtain SAAE regarding and conclude on the
appropriateness of management’s use of the going concern basis of accounting in
the preparation of the financial statements and

❖ To conclude, based on the audit evidence obtained, whether a material uncertainty

exists about the entity’s ability to continue as a going concern.

❖ However, as described in SA 200, the potential effects of inherent limitations on

the auditor’s ability to detect material misstatements are greater for future
events or conditions that may cause an entity to cease to continue as a going
concern.

52 | P a g e BY CA Sanidhya Saraf
❖ The auditor cannot predict such future events or conditions. Accordingly, the
absence of any reference to a material uncertainty about the entity’s ability to
continue as a going concern in an auditor’s report cannot be viewed as a guarantee
as to the entity’s ability to continue as a going concern.

Indicators that may cast a significant doubt on going concern

The following are examples of events or conditions that, individually or collectively, may
cast significant doubt on the entity’s ability to continue as a going concern.

Financial Indicators

(i) Net liability or net current liability position.

(ii) Fixed-term borrowings approaching maturity without realistic prospects of

renewal or repayment; or excessive reliance on short-term borrowings to finance
long-term assets.

(iii) Indications of withdrawal of financial support by creditors.

(iv) Negative operating cash flows indicated by historical or prospective financial

statements.

(v) Adverse key financial ratios.

(vi) Substantial operating losses or significant deterioration in the value of assets used
to generate cash flows.

(vii) Arrears or discontinuance of dividends.

(viii) Inability to pay creditors on due dates.

(ix) Inability to comply with the terms of loan agreements.

(x) Change from credit to cash-on-delivery transactions with suppliers.

(xi) Inability to obtain financing for essential new product development or other
essential investments.

Operating Indicators

(i) Management intentions to liquidate the entity or to cease operations.

(ii) Loss of key management without replacement.

(iii) Loss of a major market, key customer(s), franchise, license, or principal supplier(s).

(iv) Labour difficulties.

(v) Shortages of important supplies.

(vi) Emergence of a highly successful competitor.

Other Indicators

53 | P a g e BY CA Sanidhya Saraf
(i) Non-compliance with capital or other statutory or regulatory requirements, such
as solvency or liquidity requirements for financial institutions.

(ii) Pending legal or regulatory proceedings against the entity that may, if successful,
result in claims that the entity is unlikely to be able to satisfy.

(iii) Changes in law or regulation or government policy expected to adversely affect

the entity.

(iv) Uninsured or underinsured catastrophes when they occur.

Risk Assessment Procedures and Related Activities/Requirements as per SA 570

When performing RAP as required by SA 315, the auditor shall consider whether events
or conditions exist that may cast significant doubt on the entity’s ability to continue as
a going concern. In so doing, the auditor shall determine whether management has already
performed a preliminary assessment of the entity’s ability to continue as a going concern
and: -

(a) If such an assessment has been performed, the auditor shall discuss the
assessment with management and determine whether management has identified
events or conditions that, individually or collectively, may cast significant doubt on
the entity’s ability to continue as a going concern and, if so, management’s plans to
address them or

(b) If such an assessment has not yet been performed, the auditor shall discuss with
management the basis for the intended use of the going concern basis of accounting,
and inquire of management whether events or conditions exist that, individually or
collectively, may cast significant doubt on the entity’s ability to continue as a going
concern.

The auditor shall remain alert throughout the audit for audit evidence of events or
conditions that may cast significant doubt on the entity’s ability to continue as a going
concern.

Evaluating Management assessment of Going Concern

❖ The auditor shall evaluate management’s assessment of the entity’s ability to

continue as a going concern.

❖ In evaluating management’s assessment of the entity’s ability to continue as a going

concern, the auditor shall cover the same period as that used by management to
make its assessment as required by the applicable financial reporting framework,
or by law or regulation if it specifies a longer period.

❖ If management’s assessment of the entity’s ability to continue as a going concern

covers less than twelve months from the date of the financial statements, the

54 | P a g e BY CA Sanidhya Saraf
 auditor shall request management to extend its assessment period to at least twelve
months from that date.

Additional Audit Procedures When events or conditions are identified

If events or conditions have been identified that may cast significant doubt on the
entity’s ability to continue as a going concern, the auditor shall obtain sufficient
appropriate audit evidence to determine whether or not a material uncertainty exists
related to events or conditions that may cast significant doubt on the entity’s ability to
continue as a going concern through performing additional audit procedures, including
consideration of mitigating factors.

(a) Where management has not yet performed an assessment of the entity’s ability to
continue as a going concern, requesting management to make its assessment.

(b) Evaluating management’s plans for future actions in relation to its going concern
assessment, whether the outcome of these plans is likely to improve the situation
and whether management’s plans are feasible in the circumstances.

(c) Where the entity has prepared a cash flow forecast, and analysis of the forecast
is a significant factor in considering the future outcome of events or conditions in
the evaluation of management’s plans for future actions:

(i) Evaluating the reliability of the underlying data generated to prepare the
forecast; and

(ii) Determining whether there is adequate support for the assumptions

underlying the forecast.

(d) Considering whether any additional facts or information have become available since
the date on which management made its assessment.

(e) Requesting written representations from management and, where appropriate,

those charged with governance, regarding their plans for future actions and the
feasibility of these plans.

Examples of Audit Procedures when events or conditions are identified

❖ Analysing and discussing cash flow, profit and other relevant forecasts with
management

❖ Analysing and discussing the entity’s latest available interim financial

statements

❖ Reading the terms of debentures and loan agreements and determining whether any
have been breached

55 | P a g e BY CA Sanidhya Saraf
❖ Reading minutes of the meetings of shareholders, those charged with governance
and relevant committees for reference to financing difficulties

❖ Inquiring of the entity’s legal counsel regarding the existence of litigation and
claims

❖ Performing audit procedures regarding subsequent events to identify those that

either mitigate or otherwise affect the entity’s ability to continue as a going
concern

❖ Confirming the existence, terms and adequacy of borrowing facilities

“Material Uncertainty relating to Going Concern Paragraph”

When the auditor concludes that the use of the going concern assumption is appropriate
in the circumstances but a material uncertainty exists the auditor shall determine
whether the financial statements:

(a) adequately describe the principal events that may cast significant doubt on the
entity’s ability to continue as a going concern and management’s plans to deal with
these events or conditions; and

(b) disclose clearly that there is a material uncertainty related to going concern and
therefore that it may be unable to realize its assets and discharge its liabilities in
the normal course of business.

If adequate disclosure is made in the financial statements, the auditor shall express
an unmodified opinion and the auditor’s report shall include a separate section under
the heading “material uncertainty related to going concern” to draw attention to the
note in the financial statements and state that these events or conditions indicate that
a material uncertainty exists that may cast significant doubt on the entity’s ability to
continue as a going concern and that auditor’s opinion is not modified in respect of the
matter.

Reporting Responsibility as per SA 570

Going Concern Assumption Auditor's Opinion

Use of Going Concern Basis of Unmodified Opinion

Accounting in Financial Statement is
Appropriate
Use of Going Concern Basis of Unmodified Opinion but disclose in
Accounting in Financial Statement is “Material Uncertainty relating to Going
Appropriate, but material uncertainty Concern” Para to highlight material
exists and adequate disclosure of

56 | P a g e BY CA Sanidhya Saraf
 material uncertainty is made in Financial uncertainty. (Earlier disclosure was
Statements required in EOM Paragraph).

Use of Going Concern Basis of Qualified or Adverse Opinion.

Accounting in Financial Statement is
Appropriate, but material uncertainty
exists and adequate disclosure of
material uncertainty is not made in
Financial Statements
Use of Going Concern Basis of Adverse Opinion.
Accounting in Financial Statement is In
Appropriate

Note (w.e.f. 1.4.2017) :

Material uncertainty related to events or conditions that may cast significant
doubt on the entity’s ability to continue as a going concern is itself a key audit
matter but to be reported as per SA 570.

Space for Notes

57 | P a g e BY CA Sanidhya Saraf
 Test Your Understanding Questions
Question 1

CA. Somya is auditor of a company engaged in rearing of poultry birds and obtaining
eggs therefrom. The company has performed very well since its incorporation in
2013. Its sales had also grown and the company had expanded its market from the
native northern state of promoters to far-flung areas in eastern parts of country.

However, since last two years, company’s fortunes have nosedived. First, due to the
effects of the pandemic and then due to recurrent outbreaks of bird flu thrice in
a span of two years. The company’s sales have dipped from around ₹ 50 crores to
₹10 crores. Further, a major part of its livestock was also wiped off during bird
flu. She is not optimistic about the going concern assumption followed by
management.

The management now wants to start with new batches of birds. The earlier working
capital facilities of the company granted by bank have also been restructured to
support the business. She was informed that the repayments of restructured working
capital term loans are to begin from ensuing year. No fresh credit facilities have
been granted by the bank. The company also plans longer credits from animal feed
suppliers.

The company plans to take additional measures to prevent the safety of live stocks,
including aggressive vaccination, preventive health check-ups, and more frequent
visits of veterinary staff.

The villagers in surrounding areas have accused the company of spreading air
pollution.

The management has prepared a cash flow forecast for her examination. Discuss
the approach to be adopted by her in examining the “going concern” assumption
keeping in view above with specific reference to cash flow forecast.

Answer :

In accordance with SA 570,"Going Concern”, if events or conditions have been identified

that may cast significant doubt on the entity’s ability to continue as a going concern, the
auditor shall obtain sufficient appropriate audit evidence to determine whether or not a
material uncertainty exists related to events or conditions that may cast significant
doubt on the entity’s ability to continue as a going concern by performing additional audit
procedures, including consideration of mitigating factors.

58 | P a g e BY CA Sanidhya Saraf
Where the entity has prepared a cash flow forecast, and analysis of forecast is a
significant factor in considering the future outcome of events or conditions in the
evaluation of management’s plans for future actions, it includes

❖ Evaluating the reliability of the underlying data generated to prepare the forecast
and

❖ Determining whether there is adequate support for the assumptions underlying the
forecast.

In the above situation, cash flow forecast has been prepared by management. Therefore,
she should carefully evaluate assumptions underlying forecast and also reliability of data
to prepare the forecast. For example: -

❖ She should verify assumption regarding fresh batch of livestock. The bankers have
not provided fresh credit facilities. How funds from the same would be arranged?
The reasonability of assumption in cash flow forecast needs to be looked into.

❖ She needs to check loan sanction letters/agreement to verify when repayments are
beginning to see their accuracy in cash flow forecasts.

❖ The company plans to avail longer credits from animal feed suppliers. In the
downturn situation of the company, how would suppliers extend longer credits? This
is going to have effect on the cash flow forecast.

❖ Whether company has accounted for increased expenditure on preventive health

check-up, vaccination and more frequent visits of veterinary staff in cash flow
forecast.

❖ Since villagers have accused the company of spreading air pollution, how does the
company plan to deal with the same? Whether any proposed expenditure in this
regard is accounted for in the cash flow statement. She may also consider other
implications of this issue and possible effect on cash flows.

59 | P a g e BY CA Sanidhya Saraf
SA 580 “WRITTEN REPRESENTATION ”

What is written representation?

A written statement by management provided to the auditor to confirm certain matters

or to support another audit evidence. Financial statements, supporting books, records,
assertions do not constitute written representation.

Important Note :
Written representation provide necessary audit evidence for the purpose of SA
[Link] they do not provide sufficient and appropriate audit evidence. Auditor
cannot form his opinion solely on written representation.

Objectives of auditor

1. To obtain written representation from the management or TCWG that they believe
that they have fulfilled their responsibility for the preparation of the financial
statements and for the completeness of the information provided to the auditor.

2. To support other audit evidence relevant to the financial statements or specific

assertions in the financial statements by means of written representations.

3. To respond appropriately to written representation provided by management/

TCWG.

Key Points
❖ As per Section 143 of Co. Act 2013, Auditors are required to report as to whether
they have obtained information and explanation as may be necessary for purpose of
audit evidence. WR is one of the ways of obtaining such information.

❖ Written Representation does not relieve the auditor of reporting responsibility.

The auditor will have to perform Substantive Procedures irrespective of the fact
that Written Representation has been received.

❖ WR should be in the form of a representation letter addressed to Auditor. WR shall

be obtained for all financial statements and period(s) referred in Auditor’s Report.
Date of WR shall be as near as practicable to the date of the Auditor’s report.

❖ If management does not provide WR, the responsibilities of auditor are as

under

(i) Discuss the matter with management.

60 | P a g e BY CA Sanidhya Saraf
 (ii) Re-evaluate the integrity of the management and evaluate its potential
effect. (If doubt about managements integrity or WR not provided, give
disclaimer.)

(iii) Take possible actions. Also consider the effect on auditors’ opinion in audit
report. (Disclaimer since WR not provided.)

(iv) Additionally, not providing of WR will be regarded as limitations on scope of

auditor The auditor shall communicate the same to TCWG as per SA 260.

❖ If Written Representation is inconsistent with other audit evidences obtained,

the auditor shall perform additional audit procedures to resolve the matter. If the
matter remains unsolved, reconsider the reliability of WR. Example. Management
provides Written Representation, that there are no frauds in organization. Other
evidences indicate existence of fraud.

❖ Its professional judgement of auditor to obtain WR. Some standards where WR to

be obtained mandatorily in writing.(SA -250, SA-501, SA-505, SA-540, SA-550,
SA-560, SA-570).

Date & Periods covered by Written Representation

❖ The date of Written Representation shall be as near as practicable to, but not
after, the date of the auditor's report on the financial statements.

❖ Written Representation shall be for all financial statements and periods referred
to in the auditor's report.

Basic elements of a Management Representation Letter

(i) It is a written statement provided to the auditor to confirm certain matter or to

support another audit evidence.

(ii) It does not include Financial Statements, assertions, or supporting books and
records.

(iii) The auditor should request Management to provide a Written Representation that
it has fulfilled its responsibility for preparation of Financial Statement in
accordance with applicable Financial Reporting Framework.

(iv) Written Representation shall be for all financial statements and periods referred
to in Audit Report.

Disclaimer of Opinion in case of non-reliability of WR

(a) The auditor concludes that there is sufficient doubt about the integrity of
management such that the written representations about management fulfilling its

61 | P a g e BY CA Sanidhya Saraf
 responsibilities regarding preparation of financial statements and about
information provided and completeness of transactions are not reliable; or

(b) Management does not provide the written representations relating to fulfilling its
responsibilities regarding preparation of financial statements and about
information provided and completeness of transactions.

Space for Notes

62 | P a g e BY CA Sanidhya Saraf
 Test Your Understanding Questions
Question 1

CA Chandni Khanna is going to complete audit of a company within next few days.
She has performed necessary audit procedures like inquiry of management personnel,
reading minutes of meetings held after date of financial statements, going through
books of accounts after date of financial statements to make sure that all
subsequent events before signing audit report have been considered by her. Still,
she wants to be certain that no such events have been left out. What she should
do in such a situation? Also, discuss the rationale of doing so.

Answer :

She has already performed necessary audit procedures like inquiry of management
personnel, reading minutes of meetings after date of financial statements and going
through books after date of financial statements.

Now, she should request management and, where appropriate, those charged with
governance, to provide a written representation in accordance with SA 580, “Written
Representations” that all events occurring subsequent to the date of the financial
statements and for which the applicable financial reporting framework requires
adjustment or disclosure have been adjusted or disclosed.

The rationale of obtaining written representations is that even after performing above
said procedures, she may not come to know all subsequent events. Therefore, it is
necessary from an auditor’s point of view to obtain acknowledgment from management in
the form of Written representations that all such events for which the applicable
financial reporting framework requires adjustment or disclosure have been adjusted or
disclosed.

63 | P a g e BY CA Sanidhya Saraf
3. Risk Assessment and Internal Control (Audit of Automated
Environment)
1. Impact of IT related risks

The above risks have to be mitigated. If not mitigated, such risks, could have an
impact on audit in different ways discussed as under: -

Impact on substantive checking

Inability to address above discussed risks may lead to non-reliance of data obtained from
systems. In such a case, all information, data, and reports would have to be tested
thoroughly for their completeness and accuracy. It could lead to increased substantive
checking i.e., detailed checking.

Impact on controls

It can lead to non-reliance on automated controls, system calculations and accounting

procedures built into applications. It may result in additional audit work.

Impact on reporting

Due to regulatory requirements in respect of internal financial controls (discussed in

subsequent paras) in case of companies, it may lead to modification of auditor’s report in
some instances.

2. Testing methods in an automated environment

Having learnt about the various IT risks and controls, let us understand the different
ways testing is performed in an automated environment. There are basically four types
of audit tests that should be used. These are inquiry, observation, inspection and
reperformance.

Inquiry is the most efficient audit test but it also gives the least audit evidence. Hence,
inquiry should always be used in combination with any one of the other audit testing
methods. Inquiry alone is not sufficient. Reperformance is most effective as an audit
test and gives the best audit evidence. However, testing by reperformance could be very
time consuming and least efficient most of the time.

Generally, applying inquiry in combination with inspection gives the most effective and
efficient audit evidence. However, which audit test to use, when and in what combination
is a matter of professional judgement and will vary depending on several factors including
risk assessment, control environment, desired level of evidence required, history of
errors/misstatements, complexity of business, assertions being addressed etc. The
auditor should document the nature of test (or combination of tests) applied along with
the judgements in the audit file.

64 | P a g e BY CA Sanidhya Saraf
When testing in an automated environment, some of the more common methods are as
follows:

❖ Obtain an understanding of how an automated transaction is processed by doing a

walkthrough of one end-to-end transaction using a combination of inquiry,
observation and inspection.

❖ Observe how a user processes transactions under different scenarios.

❖ Inspect the configuration defined in an application.

Where the general IT controls are not existing or existing but ineffective, the auditor
should assess the impact of IT risks and complexity of the automated environment in
which the business operations take place and plan alternative audit procedures in order
to rely on the system-based information.

[Link] IT controls

General IT controls are policies and procedures that relate to many applications and
support the effective functioning of application controls. General IT-controls that
maintain the integrity of information and security of data commonly include controls over
the following:

❖ Data centre and network operations

❖ Program change

❖ Access security

❖ Application system acquisition, development, and maintenance (Business

Applications)

These are IT controls generally implemented to mitigate the IT specific risks and applied
commonly across multiple IT systems, applications and business processes. Hence,
General IT controls are known as “pervasive” controls or “indirect” controls.

(a) Controls over Data centre and network operations

The objective of controls over Data centre and network operations is to ensure that
production systems are processed to meet financial reporting objectives. These include
activities such as overall management of computer operation activities, preparing,
scheduling and executing of batch jobs, monitoring, storage and retention of backups.
Such controls also help in performance monitoring of operating system, database and
networks. Matters such as BCP (Business continuity plan) and DRP (Disaster recovery
plan) which deal with recovery from failures are also taken care of by such type of
controls.

65 | P a g e BY CA Sanidhya Saraf
(b) Program Change

The objective of program change controls is to ensure that modified systems continue
to meet financial reporting objectives. It includes activities such as change management
process, recording, managing and tracking change requests, making and testing changes
etc.

(c) Access Security

The objective of controls over access security is to ensure that access to programs and
data is authenticated and authorized to meet financial reporting objectives. It includes
activities such as security organization & management, security policies & procedures,
application security, data security, operating system security, network security, physical
security etc.

(d) Application system acquisition, development, and maintenance

The objective of such controls is to ensure that systems are developed, configured and
implemented to meet financial reporting objectives. It includes overall management of
development activities, project initiation, analysis & design, construction, testing &
quality assurance etc.

4. Special Features of Audit of Different Type of Entities

1. AUDIT OF TRUSTS AND SOCIETIES

There are three basic legal forms of charitable entities under Indian law: trusts,
societies, and section 8 companies.

Applicable laws

• If the charitable institution is formed as a Public Trust, it will be governed by the

Public Trust Act applicable in the relevant State. However, if no Public Trust Act
exists in that state, then the applicable legislation will be the Indian Trusts Act,
1882.
• If the charitable institution is formed as a Society, it will be governed by the
Societies Registration Act, 1860.
• Apart from the above legislations, the Income Tax Act 1961 will be applicable to
charitable institutions.

Requirement to maintain Books of Accounts and Financial Statements

1. Charitable and religious trusts should maintain regular books of account.

66 | P a g e BY CA Sanidhya Saraf
The Auditor is required to report whether the Trust has maintained proper books of
accounts, including the following, namely ;

i. Cash book

ii. Ledger

iii. Journal

iv. Copies of bills issued

v. any other book that may be required to be maintained in order to give a true
and fair view

2. Every year the trust has to prepare financial statements like the Balance
sheet and Income and expenditure statements based on its books of accounts. The
format for preparation and presentation of financial statements is prescribed
under respective state laws.

Auditor’s Responsibility

1. The auditor should obtain the list of the books and records maintained by the Trust.
The list should be matched with the above requirement for maintaining mandatory
books and records as may be applicable in each case. The auditor should then verify
the records for the purpose of its audit.

2. Comply with the Accounting Standards (AS) and Standards on Auditing (SA)
prescribed and made mandatory by the Institute of Chartered Accountants of
India.

3. Conduct the audit by applying the generally accepted auditing procedures, which
are applicable for any other audit.

4. Apply the test checks depending on the evaluation of internal control procedures
followed by the assessee.

5. Keep in mind the concept of materiality depending upon the circumstances of each
case.

6. Maintain working papers to provide evidence that opinion expressed by the auditor
is based on the examination made by him.

Audit Considerations in Audit of TRUSTS & Societies

(A) Trusts

The auditor has to ascertain :-

(a) whether accounts are maintained regularly and in accordance with the
provisions of the applicable Act and the rules;

67 | P a g e BY CA Sanidhya Saraf
 (b) whether receipts and disbursements are properly and correctly shown in the
accounts and money received in the form of donations is being applied as per
the objects of the trust and as per the specific direction by the donor, if any.

(c) whether the cash balance and vouchers in the custody of the manager or
trustee on the date of audit were in agreement with the accounts;

(d) whether all books, deeds, accounts, vouchers or other documents or records
required by the auditor were produced before him;

(e) whether a register of movable and immovable properties is maintained

(f) whether the manager or trustee or any other person required by the auditor
to appear before him did so and furnished the necessary information required
by him;

(g) whether any property or funds of the Trust were applied for any object or
purpose other than the object or purpose of the Trust;

(h) whether the maximum and minimum number of the trustees is maintained;

(i) whether the minute books of the proceedings of the meeting is maintained

(j) whether any of the trustees has any interest in the investment of the trust

(k) whether anonymous donations received are properly accounted for and
donations in cash are not received by the Trust over and above the prescribed
limit of accepting cash donations.

(l) whether the irregularities pointed out by the auditors in the accounts of the
previous year have been duly complied with by the trustees during the period
of audit

(B) Societies

The auditor’s considerations;

(a) The auditor should ascertain governing legislation of society i.e. Societies
Registration act, 1860 or any applicable state law under which it has been
registered.
(b) Object of society needs to be ascertained from its memorandum of
association/bye laws. Its activities may include charitable, social, cultural or
educational activities.
(c) Ascertain whether society has obtained registration under Foreign
Contribution (Regulation) Act, 2010 in case foreign contributions are received.
(d) Ascertain whether it is also registered under relevant provisions of Income
Tax Act which may make it eligible for tax exemption on its income.

68 | P a g e BY CA Sanidhya Saraf
 (e) Obtain an understanding of internal control to design audit procedures with
special reference to donations and various expenditures incurred in relation
to achievements of objects of society.
(f) Evaluate appropriateness of accounting policies with special reference to
donations and grants. Also evaluate accounting policies in relation to specific
grants.
(g) In case some expenses incurred by society are reimbursed by donors,
ascertain how these are recognized in financial statements.
(h) Ascertain, if any inquiry has been held by Registrar under applicable law in the
working or financial condition of society and its implications for auditor’s
opinion.

Space for Notes

69 | P a g e BY CA Sanidhya Saraf