Our responses to the questions posed in the Exposure Draft are set out below.

Transcription

1 s Tel +44 (0) Fax +44 (0) Dorset Rise DX Blackfriars London EC4Y 8EN United Kingdom Technical Director International Auditing and Assurance Standards Board International Federation of Accountants 545 Fifth Avenue, 14 th Floor New York, New York USA Our ref Contact SS/288 Sylvia Smith 15 November 2010 Dear Sirs IAASB Exposure Draft, ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment and ISA 610 (Revised), Using We are pleased to have the opportunity to comment on the above Exposure Draft issued by the International Auditing and Assurance Standards Board (IAASB). Overarching comments Definition of Internal Audit We note and support the lack of definition of internal audit in these proposed standards. Management and Those Charged with Governance set up internal audit functions in their respective organizations to help them meet their objectives. Because this is determined on an entity-by-entity basis, it is unlikely that one definition will fit all situations. We believe that the description of the objectives and activities of the internal audit function in Proposed ISA 315.A102 and Proposed ISA provides sufficient guidance regarding who is a member of the internal audit function, and who is merely part of management of the entity. Response to specific questions Our responses to the questions posed in the Exposure Draft are set out below. 1. Do respondents believe it is appropriate to require the external auditor to make inquiries of appropriate individuals within the internal audit function? If so, do respondents agree such a requirement is appropriately placed in ISA 315? We support the requirement in Proposed ISA (a) to make inquiries of appropriate individuals within the internal audit function (if the function exists) to assist in identifying, a UK company limited by guarantee, is a member of KPMG International, a Swiss cooperative Registered in England No Registered office: Aquis Court, 31 Fishpool Street, St Albans, Hertfordshire AL3 4RF

2 risks of material misstatement due to fraud and error. It provides a basis for the auditor to learn from and use the internal auditor s knowledge of the organization and expertise in risk and control. It also serves as a source of information that might not otherwise come to the auditor s attention. Furthermore, we believe the requirement is appropriately placed in ISA 315 because it is relevant to the auditor s identification and assessment of the risks of material misstatement, and is relevant in all audits. If the requirement were placed in ISA 610, there is a risk that it would be overlooked by auditors who had not decided to use the work of the internal audit function. 2. Do respondents believe that appropriate factors have been proposed to be evaluated by the external auditor in determining: a) Whether the work of the internal audit function can be used for purposes of the audit engagement; and The factors in Proposed ISA are appropriate ones to evaluate in determining whether the work of internal audit function can be used for the purpose of the audit. We agree with the IAASB s conclusion that, although the auditor will need to directly perform sufficient procedures to be able to draw reasonable conclusions on which to base the external auditor s opinion, in fact, the work of internal audit can contribute audit evidence in areas of significant risk. Therefore, it is not appropriate to prohibit the use of the work of the internal audit function in areas of high risk. In those areas of higher risk, the auditor may need to directly perform more procedures, particularly focusing on areas requiring more auditor judgment. The factors in Proposed ISA are appropriate in determining whether the auditor can obtain direct assistance from internal auditors. We note that Proposed ISA is focused on the objectivity and competence of the internal audit function, and that Proposed ISA is focused on the objectivity and competence of the individual internal auditors who will be providing the direct assistance. This is an appropriate distinction because of the difference between using the work of the internal audit function, and directing, supervising, and reviewing the work of individual internal auditors providing direct assistance to the auditor. b) The planned use of the work of the internal audit function? Proposed ISA provides appropriate factors to consider when determining the planned use of the work of the internal audit function. We note that risk is not one of the factors to be considered. We believe the focus on judgment in Proposed ISA (c), and the requirements for the auditor to take sole responsibility for the audit opinion in Proposed ISA is correct, and the application material in Proposed ISA 610.A11-.A13 adequately describes the relationship between risk and judgment. As previously mentioned, it is not appropriate to prohibit the use of the work of the internal audit SS/288 2

3 function in areas of high risk. In those areas of higher risk, the auditor may need to directly perform more procedures, focusing on those areas that require more judgment. 3. Do respondents believe it is appropriate to require the external auditor to read reports produced by the internal audit function relating to the work of the internal audit function that is planned to be used by the external auditor? In some organizations, the internal audit function produces many reports, many of which are not related to the work that is planned to be used by the external auditor. A requirement to read reports produced by the internal audit function when the auditor is assessing risks, and before the auditor has determined whether the work of the internal audit function can be used for the purposes of the audit, may result in the auditor spending undue time reading reports that are not related to the work the auditor intends to use. However, when the auditor has decided to use the work of the internal audit function, the auditor should read reports related to that work. Therefore: Proposed ISA 315.A6b is appropriate in stating that, If, based on responses to the auditor s inquiries, it appears that there are findings that may be relevant to the entity s financial reporting and the audit, the auditor may find it useful to read related internal audit reports. In Proposed ISA , the auditor has decided to use the work of the internal audit function. At this point in the audit, it is appropriate to have a requirement to read the reports of the function relating to such work. 4. Do respondents believe that it is desirable for the scope of ISA 610 to be expanded to address the matter of direct assistance? If so, do respondents believe that when obtaining the direct assistance of internal auditors the external auditor should be required to: a) Consider the factors that have been proposed in determining the work that may be assigned to individual internal auditors; and b) Direct, supervise, and review the audit procedures performed by the internal auditors in a way that recognizes they are not independent of the entity? We agree that Proposed ISA 610 should deal with direct assistance to eliminate ambiguity about the IAASB s intent with respect to this topic. We recognize that, in some jurisdictions, there are concerns that internal auditors are not independent, and therefore use of internal audit in a direct assistance role in these jurisdictions is not permitted. However, we also recognize that direct assistance is established practice in many other jurisdictions. Such practice is based on the assumption that, with appropriate standards and safeguards in place, significant benefits can be realized from use of internal audit in a direct assistance role. Given this divergence in practice and approach, prohibiting direct assistance altogether in the ISA would be SS/288 3

4 unfortunate as it will result in a significant change in those jurisdictions that believe the use of direct assistance can be effectively managed. Having said this, robust standards and safeguards are key to effective use of direct assistance. Accordingly, we recommend that IAASB make the following changes to the standard to clarify what is meant by direct assistance and the auditor s responsibilities when using internal audit in this way: Include a definition for direct assistance in the standard; Clarify the requirements that apply when using the work of internal audit irrespective of how that work is used and then set out the additional requirements that need to be applied when internal audit is used in a direct assistance role. As currently draft, it is not clear whether the requirements in paragraphs 15 to 19 need to be carried out in all circumstance, including when the auditor is planning to use internal audit in a direct assistance role. 5. Public Interest Concerns Respondents are asked to address whether there are any public interest concerns that have not been addressed. We are not aware of any public interest concerns that have not been addressed. 6. Special Considerations in the Audit of Smaller Entities Respondents are asked to comment whether, in their opinion, guidance addressing special considerations in the audit of smaller entities should be provided in the proposed revised ISAs. If so, respondents are asked to explain why and to suggest the nature of any such considerations. We do not believe that it is necessary to provide additional guidance addressing special considerations in the audit of smaller entities. 7. Special Considerations in the Audit of Public Sector Entities Respondents are asked to comment whether, in their opinion, special considerations in the audit of public sector entities have been dealt with appropriately in the proposed revised ISAs. We do not believe that it is necessary to provide additional guidance addressing special considerations in the audit of public sector entities. 8. Developing Nations Recognizing that many developing nations have adopted or are in the process of adopting the ISAs, the IAASB invites respondents from these nations to comment, in particular, on any foreseeable difficulties in applying the proposed revised ISAs in a developing nation environment. We do not know of any foreseeable difficulties in applying the proposed revised ISAs in a developing nation environment. SS/288 4

5 9. Translations Recognizing that many respondents intend to translate the final revised ISAs for adoption in their own environments, the IAASB welcomes comment on potential translation issues noted in reviewing the proposed revised ISAs. We are not aware of any potential translation issues with respect to these proposed ISAs. 10. Effective Date respondents are asked to comment whether, in their opinion, the provisional effective date is appropriate for supporting effective adoption and implementation of the proposed revised ISAs at the national level. The proposed effective date allows time for effective adoption and implementation of the proposed revised ISAs at the national level. 11. Is the analysis of impact presented in Section 4 of this Explanatory Memorandum helpful to respondents in understanding the anticipated impacts of the IAASB s proposals? The impact analysis is prepared at a very high level, thus limited the ability of readers to understand the anticipated effects of the IAASB s proposals. 12. Do respondents agree with the impact analysis as presented? Are there any other stakeholders, or impacts on stakeholders, that should be considered and addressed by the IAASB? We agree with the general format of the impact analysis as presented, and believe that it has considered appropriate stakeholders and the impacts on those stakeholders; however, as mentioned above, we believe it needs to be presented at a more detailed level to useful. 13. Are there any changes to the narrative or tabular presentation of the impact analysis that would be helpful to respondents? We note that, although the title above the first column is Audit Effectiveness, some of the impacts are more related to audit efficiency. For example, the second and third items on the list relate to the overall decrease in work effort, which is an efficiency point, not an effectiveness point. Other items on the list do not appear to relate directly to either audit effectiveness or efficiency. For example, the final three items on the list related to clarifying ambiguity, independence, and the inspection process, relate to audit effectiveness and efficiency to the extent that, in general, clear standards, auditor independence, and an inspection process do so indirectly. We suggest that the list be organized into efficiency impacts, effectiveness impacts, and indirect impacts, with appropriate titles over the columns. We also suggest that the impact listed in the first column be presented in neutral language, and the direction of the impact be indicated only in the second column. For example, the second item on the list is Overall decrease in work effort. The direction and magnitude of the impact is decrease. Some might read this quickly and apply the rule that two negatives make a positive. This could be very confusing because the second item on the SS/288 5

6 list is Overall increase in work effort. We suggest that the first column should indicate, Impact on audit efficiency because of the following: Then, the direction in the second column would indicate decrease or increase. Also, changing the focus to audit efficiency instead of work effort, in the first column would result in all of the increases in the second column being positive effects, and all of the decreases in the second column being negative effects, which would make the chart easier to read overall. 14. Would respondents find such an approach useful at the national level? Yes. We believe that such an approach, but at a more detailed level, would be useful at the national level. Please contact Sylvia Smith at +44 (0) if you wish to discuss any of the issues raised in this letter. Yours faithfully cc: Rod Devlin, Craig Crawford, KPMG LLP Walt Conn, KPMG LLP SS/288 6