by John McCarthy Consulting Ltd. | Apr 18, 2025 | Blog, News
This is the first in a series of three blogs looking at the new AML legislation expected across Europe by 2027.
As reported in Accountancy Europe the new EU Anti-Money Laundering Regulation (AMLR) is a major milestone in the fight against money laundering (ML) and terrorist financing (TF).
The AMLR will substantially impact accountants’, auditors’ and tax advisors’ – and all other so-called obliged entities – daily operations and compliance obligations in the areas of customer due diligence, beneficial ownership transparency, compliance with targeted financial sanctions, suspicious activity reporting, and record retention.
Impact and scope
The AMLR marks a shift from directives (which gave member states choices in implementation methods) to direct application, meaning consistent enforcement across the EU. It affects a broad range of ‘obliged entities’ in financial and non-financial sectors including accountants, auditors, and tax advisors.
The legislation came into effect on 9 July 2024 and will apply from 10 July 2027. This gives professionals time to review and update their existing policies and practices to meet the new requirements. Given the AML rules’ volume and extent of detail, early preparation is crucial for practitioners to assess and plan for the changes ahead.
Accountancy Europe has produced a factsheet that summarises the key provisions of the AMLR and highlights their implications for accountants, auditors, and tax advisors.
For audit cold file reviews and tailored training sessions explaining more about various topics like AML, Audit, FRS 102, please send a mail to john@jmcc.ie.
For more on engagement and representation letter templates and a variety of CPD webinars on money laundering and other accounting/audit related topics, please go to our website for:
ISQM TOOLKIT, or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard. We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. Please contact John McCarthy FCA by email at john@jmcc.ie.
by John McCarthy Consulting Ltd. | Apr 18, 2025 | Blog, News
In case you haven’t already heard designated persons (that includes accountants in practice) have a new regulator called the ‘Authority for Anti-Money Laundering and Countering the Financing of Terrorism’. Originally created in June 2024, the Board held its first meeting in March 2025 and the chair is Bruna Szego.
The aim of this new authority is to coordinate national AML authorities around Europe to ensure the correct and consistent application of AML rules in each jurisdiction.
AMLA will also supervise supervisory bodies in Europe including the Institute and enhance cooperation among police financial intelligence units (FIUs).
Ms Szego will be at the RDS in Dublin in May to give the Keynote Address at the European Anti-Financial Crime Summit 2025.
It’s expected that AMLA will be fully operational by 1 January 2028 with a staff complement of 430.
For audit cold file reviews and tailored training sessions explaining more about various topics like AML, Audit, FRS 102, please send a mail to john@jmcc.ie.
For more on engagement and representation letter templates and a variety of CPD webinars on money laundering and other accounting/audit related topics, please go to our website for:
ISQM TOOLKIT, or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard. We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. Please contact John McCarthy FCA by email at john@jmcc.ie.
by John McCarthy Consulting Ltd. | Apr 3, 2025 | Blog, News
If you have corporate clients in the UK, you may wish to register with Companies House as an Authorised Corporate Service Provider (ACSP). This is a new requirement driven by the rise in money laundering and fraud using corporate structures. ACSPs are also known as Companies House Authorised Agents.
The ACSP initiative is being rolled out in stages. Stage 1 commenced on 8 April 2025, when the service allowed authorised agents, such as accountants, to verify clients’ identities for Companies House purposes. Records of the identity checks need to be retained by the agents for 7 years.
File as an Authorised Agent
The next stage will commence in Spring 2026, when authorised agents will be able to file on behalf of clients.
An authorised agent can be a business (for example, a limited company or partnership), or a person who files on behalf of others (a sole trader).
To register, agents must be supervised by a UK Anti-Money Laundering (AML) supervisory body such as Chartered Accountants Ireland. In the future, all businesses that file information on behalf of clients will need to register as an ACSP.
For more information and to start the registration process follow this link.
For audit cold file reviews and tailored training sessions explaining more about various topics like AML, Audit, FRS 102, please send a mail to john@jmcc.ie.
For more on engagement and representation letter templates and a variety of CPD webinars on money laundering and other accounting/audit related topics, please go to our website for:
ISQM TOOLKIT, or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard. We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. Please contact John McCarthy FCA by email at john@jmcc.ie.
by John McCarthy Consulting Ltd. | Mar 4, 2025 | Blog, News
Often the topic of fraud is addressed poorly on audit files.
Frequently audit files include a simple statement that ‘risk is low’ (because the Directors say there has not been any fraud) and there is no knowledge of any fraud in the past year. Audit teams need to take a more professional and appropriately sceptical approach by justifying in writing how this low risk assessment has been arrived at. The file must show how the risks were discussed and the results of those discussions:
- with the client and
- within the audit team – (known as the ‘engagement team discussion’ or ‘brainstorming session’).
Consideration must be given to specific areas susceptible to fraud through theft such as:
- cash based businesses,
- high value stocks,
- fake suppliers (posing as real creditors) who allege they have just recently changed their banking details; and
- fixed assets etc.
Another good question to ask is what security measures are in place over tangible assets and are all tangible assets adequately insured? Sometimes a comparison between the fixed assets register and the list of insured items could throw up some interesting anomalies.
I often recommend to clients that they read the ISAs and the one on fraud (ISA (Ireland) 240) makes very interesting reading, especially the Appendices which have the titles:
- Appendix 1 – Examples of fraud risk factors.
- Appendix 2 – Examples of possible audit procedures to address the assessed risks of material misstatement due to fraud.
- Appendix 3 – Examples of circumstances that indicate the possibility of fraud.
In terms of fraudulent reporting, the audit file needs to show how the auditor has considered what risk management policies and procedures management has in place to mitigate the fraud threat. Also carefully document the result of the risk assessment and assess whether it has nay impact on the audit work and/or on the audit opinion.
Fraud risk can change from one year to the next and therefore should be reassessed on an annual basis. Opening balances, especially in relation to matters like fixed assets are often ignored. The excuse being ‘we audited them last year or in a prior year’. What if those assets are destroyed, sold or not in use and potentially impaired?
Identification of revenue recognition and management override risks (ISA (Ireland) 240)
Following on from fraud risk, ISA 240 assumes that there are at least two significant risks present on practically all audit assignments:
- those arising from revenue recognition criteria and
- management override of controls.
While most firms are adequately highlighting revenue recognition as a significant risk, there continues to be no clear statement of the specific audit procedures planned to address this. There is often no sufficient record of the client’s revenue recognition criteria and the accounting policy for revenue recognition contained in the financial statements is often poorly phrased or not appropriately worded.
For example, an accounting policy for an apartment management company stating that ‘turnover represents goods sold net of VAT’!! The accounting policy for revenue recognition/turnover/income is often the most significant accounting policy of them all and auditors need to pay more attention to this topic.
Management override is a risk area that a lot of firms often overlook, concluding that the risk is low due to strong internal controls or because the management is ‘honest’. Where there is potential for management override of controls, this must be identified as a significant risk and appropriate audit procedures performed. This is likely to be the case for most owner-managed SME businesses.
ISA 240 gives details of three areas which need to be tested when considering the risks associated with management override of controls. These are:
- the appropriateness of journals;
- accounting estimates, the appropriateness of which needs to be challenged; and
- gaining an understanding of significant transactions which appear to be outside the normal course of business.
More often than not, some or all of the above procedures will have been performed during the course of the fieldwork, but these need to be properly documented and clearly linked back to management override risk.
It’s important to note that with the advent of ISA (Ireland) 315 (Identifying and Assessing the Risks of Material Misstatement) for accounting periods commencing on/after 15 December 2021 that control risk is measured more appropriately on a 5-point scale as follows:
- Very Low
- Low
- Medium
- High
- Very High
The assessment of control risk is extremely important as it is designed to help identify areas where there may be a risk of misstatement due to:
The results of this assessment will influence the choice of sample sizes and better focus on the tailoring of the audit programme. A common feature of files that fail inspection reviews is the lack of appropriate tailoring, especially for fraud risk. The results of substantive tests cannot therefore be used as the scope and extent of those tests cannot be determined until the risk assessment process is complete. It’s like putting the cart before the horse.
It is important to remember that where a risk is deemed ‘significant’, audit procedures must include an appropriate element of substantive testing.
We will look at more audit file weaknesses next week.
For more on engagement and representation letter templates and a variety of CPD webinars on money laundering and other accounting/audit related topics, please go to our website for:
ISQM TOOLKIT, or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard. We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. Please contact John McCarthy FCA by email at john@jmcc.ie.
by John McCarthy Consulting Ltd. | Oct 14, 2023 | Blog, News
Continuing from last week’s blog we are looking at the guidance issued in ISA 240 ‘The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements’
I
Continuing the items to be documented by the audit engagement team in their discussion of how fraud might be perpetrated in the audit client. That discussion needs to be structured around these headline items (continued from last week):
- Whether there are economic, industry and operating conditions that give rise to fraud risk factors for particular classes of transactions, account balances and disclosures. (Examples of economic, industry and operating conditions that may give rise to fraud risk factors are included in the examples of incentives/pressures and opportunities in Appendix 1.)
- A consideration of any material frauds of which team members have experience in companies in the same industry and whether there are similar risks – see our blog of 3 October about the Protected Disclosures
- A consideration of management’s involvement in overseeing employees with access to cash or other assets susceptible to misappropriation.
- A consideration of any unusual or unexplained changes in behavior or lifestyle of management or employees which have come to the attention of the engagement
- An emphasis on the importance of maintaining a proper state of mind throughout the audit regarding the potential for material misstatement due to fraud.
- A consideration of the types of circumstances that, if encountered, might indicate the possibility of fraud.
- A consideration of how an element of unpredictability will be incorporated into the nature, timing and extent of the audit procedures to be performed.
- A consideration of the audit procedures that might be selected to respond to the susceptibility of the entity’s financial statement to material misstatement due to fraud and whether certain types of audit procedures are more effective than
- A consideration of any allegations of fraud that have come to the auditor’s
- A consideration of the risk of management override of controls.
- A consideration of the extent of segregation of duties and whether and how that may be overridden.
- A consideration of how those charged with governance and management promote a culture of honesty and integrity; what policies they have to facilitate and encourage reporting of wrongdoing (see the Protected Disclosures regime mentioned above); and how they respond to any such reports.
- A consideration of audit team experience, or other knowledge, of the competencies and attitudes of employees in areas where there are risks of material misstatement.
- Circumstances where it may be beneficial to have further discussion(s) among the engagement team at later stages in the audit may include, for example, when the auditor’s evaluation of audit evidence has provided further insight about the risks of material misstatement due to fraud (see more in ISA 240 paragraph A50) or members of the audit team have identified:
- Fraud risk factors that were not covered in the original discussion.
- Actual or suspected fraud.
Further guidance on these topics is given in Application paragraphs A12 and A12-1 in the standard.
IT Controls Assessment
Auditors are reminded that there are relatively significant changes in the requirements of ISA 315 Identifying and Assessing the Risks of Material Misstatement for accounting periods commencing 15 December 2021, which in practical terms means, accounting periods Ended 31 December 2022 and later.
Auditors dealing with the audits of entities with such accounting periods affected by these change will need, to adopt new audit programmes and, in additional to the normal audit tests, to also assess the entity’s IT controls (no matter what the size of that entity).
This is a significant new development for auditors of SMEs, in particular, and will be a game changer ion the type of audit documentation and evidence of assessment of such IT controls by the auditor on audit files.
For an easy to implement additional (two page) IT Controls Questionnaire to help document the above process, please click on this link to download immediately for only €60 + VAT.
Please also go to our website to see our:
- Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
- AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
- letters of engagement and similar templates. Please visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
- ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.
We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. The ISQM TOOLKIT 2022 is available to purchase here.
