整理的ACCA科目P1 Professional Accountant笔记（NOTES)（8）

整理的ACCA科目P1 Professional Accountant笔记（NOTES)（8）
Auditor independence
(1) Internal audit is an independent objective assurance activity.
(2) To ensure that the activity is carried out objectivity, the internal auditor must have their independence protected.
(3) Independence is assured in part by having an appropriate structure with which internal auditors work.
(4) Independence is assured in part by the internal auditor following acceptable ethical and work standards.
(5) Internal auditors should be independent of executive management and should not have any involvement in the activities or systems that they audit.
(6) The head of internal audit should report directly to a senior director or the audit committee and should have direct access to the chairman of the board of directors, and to the audit committee, and should be accountable to the audit committee.
(7) The audit committee should approve the appointment and termination of appointment of the head of internal audit.
Threats to auditor independence
(Conceptual framework)
(1) Self-interest threat: Occurs when the audit firm or a member of the audit team could benefit from a financial interest in, or other self-interest conflict with an audit client.
(2) Self-review threat: Occurs when the audit firm, or an individual audit team member, is put in a position of reviewing subject matter for which the firm or individual was previously responsible, and which is significant in the context of the audit engagement.
(3) Advocacy threat: Occurs when the audit firm, or a member of the audit team, promotes, or may be perceived to promote, an audit client’s position or opinion.
(4) Familiarity threat: Occurs when, by virtue of a close relationship with an audit client, its directors, officers or employees, an audit firm or a member of the audit team becomes too sympathetic to the client’s interests.
(5) Intimidation threat: Occurs when a member of the audit team may be deterred from acting objectively and exercising professional skepticism by threats, actual or perceived, from the directors, officers or employees of an audit client.
(Specific threats)
(1) Financial interest in a client. Auditor owns shares in a client company.
(2) Loans and guarantees. Auditor loans money to or receives loans from a client company.
(3) Close business relationships. Auditor partner is director of a client company.
(4) Family and personal relationships. Director’s spouse is director of a client company.
(5) Employment with assurance clients. Member of assurance team accepts senior position at a client company.
(6) Size of fees. Audit firm has a significant amount of fees derived from one client.
(7) Gifts and hospitality. Auditor is provided with a free holiday by the client.
(Ethical threats to internal auditor)
(1) Pressure from an overbearing supervisor, manager or director, adversely affecting the accountant’s integrity.
(2) An auditor might mislead his employer as to the amount of experience or expertise he has in order to retain his position within the internal audit department.
(3) An auditor might be asker to act contrary to a professional standard. Divided loyalty between his supervisor and the required professional standards of conduct could arise.
Effectiveness of internal control
For a system of internal controls to be effective, it needs to successfully mitigate the business risks identified by management.
(1) A system of internal control plays a key role in managing significant risks to the achievement of business objectives.
(2) A sound system of internal control contributes significantly to protecting the investment of shareholders, safeguarding the assets of the company and ensuring compliance with laws and regulations.
(3) One of the objectives of an internal control system is to prevent or reduce the likelihood of fraud, and to detect fraud when it does occur.
(4) The internal control system should be reviewed continually and managed.
(5) The costs of a control should not exceed the likely benefits from reduced risks.
(6) Internal control systems should be an integral part of an organization.
(7) Effective financial controls, including the maintenance of proper accounting records, are an important element of a system of internal control.
Reporting on internal control
(1) Shareholders are entitled to know whether the internal control system is sufficient to safeguard their investment.
(2) The board should, at least annually, conduct a review of the effectiveness of internal control systems and report to shareholders.
(3) The review should cover all material controls, including financial, operational and compliance controls and risk management systems.
(4) The objectives of reporting are to recommend for changes, to assist management identification of risk and control issues, and to ensure action takes place.
(5) Reporting may be voluntary or required by statue.
Content of report
(1) Objectives of audit work.
(2) Summary of process undertaken by auditor.
(3) Major outcomes of the work and audit opinion.
(4) Recommendation and key action points.
Management information
(1) To enable management to identify and manage risks and monitor internal controls, they need adequate information.
(2) There should be effective channels of communication within the organization.
(3) Information should be provided regularly to management.
(4) Management need both internal and external information.
(5) The actual information provided to management varies, depending on different levels of management.
(6) There should be an adequate, integrated information system, supplying internal financial, operational and compliance data and relevant external data.
(7) The information should be reliable, timely and accessible, and provided in a consistent format (more understandable).
(8) The characteristics of information will change depending on the management level.
Risk
(1) Risk is the chance of exposure to the adverse consequences of uncertain future events. Risk can have an adverse impact on the organization’s objectives.
(2) For shareholder’s concerns, the relationship between the level of risks and the returns achieved should be addressed.
(3) The link between director’s remuneration and risks take should be addressed.
(4) Corporate governance requires: (a) Establish appropriate control mechanisms for dealing with the risks the organization faces; (b) Monitor risks by regular review and a wider annual review; (c) Disclose risk management processes.
(5) The elements of risk management include: (a) Risk identification; (b) Risk analysis; (c) Risk planning; (d) Risk monitoring.
(6) Risk management is the process of reducing the possibility of adverse consequences either by reducing the likelihood of an event or its impact.
(7) Management is responsible for establishing a risk management system in an organization.
(8) Management needs to monitor risk on an ongoing basis. For the reasons of (a) To identify new risks to determine an appropriate risk management strategy; (b) To identify changes to existing or known risks to amend the risk management strategy.
Strategic vs. Operational risks
(Strategic risks)
(1) Strategic risks relate to the fundamental and key decisions that the directors take about the future of the organization.
(2) Strategic risks are risks arising from the possible consequences of strategic decisions taken by the organization, such as merger and acquisition.
(3) Strategic risks should be identified and assessed at senior management and board or director level.
(Operational risks)
(1) Operational risks refer to potential losses that might arise in business operations. It is the risk of loss from a failure of internal business and control processes.
(2) Operational risks can be defined as including losses from internal control or audit inadequacies, information technology failures, human error, loss of key-person risk, fraud and business interruption events.
(Main differences)
(1) Strategic risks relate to the longer-term places of organization and relate with outside environment.
(2) Operational risks relate to what could go wrong on a day-to-day basis and are not generally very relevant to the key strategic decisions.