In brief: A financial audit is an independent examination of a company’s financial statements, performed by a chartered accountant or a statutory auditor, to certify that the accounts are accurate, complete, and give a true and fair view. In Morocco, this engagement follows the ISA standards adopted by the OEC.
What is a financial audit?
The term “financial audit” generally refers to an audit of financial statements.
A financial audit is an examination of an organization’s financial statements to ensure that the accounts give a true and fair view of its financial position.
An audit provides assurance that the financial statements (the accounts) give a fair and accurate representation of the transactions they claim to represent.
A financial audit may be performed by:
- First, internal teams within an organization (known as an internal audit);
- Second, an external firm, which is a chartered accounting firm (known as an external audit).
The audit results in an audit report giving an opinion on the financial statements, which are:
- Balance sheet
- Income statement
- Cash flow statement
- Notes to the financial statements
In the case of a statutory audit, the statutory auditor also prepares a special report on regulated agreements.
—
Statutory Audit and Contractual Audit
A financial audit may be mandatory under the law. It may also be carried out as a management decision.
In Morocco, all public limited companies (SA) are required to appoint a statutory auditor. Furthermore, other forms of companies (LLCs, civil companies, general partnerships, etc.) must appoint a statutory auditor if their turnover exceeds 50 million dirhams.
Moreover, even in the absence of a legal obligation, companies may appoint an auditor for management purposes.
Thus, two types of audit can be distinguished (by motivation):
- First, the statutory audit. A statutory audit is one that the law makes mandatory. This is known as a statutory audit engagement;
- Second, the contractual audit. A contractual audit is not mandatory. A company generally commissions an audit to determine whether the accounts are accurate and fair.
In both cases, an audit aims to ensure that the accounts are accurate, fair, and in all material respects give a true and fair view of the financial position in accordance with applicable accounting standards. In Morocco, a statutory auditor certifies that the accounts are prepared in accordance with the CGNC standards.
Even in the absence of legal obligations, most companies commission contractual audit engagements.
For example, lenders often require the results of an external audit each year as part of their debt covenants.
For some companies, this engagement fulfills a requirement for sound management on the part of management (or shareholders).
Internal Financial Audit / External Financial Audit
The biggest difference between an internal and external audit is the concept of the external auditor’s independence.
When an external firm performs the audit, the opinion expressed is presumed to be frank and honest, as it is not affected by daily working relationships within the company.
External Audits
An external audit is an engagement performed by an external firm. This engagement is the legal monopoly of chartered accountants in Morocco. The audit is conducted in compliance with the audit standards of the Institute of Chartered Accountants.
In an external audit engagement, the financial auditors seek to identify whether the financial statements contain material misstatements.
At the end of the engagement, the firm issues a report with an opinion on the accounts.
There are three types of audit opinions (according to applicable standards):
- First, an unqualified opinion: in this case, the auditor gives users of the financial statements assurance that they are both accurate and complete.
- Second, a qualified opinion: in this case, the auditor states that the accounts are accurate except for a clearly identified area mentioned in the report;
- Third, a disclaimer of opinion: in this case, the auditor states that they cannot certify the accounts as accurate and explains the reason for such an opinion.
External audits therefore enable stakeholders to make better, more informed decisions about the audited company.
External auditors follow a set of standards different from those of the company or organization that engaged them to perform the work.
The external auditor submits the report to the general meeting (the company’s shareholders).
Internal Audits
This is an audit generally performed by company employees. This audit results in an internal audit report. Generally, a company’s management uses the results of an internal audit to make:
- First, management changes.
- Second, improvements to internal controls.
Sometimes, the company may engage external consultants to perform such an audit. However, they do not express an opinion on the accounts. Their engagement is carried out under the supervision of the company’s management.
The purpose of an internal audit is:
- First, to ensure compliance with laws and regulations;
- Second, to help maintain accurate and timely financial reporting and data collection.
An internal audit also provides an advantage to management by helping identify weaknesses in:
- First, internal controls;
- Second, financial reports before they are reviewed by external auditors.
—
How Does a Financial Audit Engagement Proceed?
A financial audit engagement must be conducted in compliance with applicable standards. In Morocco, the audit standard is the one set out in the Manuel des normes published by the OEC. These standards comply with the international ISA standards.
The stages of an audit engagement are as follows:
- Phase 1: Acceptance of the engagement — preliminary procedures and risk assessment
- Phase 2: Planning and strategy — understanding the entity and materiality threshold
- Phase 3: Internal control review — evaluation of procedures and testing
- Phase 4: Review of accounts — substantive testing and audit evidence
- Phase 5: Summary and report — audit opinion and communication to shareholders
Financial Audit: Engagement Acceptance
Audit standards require the auditor to perform due diligence before accepting an engagement. Due to:
- The responsibilities attached to the work
- The risks that certain engagements may pose.
A financial auditor must pay particular attention to the criteria for:
- First, selecting new engagements;
- Second, maintaining existing engagements.
When accepting a financial audit engagement, an auditor must assess the level of professional risk involved. The auditor must decline engagements in the following cases:
- First, when their independence is compromised;
- Second, when professional risk is heightened;
- Third, when they believe the company will limit their procedures;
- Fourth, when fees are insufficient to properly carry out the engagement (according to applicable standards);
The external financial auditor (or statutory auditor) must periodically review their situation regarding the continuation of the audit engagement.
Financial Audit: Engagement Planning
Work standards for financial audits require an initial planning phase.
This planning phase enables:
First, the preliminary orientation of work. This phase includes gaining knowledge of the company. Indeed, this phase allows:
- First, risk identification;
- Second, planning work to cover those risks;
- Third, setting a materiality threshold;
- Fourth, determining the nature and extent of controls;
- Finally, organizing the execution of the engagement to achieve the certification objective.
Internal Control Review
Based on the guidance provided by the general work program or engagement plan, the financial auditor conducts a study and evaluation of the internal control systems.
A financial audit necessarily involves:
- First, identifying significant controls that reduce audit risk;
- Second, evaluating whether the design of these controls complies with applicable standards;
- Third, performing tests to ensure these controls are implemented and functioning properly.
As part of the internal control evaluation, the auditor conducts:
- Interviews to gain knowledge of existing processes;
- Tests to validate the proper functioning of these processes.
When the auditor identifies the absence of sufficient controls or controls that are not functioning properly, procedures must be adapted to identify the potential impact on the financial statements.
Account Verification and Financial Audit File
The financial auditor (statutory auditor) must obtain sufficient appropriate evidence during the engagement.
Audit evidence is proof that an account is accurate and fair.
The procedures the auditor must perform are varied. They include, in particular:
- First, examination of documents (contracts, orders, invoices, etc.);
- Second, reasonableness tests (analytical review, calculations, logical reasoning, etc.);
- Third, physical observation (for example, during physical inventory);
- Fourth, direct confirmation,
The auditor must indicate in the file:
- First, the reasons for the choices made;
- Second, evidence that the necessary tests were performed to support the opinion.
The auditor has an obligation of means. Therefore, the auditor must prove that all necessary means were employed to support the opinion.
The auditor must maintain a working file in order to:
- First, document the controls performed
- Second, support the conclusions of the financial audit.
These files also help to better organize and manage the engagement and provide proof of the procedures carried out.
Summary and Financial Audit Report
At the end of the engagement, the auditor prepares an audit report.
The report must be prepared in accordance with professional standards. The report must reflect the conclusions drawn from the working file.
In the report, the auditor must explain, according to the applicable template:
- First, the scope of the engagement,
- Second, any qualifications,
- Third, the opinion on the financial statements
- Fourth, any observations that, while significant enough to be brought to the reader’s attention, are not of a nature to call into question the statutory auditor’s opinion,
- Finally, comments on the specific verifications and disclosures required by applicable laws.
The auditor appends to the general report the financial statements prepared by the company. The audit report is addressed to the shareholders.
Statutory Financial Audit - Specific Verifications
In the case of a statutory audit engagement, the statutory auditor performs several specific verifications, including:
- First, review of regulated agreements;
- Second, assessment of equality among shareholders;
- Third, review of the management report;
- Fourth, review of equity investments and subsidiaries
Need a financial audit for your company in Morocco? Contact Upsilon Consulting to discuss your engagement with a chartered accountant.
Frequently Asked Questions
What is the difference between an internal audit and an external audit in Morocco?
An internal audit is conducted by the company’s own team to evaluate and improve internal controls and risk management processes. An external audit is performed by an independent auditor to express an opinion on the financial statements. Both types are important in Morocco’s corporate governance framework.
How often must a financial audit be conducted in Morocco?
Companies required to appoint a statutory auditor must undergo an annual financial audit covering each fiscal year. The auditor’s mandate typically lasts three fiscal years and is renewable. Companies not legally required to have an auditor may still choose to conduct voluntary audits for governance or financing purposes.
What should a company prepare before a financial audit in Morocco?
Before an audit, a company should ensure its accounting records are complete and up to date, prepare all supporting documents such as invoices and bank statements, reconcile key accounts, and resolve any known discrepancies. Proper preparation reduces audit duration and costs significantly.
Statutory Auditor in Morocco: Role and Responsibilities
—
Preliminary Due Diligence Before Accepting a Financial Audit Engagement in Morocco
Before accepting an audit engagement, the statutory auditor or independent auditor must carry out several essential due diligence procedures:
- Verification of the absence of incompatibilities: it is imperative to ensure that no situation provided for by law creates incompatibilities with carrying out the audit engagement. These incompatibilities are established to guarantee the auditor’s independence.
- Declining an engagement in the event of heightened professional risk: The auditor must decline an engagement if the professional risk is deemed too high, such as in cases of strong suspicion of fraud or money laundering.
Legal Incompatibilities
The Public Limited Company Act defines incompatibility situations that also apply to other forms of companies, aimed at ensuring the auditor’s independence. These incompatibilities include family relationships up to the second degree with founders, directors, or beneficiaries of special advantages, as well as situations where the auditor receives a salary or remuneration from these persons for an activity other than statutory auditing.
Other Incompatibilities and Irrebuttable Presumptions of Dependence
The auditor must also assess any situation likely to impair their independence, including family or personal ties with the company’s directors or executives. The auditor is also responsible for the independence of their staff. Situations such as a single client accounting for a significant portion of revenue or advantages received from the client may compromise the auditor’s independence.
Accepting an Audit Engagement: Steps to Follow
The auditor must follow a structured approach before accepting an audit mandate, including:
- Gaining an overall understanding of the company.
- Assessing independence and the absence of incompatibilities.
- Reviewing available competencies.
- Contacting the previous statutory auditor, if necessary.
- Making the final decision to accept the mandate.
The auditor looks for preliminary indicators of potential significant professional risks, such as notable weaknesses in internal control, poorly maintained accounts, conflicts between directors and/or shareholders, or going concern issues.
—
Planning a Financial Audit Engagement in Morocco
Planning a financial audit engagement is an essential preliminary phase in the audit process in Morocco, in accordance with the Audit Standards Manual. This stage includes several key requirements:
- Planning and scheduling audit work: the statutory auditor or contractual auditor must develop a detailed audit plan defining the volume of work, deadlines, and completion period for each stage of the engagement.
- Delegating work to qualified staff: part of the audit work may be delegated to competent staff under the responsibility of the lead auditor.
- Supervising audit work: supervision by the signing partner is essential to ensure that audit work complies with the standards and objectives set.
- Documentation and quality control: it is necessary to document all work performed and to carry out post-engagement quality control to ensure the rigor and relevance of the results obtained.
Before Planning an Audit Engagement
Before beginning the planning process, the auditor must gain an overall understanding of the company to identify significant risks that may impact the accounts. This initial knowledge is crucial for directing the engagement and understanding significant systems.
Key Stages of Audit Planning
The key stages of planning an audit engagement include:
- Gaining a general understanding of the company.
- Determining significant risks and the materiality threshold.
- Identifying risk areas.
- Reviewing internal control procedures and evaluating them.
- Reviewing the accounts.
- Summary, meetings, and preparation of audit reports.
The auditor, based on professional judgment, determines the volume and nature of work required at each stage.
Assessment of Fraud or Error Risks
During planning, the auditor assesses the risk that fraud or errors may lead to material misstatements in the financial statements. It is also crucial to inquire of management about any previously detected significant fraud or error.
—
Financial Audit in Morocco: Internal Control
The evaluation of internal control is a vital aspect of a financial audit engagement in Morocco. The audit standards manual stipulates that the auditor must:
- Verify that the company has established controls to minimize the risk of errors or fraud.
- Assess the relevance and effectiveness of these controls.
This evaluation is carried out according to the guidelines established during the audit planning phase. The statutory auditor studies and evaluates systems deemed significant to identify the internal controls to rely upon and the risks of errors in data processing. This approach makes it possible to define an appropriate account verification program.
What is Internal Control?
Internal control encompasses the measures that management implements and monitors to reduce the risk of material misstatements. Management aims to protect the company’s assets and ensure the reliability of accounting records and financial statements. To this end, it implements internal procedures such as approval workflows, segregation of duties, and inventories.
Role of Internal Audit in an External Audit Engagement
The auditor examines data processing procedures and internal controls, then verifies their effective operation. The auditor also evaluates the design of control procedures to ensure their relevance. This evaluation is done by gaining knowledge of the system, verifying procedures, and assessing error risks.
Subsequent Internal Control Reviews
For subsequent periods, the auditor updates the system description and reassesses controls. Compliance tests are performed to ensure the continuity of controls.
Testing Internal Control Procedures
The auditor performs extensive tests on internal controls to ensure their continuous operation and effectiveness. These tests help determine whether the controls are reliable and whether they can reduce substantive testing on the accounts.
Evaluating Internal Control in Small Businesses
Even in small businesses, the auditor must evaluate internal control to understand how transactions are processed and to identify error risks.
Conclusion of Internal Control Work
The statutory auditor communicates observations on internal control to management. If serious deficiencies are discovered, the auditor may disclaim or qualify the opinion.
—
Financial Audit in Morocco: Account Verification
The review of accounts is a crucial stage in the statutory auditor’s engagement, aimed at verifying that the accounts give a true and fair view of the company’s financial position. This task, central to the audit, is performed in conjunction with other key stages such as audit planning and internal control review. Together, they form the basis of the audit opinion.
The objective of this engagement is to collect sufficient appropriate evidence to ensure the accuracy and fairness of the accounts and their consistency with the company’s actual financial position. This involves a thorough review of the trial balance items to verify their compliance with applicable accounting standards.
Tools Available to the Auditor
To carry out the engagement, the statutory auditor uses various verification techniques. These include document checks and reasonableness tests, physical observation, direct confirmation, and analytical review. The auditor must justify in the file the choice of these techniques, their implementation, and the extent of their application.
In practice, the auditor cannot examine all supporting documents and accounting entries. The auditor therefore selects a representative sample for verification, based either on professional judgment or statistical sampling.
Specific Account Review Techniques
The statutory auditor has several specific techniques available to achieve audit objectives:
- Physical inspection and observation of assets and procedures.
- Direct confirmation with third parties for information on commercial or financial relationships.
- Examination of supporting documents received by the company.
- Examination of documents produced by the company.
- Arithmetic checks.
- Analyses, estimates, reconciliations, and cross-checking of information.
- Analytical review, including comparison of financial data and analysis of fluctuations and trends.
These techniques, detailed in the standards manual, are essential for providing reasonable assurance on the integrity and reliability of the company’s accounts.
—
Financial Audit Opinion in Morocco
The purpose of a financial audit engagement is to formulate an audit opinion on an organization’s financial statements. To do this, the auditor verifies that the accounts are fair and accurate, and that the financial statements faithfully reflect the company’s assets, results, and financial flows. The audit opinion confirms the compliance of the accounts with a specific accounting framework, such as the CGNC and the Moroccan chart of accounts. The auditor’s responsibility is to ensure that the work performed is sufficient to support the audit opinion.
Nature of the Financial Audit Opinion
The objective of the audit is to enable the auditor to express an opinion on the compliance of the financial statements with an identified accounting framework. The auditor must thus ensure that the financial statements present a true and fair view of the company’s financial position. However, this assurance is high but not absolute, due to the inherent limitations of auditing, such as the use of sampling and professional judgment.
Financial Audit Opinion: The Different Options
At the conclusion of the work, the auditor may express different forms of opinion in the report:
- Unqualified opinion: when the auditor considers that the financial statements give a true and fair view.
- Qualified opinion: in the event of a disagreement on an accounting point or limitation of the scope of audit work.
- Disclaimer of opinion: when there are significant errors or irregularities or when the auditor was unable to perform the necessary procedures.
Preparation for Accepting an Audit Engagement
Before accepting an audit engagement, the auditor must:
- Ensure the absence of legal incompatibilities and situations that could impair independence.
- Assess professional risks and ensure the ability to properly carry out the engagement, particularly by gaining knowledge of the company and assessing independence.
These steps are crucial for the auditor to provide a reliable and credible audit opinion, thereby strengthening confidence in the organization’s financial statements.
