Upcoming courses
Our 2025 CPD programme is open for bookings on our website.
You can download our booking form and brochure here.
Date – Time – Course – Presenter
28th Apr – 9.30-11.30 – Pension Scheme Accounts and Audit Fundamentals – Peter Herbert and Maya Norbury
28th Apr – 1.30-3.30 – Housing Association Accounts and Audit Fundamentals – Peter Herbert and Maya Norbury
29th Apr – 1.00-2.00 – Dealing with Difficult Conversations and Conflict – Nicky Clough
30th Apr – 9.30-12.30 – Top Tips for an Efficient Audit – Jez Williams
1st May – 9.30-12.30 – Acting for the Small Business – Ros Martin
6th May – 9.30-12.30 – How to Become an Effective Audit Junior – Maya Norbury
7th May – 9.30-12.30 – Accounting for and Auditing LLPs – Jez Williams
12th May – 9.30-12.30 – Spring Audit Update – John Selwood
13th May – 9.30-11.30 – Pension Scheme Accounts and Audit Update – Peter Herbert and Maya Norbury
13th May – 1.30-3.30 – Housing Association Accounts and Audit Update – Peter Herbert and Maya Norbury
20th May – 1.00-2.00 – Effective Delegation and Coaching your Team – Nicky Clough
Our 2025 AML, Ethics and GDPR E-Learning Programmes are available now.
“Excellent delivery, easily understood with some good points raised.” Delegate, Autumn series
FAQs from recent courses
AML
We have been approached by an ‘Online AML checks provider’ advising us that it is mandatory that accountancy firms use such providers for all client checks. Is this correct?
In terms of client due diligence checks generally, we find that more and more firms use paid for electronic checking tools. Before turning to such a provider, we would strongly advise a firm to check that they have the relevant expertise. Paragraph 5.4.18 of the CCAB AML guidance for accountancy service providers gives detailed information about what exactly a firm should be checking out. Use of such paid for subscription services is not mandatory.
The use of external providers also crops up in the context of accredited ACSPs undertaking identity verification checks on behalf of directors and PSCs as part of the new requirements imposed by the 2023 Economic Crime Act. Again, collaboration with third party providers will be possible as they may have identification document validation technology (IDVT) which the firm doesn’t. Where a firm does not itself have the technology to perform such checks it may turn to a reputable third party provider.
However, again, there are other ways that verification checks can be performed. These can include a firm recommending that clients engage directly with Companies House themselves to get the relevant checks done.
Group accounting
We act for an unquoted public company which heads up a small group. Does the parent’s public company status mean that group accounts must be prepared?
This question cropped up on a recent accounting update course. What the question turns on is whether the group is an ‘ineligible group’, by virtue of its parent being a public company. Reassuringly, the answer is ‘no’. It is provided by s399 (2) (a) of the Companies Act 2006. This states that a company is exempt from the requirement to prepare group accounts if at the end of the financial year, the company (i) is subject to the small companies regime, or (ii) would be subject to the small companies regime but for being a public company.
Audit
Do we have to do walk through every year? For a new audit, can we do the system notes and walk through at the time of initial meeting?
We would strongly recommend that ‘design and implementation’ work is done on systems and controls every year as part of the audit planning process – and this might indeed involve performing walkthroughs. Since this is an essential planning activity, performed as part of the risk assessment, it might coincide with the initial planning meeting with the client. However, an appropriately sceptical approach is needed. Auditors need to seek evidence of implementation of key internal controls in a way that that does not depend on enquiry alone.
Financial Reporting
We have a client which leases cars and vans. What will the impact on the accounts be when the periodic review changes come in?
Where an entity has cars and vans currently leased under finance leases, the periodic review of FRS 102 will have no impact on the figures in the accounts, though the finance lease liability on the balance sheet will become simply a ‘lease liability’ and the assets on the balance sheet will become ‘right of use assets’.
Other leases currently classified as operating leases will come on balance sheet at the date the FRS 102 periodic review is first applied. Future rental obligations at the date of first application will be discounted back to present value, probably using an obtainable borrowing rate, to determine the relevant figures. The periodic review does provide exemptions for short term leases and low value assets. However, cars and vans can’t be classified as low value assets.
In a recent poll
True or false – the auditor needs to understand all IT-related risks and demonstrate design and implementation of relevant general IT controls?
The answer here is false, and needs a little bit of unpacking. There can be no doubting that ISA (UK) 315 prompts us to understand how the client uses information technology and to consider how this may impact on risk. In particular, paragraph 25 requires us to obtain an understanding of the client’s information system, including the IT environment. So we need to have a good understanding of the extent and nature of the use of IT from transaction initiation all the way through to capture in the financial statements. Clearly, this understanding will aid us in our risk assessment.
However, it is not until paragraph 26, related to understanding control activities, that the standard refers to “risks arising from the use of IT”. In summary, this paragraph requires the auditor to:
- Identify assertion-level controls over significant risk areas, journals, areas where controls will be tested for operating effectiveness and any other areas that the auditor considers appropriate (which might be, for example, heightened, but not significant, risk areas).
- Based on controls identified in (a), identify the IT applications and other aspects of the IT environment subject to risks arising from the use of IT.
- Identify the risk arising from the use of IT and the general IT controls (GITCs) addressing the risk.
- For controls at (a) and GITCs from (c), evaluate the design and implementation of controls by means more than just inquiry of personnel.
So, the logic here is that risks arising from the use of IT specifically need to be considered in relation to significant risks, etc., and design and implementation of GITCs then needs to be considered in relation to those specific IT risks identified.
The caveat here would be to come back to paragraph 25, and highlight that having a full understanding of how the client uses IT in the first place will presumably be an important factor in determining where those significant risks may arise. If the way in which IT is used results in a significant risk being identified, this will then feed into the controls assessment under paragraph 26.
From James Charlton’s recent IT Controls under ISA 315 session
