Category: Audit rules and methodology

  • The FRC’s Professional Judgement Guidance

    In the auditing profession, technical competence is merely the entry requirement. The true hallmark of a high-quality auditand the primary defense against material misstatement is the effective exercise of professional judgement. Recognizing that poor judgement is a recurring theme in quality failures, the Financial Reporting Council (FRC) issued comprehensive guidance in June 2022 to provide auditors with a structured, rigorous approach to decision-making.

    While this guidance is non authoritative, it encapsulates “good practice” that the FRC expects firms to analyze and integrate into their own internal frameworks. We have summarised some of their key points, however please refer to the document in the link above to read their full guidance.

    Understanding the Framework

    The FRC defines professional judgement as the application of relevant training, knowledge, and experience within the context of auditing, accounting, and ethical standards to make informed decisions. This isn’t just about “big” decisions like going concern; it permeates every level of an audit, including resourcing, task allocation, and firm-level quality management.

    The FRC’s framework is built upon four pillars designed to ensure consistency and quality:

    1) The Auditor’s Mindset

    A robust judgement begins with the right mental posture. The framework identifies five critical mindset aspects:
    Public Interest Benefits: Understanding that the audit acts for the benefit of intended users helps motivate objectivity and a commitment to quality.

    Professional Scepticism: Maintaining a questioning mind and critically assessing evidence is vital, especially when challenging management assertions.

    Psychological Factors and Bias Awareness: Auditors must actively guard against “judgement traps” and bias:


    Sensitivity to Uncertainty: Acknowledging that information sources vary in reliability and that some outcomes are inherently uncertain allows for better risk management.

    Commitment to Quality: Prioritizing a robust process over time or budget pressures is essential for reaching reasonable conclusions.

    The Professional Judgement Process

    While judgement is rarely linear, the FRC suggests a structured process for complex issues:

    Trigger: Remaining alert to situations that require more than an intuitive evaluation.

    The Right Person: Ensuring the individual making the decision has the necessary skills and resources, and escalating issues when they exceed one’s experience.

    Framing the Issue: Defining the problem, articulating objectives, and identifying all viable alternatives to avoid narrow thinking.

    Marshalling Information: Seeking out diverse data sources, including “external signals” outside the entity’s finance function.

    Analysis and Evaluation: Evaluating the relevance and reliability of the gathered information in the context of the judgement.

    Stand Back and Conclude: Pausing to view the preliminary conclusion in the round to ensure it hasn’t been unduly affected by bias or time pressure.

    Document, Communicate, and Reflect: Recording the rationale for the decision, explaining it to stakeholders, and reflecting on the process to improve future judgements.

    3) Consultation

    Quality is significantly enhanced by discussion. Engaging with technical panels, experts, or engagement quality reviewers helps mitigate individual biases and fosters a culture of healthy debate within the firm.

    4) Environmental Factors

    Auditors do not work in a vacuum. The framework acknowledges that firm culture, time constraints, and the integrity of management at the audited entity all significantly impact how challenging it is to exercise quality judgement.

    Illustrative Examples in Practice


    To show how these principles apply in the real world, the FRC provides three fictional scenarios.

    Example 1: The “Window Dressing” Disclosure

    Scenario: A manufacturing company significantly increases its cash balance just before year-end by delaying supplier payments and offering customer discounts, resulting in a deceptively low “net debt” figure in the notes.

    The Judgement: The auditor must decide if the disclosure is materially misstated because it obscures the entity’s true financial position throughout the year.

    The Application: The auditor demonstrates scepticism by questioning management’s “commercial reasons” and researches industry peers to see how they disclose average net debt. This highlights the need to “frame” the issue around user needs and fair presentation rather than just technical accuracy.

    Example 2: The “Close-Call” Going Concern

    Scenario: A group recovers from the pandemic but faces debt refinancing risks. Management claims there is no material uncertainty, pointing to informal bank support and shareholder letters of intent.

    The Judgement: The engagement partner must determine if a “material uncertainty” exists regarding going concern.

    The Application: Despite intense pressure from management to sign off quickly, the partner consults with her firm’s ethics and technical teams. This illustrates how environmental factors (time pressure) can threaten quality and the importance of using safeguards like consultation to mitigate threats to objectivity.

    Example 3: The Hostile Audit Committee

    Scenario: Following a delay in an audit caused by late and incomplete management papers on goodwill impairment, a hostile Audit Committee threatens to put the audit out to tender.

    The Judgement: The audit firm must decide whether to continue the relationship for the next year.

    The Application: An internal panel assesses the integrity of the client’s governance and the appropriateness of the team’s challenge. This example warns against “motivated reasoning”—the firm must ensure that financial priorities (profitability of the audit) do not lead to an inappropriate decision to continue if the client lacks integrity or ethical values.

  • Changes to safeguarding for payments and e-money firms and CASS 15 audits

    New CASS 15 Safeguarding Rules: A Guide for EMIs and Payment Firms

    The Financial Conduct Authority (FCA) has recently finalized its overhaul of the safeguarding regime for payments and e-money firms. Introduced under Policy Statement PS25/12, the new rules represent the most significant shift in the sector’s regulatory landscape in years, moving firms toward a rigorous framework under CASS.

    For many firms, the transition to the new CASS 15 chapter will require a major rethink of their internal controls, governance, and audit arrangements.

    Why the change?

    The FCA’s primary goal is to address long standing weaknesses in how firms safeguard client funds. By strengthening these rules, the regulator aims to ensure that if a firm fails, customer money can be returned more quickly and in full. The new regime is designed with failure in mind, meaning firms must prove they can identify and segregate client funds at any given moment.

    Key Milestones: The Roadmap to Compliance

    The transition is split into two distinct stages:

    The Supplementary Regime (Interim Rules):
    Taking effect from 7 May 2026, these rules strengthen existing requirements around record keeping, monitoring, and reporting.

    The Post-Repeal Regime (CASS 15):
    This is the end state where the current Electronic Money Regulations (EMRs) and Payment Services Regulations (PSRs) are replaced by the prescriptive CASS 15 rules in the FCA Handbook.

    What is Changing for Audit and Assurance?

    Perhaps the most critical change for senior management is the shift in how safeguarding is audited.

    Statutory Auditor Requirement:
    Under the new rules, safeguarding audits can no longer be conducted by general regulatory consultants. They must be performed by statutory auditors where EMIs and payment firms hold more than £100k. This brings safeguarding assurance in line with other regulated client asset regimes (like MiFID firms).

    Reporting Breaches:
    Auditors will likely be required to report all safeguarding breaches to the FCA, regardless of materiality. This removes management discretion over what is escalated to the regulator.

    Strict Reconciliation:
    The new rules mandate daily internal and external reconciliations. Auditors will look for robust, automated processes rather than manual, error-prone spreadsheets.

    Statutory Trust:
    CASS 15 introduces a statutory trust over relevant funds. This creates a more robust legal protection for customers but requires precise accounting and legal documentation to be in place.

    Who is affected?

    The rules apply to:

    • Authorised Payment Institutions (APIs)
    • Authorised E-Money Institutions (EMIs)
    • Small EMIs (SEMIs)
    • Credit Unions issuing e-money

    Small Payment Institutions (SPIs) are not mandated to follow the full regime but can choose to “opt-in” to bolster their credibility and consumer protection.

    How to Prepare: A Checklist for Firms

    With the May 2026 deadline approaching, firms should begin their gap analysis immediately:

    Review Governance:
    Ensure there is clear senior management accountability for safeguarding (specifically under the SM&CR framework).

    Audit Your Tech:
    Evaluate whether your current reconciliation engines and sub-ledgers can handle the requirement for daily, granular reporting.

    Document the ‘Flow of Funds’:
    Create a detailed map of how money enters and leaves your business, identifying every point where funds are “relevant” and must be protected.

    Engage Your Auditors Early:
    Because the new rules require a specialist statutory audit, you should speak with your auditors now to ensure they have the capacity and expertise to meet the new FRC CASS assurance standards.

    How MAH Can Help

    At MAH, we specialise in helping FinTech and financial services firms navigate complex regulatory audits. As the FCA increases its scrutiny of the payments sector, having a robust, compliant safeguarding framework is no longer optional, it is a prerequisite for survival.

    We can assist your firm with:

    • Pre-audit readiness reviews to identify gaps before the May 2026 deadline.
    • Statutory safeguarding audits compliant with the new CASS 15 standards.
    • Internal control advisory to help automate and secure your reconciliation processes.

    Contact us today for a consultation on how the CASS 15 changes will impact your business and to ensure you are ready for the new regime.

  • How to audit going concern under ISA 570

    To audit going concern under ISA 570, the auditor should follow the principles and procedures of auditing going concern, which are the principles and procedures that govern the assessment of an entity’s ability to continue as a going concern.

    The key steps in auditing going concern under ISA 570 are as follows:

    1. Understand the entity and its environment: The first step in auditing going concern under ISA 570 is to understand the entity and its environment. The auditor should obtain an understanding of the entity’s business, its industry, and its economic environment. The auditor should also obtain an understanding of the entity’s financial position, its liquidity, and its capital structure.
    2. Identify and assess the risks of going concern: The second step in auditing going concern under ISA 570 is to identify and assess the risks of going concern. The auditor should identify the risks that may impact the entity’s ability to continue as a going concern, such as financial difficulties, operational challenges, and regulatory changes. The auditor should assess the likelihood and the impact of the risks on the entity’s ability to continue as a going concern.
    3. Obtain management’s assessment of going concern: The third step in auditing going concern under ISA 570 is to obtain management’s assessment of going concern. Management is responsible for preparing the financial statements and assessing the entity’s ability to continue as a going concern. The auditor should obtain management’s assessment of going concern, including the assumptions, judgments, and estimates used in the assessment.
    4. Evaluate the adequacy of management’s assessment of going concern: The fourth step in auditing going concern under ISA 570 is to evaluate the adequacy of management’s assessment of going concern. The auditor should evaluate whether management’s assessment is reasonable and appropriate in the circumstances. The auditor should consider whether the assumptions, judgments, and estimates used in the assessment are reasonable and supported by the facts and circumstances.
    5. Conclude on the going concern assumption: The fifth step in auditing going concern under ISA 570 is to conclude on the going concern assumption. Based on the auditor’s assessment of the risks of going concern and the adequacy of management’s assessment, the auditor should conclude on the appropriateness of the going concern assumption. If the auditor has concerns about the entity’s ability to continue as a going concern, the auditor should evaluate the implications for the financial statements and the audit.

  • How to audit trade payables

    To audit trade payables, the auditor should perform the following steps:

    1. Understand the entity’s trade payables and the related business processes: The auditor should obtain an understanding of the entity’s trade payables, including the nature, timing, and amount of the payables, and the related business processes, such as the purchasing and payment processes.
    2. Assess the risks of material misstatement in the trade payables: The auditor should assess the risks of material misstatement in the trade payables, taking into account the entity’s industry, the economic environment, the credit quality of the entity’s suppliers, and the entity’s internal controls.
    3. Develop an audit plan and audit procedures for the trade payables: Based on the understanding of the trade payables and the risks of material misstatement, the auditor should develop an audit plan and audit procedures for the trade payables, including the nature, timing, and extent of the audit procedures.
    4. Test the trade payables and evaluate the results: The auditor should test the trade payables and evaluate the results, using appropriate audit procedures, such as confirmation, observation, inspection, and recalculation. The auditor should also evaluate the entity’s accounting policies and estimates related to the trade payables, such as the accrual of unpaid expenses.
    5. Conclude on the trade payables and communicate the findings: Based on the audit evidence obtained, the auditor should conclude on the trade payables and communicate the findings to the entity’s management and the audit committee. The auditor should also evaluate the entity’s disclosure of the trade payables in the financial statements.

  • How to audit trade receivables

    To audit trade receivables, the auditor should perform the following steps:

    1. Understand the entity’s trade receivables and the related business processes: The auditor should obtain an understanding of the entity’s trade receivables, including the nature, timing, and amount of the receivables, and the related business processes, such as the sales and billing processes.
    2. Assess the risks of material misstatement in the trade receivables: The auditor should assess the risks of material misstatement in the trade receivables, taking into account the entity’s industry, the economic environment, the credit quality of the entity’s customers, and the entity’s internal controls.
    3. Develop an audit plan and audit procedures for the trade receivables: Based on the understanding of the trade receivables and the risks of material misstatement, the auditor should develop an audit plan and audit procedures for the trade receivables, including the nature, timing, and extent of the audit procedures.
    4. Test the trade receivables and evaluate the results: The auditor should test the trade receivables and evaluate the results, using appropriate audit procedures, such as confirmation, observation, inspection, and recalculation. The auditor should also evaluate the entity’s accounting policies and estimates related to the trade receivables, such as the allowance for doubtful accounts.
    5. Conclude on the trade receivables and communicate the findings: Based on the audit evidence obtained, the auditor should conclude on the trade receivables and communicate the findings to the entity’s management and the audit committee. The auditor should also evaluate the entity’s disclosure of the trade receivables in the financial statements.

  • Sampling in audits

    In auditing, sampling is the process of selecting a subset of items or transactions from a population for the purpose of testing and evaluating the population. Sampling is used in auditing to provide the auditor with sufficient appropriate audit evidence to support the audit opinion, while avoiding the need to test and evaluate the entire population.

    There are two types of sampling methods used in auditing: statistical sampling and non-statistical sampling. Statistical sampling involves the use of mathematical techniques and probabilities to determine the sample size and the selection of items in the sample. Non-statistical sampling involves the use of the auditor’s professional judgment to determine the sample size and the selection of items in the sample.

    In statistical sampling, the sample size and the selection of items in the sample are determined based on the auditor’s desired level of precision and the expected population characteristics, such as the expected mean and the expected standard deviation. The auditor uses statistical formulas and tables to determine the sample size and the selection of items in the sample, and to evaluate the results of the sample.

    In non-statistical sampling, the sample size and the selection of items in the sample are determined based on the auditor’s professional judgment and experience, taking into account the nature of the population, the auditor’s assessment of the risks of material misstatement, and the auditor’s overall audit strategy. The auditor uses the sample to evaluate the population, and may use statistical techniques to evaluate the results of the sample.

    Overall, sampling is an important concept in auditing, as it allows the auditor to obtain sufficient appropriate audit evidence to support the audit opinion, while avoiding the need to test and evaluate the entire population. The use of sampling in auditing requires the auditor to have a deep understanding of statistical techniques and probabilities, as well as the ability to use professional judgment and experience to determine the sample size and the selection of items in the sample.

    Impact on audit work

    For a small population it may be difficult to use statistical sampling, so we would normally use our judgement to pick the sample size and items, mainly picking risky/large items as well as a few other small items to ensure we cover a cross section of the population.

    For a large population we would normally use the sample calculator to calculate the sample size, after selecting large and risky items. The results of the sample test can then be projected to the population.

  • Trivial errors

    In auditing, the concept of trivial refers to an item or matter that is insignificant or immaterial, and therefore does not require further attention or audit procedures.

    An item or matter is considered trivial if it is small in relation to the overall size and nature of the financial statements, and if it does not have a significant impact on the financial statements. An item or matter is considered trivial if it is not material, and if it is not indicative of a potential material misstatement or error in the financial statements.

    The determination of triviality is based on the auditor’s professional judgment, and takes into account the auditor’s assessment of the risks of material misstatement and the auditor’s tolerance for misstatements in the financial statements. The determination of triviality should be made on a case-by-case basis, and should be documented in the audit working papers.

    For example, if an auditor is reviewing the accounts payable balance for an entity, and the auditor determines that a small account payable balance of $50 is not material and does not have a significant impact on the financial statements, the auditor may consider the account payable balance to be trivial and may not perform further audit procedures on the account.

    Overall, the concept of triviality is an important concept in auditing, as it allows the auditor to focus on items or matters that are significant or material, and to avoid spending unnecessary time and resources on immaterial items or matters. The determination of triviality should be based on the auditor’s professional judgment, and should be documented in the audit working papers.

  • Audit assertions under the ISAs

    Audit assertions are the statements made by the management of an entity about the financial statements, and are the basis for the auditor’s audit procedures and conclusions. The International Standards on Auditing (ISAs) specify certain audit assertions that the auditor should consider when planning and performing the audit, in order to obtain sufficient appropriate audit evidence.

    The ISAs specify three types of audit assertions: presentation and disclosure assertions, transaction and event assertions, and assertion about account balances.

    Presentation and disclosure assertions relate to the overall presentation and disclosure of the financial statements, and include assertions such as the completeness of the financial statements, the classification of transactions and events, and the accuracy and completeness of the disclosures.

    Transaction and event assertions relate to the recognition, measurement, and presentation of transactions and events, and include assertions such as the accuracy and completeness of the transactions, the existence and occurrence of the transactions, and the rights and obligations of the entity arising from the transactions.

    Assertions about account balances relate to the accuracy and completeness of the account balances in the financial statements, and include assertions such as the accuracy and completeness of the account balances, the valuation and allocation of assets and liabilities, and the presentation and disclosure of the account balances.

    The auditor should consider the relevant audit assertions when planning and performing the audit, in order to obtain sufficient appropriate audit evidence to support the audit opinion. The audit assertions should be discussed with the management of the entity, and any significant assumptions and estimates used by the management should be assessed by the auditor.