Tianlong Audit Methodology

The Ultimate Guide to Auditing

You are here: Tianlong Audit Methodology / Initial Planning / Service requirements, scope of services and engagement agreement​

Chapter 1: Initial Planning

Service requirements, scope of services and engagement agreement

Identify those charged with governance of the entity

We determine those charged with governance of the entity and the appropriate persons within the entity with whom to communicate. During our audit, we validate that we continue to communicate with the appropriate persons, especially when there have been changes in management or those charged with governance.

In a group audit, the Primary Team determines those charged with governance of the group, and the appropriate persons at the group level with whom to communicate. Those charged with governance may be represented by an audit committee.

Understand service requirements

Meet with those charged with governance and management

We meet with those charged with governance and management early in the audit to agree the scope of services, the timing of our work, the expected outputs and delivery dates, and any expectations we have of management (e.g., schedules they prepare for us).

The result of this meeting provides us with information for planning the audit, such as deadlines and the extent of client assistance, and gives us an initial insight into potential areas of audit focus.

At this initial meeting, we consider expanding the agenda to address a number of audit objectives (e.g., our discussions related to understanding the business, the financial results overview or inquiries relating to fraud).

To assist with our discussions related to understanding the business, this link provides Understand the Business Resources by sector.

When we plan to use data analytics on the audit, we also expand the agenda to discuss with management the benefits provided through the use of such techniques and the timing and requirements of data extraction.

Communication with the audit committee, when one exists, is a key element in our communication with those charged with governance. An appropriate relationship with the audit committee includes regularly meeting with them (and at least annually without management present) as well as periodically liaising with the audit committee chairperson.

If the audit committee refuses to acknowledge their understanding of the terms of the audit, we decline the audit.

In preparing for our meetings with those charged with governance and management, we make a preliminary determination of the service requirements based on our understanding of the entity and our past experiences with it. In addition, we review the results of:

  • Prior audits (including our prior year documentation of business issues) and other engagements
  • Annual Service Quality surveys (when applicable)
  • Meetings in prior years
  • Other discussions with the entity’s personnel covering such matters as availability of entity staff during the audit and the extent of their assistance

By considering such information in advance, we are able to anticipate the discussion we will have with the individuals involved, focus on identifying changes and their effect on the current year audit, and determine which areas to explore in more depth. This preliminary assessment also helps us to determine which audit team members participate in the discussions.

We understand the expectations of those charged with governance and management to help us determine the service requirements.

As the entity’s auditors, we are responsible for expressing an audit opinion on the entity’s financial statements. In addition, the scope of our services may include:

  • Reporting on other regulatory or legal requirements, which may include reporting on internal control over financial reporting
  • Performing timely reviews of unaudited interim financial information
  • Issuing special reports at the request of the entity

To help plan and establish the service requirements, we consider:

  • Expectations of those charged with governance and management about service requirements, including communication protocols
  • Information relevant in determining the scope and timing of our services (e.g., debt covenant requirements)
  • Special services, such as separate reports for subsidiaries, audits of pension plans or reports to comply with regulatory or legal requirements
  • The extent to which we intend to use the work of the internal audit function or others and, where applicable and permitted by local laws and regulations, the use of internal auditors or others to provide direct assistance for the audit
  • The timing of the audit, including deadlines
  • Management’s plans to adjust the financial statements for uncorrected misstatements from the prior period, and actions to prevent them from recurring
  • The need for open, two-way communication between us and management, and those charged with governance
  • Discussing current developments and key issues facing the entity
  • The documents compromising other information and our requirements for reading or performing other procedures on those documents.

Documents comprising other information

An annual report contains or accompanies the financial statements and the auditor’s report and usually includes information about the entity’s developments, its future outlook and risks and uncertainties, a statement by the entity’s governing body, and reports covering governance matters – referred to as ‘other information’.

Depending on law, regulation or custom in a particular jurisdiction, one or more of the following documents may form part of the annual report:

  • Management report, management commentary, or operating and financial review or similar reports by those charged with governance (for example, a directors’ report)
  • Chairman’s statement
  • Corporate governance statement
  • Internal control and risk assessment reports

Reports that, when issued as standalone documents, are typically not part of the combination of documents that comprise an annual report (subject to law, regulation or custom) include:

  • Separate industry or regulatory reports (e.g., capital adequacy reports), such as may be prepared in the banking, insurance, and pension industries
  • Corporate social responsibility reports
  • Sustainability reports
  • Diversity and equal opportunity reports
  • Product responsibility reports
  • Labor practices and working conditions reports
  • Human rights reports

During the audit, we read (and, as required, perform other procedures on) documents that are determined to be other information. The documents that comprise other information and the procedures we are required to perform depend on the auditing standards related to other information that apply to the audit. To establish our service requirements, we consider whether the entity plans to issue documents that constitute ‘other information’, which we will be required to read or perform procedures on as part of our audit. We also establish which auditing standards apply to the audit.

When ISA 720 (Revised) or an equivalent local auditing standard applies to our audit, we perform the following as part of establishing our service requirements:

We determine, through discussion with management:

  • Which documents comprise the annual report
  • The entity’s planned manner and timing of the issuance of such documents.

We make appropriate arrangements with management to obtain in a timely manner and, if possible, prior to the date of our auditor’s report, the final version of the documents comprising the annual report.

The documents that comprise an entity’s annual report are often clear based on law, regulation or custom. In other cases, it may not be clear which documents comprise the annual report. We consider the timing and purpose of the documents (and for whom they are intended) in our determination of which documents comprise the annual report.

In some cases, an entity’s annual report may be a single document and referred to by the title “annual report” or by some other title. In other cases, law, regulation or custom may require the entity to report to owners (or similar stakeholders) information on the entity’s operations and the entity’s financial results and financial position as set out in the financial statements by way of a single document, or by way of two or more separate documents that in combination serve the same purpose.

For entities that are not required by law or regulation to issue an annual report, management or those charged with governance may have customarily issued a package of documents that together comprise the equivalent of an annual report, or may have committed to do so.

An annual report may be made available to users in printed form, or electronically, including on the entity’s website. A document (or combination of documents) may meet the definition of an annual report, irrespective of the manner in which it is made available to users.

The scope of documents that comprise the annual report does not include:

  • XBRL-tagged data
  • Preliminary announcements of financial information
  • Securities offering documents, including prospectuses

In some cases, management may be considering the development of a document that would comprise (or be part of) an annual report, but they are uncertain whether they will do so. We finalize our determination of the scope of documents that comprise the annual report by the date of our auditor’s report. If management is unable to confirm the purpose and timing of any planned documents by the date of our auditor’s report, those documents are not in the scope of our responsibilities.

Additional procedures requested by management or those charged with governance

Management or those charged with governance may request us to expand the scope of the audit beyond that necessary to form our opinion on the financial statements. We may agree to perform those procedures in addition to, or separately from, the audit. We develop a service delivery plan that meets the entity’s expectations and manages our risk. This plan incorporates, for instance, expected additional fees and communication. We formalize the agreed additional services in an engagement agreement.

In our discussions, we distinguish between the audit procedures required by professional standards and regulatory requirements and those additional procedures requested by management or those charged with governance.

We recognize that committing to unrealistic expectations or expectations beyond our current service capabilities can be detrimental to managing our risk. As a result, we separately identify those expectations that are either unrealistic or beyond our current service capabilities, and we work with management and those charged with governance to address this.

The additional procedures requested by those charged with governance may include expanding the scope of the existing audit procedures or performing non-audit services.

Once we have considered the effect on independence, we formalize the additional services in an engagement agreement.

Communicate service requirements

We communicate the scope of our services to those charged with governance.

Client and engagement acceptance and continuance

The client and engagement acceptance and continuance process is a fundamental element of our overall systems of risk management and quality control.

We assess the results of our client and engagement acceptance and continuance process at the beginning of the audit. We determine the effect on our risk assessments and incorporate the necessary additional actions or procedures into our audit strategy and audit plan to address these risk factors.

We do this to validate that the decision to accept/continue the client and the audit continues to be appropriate and address in our audit strategy matters raised that indicate potential risks of material misstatement.

An important consideration during the client and engagement acceptance and continuance process is our assessment of the integrity of management. This is due to the influence that management has on the entity’s operations and on the recording and reporting of financial results.

 

Partner in charge requirement

The partner in charge of the audit determines that the appropriate procedures regarding client and engagement acceptance and continuance, including obtaining all necessary approvals, have been performed. The partner in charge of the audit validates that the conclusions regarding client and engagement acceptance and continuance are appropriate, based on our understanding of the entity and its industry sector.

If, at any time during our association with the entity, the partner in charge of the audit:

  • Obtains information that would have caused us to decline the engagement had we been aware of it, he or she communicates that information promptly in accordance with our policies.

Becomes aware of matters that may result in a change in the engagement risk rating to close monitoring, he or she communicates that information promptly in accordance with our policies to determine the appropriate actions to take

Understanding the business

We incorporate our understanding of the entity that we obtain as we perform the client and engagement acceptance and continuance process into our understanding of the business (UTB).

As we plan the audit, we address those risk factors during the client and engagement acceptance and continuance process that led to or contributed to the overall engagement risk rating.

Our client and engagement acceptance and continuance process requires that we designate each audit as “low”, “moderate”, “higher” or “close monitoring”.

The team reviews the risk trigger questions that led to or contributed to the overall risk rating of the audit when developing their audit strategy and audit responses.

The partner in charge of the audit evidences his or her approval of the audit strategy documentation. This includes the audit team’s planned responses to address the risk factors noted during the client and engagement acceptance and continuance process.

The audit of a listed entity is designated as ‘close monitoring’ because we have significant doubts about its ability to continue as a going concern. We consider management’s intended use of the going concern assumption in the preparation of its financial statements earlier in the audit, to give us time to request additional information from management and to perform additional procedures, if necessary. We also plan for our discussions with management to be performed by more experienced members of the audit team. The planned response to this risk is discussed by the partner in charge and audit team.

Evaluate compliance with ethical requirements, including independence

We perform procedures to determine compliance with ethical requirements, including independence, prior to performing other significant activities for the current audit period.

Engagement agreement

We obtain an engagement agreement, supplemented by local audit requirements, if applicable.

On recurring engagements, we assess whether circumstances require the terms of the engagement to be revised. If we conclude that the terms do not need to be revised, we remind management of the terms of the engagement, and document the reminder.

The terms of the engagement agreement help avoid misunderstandings about our responsibilities and management’s responsibilities.

We do not begin performing services until an engagement agreement has been obtained. In limited circumstances, an audit team may need to start some activities, such as preliminary planning or attending inventory counts, before receiving the engagement agreement.

Documentation

Client and engagement acceptance and continuance

When we assess the results of the client and engagement acceptance and continuance process, we document:

  • That our conclusions remain unchanged from the beginning of the current audit, or if not, the effect the revised conclusions have on our audit strategy.
  • Matters relevant to identifying risks of material misstatement. In particular, we document the effect of the risk factors on our risk assessments and the additional actions or procedures we plan to incorporate into our audit strategy and audit to respond to those risk factors.

Conclusions on compliance with independence requirements and any relevant discussions that support those conclusions.

Engagement agreement

We retain a copy of the engagement agreement in the workpapers, or we document the location where a copy of the agreement is retained for inspection.

Audit Strategy

We document any matters that will affect our audit strategy, such as significant risks or significant changes to the entity and the environment in which it operates, in our audit strategy documentation as appropriate.

No Obligation

Request a free trial

You will get a month’s worth of bookkeeping. Whether or not you continue with us, your reports for the month are yours to keep.