Auditing and Assurance
A Roadmap of an Audit Engagement
An outline of an audit engagement and resources to support your technical needs
The below summarizes some of the essential aspects of an audit engagement, along with relevant examples of key inspection findings related to the application of auditing and accounting standards, as identified by the Accounting and Financial Reporting Council (AFRC) in their inspection reports. It also highlights technical resources offered by the HKICPA and other professional bodies that correspond to the AFRC inspection findings. Auditors are strongly encouraged to thoroughly study the AFRC's inspection findings and make use of relevant resources such as those provided in this document to deepen their knowledge and understanding of pertinent topics, in order to mitigate any possible deficiencies and ensure that their professional activities are carried out appropriately and in accordance with relevant requirements.
This page does not encompass all areas related to an audit engagement or financial reporting requirements. Auditors should ensure their professional activities are carried out in accordance with applicable standards and requirements. Apparent failures by practices to comply with relevant regulatory and professional requirements are liable to be enquired into by the AFRC and disciplinary action may result.
Ethics
|
⚠ Examples of AFRC Inspection Findings
|
💻 Resources and Support
|
- Lack of evaluation of whether the provision of non-assurance services (NAS) will give rise to independence threats or even prohibited under the Code of Ethics for Professional Accountants (Code)
- A general lack of policies and procedure for evaluating long associations
- Partner rotation
- Identification and evaluation of firm's relationships with audit clients and their related entities
|
|
Quality Management
|
⚠ Examples of AFRC Inspection Findings
|
💻 Resources and Support
|
- Established risk assessment process, policies and procedures based on the HKICPA Quality Management Manual with only limited modifications; did not properly identify all the quality risks specific to their firms or were unable to explain why certain quality risks were relevant to them and how their policies and procedures could address those risks
- Firms' policies and procedures not customized to address the specific quality risks associated with their circumstances
- Insufficient assessment or procedures for client and engagement acceptance or continuance
- Lack of thorough assessment in evaluating the complexity and risk profile of prospective PIE engagements before accepting them
- Audit fees were agreed at levels that were not commensurate with resources generally required for delivering audit quality
- Engagement partners' lack of sufficient experience in leading complex and high-risk PIE audits
- Not adequately monitoring partner workloads
- Not appropriately direct, supervise and review the work of engagement teams
- Lack of root cause analysis or remediation plan for identified deficiencies
- Insufficient internal trainings and monitoring of staff's external trainings
- Lack of controls over personal confirmations of independence
- Insufficient controls to prevent damage and unauthorized alternation to assembled engagement documentation
|
|
Audit Quality and Professional Skepticism
|
⚠ Examples of AFRC Inspection Findings
|
💻 Resources and Support
|
- Lack of guidelines or ineffective audit approach, particular for high risk areas
- Lack awareness of the fundamental requirement to obtain audit evidence regarding the accuracy and completeness of information produced by audit clients before placing reliance on them
- Not considering examining relevant external evidence but relied solely on checking the sales invoices or client-provided monthly statements without verifying the underlying information
- Insufficient challenge of key assumptions adopted by management
- Insufficient challenge or over-reliance on management representations or information provided by the entity without adequately evaluating the reliability and relevance of the information used by management
- Did not perform basic audit procedures such as obtaining bank confirmations but simply issued modified audit opinions to circumvent proper audit procedures
- Lack of evaluation and consideration of all available and/or contradictory evidence
- Insufficient challenge of the business rationale for unusual transactions and the associated risk of fraud
|
* These guides pre-date ISQMs/HKSQMs, ISA/HKSA 540 (Revised), ISA/HKSA 315 (Revised 2019) and ISA/HKSA 600 (Revised).
|
Audit Documentation
|
⚠ Examples of AFRC Inspection Findings
|
💻 Resources and Support
|
- Insufficient details of the purpose, extent, timing and nature of the tests and the source documents examined
- Inadequate documentation on matters considered or detailed procedures performed in reaching the conclusion
- Audit working papers contained information which did not agree with those disclosed in the audited financial statements
- Failure to assemble all relevant documentation or evidence in the final audit file referred to during the AFRC's inspections
- Alteration of archived audit working papers and backdating of the signoff dates
|
|
Audit Planning
|
⚠ Examples of AFRC Inspection Findings
|
💻 Resources and Support
|
- Insufficient time spent on audit planning
|
|
Risk Assessment Procedures
|
⚠ Examples of AFRC Inspection Findings
|
💻 Resources and Support
|
- Insufficient risk assessment
- Inadequate understanding of client's business, leading to findings in audit risk assessment and the inappropriate design of audit procedures
- Not obtaining a sufficient understanding of the entity's business and internal controls
- Not planning and designing appropriate audit procedures responsive to the assessed risk
|
|
Audit Sampling / External Confirmations
|
⚠ Examples of AFRC Inspection Findings
|
💻 Resources and Support
|
- Failure to test the completeness of the population from which audit samples were selected
- Selected only the last five sales invoices before the year-end and the first five after for the sales cut-off test, without a sufficiently justified basis for this limited sample
- Placing inappropriate reliance on the results of other audit procedures and reducing the extent of tests of details
- Not properly verifying the authenticity of the confirming parties or ensuring appropriate controls over the entire confirmation process
- Not critically evaluating whether the confirming parties were the ones who returned the confirmations by e-mail or fax
- Failure to verify whether the respondents were authorized to respond to the confirmation requests
- Not performing alternative procedures where there were no responses to the confirmation requests
|
* These guides pre-date ISQMs/HKSQMs, ISA/HKSA 540 (Revised), ISA/HKSA 315 (Revised 2019) and ISA/HKSA 600 (Revised).
|
Journal Entry (JE) Testing
|
⚠ Examples of AFRC Inspection Findings
|
💻 Resources and Support
|
- Insufficient evaluation of the appropriateness, completeness and accuracy of consolidation adjustments and reclassifications, and whether they reflect any fraud risk factors or management bias
- Failure to make use of the understanding of the entity's financial reporting process to identify the types of JE for testing
- Failure to evaluate the completeness of the JE population subject to test
- Failure to identify or test JE with fraudulent characteristics, such as unauthorized or unusual transactions or unusual account combinations
- Failure to evaluate the appropriateness of applying a monetary threshold to select JE
- Insufficient documentation of the details of the selected JE and the audit work performed
|
|
Related Party (RP) Transactions
|
⚠ Examples of AFRC Inspection Findings
|
💻 Resources and Support
|
- Insufficient understanding and evaluation of the entity's policies and procedures for identifying RP and RP transactions
- Insufficient audit procedures to address the completeness of RP transaction disclosures.
|
|
Opening Balances
|
⚠ Examples of AFRC Inspection Findings
|
💻 Resources and Support
|
- Failure to evaluate the appropriateness of consolidation adjustments from previous year
- Not obtaining sufficient appropriate audit evidence on the existence and valuation of significant assets in the opening balance
- Failure to evaluate whether opening balances contain a misstatement that could materially affect the current period, where the outgoing auditor expressed a disclaimer
|
|
Going Concern
|
⚠ Examples of AFRC Inspection Findings
|
💻 Resources and Support
|
- Failure to critically evaluate the feasibility and outcome of management's plan for future action in relation to the going concern assessment
- Failure to evaluate management's judgement on the entity's ongoing financial covenants compliance despite breach indicators during the forecast period
- Failure to critically consider what events or conditions might cast significant doubt on the entity's ability to continue as a going concern and obtain sufficient appropriate audit evidence
- Insufficient evaluation of the adequacy of the disclosures on events or conditions which may cast significant doubt on the entity's ability to continue as a going concern and management's mitigating plan
- Failure to establish an adequate basis for a disclaimer of opinion
|
|
Group Audits
|
⚠ Examples of AFRC Inspection Findings
|
💻 Resources and Support
|
- Insufficient involvement in the work of the component auditors by the group engagement teams
- Insufficient documentation on how the group engagement teams evaluate the work performed by the component auditors
|
|
Accounting Estimates
|
⚠ Examples of AFRC Inspection Findings
|
💻 Resources and Support
|
- Failure to critically challenge the basis of management's key assumptions and the probability of alternative scenarios
- Insufficient challenge on the reliability and relevance of information used by the management
- Not considering whether the discount rate reflects the asset's specific risks and time value of money
- Not performing procedures on significant assumptions other than inquiry of management and reviewing a business proposal prepared by management
- Over-reliance on information provided by management in the impairment assessment of assets
|
|
Use of Auditor's Expert
|
⚠ Examples of AFRC Inspection Findings
|
💻 Resources and Support
|
- Not properly evaluating the objectivity of the appointed valuation expert
- Not evaluating and performing additional procedures to address the caveats made by the auditor's expert and consequently placing undue reliance on their work
- Not having an agreement with the auditor's expert on the scope of work and the specific procedures to be performed
- Not having internal firm policies or guidance on the extent of documentation of the expert's work
- Not adequately evaluating the appropriateness of the market comparables selected by the auditor's experts
- Simply checking the accuracy of input data used by the auditor's expert, without evaluating whether the data was relevant, complete and accurate
|
- HKICPA E-learning:
- ICAEW:
|
Evaluating the Application of Accounting Standards
This session highlights some of the issues on the application of accounting standards on revenue recognition and expected credit losses identified by the AFRC in their inspection reports. It also summarizes the Institute's pertinent technical support concerning these topics. Auditors should thoroughly evaluate the application of all accounting standards that are relevant to the financial statements being audited.
Revenue Recognition
|
⚠ Examples of AFRC Inspection Findings
|
💻 Resources and Support
|
- Limited understanding of clients' revenue recognition process
- Not adequately evaluate the potential risks associated with revenue or profit manipulation across different financial years (cut-off risk)
- Insufficient evaluation of management's accounting for the performance obligations promised in contracts
- Failure to critically evaluate management's assessment of whether the entity was acting as a principal or an agent
- Insufficient understanding and evaluation of contract terms and conditions, including those related to variable consideration
- Insufficient evaluation of the appropriateness of management's determination as to when the control of goods or services was transferred to customers and the method used by management in measuring the progress towards complete satisfaction of a performance obligation to recognize revenue
|
|
Expected Credit Loss (ECL)
|
⚠ Examples of AFRC Inspection Findings
|
💻 Resources and Support
|
- Failure to test the reliability of information prepared by management for ECL assessment
- Poor or no evaluation of management's assessment of the reliability of financial guarantees or valuations of pledged assets
- Insufficient procedures for verifying the accuracy and completeness of historical repayment records provided by management
- A lack of evaluation of management's assessment of changes in credit risk for a financial asset since initial recognition
- Insufficient evaluation of the appropriateness of the probability of default
- Lack of evaluation of management's rebuttal of the presumption that default would occur when a financial asset was 90 days past due and whether management's use of more lagging default criterion is reasonable and supportable
- Failure to challenge management on the correlation between selected macroeconomic factors such as GDP and the entity's historical default rate in evaluating the appropriateness of a forward-looking adjustment
|
|
Forming an Auditor's Opinion / Key Audit Matters
|
⚠ Examples of AFRC Inspection Findings
|
💻 Resources and Support
|
- Failure to establish an adequate basis for a disclaimer of opinion
- Not performing all the audit procedures described in the auditor's report to address Key Audit Matters (KAMs)
- Not sufficiently documenting the determination of KAMs, including the rationale for matters requiring significant auditor attention and which of those matters are of most significance in the audit and therefore are KAMs
- Insufficient description of how that KAM was addressed
|
|
Financial Reporting
|
💻 Resources and Support
|
|
|
Sustainability Reporting
|
💻 Resources and Support
|
|
|
Management Accounting & Others
|
💻 Resources and Support
|
|
|
Listing Rules by the Stock Exchange of Hong Kong
|
💻 Resources and Support
|
|
|
Regulated Reporting
|
💻 Resources and Support
|
|
|
^ The Institute has become a corporate member of ICAEW's Audit and Assurance Faculty. This allows our members to continue accessing the full range of online audit and assurance resources available to ICAEW members.
Please contact Member Engagement Department at me@hkicpa.org.hk / 2287 7285 for subscription of the ICAEW online audit and assurance resources. Kindly note that enrolments will be processed on a first-come, first-served basis, and your name and email address will be shared with ICAEW for communication purposes.
Looking for more courses? Visit the event list and e-Learning Course website. Download the HKICPA Events app (iOS / Android) for our full range of events and digital programmes and enrol anytime, anywhere.
Last Updated: September 2024
