Lesson 3.2: Those charged with governance
Those charged with governance
Communication with TCWG
Procedures for communication of the required matters with those charged with governance (TCWG)
- Consider who is ‘those charged with governance’ for the particular audit. For larger entities, this may include directors and the audit committee. For smaller entities, directors and management may be the same persons and then management, being owner-managers, are in effect those charged with governance.
- Consider any working papers and checklist forming part of your audit methodology to document ISA 260 discussions.
- Ensure that all aspects are communicated as required by ISA 260.
- Communication can be verbal or in writing. Some aspects can be communicated by a documented audit strategy or in the management report, while other aspects could only be discussed. For a smaller audit, all communication can be verbal, except for significant findings and control deficiencies identified that are required to be communicated in writing.
- However the communication took place, evidence of such communication must be documented in the audit file. This is where working paper templates or checklists can assist greatly.
- For purposes of the ISAs, the following terms have the meanings attributed below:
(a) Those charged with governance – The person(s) or organization(s) (e.g., a corporate trustee) with responsibility for overseeing the strategic direction of the entity and obligations related to the accountability of the entity. This includes overseeing the financial reporting process. For some entities in some jurisdictions, those charged with governance may include management personnel, for example, executive members of a governance board of a private or public sector entity, or an owner–manager. For discussion of the diversity of governance structures, see paragraphs A1–A8.
(b) Management – The person(s) with executive responsibility for the conduct of the entity’s operations. For some entities in some jurisdictions, management includes some or all of those charged with governance, for example, executive members of a governance board, or an owner–manager.
- The auditor shall determine the appropriate person(s) within the entity’s governance structure with whom to communicate. (Ref: Para. A1–A4)
- If the auditor communicates with a subgroup of those charged with governance, for example, an audit committee, or an individual, the auditor shall determine whether the auditor also needs to communicate with the governing body. (Ref: Para. A5–A7)
- In some cases, all of those charged with governance are involved in managing the entity, for example, a small business where a single owner manages the entity and no one else has a governance role. In these cases, if matters required by this ISA are communicated with person(s) with management responsibilities, and those person(s) also have governance responsibilities, the matters need not be communicated again with those same person(s) in their governance role. These matters are noted in paragraph 16(c). The auditor shall nonetheless be satisfied that communication with person(s) with management responsibilities adequately informs all of those with whom the auditor would otherwise communicate in their governance capacity. (Ref: Para. A8)
- The auditor shall communicate with those charged with governance the responsibilities of the auditor in relation to the financial statement audit, including that:
(a) The auditor is responsible for forming and expressing an opinion on the financial statements that have been prepared by management with the oversight of those charged with governance; and
(b) The audit of the financial statements does not relieve management or those charged with governance of their responsibilities. (Ref: Para. A9–A10)
- The auditor shall communicate with those charged with governance an overview of the planned scope and timing of the audit, which includes communicating about the significant risks identified by the auditor. (Ref: Para. A11–A16)
- The auditor shall communicate with those charged with governance: (Ref: Para. A17–A18)
(a)The auditor’s views about significant qualitative aspects of the entity’s accounting practices, including accounting policies, accounting estimates and financial statement disclosures. When applicable, the auditor shall explain to those charged with governance why the auditor considers a significant accounting practice, that is acceptable under the applicable financial reporting framework, not to be most appropriate to the particular circumstances of the entity; (Ref: Para. A19–A20)
(b) Significant difficulties, if any, encountered during the audit; (Ref: Para. A21)
(c) Unless all of those charged with governance are involved in managing the entity:
(i) Significant matters arising during the audit that were discussed, or subject to correspondence, with management; and (Ref: Para. A22)
(ii) Written representations the auditor is requesting;
(d) Circumstances that affect the form and content of the auditor’s report, if any; and (Ref: Para. A23–A25)
(e) Any other significant matters arising during the audit that, in the auditor’s professional judgment, are relevant to the oversight of the financial reporting process. (Ref: Para. A26–A28)
- In the case of listed entities, the auditor shall communicate with those charged with governance:
(a) A statement that the engagement team and others in the firm as appropriate, the firm and, when applicable, network firms have complied with relevant ethical requirements regarding independence; and
(i) All relationships and other matters between the firm, network firms, and the entity that, in the auditor’s professional judgment, may reasonably be thought to bear on independence. This shall include total fees charged during the period covered by the financial statements for audit and non–audit services provided by the firm and network firms to the entity and components controlled by the entity. These fees shall be allocated to categories that are appropriate to assist those charged with governance in assessing the effect of services on the independence of the auditor; and
(ii) In respect of threats to independence that are not at an acceptable level, the actions taken to address the threats, including actions that were taken to eliminate the circumstances that create the threats, or applying safeguards to reduce the threats to an acceptable level. (Ref: Para. A29–A32)
- The auditor shall communicate with those charged with governance the form, timing and expected general content of communications. (Ref: Para. A37–A45)
- The auditor shall communicate in writing with those charged with governance regarding significant findings from the audit if, in the auditor’s professional judgment, oral communication would not be adequate. Written communications need not include all matters that arose during the course of the audit. (Ref: Para. A46–A48)
- The auditor shall communicate in writing with those charged with governance regarding auditor independence when required by paragraph 17.
- The auditor shall communicate with those charged with governance on a timely basis.
- The auditor shall evaluate whether the two–way communication between the auditor and those charged with governance has been adequate for the purpose of the audit. If it has not, the auditor shall evaluate the effect, if any, on the auditor’s assessment of the risks of material misstatement and ability to obtain sufficient appropriate audit evidence, and shall take appropriate action. (Ref: Para. A51–A53)
Control deficiencies & report to management / TCWG
Procedures for addressing control deficiencies and reporting to management and/or those charged with governance
- 1.Consider the audit methodology and templates of your firm that should be used and ensure that the management report complies with ISA 265 requirements (and ISA 260 requirements, per previous slide, if not communicated elsewhere already).
- Include each control deficiency identified during the audit in the management report: from planning (systems notes & walk-through), fieldwork (misstatements are usually also indicative of control deficiencies) and finalisation (non-compliance identified).
- Ensure that each issue is reported including at least the following headings: Finding, Recommendation, Management/client comments. Describe the findings and recommendations in adequate detail so that management is able to assess all facts and circumstances when considering and responding thereto. The recommendations should be useful and practical.
- Follow up with management and ensure that you obtain their comments on all findings, so that you are able to make informed decisions and draw appropriate conclusions.
- The auditor shall determine whether, on the basis of the audit work performed, the auditor has identified one or more deficiencies in internal control. (Ref: Para. A1–A4)
- If the auditor has identified one or more deficiencies in internal control, the auditor shall determine, on the basis of the audit work performed, whether, individually or in combination, they constitute significant deficiencies. (Ref: Para. A5–A11)
- The auditor shall communicate in writing significant deficiencies in internal control identified during the audit to those charged with governance on a timely basis. (Ref: Para. A12–A18, A27)
- The auditor shall also communicate to management at an appropriate level of responsibility on a timely basis: (Ref: Para. A19, A27)
(a) In writing, significant deficiencies in internal control that the auditor has communicated or intends to communicate to those charged with governance, unless it would be inappropriate to communicate directly to management in the circumstances; and (Ref: Para. A14, A20–A21)
(b) Other deficiencies in internal control identified during the audit that have not been communicated to management by other parties and that, in the auditor’s professional judgment, are of sufficient importance to merit management’s attention. (Ref: Para. A22–A26)
- The auditor shall include in the written communication of significant deficiencies in internal control:
(a) A description of the deficiencies and an explanation of their potential effects; and (Ref: Para. A28)
(b) Sufficient information to enable those charged with governance and management to understand the context of the communication. In particular, the auditor shall explain that: (Ref: Para. A29–A30)
(i) The purpose of the audit was for the auditor to express an opinion on the financial statements;
(ii) The audit included consideration of internal control relevant to the preparation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control; and
(iii) The matters being reported are limited to those deficiencies that the auditor has identified during the audit and that the auditor has concluded are of sufficient importance to merit being reported to those charged with governance.