ICAG Audit and Assurance (Paper 2.3) Tuition in Ghana

The conceptual foundations — what audit is, why it exists, and how it fits into corporate governance and accountability. These foundations are tested directly and as the backdrop for every other section.

• The five elements of an assurance engagement — a three-party relationship, an appropriate subject matter, suitable criteria, sufficient appropriate evidence and a written report
• Levels of assurance — reasonable assurance (a positive opinion, as in a statutory audit) versus limited assurance (a negative conclusion, as in a review)
• The audit expectation gap — the reasonableness gap and the performance gap, and how the enhanced report (ISA 701) and public education narrow it
• Types of engagement — financial-statement audit, compliance audit, performance audit (the three Es) and internal audit
• Fraud (ISA 240) — management has primary responsibility; the auditor obtains reasonable assurance; the fraud triangle of incentive, opportunity and rationalisation
• Audit as corporate governance — under Act 992 the auditor reports to shareholders, with the audit committee linking the auditor to independent directors

The most ethics-intensive section: the regulatory framework for audit in Ghana, the professional standards that apply, and the auditor's specific ethical obligations — independence, objectivity, confidentiality and the resolution of ethical conflicts.

The regulatory & institutional framework

• Companies Act 2019 (Act 992) — auditor qualification and disqualification, appointment by shareholders at the AGM, rights and duties, and resignation/removal (a special resolution with special notice)
• Bank of Ghana and the National Insurance Commission — powers over auditors of regulated entities and additional reporting obligations that override confidentiality
• IFAC, ICAG (with its Audit Monitoring Unit) and the Internal Audit Agency (Act 658); and the IAASB's principles-based ISAs as adopted in Ghana

Professional ethics — the IESBA Code

• The five fundamental principles — integrity, objectivity, professional competence and due care, confidentiality and professional behaviour
• Independence in fact and in appearance — the threats-and-safeguards framework
• NOCLAR (ISA 250) — escalating non-compliance through governance, and to regulators where required
• Specific issues — gifts and hospitality, second opinions and ‘forum shopping’, contingent fees and conflicts of interest

Before accepting any engagement the auditor must complete a thorough pre-engagement assessment — accepting the wrong client can associate the firm with poor integrity and undermine the credibility of its work.

• Pre-engagement procedures — assessing independence, the integrity of management and owners, the firm's competence, and communicating with the predecessor auditor before accepting
• Legal and regulatory checks — valid incorporation, no disqualification, any Bank of Ghana / NIC approval, and anti-money-laundering client due diligence
• Risk at acceptance — inherent business risk, engagement risk (loss to the firm even if the audit is correct) and fraud-risk indicators
• The engagement letter (ISA 210) — agreeing the objective, scope and respective responsibilities before work begins

Planning determines the nature, timing and extent of audit procedures so the audit focuses on the highest-risk areas. ISA 300 treats planning as a continuous, dynamic process.

Risk, materiality & the audit risk model

• Understanding the entity and its environment (ISA 315) — industry and regulatory factors, the nature of the entity, its objectives, performance review and control environment
• The audit risk model — audit risk = inherent risk × control risk × detection risk; the auditor responds by adjusting detection risk through the procedures performed
• Materiality (ISA 320) — benchmarks such as 5–10% of profit before tax, 0.5–1% of revenue or 1–2% of total assets; performance materiality at 50–75%; and lower specific materiality for sensitive items

Internal controls & the response

• The COSO components — control environment, risk assessment, control activities, information and communication, and monitoring
• IT general controls versus application controls — weak ITGCs make the application controls built on them unreliable
• Transaction cycles — sales/receivables, purchases/payables (the three-way match) and payroll (reconciled to PAYE and SSNIT)
• Tests of controls versus substantive procedures; audit sampling and computer-assisted audit techniques (ACL, IDEA) and data analytics

Audit evidence is any information used to support the opinion. ISA 500 requires it to be sufficient (enough) and appropriate (relevant and reliable) — quality matters as much as quantity.

Methods & reliability

• Gathering methods — inspection, observation, inquiry, external confirmation, recalculation, re-performance and analytical procedures
• Every test mapped to a management assertion about the financial statements
• The reliability hierarchy — external over internal, auditor-obtained over inferred, originals over copies
• Inquiry alone is never sufficient for a significant assertion

Procedures by balance-sheet area

• Revenue & receivables — cut-off testing and debtors' circularisation (ISA 505); aged-receivables review for the allowance for doubtful debts
• Inventory — count attendance (ISA 501), net-realisable-value testing (IAS 2) and valuation of work in progress
• Property, plant & equipment — physical inspection, valuation evidence, title documents and a depreciation review
• Liabilities & provisions — creditor circularisation and post-year-end payment testing for completeness; provisions reviewed under IAS 37

The completion procedures performed near the end of the engagement, before the auditor forms a final opinion — confirming the statements remain appropriate in light of later events.

• Subsequent events (ISA 560) — adjusting events (evidence of conditions at the reporting date) versus non-adjusting events (disclosed if material)
• Going concern (ISA 570) — the 12-month assumption, financial, operational and other indicators, and the material-uncertainty paragraph where disclosure is adequate
• Written representations (ISA 580) — a required but limited form of evidence; a refusal is a scope limitation leading to a disclaimer
• Analytical procedures at completion (ISA 520) — an overall review confirming the statements are consistent with the auditor's understanding

Forming and expressing the opinion, modifying the report where necessary, and communicating other matters to those charged with governance.

• The structure of the audit report (ISA 700) — opinion, basis for opinion, going concern, key audit matters, responsibilities, and the signature and date
• Emphasis of Matter versus Other Matter paragraphs (ISA 706) — neither modifies the opinion
• Key Audit Matters (ISA 701) for listed entities — a transparency tool, not a substitute for a modified opinion
• Communicating with those charged with governance (ISA 260) and reporting control deficiencies (ISA 265) in the management letter

An independent appraisal function established within an organisation. Unlike external audit, which serves shareholders, internal audit serves management and the board.

• The Internal Audit Agency (Act 658) — setting standards, training and quality assurance for internal audit across MDAs and MMDAs
• Outsourcing internal audit — specialist expertise and flexibility, against loss of institutional knowledge and a self-review threat if the external auditor also provides it
• Risk-based internal audit — the plan driven by the organisation's risk register

Public-sector auditing in Ghana has a distinct framework and objectives. Section I tests Ghana's specific architecture and the techniques used in public-sector assurance.

How it differs, and its techniques

• Accountability to the public through Parliament, not to shareholders; objectives span financial, compliance and performance (3Es) audit; standards are ISSAI (INTOSAI) alongside the ISAs
• Compliance audit — the PFM Act, the Public Procurement Act, the Local Governance Act (Act 936) and donor-grant conditions
• Performance (value-for-money) audit — economy, efficiency and effectiveness; and the PEFA framework for assessing the strength of public financial management