The completion of the A&C assessment helps the engagement leader and team members identify professional risks associated with the client and the engagement and may also help identify aud
Trang 1———————————
THESIS
THE AUDIT OF FINANCIAL STATEMENTS
FOR ABC CO., LTD
HO CHI MINH CITY, JUNE 2017
Trang 2ACKNOWLEDGMENTS
First of all, I would like to send my sincere gratitude to all the teachers at University
of Economics and Law - Vietnam National University - Ho Chi Minh City, who has been with me throughout these years In particular, I would like to express my deep gratitude to Ms La Xuan Dao - who has always tried her best to help me complete this thesis
Next, I would like to thank all of you PricewaterhouseCoopers Vietnam Limited for their enthusiastic support during my time at the company
At the same time, I would also like to thank my friends for helping me overcome the difficulties in life as well as in learning during my time at school
Lastly, I would like to express my sincere gratitude to my relatives who are always with me and give me more confidence and energy so that I can overcome the difficulties
on the road pursuing and conquering my dreams dream
Last word, I would like to wish my teachers, friends, colleagues and family the best wishes
Trang 3NOTES FROM THE INSTRUCTOR
Trang 4
CONTENTS
ABBREVIATIONS a TABLES d
THESIS STATEMENT 1
CHAPTER 1: INTRODUCTION OF PRICEWATERHOUSECOOPERS VIETNAM LIMITED 3
1.1 History and Development 3
1.1.1 PwC on global scale 3
1.1.2 PwC on local scale (Vietnam) 3
1.2 Field of operation and operational objectives 4
1.2.1 Services provided by PwC Vietnam 4
1.2.2 Operational objectives 5
1.2.3 Organizational structure at PwC 5
CHAPTER 2: THE AUDIT OF FINANCIAL STATEMENTS OF A.B.C CO., LTD 8
2.1 Initial Engagement Procedures 8
2.1.1 Conduct Independence Review 8
2.1.1.1 Independence of the engagement team 8
2.1.1.2 Independence of the firm and network 9
2.1.2 Perform Engagement Acceptance/Continuance 9
2.2 Understand the Entity and Its Environment 13
2.2.1 Understand the Entity and its Environment (Regulatory, Industry, etc.) 13
2.2.2 Understand and Evaluate Internal Control and Identify Relevant Controls 13
2.2.2.1 Control environment 13
2.2.2.2 Risk assessment 14
2.2.2.3 Control activities 16
2.2.2.4 Information and Communication 16
2.2.2.5 Monitoring of control 17
2.2.3 Understand and Evaluate the IT Environment 19
2.2.4 Determine Materiality 21
2.3 Risk and Response 24
2.3.1 Assess risk 24
2.3.1.1 Conduct Initial Risk Assessment Analytics 24
2.3.1.2 Conduct Fraud Risk Assessment 25
2.3.1.3 Other risk assessment procedures 28
2.3.2 Determine Audit Strategy 29
2.3.3 Determine Nature, Timing and Extent of the audit engagement 30
2.4 Execute 33
2.4.1 Accruals, provision and other liabilities 33
Trang 52.4.2 Inventory 44
2.4.3 Revenue 59
2.5 Completion 77
2.5.1 Update Preliminary Assessments, Changes to Plan and Subsequent Events 77
2.5.1.1 Conclude on Possibility of Fraud or Illegal Acts 79
2.5.1.2 Conclude on Entity’s Ability to Continue as a Going Concern 79
2.5.2 Perform Subsequent Events Review 80
2.5.3 Financial Statement Disclosure Checklists 81
2.5.4 Perform Overall Conclusion Analytics 81
2.5.5 Other Completion Activities 82
2.5.6 Audit Opinion 83
CHAPTER 3: OVERALL COMMENTS 85
3.1 Overall comments over audit procedures carried out by PwC at A.B.C Co 85
3.2 Notions for improving the procedures 86
CONCLUTION 87
APPENDIX 88
Appendix 1 Organizational structure at PwC Vietnam i
Appendix 2 Independence ii
Appendix 3 Unaudited Financial Statements iv
Appendix 4 Risk questions vii
Appendix 5 Understand the Entity and its Environment (Regulatory, Industry, etc.) xi
Appendix 6 Control Environment xviii
Appendix 7 Control Activities xxii Appendix 8 Information and Communication cvi Appendix 9 Conduct Initial Analytical Procedure cxi Appendix 10 Detailed listing of Accruals Account cxxii Appendix 11 Freight Charge cxxvi Appendix 12 Advertising and Marketing cxxix Appendix 13 Discount and allowances accruals cxxxii Appendix 14 PwC’s Calculation of VPC cxxxix Appendix 15 PwC's Calculation of VMC and FMC cxli Appendix 16 General Provision cxlvi Appendix 17 Detailed listing of Specific provision cxlvii Appendix 18 Sales by Products Breakdown cxlix Appendix 19 Sales by Seasons Breakdown cli Appendix 20 Sale Deductions Breakdown clii Appendix 21 Breakdown of CDA and D&A Year End clv Appendix 22 Conclude on Entity’s Ability to Continue as a Going Concern clviii
Trang 6Appendix 23 Subsequent Analytical Procedure clx Appendix 24 Subsequent Event Email clxiv Appendix 25 Perform Overall Conclusion Analysis clxvi REFERENCES clxxi
Trang 7ABBREVIATIONS
Trang 8FMC Fixed Manufacturing Cost
Trang 9RMs Raw Materials
Trang 10TABLES
Table 1 Rotation of engagement team 8
Table 2 Initial Materiality Calculation 23
Table 3 Audit approach for Accruals 37
Table 4 CDA accruals testing template 38
Table 5 CDA testing results 39
Table 6 Freight - tested samples 39
Table 7 Freight - Testing results 40
Table 8 Discount and allowances accruals result testing 43
Table 9 Breakdown of inventory 44
Table 10 Inventory stock count – Criterial for sample size selection 45
Table 11 Detailed of locations 46
Table 12 Trace test count - Accept-Reject sample size 48
Table 13 Inventory - Raw materials - Total population 49
Table 14 Summary of Raw materials information 50
Table 15 Inventory - Summary of Threshold 51
Table 16 Breakdown of unit cost of Finish goods 52
Table 17 Testing samples of Finished goods 52
Table 18 VPC per Unit of testing samples - Finished goods 54
Table 19 VMC & FMC calculation result 55
Table 20 Breakdown of goods in transit 55
Table 21 Provision policy for Inventory 56
Table 22 Breakdown of Provision for inventory 57
Table 23 Summary of General provision testing 59
Table 24 Sales deductions - Detailed negative figures 71
Table 25 Breakdown of D&A by booking type 74
Table 26 Reassess Materiality Calculation 78
Table 27 Unaudited Balance Sheet iv
Table 28 Unaudited Income Statement vi
Table 29 Brief on financial indices xvii
Table 30 AR Provision policy xxix
Table 31 Control Matrix - Revenue and Receivables xxxiii
Trang 11Table 32 Purchase Requisition - Authorization l Table 33 Contract or Purchase Order & Invoice payment – Authorization Right (SOA) lii Table 34 Purchasing and Payables - Authority - SOA lix Table 35 Status of Finished Goods Report lxxvi Table 36 Walkthrough - Inventory lxxxiv Table 37 Inventory - Control Matrix & Validate lxxxvii Table 38 Design of Testing of Operating Effectiveness xci Table 39 Components of cost of FG produced xciii Table 40 Details of VMC and FMC xciv Table 41 Balance of Inventory - Quantity - at the month end xcv Table 42 Balance of Inventory - Value - at the month end xcvi Table 43 Calculation of Closing balance value for the month end xcvi Table 44 Finalising COGS and inventory revaluation of Client xcvii Table 45 Finished goods process by co-packer xcviii Table 46 Proportion of FMC xcix Table 47 FMC obtained from accounting department (applied form Sep) c Table 48 Calculation for samples of FMC ci Table 49 Proportion of FMC cii Table 50 Standard file set for September onward from Planning Department ciii Table 51 Provision Minutes sent for making Consolidation cv Table 52 Balance Sheet - Initial Analytical Procedure cxi Table 53 Income Statement - Initial Analytical Procedure cxviii Table 54 Detailed listing of Accruals Account cxxii Table 55 Summary of Reclassifying Accruals cxxiv Table 56 Subsequent Statement of Financial Position clx Table 57 Subsequent Income Statement clxii Table 58 Subsequent Email Questions clxiv Table 59 Overall Analytical Procedure - Income Statement clxvi Table 60 Overall Analytical Procedure - Balance Sheet clxviii
Trang 12THESIS STATEMENT
1 The necessity of the topic
Although ABC Co is one of the largest beverage manufacturing company in Vietnam with the market share that could be assessed as enormous In the year full of surprises, both in Vietnam and on Global Scale, each investor, shareholder has been more careful in deciding investment portfolio The stock market reversal just in one day from the morning to the evening after Brexit, which has scared many of investors (both individuals and companies), has been a persuasive proof for the sensitivity of information users to the market It raises not only the need for the accuracy of financial analysis but also the need for the accuracy of information sources
However, without accurate and reliable corporate disclosures and financial statements - and competent auditors to audit them - competitive free market system could not function properly When the auditors play their role as an agent for expressing opinions on those sources, users of financial statements can make appropriate decision
2 Objectives
Since at PwC, clients have been critical assessed before being accepted or continued for the next year Following with various procedures to ensure that the financial statements have been properly audited to provide reasonable assurance to the users of that financial statements Therefore, the objectives of the thesis are to:
- Present the acceptance and continuance for the client ABC Co
- Present the audit procedures for the financial statements of client ABC Co
- And to have a general view on the whole engagement carried out by PwC Vietnam as well as PwC global
3 Gathering information methodology
- Analyze the audit files from last year of ABC Co
- Perform communicating verbally with employees and employers of the Client
- Communicate with staff that has performed the audit engagement in the year
2016 both the half year review and the final audit at the year end
Trang 134 Scope and limitation
Scope:
- The thesis has cover almost all of the audit engagement from planning for the audit, including continuance of Client to define audit strategy to completion of the audit file, final procedures for the Client
Limitation:
- The writer has not joined all the procedures carried out due to the position in the firm with the lack of experience, which led to the limited understand about the audit engagement
- Since the limitation of time, only key sections that have adjustments for explanation are presented in the thesis
- Therefore, not all the audit procedures have been explained completely
Trang 14CHAPTER 1: INTRODUCTION OF PRICEWATERHOUSECOOPERS VIETNAM LIMITED
1.1 History and Development
1.1.1 PwC on global scale
PricewaterhouseCoopers (PwC) is one of the biggest professional firms, of which the principal activities are to provide professional services included assurance, advisory, taxation and legal PwC has been commenced publicly the first time after the merger between PricewaterHouse Ltd and Coopers & Lybrand Ltd (both in London)
accountant - in 1849
Coopers Brothers & Co and Lybrand, Ross Bros & Montgomery
At the present, PwC network comprises the Head Office at London and more than
740 other offices spreading over 157 countries with approximately 223,000 employees Due to the requirements for a professional firm, each of the office over each country is one separate entity
1.1.2 PwC on local scale (Vietnam)
PwC Vietnam is a one member company limited, licensed by National Committee for Investment Cooperation to operate and provide independent auditing and other consultancy services It is wholly owned by PwC Indochina Holdings Inc which was established in 1992 in British Virgin Islands
office in Hanoi
market in Vietnam
PricewaterhouseCoopers Vietnam was officially launched
Thus, the history of PwC Vietnam could be considered to begin from 1998, and be
a part of PricewaterhouseCoopers Southeast Asia Peninsula (PwC SEAPEN) SEAPEN
is a community covering PwC entities in Malaysia, Thailand, Laos, Cambodia and
Trang 15Vietnam, with more than 3,800 people In Vietnam only, there are slightly 800 local and expatriate staff and two offices (HCM and Hanoi)
Moreover, PwC Legal Vietnam is a foreign law company established in 2000, and licensed in Vietnam by the Ministry of Justice, with its head office in Ho Chi Minh City and a branch office in Hanoi
1.2 Field of operation and operational objectives
1.2.1 Services provided by PwC Vietnam
PwC Vietnam provides clients with high-quality and industry focused services, by developing and cultivating strong interpersonal relationships in order to truly understand businesses and things they need PwC Vietnam is currently providing some major services that contributed to its reputation as follows:
- Auditing and Assurance Services: Guaranteed services for giving a true and
fair view of the financial position of Clients, the results of its operations and cash flows as well as improving the quality of financial statements
- Advisory Services: Offering an integrated service, bringing a breadth of skills
and department of resources to clients Advisory Services fall into two main groups: Deals and Consulting
o Deals: mainly about mergers and acquisitions (M&A) - working with
clients all the way through the deal cycle, from strategy to post-deal integration, including financial, tax, legal, market and operational due diligence, accessing the capital markets and valuing, negotiating and structuring deals
o Consulting: Helping clients attain increased levels of performance by
improving the efficiency and effectiveness of key business processes
o Tax Services: Providing a full range of tax services to our clients,
including advice and compliance services in relation to Vietnam taxes Keeping clients abreast of the latest developments in Vietnamese tax laws, advising them on the most effective ways to structure their operations in Vietnam, and providing early warnings for and guidance on dealing with emerging risks
Trang 16o Legal Services: Offering clients comprehensive legal advisory services
alongside the assurance, tax and advisory services provided by associated PwC offices
1.2.2 Operational objectives
“At PwC, the purpose is to build trust in society and solve important problems” PwC always supports clients fully to achieve their goals With a team of qualified professionals within-department knowledge of essential business areas in every market across the network, we provide comprehensive services to clients everywhere
PwC has become very familiar with world class business In order to maintain the trust and to enhance the quality of service provided to old and new customers, PwC has set the following operational goals:
satisfaction.;
humans are the key to the success of the company
Furthermore, PwC is seeking to go beyond “doing the right thing” to being a catalyst for positive change in society PwC’s want is to integrate social, environmental and economic integrity into values, culture and decision-making This means PwC has not only contributed to the outside, but also want to building a strong community inside itself, which would benefit the externals as the services provided by various people of different personalities with the same target is to contribute more
1.2.3 Organizational structure at PwC
“PwC is the brand under which the member firms of PricewaterhouseCoopers International Limited operate and provide professional services Together, these firms form the PwC network “PwC” is often used to refer either to individual firms within the PwC network or to several or all of them collectively Firms in PwC network are members in, or have other connections to PwCIL
Trang 17The organizational structure of PwC is divided into several levels, each of which plays a different role in keeping PwC's organization running smoothly and efficiently
In addition, the PwC machine is built, designed to give each employee an environment
to study, to work and to support each other to fulfill the joined objectives Similar to other professional firms, PwC levels their organizational structure based on 2 categories:
- On job: The extent of this delegation shall depend on the engagement
circumstances, including its complexity The signer shall retain overall responsibility
o Engagement Leader: The individual who assumes ultimate responsibility for the conduct of the audit and for issuing the audit report In some cases, the partner (or director) signing the audit opinion may delegate the engagement leader role relating to the conduct of the audit to a senior manager/experienced manager, while retaining overall responsibility for the audit
o Team manager: The team manager is the member of the engagement team who, with the appropriate oversight and coaching by the engagement leader, assists in the design of the audit strategy and plan and coordinates its implementation on a day-to-day basis
o Senior in charge: experienced staff to conduct key sections and support other staff
o Staff: unexperienced or person with a little experience
- Normal: the fixed position in the company and is changed depend on the
performance in engagements and other acumen that stated in PwC manual
Trang 18more information, please refer to (“Appendix 1 - Organizational structure at PwC Vietnam”)
Trang 19CHAPTER 2: THE AUDIT OF FINANCIAL STATEMENTS OF A.B.C CO., LTD
2.1 Initial Engagement Procedures
2.1.1 Conduct Independence Review
Independence is the ability to act with integrity and objectivity and be seen to act in this manner It is a critical factor when carrying out an audit engagement We have made notice of our engagement team as well as the firm whether any problems would prevent our independence duty in front of the public (independence in appearance) and expression of a conclusion (independence in mind) to ensure independence is maintained
The firm and its personnel comply with professional standards and applicable legal and regulatory requirements The composition of the engagement team and the proper assignment of roles and responsibilities are essential to the performance of an effective audit Every entity is different, and the engagement team is structured to meet those
specific circumstances
All PwC staff are signed to an Annual Independence Confirmation In addition, we have already confirmed with the whole team in the kick-off meeting and noted that there are no any independence threats are noted during planning stage The individual independence will be continuously accessed until the end of the engagement
Table 1 Rotation of engagement team
Number of years of involvement in this role
Maximum length of involvement, if applicable
Engagement leader (*) Bee Han Theng 1 (from 2016) Should not exceed 10 years Team manager Do Thanh Nhan 1 (from 2016) No requirement
Left Signer (**) Bee Han Theng 1 (from 2016) Max of 3 continuous years Right Signer (**) Do Thanh Nhan 1 (from 2016) Max of 3 continuous years
Trang 20(*) EL involvement:
neither PIE nor HPC, the period for an audit engagement partner or QRP should not normally exceed 10 years Mr Bee Han Theng has been involved in the engagement as EL role in YE 2016 as the first year His involvement in the engagement complies with the rotation policy for non-PIE
(**) Left signer and right signer rotation:
rotate after 3 years as per Decree 17 Bee Han Theng has been involved as the left signer of the engagement for YE 31 Dec 2016 as the first year For the audit
31 December 2016, this would be the first year of Nhan’s involvement in the engagement as well It is satisfied that no violation on both left and right signers for the FY ended 31 December 2016
(***) QRP involvement:
Furthermore, PwC has self-reviewed ourselves whether we have any relationships with clients that may harm our independence in both mind and appearances: Financial interests, loans or similar arrangements; Joint or other business relationships; Litigation (threatened or pending) in relation to audit or non-audit services; Overdue fees and undue reliance on fees; Commissions, referrals or contingent fees; Situations where the entity has become liable to a PwC firm under an indemnity For more information, please refer to (“Appendix 2 Independence”) As extracted from the system, there is no issued or matters identified
2.1.2 Perform Engagement Acceptance/Continuance
Use of A&C Software to Evaluate Information
consistency to engagement acceptance and continuance procedures we have
Trang 21developed and used a software tool known as A&C Software to evaluate information
about the entity
The completion of the A&C assessment helps the engagement leader and team members identify professional risks associated with the client and the engagement and may also help identify audit risks as a result of evaluating the information used to complete the A&C assessment We use judgement to determine whether risks may be considered significant risks in our audit planning The identification of any significant risks is an important activity undertaken by the engagement leader (and if applicable, Risk Management) in their approval of the A&C assessment
In the form, the Client information has been stated:
o Entity name: ABC Co
o Entity type: Subsidiary of listed entity
o Practice Segment: Non HPC PIE
o Client Status: Active Audit Client
o Business Description: Manufacture various beverage for consumption in Vietnam
o GAAS requirement: Local GAAS (VAS)
o Financial Reporting Standards: Local GAAP
o Engagement Name: ABC Co 31.12.2016
o Engagement Record Manager: Mr Do Thanh Nhan
o Engagement period end: 31 December 2016
o Service Line: Assurance
o Service: GAAS / Statutory & Other Recurring Audits
o Engagement Type: Audit - requiring annual Continuance reassessment
Trang 22o Industry Group: CIPS - Consumer & Industrial Products & Services
o Industry Sector: Retail & Consumer – Consumer
o Industry Segment: Drinks production
Next, Mr Do Thanh Nhan will have to answer about the continuance of ABC Co
o Entity Financial Information (*)
▪ Total Assets: K’VND9,493,549,588
▪ Shareholders' Equity (Book Value): K’VND6,301,810,691
▪ Sales/Revenue/Turnover: K’VND13,815,895,873
▪ Net Income: K’VND978,969,995 (*) The date of preparing the acceptance and continuance for the year end 2016 was 3 March 2016, at that time, the audited report for ABC (for the year 2015) had not been finalized yet Hence, those figures used are from 2015 unaudited financial statements Please refer to the (“Appendix 3 Unaudited Financial Statements)
o Fee Information
o Other Information
▪ The Ultimate auditor of ABC is Deloitte
▪ The Client Identification Check has been issued and Mr Nhan has confirmed that the engagement has not involved in any Money Laundering:
• The source for engagement fee from customer is reliable and could be tracked
• Services expected to provide, related parties, third parties
do not indicate any type of Money Laundering
Trang 23- Risk questions: the questions have been categorised into (i) Business Issues, (ii) Management and Governance, (iii) Ethics and Integrity, (iv) Accounting and Controls, (v) Financing and Going Concern and finally (vi) Auditing Issues
o Business Issues: Profitability, Products and Services, Competitive position, Stress on rapid growth or downsizing of the entity, Incentive for intentional misstatements in financial reporting: Low risk
o Management and Governance: Governance and Oversight of management, Past Performance, Management’s experience and skill, Management department: Low risk
o Ethics and Integrity: Integrity and ethics, Management inclination to intentionally misstate financial reporting: Low risk
o Account and Controls: Accounting control, Monitoring of operating units, Revenue recognition, Past audit adjustments: Low risk
o Financing and Going Concern:
▪ Bank credit facilities of US$39,000,000 can be drawn to meet its liabilities to carry on the next twelve months
▪ Current liabilities exceed current assets by K’VND311,933,407
o Auditing Issues: Reliability of accounting estimates, Company’s characteristics: Low risk
The detailed answers with has been documented in the (“Appendix 4 Risk questions”)
Approval requirements: The requirement for approval from the engagement leader,
and in certain circumstances, the approval has been delegated to the engagement leader – Bee Han Theng
Conclusion: According to PwC Audit Guide: A&C Score will fluctuate between the
range of 11 (lowest risk) and 55 (highest risk) – A score of 42 or greater is higher risk Based on the answer made by Mr Nhan, ABC has scored 26 points, which is between
11 and 42 Thus, ABC has been accepted as a continuance without further investigation
Trang 242.2 Understand the Entity and Its Environment
2.2.1 Understand the Entity and its Environment 1 (Regulatory, Industry, etc.)
According to PwC Audit Guide (PAG), PwC required professionals to develop a deep and broad understanding of the business and its risks As such, we form our own point of view on the risks in the business, through research and analysis of the entity and its environment, namely industry, regulatory and other external factors, the nature
of the entity, the entity’s selection and application of accounting policies, its objectives and strategies and the entity’s financial performance
An independent point of view is developed through a combination of our own research, taking into account how the company compares against its industry, its competitors and/or peers, and discussions with entity personnel We do not simply accept management’s views, but develop our own point of view against which to evaluate how management views their business and to assess management’s risk analysis and control environment We apply professional skepticism, comparing management's views with our own For further understanding of the Entity and its environment, please refer to (“Appendix 5 Understand the Entity and its environment (Regulatory, Industry, etc.)”)
2.2.2 Understand and Evaluate Internal Control and Identify Relevant Controls
According to ISA 315, we have assessed internal control system and whether we need to perform any test of control to reduce work of substantive test or not
2.2.2.1 Control environment
The control environment implemented at ABC Co has been assessed by PwC on these criteria: (i) Management establishes an appropriate 'tone at the top' of the entity, (ii) an appropriate code of conduct (or similar) exists and has been communicated to all employees, (iii) the entity has implemented a "whistle-blowing" mechanism (or equivalent), such as an ethics hotline, (iv) management's attitudes and actions toward financial reporting and finally (v) the role of those charged with governance is
legal, political and regulatory environment
Trang 25undertaken by persons with appropriate experience, competence and independence from management
For further information about the result, please refer to (“Appendix 6 Control environment”)
2.2.2.2 Risk assessment
Management establishes strategic and operational objectives which are appropriate
to the size and complexity of the entity
- Strategic level objectives:
o At beginning of each calendar year, BOM will unanimously decide on whether to either:
o Develop a new 3-year strategic plan for the Business in the territory, or
o Review and update the Strategic Plan approved by the BOM in previous year with the revised outlook for the next 3 years
- By April of each year, ExCom must prepare and submit to BOM for approval the Strategic Plan
- The Strategic Plan must set forth in reasonable details for each year in the Strategic Plan Period:
o Innovation and category strategies, new products
o Market place investment including A&M, marketing equipment and sales development
o Financial statement including sales volume, net revenue, gross margin, EBITDA, EBIT, tax and capital expenditures
o Financial capacity
o Other information
- BOD must approve the Strategic Plan by end of May each year
- Operational level objectives (Annual Operating Plan - AOP)
o By 30 September: ExCom prepare and submit to BOM the high-level profit and loss statement and full year forecast for next fiscal year of Vietnamese subsidiary
Trang 26o In October, each year: ExCom prepare and submit to BOM for approval
a draft operating plan for the Business of Vietnam subsidiary for the following year (Annual Operating Plan)
o The Annual Operating Plan must include:
▪ The strategic and financial objectives of the Vietnam subsidiary for the relevant fiscal year including marketing plan (key marketing initiatives, brand/package strategies, channel strategies, pricing and CDA strategies and volume); management plans (management selection, training programs and operational and human resource initiatives) Advertising plans in respect of Beverage products and other information
▪ Financial plan showing the Vietnam subsidiary’s consolidated financial capacity projected Profit and Loss, Cash Flow, Balance Sheet items, capitalization plans, capital expenditures, debt levels and methods of financing the operations of the Vietnam subsidiary
o BOM must consider and vote on the initial Annual Operating Plan by end
of October or 90 days before date of commencement of the fiscal year
o BOM must vote on the final Annual Operating Plan by end of November
or at least 30 days before the date of commencement of the fiscal year Management has a process for identifying, evaluating and responding to risks to the achievement of objectives
- The RMC department and head of each department are responsible for risk assessment and assist the BOD in dealing with such risks The Company has built up the good internal control guidance based on COSO and Guidance from ABC global guidance The internal control guidance included of 10 processes in the company The RMC department will test those controls on quarterly basis to see whether any control fail and any new risk incurred to assess it RMC report the risk assessment together with result of internal control test to BOD and BOM
on quarterly basis Prompt actions are taken by BOD/BOM and documented in the reports and being followed up by RMC
Trang 27- Through our discussion with management during initial meeting, they assessed that business risk was not high due to the nature of activities that they are carrying out The only business risk identified is currency risk that they have set
up appropriate hedging policy to deal with
Management identifies and analyzes changes in the business that could have a significant impact on financial reporting
- Formal budget building process was set up to ensure the annual budget was in line with the Company's strategy; meeting shareholders' expectation on annual growth; while ensuring it was realistic by involving all relevant departments into budget building process; while ensuring it was challenging and appropriate by involving planning department to challenge the appropriateness of assumptions made Our understanding about 2015 budget and historical performance of the Company indicated that budget was appropriately set and achievable, which did not put the management and staff under high pressure The budget for the year
2015 was even set lower the actual performance of 2016 so far since certain off procedures have been eliminated and current business situation has been taken into account We have inspected certain supporting documents to ensure the control in place
ABC Co has performed control activities for those business cycle
- Revenue and Receivables
- Purchasing and Payables
- Production and Inventory
- Accruals for A&P
For those controls implemented, please refer to (“Appendix 6 Control Activities”)
ABC Co has applied some of the information and communication to adapt one of the factors of Internal control – Information and Communication
Trang 28- Processes are in place for gathering key financial information to support the financial
- Furthermore, IT structure and culture support an effective IT environment (e.g., through behaviors demonstrated, allocating appropriate IT resources and formal and informal policies, particularly with respect to data processing and security)
- Senior financial officers, accounting, finance, IT, and other functional managers communicate clearly about important matters concerning financial reporting and
- Financial information is communicated timely and clearly to external stakeholders
Please refer to (“Appendix 8 Information and Communication”) for further information
Afterward, the information and communication at ABC Co has been assessed as normal and there is no exception that required our attention
The entity has an ongoing process for monitoring internal controls
- Internal audit function of Head Office (ABC) performed separate evaluations on every 2 years and the last time is 2011 Due to 51% of Suntory in April 2013, the Company is now under control of Suntory As it is in transformation program, Suntory Foods and Beverage Asia has done the survey and questionnaire to evaluate the current internal control system of ABC Co and concluded that it was more robust and advanced than of Suntory and hence, no significant change required including the Internal control system up to 2016
An internal audit (or equivalent) function is used to monitor the effectiveness of internal control
- There has been Risk Management and Compliance department (RMC), who acted the role of internal control department to carry out periodical evaluation and testing on business process (upon defined scope of work and work planned approved by the BOM and BOD) Quarterly reports are submitted to BOM and BOD for reviewing and actions taken
Trang 29- The RMC department has responsible the monitoring controls in the whole company There is a very strict and detail guideline in the internal control included of 10 main processes included of A&M, FA, FOBO, FR, HR, I2C, PICT, Agro, P2P, S2C For each of processes there are lots of sub-processes to guide each department, each staff dealing with their work and ensure the controls are effectively operation within the company In addition, the RMC department also review and test the internal control each quarterly to find out any fail controls and report to Board of Director and Management for their consideration and instructions
- Management, the audit committee and the board of directors must take appropriate actions to address significant deficiencies, material weaknesses in internal controls and any incidents of suspected, alleged or actual fraud that is material and carry out appropriate follow-up actions
- We inquired Ms Hanh - RMC manager and inspected Quarter 1/2016 internal control audit report
- From the testing, we noted that RMC function had a detailed plan of site visits
at branches and factories to check the compliance with the Company’s internal policy and to review various business processes such as Human Resources, Marketing, Investment or working capital management and financial statements There should be at least one visit per year for all branches and factories
- From reviewing the reports, we noted the findings were communicated with person in charge and the BOD BOD was responsible for taking remedial action, which were clearly documented in the report including timeline for rectifying Internal Audit will follow up with BOD’s actions and reported the result in next quarter We reviewed the reports and noted the comments from BOD that they will take actions on the findings noted by Internal Audit function
Management identifies and assesses deficiencies resulting from ongoing and/or separate evaluations of internal control over financial reporting
- On quarterly basis, Internal audit does the testing on 10 processes at ABC Co as normal Up to September 2016, RMC department just complete some of the testing for Quarter 1 and identified no finding which may impact to the Quarter
Trang 303 report The result of testing in Quarter 1/2016 will be released on 16 May 2016 PwC had obtained the Quarter I internal audit report
- Up to October 2016, RMC team had been completing of testing internal controls for Quarter 2/2016 As further discussed with Ms Hanh – RMC manager, she noted there was no significant weaknesses which impact to our review in Quarter 3/2016
2.2.3 Understand and Evaluate the IT Environment
According to PAG, “the auditor shall obtain an understanding of internal control relevant to the audit Although most controls relevant to the audit are likely to relate to financial reporting, not all controls that relate to financial reporting are relevant to the audit” As such, it is a matter of the auditor’s professional judgment whether a control, individually or in combination with others, is relevant to the audit
Identify Relevant IT Risks and Dependencies
In understanding how the entity uses IT, we develop an understanding of the relevant
IT dependencies and related risks, related to the applications, data files and technology components
On 14 October 2016, we have inquired Mr Vinh and Mr Chuong on how the entity has responded to risks arising from Information Technology (“IT”) We have obtained two main angles from the section: (i) understanding of IT function, (ii) understanding
of the IT’s system considered relevant to the audit and identify key IT deficiencies and
as a result, we assessed the level of complexity of the system
Understanding of IT function
❖ As ABC Co., is an entity working in FMCGs industry With a strong development and the complexity in operation of various type of products (beverages, snacks, etc.) and the size of the organization with 5 factories which would lead to the difficulties in input and process the data, hence making any reports for the management would be delayed Which required ABC Co., to
planning - Oracle
Trang 31❖ At the inquiry, we focus on the organization of the IT system, whether there are specific any policies and procedures related to IT, the way the system is operating.
operating by an IT department (of four people), leading by Mr Hoang This leads to the easy control and gathering of information for management purpose, for example, the amount of raw materials which has been recently put into production would be quickly transferred to work in progress immediately without any delay, helping the accountant to keep track, thus the management would have the latest information on ad-hoc
assigned in company structure minute
department has only a limited access right to a specific function that
modification right to any other functions except for running the system with supporting when required
▪ In the year ended 2016, as the continuing of operation from the previous year (2015) - no differences in nature of operating - there was no changes
in the system this year
The extent and nature of risks posed by information technology vary, depending on:
(1) As when analysing and documenting of IT in the previous paragraph, we have understood of the nature and characteristics of the entity’s information system (2) Following, we must identify any IT dependencies relevant to the audit:
❖ Automated controls
Oracle, which is an ERP system, has facilitated the connection and automatic control over all activities in the corporate As stated, this control would somewhat reduce the override of the management if the operation happens normally Thus, we assess the relevance of the control to audit engagement in the year ended 2016
Trang 32❖ Calculations
The system is automatic For instant, each of input time, the inputter would only import the raw data (price and quantity in the invoice) without any calculation to the system It has an obligation to calculated the sum row at the end
❖ Key reports
The strength of an ERP system is to provide any report at any time for various purposes, which would involve the key reports output to the audit
❖ Security - System-enforced segregation of duties
The IT department comprises four people However, the only mission of them is to maintain the system for properly use The Oracle is designed by a group in Japan, which
is the company to provide the same service to the Head Office in Japan
For other departments, they have utilized the system for daily use The section and editing right is delegated to each person by using each individual password for the computer itself and the software
2.2.4 Determine Materiality
For the conclusion on the overall financial statements, we need to determine various amounts: materiality for the financial statements as a whole (termed overall materiality), performance materiality, de minimis SUM posting level
Theory:
- Overall materiality (OM): it is considered in evaluating the effect of identified
uncorrected misstatements on the financial statements as a whole and the opinion
in our audit report
- Performance materiality (PM): it assists us in planning and executing audit
procedures It is set below overall materiality in order to reduce the probability that the aggregate of uncorrected and undetected misstatements in the financial statements exceeds materiality for the financial statements as a whole
- De minimis SUM posting level (SUM) is intended to help us accumulate
identified misstatements that are not clearly trivial
Trang 33Benchmark: As the nature of this audit engagement is statutory reporting, PwC
Vietnam choose to use profit before tax as benchmark for materiality with below considerations:
to calculate materiality levels, such benchmarks would normally be considered in addition to the generally expected benchmarks (e.g., up to 10% of profit/loss before tax from continuing operations for non-PIE profit-oriented entities) When alternative benchmarks are used (e.g., total revenues for a profit-oriented entity), it is normally expected that the alternative benchmarks, together with the generally accepted benchmark, will be evaluated and materiality would be set using professional judgment considering the benchmark considered most appropriate in the circumstances of the engagement
Overall materiality: Rule of thumb - 10%
2Public interest entities
Public Interest Entities (PIE) refer to those audit clients who have a fiduciary or other financial trust relationship with a large number and wide range of stakeholders The following would meet the definition of PIE for a PwC member firm:
• All Listed Entities These are entities whose shares, stock or debt are quoted or listed on a recognized stock exchange, or are marketed under the regulations of a recognized Stock Exchange or other
equivalent body
• Any entity (a) defined by regulation or legislation as a Public Interest Entity or (b) for which the audit
is required by regulation or legislation to be conducted in compliance with the same independence requirements that apply to the audit of listed entities Such regulation may be promulgated by any relevant regulator, including an audit regulator
Any entity for which it can reasonably be expected that a PwC Firm's audit, review, or attest report will be filed
Trang 34- The distribution of, or use of, the financial statements is limited to few users, e.g., the parent company and a limited number of shareholders;
- ABC Co has no significant level of external debt and/or no close calls on financial covenants
- Concentration of ownership/and (or) management: Concentration of ownership cause only one investor
- Debt arrangements: No public trade debt, loan covenant is not sensitive to operation result
- Business environment: The entity operates in a stable business environment
- Control environment: Stronger control environment; lower risk of fraud
- Other sensitivities: Few external users of the entity's financial statements
Performance materiality: haircut - 10%
- Risk assessment and aggregation risk: The characteristics of the company being
audited result in low aggregation risk related to potential misstatement arising from environmental factor such as sufficient qualified management resources are presented, there is low pressure to achieve targeted results and the company does not operate in a high-risk industry And aggregation risk is low related to potential misstatements because there are limited number of significant account and limited number of locations
De minimis SUM posting level: 10%
- The company does not operate in high risk industry
- The aggregation risk is low and non - PIE
- Client expected to communicate most of difference but not those are small
Table 2 Initial Materiality Calculation
2015 – Audited VND’000
Trang 35• Risk assessment analytical procedures
• Substantive analytical procedures
Trang 36Based on result of discussion with management and review monthly management report, our CAKE on client and its industry, it is expected that:
o Total sales increased by 15% to 20% as compared to last year mainly as result from increase of sales volume and as compared with budget
o Sales-related accounts such as COGS, sales deduction, selling expenses,
AR expected to move in line with sales
o Capital injection makes capital balance increase by US$10mil
o Other remaining accounts expected to remain unchanged
Assess reliability of underlying
Figures on statement of financial position as at 30 June 2016 (Balance Sheet) and figures on income statement for the period from 1 January to 30 June 2016 (Profit & Loss) were under half-year reviewed by PwC Hence, we considered it was appropriate for Pre-AR purpose
Likewise, numbers as at 31 December 2015 (See Table 51 Balance Sheet – Initial Analytical Procedure) and half-year 2015 (Profit & Loss) (IFRS) was obtained from PwC's audited accounts and Profit & Loss for 6 months 2015 (IFRS) was obtained from PwC's reviewed accounts
Define threshold(s) for what would be unusual or unexpected
- Any variance above PM will be investigated
Perform Risk assessment analytics:
There are significant movement in some FSLI on the financial statements (e.g Cash and Cash Equivalents (86%), Sales (15%), Financial Income (-27%), etc.) which has been investigated and doctumented Please refer to (“Appendix 9 – Conduct Initial Analytical Procedure”) for further testing result
Client’s practice:
Trang 37We have discussed with Internal Audit which work they have done during 9 months 2016: on quarterly basis, Internal audit does the testing on 10 processes at ABC Co as normal
Request for Internal Audit Reports to review the quarterly control reporting reports Discuss actions taken on the findings of Internal Audit Report: Per discussion with
Ms Hanh, the process for dealing with findings of internal control report did not change
as compared with year-end audit 2015, the findings were firstly communicated with person in charge and the BOD BOD was responsible for taking remedial action, which were clearly documented in the report including timeline for rectifying Internal Audit will follow up with BOD’s actions and reported the result in next quarter
Inquire if Internal Auditor became aware of any fraud cases
- Internal audit’s views about fraud risks in the entity: Ms Hanh said that as ABC
Co has the sound internal control with specific control activities which stated under written form with defined in 10 processes The RMC department has done the review and tested 10 processes quarterly and there were no fraud cases identified so far so under RM’s view the fraud risk in the entity is low
- Internal audit’s views about risks of error in the entity: Base on RM’s view, the risk of error is also low because of ABC Co use Oracle, one of the ERP system, most of transactions do automatically by system and subject to many levels of review For manual transactions, they also required the authorization under SOA, for such significant transactions, they must go through a lot of levels of review
In addition, most of key level staff of ABC Co are experience and commit to ABC Co for the long time and there is no significant error identified up to now
so the risk of error in ABC Co is low
- Whether internal audit has performed any procedures to identify or detect fraud during the year, and whether management has satisfactorily responded to any of the findings resulting from these procedures: The procedures to identify or detect fraud are included with the quarterly review of internal control (included of 10 processes), RMC department will report the result of internal control and fraud risk identified (if any) to BOD for their review and responses
Trang 38- Whether internal audit has knowledge of any fraud, alleged fraud, or suspected fraud affecting the entity: some small cases but at staff level ABC Co was addressed them accordingly
- Whether internal audit is aware of instances of management override of controls and the nature and circumstances of such overrides: None noted
Inquire if internal auditors became aware of any law and regulation non-compliance cases Ms Hanh noted she has aware there were some non-compliance with Tax regulations and led to the tax penalty from Tax authority in previous years but there was
no tax audit or tax penalty arisen in the first 9 months 2016
Inquire RMC department if there is any change in accounting system and ITGCs: Per discussion with Ms Hanh, we noted there was no accounting system and ITGCs changes as compared with last year audit
PwC’s assessment:
At the end of each quarter, the internal control department has extracted the internal control report At the planning phase, we have obtained 3 reports and found out that there were deficiencies from testing throughout the year However, those weaknesses
in internal control mainly impact on business operations other than Financial report
- Quarter 1 and 2 (January to June): Some key issues may impact to our audit
plan
o P2P process: early payment for suppliers without getting approval from authorized person and bank transfer to individual accountant instead of Company account No loss cases incurred so no significant impact to our audit
o I2C process: due to the fact that it is manual control 100%, there are some control processes were bypassed by warehouse staff and production staff
No loss cases incurred so no significant impact to our audit
o Master data: last year, master data (including supplier, customer and inventory) was managed by IT staff at location with manual updating if there are any changes
This period, master data management responsibilities had been transferred to a new master data team, we updated the understanding at each cycle, the changes
Trang 39come from master file, not directly linked to FS so no significant impact to our audit
- Quarter 3 (July to September): Some key issues may impact to our audit plan
o P2P process: issues were recurring from previous period, no significant impact to our audit
o Master data: issues were recurring from previous period, no significant impact to our audit
Pricing setting is still directly keyed in Oracle and some human error on pricing, ABC RMC team suggest to develop upload report to minimize human error on price setting However, the error is detected subsequently before billing to customers so there is no significant impact to the audit
- For report in Quarter 4/2016, per discussed with Ms Hanh, we knew that the
internal control report in Quarter 4/2016 was not yet finalized, it will be signed off in late January 2017 However, RMC department has completely performed the testing for Quarter 4, however, the report will not be available until Febuary
2017 We verbally discussed with RMC Director, she confirmed that no significant deficiency/weakness in Quarter 4 report which had significant impact
to our audit
2.3.1.3 Other risk assessment procedures
Laws and regulations
- The legal and regulatory framework applicable to the entity basically includes:
o Laws on Enterprise
o CIT, VAT, FCWT, etc tax laws
o Labor law and applicable regulations of SI, HI, UI, etc
- Statutory financial reporting framework is VAS
The entity is completely complying with that framework in the current time and in previous year audit They have technical support from outsourcers to seek for consultancy when needed The client is also knowledgeable of laws and regulations They are viewed as good law obeying In the past, they have been proactively asking law setters for clarification
Trang 40In addition, the legal team under the Internal control regularly updates, compares the provision of the Company in accordance with laws and common regulations and propagates to each department, specialized function They can also exchange and get direct guidance from the authorities Legal experts review 100% of the contracts and agreements before to be signed
Therefore, the risk of non-compliance is acceptably low
Related parties
- The listing is updated annually by the management, and is communicated to all staff Each related party is monitored by a separate code in GL Internal reconciliation is carried out to double check Interco balances on monthly basis, via email
- Transactions are established for a long time and it is related to normal business
of the Company Those transactions and payment are subject to normal approval procedures
- There isn’t any significant transaction nor arrangement outside the normal course
of business
2.3.2 Determine Audit Strategy
Objective: Performing these preliminary engagement activities enables the auditor to
plan an audit engagement which, for example (ISA 300.A6):
o Assessing acceptance and continuance of client relationships and audit engagements
o The auditor maintains the necessary independence and ability to perform the engagement
o There are no issues with management integrity that may affect the auditor's willingness to continue the engagement
o There is no misunderstanding with the client as to the terms of the engagement
o Assessing acceptance and continuance of client relationships and audit engagements
o Considering independence requirements, including the rotation of engagement team members