Updated: Dec 16, 2022
Who is responsible for the preparation of the Financial Statements?
Management is responsible for preparing and fairly presenting the financial statements under the applicable financial reporting framework.
These responsibilities include:
Determining accounting policies and the accounting treatment under those policies.
Preparing or changing source documents or originating data, in electronic or other forms, evidencing the occurrence of a transaction. Examples include:
Payroll time records.
Originating or changing journal entries.
Determining or approving the account classifications of transactions
Accounting and bookkeeping services comprise a broad range of services, including:
Preparing accounting records or financial statements.
Providing payroll services
Resolving account reconciliation problems.
Converting existing financial statements from one financial reporting framework to another.
Accounting and bookkeeping services that are routine or mechanical:
Involve information, data or material in relation to which the client has made any judgments or decisions that might be necessary; and
Require little or no professional judgment.
Examples of services that might be regarded as routine or mechanical include:
Preparing payroll calculations or reports based on client-originated data for approval and payment by the client.
Recording recurring transactions for which amounts are easily determinable from source documents or originating data, such as a utility bill where the client has determined or approved the appropriate account classification.
Calculating depreciation on fixed assets when the client determines the accounting policy and estimates useful life and residual values.
Posting transactions coded by the client to the general ledger.
Posting client-approved entries to the trial balance.
Preparing financial statements based on information in the client-approved trial balance and preparing related notes based on client-approved records.
The firm or a network firm may provide such services to audit clients that are not public interest entities, provided that the firm or network firm:
does not assume management responsibility (*) in connection with the service; and
addresses any threats created by providing such services that are not at an acceptable level. [MIA By-Laws: R601.5 (b)].
(*) This includes ensuring that the client’s management:
Designates an individual with suitable skill, knowledge and experience to be responsible at all times for the client’s decisions and oversee the activities. Such an individual, preferably within senior management, would understand:
The objectives, nature and results of the activities; and
The respective client and firm or network firm responsibilities. However, the individual is not required to possess the expertise to perform or re-perform the activities.
Provides oversight of the activities and evaluates the adequacy of the results of the activities performed for the client’s purpose.
Accepts responsibility for the actions, if any, to be taken arising from the results of the activities.
Although there are risks to the auditor's objectivity and independence when doing so, there are instances in which an audit firm will prepare the financial statements for a reporting entity and then audit them, especially for small- to mid-sized enterprises (SMEs).
These risks must be reduced to an acceptable level before such an engagement can occur.
The self-review threat is the most significant risk when the auditor is responsible for preparing and auditing the financial statements.
Reviewing the audit file is one of the most important safeguards that can be put in place to ensure that the auditor's independence and objectivity have not been compromised in any way.
This can be done by a partner in the engagement that is not an auditor; however, an independent third-party reviewer who is not affiliated with the audit firm can give additional credibility to the process because they will not be biased.
However, there may be circumstances where safeguards cannot eliminate the threat to independence and objectivity or decrease it to an acceptable level. In the circumstances like this, it is necessary to reject the non-audit task.
Some professional bodies have also established which types of activities are likely to result in a self-review or self-interest threat that is so severe that the only way to bring the level of risk down to an acceptable level is to avoid participating in the activity or reject to carry out the assurance engagement.
Audit Clients that are Not Public Interest Entities
There is no problem (in theory) with an audit firm offering extra services to its customers that go above and beyond the task of auditing.
In certain instances, this will assist the auditor in obtaining a deeper knowledge of the organisation and the industry in which it works.
A firm or a network firm shall not provide to an audit client that is not a public interest entity accounting and bookkeeping services, including preparing financial statements on which the firm will express an opinion or financial information which forms the basis of such financial statements, unless:
The services are of a routine or mechanical nature; and
The firm addresses any threats that are created by providing such services that are not at an acceptable level.
Audit Clients that are Public Interest Entities
Caution must be taken since a firm or a network firm shall not provide accounting and bookkeeping services to an audit client that is a public interest entity.
In the UK, the Corporate Governance Code requires audit committees to approve any non-audit services the auditors provide. The primary objective of this approval is to ensure that the auditor's independence and objectivity have not been impaired.
In Malaysia, before the provision of any non-audit services by the external auditor, the audit committee of the public listed company should review and approve the acceptance of such engagements, drawing guidance from the By-Laws (on Professional Ethics, Conduct and Practice) by the Malaysian Institute of Accountants (“MIA”).
If the non-audit service results in concerns about independence to the extent that they cannot be reduced to an acceptable level by applying safeguards, the non-audit service shall not be accepted.
Examples of non-audit services that shall not be provided by the external auditors of a public interest entity pursuant to the By-Laws (on Professional Ethics, Conduct and Practice) by the MIA are outlined below (s (non-exhaustive):
accounting and bookkeeping services, including payroll services and the preparation of financial statements or financial information;
valuation services if the valuations would have a material effect on the financial statements;
preparation of tax calculations of current and deferred tax liabilities (or assets) to prepare accounting entries that are material to the financial statements;
internal audit services that relate to a significant part of the internal controls over financial reporting, financial accounting systems or amount or disclosures that are material to the financial statements;
design or implementation of information systems that form a significant part of the internal control or information on financial reporting, accounting records or financial statements;
acting in an advocacy role on behalf of the company to resolve a dispute or litigation when the amounts involved are material to the financial statements;
recruiting services concerning a director, officer or senior management personnel who would be in a position to exert significant influence over the preparation of accounting records or financial statements; and
corporate finance services, which involve promoting, dealing in, or underwriting shares.
Under Bursa Securities Listing Requirements, disclosure should also be made on the nature and extent of non-audit services if the fees on such services are “significant”.
Before a firm or a network firm accepts an engagement to provide a non-assurance service to an audit client, the firm shall apply the conceptual framework to identify, evaluate and address any threat to independence that might be created by providing that service.
Identifying and Evaluating Threats
Factors that are relevant in identifying the different threats that might be created by providing a non-assurance service to an audit client and evaluating the level of such threats include:
The nature, scope and purpose of the service.
Ho will the service be provided, such as the personnel involved and their location?
The legal and regulatory environment in which the service is provided.
Whether the client is a public interest entity.
The level of expertise of the client’s management and employees concerning the service provided.