Advanced Auditing Module Guide

ADVANCED AUDITING (ACC 410) MODULE GUIDE
ADVANCED AUDITING MODULE
GUIDE
ACC 410
MODULE OUTLINE (ACC 410) ADVANCED AUDITING
Objective of the module

At the end of this module, students are expected to answer questions on the audit process on an
application of knowledge basis. Students will be expected to apply their theoretical knowledge to
given scenarios.
Pre –requisites
Students who take on this module should have passed the following modules:
• ACC 214 – INTRODUCTION TO PERFORMING THE AUDIT PROCESS

• ACC 218
Course assessment
Course work (Written) 30%
Examination 70%
Total 100%
COMPILED BY MAJORY TINOTENDA NYAZEMA Page 1

Module Content
1. Pre – engagement activities

• Client Investigation
• Determination of skills
• Engagement terms (ISA 210)
2. Planning for an audit (isa 300, 315, 330)

• Identifying and assessing risks (risk at financial statement level, risk at assertion level)
• Risk Vs Materiality
• Responses to assessed risks
• Understanding the entity and its environment
3. Obtaining audit evidence (ISA 500)

• Test of controls
• Analytical reviews (ISA 520)
• Substantive audit procedures
• Using the work of an expert (ISA 620)
• Use of the work of Internal Auditors (ISA 610)
• Audit sampling (ISA 530)
4. Concluding an audit and audit reports

• Subsequent events (ISA 560)
• Related parties (ISA 550)
• Evaluation of misstatements identified during the audit (ISA 450)
• Going concern (ISA 570)
• Forming an opinion and types of audit reports (ISA 700)
• Modifications to the audit opinion (ISA 705)
• Emphasis of matter (ISA 706)
5. Other engagements
• Review engagements (ISRE 2400)

• Agreed upon procedures (ISRS 4400)
6. Corporate governance (king iii)

• Board of Directors
• Audit committees
• Internal audit
7. Companies act (chapter 24:03)

• Directors (Section 169 to 189)
• Auditors
• Accounts and audit (Section 140 to 155)
8. Public accountants and auditors act (chapter 27:12)

• Administration of Public Accountants
• Registration, practice and offences
• Powers and duties of Auditors
• Code of professional conduct and disciplinary rules
Recommended texts
1. Auditing Notes for South African Students, Jackson, R.D.C. & Stent W.J., 2018
2. Advanced Case Studies in External Auditing & Corporate Governance, Prinsloo, F.E.,2018
3. IAASB Handbook – Volume 1 & 2, 2013/14
4. Applied Questions on Auditing, Marx, Van der Watt, Sadler, Van Staden, 6th Edition
5 Dynamic Auditing, Marx B

CHAPTER 1
RECAP
1.0 Introduction
The role of external audit is often explained in relation to the economic model of agency theory.
Appoint independent
Auditor
Adds credibility
Financial Statements
Measure
Prepare
performance
Appoint
Shareholders Directors
Own Company
Manage
1.2 Definition of auditing
Auditing is the independent examination of and expression of an opinion on the financial

statements of an entity by a jury appointed auditor in pursuit of that appointment.
The words independent and opinion in this definition are of prime importance.
Independent is essential and underlies the value of auditing. There are no certainties and there are
no certifications of correctness or accuracies.

Opinion really means that another auditor could look at his set of financial statements and disagree
with the opinion of another auditor
Alternatively, an audit can also be described as:

1) a process by which an independent, qualified third party expresses an opinion as to whether
a set of financial statements of a company represents a true and fair view of its financial
affairs for an accounting period(s).
The determination of fair presentation relates to the financial statements taken as a whole. Fair is
based on the following financial information;
- Information on the financial position – Statement of financial Position
- Information on performance – Statement of comprehensive income and statement of
changes in equity
- Information on changes in the financial position- Statement of changes in Cashflows
2) a systematic process of objectively obtaining and evaluating evidence regarding assertions

about economic actions and events to ascertain the degree of correspondence between
assertions and established criteria and then communicating the results to interested users.
A closer look at the second definition reviews several ideas that are important to any type of
auditing engagement.
Systematic process: it is a logical and purposeful process based on a disciplined and structured
approach to reaching final decisions. It has a logical starting point, proceeds along established
guidelines and has a logical conclusion. It is not haphazard, unplanned or unstructured
Obtaining and evaluating evidence: evidence consists of all types of influences that ultimately
guides auditors decisions and relates to assertions made by management about economic actions
and events (that the revenue recorded on the income statement really occurred, that assets on the
balance sheet actually exists, that the liabilities recorded are complete e.t.c.) as well as assertions
that the financial statement disclosures are fairly presented.

The purpose of collecting and evaluating evidence is to ascertain the degree of correspondence
between assertions made by the information provider and the established criteria i.e. the applicable
financial reporting framework. The auditors will ultimately communicate their findings to
interested parties
1.3 Why the need for audit services

There is always a need for investors to invest money in the business entities. To make it attractive
for individuals to invest in businesses, the general public need to feel assured that the financial
statements supplied by business entities contain reliable financial information. It is an auditor who
provides the required assurance.
The purpose of an audit is to enhance the degree of confidence that intended users can place in the
financial statements. This is achieved by the expression of an opinion by the auditor on whether
the financial statements are prepared in all material respects in accordance with an applicable
financial reporting framework. In short the purpose of assurance services is to:
• increase the confidence
• reduce the risk to the user of those services.
1.4 Nature of audit work

An auditor can be given an engagement for auditing services either in terms of statutory
requirements or on a voluntary basis.
Statutory audits are audits required in terms of an act, such as the Companies act Chapter 24:03.
The statutory duties and responsibilities are spelled out in the act.
Non–statutory(Voluntary) audits on the other hand are requested by clients but are not obligatory
in terms of the relevant legislation.

1.5 Framework for auditing and related services

As you proceed with your studies, you will find that auditors perform different tasks. There are
two main categories of engagements; audit engagements and related services engagements which
include review, attestation and assurance engagements
1.5.1 Review Engagement

Beginning in the 1970s, financial statement users requested that CPAs provide some of the benefits
of audits at a lower cost. As a result, CPAs began providing a lower-level service, called a review,
on financial statements.
Reviews are based on inquiry and analytical procedures applied to financial statement amounts,
rather than the more rigorous procedures required in an audit, such as physical inspection and
confirmation with third parties.
The review culminates in a report that provides limited assurance, that is, that the CPA is not aware
of any material modifications that should be made to the accompanying financial statements in
order for them to be in conformity with generally accepted accounting principles.
Reviews are also used for quarterly financial statements of publicly held companies.
Reviews are performed for privately owned companies when the financial statement user wants
some assurance about the statements but do not require the level of assurance provided in an audit.
A review engagement has all the attributes of an audit engagement; however, there are important
differences between a review engagement and an audit i.e.
• The practitioner is not carrying out an audit
• For an audit the user will always be the company’s shareholders, whereas for review engagement,
the user could be whoever commissions the work e.g.:
• a bank wanting to know whether to maintain existing or extend further credit facilities
• directors of the predator company in a takeover/merger situation.
• limited evidence gathering work is performed which is narrower in scope than audit

The objective of a review engagement is to enable the auditor to state whether anything has come
to his/her attention which has caused him/her to believe that financial statements have not been
complied with an identified financial reporting framework in all material respects.
1.5.2 Attestation engagements

The 1980s brought additional expansion of the CPA's role. Users wanted CPAs to use the audit
and review services to report on subjects in addition to financial statements, such as the
effectiveness of internal control and the company's compliance with laws, regulations, or contracts.
The profession's response was the creation of standards for attestation engagements. In an
attestation engagement, the CPA applies the tools used in audits and reviews to report on whether
the subject matter of the engagement (such as internal control or management's discussion and
analysis of operations) complies with applicable criteria for measurement and disclosure. In
addition, CPAs can apply procedures specifically designed by the expected users of the report to
financial or non-financial items. Levels of service in attestation engagements are limited to
examination and application of agreed upon procedures.
It involves reporting on an expanded set of financial information beyond financial statements or

on a specified element of financial statement information. The result is a report much like an audit
(reasonable assurance) or review (limited assurance) of financial statements. No assurance is
mentioned in the report.
This service is neither an audit nor a review. These engagements, called agreed-upon procedures
engagements, result in a report in which the CPA describes the procedures applied and their results
but provides no overall conclusion.
These are engagements in which a practitioner is engaged to issue a report on subject matter, or an
assertion about subject matter that is the responsibility of another party.
The subject matter of an attest engagement may take many forms, including the following:
a. Historical or prospective performance or condition (for example, historical or prospective

financial information, performance measurements, and backlog data)

b. Physical characteristics (for example, narrative descriptions, square footage of facilities)
c. Historical events (for example, the price of a market basket of goods on a certain date)
d. Analyses (for example, break-even analyses)
e. Systems and processes (for example, internal control)
f. Behavior (for example, corporate governance, compliance with laws and regulations e.g
ISO, and human resource practices)
Examples of attestation engagements
1. Agreed Upon procedures Engagements: e.g. verifying inventory quantities and

locations
2. Financial forecasts and projections: such as analysis of prospective or hypothetical

“what-if” financial statements for some period in the same future.
3. Reporting on pro-forma Financial information: such as retroactively analysing the

effect of a proposed or consummated transaction on the historical financial statements
“as if” that transaction had already occurred
4. An examination of an entity’s internal control over financial reporting that is

integrated with an audit of its financial statements: focused on the design and
operating effectiveness of an entity’s internal control over financial reporting
5. Compliance attestation: such as ascertaining a clients’ compliance with debt covenants
6. Examination of management’s discussion and analysis: prepared in pursuant to the

rules and regulations of the Securities and Exchange Commission
7. Reporting on controls at a service organisation: such as organisations that provide

outsourced processes that are likely to be relevant to the user entities internal control over
financial reporting
8. Compilation: consists of preparing financial statements from a client’s book and records
without performing any evidence-gathering work. This service, provided only to

privately owned companies, is usually done in connection with helping the company
record its transactions and transform its records into financial statements. The accountant
does not do any tests of the underlying data, but helps put the data into financial statement
form and reads the statements for material misstatements. The compilation report
expresses no assurance, but if the accountant discovers material misstatements, they must
be corrected or described in the CPA's report.
1.5.3 Assurance services

By the 1990s CPAs were being asked to expand still further into additional services, including
those that involve subjects far removed from financial reporting and that do not involve an explicit
report or conclusion.
The term ‘Assurance’ is sometimes used inconsistently among individual CPA firms, Assurance
Services are expanded independent professional services that improve the quality of information
or its context for decision makers.
They are normally commissioned voluntarily.
The important elements involved in assurance engagement are:
1. Independence: Auditors want to preserve their attestation and audit reputations and
competitive advantages by preserving integrity and objectivity when performing assurance
services
The CPA should be independent in order to provide an assurance service; that is, he or she should
have no vested interest in the information reported on.
The CPA's only interest should be the accuracy of the information, not whether the information
portrays results favorable or unfavorable to either the entity that prepares the information or the
one that uses it.
2. Professional services: all work is defined as professional for as long as it involves some
element of judgment based on education and experience

An assurance service is a professional service, meaning it draws on the CPA's experience,

expertise, and judgment. It is based on the skills brought to bear in more traditional services, such
as measurement, analysis, testing, and reporting.
3. Improving the quality of information: auditors can enhance quality by assuring users
about the reliability and relevance of information or making it easier to use and understand.
4. Or its context: context is relevant in a different light. For assurance services improving the
context of information refers to how information is used in decision-makingand how it is
presented e.g. Value Added Statements
5. For decision making: these are consumers of the information. Decision makers are the
users of the information and immediate beneficiaries of the assurance service. They might
be internal to an entity, such as the board of directors, or a trading partner, such as a creditor
or customer.
The decision maker need not be the party engaging the CPA or paying for the service.
Assurance services might involve the type of reports provided in more traditional attestation
engagements or they might provide less structured communications, such as reports without
explicit conclusions or reports that are issued only when there are problems.
Assurance services are often desired to be more customized to information needs of decision
makers in specific circumstances. To be responsive to those needs, the form of CPA
communication is expected to be more flexible.
This area of service—assurance services—is an extension of the audit/attest tradition. It is

generally distinct from common consulting services.
They differ from many services historically provided by CPAs in that they represent an expansion
of the information and forms of reports provided. Indeed, they represent an evolution in the nature

of services provided by CPAs, as CPAs have begun to provide services not just on accounting
information but on many other types of information that people need in order to make decisions.
Services includes lending credibility to information whether financial or non-financial.
While auditing refers specifically to reporting on financial statements and attestation refers to
expressing an opinion on an expanded set of financial information beyond financial statements or
a specified element of financial statement information, assurance includes many areas of
information, including non-financial information.
Information in an assurance service can be;
• financial or non-financial,
• historical or forward-looking,
• discrete data or information about systems,
• internal or external to the decision maker.
Examples of assurance engagements;
1. Vote counts e.g. PWc used to count oscars
2. Enterprise risk management assessment
3. Information risk assessment and assurance’
4. Customer satisfaction surveys
5. Evaluation of investment management policies
6. Fraud and illegal acts prevention and deterrence
7. Accounts receivable review
8. Comprehensive risk assessment reports
The CPA identifies and assesses the various risks facing an organization, such as the operating
environment, operating systems, or information systems. The risks might be internal, external, or

regulatory. The CPA can help prioritize the risks and assess the entity's efforts to control or
mitigate risks faced.
9. Performance measurement reports
Many organizations use, or should use, data to run their businesses other than that emanating from
the financial reporting system. The service deals with identifying or providing explicit assurance
on the financial or nonfinancial measures used to evaluate the effectiveness or efficiency of the
organization's activities. While CPAs have historically been involved in the development of
financial statement information, their skills and knowledge can add similar value to the creation
of other information that can monitor the organization's results and its effectiveness in
implementing strategic plans.
10. Systems reliability reports
As information technology advances, it becomes increasingly common for critical information to

be produced and acted on electronically. Accordingly, decision makers need confidence that the
information is continuously reliable. There is an increased need for assurance that systems are
designed and operated to produce reliable data in such areas as information about customers,
suppliers, and employees, project costing, rights and obligations related to contractual agreements,
and competitors and market conditions. In systems reliability engagements, CPAs provide
assurance about the design and operation of such systems.
11. Reports on social and environmental issues (e.g. to validate an employer’s claims about
being an equal opportunities employer or a company’s claims about how ‘green’ it is)
12. Reviews of internal control
13. Electronic commerce
As more business is conducted electronically (via the Internet or in business-to-business electronic

data interchange systems) participants have concerns about the integrity and security of data
transmitted in furtherance of those transactions. An assurance service can help to address the risks
and promote the integrity and security of electronic transmissions, electronic documents, and the
supporting systems. One such service, CPA WebTrust, provides explicit assurance about the

disclosure of an entity's business policies and about the controls over privacy and information
integrity in consumer purchases over the Internet.
14. Systems reliability
As information technology advances, it becomes increasingly common for critical information to

be produced and acted on electronically. Accordingly, decision makers need confidence that the
information is continuously reliable. There is an increased need for assurance that systems are
designed and operated to produce reliable data in such areas as information about customers,
suppliers, and employees, project costing, rights and obligations related to contractual agreements,
and competitors and market conditions. In systems reliability engagements, CPAs provide
assurance about the design and operation of such systems.
15. Elder care services
The CPA assists the increasing population of older adults with a wide range of services such as
bill paying, providing assurance that health care providers are delivering services in conformity
with the client's criteria, and consulting on care alternatives and how to pay for them. The CPA
provides independent, objective information to protect vulnerable clients from potentially
unethical individuals and businesses as well as more traditional services (such as financial control)
for nontraditional clients.
16. Policy compliance
The CPA provides assurance that a company complies with its own policies. The policies—such
as ones involving treatment of women or minorities, conflicts of interest, animal testing,
environmental matters, or customer service—might be based on internal concerns, calls for social
accountability, or laws and regulations e.g. trust funds and non-governmental organisations or
charitable organisations
17. Trading partner accountability
The CPA provides assurance that the client's trading partners—such as suppliers, customers, or
joint venture partners—have appropriately fulfilled their responsibilities. Common situations

involve collecting rents or royalties based on sales made by another entity or agreements regarding
use of lowest prices or specific billing practices.
18. Mergers and acquisitions
The CPA applies the types of services done on a client's records and practices to a potential
acquisition. He or she can, for example, provide insights into the acquisition target's business risks,
appropriateness of accounting methods, the value of its assets, or the adequacy of its systems and
controls.
The needs of decision makers are evolving. For decades their needs were generally met by periodic
cost-based financial statements
This service is neither an audit nor a review. These engagements result in a report in which the
CPA describes the procedures applied and their results but provides no overall conclusion
Thus, a significant difference between assurance and attestation engagements is that assurance
engagements do not necessarily result in a standard form of report, whereas attestation
engagements (and more familiar audits and reviews) do. Yet assurance services require adherence
to key professional qualities by practitioners.
1.4.4 Other services
A CPA has both the right and responsibility to be an advocate for the client in arguing tax
positions
A CPA can also provide consulting and advisory services,. But they are prohibited from
performing any client services in which the auditor may find themselves making managerial
decisions or auditing their own firms work
2.5 LEVEL OF ASSURANCE
Since decision makers rely largely on information technology, a new need has arisen for various
forms of audit assurance. The degree of satisfaction obtained and therefore the level of assurance

that can be provided is determined the auditability of the financial information, the nature and
extent of the procedures which have been carried out and results obtained.
It is not possible to give an absolute level of assurance due to:
• The lack of precision often associated with the subject matter – e.g. financial statements are often
subject to estimation and judgment
• The nature, timing and extent of procedures
• The fact that evidence is usually persuasive rather than conclusive
• The fact that evidence is gathered on a test basis.
Irregardless of the scope of an auditors work, the Framework permits only three types of assurance
engagement to be performed:
i. A reasonable assurance engagement
In a reasonable assurance engagement, the auditor
• gathers sufficient, appropriate evidence
(We will look at this in detail in the chapters on audit evidence and audit procedures, but for now
let us accept that it means that the practitioner has to do enough work to be able to draw rational
conclusions)
• concludes that the subject matter conforms in all material respects with identified suitable criteria.
Information is material if its omission or misstatement could influence the economic decisions of
users taken on the basis of the financial statements.
(Materiality is another concept which we will consider in detail later. The important point for you
to understand is that the practitioner is not saying that everything is absolutely correct, but that,
broadly speaking, the information given is reliable.)
• gives his report in the form of 'positive assurance'.
This means that the report states that in the auditor’s opinion e.g.:

• Financial statements have been prepared in accordance with applicable legislation and
accounting standards
• The company’s employment policy in respect of disabled people isin accordance with
applicable legislation or guidance
• The volume of greenhouse gasses emitting from the company’s factories is within targets set
by government.
A reasonable assurance engagement requires that:
• The subject matter is the responsibility of another party
• The subject matter is
– Identifiable
– In a form that can be subjected to evidence gathering procedures
– the practitioner is not aware of any reason for believing that a conclusion expressing a
reasonable level of assurance about the subject matter based on suitable criteria cannot be
expressed.
ii. No assurance
It is when no assurance is expressed in the audit report
iii. A limited assurance engagement.
The auditor:
• gathers sufficient appropriate evidence to be satisfied that the subject matter is plausible in the
circumstances
• gives his report in the form of 'negative assurance'.
A negative assurance report takes the form:

'Nothing has come to our attention that causes us to believe that the financial statements are not
prepared, in all material respects, in accordance with an applicable financial reporting framework'.
The level of assurance given by a reasonable assurance engagement is high, whereas a limited
assurance engagement gives a moderate level of assurance.There is no precise definition of what
is meant by high or moderate in this context.
What is clear is that the confidence inspired in the user by the report produced after a reasonable
assurance engagement is designed to be greater than the outcome of a limited assurance
engagement.
It follows therefore that
• The procedures carried out will be more intensive
• The evidence gathered needs to be of higher qualityfor a reasonable assurance engagement and
this is reflected in the nature of the opinion given.
The contrast between the objective of the audit as a reasonable assurance engagement and the
expectation that it should lead to the discovery of all errors and fraud is a phenomenon known as
the ‘expectation gap’.
1.6 Level of assurance

Since decision makers rely largely on information technology, a new need has arisen for various
forms of audit assurance. The degree of satisfaction obtained and therefore the level of assurance
that can be provided is determined by the auditability of the financial information, the nature and
extent of the procedures which have been carried out and results obtained.
It is not possible to give an absolute level of assurance due to:
• The lack of precision often associated with the subject matter – e.g. financial statements are often
subject to estimation and judgment
• The nature, timing and extent of procedures
• The fact that evidence is usually persuasive rather than conclusive

• The fact that evidence is gathered on a test basis.
Regardless of the scope of an auditors work, the Framework permits only three types of assurance
engagements to be performed:
iv. A reasonable assurance engagement
In a reasonable assurance engagement, the auditor
• gathers sufficient, appropriate evidence
(We will look at this in detail in the chapters on audit evidence and audit procedures, but for now
let us accept that it means that the practitioner has to do enough work to be able to draw rational
conclusions)
• concludes that the subject matter conforms in all material respects with identified suitable criteria.
(Materiality is another concept which we will consider in detail later. The important point for you
to understand is that the practitioner is not saying that everything is absolutely correct, but that,
broadly speaking, the information given is reliable.)
• gives his report in the form of 'positive assurance'.
This means that the report states that in the auditor’s opinion e.g.:
• Financial statements have been prepared in accordance with applicable legislation and
accounting standards
• The company’s employment policy in respect of disabled people isin accordance with
applicable legislation or guidance
• The volume of greenhouse gasses emitting from the company’s factories is within targets set
by government.
A reasonable assurance engagement requires that:
• The subject matter is the responsibility of another party

• The subject matter is
– Identifiable
– In a form that can be subjected to evidence gathering procedures
– the practitioner is not aware of any reason for believing that a conclusion expressing a
reasonable level of assurance about the subject matter based on suitable criteria cannot be
expressed.
v. No assurance
It is when no assurance is expressed in the report
vi. A limited assurance engagement.
The auditor:
• gathers sufficient appropriate evidence to be satisfied that the subject matter is plausible in the
circumstances
• gives his report in the form of 'negative assurance'.
A negative assurance report takes the form:
'Nothing has come to our attention that causes us to believe that the financial statements are not
prepared, in all material respects, in accordance with an applicable financial reporting framework'.
The level of assurance given by a reasonable assurance engagement is high, whereas a limited
assurance engagement gives a moderate level of assurance. There is no precise definition of what
is meant by high or moderate in this context.
What is clear is that the confidence inspired in the user by the report produced after a reasonable
assurance engagement is designed to be greater than the outcome of a limited assurance
engagement.
It follows therefore that
• The procedures carried out will be more intensive

• The evidence gathered needs to be of higher quality for a reasonable assurance engagement and
this is reflected in the nature of the opinion given.
The contrast between the objective of the audit as a reasonable assurance engagement and the
expectation that it should lead to the discovery of all errors and fraud is a phenomenon known as
the ‘expectation gap’.
1.7 Conduct of audit

The conduct of audits is governed by three sets of rules:
•Codes of ethics
•Auditing Standards (ISAs)
•Company law.
In addition, Governments have increasingly tried to ensure that audits are conducted by people
who are suitably qualified and whose work is of satisfactory quality – a process known as Audit
Regulation.
1.8 The need for professional ethics

The purpose of assurance engagements is to increase the confidence of end users by reducing their
level of risk. It follows from this that the user needs to trust the professional.
In the light of the various corporate scandals which have occurred in the past decade – Enron,
WorldCom, Lehman brothers etc. and of late the Gupta Brothers There is a need for a basis for
this level of trust. The user needs to believe that assurance practitioners act in accordance with a
code of ethics, while the practitioner needs a code of ethics to make sure that he or she is worthy
of that level of trust.
In order to be trusted the auditor needs to be independent of their client. Independence is defined
as ‘freedom from situations and relationships which make it probable that a reasonable and
informed third party would conclude that objectivity either is impaired or could be impaired.’
IFAC has issued a code of conduct which follows a conceptual framework which identifies:

• fundamental principles of ethical behaviour

• potential threats to ethical behaviour
• Possible safeguards which can be implemented to counter the threats.
1.8.1 The fundamental principles

The firm should establish policies and procedures designed to provide it with reasonable assurance
that the firm and its personnel comply with relevant ethical requirements.
The engagement partner should consider whether members of the engagement team have complied
with ethical requirements (Part A& B of IFAC Code). The fundamental principles of professional
ethics as set out in the code are as follows:
- Integrity;
- Objectivity;
- Professional competence & due care;
- Confidentiality; and
- Professional behaviour
1.8.2 Threats and Safeguards

The circumstances in which professional accountants operate may give rise to specific threats to
compliance with the fundamental principles in the form of;
• Self-interest threat
• Self-review threat
• Advocacy threat
• Familiarity threat
• Intimidation threat
Safeguards that may eliminate or reduce these threats to an acceptable level fall into two broad
categories:
a. Safeguards created by the profession, legislation or regulation; and

b. Safeguards in the work environment.

i. firm-wide safeguards and
ii. engagement specific safeguards.
1.9 Auditing Standards

AUDIT AND REVIEWS OF HISTORICAL FINANCIAL INFORMATION
INTERNATIONAL STANDARDS ON AUDITING (ISA’S)
GENERAL PRINCIPLES AND RESPONSIBILITIES (200 – 299)
ISA Title
200 The objective of and general principles governing an audit of financial statements
(Effective for periods beginning on or after June 15, 2006)
210 Terms of audit engagements
220 Quality control for audits of historical financial information
230 Audit documentation
240 The auditor’s responsibility to consider fraud in an audit of financial statements
250 Consideration of laws and regulations in an audit of financial statements
260 Communication of audit matters with those charged with governance
ASSESSMENT AND RESPONSE TO ASSESSED RISKS (300 – 499)

ISA Title
300 Planning an audit of financial statements
315 Understanding the entity and its environment and assessing the risk of material
misstatement
320 Audit materiality
330 The auditor’s procedures in response to assessed risks
402 Audit considerations relating to entities using service organizations
AUDIT EVIDENCE (500 – 599)

ISA Title
500 Audit evidence
501 Audit evidence – additional considerations for specific items

505 External confirmations

510 Initial engagements – opening balances
520 Analytical procedures
530 Audit sampling and other means of testing
540 Audit of accounting estimates
545 Auditing fair value measurements and disclosures
550 Related parties
560 Subsequent events
570 Going concern
580 Management representations
USING WORK OF OTHERS (600 – 699)

ISA Title
600 Using the work of another auditor
610 Considering the work of internal audit
620 Using the work of an expert
AUDIT CONCLUSIONS AND REPORTING (700 – 799)

ISA Title
700 Independent auditors report on a complete set of general purpose financial
statements
701 Modifications to the independent auditors report
710 Comparatives
720 Other information in documents containing audited financial statements
SPECIALISED AREAS (800 – 899)

ISA Title
800 The auditor’s report on special purpose audit engagements
INTERNATIONAL AUDITING PRACTICE STATEMENTS (1000 – 1100)
IAPS Title
1000 Inter-bank confirmation procedures

1004 The relationship between banking supervisors and banks’ external auditors
1005 The special considerations in the audit of small entities
1006 Audits of the financial statements of banks
1010 The consideration of environmental matters in the audit of financial statements
1012 Auditing derivative financial instruments
1013 Electronic commerce –effect on the audit of financial statements
1014 Reporting by auditors on compliance with international financial reporting
standards
INTERNATIONAL STANDARDS ON REVIEW ENGAGEMENTS (ISRE) (2000 – 2699)

ISRE Title
2400 Engagements to review financial statements (previously ISA 910)
2410 Review of interim financial information performed by the independentauditor of
the entity
ASSURANCE ENGAGEMENTS OTHER THAN AUDITS OR REVIEWS OF

HISTORICAL FINANCIAL STATEMENTS
INTERNATIONAL STANDARDS ON ASSURANCE ENGAGEMENT (ISAES) (3000 –
3699)
ISAE Title
3000 Assurance engagements other than audits or reviews of historical financial
information
3400 The examination of prospective financial information (previously ISA 810)
RELATED SERVICES
International standards on related services (ISRS) (4000 – 4699)
ISRS Title
4400 Engagements to perform agreed-upon procedures regarding financial information
(previously ISA 920)
4410 Engagements to compile financial statements (previously ISA 930)
PRE-ENGAGEMENT
ISA 210: Terms of audit engagement.

ISA 220: Quality control for audits of historical financial information.

ISA 300: Planning on audit of financial statements.
ISQC 1: Quality control for firms that perform audits and reviews of historical
financialinformation, and other assurance and related services engagements.
SAAPS 1: Quality control.
1.10 Revision Questions
Question 1
The auditing firm known as Vincent and partners, where you are a manager, recently lost a senior
partner of theirs to one of their most prominent clients, the DevelopOne Limited Group.
DevelopOne Limited Group is a large property developer in Bulawayo, listed on the ZSE. Mr
Kere, the partner in question, had a very long relationship with DevelopOne Limited before joining
them as the financial director. In fact, he went to university with one of the founding members of
the company, John Phiri. He was the senior partner in charge of the audit for the last eight years
and knows their business inside out. The directors of DevelopOne Limited approached him during
the previous financial year with the offer to become the financial director, after the previous
financial director immigrated to Australia. He apparently told his partners at Vincent and Partners
that it was a very lucrative deal in terms of remuneration and that it also included performance
bonuses and share options. As part of the agreement to leave the partnership, Mr Kere promised
that he would try his utmost to ensure that Vincent & partners remained the auditors of the
DevelopOne Group. He kept this promise and the firm was reappointed as auditors. In return, he
insisted on keeping his office in the firm’s building. He intends to do consultation work, especially
in the field of Black Economic Empowerment (BEE), from this office. His new employer is fully
aware of the arrangement and does not have a problem with it.
During the planning of the first audit of DevelopOne Limited and its subsidiaries, with a new
partner in charge, it came to the attention of the audit team that DevelopOne Limited concluded a
BEE deal in order to introduce new broad-based black ownership into the company. The deal
represents an opportunity to a BEE Consortium to obtain an interest in DevelopOne Limited with

the prospect for DevelopOne Limited to grow its business and in doing so increase the value of
the Consortium’s investment. Mr Kere was instrumental in clinching and managing this deal.
The main features of the deal are as follows:
• The BEE Consortium will be a 30% shareholder of a newly formed subsidiary of DevelopOne
Limited, which will be called BeeOne (Property) Limited. DevelopOne Limited is the holder of
the other 70% of the shares.
• BeeOne (Property) Limited will buy a 15% stake in DevelopOne Limited and this transaction
will be funded by a loan from DevelopOne Limited. The loan will be interest-free for a period of
three years in order to assist the BeeOne shareholders to establish themselves financially.
• The BEE Consortium consists of two politicians and a number of up-and-coming black business
people.
• BeeOne (Property) Limited appoints Vincent & partners as auditors of the company.
• The Consortium is restrained from having an interest in a substantially similar BEE transaction
in the property sector. The Consortium, through the deal, will be entitled to nominate two new
directors for appointment to the Board of DevelopOne Limited. The Consortium has put forward
their names and although they are technically competent in their respective fields, they are totally
inexperienced as directors.
Two other important transactions came to the attention of the audit team when inspecting the
minutes of directors meetings of DevelopOne Limited:
1. The company bought a piece of land situated next to one of their latest developments in Norton
from Mrs Ndlovhu, the wife of the marketing director of DevelopOne, for a significantly larger
sum compared to current market prices. Mrs Ndlovhu works as an estate agent on a part-time basis,
but bought the property a few months ago with her own money. She was tipped off by her husband
that the company would probably be interested in the property, as it is adjacent to one of their most
popular apartment developments.
2. The company also bought a large piece of land just outside Kadoma, for the purpose of
developing a golf estate. It was noted in the minutes that DevelopOne Limited paid more than the

market value of the adjacent land. While they were still considering the viability of the golf estate
project, the previous owner sold the land to another developer. As a result they had to buy it from
this developer when they eventually decided to go ahead with the project. This developer is a
private company that belongs to Mr Frank (the managing director of DevelopOne Limited) and an
old university friend, who each have a 50% share. They formed the company many years ago to
use should opportunities like these arise. Their sons are now managing the company and identify
investment opportunities on their behalf. The new partner in charge of the audit identified an
opportunity to increase the fee income received from the DevelopOne Group. She convinced
management that the firm should be part of an information technology project to update the
company’s internal controls. The project will specifically aim to ensure that all transactions
between the companies in the group are correctly valued and properly recorded.
You also stumbled upon a piece of interesting information during a social event. One of your
friends, who work at the City Council as a city-planner, told you about a contentious rezoning
application that was approved by the Council. He mentioned the name of the DevelopOne Group
during the conversation.
At the next planning meeting with the management of DevelopOne Limited you enquired about
this issue and the client informed you that they are actually planning a party to celebrate the
rezoning approval. You and the partner in charge of the DevelopOne Group audit attended this
function in order to build client relationships. At the party you overheard Mr Willow remark to Mr
Frank how relieved he was that their “little investment” in the mayor’s holiday fund paid off. It
also became evident from various conversations, that DevelopOne Group desperately needed this
rezoning, as some of their transactions put some strain on the company’s financial position. The
excesses paid for the properties in Sandton and Dullstroom depleted their cash reserves and
additional finance had to be raised.
REQUIRED
(a) Identify all the ethical issues evident from the above scenario and, where appropriate, state the
possible actions or safeguards in terms of the Code of Professional Conduct. (20 marks)

(b) Outline the responsibilities of directors for all of the above transactions in terms of the
Companies Act (5 marks)
Question 2
You are a manager in the audit firm of AlphaΩ and this is your first time you have worked
on one of the firm’s established clients, BetaPLC. The main activity of Beta PLC is providing
investment advice to individuals regardingsaving for retirement, purchase of shares and securities
and investing in tax efficient savings schemes.
You have been asked to start the audit planning for Beta PLC, by Mr Son, a partner in
Alpha&Omega. Mr Son has been theengagement partner for Beta PLC for the previous nine years
and so has excellent knowledge of the client. Mr Sonhas informed you that he would like his
daughter Zoe to be part of the audit team this year; Zoe is currently studyingfor her first set of
fundamentals papers for her CA qualification.
Mr Son also informs you that Mr Far, the audit senior, received investment advice from Beta PLC
during the year and intends to do the same next year. In an initial meeting with the finance director
of Beta PLC, you learn that;
1. The audit team will not be entertained on Beta PLC yacht this year as this could appear to
be an attempt to influence the opinion of the audit. Instead, he has arranged a balloon flight
costing less than one-tenth of the expense of using the yacht and hopes this will be
acceptable.
2. The director also states that the fee for taxation services this year should be based on a
percentage of tax saved and trusts that your firm will accept a fixed fee for representing
Beta PLC in a dispute regarding the amount of sales tax payable to the taxation authorities.
Required:
(a) (i) Explain the ethical threats which may affect the auditor of Beta PLC.(6 marks)
(ii) For each ethical threat, discuss how the effect of the threat can be mitigated. (6 marks)
Question 3
(a) Explain the situations where an auditor may disclose confidential information about a client.
(8 marks)

(b) You are an audit manager in McKay & Co, a firm of Chartered Certified Accountants. You are
preparing theengagement letter for the audit of Ancients, a public limited liability company, for
the year ending 30 June2018.Ancients has grown rapidly over the past few years, and is now one
of your firm's most important clients.Ancients has been an audit client for eight years and McKay
& Co has provided audit, taxation andmanagement consultancy advice during this time. The client
has been satisfied with the services provided,although the taxation fee for the period to 31
December 2017 remains unpaid.
Audit personnel available for this year's audit are most of the staff from last year, including Mr
Grace, anaudit partner and Mr Jones, an audit senior. Mr Grace has been the audit partner since
Ancients became anaudit client. You are aware that Allyson Grace, the daughter of Mr Grace, has
recently been appointed thefinancial director at Ancients.
To celebrate her new appointment, Allyson has suggested taking all of the audit staff out to an
expensiverestaurant prior to the start of the audit work for this year.
Required
Identify and explain the risks to independence arising in carrying out your audit of Ancients for
the yearending 30 June 2018, and suggest ways of mitigating each of the risks you identify.
(12 marks)
QUESTION 10
You are the audit manager in the audit firm of Dark & Co. One of your audit clients is NorthCee
Co, a companyspecialising in the manufacture and supply of sporting equipment. NorthCee have
been an audit client for five yearsand you have been audit manager for the past three years while
the audit partner has remained unchanged.
You are now planning the audit for the year ending 31 December 2018. Following an initial
meeting with thedirectors of NorthCee, you have obtained the following information.
(i) NorthCee is attempting to obtain a listing on a recognised stock exchange. The directors
have established an audit committee, as required by corporate governance regulations,
although no further action has been taken in this respect. Information on the listing is
not yet public knowledge.
(ii) You have been asked to continue to prepare the company's financial statements as in
previous years.

(iii) As the company's auditors, NorthCee would like you and the audit partner to attend an
evening reception in a hotel, where NorthCee will present their listing arrangements to
banks and existing major shareholders.
(iv) NorthCee has indicated that the fee for taxation services rendered in the year to 31
December 2016 will be paid as soon as the taxation authorities have agreed the
company's taxation liability.
(v) You have been advising NorthCee regarding the legality of certain items as 'allowable'
for taxation purposes and the taxation authority is disputing these items.
(vi) Finally, you have just acquired about 5% of NorthCee's share capital as an inheritance
on the death of a distant relative.
Required
a. Identify, and explain the relevance of, any factors which may threaten the independence of
Dark & Co's audit of NorthCee Co's financial statements for the year ending 31 December
2018. Briefly explain how each threat should be managed. (10 marks)

CHAPTER 2
PRE-ENGAGEMENT ACTIVITIES.
2.0 Introduction
Obtaining
engagement
Advertising Direct client request Tendering
Before accepting the auditor/audit firm should consider potential issues. It should evaluate
compliance with the following issues;
PRELIMINARY ACTIVITIES
RISK ANALYSIS ETHICAL ISSUES LEGAL ISSUES PRACTICAL ISSUES
May not want to -If replacing an Directors -Staff

accept client if auditor, there is need
perceived risk is too -Casual basis -Location
to ask permission to
high by evaluating:
contact existing -1st appointment -Timing
-Management auditor, then wait for
integrity clearance. Members
-Past performance -If there is no -Ordinary

of business resolution, (21 days
response consider
-Internal controls the new appointment at AGM)
whether good/bad carefully
Secretary of state
-Complexity of
transactions -Rare,only when no
auditor has been
-unusual appointed in time
transactions
When engagement accepted then establish an understanding of the terms of the engagement

The most common way of obtaining an audit engagement is by recommendation. It is not

uncommon for up to 90% of a firm’s new business to come from its existing client base.
However, the second most common way of obtaining new work is by submitting a successful
tender, after being invited to participate in what is frequently referred to as a ‘beauty parade’.
‘Tendering’ is the process of quoting a fee for work before the work is carried out.
In addition to the risk associated with any other new client the specific risks of being involved with
the tender include:
• wasted time – if the audit tender is not accepted
• setting an uncommercially low fee in order to win the contract leading to lowballing
• making unrealistic claims or promises in order to win the contract.
2.1 Obtaining of engagement acceptance information

The firm should establish policies and procedures for the acceptance and continuance of client
relationships and specific engagements, designed to provide it with reasonable assurance that it
will only undertake or continue relationships and engagements where it;
a) Has considered the integrity of the client and does not have information that would lead it
to conclude that the client lacks integrity
b) Is competent to perform the engagement and has the capabilities, time and resources to do
so and;
c) Can comply with ethical requirements
An audit client that has integrity generally results in a problem free engagement. Conversely
despite conducting an audit in line with the generally accepted auditing standards, it is difficult for
an auditor/ audit firm to avoid appearing “guilty by association” with a client that lacks integrity.
With regard to the integrity of client, matters that a firm should consider include for example;
• The identity and the business reputation of the client’s principal owners, management,
related parties and those charged with its governance
• The nature of the clients, operations, including business practices

• Information concerning the attitude of the client’s principal owners, management, related
parties and those charged with its governance towards such matters as aggressive
interpretation of accounting standards and the internal control environment
• Indications of an appropriate limitation of scope of work
• Indications that the client might be involved in criminal activities
• The reasons for the proposed appointment of the firm and non-reappointment of the
previous firm
Information will be obtained through performance of risk assessment procedures consisting of:
• Inquires of management and others inside and outside the entity.
• Observation and inspection.
• Analytical review.
2.1.1 New clients

To reduce the risk of accepting a problem client, auditing standards require a prospective auditor
to collect information from a wide range of sources for instance:
Basic information should be collected directly from the predecessor regarding issues that reflect
directly on the integrity of management. The audit client must of course grant its approval before
the communication can occur between the prospective auditor and the predecessor auditor.
In addition to client acceptance and continuance policies and procedures generally include
Obtaining and reviewing financial information about the prospective client-annual reports, interim
statements, registration statements e.t.c.
• Enquiry of client personnel (boards, audit committees and management),
• Enquiry from third parties e.g. bankers, layers, analyst, etc.
• Enquiry from other auditors with similar clients in the industry.
• Press and media coverage of the client.
• Background searches of relevant databases e.g. detailed criminal background checks for
senior managers

2.1.2 Existing clients

Consider only changes that might affect the ability to continue as their auditors
Retention reviews may be done annually or on occurrence of major events such as changes in
management, directors, ownership, legal counsel, financial condition, litigation status, nature of
client’s business or scope of audit engagement
2.2 Pre-engagement activities

Before beginning to work on an audit, the auditor must complete a number of required pre-
engagement activities that help to determine whether to accept a new client or agree to work with
an existing client.
The Engagement partner should take responsibility for the overall quality on each audit
engagement and by this setting an example to all the other members of the engagement team
through all stages of the audit engagement (ISA 220.6-220.7).
1. Perform a client investigation:
The process activities are clearly focused on understanding and managing audit risk. Evaluate the
acceptance of new clients and continuance as auditors for the existing clients (ISA 220.14-220.18).
Consider risks and exposure involved in the process of decision-making to accept a client/not
(Legal liability, reputational damage, etc.).
Consider;
• Independence.( In fact and appearance)
• Integrity of the client.
• Changes in the entity for existing clients.
• Information obtained from communication with the predecessor auditor.
• Financial responsibility of the client.
• Legal procedures prior the engagement.
• Conflict of interest
• The entity’s business standing risk
• Ability to pay the audit fees.

• If there is a vacancy to appoint auditors (Sec 91 of the Companies Act).
2. Determine skills and competence requirements for the engagement.

After having performed the client investigation, the audit/firm should consider whether the
engagement would require special attention or involve unusual risks. Engagement should only be
taken if the audit firm has the skills, competence, necessary staff and experience to provide an
effective and efficient audit.
Matters to consider:
i. The number of audit team members in relation to the size of the client.
ii. Firm personnel’s knowledge base of the relevant industry/subject matters.
iii. Firm personnel experience of relevant regularity/reporting requirements or the ability to gain
the necessary skills and knowledge effectively.
iv. Experience of the audit team members, especially that of management (audit seniors).
v. Does the firm have sufficient personnel with necessary skills and competencies?
vi. Use of an expert and/or other third parties, are experts are available, if needed?
ISA 610: Using the work of internal auditors (par 8-9; par A4-A5).
ISA 620: Using the work of an auditor’s expert (par 7; 9; 12-13; par A10-A13, A32-
A40)
vii. Can the audit deadline be met?
viii. ISA 600: Special considerations – Audits of group financial statements (including the work
of component auditors) (par 12-14; par A10-A21).
ix. Compliance with quality control as per SAAPS1 and ISQC1.
3. Terms and conditions of the audit engagement

Procedures performed with regard to acceptance of a new client/continuance with engagement
clients should be documented. Issue an engagement letter to those charged with governance
highlighting the following:
1. Management and auditor’s responsibility.
2. Duty to report any reportable irregularity.

2.3 Engagement letters

Professional standards require auditors to reach mutual understanding with clients concerning
engagement requirements and expectations and to document this understanding in the form of a
written letter.
Once the terms of the engagement have been established they have to be confirmed through the
engagement letter. When a new client is accepted or when an existing client continues from year
to year an engagement letter is required.
The engagement letter will be sent before the audit, but for an existing auditor continuing to work
for the same client the auditor must issue a new engagement letter if the scope or context of the
assignment changes after initial appointment or there is a change in circumstances.
The engagement letter:
i. specifies the nature of the contract between the audit firm and the client.
ii. minimises the risk of any misunderstanding of the auditor’s role.
iii. should be reviewed every year to ensure that it is up to date but does not need to be reissued
every year unless there are changes to the terms of the engagement. Many firms of auditors
choose to send a new letter every year to emphasise its importance to clients.(ISA 200.10-
200.11).
2.3.1 Purpose of the engagement letters:

The engagement letter actually acts as a contract.
It serves as a means for reducing risk of misunderstandings- the expectation gap- with the client
and as a means of avoiding legal liability for claims that the auditors did not perform the work
promised.
The engagement letter
• Sets out the type of engagement.

• Avoid/minimise misunderstanding between client and auditor.
• Records the following:

i. auditors acceptance of the job

ii. objectives of the engagement- lays out the nature of the work to be done and the
type of assurance to be given if any
iii. managements’ responsibilities
iv. auditors’ responsibilities
v. scope
vi. format of any reports.
The engagement letter is to be sent and the terms agreed with client and signed, preferably before
the commencement of the engagement.
Content of course can vary from client to client (ISA 200.6-200.8).
2.3.2 Principal contents of an engagement letter

The letter should outline;
i. the clients’ statutory duties (e.g. to prepare accounting records) and

ii. the auditors statutory duties (e.g. to report) and
iii. professional (e.g. to follow the auditing standards) responsibilities.
The sections may include;
• The boards’ responsibilities

• The auditors responsibilities
• The scope of the auditor’s work - auditing standards
-accounting system review
-collection of audit evidence
-tests and reliance on internal controls
• The sending of a letter of weakness to the management

• Any special factors: - relations with internal audit

- audit divisions
- any overseas location problems
- other auditors if any
-significant reliance on supervision of directors
• The need for a letter of representation from management

• Irregularities and fraud;- the director’s primary responsibility
- the auditors planning of his audit to have a reasonable expectation
of discovering material misstatements in the accounts
- non-reliance on the auditor to uncover irregularities and frauds
• Any agreement for the provision of other services e.g. tax, advisory, accounting
• The fees and the basis on which they are charged
• A request for written acknowledgement of the letter and that it creates obligations
2.4 Assignment of engagement teams

The firm should assign responsibility for each engagement to an engagement partner.
The engagement partner should ensure that the engagement team has the appropriate capabilities,
competence and time to perform the audit engagement in accordance with professional standards
(ISA 220.19-220.20).
2.5 Discussion question
Question 1
You are an audit senior at Storm Incorporated a medium-sized audit firm in Zimbabwe. Storm has
offices in Gweru, Mutare and Bulawayo, and the head office is situated in Harare. Storm has a
workforce of 200 employees, including 12 partners.
In March 2017, the Board of Directors of Whatsapp (Pvt) Ltd awarded a tender to Storm for the
audit of Whatsapp. Whatsapp is one of the largest mobile communication companies providing

voice and data services in Zimbabwe. Whatsapp (Pvt) Ltd will be the largest client of Storm in
terms of fee revenue.
After completing the preliminary engagement activities, the audit partner requested one of the
trainee accountants assigned to the audit, to prepare a draft engagement letter to be issued to
Whatsapp (Pvt) Ltd. The draft engagement letter is shown below.
Storm
P.O Box 777
Harare
26 March 2017
The Accountant
Whatsapp (Pvt) Ltd
PO Box 333
Harare
Dear Sir/Madam
AUDIT ENGAGEMENT LETTER

We have been requested to audit the annual financial statements of Whatsapp (Pvt) Ltd, which
comprises the statement of financial position, the statement of comprehensive income, the
statement of changes in equity, the cash flow statement for the year then ended, the summary of
significant accounting policies, other explanatory notes as well as the certificate issued by the
company’s directors. Our audit will be undertaken with the objective of expressing an opinion on
the correct presentation of the financial statements.

We will conduct our audit in accordance with International Standards on Auditing, the Code of
Professional Conduct of the Institute of Chartered Accountants of Zimbabwe (ICAZ) and the
Companies Act Chapter 24:03. The standards require that we plan and perform the audit to obtain
assurance about whether the financial statements are free of material misstatements.
The procedures selected will depend on the auditor’s judgement, including the assessment of the
risks of material misstatement of the financial statements, whether due to fraud or error. An audit
involves performing procedures to obtain audit evidence about the amounts and disclosures in the
financial statements.
An audit also includes evaluating the appropriateness of accounting policies used and the
reasonableness of accounting estimates made by management, as well as evaluating the overall
presentation of the financial statements.
In making our risk assessments, we consider internal control relevant to the entity’s preparation of
the financial statements in order to design audit procedures that are appropriate in the
circumstances.
Our statutory audit will include the expression of an opinion on the effectiveness of the entity’s
internal control. We remind you that the responsibility for the preparation of financial statements
and their fair presentation is that of the management of the company. This responsibility includes
the maintenance of adequate accounting records and internal controls that management determines
is necessary to enable the preparation of financial statements that are free from material
misstatement, whether due to fraud or error.
We confirm our agreement to accept a management representation letter signed by the financial
director as sufficient appropriate audit evidence on the revenue and inventory accounts.
We look forward to full cooperation with your staff, as the daughter of the financial director is
included in the audit team. We trust that your staff will make available to us whatever records,
documentation and other information we may request in connection with the audit.

Our audit fees, which will be billed as work progresses, It will be$25 000 (including VAT and
excluding disbursements) and will not be adjusted for a period of five years. The audit fee to be
charged is 15% lower than the fee charged by the previous auditors.
In addition to the statutory audit we will prepare calculations of current and deferred tax liabilities
(or assets) for Whatsapp Pvt Ltd. The fee for these calculations will be charged at 10% of the
resulting tax refund.
The maximum liability of Storm Incorporated for any claims resulting from any services rendered
in terms of this engagement letter shall be limited to an amount equal to twice the fees billed.
This letter will be effective for future years unless the agreement is terminated or amended with
our consent.
Yours faithfully
Alwyn Mbudzi CA(Zim) Registered Auditor

Storm Incorporated
WE OFFER THE BEST AUDIT SERVICE IN TOWN!
Required:
Critically discuss your concerns with regards to the draft engagement letter prepared by the trainee
accountant. Your answer should comprise the following:
i. The requirements in terms of ISA 210: Agreeing the terms of Engagement of audit
engagements (10 marks)
ii. The requirements in terms of the IFAC Code of Professional Conduct (10 marks)

Question 2
You are a senior audit manager at Captain and Morgan Incorporated, a firm of chartered
accountants. You joined the firm six (6) years ago, after spending two (2) years in New Zealand
at one of the big four audit firms as an audit manager. Shortly after arriving back in Zimbabwe,
Captain and Morgan head-hunted you and made you an offer you could not resist. They offered
you a favourable package and a good client profile.
Captain and Morgan recently won a tender to audit Ram (Pvt) Ltd, a dairy and free-range livestock
farm, for the year ended 31 December 2018. You are currently engaged in planning the 2018 year-
end audit for Ram Pvt (Ltd) and you obtained the audit file from the audit senior, which includes
the New client pre-acceptance questionnaire shown below.
Client Ram (Pvt) Ltd Year-end 31 Dec 2018
Prepared by Audit senior Date 11 Feb 2018
Subject New client pre-acceptance questionnaire
Services to be provided:
1. The statutory audit
2. Completion of the tax return and assisting management in preparing the financial statements
Criteria Complied? Comments

Yes No
Audit firm will be independent in X The engagement partner has received
appearance when performing the eight cows from the owner and CEO of
engagements. the farm, Peter Chimbwido. This will
enable the partner to assist his son to pay
lobola.
The firm and its staff are competent X The new audit manager audited a farm
to perform the engagement and have while working in New Zealand.
the capabilities, time and resources to
do so.

The potential client has demonstrated X The fee for statutory audit work is of little
both the willingness and the ability to consideration, since high fees will be
settle the fees for services rendered. charged for tax services and preparation
of financial statements.
There is no evidence of a history of X
litigation by the potential client
against its auditors.
The previous auditor has resigned X
or was removed in compliance with
the Companies Act.
The client is agreeable to the terms of X The client has signed the letter but has
engagement contained in the standard expressed reservations regarding the
audit engagement letter. right of access of the external audit staff
to the clients’ shareholders register.
Contact previous auditor to confirm X Done telephonically by the engagement
no professional reason not to partner.
accept the engagement.
Procedures for gathering information Comments

Enquiries and discussions with the potential Held discussions with Mr Peter Chimbwido,
clients’ board of directors and executive the CEO of the farm.
management
Inspection of the potential clients’ prior year Reviewed 2011 annual financial statements.
financial statements.
Conclusion: All the criteria have been satisfied and Ram (Pvt) Ltd is accepted as a client.
Required:
Discuss, with reference to the New client pre-acceptance questionnaire, your concerns
regarding the acceptance of Ram (Pvt) Ltd as audit client. (25)

CHAPTER 3
PLANNING FOR AN AUDIT
3.0 Introduction
PRE-ENGAGEMENT ACTIVITIES
Perform a client
investigation: Terms and conditions
The process activities of the audit
Determine skills and Engagement
are clearly focused on competence
understanding and requirements for the Documentation of
managing audit risk. engagement procedures performed
Consideration of with regard to
Evaluating the whether the acceptance of a new
acceptance of new engagement would client/continuance with
clients and require special engagement clients.
continuance as attention or involve
auditors for the unusual risks. Issuance of an
existing clients (ISA engagement letter to
220.14-220.18). Engagement being those charged with
taken only if the audit governance
We have already discussed how before beginning to work on an audit, the auditor must complete
Consideration of risks firm has the skills,
a number of required pre-engagement activities that help to determine whether to accept a new
and exposure involved competence,
client or agree to work with an existing client.
in the process of necessary staff and
3.1 Why
decision-making plan?
to experience to provide
accept
The a client/not
auditor should plan the auditan
so thateffective and will be performed in an effective
the engagement
efficient
manner.(ISA 300: Planning an audit audit.Statements para 2)
of financial

The purpose of all this is to ensure that the risk that the financial statements may be misstated is
reduced to an acceptable level.
An audit is:
• an expensive process
• a potentially complex project which needs to be managed effectively.
Although it is tempting to assume that it is simply a question of following a tried and tested
programme and that the important thing is to ‘get busy’, the extra time spent planning the
engagement properly will repay itself by:
• Ensuring the right team is selected for the assignment.
• Ensuring that staff are employed effectively rather than simply ‘given something to do’.
• Ensure that assignment of engagement teams is done with consideration of effectiveness
and efficiency
• Ensuring the work is properly focused on material areas of risk.
• Identifying potential problem areas and resolving them on a timely basis
• Ensuring that the nature and quantity of the work done addresses the risks and problem
areas.
• Ensuring the work can be fully completed in time for the review process.
• Enabling deadlines to be met so that there is time for due consideration of the important
issues.
• Assists in co-odination, review, supervision and direction of work done by auditors
3.2 The planning process

The planning process consists of a number of phases and activities. It varies according to:
– size and complexity of the entity,
– the auditors previous experience with the client
– changes that occur before and during the audit engagement

Planning is not a discrete phase of an audit, but rather a continuous and iterative process that often
begins shortly after( or in connection with) the completion of the previous audit and continues
until the completion of the current audit engagement.
Assessing risk
Developing the audit strategy
Selecting the audit team
Assessing materiality
Selecting appropriate audit procedures.
3.2.1 Assessing risk

It is vital that you understand that it is the auditor’s assessment of risk which underpins the whole
audit.
It is the assessment of risk which determines:

• The audit strategy
• Who should be on the audit team
• The potential impact of fraud
• The nature of the procedures to be carried out
• How much evidence needs to be gathered.
Everything in the planning process is about the auditor’s response to assessed risk. There are two
sources of information from which it is possible to assess risk:
(i) Knowledge of the business (KOB)

Auditors should have or obtain a KOB which is sufficient to enable them to identify and understand
the events, transactions and practices that may have significant effect on financial statements or
the audit thereof
The auditors level of knowledge for an engagement normally includes;
i. General knowledge of the economy and industry within which the organisation operates
ii. Particular knowledge of how the entity operates
Knowledge obtained prior to acceptance of an engagement includes;

• Knowledge obtained from previous relevant experience
• Knowledge from enquiries of predecessor auditors
• Specific rules or regulations pertaining to the industry
• Accounting standards applicable to that industry
• Initial perception of the viability of the business
• The perceived integrity of the directors and management
Knowledge obtained following acceptance of an engagement includes;

Obtaining the KOB is a continuous and cumulative process and relating the resulting knowledge
to all stages of the audit.
• Analytical procedures
3.2.1.2 Risk and materiality

It follows that there is a relationship between risk and materiality in that the greater the risk of
material misstatement, the lower the level of materiality.
3.2.2 The Audit Strategy

The auditor should establish the overall audit strategy which sets the overall approach and guide
the development of the more detailed audit plan.

The audit strategy should cover:

• the scope
• the timing
• the directionof the audit.
3.2.2.1 Scope
Determine the characteristics of the engagement that define the scope of the audit.
i. What is the financial reporting framework for the financial statements?
• National GAAP?
• International Accounting standards?
• IFRS’s
ii. Are there industry specific or other special reporting requirements?

• Listed companies e.g additional reporting requirements
• Charities.
• Other regulated businesses such as banks and insurance companies.
Are there other factors which influence the overall approach to the audit?
iii. Multiple locations.

iv. Group audits.
3.2.2.2 Timing
Ascertaining the reporting objectives of the engagement so to plan the timing of the audit and the
nature of the communication required such as deadlines for:
• final reporting
• any interim report
• key dates for expected communications with management and to those charged with governance.
It is always good, when managing a project (even an audit) to start with the completion date and
work backwards.

If there is to be an interim as well as a final audit the timing has to be:

Early enough:
– not to interfere with year end procedures at the client and
– to give adequate warning of specific problems.
Late enough:
– to enable sufficient work to be done to ease the pressure on the final audit.
Interim versus Final audits

The interim audit will normally focus on:
• documenting systems
• evaluating controls
• some tests of details – usually tests of income and expenditure and,perhaps, purchases and
disposals of non-current assets.
It may be possible to:
• Attend an interim inventory count or
• carry out an interim receivables circularisation
providing the results can be satisfactorily ‘rolled forward’ to the statement of financial position
date. (A roll forward reconciles the movements between the date of the count or circularisation
and the year end date.)
The final audit can then focus on:
• statement of financial position areas
• finalisation of the financial statements and the audit report.
For an interim audit to be justified the client normally needs to be of a sufficient size, although, if
reporting deadlines are very tight it may be possible to audit up to ‘Month 11’ and then ‘roll
forward’ to the statement of financial position date.

1.2.2.3 Direction
Considering the important factors that will determine the focus of the engagement teams
efforts. The ‘direction’ of the audit covers the overall approach and concerns such issues as:
• Preliminary assessment of materiality
• Preliminary identification of high risk areas
• Preliminary identification of material components and account balances.
• Evaluation of whether the auditor may plan to obtain evidence regarding the effectiveness of
internal controls
• Preliminary identification of any significant entity-specific, industry, financial reporting and
other relevant developments
Component – A division, branch, subsidiary, joint venture, associated company or other entity
whose financial information is included in financial statements audited by the principal auditor.
• Decisions about whether assurance is expected to be derived from reliance on controls or a fully
substantive approach.
• The need for site visits and other logistical issues.
• The impact of recent developments at the client, in its industry, inregulatory or financial reporting
requirements.
3.2.2.4 The impact of fraud on the audit strategy

Under ISA 240: The Auditor’s Responsibility to Consider Fraud in an Audit of Financial
Statements, the auditors are required to consider the risks of material misstatement in the financial
statements due to fraud when planning and performing their audit.
If their work confirms that, or is unable to conclude whether, the financial statements are materially
misstated as a result of fraud, the auditors need to consider the implications for their audit.
There is no requirement in the auditing standards for the auditor to detect any fraud or errors,
though they are required based on the risk assessment, to design audit procedures to obtain
reasonable assurance that misstatements arising from fraud and error that are material to the
financial statements taken as a whole are detected

The external auditor is responsible for identifying material misstatements in the financial
statements in order to ensure that they give a true and fair view. By definition then, the external
auditor is responsible for detecting any material fraud that may have occurred as this will lead to
a material misstatement.
However, they have no specific responsibility with regard to immaterial fraud. As with
immaterial errors, if they identify them they will be reported to those charged with governance,
but there is no duty to identify them.
The auditor cannot guarantee that the financial statements are free of all fraud and error because
of the inherent limitations of the audit, for example the use of sampling.
The risks in respect of fraud are higher than those for error because of the possibility of
concealment and collusion between staff.
In order to have a chance of detecting fraud the auditor must maintain an attitude of professional
skepticism when performing their work which involves keeping an open mind to the possibility
of fraud occurring.
Possible different strategies

POSSIBLE
STRATEGIES
Substantive or Analytical review

Interim or final
controls or tests of detail
Possible different strategies could be:

• Final audit only.
• Interim and final.
• Reliance on controls with reduced reliance on substantive procedures.
• Reliance on substantive procedures rather than on internal controls.
• Heavy reliance on analytical procedures rather than tests of details.
The nature of the client’s business and structure will have a huge impact on the appropriate strategy
• Clients with multiple sites, such as retail chains or manufacturers with a number of factories, will
require the planning of a programme of site visits, perhaps on a rotational basis.
• Finance companies where the confirmation of a bewildering number of bank balances is crucial
to the audit.
• The need to use experts, e.g.
– specialist inventory checkers in the restaurant and pub trade or for livestock
– surveyors and valuers for property companies
– actuaries for pension schemes.

Illustration 1 – Possible different strategies

NB. In the exam it is possible that you may be asked to come up with different strategies for a
single client. More likely, however (as in real life)your understanding of this part of the syllabus
will be tested by asking you to come up with an appropriate strategy for a particular client.
There is no point:
• Recommending a receivables circularisation for a client with cashsales.
• Suggesting an inventory count for a software company whose work in progress consists of the
unamortised costs of developing its products.
3.2.3 The Audit plan

Once the audit strategy has been decided upon, the next stage is to decide how it is going to be
carried out – we need the audit plan.
There is also a need to distinguish between:
• The plan itself – what needs to be done and how.
• Documenting the planning process
Knowledge of Assess risk

Business
Analytical
review
Assess materiality

What evidence do we need

to get
Design procedures to
get it
The plan itself

The plan is more detailed than the audit strategy and includes the
– Nature
– Timing
– Extent of audit procedures to be performed by the engagement team members.
Based on the assessed risk and materiality, It is possible to decide:
• What audit procedures are to be carried out
• Who should do them
• How much work should be done (sample sizes, etc)
• When the work should be done.
The relationship between the audit strategy and the audit plan
Whilst the strategy sets the overall approach to the audit, the plan fills in the operational details of
how the strategy is to be achieved.
STRATEGY

PLAN
PRECEDURES
3.2.4 Knowledge of the business (KOB)

If the audit strategy and the plan depend on the assessed level of risk, the auditor’s ability to assess
that risk will depend on an understanding of all aspects of the client’s business that is;
• What the client does
• The environment in which it does it
• Its management, systems and governance
• Who it interacts with (key customers, suppliers, etc).
3.2.4.1 Sources of KOB
Information Information from

from your firm external sources
• Partner • Industry surveys

• Manager • Companies house
• Industry experts • The internet
• Last year’s team • Trade press
• Last years’s audit working papers file • Credit reference agencies
• Past experience • Discussion
• Observation
• Website
• Bronchures

Information from Information from

you the client
To get to know the client you would have to draw information from many sources of documents,
it's always key to arrange a meeting with client. This enables you to ask specific questions and go
through the initial analytical procedures done.
N.B The permanent file is always a good resource, but only if its an existing client.
3.2.5.2 Discussion among the engagement team

‘The members of the engagement team should discuss the susceptibility of the entity’s financial
statements to material misstatements (ISA 315 para 14 Understanding the entity and its
environment and assessing the risk of material misstatement)
This discussion – effectively a planning meeting – is required by ISA 315.
In order to demonstrate that it has taken place and that the standard has been complied with, there
will need to be evidence, usually in the form of minutes of the discussion meeting.
3.2.5.3 Analytical procedures (ISA 520)

Mean the analysis of significant ratios and trends including the resulting investigation of
flactuations and relationships that are inconsistent with other relevant information
Analytical procedures are usually carried out at three stages of the audit process. They are
mandatory at the planning and final review stages. At the substantive testing stage, they are one of
several methods for obtaining evidence, so may not be appropriate in some circumstances.
Analytical procedures comprise the evaluation of financial information by studying the

relationship between this information and other financial and non-financial data. They include

comparison of financial information with prior periods, budgets and forecasts and similar
industries.
At the planning stage, analytical procedures are used for two main reasons:
• To help understand the client’s financial statements
• To help spot possible errors.
If errors look possible, the audit work will be directed towards those errors.
3.3 Materiality
We have already seen the definition of materiality; ‘Information is material if its omission or
misstatement could influence the economic decisions of users taken on the basis of the financial
statements (ISA 320 para 3: Audit Materiality).
3.3.1 So what really is materiality?

• Material by size-A big amount of money
• Material by nature- refers to an amount which although not big:
– triggers a threshold
– indicates future developments or other significant events
– whose disclosure is compulsory
3.3.2 Why is materiality important?

• If financial statements contain a material misstatement they can not show a true and fair view.
• Auditors therefore must design their audit procedures to reduce the risk of material misstatement
to an acceptable level.
• This means that auditors must decide on what they mean by ‘material’ before they design their
procedures .
What are the implications for the work the auditors do?
Auditors will:

• Need to examine all items in the financial statements which are material
BUT
• they will also need to design tests to give assurance that material amounts have not been omitted
from the financial statements
AND
• they will need to allow for the fact that a number of immaterial errors could together add up to a
material misstatement.
3.3.3 Calculating materiality

Firms typically have a standard method for calculating a baseline materiality figure as part of the
planning process.
Common measures are:
• ½ – 1% of turnover
• 5 – 10% of results
• 1 – 2% of assets
but these are up to the judgment of the auditor. As a result, different firms use different measures.
Any calculation done is very flexible, and may have to be reassessed during the audit (if for
example many large errors are found).
3.3.4 Tolerable error

The maximum error in a population that the auditor is willing to accept (ISA 530 para 12: Audit
sampling and other means of testing)
Tolerable error is considered during the planning stage, and for substantive procedures, is related
to the auditor's judgement about materiality.
The difference between materiality and tolerable error

• Materiality concerns the financial statements as a whole.
• Tolerable error only concerns the population being tested.

3.4 Documenting the planning process

This chapter has considered all aspects of the planning process. ISAs require that all the elements
of the audit should be documented, and so it is clearly necessary to produce a record of the audit
strategy and plan, which can be referred to as the audit progresses and can be used in the
completion stages to ensure that everything has been done which ought to have done.
Most firms will use ‘audit packs’ – pre-printed or computerised documents and checklists to ensure
that the requirements of ISAs have been followed.
3.5 The stages of the plan

The plan usually consists of nine stages:
(1) Gather/confirm knowledge of the business
– Nature of the business
– Management
– Key staff
– Those charged with governance
– Accounting systems
– Internal controls
– KOB discussion
(2) Preliminary analytical review
(3) Risk assessment (ISA 315: Understanding the entity and its environment and
assessing the risk of material misstatement)
– Overall
– By area
– Significant risks
(4) Materiality calculation (ISA 320: Audit Materiality)
(5) Tolerable error calculations for material areas

(6) The audit approach to be adopted for all areas
(7) Assessment of auditor’s independence

(8) Budget and staffing

(9) Timetable and deadlines
3.5.1 Variations on the theme

• For large audits much of the KOB information may be kept on a permanent file and the audit
plan may contain a summary or simply cross refer to the permanent file.
• Increasingly KOB is being summarised in a planning memorandum which is updated each year.
• With computerised audit systems where all background documents may be scanned in, the
distinction between current and permanent audit files is being eroded.
• For large audits, the planning may be so complex that it needs to be summarised in a separate
memorandum.
• For small audits the summary may be all that is necessary.
Amongst matters required to be considered by the auditor when planning the audit in accordance
with the requirements of ISA 300: Planning an Audit of Financial Statements are those of
‘materiality’ and the ‘direction, supervision and review’ of the audit.
3.6 Discusion Questions
Question 1
a) State the objective of the statutory audit and explain how carrying out the audit in
accordance with ISAs helps the auditor to achieve that objective. (4 marks)
b) ISA 315:Identifying and assessing the risks of material misstatement through
understanding the entity and its environment sets out matters that should be
documented during the planning stage of an audit.
Required
List six matters that should be documented during audit planning. (3 marks)
c) ISA 230: Audit documentation provides guidance to auditors in respect of audit working
papers.
Required
List six factors which affect the form and content of audit working papers. (3 marks)

Question 2
During the planning process, the auditor will develop an audit strategy and also produce a detailed
audit plan. They will also make an assessment of the level of materiality to be used during the
audit.
Required
a) State the purpose of the 'audit strategy' and describe two areas that would be covered by the
audit strategy. (3 marks)
b) Explain what an 'audit plan' is and give two examples of items that would ordinarily be
included in the audit plan. (3 marks)
c) Define the term 'performance materiality' and explain how it is determined. (4 marks)
(Total = 10 marks)
Question 3
Auditors are required to plan and perform an audit with professional scepticism, to exercise
professional judgement and to comply with ethical standards.
Required
(a) Explain what is meant by 'professional scepticism' and why it is so important that the auditor
maintains professional scepticism throughout the audit. (3 marks)
(b) Define 'professional judgement' and describe two areas where professional judgement is
applied when planning an audit of financial statements. (3 marks)
(c) Discuss the importance of assessing risks at the planning stage of an audit. (4 marks)
(Total = 10 marks)
Question 4
Your firm, ABC & Co, has been appointed as the auditor of Visual Reflections PLC, a large
company. The company sells televisions, DVD players and Blu-ray Disc players to electrical
retailers.
You are planning the audit for the year ended 31 January 2018. The audit for the year ended 31
January 2017 wascarried out by another firm of auditors.

Information obtained from a client visit

During a recent visit to the company you obtained the following information.
(i) The company installed a new computerised inventory control system which has operated
from 1 June 2018. As the inventory control system records inventory movements and current
inventory quantities, the company is proposing:
– To use the inventory quantities on the computer to value the inventory at the year-end
– Not to carry out an inventory count at the year-end
(ii) You are aware there have been reliability problems with the company's products, which have
resulted in legal claims being brought against the company by customers, and customers
refusing to pay for the products.
(iii)Sales have increased during the year ended 31 January 2017 by attracting new customers and
offering extended credit. The new credit arrangements allow customers three months credit
before their debt becomes overdue, rather than the one month credit period allowed
previously. As a result of this change, trade receivables age has increased from 1.6 to 4.1
months.
Required
(a) Explain why it is important for auditors to plan their audit work. (4 marks)
(b) Describe three matters you will consider in planning the audit and explain the further action
you will take concerning the information you obtained during your recent visit to the company.
(6 marks)
(Total = 10 marks)
Question 5
Tshuma & Co, a firm of Chartered Certified Accountants, has recently obtained a new audit client,
Tenda Brothers Pvt Ltd whose year end is 31 December. Tenda Brothers Pvt Ltd requires its audit
to be completed by the end of February; however, this is a very busy time for Tshuma & Co. and
so it intends to use more junior staff as they are available. Additionally, in order to save time and
cost, Tshuma & Co. has not contacted Tenda Brothers Pvt Ltd previous auditors.
Required
(a) Describe the steps that Tshuma & Co should take in relation to Tenda Brothers Pvt Ltd:
(i) Prior to accepting the audit (5 marks)

(ii) To confirm whether the preconditions for the audit are in place (3 marks)
(b) State four matters that should be included within an audit engagement letter. (2 marks)
(Total = 10 marks)

CHAPTER 4
RISK
4.0 Risk-based and procedural approaches to auditing
AUDIT APPROACH
PROCEDURAL RISK BASED
PRE-DETERMINED
TESTS AUDIT PRECEDURES
ADAPTED TO CLIENTS’
CIRCUMSTANCES
When doing an audit, auditors can take one of two basic approaches:
• Procedural
The auditor carries out a set of standard procedures and tests regardless of the particular nature of
the client.
• Risk-based.

The auditor plans the audit around the risks that the client’s financial statements may contain
misstatements, whether as a result of fraud or error.
As such, each audit will involve different priorities, different tests, and will take different lengths
of time.
Traditionally, auditors have followed a risk-based approach, as this should minimise the chance of
them giving the wrong opinion. It also helps to ensure that audit work is carried out as efficiently
as possible, as assurance is obtained using the most effective tests.
4.1 Risk assessment as part of the audit process

In order to have a chance of detecting fraud the auditor must maintain an attitude of professional
skepticism when performing their work which involves keeping an open mind to the possibility
of fraud occurring.
This refers to:
i. an auditor’s responsibility not to accept management assertions without

corroboration/substantiation,
ii. a responsibility to ask management to “prove it” (with evidence).
Skepticism is a manifestation of objectivity, holding no special concern for pre-conceived

conclusions on any side of any issue. Skepticism is not being cynical/pessimistic,
scornful/mocking or hyper-critical. The properly skeptical asks these questions;
i. What do I need to know?

ii. How well do I know it?
iii. Does it make sense?
iv. What can go wrong?
A potential conflict of interests always exists between the auditors and the management of the
enterprise under the audit. Management wants to present the company in the best possible light,
while auditors must ensure that the information about the company’s financial condition is
presented fairly.

If the auditor needs to conduct the audit with an attitude of professional scepticism, he or she needs
to ask the question, ‘So what could go wrong?’
4.2 The importance of risk analysis

Risk analysis is the most important stage of the audit. If auditors assess risk properly, they will:
• Identify main areas where errors or misstatements are likely early in the audit.
• Plan audit work that addresses these possible mistakes.
• Discover errors as early as possible in the audit process.
• Carry out the most efficient (and hence profitable) audit possible.
• Minimise the chance of issuing an incorrect audit opinion.
• Reduce the chance of getting sued (and losing!).
• Have a good understanding of the risks of fraud, money laundering etc.
• Be in the best position to assess whether the client is a going concern.
Although the key to risk assessment is to do it as part of the planning process, it is important to
understand that:
• Risk can be uncovered at any stage of the audit.
• In the light of the work done the level of risk may be reappraised.
• The review and completion phase of the audit has to confirm that the risk of material misstatement
has been reduced to an acceptable level.
4.3 The impact of ISA 315 : Identifying and assessing the risk of
material misstatement through obtaining an understanding the
entity and its environment
Audits conducted under ISAs must follow the risk-based approach. It affects:
• how audits are planned
• the sources of assurance
• the nature of audit evidence gathered by the auditor
• the nature of the procedures carried out by the auditor

• the amount of evidence gathered.
ISA 315: Identifying and assessing the risk of material misstatement through obtaining an
understanding the entity and its environment
Put simply, it says when you do an audit you have to:
• Assess the risk.
• Address the risk.
• Review the results to make sure that the risk of material misstatement has been reduced to an
acceptable level.
4.4 Audit risk

‘The risk of that the auditor expresses an inappropriate audit opinion when the financial statements
are materially misstated.’(typically, stating that the financial statements are true and fair, when in
fact they are not).
Audit risk is further defined by way of a formula:

Inherent risk X Control risk X Detection risk
4.4.1 Inherent risk

The risk of errors or misstatements due to the nature of the company and its transactions. Clearly
this requires the audit team to have a good knowledge of how the client’s activities are likely to
affect its financial statements, and the audit team should discuss these matters in a planning
meeting before deciding on the detailed approach and audit work to be used.
Such a meeting is compulsory under ISA 315 and must be documented.
As well as considering the entity as a whole, the auditor needs to assess whether individual
headings in the financial statements or assertions about those items, carry increased levels of
inherent risk.

Management makes a number of assertions about items in the financial statements – whether they
exist, their value, whether all are included, whether they are recognised in the correct accounting
period etc. which we will consider in detail in the chapter on audit evidence.
4.4.2 Control risk

Control risk is the risk of errors or misstatements because the company’s internal controls are not
strong enough to prevent, detect and correct them. Control risk increases due to the lack of suitable
procedures implemented by the client. The implementation of such procedures will have a cost.
The client therefore needs to make a judgement about whether the benefits of the control outweigh
the costs of implementing it.
• the installation of new equipment
• the employment of extra staff
• the time taken by additional administrative procedures.
• How much ‘shrinkage’ would there need to be to make it worthwhile employing a store detective
or installing electronic tags and detectors?
4.4.3 Detection risk

This is the risk that the auditor’s procedures do not pick up material misstatements. Detection risk
includes sampling risk and non-sampling risk. Sampling risk is the risk which arises from the
possibility that the auditor’s conclusion, based on a sample may be different from the conclusion
reached if the entire population were subjected to the same audit procedure (ISA 530 Para 7: Audit
sampling and other means of testing).
In other words it is the risk that the sample may not be representative. On the other hand any other
risks that the auditor may come to the wrong conclusion are referred to as non-sampling risk e.g.:
• by misinterpreting the results of a test
• by using inappropriate procedures
• by failing to investigate a particular balance or transaction
• because a member of the client’s staff misleads the auditors.

Non-sampling risk is defined as arising from factors that cause the auditor to reach an erroneous
conclusion for any reason not related to the size of the sample.
4.5 Assessing the risk

It is possible to ‘score’ the level of risk. The assessment does not need to be a mathematical one –
the equation helps us to understand how the risks interact – but many firms use a mathematical
approach.
This involves the various risks being assessed (often using a checklist of relevant questions) and
being issued a ‘score’, a process that may be carried out using software.
Inherent risk and control risk cannot be directly influenced by the auditor, as they relate to the
nature of the entity and its systems. Together these two risks are known as the Entity risk. The
only risk that the auditor can change is detection risk.
Therefore, once inherent and control risk have been assessed, and with a maximum overall audit
risk ‘score’ in mind, detection risk can be manipulated to make the audit risk an acceptable level.
Detection risk will be a major variable in determining the extent of audit procedures, e.g. sample
sizes for audit tests. If control risk and inherent risk are deemed low because the entity is not
particularly risky and the its controls are effective, the auditor will place reliance on these factors.
Detection risk can be allowed to be higher and still give an acceptably low level of audit risk. If
detection risk needs to be low because the client is inherently risky or controls are not effective,
the auditor will increase the sample size and/or use more experienced staff.
Factor/Identify Audit risk Work we need to Type

perform/effect on of risk
the
audit

Lack of physical Employees are more Physical checks of the Control risk
controls likely to steal assets assets required to
• Valuable assets not from the company or determine
being locked away. not look after them; completeness and
• No restricted access therefore they get value.
to sensitive areas. damaged and become
• No CCTV or other impaired. Analytical review to
security measures for see any unusual
access to premises. Incorrect statement of trends.
Financial statements
Lack of IT based Computer systems can Analytical procedures Control risk

controls be changed or to
• No passwords modified without be performed to see if
or lack of password suitable authorisation. any unusual trends are
protection happening.
(everyone knows each Changes are not
Others passwords) recorded and or Review the integrity
notified to responsible of the staff.
individuals.
Assess the systems to
see how easy changes
will go undetected
Lack of Unnecessary Assess the systems to Control risk
authorisation expenditure incurred determine the
controls. or even non business likelihood of this
expenditure. happening.
Sales completed over Review the old

the limits therefore balances and credit
potential for non limited and see what

payment. other controls the

company have in
New staff employed place.
without authorization
that may not be Review the
necessary. organisation chart for
reasonableness and
understand the roles
within the company.
Lack of Not identifying errors Increase the Control risk

segregation of and fraud as only one substantive testing to
duties. person doing the job ensure that the
therefore concealment statements are true
easier to perform. and fair.
Account Due to the nature of Get an understating of Inherent risk

balances for these transactions a the criteria that needs
example high degree of to met and obtain
Research and judgement or sufficient evidence to
development estimation is involved support the
and warranty and is therefore open calculations.
provisions to manipulation or
error
Client operates Inventory may be Review events after Inherent risk
in a high tech or Obsolete the reporting period to
fashion industry determine the net
Obsolete inventory realisable value of
may be overstated in inventory
the financial
statements Use an independent

valuer to value
inventory
Client is based Inventory held at other Attend inventory Control risk

in multiple locations may be takes at all locations. +
locations omitted from year end Detection risk
Review control
Inventory Controls procedures to ensure
may be less effective they are adequate
Consider using a
Substantive approach
Bank is relying Risk management Inherent risk

on the financial bias
statements or
Directors are
paid a bonus based on Obtain independent
profits estimates re valuation
of yearend
inventoryetc
It is cash-based Cash may be Consider the Inherent risk +

business misappropriated, adequacy of internal
causing turnover to be controls over sales Potentially control
understated (possible limitation in risk
scope if we cannot
verify the
completeness of sales
and internal controls
are inadequate)

The company Transactions in Ensure foreign Inherent risk

Trades overseas foreign currency may currency is correctly
not be accounted for
translated at the
correct rate Review procedures to
mitigate exchange
The company may loss risk, e.g. hedging
make foreign
exchange losses
New computer Errors in transferring Review controls over Control risk

system in the the data from one the changeover: +
year system to another • parallel run Inherent
• check opening
There may be inherent Balances transferred
errors in the new properly
system that have Use test data on the
notyet been system to ensure it
discovered operates correctly
New audit client Lack of cumulative Use an audit team Detection

audit knowledge thatis experienced in risk
andexperience may theindustry
leadto Gather knowledge
increaseddetectionrisk ofthe company
Check opening
balances are correct
Tight audit Staff working quickly Increase substantive Detection risk
to a tight deadline are Testing

Deadline imposed by more likely to make

client errors Perform an interim
visit to complete
There is a shorter post some audit work
statement of financial before the end of the
position period that we year
can use to help with Agree a timetable :
our audit • reporting deadline
• client schedules to
be available
Temporary staff Errors more likely as Increase substantive Control risk
used during the staff are not familiar testing
year with the client's
systems
A client in a Errors more likely or Ensure that the Inherent risk

specialised fraud more likely to be auditors understand
industry missed because of the the system, increase
complexity of the testing
work
4.6 Discussion Questions
Question 1
You are an audit senior responsible for understanding the entity and its environment and assessing
the risk of material misstatements for the audit of Rock for the year ending 31 December 2018.
Rock is a company listed on a stock exchange. Rock is engaged in the wholesale import,
manufacture and distribution of basic cosmetics and toiletries for sale to a wide range of

stores,under a variety of different brand names.You have worked on the audit of this client for
several years as an audit junior.
Required:
Describe the information you will seek, and procedures you will perform in order to understand
the entity and its environment and assess risk for the audit of Rock for the year ending 31 December
2018. (10 marks)
Question 2
(a) Explain the purposes of planning an audit. (4 marks)
(b) You are the audit supervisor of Bluebird & Co and are currently planning the audit of
your existing client, Bridgford Products Co, a listed company. During a recent visit to
the company you obtained the following information:
The management accounts for the first 10 months of the year show a significant
increase in revenue and profit compared to the prior year. This was achieved by
attracting new customers by offering extended credit. The new credit arrangements
allow customers three months credit before their debt becomes overdue, rather than
the one month credit period allowed previously. As a result of this change, receivables
days have increased from 55 to 123 days.
Unfortunately there have been some recent reliability problems with the company’s
products, which have resulted in legal claims being brought against the company by
customers, and customers refusing to pay for the products. Partly as a result of this the
chief financial officer and purchasing manager were dismissed on 15 August. A
replacement purchasing manager has been appointed but it is not expected that a new
chief financial officer will be appointed before the year-end of 31 January 2019. The
accounts supervisor will be responsible for preparing the financial statements for audit.
The company installed a new computerised inventory control system which has
operated from 1 June 2018. As the system records inventory movements and current
inventory quantities the company is proposing to use the inventory quantities on the
computer as a basis for the year-end inventory figure rather than carrying out a full

year-end count as has happened in previous years. Test counts have been carried out
on a monthly basis.
Required:
Explain FIVE audit risks, and explain the auditor’s response to each risk, in
planning the audit of Bridgford Products Co. (10 marks)
Question 3
Your firm has been invited to tender for the audit of Phones Anywhere for the year ended
31 December 2013. Phones Anywhere was established two years ago, and it provides a
mobile phone service for individuals and businesses. All the shares are owned by three non-
executive directors who do not plan to make any further investment in the company.
Currently the local relay stations cover one large city with a population of about 1,000,000.
The cost of the relay stations and central computer are capitalised and depreciated over six
years.
Within the next year the directors hope that the system will cover all cities with a population
of over 250,000 in the country. By 2018, the system will cover all motorways and cities with
a population of over 100,000. Establishing the network of relay stations and subscribers will
result in the company making losses for at least three years. Extending the coverage of the
system will involve considerable capital expenditure on new relay stations and require
additional borrowings. Current borrowings are about 20% of shareholders’ funds. To obtain
additional finance the owners plan to list the company on a Stock Exchange in 2016. The
listing will involve issuing new shares to the general public to provide funds for the
company, and the three non-executive directors selling some of their shares.
You are aware that Phones Anywhere has a number of very large competitors, each of which
has a large number of users and comprehensive coverage (over 90% of the population are
within range of a relay station).

Required:
(a) Explain FIVE audit risks, and explain the auditor’s response to each risk relevant
to Phones Anywhere. (10 marks)
(b) Describe the substantive procedures the auditor should perform to obtain
sufficient and appropriate evidence in relation to:
(i) Capital expenditure (5 marks)
(ii) Borrowings (3 marks)
(iii) Share capital (2 marks)
(Total: 20 marks)
Question 4
(a) Explain why it is important to plan an audit. (5 marks)
(b) You are the audit manager in charge of the audit of Tempest, a limited liability
company. The company’s year-end is 31 December, and Tempest has been a client for
seven years. The company purchases and resells fittings for ships including anchors,
compasses, rudders, sails etc. Clients vary in size from small businesses making yachts
to large companies maintaining large luxury cruise ships. No manufacturing takes
place in Tempest.
Information on the company’s financial performance is available as follows:
2019 2018 Actual

Forecast
$000 $000
Revenue 45,928 40,825
Cost of sales (37,998) (31,874)
–––––– ––––––
Gross profit 7,930 8,951
Administration costs (4,994) (4,758)

Distribution costs (2,500) (2,500)

–––––– ––––––
Net profit 436 1,693
–––––– ––––––
Non-current assets (at net book value) 3,600 4,500
Current assets
Inventory 200 1,278
Receivables 6,000 4,052
Cash and bank 500 1,590
–––––– ––––––
Total assets 10,300 11,420
–––––– ––––––
Capital and reserves
Share capital 1,000 1,000
Accumulated profits 5,300 5,764
–––––– ––––––
Total shareholders’ funds 6,300 6,764
Non-current liabilities 1,000 2,058
Current liabilities 3,000 2,598
–––––– ––––––
10,300 11,420
–––––– ––––––
Other information
The industry that Tempest trades in has seen moderate growth of 7% over the last year.
• Non-current assets mainly relate to company premises for storing inventory. Ten
delivery vehicles are owned with a carrying value of $300,000.
• One of the directors purchased a yacht during the year.

• Inventory is stored in ten different locations across the country, with your firm
having offices close to seven of those locations.
• A computerised inventory control system was introduced in August 2019.
Inventory balances are now obtainable directly from the computer system. The
client does not intend to count inventory at the year-end but rely instead on the
computerised inventory control system.
Required:
Using the information provided above, prepare the audit strategy for Tempest
for the year ending 31 December 2019. (15 marks)
(Total: 20 marks)


CHAPTER 5
INTERNAL CONTROLS AND SYSTEMS
5.0 Client's systems

Auditors need to understand the client’s systems so that they can:
• Assess their reliability for the preparation of financial statements.
• Design suitable audit procedures.
If the auditor is able to rely on the system it will be because it contains some of the components of
internal control as set out in ISA 315. A company’s management has a number of obligations:
• To manage the business effectively.
• To produce timely, and accurate financial statements and management information (both for
management and statutory purposes).
• To safeguard the business’ assets.
• To prevent and detect fraud.
The purpose of a system is to enable the business to:

• collect data
• summarise data
• produce financial statements and management information
• to aid the directors in complying with the above obligations.
5.1 What is internal control and how does it work?

Management’s view

Logically, the more reliable a system is the more accurate its output will be as more reliable
information will lead to better decision making.
What about the auditors?

The auditor’s job is to form an opinion on the financial statements, to do this the risk that the
financial statements may be misstated,must be reduced to an acceptable level. So from the auditor's
point of view, the next question must be, therefore, how to judge whether a system is more or less
reliable. The answer will depend on the strengths or weakness of internal control.
MORE RELIABLE REDUCED AUDIT RISK

SYSTEM
It follows, therefore, that to form a view about the extent to which internal control can be relied
upon, the auditor will need to:
– understand how the system works
– understand the controls within the system
– test whether or not the controls are effective.
5.2 Internal control components

It is a CRIME not to have good internal controls, therefore to have good internal controls we
would see:
ISA 315 states that there are five components of internal control:
C R I M E
CONTROL RISK INFORMATIO MONITOR ENVIRONM

ASSESMENT N SYSTEMS ING OF ENT
ACTIVITIES CONTROL
COMPILED BY MAJORY TINOTENDA NYAZEMA S Page 83
5.2.1 Control activities

Approval – a senior employee like a manager to sign off an action.
Authorisation- an employee wants to do overtime, a manager should authorise this in
advance.
Computer controls– having passwords, backups, virus checks
Comparison– looking at budget versus actual and reviewing for variances, any variances
should then be investigated.
Arithmetic controls – recalculating an employees work, sequence checking.
Maintain and review control accounts – like wages, PAYE, bank.
Account reconciliations.
Physical controls – restricted access, either through locking doors,or code entry, CCTV, safes.
Segregation of duties – division of responsibilities to reduce the riskof fraud. E.gpurchase invoices
and bank payments is a lack of segregation ofduties, different people should process different
stages of a system. Splitting the responsibility on a transaction stream.
5.2.2 Risk assessment process

If the client has robust procedures for assessing the business risks itfaces, the risk of misstatement
will be lower. There should be a monthly risk assessment done by the management.
5.2.3 The information system

We will examine the way controls operate for different transaction cycles later in this chapter. Here
we need to stress that the consideration of systems is not optional.
ISA 315 states:'The auditor should obtain an understanding of the information system, including
the related business processes, relevant to financial reporting.' ISA 315 assumes that the vast
majority of systems are IT based – see below about application controls and general controls in IT
systems.

5.2.4 Monitoring of controls

Clearl if:
– a control is either ineffective, or
– simply does not function
it might as well not be there.
Management must therefore monitor controls to be sure that they are effective.
5.2.5 The control environment

The control environment is defined in ISA 315 as being made up of:
The management should have the right attitude.

– communication and enforcement of ethical values
– commitment to competence
– participation by those charged with governance
– management’s philosophy and operating style
– management need to have awareness and action in place
– organisational structure
– assignment of responsibility
– human resource policies and practices – staff training, recruitment
– procedures etc.
5.6 Controls in IT systems

Computer based controls are normally divided into two categories:
• Application controls.
• General controls.
5.6.1Application controls
Application controls are controls that are built into the system, e.g.
• Arithmetic checks

• Range checks
• Validation checks
• Quickbooks, the small business accounting package, for example, willnot let you enter a sale
until you have set up an ‘item’, which means youhave to allocate the sale to a revenue account, set
up the customer as areceivable, decide on VAT treatment, etc.
• Some systems will not let you reverse or delete entries so that all errors have to be corrected
through the use of journals. This may be seen as a strength, because all entries must leave an ‘audit
trail’, although the system can be so cumbersome to operate and correcting journals become so
difficult to follow, that the operational difficulties created outweigh the benefits of the control.
5.6.2 General controls

General IT – controls are policies and procedures that relate to many applications and support the
effective functioning of application controls by helping to ensure the continued proper operation
of information systems, e.g. controls over:
• Data centre and network operations
• System software acquisition
• Change and maintenance
• Access security – passwords, door locks, swipe cards
• Backup procedures.
We gave the example above of an application control that will not allow errors to be corrected by
simply deleting the offending entry and replacing it with a correct one. In the absence of a control
such as this, there will need to be general controls which ensure that staff are properly trained, so
that errors are minimised and that the deletion of entries only happens in appropriate circumstances
and with proper authorisation.
5.7 What should the auditor do about internal control?
5.7.1 Test the internal controls/compliance testing.

The internal controls produce the financial statements and the external auditor is giving an opinion
on those financial statements on their truth andfairness. The only way the external auditor will
know if they are true and fair is by testing the financial statements.

If the systems produce the financial statements then we can test the systems because that is
ultimately testing the financial statements. If the internal controls are strong then we can have the
confidence the financial statements are accurate. From an audit point of view the systems can be
tested and if the tests confirm the system is being complied with, then the auditor can assume the
financial statements are accurate.
The size of the transaction is irrelevant.This is known as a test of control or compliance testing.
For example, if, when auditing the ‘bank and cash’ figure, an auditor is toldthat the client performs
bank reconciliations at the end of every month and the auditor looks for evidence that this
reconciliation is indeed taking place every month, and is done properly, a test of control has been
performed.
This is one possible source of assurance that the financial statements are not materially misstated.
5.7.2 Substantive procedures.

The other source of testing is known as substantive procedures. With a Substantive procedure, the
auditor is trying to gain assurance directly about the accuracy of a figure in the Financial
Statements. For example agree the bank balance on the financial statements to the bank statement.
5.8 The auditor and the system

We have already seen that the auditor needs to understand the system:
• To assess its reliability as a basis for preparing financial statements.
• To assess the effectiveness of controls.
• To design suitable audit procedures.
It is also compulsory as stated in ISA 315:‘The auditor should obtain an understanding of the
information systems, including the related business processes, relevant to financial reporting.’ISA
315 para 81

5.8.1 Establishing the system

Information about the system comes from:
• Previous knowledge/experience
• Client’s staff
• Client’s system manuals
• Walk through tests (where transactions are traced through system to confirm our understanding).
5.8.2 Documenting the system

Possible ways of documenting the system and controls are:
• Narrative notes (which can prove bulky if system is large or complex)
• Flowcharts (which can make a complex system easier to follow)
• Organisation charts – showing roles, responsibilities, and reportinglines
• Internal Control Questionnaire (ICQ)
• Internal Control Evaluation Questionnaire (ICE).
5.8.2.1 A word on questionnaires (ICQs)

ICQs
• An ICQ is a list of all possible controls for each area of the FinancialStatements. The client’s
staff are asked questions and systemsdocumentation reviewed, to establish which controls exist.
• The system is then appraised – but this can be difficult. Differentcombinations of controls could
achieve the same result.
ICEs
• ICE (sometimes referred to as ICEQ) does not attempt to record ALLcontrols like an ICQ.
• Instead, for each control objective, it asks for the controls which achievethat objective.
• As such, an ICE may not record the entire system – but it is far moreuse as an evaluation tool for
the auditor, as its focus is on whether ICObjectives are being met.
5.9 The limitations of internal control

We have seen that where internal control is strong, it may reduce the amountof evidence the auditor
needs to gain from other sources.

Nevertheless ISA 315 insists that for material areas some substantivetesting needs to be carried
out.The reason for this is that there are limitations to the reliance that can beplaced on internal
control because of:
• human error in the use of judgement
• simple processing errors and mistakes
• collusion of staff in circumventing controls
• responsible people abusing that responsibility to override controls.
The auditor draws assurance from a number of sources,including internal controls.
The chart below shows the decisions to be taken which depend on theeffectiveness of controls and
the impact on the audit plan if they are foundnot to be effective.
• It may be more efficient and cost effective not to rely on controls at all asa source of assurance
(but we need sufficient assurance from othersources).
• It is possible that, even though the controls are not as effective as wewould like, and the risk of
misstatement may be increased, it may stillbe at an acceptable level.
• If we do need to amend the plan, it is not simply a matter of increasingthe number of items we
test.
ARE WE RELYING ON INTERNAL

CONTROLS TO REDUCE RISK OF NO
MISTATEMENTS?
YES

ARE THE CONTROLS NO NEED TO AMMEND

YES
OPERATING AS THE AUDIT PALN
EXPECTED?
NO
DO WE STILL HAVE YES

SUFFICIENT
ASSARANCE?
NO ALTERNATIVE
EVIDENCE
AMMEND
PLAN
INCREASE BUT
MUST BE
If we need to change the plan as you can see from the diagram, there are two possibilities:
TESTING
EFFECTIVE
• Find an alternative source of assurance.
• Increase the extent of testing.

Possibilities are:
Alternative sources
• external confirmation
• analytical procedures
• management representations (be careful with this one – you cannotsimply rely on what the client
tells you, because your opinion has to beindependent – but representations may add to the sum
total ofevidence).
Increasing the extent of testing

ISA 330 says:
• If the risk increases you would normally increase the extent of your auditprocedures.
So, if controls are ineffective, increase your sample size.
BUT
• The evidence you gather must always be relevant to reducing the risk(simply looking at more
incorrect invoices will not achieve anything).
• The increase in sample size may need to be substantial. (The originalstatistical studies –
admittedly carried out when manual systems werethe norm – indicated that sample sizes needed
to be tripled tocompensate for poor internal control.)
ISA 330 states:

‘Extent includes the quantity of a specific audit procedure to be performed,for example, a sample
size or the number of observations of a controlactivity. The extent of an audit procedure is
determined by the judgment ofthe auditor after considering the materiality, the assessed risk, and
thedegree of assurance the auditor plans to obtain.

In particular, the auditor ordinarily increases the extent of auditprocedures as the risk of material
misstatement increases. However,increasing the extent of an audit procedure is effective only if
theaudit procedure itself is relevant to the specific risk; therefore, thenature of the audit procedure
is the most important consideration.’ISA 330 Para 18
5.10 The ‘nitty gritty’ of controls

Each major accounting system should have control objectives and controlprocedures. The auditor
can then perform tests of control to ensure thecontrols are working.
• Control objectives – what objectives are the internal controls seeking toachieve
• Control procedures – the procedures that should be in place to ensurethat the control objectives
are achieved
• Tests of control – audit work performed to generate evidence as towhether the controls are
operating
5.10.1 Sales cycle

Objectives of controls
The objectives of controls in the revenue cycle are to ensure that:
• sales are made to valid customers
• sales are recorded accurately
• all sales are recorded
• cash is collected within a reasonable period.
This is a summary of the sales cycle, showing the possible problems andthe related controls:
Stage Risks Control Control procedures

Objective

Receive an Orders may not To ensure that Confirm order back

Order be recorded order is raised tocustomer (or) get
accurately. accurately allorders in writing
Orders may be To ensure that All new customers

taken from the customer is subject to credit check
customers that creditworthy
are unable to pay Perform regular
or unlikely to pay To ensure that creditchecks on
for a long time = the order does existingcustomers
financial loss not takecustomer
overcredit limit Credit limit check
Orders cannot be beforeorder is accepted
fulfilled and To ensure thatthe
therefore customer'sorder Check inventory
customer can befulfilled systembefore issuing
goodwill is lost correctly(items are order
(and possibly the ininventory)
customer) Automatic
reorderingsystem linked
tocustomer order system
Goods are Goods may not To ensure that all Use sequentially
dispatched to be despatched orders are sent Numberedcustomerorder
customer for orders made to warehouse pads.
Incorrect goods To ensure thatthe Send a copyto the

may be sent to right goodsare in warehouse where
customers inventory they are filed
leading to loss of numericallyand
goodwill orgoods may sequence ischecked to
notbe in inventory

To ensure thatthe ensure thatall are there

goods aresent to the (nonemissing)
rightcustomer
Pick goods using a
copyof the customer's
order
Get the copy signed

bythe picker as correct
When GDN is
raisedcheck it matches
with the
customer order
(stapletogether and file)
Get the customer to signa

copy of the GDN
andreturn to the
company
Use sequentially
numbered GDNs, file
acopy numerically and
check that they are
allthere
Invoice israised Invoices may be To ensure invoice Copy of sequentially

missed,incorrectly is raised for every numered GDN sent
raisedor sent to thewrong delivery toinvoicing dept, stapled
customer to

To ensure that the copy of the

Credit notes may invoice is raised invoice,checked all
be for the correct GDNs arethere and
raisedincorrectly,missed amount having invoice
or tocover cash to match
beingmisappropriated To ensure that
credit notes are On copy of the
raised correctly invoicesign as agreed to
and are valid original
order and GDN, signedas
agreed to customerprice
list, signed as
agreed it adds up
properly
Credit notes to be
allocated to invoice
itrelates
Authorised by
managersequence check
done ona regular basis
Sale isrecorded Invoiced sales To ensure that the Review receivables

may beinaccurately sale is recorded ledger for credit
recorded, missed at the correct balances(paid for goods
or recorded for amount but no
the wrongcustomer debtor recorded)
To ensure that the
To ensure that all sale is recorded Perform a
sales arerecorded receivablesledger

in the rightdebtor's reconciliation(check info

ledger in individualledger
matches that in
nominal)
Computer controls
Double check back
toinvoice
Perform receivables
ledger control account
reconciliation
Customerstatements
sent out (customers
letyou know if error)
Cash Incorrect amounts To ensure that the Agree cash receipt

received may be received customer paysthe backto the invoice
correctamount
Customer may Review receivables
not pay for goods To ensure that the ledger for credit
customer does balances(customer
pay overpaid)
Review aged debt

listingand
investigate(customer
underpaid)

Review aged debt

listingregularly, phone
whenoverdue by 30
days,another letter at 45
days
final letter
threateninglegal action at
60 days
Refer receivable to
solicitor
Cash Cash To ensure that all Customer statements

recorded maybeincorrectlyrecorded cash receipts are
or recorded Perform a bank
recorded against reconciliation
the wrong To ensure that
customer account cash is recorded Customer statements
at the correct
Cash received amount Regularbanking/physical
may be stolen security over cash (i.e.
To ensure that the asafe)
cash is recorded
in the right debtor Reconiciliation of
ledger banking to cash
receiptsrecords
To ensure all
money received Segregation of duties
is banked
promptly

Examples of control tests/(also known as compliance testing)

Tests of control should be designed to check that the control procedures are
being applied and that objectives are being achieved.
Tests may beappropriate under the following broad headings.

• Carry out sequence tests checks on invoices, credit notes, dispatch notes and orders. Ensure that
all items are included and that there areno omissions or duplications.
• Review the existence of evidence for authorisation in respect of:

– Obtain goods despatch notes and ensure each note is signed bythe warehouse foreman to confirm
despatch of goods listed on theGDN to the customer.
– Obtain a sample of credit notes and ensure each document issigned by the accounts clerk to
confirm the arithmetical accuracy ofthe note has been checked.
– Obtain a sample of despatch notes and goods returned notes;ensure that they are signed by a
responsible official to confirm thatdetails have been agreed with the relevant sales invoices
andcredit notes.
• This is often done by means of a “grid stamp” containing severalsignatures on the face of the
document. Ensure that the control hasbeen applied by checking the accuracy of such invoices and
creditnotes.
• Observe that control account reconciliations have been performed andreviewed. By reviewing
the work done by the client or throughobservation.
Class discusssion
Rhapsody Co supplies a wide range of garden and agricultural productsto trade and domestic
customers. The company has 11 divisions, witheach division specialising in the sale of specific
products, for example,seeds, garden furniture, agricultural fertilizers. The company has aninternal
audit department which provides audit reports to the auditcommittee on each division on a
rotational basis.

Products in the seed division are offered for sale to domestic customersvia an Internet site.
Customers review the product list on the Internet andplace orders for packets of seeds using
specific product codes, alongwith their credit card details, onto Rhapsody Co's secure server.
Orderquantities are normally between one and three packets for each type ofseed. Order details are
transferred manually onto the company's internalinventory control and sales system and a two part
packing list is printedin the seed warehouse. Each order and packing list is given in a
randomalphabetical code based on the name of the employee inputting theorder, the date and the
products being ordered.
In the seed warehouse, the packets of seeds for each order are takenfrom specific bins and
despatched to the customer with one copy of thepacking list. The second copy of the packing list
is sent to the accountsdepartment where the inventory and sales computer is updated to showthat
the order has been despatched. The customer's credit card is thencharged by the inventory control
and sales computer. Bad debts inRhapsody are currently 3% of the total sales.
Finally, the computer system checks that for each charge made to acustomer's credit card account,
the order details are on file to prove thatthe charge was made correctly. The order file is marked
as completedconfirming that the order has been despatched and payment obtained.
Required:
In respect of sales in the seeds division of Rhapsody Co, prepare areport to be sent to the audit
committee of Rhapsody Co which:
(i) identifies and explains FOUR weaknesses in that sales system;
(ii) explains the possible effect of each weakness; and
(iii) provides a recommendation to alleviate each weakness. (14 marks)
SOLUTION
Report to audit committee
Inventory control and sales system

Seed Division
12 June 2007
The internal audit of the inventory and sales system identified the following weaknesses:
Weakness Potential effect of Recommendation

weakness
Recording of orders Customers will be sent The computer systems

Orders placed on the Internet incorrect goods resulting in are amended so that order
site are transferred manually increased customer details are transferred directly
into the inventory and sales complaints between the two computer
system. Manual transfer of systems. This will remove
order details may result in manual transfer of details
information being transferred limiting the possibility of
incompletely or incorrectly, human error.
for example, order quantities
may be
incorrect or the wrong
product code recorded.
Control over orders and Packing lists can be lost Orders/packing lists are
packing lists resulting either in goods not controlled with a numeric
Each order / packing list is being despatched to the sequence. At the end of each
given a random alphabetical customer (if the list is day, gaps in the sequence of
code. While this is useful, lost prior to goods being packing lists
using this type of code makes despatched) or the customer's returned to accounts are
it difficult to check credit card not being charged investigated.
completeness of orders at any

stage in the despatch and (if lost after goods despatched

invoicing process. but prior to the list being
received in the accounts
department).
Obtaining payment Rhapsody Co will not be paid Authorisation to charge the

The customer's credit card is for the goods despatched customer's credit card is
charged after despatch of where the credit company obtained prior to despatch of
goods to the customer, rejects the payment request. goods to ensure Rhapsody Co
meaning that goods are is paid for all goods
already sent to the customer Given that customers are despatched.
before payment is authorised. unlikely to return seeds,
Rhapsody Co will
automatically incur a bad
debt.
Completeness of orders Entire orders may be The computer is programmed

The computer system overlooked and consequently to review the order file and
correctly ensures that order sales and profit understated orders where there is no
details are available for all corresponding invoice for an
charges to customer credit order, these should be
cards. flagged for subsequent
investigation.
However, there is no overall
check that all orders recorded
on the inventory and sales
system have actually been
invoiced.

We look forward to arranging a meeting to discuss these weaknesses with you in more detail.
5.10.2 Purchases cycle

The objectives of controls in the purchases cycle are to ensure that:
• purchases are only made when there is a genuine need
• value for money is achieved
• goods/services delivered are what was ordered
• quality of goods/services delivered is satisfactory
• liabilities are recorded completely and accurately
• only valid liabilities are paid
• liabilities are paid in a sensible, commercial timescale.
This is a summary of the purchases cycle, showing the possible problemsand the related controls:
The table shows the various stages of the purchases ‘cycle’, together with:
• the risks (what could go wrong)
• control procedures (so that things don’t go wrong!).

objective
Requisition Unauthorised To ensure that All requisitions
raised purchases may requisition is for authorised by
be made (i.e. for a valid business department manager
own personal reason
use/fakesuppliers Central purchasing
enteredonto To ensure that it dept
payablesledger) is cost effective
To ensure items Preferred

are actually suppliers/agreed

needed pricelists/terms
Check inventory
levelsfirst
Order isplaced Invalid orincorrect To ensure thatorder is Have sequentially

ordersmade or raisedfor all numbered requisition
Recorded requisitions pads, copies filed
numerically with copy
The mostfavourable To ensure orders oforder stapled to it.
terms are accurately
not obtained recorded bysupplier Periodically check
that allare there
To ensure items
are correctlycosted Ask them to repeat
theorder back to you
(on thephone)
(or) send/confirm
allorders in writing
Check quoted
priceagainst supplier
price list
(discounts to contract)
Goods Goods may be To ensure goods Have one delivery

received misappropriated received for all areakept secure)
for own use or not orders Inventory records
received at all updated on a
To ensure that timelybasis

Goods may be the goodsreceived are

accepted thathave not asordered + Copy of Purchase
been correctquality order
ordered/wrong sent to warehouse,
quantity/inferior sequentially
quality numbered,
filed, matched to GRN
stapled, checked all
there
Raise GRN and grid
stamp it, signed as
goods checked to PO
and checked for
quality
Invoice Invoices may not To ensure that an Copy of

received be recorded invoice isreceived for sequentiallynumbered
resulting in non- allgoods received GRNs sent
payment toinvoicing
and lossof To ensure that do department,filed and
suppliergoodwill not get invoicesfor matched to
things wehave copy of invoice
Invoices may notreceived, and (stapled),checked to
belogged for goods valid see if allthere.
not receivedInvoices businesspurchases
maycontain errors As above – if no
To ensureinvoices are GRNask supplier for
forright items, proof ofdelivery +
rightprice adds up match to
PO(authorised
asmentioned above)

Grid stamp invoice

signed as checked
itemsto PO, GRN,
agree priceto
supplier's price list
Check
invoicecalculations
Purchase Some purchases To ensure that all Batch controls on

recorded may be missed or purchases are input
recordedincorrectly recorded
leading to loss of Stamp the invoice
supplier goodwill To ensure that all toindicate recorded,
invoices are check
recorded at the all filed invoices
correct amount arestamped
To ensurerecorded in Suppliers send in

right monthlystatements,
supplier ledger reconcilethese to
suppliers ledger
account (may need
toconsider cash/goods
in
transit)
Grid stamp – signed
Supplier statement

reconciliation
Cash paid Invoices may not To ensure allinvoices Stamp invoices

be paid/theincorrect paid(and only once) whenpaid check all
amount invoicesstamped
paid or may bepaid To ensure paidcorrect
twice amount Keep paid invoices
separately from
To ensure unpaidones
validBusinessexpense
Cheque signatory
tocheck to invoice
whensigning
cheque/authorising
BACS
Have relevant bank

authorised signatories
(level $)
Get invoices signed

asauthorised by
relevantmanager
Examples of control tests

As already noted, tests of control should be designed to check that thecontrol procedures are being
applied and that objectives are beingachieved.

One suggested way to design tests of control for a particularsituation is to list the documents in a
transaction cycle and generateappropriate tests of control for each document.
This approach is illustrated

here in connection with the purchases cycle – note that a similar techniquecould be applied to other
transaction cycles.
• Obtain the ledger recording purchase orders; ensure each page hasbeen signed by a responsible
official to confirm all orders have beenrecorded and there are no gaps in the sequence of orders.
• Obtain a sample of purchase invoices; ensure each invoice has beensigned by a responsible
official to confirm checks on the invoice havebeen completed and the invoice is passed for
payment.
• Obtain a sample of credit notes; ensure each credit note is signed by aresponsible official to
confirm credit note details (goods descriptionand quantity) have been agreed to the relevant goods
returned note.
• Review the purchase order for the relevant signature for approval.
• Review purchase invoice for evidence that the invoice has beenreviewed and checked.
• Review purchase invoice for initialling of the grid stamp.
• Review/observe the supplier reconciliation note to ensure the controlhas been complied with.
Class discussion
You are carrying out the audit of the purchases system of SpondonFurniture. The company has a
turnover of about $10 million and all theshares are owned by Mr and Mrs Fisher, who are non-
executivedirectors and are not involved in the daytodayrunning of the company.
The bookkeeper maintains all the accounting records and prepares theannual financial
statements.The company uses a standard computerised accounting package.You have determined
that the purchases system operates as follows:

• When materials are required for production, the production managersends a handwritten note to
the buying manager. For orders of otheritems, the department manager or managing director
sendshandwritten notes to the buying manager. The buying manager findsa suitable supplier and
raises a purchase order. The purchase orderis signed by the managing director. Purchase orders are
not issuedfor all goods and services received by the company.
• Materials for production are received by the goods receiveddepartment, who issue a goods
received note (GRN), and send acopy to the bookkeeper. There is no system for recording receipt
ofother goods and services.
• The bookkeeper receives the purchase invoice and matches it withthe goods received note and
purchase order (if available). Themanaging director authorises the invoice for posting to the
purchaseledger.
• The bookkeeper analyses the invoice into relevant nominal ledgeraccount codes and then posts
it.
• At the end of each month, the bookkeeper prepares a list ofpayables to be paid. This is approved
by the managing director.
• The bookkeeper prepares the cheques and remittances and poststhe cheques to the purchase
ledger and cashbook.
• The managing director signs the cheques and the bookkeepersends the cheques and remittances
to the payables.
Mr and Mrs Fisher are aware that there may be weaknesses in the above system and have asked
for advice. Identify the weaknesses in controls in Spondon’s purchases system, explain what the
impact is and suggest improvements.(12 marks)
SOLUTION
Weakness Consequence Recommendation

Hand writtenorders are Orders for goods not Have pre-numberorders
done(with nonumbering). which areauthorised by a

required and apotential orders manager.

beingmissed for action.
Therefore overspending or
potentialshock outs due
toorders not being
processed.
Purchase ordersare not issued Goods/services Purchase ordersrequired for

forall goods and beingpurchased that are all goods,for services a
services. notlegitimate or required. budgetshould be set
andquotes obtained.
No system forrecording Goods received thatare of Count goods in before

receiptof other goodsand poor quality orincorrect they are signed.
services. amounts.
It doesn't statethat the GRN Goods received thatare of Agree GRN back to the
arechecked toanything. poor quality orincorrect purchase order.
amounts.
There is no reviewdone of Errors could goundetected, A review by a managershould

thebookkeeperposting thereforepay suppliers be done on aregular basis.
theinvoices into thenominal theincorrect amount
ledger.
A list of payablesis given to The managing director The managing director

themanagingdirector. will not know ifpayables are should also reviewsource
valid orcorrect therefore documentsbefore signing the
couldbe paying list.
incorrectamounts.

Lack ofsegregations It is easy to placethrough a Segregate duties bysharing

The managingdirector purchaseinvoice to pay theresponsibility withanother
Authorizes himselfand this would go manager.
invoices,approvespayment undetected.
and
signs cheques.
5.10.3 Payroll
The objectives of controls for the payroll cycle are to ensure that thecompany will:
• pay the right people
• at the right rate
• for valid work done
And
• deal correctly with taxes and other deductions.
This is a summary of the payrolls cycle, showing the possible problems andthe related controls:
The table shows the various stages of the payroll ‘cycle’, together with:
• The risks (what could go wrong).
• Control procedures (so that things don’t go wrong!).
objectives
Clockcards / Cards may To ensure allcards Check number of cardsto

Timesheetssubmitte bemissed, received number of employees
d bogusemployees
paid To ensure that no

or employeespaid bogus clockcards Keep all spare cardslocked in

for hours submitted cupboard
notworked
To ensure Get departmental
thehours noted managers to sign clockcards
have as authorized hours (and
actually especially any
beenworked overtime)
Clockcards input Cards may not To ensure allclock Batch total or hash
Intocomputer be cardsentered totalchecks
recordedaccurately
To ensure details Range checks inputtersigns
input correctly clock card to say
double checked details to
To ensure inputter screen
doesn't input data Programme only allowsinput
twice/input bogus for each persononce, can only
employees input for
employees held
withinstanding data
Hierarchicalpasswordcontrol
to payroll system
Different person shouldbe

responsible for
updating standing data,to
those responsible forthe
monthlyprocessing(segregati
on of duties)

Standingdata input Standing data To ensure leavers Managers should

could are not paid after complete a leavers/joiners
becompromised. they have formnoting date
left/joiners are ofdeparture/arrival andsend
Unprocessedupdate paid when they promptly to Payrolldept
s maymean start
employeeswho Standing data files
have left arepaid or To regularly printed out andsent
joinersare missed ensurestanding to departmentmanagers for
datainput is them tosign and
accurate returnconfirming all staff
there
Inputter to signjoiner/leaver
form /wagerise form to say
checkedto input
Monthly print of anychanges

to go to seniormanagement
for review,they should sign
print asauthorised
Processing Inaccurateprocessin To ensure correct Sample of wages

of data g ofdata could wage iscalculated recalculated manually,
leadto wages print out signed as
andtaxes To ensure correct checked
beingincorrectly tax is calculated
calculated Exception report
produced automatically

for anyone paid over$xxx, or

paid under $xxx
Sample of deductions(PAYE,
NIC) recalculated
manually print out signed as
checked
Recordingof payroll Recorded payroll To ensure correct Nominal ledger clerksigns

may not match wages, payroll print out toconfirm
actual payroll NIC,PAYE entries doublechecked
recorded to print
Senior management
review wages expensesfor
reasonableness
Staff paid Staff may not be To ensure all staff Have two people
Paid are presentwhere cash wages are
paid(employees paid. (See controls
Bogus staff could will above over standingdata)
be paid complain if
not!!!) Responsible individualshould
review any BACS
To ensure payroll summary prior
nobogusemployee topaying staff – sign to
s arepaid confirm reviewed


A suggested programme of tests of control is set out below. This would, ofcourse, be modified to
suit the particular circumstances of the client.
• Test a sample of timesheets, clock cards or other records, for approvalby a responsible official.
Pay particular attention to the approval ofovertime there relevant.
• Observe wages distribution for adherence to procedures ensuringemployees sign for wages, that
unclaimed wages are rebanked, etc.
• Test authorisation for payroll amendments by reference to personnelrecords.
• Test controls over payroll amendments by reviewing changes andseeing whether they have been
authorised. You could print off anexception report highlighting changes and follow those through.
Youcould also do a dummy transaction to see how the system handleschange.
• Obtain the payment sheet for casual labour payments and ensure thishas been signed by the chief
accountant to authorise the paymentsmade.
• Obtain the weekly payroll and ensure this have been signed by aresponsible official to approval
those payments.
• Examine evidence of independent checks of payrolls (e.g. by internalaudit).
• Inspect payroll reconciliations done regularly, clearing wage controlaccount, tying the PAYE
liability up to the Inland Revenue records.Review the client working papers or observe the
reconciliation processhappening.
• Examine explanations for payroll expense variances.
• Test authorisation for payroll deductions by reviewing the employeesrecords, looking at who is
authorised to place through amendments,and observe the process.
• Test controls over unclaimed wages. You could do a dummy transactionto see how the system
works, what happens to the wages unclaimed,are they place in a safe, if so tick the clients working
to the amount inthe safe.
Class Discussion

Bassoon Ltd runs a chain of shops selling electrical goods all of whichare located within the same
country.It has a head office that deals with purchasing, distribution andadministration. The payroll
for the whole company is administered athead office.
There are 20 staff at head office and 200 staff in the company’s 20shops located in high streets
and shopping malls all over the country.Head office staff (including directors) are all salaried and
paid by directtransfer to their bank accounts.The majority of the staff at the company’s shops are
also paid throughthe central salary system, monthly in arrears. However, some studentsand part
time staff are paid cash out of the till.
Recruitment of head office staff is initiated by the department needingthe staff who generally
conduct interviews and agree terms andconditions of employment. Bassoon has an HR manager
who liaiseswith recruitment agencies, places job adverts and maintains staff fileswith contracts of
employment, etc.
Shop managers recruit their own staff.Shop staff receive a basic salary based on the hours worked
andcommission based on sales made.
The company has a fairly sophisticated EPOS (electronic point of sale)till system at all shops that
communicates directly with the head officeaccounting system.All staff when making a sale have
to log on with a swipe card whichidentifies them to the system, and means that the sales for which
theyare responsible are analysed by the system and commissionscalculated.
Store managers have a few ‘guest cards’ for temporary and part timestaff, who generally do not
receive commissions.Store managers and regional supervisors are paid commissions basedon the
performance of their store or region.
Directors and other headoffice staff usually receive a bonus at Christmas, depending on
thecompany’s performance. This is decided on by the board in consultationwith departmental
managers and put through the system by the payrollmanager.

The payroll manager is responsible for adding joiners to the payroll and deleting leavers as well as
for implementing changes in pay rates, taxcoding and other deductions and for making sure that
the list of monthlytransfers is communicated to the bank.
The computerised payroll system is a standard proprietary system whichis sophisticated enough to
incorporate the commission calculationsmentioned above which are fed in directly from the EPOS
system.The company employs an IT manager who is responsible for themaintenance of all IT
systems and installing new hardware and software.
Comment on the strengths and weaknesses of the payroll systemat Bassoon Ltd and recommend
any changes which you thinkare appropriate.(10 marks)
SOLUTION
Strength Weaknesses Recommendation
Salaries are paid by direct

transfer to the employees bank
accounts (less chance of
misappropriation of
cash).
Cash paid to part time Apply the payroll system to all

staff (easier to misappropriate employees.
cash).
No control over the Head office staff should

appointment of head office be approved by the
staff the HR Manager deals board.
with (may recruit unnecessary
staff).

No control over shop staff, the Should be approved by

shop manager recruits own head office.
staff
Having a sophisticated EPOS

till system (unlikely for errors
to occur).
Individual swipe cards linked

to commission (you know
who is doing the transaction
and because they receive a
commission it encourages the
staff to recognise the sale).
Guest cards, could be A control system to monitor

anybody and they could steal guest cards so management
a card to access till at a later know who has a specific card.
date to steal money.
Lack of segregation of duties, Split the responsibilities up,

the payroll manager is maybe get a manager
responsible for all processing. to review the payroll
managers work.
In the question it states Place passwords on the system

the IT manager is responsible and change them on a regular
for systems, but doesn't state basis.
there is restricted access.

5.10.4 Inventory
The objectives of controls in the inventory cycle are to ensure that:
• inventory levels are in keeping with the needs of:
– production (raw materials and bought in components)
– customer demand (finished goods)
• inventory levels are not:
– excessive
– too low (‘stockouts’)
• value for money is achieved
• goods/services delivered are what was ordered
• quality of goods/services delivered is satisfactory
• liabilities are recorded completely and accurately
• only valid liabilities are paid
• liabilities are paid in a sensible, commercial timescale.
The table shows the various stages of the inventory ‘cycle’, together with:
• the risks (what could go wrong)
• control procedures (so that things don’t go wrong!).
Process Risks Possible control

procedures
Inventory arrivesbecause it Inventory stolen on All goods inwardreceived at

has beenpurchased, or a arrival. set locationsand signed
salehas been returned for/logged inby stores
New purchases mixed manager.
up with returns.

Poor quality inventory All returns sent to areturns

accepted. department for
checking.
Inventory accepted that
was never ordered. See purchase cycle.
No record is made of its

arrival.
Inventory is stored until Poor storage conditions Storage areas fitted with
it is needed lead to damagedinventory. sprinklers, fire
alarms,temperature monitors.
Inventory items not used
before their useful life Inventory ‘rotated’ toensure
ends. FIFO usagewhere relevant.
Inventory stolen from Valuable inventorieslocked

storage areas. away andinventory areas
limited to
a single exit (security
guard?).
Raw materials leavestores, to Materials overordered All requisitions fromstores to

be used inproduction to enable theft. have signedauthorisation
fromproduction manager.
Use of standard quantity

requirements.

Finished goods leavebecause Wrong goods sent. See sales cycle.

they havebeen sold
Goods being stolen (no
real sale).
Poor quality sent.
Records not updated.
Goods leave becausethey are Returned goods actually See purchase returns.
being returnedto suppliers being stolen.
An inventory count Counting lacksaccuracy. All counted areas to be

isperformed (may beannual, marked as completed.
or more regular) Staff lie about
amountscounted to cover Managers to check bydoing
uptheir theft. random secondcounts.
Inventory records lostduring Staff do not count areasthat

count. they are usually
responsible for.
Inventory wronglycounted
because it ismoved during Counting done in pairs
count.
Inventory sheetssequenced
and counters
sign out (and in) thecount
sheets.
All inventory movements

during count authorised

by management.
Closure during inventory

accounts to avoidproblems.

• Observe physical security of inventories and environment in which theyare held.
• Obtain inventory records. Where quantity of inventory has beenchanged without reference to
GDN and GRN, ensure that amendment issigned by a responsible official to authorise that change.
• In the client's warehouse, observe client staff ensuring that where amovement in inventory occurs,
that movement is recorded on theappropriate GDN or GRN.
• Test for evidence of authorisation to write off or scrapping of inventories(existence of signature).
• Observe controls over recording of movements of inventory belongingto third parties.
• Observe the procedures for authorisation for inventory movements i.e.the use made of authorised
goods received and despatch notes.
• Inspect reconciliations of inventory counts to inventory records (thisgives overall comfort on the
adequacy of controls over the recording ofinventory).
• Test for evidence of sequences checks of despatch and goodsreceived notes for completeness.
• Assess adequacy of inventory counting procedures and attend thecount to ensure that procedures
are complied with.
5.10.5 Capital and revenue expenditure

This area looks at expenditure on items other than purchases. However, thecontrols are virtually
identical to controls over purchases as seen above.
Some controls may vary, such as:

• Capital expenditure is often for substantial amounts. As such, mostcompanies would require such
items to be included in an annual budgetand authorised by very senior level management.
• Regular revenue expense items may be monitored by simple varianceanalysis (i.e. actual versus
budget) on a monthly basis.
• Capital items are likely to be stored on an asset register, which recordsdetails of supplier, price,
insurance details, current location, responsibleemployee, etc.
• Just as inventories are counted, assets are likely to be checked againstthe register on a regular
basis.
• When assets are sold secondhand,the items will be checked againstsimilar items or price guides
to ensure the company receives fair value.
• Ownership documents (title deeds, vehicle registration documents) willbe safely stored.
5.10.6 Bank and cash

The objectives of controls over bank and cash are to ensure that:
• cash balances are safeguarded
• cash balances are kept to a minimum
• money can only be extracted from bank accounts for authorized purposes.
Possible controls
Objective Possible control procedures

Cash balances aresafeguarded. Safes/strongroom/locked cashbox with
restricted access.
Security locks.
Swipe card access.
Key access to tills.

Night safes.
Imprest system.
Use of security services for large cash

movements.
People making bankings vary routes

andtimings.
Cash balances are kept to aminimum. Tills emptied regularly.
Frequent bankings of cash and cheques

received.
Money can only be extractedfrom bank Restricted list of cheque signatories.

accounts forauthorised purposes.
Dual signatures for large amounts.
Similar controls over bank transfers and

online banking, e.g. secure passwords andpin
numbers.
Cheque books and cheque stationery

locked away.
Regular bank reconciliations reviewed

byperson with suitable level of authority

Cash receipts:
• observe that mail is opened by two staff to minimise the possibility offraud (cash being stolen on
receipt)
• test independent check of cash receipts to bank lodgements
• test for evidence of a sequence check on any prenumberedreceiptsfor cash
Cash payments:
• inspect current cheque books for:
– sequential use of cheques
– controlled custody of unused cheques
– any signatures on blank cheques
• test (to avoid double payment) to ensure that paid invoices are marked“paid”
• test for evidence of arithmetical checks on cash payments records,including cashbook
• obtain the file of direct debit payments – ensure each payment isauthorised.
Bank reconciliations:
• examine evidence of regular bank reconciliations, at least once permonth, but in larger
organisations this should be done daily or weekly
• examine evidence of independent checks of bank reconciliations (e.g.a signature)
• examine evidence of follow up of outstanding items on the bankreconciliation. Pay particular
attention to old outstanding reconcilingitems that should be written back such as old, unpresented
cheques.
Petty cash:
• Test petty cash vouchers for appropriate authorisation.
• Test cancellation of paid petty cash vouchers.
• Test for evidence of arithmetical checks on petty cash records.
• Test for evidence of independent checks on the petty cash balance.
• Perform a surprise petty cash count and reconcile to petty cashrecords.

5.11 Reporting to those charged with governance

Auditors should communicate material weaknesses in internal control in writing to ‘those charged
with governance’ – the audit committee (if one exists) or management in general.
The form, timing and addressees of this communication should be agreed at the start of the audit,
as part of the terms of the engagement.
This report has traditionally been known as a letter of weakness or report to management and
is usually sent at the end of the audit process.
Recent revision of audit standards has added other matters that should becommunicated.
• For listed companies, a report on audit independence.
• A report at the planning stage, identifying key audit risks and the workto be performed.
• At the end of the audit, a report covering:
– expected audit report
– unadjusted errors and misstatements
– comments on accounting practices and policies in use by the
– company any
– other relevant matters.
However, this section of the Notes will concentrate on internal control issues.
5.12 Reporting on controls

Where the auditor is reporting weaknesses, it should be made clear that:
• the report is not a comprehensive list of weaknesses, but only those thathave come to light during
normal audit procedures
• the report is for the sole use of the company
• no disclosure should be made to a third party the without writtenagreement of the auditor
• no responsibility is assumed to any other parties.

• covering letter (which will include the above list of points)
The usual structure of the report is an appendix, noting the weaknesses, consequences,
andrecommendations (often with a space left for management to respondwith their planned action).
In the exam, an internal control question may require you to analysecontrols and report
weaknesses in the form of a management letter. If so, it is the appendix (see below) that you
need to produce. A covering letter would be specifically requested by your examiner.
The best structure is:
Weakness Clear description of what is wrong.

Consequence What could happen if the weakness is not corrected.Focus on what matters
to the client – the risk of lostprofits, stolen assets, extra costs, errors in
theaccounts.
Recommendation This must deal with the specific weakness you haveobserved! It must also
provide greater benefits thanthe cost of implementation.Try to suggest who should carry out the
controlprocedures, and when
Illustration
(A table format is the best format, it keeps you structured and the markersfind it easier to
mark.)
Weakness Consequence Recommendation

There appear to bepurchase There is a possibilitythat All invoices should
invoicesmissing from purchases andliabilities are besequentially filed onreceipt
thesequentially notcompletely recorded. by the AccountsDepartment.
numberedinvoice file.
Also, it would be difficult Regularchecks should be
madeto ensure a

to provide proof ofpurchase completerecord, with any

where theinvoice is missing. missingitems investigated
Thismay make it difficult (andcopies requested
toobtain refunds for faulty ifnecessary).
goods, leading toincreased
costs.
As such, the accountscould be

incompleteand items may
havebeen purchased
withoutcontrol over
quality,price, etc.
5.13 Discussion Questions
Question 1
You are the senior in charge of the audit of Dean Manufacturing. To assist you in your audit
planning, one of the audit team has provided the following description of the purchasing
system. No other controls exist apart from those described.
The company has no buying department so employees place orders in their own area of
responsibility. A three part order form is used; copy 1 is retained by the originator, copy 2 is
sent to the goods inward department and copy 3 is sent to the supplier.
Goods are received, but not checked, by the goods inwards clerk. Once received, the
supplier’s delivery note and the purchase order for those goods are sent to the purchase ledger
clerk.
When the supplier’s invoice is received the purchase ledger clerk checks the calculations on
it, initials it and staples the delivery note and purchase order to it. She enters the invoice on
to the purchase ledger.

The invoice is then sent to the manager responsible for the employee who ordered the goods.
The manager codes the invoice and returns it to the purchase ledger clerk. Coded purchase
invoices are entered onto an analysis sheet and posted to the nominal ledger monthly by
journal entry.
The cashier pays suppliers monthly on instructions from the purchase ledger clerk. The
purchase ledger control account is reconciled monthly by the purchase ledger clerk who also
reconciles suppliers’ statements.
Required:
For each internal control deficiency in the purchasing system:

(a) Identify the deficiency and briefly explain its audit significance (if any), in terms
of the type of errors that could result from it. (14 marks)
(b) Describe the effect it would have on your normal audit procedures in terms of
any additional or extended procedures required. (6 marks)
(Total: 20 marks)

CHAPTER 6
AUDIT EVIDENCE
AUDIT OPINION IS
BASED ON
EVIDENCE UPON
ASSERTIONS ABOUT REQUIRES

DOCUMENTATION
TRANSACTIONS
BALANCES
DISCLOSURES

6.1 Why does the auditor need evidence?

If the auditors are to:
• form an opinion which is worth something

• be paid good money for it,
they will need to base their opinion on valid evidence.
6.2 Evidence about what exactly?

Financial statements are complex documents, they are a summary of management assertions
They consist of:
• Statement of Comprehensive Income
• Statement of Financial Position
• Statement of cash flow
• notes.
Each of which contains numbers of headings:

• Revenue
• Expenditure
• Non-Current Assets
• Inventories
• Receivables
• Payables, etc.
Management is responsible for the preparation of financial statements thatgive a true and fair view,
but what does this really mean?
For each item in the financial statements, management is makingassertions.Assertions like:

• This factory is owned by the company.
• The receivables really do owe us this money and will pay fairly soon.

• The payroll expense was for the company’s genuine employeesworking on the company’s
business.
The table below provides a list of all management assertions and some of the key questions that
the audit team must address.
Traditional Assertions Assertions Assertions about Key questions

management about events about account presentation and
assertions(PCAOB) and balances footnote
transactions disclosures
Existence or Occurrence Existence Occurrence Do the assets really
occurrence exist?
Did the recorded sales
transactions really
occur?
Rights and Rights and Rights and Does the company
Obligations obligations obligations really own the assets?
Are related legal
responsibilities
identified?
Completeness Completeness Completeness Completeness Are the financial

statements
completeness?
Were all transactions
recorded?
Are transactions at the
Cutoff beginning or end of a
period included in the
proper period?

Valuation or Accuracy Valuation and Accuracy Are the accounts

allocation allocation valued correctly?
Valuation and Are expenses allocated
allocation to the periods
benefitted?
Presentation and Classification Classification Were all transactions
disclosure recorded in the correct
accounts?
Are the disclosures
Understandability understandable to
users?
And simply put;
TRANSACTIONS ACCOUNT PRESENTATION AND

AND EVENTS BALANCES DISCLOSURE
1. OCCURANCE 1. OCCURANCE,RIGHTS
1. EXISTANCE
2. COMPLETENESS AND OBLIGATIONS
2. RIGHTS AND
3. ACCURACY 2. COMPLETENESS
OBLIGATIONS
4. CUTOFF 3. CLASSIFICATION AND
3. COMPLETENESS
5. CLASSIFICATION UNDERSTANDABILITY
4. VALUATION AND
4. ACCURACY AND
ALLOCATION
VALUATION

The auditors therefore need evidence that these assertions are valid.
6.3 Financial statement assertions

Occurrence – did the transaction actually take place?
Completeness– are all transactions or balances that should be included inthe financial statements,
actually included?
Accuracy – are the amounts correct?
Cutoff– are transactions accounted for in the correct period?
Classification– are transactions recorded in the proper accounts?
Existence– do the assets or liabilities actually exist?
Rights and obligations– does the client own or have other rights over theassetsand have a genuine
obligation to pay liabilities?
Valuation– are assets or liabilities included at appropriate amounts?
Allocation– are account balances included in appropriate accounts?
Classification and understandability– are items in the financialstatements disclosed under

appropriate headings and in such a way thatthey can be readily understood by readers?
Accuracy– are the amounts disclosed in the financial statementsappropriate?
The assertions are important because they have an impact on how theauditor gathers evidence.

There are 13 different types of assertion across the three headings althoughsome of them repeat
each other and this may seem to be rather daunting toremember.
Remember that the audit evidence required depends on both:
• the nature of the item being tested
• the assertion being tested
and it can all be simplified down to four key questions that the auditor needs
to answer.
(1) Should it be in the accounts at all?

– Occurrence.
– Existence.
– Rights and obligations.
– Cutoff.
(2) Is it included at the right value?
– Accuracy.
– Valuation.
(3) Are there any more?
– Completeness.
(6) Is it disclosed properly?
– Classification.
– Allocation.
– Understandability.
6.4 Why assertions matter to auditors

Assertions matter to auditors because:
• The auditor chooses suitable procedures based on the nature of theitem in the financial statements
being audited.
• The procedures will be refined further depending on which assertionabout the item the auditor is
testing.

Different items – different approach

The audit approach to testing receivables will be different from testingpayroll.e.g.
Item Audit tests e.g.
Accounts receivable Carry out third party confirmation.
Review correspondence and aged analysis

forevidence of delinquent receivables.
Test subsequent receipt of cash from

customers.
Payroll Inspect timesheets.

Inspect authorised pay rates.
Verify employees are genuine through

contracts ofemployment.
Check tax and other deductions.
Different assertions – different approaches

For a single item in the financial statements – e.g. freehold property, theauditor may need to use
different approaches for different assertions.
Assertion Audit tests e.g.
Existence Inspect the property concerned.

Valuation Agree cost to purchase contract or subsequent

revaluation to valuer’s report depreciation
calculation.
Reperform
Rights andobligations Inspect title deeds.
Cutoff Inspect purchase contract to verify date of

purchase.
Completeness Review repairs account, correspondence

withlawyers and property consultants for
evidence that
there are no additional properties.
Note.The completeness assertion tends to be the most difficult assertion totest. It is usually easier
to verify items we know about than to think aboutwhat should be there, but is not.
6.5 Audit procedures

We have seen above, that:
• the nature of the transaction or balance being audited and
• the assertion being tested
demand different approaches from the auditor.
ISA 500 identifies eight types of procedures that the auditor can adopt toobtain audit evidence:

In the forthcoming chapters ‘Audit procedures’ we will look in detail at how theseprocedures are
applied in specific circumstances as well as at some of themore detailed requirements of ISAs.
ISA 500 identifies eight procedures that the auditor can adopt to obtainaudit evidence:
6.5.1 Inspection of records or documents
6.5.2 Inspection of tangible assets

• Will usually give pretty conclusive evidence of existence!
• May give evidence of valuation, e.g. obvious evidence of impairment ofinventory or Non-Current
Assets.
• Unlikely to give evidence of rights and obligations, e.g. a vehicle maybe leased, inventory held
on behalf of a third party, etc.
6.5.3 Observation
• Involves looking at a process or procedure.
• May well provide evidence that a control is being operated, e.g. doublestaffing or a cheque
signatory examining supporting documentation.
6.5.4 Enquiry
• Enquiry is a major source of audit evidence, however the results ofenquiries will usually need to
be corroborated in some way throughnother audit procedures.
• The answers to enquiries may themselves be corroborative evidence.
Management representations
Management representations are a subsetof Enquiry.
The auditor obtains written representations from management toconfirm oral enquiries where:

– the issue is material or

– where other sources of evidence cannot reasonably be expected toexist or
– where other evidence is of lower quality.
6.5.5 Confirmation
• A specific form of enquiry
• Examples of use:
– circularisation of receivables
– confirmation of bank balances
– confirmation from legal advisers of actual or contingent liabilities
– arising from legal proceedings
– confirmation of inventories held by third parties
– confirmation of investment portfolios by investment managers.
6.5.6 Recalculation
• Checking the arithmetical accuracy of the client’s calculations.
6.5.7 Reperformance
• May be something relatively simple, e.g. test checking inventory counts.
• May be more sophisticated, e.g. using IT tools to check a receivablesageing.
6.5.8 Analytical procedures

• The consideration of the relationships between figures in the financialstatements or between
financial and non-financialinformation.
6.6 How much evidence does the auditor need?
WHAT TO DO? DEPENDS ON TRANSACTION OR

BALANCES?
WHICH ASSERTION(S)

HOW MUCH TO DO? DEPENDS ON RISK PURPOSES OF THE

PROCEDURE QUALITY OF
AVAILABLE EVIDENCE
We have seen that the types of audit procedure the auditor can carry out:
• are quite limited – inspection, observation, enquiry, etc.
• are driven by the nature of the transaction or balance being audited andthe assertion being tested.
We now need to consider how much evidence the auditor needs.

This is driven by:
• the risk of material misstatement
• the quality of the evidence obtained
• the purpose of the procedure (test of controls or substantive test).
These three factors – risk, purpose and quality – have a complexrelationship, as we shall see.
Although risk is the most important factor, aseverything the auditor does on an audit is in response
to the assessed levelof risk, we will consider it after we have dealt with the quality and thepurpose
of audit evidence.
6.7 The quality of evidence – ‘Sufficient appropriate evidence’

‘The auditor should obtain sufficient appropriate audit evidence tobe able to draw reasonable
conclusions on which to base the auditopinion.’ISA 500 para 2

EVIDENCE
PERSUASIVE
NOT CONCLUSIVE
SUFFICIENT APPROPRIATE
RELIABLE
RELIABLE
What do we mean by:

There needs to be ‘enough’ evidence, and what is ‘enough’ is a matter ofprofessional judgement.
The key questions here are:

• sufficient?

• appropriate?
‘Appropriate’ breaks down into two qualities:

• reliable
• relevant
Sufficient
and ‘sufficient’, ‘reliable’ and ‘relevant’ are all interlinked.
Example 1
For the client’s bank balance, one confirmation letter from the bank (if theclient has only one bank
account) will be enough, and indeed is all there isavailable.
The bank letter will not, however, give the auditor all the informationrequired. There will need to
be consideration of the bank reconciliation aswell.
Example 2
To test purchases for a manufacturing client where there are literallythousands of transactions a
year, the auditor may well decide to extract astatistical sample of purchase transactions to test to
purchase orders,invoices, delivery notes, etc. But how many items should there be in thesample?
Statistical sampling theory will give some help here – see below –but ultimately it is a question
for the auditor’s professional judgement.
Reliable
Reliable is deemed credible, trustworthy and dependable evidencetherefore the following is
deemed more or less reliable.
More reliable Less reliable
Independent external evidence. Internally generated evidence.

Internal evidence subject to effective Internal evidence not subject to such

controls. controls.
Evidence obtained directly by the Evidence obtained indirectly or by

auditor. inference.
Documentary. Oral.
Original documents. Photocopies or facsimiles.
ISA 500 gives the above guidance.
The link between sufficient and reliable
Broadly speaking, the more reliable the evidence the less of it the auditorwill need.
However, the relationship is quite subtle:
If the evidence is found to be unreliable, looking at a greater quantity of suchevidence will never
be sufficient.
Relevant
As we have seen above the nature of the evidence the auditor wantsdepends on:
• the nature of the transaction or balance being tested
And
• the assertion being tested.
Persuasive not conclusive

Consider:
• The auditor gives an opinion about the financial statements not acertificate that the financial
statements are correct.
• The audit report gives reasonable not absolute assurance about thefinancial statements.
• Audit procedures are designed to reduce the risk that the financialstatements contain material
misstatements not to eliminate allpossibility of error.
The reason for all this lack of absolute, definitive certainty is the nature ofaudit evidence which is
gathered by human beings in real live organisations.
• The auditor gathers evidence on a test basis (the sample may or maynot be representative).
• People make mistakes (both client and auditor).
• Documents could be forged (increasingly easy with digital technology).
• The client’s personnel may not always tell the truth.
As a result, we have to say that audit evidence is persuasive rather thanconclusive in nature.
This also means that the auditor will need to gather evidence from a varietyof sources.
6.8 Sampling
The need for sampling

It will usually be impossible to test every item in any accounting populationbecause of the costs
involved – remember the audit gives reasonable notabsolute assurance.
The audit evidence gathered, therefore, will be on atest basis – hence the need for the auditor to
understand the implications and effective use of sampling.
However, it is important to understand that:

• there is no requirement to use sampling laid down in the ISAs

• 100% testing may be appropriate in certain circumstances –particularly where there is a small
population of high-valueitems
• the use of analytical procedures – see section 7 above and the moredetailed coverage in chapter
10 – and a variation on analyticalprocedures ‘proof in total’, may be a more effective and
efficientmethod of gathering audit evidence
• because analytical procedures are a requirement of ISA 520 at theplanning and overall review
stages of the audit, it is sensible to makebest use of the work done.
In other circumstances some form of sampling will be used.
6.9 Definition
The definition of sampling set out in ISA 530 Audit sampling and othermeans of testing is:
‘Audit sampling’ (sampling) involves the application of audit procedures toless than 100% of items
within a class of transactions or account balancesuch that all sampling units have a chance of
selection. This will enable theauditor to obtain and evaluate audit evidence about some
characteristic ofthe items selected in order to form or assist in forming a conclusionconcerning the
population from which the sample is drawn. Audit samplingcan use either a statistical or a non-
statisticalapproach. ISA 530
Statistical or non-statisticalsampling
‘Statistical sampling’ means any approach to sampling that has thefollowing characteristics:
• random selection of a sample, and
• use of probability theory to evaluate sample results, includingmeasurement of sampling risk.
A sampling approach that does not have both these characteristics isconsidered non-
statisticalsampling.ISA 530
Statistical sampling requires the following:

• Random selection, e.g. generating a random number to determinewhich item or $ in the

population is the first in the sample and using asampling interval, usually based on tolerable error,
to select subsequentitems.
Judgmental or haphazard sampling – picking say two invoices fromeach month,or focusing on a
particular period do not usually count asstatistical sampling because of the risk of bias in selecting
the sample.
• Evaluation of results using probability theory, e.g. if a sample with atotal value of $100,000
contains errors of $1,000, it may be possible toextrapolate and say that there may be an error of
1% in the populationas a whole, i.e $30,000 in a population of $3m or $100,000 in apopulation of
$10m.Clearly this will depend on how representative the sample is and themargin of error
according to probability theory.
To be representative, a sample needs to be of sufficient size
– usually at least 30 items – and the larger the sample size, the greaterthe precision it will give.
If the results of the sample reveal potential errors which might bematerial, the auditor has to resolve
the problem:
– by considering whether there were special circumstancessurrounding the errors, e.g. the absence
of a key member of theclient’s staff and carrying out additional testing on items or theperiod likely
to be affected
– by deciding whether, because the risk of misstatement has clearlyincreased, which will lead to
an increase in the level of materiality,the new level of materiality is too high. If it is, it will be
necessary toincrease the level of testing.
However, care needs to be taken overthis – see the section on risk revisited below.
6.10 Class discussion

(1) List three qualities audit evidence must have?(3 marks)

(2) List two reasons why audit evidence is likely to bepersuasive rather than conclusive.(2 marks)
(3) List two examples where it would be appropriate to usestatistical sampling.(2 marks)
(1) List threequalitiesauditevidence It must be:

must have. • Sufficient.
• Relevant.
• Reliable.
(2) List tworeasonswhy auditevidence islikely The auditor gathers evidence on atest basis
to bepersuasiverather than (the sample may or may notbe representative).
conclusive. • People make mistakes (bothclient and
auditor).
• Documents could be forged(increasingly
easy with digitaltechnology).
• The client’s personnel may notalways tell the
truth.
(3) List twoexampleswhere itwould be Purchases transaction testing

Appropriateto usestatisticalsampling.
Revenue transactions testing
Payroll transactions testing,etc.

6.11 Audit documentation
WORKING PAPRES
PRINCIPLES CONTENTS FUNDAMENTALS
IF ITS NOT RECORDED IT OBJECTIVE CLIENT

DIDN’T HAPPEN
METHOD PERIOD END

IF IT CANT BE
UNDERSTOOD ( AND
QUICKLY) ITS NOT
RECORDED PROPERLY
RESULTS PREPARED BY/DATE
CONCLUSION REVIWED BY/ DATE
SUBJECT

CROSS REFERENCE
The job of working papers is to: KEY
• provide a record of the basis for the auditor’s report

• provide evidence that the audit was conducted in accordance with ISAsand legal and regulatory
requirements.
To assist with the planning, performance, supervision and review of theaudit.

To aid the auditors' defence if subsequently sued for negligence.
Principles
There are two major principles
• If it’s not recorded, it didn’t happen.
If there is nothing on file, there is no evidence that the necessaryprocedures were completed, so
there can be no basis for the auditopinion.
• If it can’t be understood, it might as well not have happened.

Clarity is important for two reasons
Completeness – If the working papers are easy to understand it will bemore obvious if anything
has been omitted.
Efficiency – Working papers need to be reviewed for quality controlpurposes and to ensure that
the audit opinion is justified. The reviewermay be at a senior level in the firm and therefore time
will be charged atan expensive rate. Clear working papers will keep the time spent andtherefore
the costs to a minimum.

Structure and layout
The file
There are two broad areas to the file.
• The control part consisting of:
– the planning section
– the completion and review section.
–
• The main working papers are divided into the relevant sections of thefinancial statements, e.g.
non-currentassets, inventories, receivables,etc.
6.12 Who owns the working papers?

The auditor does. This is important because:
• Access to the working papers is controlled by the auditor, not the client, which is an element in
preserving the auditor’s independence.
• In some circumstances care may need to be taken when copies ofclient generated schedules are
incorporated into the file.
Security
Working papers must be kept secure.

• Audits are expensive exercises. If the files are lost or stolen, theevidence they contain will need
to be recreated, so the work will need tobe done again. The auditors may be able to recover the
costs from theirinsurers, but otherwise it will simply represent a loss to the firm. Eitherway,
prevention is better than cure.
• By its nature, audit evidence will comprise much sensitive informationthat is confidential. If the
files are lost or stolen, the auditor’s duty ofconfidentiality will be compromised.
• There have been cases of unscrupulous clients altering auditors’working papers to conceal frauds.

The implications of IT based audit systems are also far reaching.

• By their nature, laptops are susceptible to theft, even though the thiefmay have no interest in the
contents of the audit file. Nevertheless, allthe problems associated with re-performingthe audit and
breaches ofconfidentiality remain.
• It is more difficult to be certain who created or amended computerbased files than manual files
– handwriting, signatures and dates havetheir uses – and this makes it harder to detect whether the
files havebeen tampered with.
This means that the following precautions need to be taken.

• If files are left unattended at clients’ premises – overnight or duringlunch breaks – they should
be securely locked away, or if this isimpossible, taken home by the audit team.
• When files are left in a car, the same precautions should be taken aswith any valuables.
• ITbasedsystems should be subject to passwords, encryption andbackup procedures.
Retention
ISA 230 states that audit documentation should be retained for five yearsfrom completion of the
audit. Many firms keep working papers for longerthan this because information may still be
required for tax purposes.
All of this means that firms need to make arrangements for:

• secure storage of recent files
• archiving older files
• archiving and backup of IT-basedfiles.
6.13 Smaller entities

Smaller commercial entities will usually have the attributes above most ofwhich are double edged
in a good news/bad news kind of way:
• Lower risk: Smaller entities may well be engaged in activity that isrelatively simple and
therefore lower risk. However, this will not be truefor small – often one person businesses – where

there is a high level ofexpertise in a particular field, e.g. consultancy businesses,

creativebusinesses, the financial sector.
• Direct control by owner managersis a strength because they canknow what is going on and
have the ability to exercise real control. Theyare also in a strong position to manipulate the figures
or put privatetransactions ‘through the books’.
• Simpler systems: Smaller entities are less likely to have sophisticatedIT systems, but pure,
manual systems are becoming increasingly rare.This is good news in that many of the bookkeeping
errors associatedwith smaller entities may now be less prevalent. However, a system isonly as
good as the person operating it.
Evidence implications
• The normal rules concerning the relationship between risk and thequality and quantity of
evidence apply irrespective of the size of theentity.
• The quantity of evidence may well be less than for a larger organisation.
• It may be more efficient to carry out 100% testing in a smallerorganisation.
Small not-for-profit organizations
Small not for profit organisations have all the attributes of other smallentities. Arguably, however,
the position is more difficult for the auditorbecause:
• While most small businesses are under the direct management of theowner, small not-for-
profitorganisations tend to be staffed by volunteersand the culture is more likely to be one of trust
rather than accountability.
Problems
• Management override – Smaller entities will have a key director orowner who will have the
authority to do what they want. Therefore couldoverride the systems with ease.
• No segregation of duties – Smaller entities tend to only have oneaccounts clerk that processes all
information, therefore having a lack ofsegregation of duties. To overcome this issue the director
shouldauthorise and review the accounts clerk work.

• Less formal approach – Smaller entities tend to have simple systemsand very few controls due
to the lack of complexity and trust, therefore itwould be difficult to test the reliability of the
systems, thereforesubstantive testing, tends to be used more.
6.14 Class Discussion
Question 1
(a) Identify and describe five of the procedures for obtaining audit evidence.
(5 marks)
(b) For each of the procedures, describe an audit test using that procedure to obtain
evidence over the balance of plant and equipment. (5 marks)
Your client Powerfest Co utilises large quantities of coal in order to produce their output.
The coal is stored in large piles and is transported to the factory by means of a conveyor
system. Perpetual inventory records are maintained showing the amount of coal on hand,
receipts and withdrawals of coal. No annual physical inventory count is performed on coal
as the company intends to rely on the perpetual inventory records when determining closing
inventory.
Required:
(c) Describe the substantive audit procedures, other than those relating to cut-off,
the auditor should perform in relation to the inventory of coal. (7 marks)
One method of determining the inventory value at the year-end is to use standard costs.
Required:
(d) Describe THREE audit procedures that should be carried out when auditing
standard costs. (3 marks)
Question 2
The FireFly Tennis Club owns 12 tennis courts. The club uses ‘all weather’ tarmac tennis
courts, which have floodlights for night-time use. The club’s year-end is 30 September.
Members pay an annual fee to use the courts and participate in club championships. The club
had 430 members as at 1 October 2017.
Income is derived from two main sources:
(1) Membership fees: Each member pays a fee of $200 per annum. Fees for the new
financial year are payable within one month of the club year-end. Approximately 10%

of members do not renew their membership. New members joining during the year
pay 50% of the full year fees. During 2018, 50 new members joined the club. No
members pay their fees before they are due.
(2) Court hire fees: Non-members pay $5 per hour to hire a court. Non-members have to
sign a list in the club house showing courts hired. Money is placed in a cash box in the
club house for collection by the club secretary.
All fees (membership and court hire) are paid in cash. They are collected by the club
secretary and banked on a regular basis. The paying-in slip shows the analysis between
membership fees and court hire income. The secretary provides the treasurer with a list of
bankings showing member’s names (for membership fees) and the amount banked. Details
of all bankings are entered into the cash book by the treasurer.
Main items of expenditure are:
(1) Court maintenance including repainting lines on a regular basis.
(2) Power costs for floodlights.
(3) Tennis balls for club championships. Each match in the championship uses 12 tennis
balls.
The treasurer pays for all expenditure using the club’s debit card. Receipts are obtained for
all expenses and these are maintained in date order in an expenses file. The treasurer also
prepares the annual financial statements.
Under the rules of the club, the annual accounts must be audited by an independent auditor.
The date is now 13 December 2018 and the treasurer has just prepared the financial
statements for audit.
Required:
(a) Describe the audit work that should be performed to confirm the income figure
for the FireFly Tennis Club. (10 marks)
(b) Describe the audit procedures that should be performed to confirm the
completeness and accuracy of expenditure for the FireFly Tennis Club. (5
marks)
(c) Discuss why internal control testing has limited value when auditing not-for-
profit entities such as the FireFly Tennis Club. (5 marks)
(Total: 20 marks)

CHAPTER 7:
AUDIT PROCEDURES
Chapter learning objectives

After completion of this chapter the student will be able to:
• Explain the purpose of substantive procedures in relation tofinancial statements assertions
• Explain the substantive procedures used in auditing eachbalance
• Tabulate those substantive procedures in a work program, for thefollowing areas:
– Inventories
– Receivables
– Payables
– Bank and cash
– Non- current assets
– Non current liabilities
– Accounting estimates
• Explain the use of computer assisted audit techniques in thecontext of an audit

• Discuss and provide relevant examples of the use of test dataand audit software for the transaction
cycles and Statement of Financial Position items
• Discuss the use of computers in relation to the administration ofthe audit
• Discuss and provide examples of how analytical procedures areused as substantive procedures
• Compute and interpret key ratios used in analytical procedures
• Discuss the problems associated with the audit of accountingestimates
• Discuss the extent to which auditors are able to rely on the workof experts and internal audit
• Discuss the audit considerations relating to entities using serviceorganizations
• Discuss why auditors rely on the work of others
• Explain the extent to which reference to the work of others can bemade in audit reports
• Apply audit techniques to small not for profit organisations
• Explain how the audit of a small not for profit organisation differsfrom the audit of for profit
organisations.
7.0 General principles

A word of warning: chapter 6 dealt with the principles of audit evidence. Thischapter deals with
how those principles are applied.
In the sections that follow, we will examine a number of specific audit areasand deal with how
these are usually tested. You may be tempted to learnthese by heart. Whatever you do,DO NOT
DO THIS!!!!
The audit of any item is based on:

• the risk of misstatement
• the nature of the item
• the assertion you are testing.
The examiner is not stupid. He or she knows that auditing is a matter ofprofessional skill and
judgement. If you can answer an exam question simplyby learning a few pages of a book, it is not
a very good test of whether youare a competent auditor.

So the questions may not ask about standard situations and you will have toapply your knowledge
to the demands of the question.
Things you always have to do

Nevertheless, there are some things which, one way or another, will alwaysapply (and which, if
you mention them, will gain you marks):
• understand the system

• analytical procedures
• document your work.
Things you will always have to consider
What are you being asked to test?

• A transaction or event that took place during the year.
• An account balance at the period end.
• Presentation or disclosure.
– Asset
– Liability
– Revenue
– Expense
What is the nature of the item you are testing?

• Existence
• Occurrence
• Valuation
• Cutoff,etc.
Things you may have to do

• If you rely on controls, you will have to test them.

• Management representations are required for some items by ISA 580and by a number of other
ISAs.
• If there are high volumes of transactions, consider using computerassisted audit techniques
(CAATs).
7.1 Analytical procedures
• PLANNING-RISK ASSESMENT-COMPULSORY (
ISA 520)
• SUBSTANTIVE-NOT COMPULSORY,BUT
WHY? USUALLY AN EFFECTIVE AND EFFICIENT
MENAS OF GATHERING EVIDENCE
• REVIEW- FINAL CHECK THE FIGURES MAKE
SENSE COMPULSORY (ISA 520)
• EFFICIENT
• EFFECTIVE
• SET OUT THE FIGURES

• CALCULATE RATIOS/COMPUTE
TRENDS/PROOF IN TOTAL/MAKE
COMPARISONS
HOW?
• INVESTIGATE ANOMALIES
• CORRORATE ANSWERS TO ENQUIRIES
Why do them?
Analytical Procedures as substantive evidence
ISA 520 states that analytical procedures must be used at the planningstage to identify risks, and
at the completion stage of the audit as a finalreview of the FS.
They may also be used at the substantive stage when the auditor is auditing the draft financial
statements.

Analytical procedures are not just the comparison of one year with another.AP’s can be used in
the following ways:
• Ratio analysis
• Trend analysis
• Proof in total
In order to use analytical procedures the following process should befollowed:
• Create your own expectation of what you think the figure should be
• Compare your expectation to the actual figure
• Investigate any significant differences

– Example 1- createan expectation of payroll costs for the year bytaking last year’s cost and
inflating for payrise and change in staffnumbers – proof in total.
– Example 2 – calculate the receivables day ratio and compare itwith prior year and credit terms
given to customers. If the figure ishigher than expected it may indicate overstatement of
receivables
– ratio analysis.
–Example 3 – plot monthly sales data for the prior year and plotagainst the current year and
investigate any unusual trends. Youwould expect the business to follow the same pattern month
onmonth especially if they have a seasonal business
– trend analysis.
– Example 6 – using the client’s depreciation policy, recomputed theexpected depreciation charge
and compare it with the actualdepreciation charge. If there is a significant difference it should
beinvestigated – proof in total.
7.2 How are analytical procedures used?

Calculating the ratios is just the start. Analytical procedures are auditproceduresin their own right,
designed to enable the auditor to reduce therisk of coming to the wrong opinion about the financial
statements.
This means that the auditor needs to use analytical procedures to identifyanomalies in the figures,
which may indicate problems.
To do this, the auditor will make comparisons:
• between the current year and previous year(s)
• between actual figures and budgets, forecasts or client’s expectations
• with similar companies
Analytical procedures as substantive procedures
ISA 520 states that the auditor may use analytical procedures assubstantive procedures.
The suitability of this approach depends on four factors:

• The suitability of using substantive analytical procedures given theassertions.
• The reliability of the data.
• The degree of precision possible.
• The amount of variation which is acceptable.
Some examples.
(1) Suitability
– Analytical procedures are clearly unsuitable for testing the –existence of inventories – to do this
you need to go and count theitems on the shelves in the warehouse.
– Analytical procedures may well be suitable for testing the value–oflabour carried forward in
inventory – by comparing direct labourcosts for the year with value in inventory, in the context of
the costsof raw materials and overheads in inventory.
(2) Reliability
– If controls over sales order processing are weak, it will –probablybe necessary to rely on tests of
details rather than analyticalprocedures.

(3) Precision
– There is likely to be greater consistency in gross margins over –time than in discretionary
expenditure like advertising or R&D.
(6) Acceptable variation
– Variations in sales revenue, which may have a minor impact–on theresults for the year, will be
regarded differently from receivables,which, if uncollectible will have a proportionately greater
impact.
7.2 The audit of receivables
Key assertions
Assertions – receivables
• Existence – The receivable actually exists.

• Rights and obligations – The receivable belongs to the company.
• Valuation and allocation – Receivables are included in the financial
statements at the correct amount.
• Cutoff
Audit procedures
PEOPLE WHO OWE US MONEY
(TRADE AND LOAN RECEIVABLES,

e.t.c)
WHAT ARE THEY?

PEOPLE WHO OWE US SERVICES
(PREPAYMENTS)
TRADE: ARE THEY GOING TO PAY FAIRLY

SOON?
PREPAYMENTS: DID WE MAKE THE PAYMENT
KEY QUESTIONS IS IT ACCOUNTED FOR IN THE

CORECT PERIOD
i.e IS THE CALCULATION

CORRECT?
TRADE: ASK THEM
(CIRCULARSATION)
SEE IF THEY PAY (AFTER DATE

PROCEDURES RECEIPTS)
PREPAYMENTS: VERYFY PAYMENTS
REVIEW INVOICES ETC
FOR CUTOFF
Receivables circularisation – procedures
• Obtain a list of receivables balances, cast this and agree it to thereceivables control account total
at the end of the year. Ageing ofreceivables may also be verified at this time.

• Determine an appropriate sampling method (cumulative monetaryamount, value-

weightedselection, random, etc.) using materiality for thereceivable balance to determine the
sampling interval or number ofreceivables to include in the sample.
• Select the balances to be tested, with specific reference to thecategories of receivable noted
below.
• Extract details of each receivable selected from the ledger and preparecircularisation letters.
• Ask the chief accountant at the company (or other responsible official)to sign the letters.
• The auditor posts or faxes the letters to the individual receivables.
• Obtain a list of credit balances in the receivables ledger and obtainexplanations from
management.
• Direct third party confirmation to give evidence of existence andvaluation.
Purpose:
– Transactions and events have been recorded in the correctaccounting period.
Advantages:
• Independent evidence.
• External evidence.
• Relatively efficient (if successful).
Disadvantage
• Those circularised may not reply.
Method
• Select sample of receivables to be circularised.
• Inform client of intended list of those to be circularised.
• Consider implications if client objects to any of the accounts selectedbeing circularised.
• Record names and amounts circularised.
• Record replies received and consider implications of any accounts notagreed.
• For non-repliesperform alternative procedures (other evidence inrelation to accounts receivable).

Recoverability/Provision for doubtful debts [Valuation]

• Discuss the assumptions underlying the general provision withmanagement to ensure reasonable
• Recalculate the provision based on management’s assumptions andagree to the figure in the
financial statements
• Compare the prior year provision to the amounts actually written off asbad in the year to test how
accurate management usually are inestimating possible bad debts
• Obtain a list of aged receivables and investigate the recoverability ofany old balances
• For a sample of year end balances, agree outstanding invoices toremittance advices/bank
statement showing receipt of money after yearend Discuss invoices more than 3 months old with
management toconsider recoverability of amount
• Where overdue receivables have not paid, trace the balances to theprovision for doubtful debts.
Where the balances are not included in theprovision discuss with management the basis on which
they believe the debtor to be recoverable
Presentation and disclosure

• Agree receivables figure in the financial statements to the receivables control account total and
the nominal ledger
Analytical review
• Calculate the trade receivables collection period and compare to lastyear to assess reasonableness
Cutoff
• Select a sample of GDN’s immediately prior to the yearendandimmediately after the year end
and and ensure that they have beenrecorded in the correct period.
• For prepayments review relevant invoices to check calculation ofprepayment and ensure that
payment has actually been made byagreeing it to the bank statements.
Income statement entries related to accounts receivable
Check postings and validity of:

• bad debt write offs
• movements on bad debt provision

• recoveries from receivables previously written off.
Ensure doubtful receivables and recoveries identified from other audit workare properly reflected
in the income statement.
7.3 The audit of inventories

Overview
INVENTORIES
WHAT ARE THEY PROCEDURES
RAW MATERIALS WORK IN PROGRESS FINISHED GOODS
KEY QUESTIONS
ARE THE QUNTITIES CORRECT?
IS THE VALUTION CORRECT?

The audit of inventories is usually regarded as one of the higher risk areasof the audit:
• It is usually crucial to assurance about an entity’s profit.
• It may be complex.
• It is usually subject to a degree of estimation.
They can also be very varied, e.g.:

• sheep or cows on a farm
• jewellery
• the costs of developing a computer game
• cars
• food and drink
• chemicals
• petrol.
That’s probably enough to be going on with!
7.3.1 InventoryProcedures
BEFORE PLANING DURING ATTENDANCE AFTER FOLLOW UP

Review prior year working Observe compliance with Follow up cutoff tests
papers instructions
Discuss instructions Make test counts (from Ensure all copies of inventory
physical to recorded and vice take sheets form inventory
versa day agree to client inventory
sheet and check sequencing is
complete
Familiarisation, nature ,value, Take copies of inventory take Ensure continuous inventory
location e.t.c sheets records adjusted
Arrange third party Obtain more details of Follow up third party
certificates damaged inventory certificates

Consider need for experts Not cut off details Conclude on reliability of
quantities used as a basis for
computing inventory
Role of internal audit
Extract representative sample Valuation review lower of
cost or net realizable value
7.3.1.1 The inventory count

Principles
• The inventory count is a ‘one off’. It is a single opportunity to establishwhat is and what is not
in inventory
• Because of the crucial impact of inventory levels on the results for theyear, it must be tested both
for existence and completeness. (Formost other areas the emphasis is likely to be on one or other
of theseassertions rather than both)
• Inventory can consist of almost anything with different properties (seethe list above). It can
therefore be quite complex and so needs to bewell organised by the client. The auditor needs to be
equally wellorganised to ensure that sufficient, appropriate evidence is gathered
• It is the client’s responsibility to establish the correct value of theinventory. The auditor’s job is
to form an opinion as to whether thatvalue is materially correct or not. It is therefore not the
auditor’sresponsibility to count the inventory, only to check that it has been donecorrectly.
Procedures
Before the count
• Obtain clients’ instructions for the count and review them :

– for obvious flaws
– to ensure that the logistics for the audit team have been thoughtthrough
– to obtain awareness of where the most material or otherwise riskyinventory lines
are to be found.

On the account(Inventory count)
• Observe the count as it proceeds to ensure:

– the client’s instructions are being followed
– everything is counted and recorded
– there is no risk of anything being included more than once
– evidence of damaged or slow moving inventory is being recorded
– cutoffis observed – no despatches or deliveries occur while thecount is taking
place, and there is no movement of inventory within
the client’s premises which may confuse the count
– inventory sheets (or whatever method is used to record the count –
handheld devices, barcode readers, etc.) are properly controlled.
• Conduct test counts on a suitably random basis whilst gearing the tests towards material
items:
– Existence – it will be necessary to check from the client’s inventory records to your test
data, so you need to ensure that you record sufficient details of the location and the items
to be able to trace them later.
– Completeness– you will need to be able to trace the items from your counts, into the client’s
inventory records and will therefore need to record sufficient details to enable you to do
this.
Note. These aspects of the count are crucial – the auditor needs toknow in advance:
– the details of the inventory
– how the inventory will be recorded in the client’s system.
Record cutoff information:

• the last goods received record of the year

• the last despatch record of the year.
Audit procedures at the final audit stage

• Obtain a list showing each individual line of inventories categorized between finished goods,
WIP and raw materials. Cast and agree thetotal to the inventories figures in the financial
statements.
• Check that the figures disclosed in the financial statements agree to the
audited figures and that inventories have been correctly analysed
between finished goods, raw materials and work in progress.
Valuation
• Trace some items of inventory in the inventory sheets back to originalpurchase invoices to agree
the cost
• Trace the same items of inventory to post-yearendsales to determinethe net realisable value of
inventory
• For items that have not yet been sold trace to the provision for slow-movinginventory or discuss
with management why these have not beenprovided for
• Ensure that inventory is stated in the accounts at the lower of cost andnet realisable value by
reviewing the relevant purchase invoices andafter year end sales invoices.
Analytical review
• Calculate inventory turnover and compare to last year to assessreasonableness
•Calculate gross profit percentage and compare to prior year to assessreasonableness
Cutoff

• Select a sample of GRN’s from immediately prior to the year end andincluded in
yearendpayables, and ensure that the goods are includedin yearendinventories.
• Select a sample of GDN’s from immediately prior to the year end andincluded in
yearendreceivables, and ensure that the goods are notincluded in yearend
Year end counts and continuous inventory systems

The procedures suggested above apply to all inventory counts whether as aoneoffyear end exercise
or where inventory is counted on a rolling basisthroughout the year.
The objective is the same:

• To know what the client has in inventory at the time the count took place.
Continuous inventory systems

Where the client has a continuous inventory system, where a theoretical book inventory figure’ is
always known, there are both advantages anddisadvantages for the auditor.
Advantages
• The auditor is less time constrained and can pick and choose particularlocations and inventory
lines at any time to ensure the system is workingproperly.
• Slow moving and damaged inventory should be identified and adjustedfor in the clients' records
on a continuous basis therefore the inventoryvaluation should be more reliable.
Disadvantages
• The auditor will need to gain sufficient evidence that the systemoperates correctly at all times,
not just at the time of the count.

• Additional procedures will need to be devised to ensure that the yearend inventory figure is
reliable, even though it may not have beencounted at that date.
Inventory held at third parties

• Where the client has inventory at locations not visited by the auditor, theauditor normally obtains
confirmation of the quantities, value andcondition from the holder. The auditor needs to consider
whether theholder is sufficiently independent to be able to provide relevant, reliableevidence.
• As with confirmations from receivables, the auditor requests detailsfrom the party holding the
inventory on behalf of the client to confirm itsexistence.
• The confirmation request will be sent by the client to those partiesidentified by the auditor.
• The reply should be sent directly to the auditor to prevent it beingtampered with by the client.
• Problems can occur if the third party uses a different description to thatof the client and as always,
a response is not guaranteed.
Other audit evidence about inventory

• For specialised inventory – livestock, property, food in restaurants,significant work in progress
– it will be necessary to obtain evidencefrom experts
• The auditor needs to obtain evidence of the value of the inventory.

– Cost information can be obtained from invoices and price lists.
- The costs of manufactured inventory can be obtained from invoicesand costing records.
– The opinion of independent experts may be obtained.
7.4 The audit of payables and accruals

Principles
• The main thrust of the testing of payables is usually to test forcompleteness.

•Testing for existence, valuation, etc. is still important, but the majorconsideration, is for the
auditor to gain assurance that all liabilitieswhich should be included, are included.
You therefore have to think of the best indicators that additional liabilitiesmay exist. If as a result
of this, none are revealed, the testing of the values,rights and obligations of the payables we know
about is relativelystraightforward.
Possible indicators of additional liabilities
Does the list of payables at the year end:

• include all the major suppliers the client dealt with during the year?
• include all significant suppliers from the equivalent list last year?
• include all expected accruals? Rent, utilities, telephone, etc.
•include expected sources of financing for non-currentassets? Leasing,hire purchase, mortgages,
etc.
• include all expected tax balances? Profits/corporation tax, payroll taxes,value added taxes, etc.
• include all suppliers revealed by a review of payments after the yearend?
• include all suppliers revealed by a review of unpaid invoices at and afterthe year end?

• Ensure that payables have been included in the financial statements inthe heading of current
liabilities and agree to the working papers ofpayables
Existence
• Circularise a sample of trade payables to confirm the balance at theend of the year [this is not a
usual audit test, and is more or less thesame format as for receivables confirmations except that
negativeconfirmations are more acceptable]
• Reconcile supplier statement balances to the payables ledger
Completeness

• Investigate any supplier names that were shown on last year's payableslisting but do not have a
balance showing in this year's list of balances
• Review after date invoices and payments and ensure they have beenprovided for at the year-
endas appropriate
• Perform analytical procedures on the list of payables. Determinereasons for any unusual changes
in the total balance of individualpayables in the list
• Calculate the trade payables payment period and compare to last yearto assess reasonableness
• Obtain a list of the individual balances from the payables ledger, checkthe cast and agree the total
to the trade payables figure in the draftfinancial statements
• Obtain a list of debit balances in the payables ledger and obtainexplanations from management
• Agree brought forward figures to last year's audit file
Cutoff
• Select a sample of GRN's immediately prior to the year end and to testthat they are in
yearendpayables, and ensure that the goods are inyearendinventories, also test GRN's post year
end to test that they arenot in inventory at the year end
Supplier statement reconciliations

For those suppliers’ balances selected for testing:
• obtain supplier statements at the statement of financial position
• compare with balance according to the client’s records
• seek explanation for differences from client staff.
Accruals
• Review relevant invoices when received after the statement of financialposition date. If none are
received, compare with previous periods
• Obtain the list of accruals from the client, cast it to confirm arithmeticalaccuracy
• Agree the figure per the schedule to the general ledger and financialstatements
• Agree the calculation of the accrual by reference to supportingdocumentation e.g. previous period
invoice

Tax balances
• Corporation/Profits taxes – agree computations.
• Payroll taxes – agree to payroll records.
Overdrafts, loans, etc.

• Agree to bank confirmations.
Leases, hire purchase

• Agree details to underlying agreement.
Income statement entries related to accounts payable

• Accruals will have a direct impact on the income statement accountsthey relate to – ensure the
postings have been put through correctly andany opening accruals have been properly reversed.
• Some accruals may themselves lead to additional accruals, e.g.accrued bonuses payable to
directors and staff, may lead to additionalemployer’s social security charges.
• For all interest bearing accounts, loans, overdrafts, etc., ensure thecorrect accrual is made for
interest payable.
7. 5 The audit of bank and cash
BANK AND CASH
ASSERSIONS PROCEDURES
EXISTANCE
BANK LETTER
RIGHTS & OBLIGATIONS
COMPILED BY MAJORY TINOTENDA NYAZEMA CASH COUNT Page 173
BANK CONFIRMATION
VALUATION
COMPLETENESS
The bank letter (bank confirmation reports)

• Direct confirmation of bank balances gives the auditor independent,third-party
evidence.
• The format of the letter is usually standard and agreed between thebanking and auditing
professions.
• Issues covered are:
– the client’s name
– the confirmation date
– balances on all bank accounts held
– any documents or other assets held for safekeeping
– details of any security given
– details of any contingent arrangements – guarantees, forwardcurrency purchases or sales,
letters of credit.
• The auditor needs the client to give the bank authorisation to disclosethe necessary information
(In some jurisdictions such disclosures areillegal so bank letters cannot be used at all).
• Ensure that all banks that the client deals with are circularised.
• When items on the bank letter are dealt with, tick them off and cross-referenceto the relevant
working paper to make it easy to see thatthere are no outstanding items. The balances for each
bank accountshould be agreed to the relevant bank reconciliation at the year end;interest charges
should be agreed to the interest expense accout inthe general ledger; details of loans should be

agreed to the disclosurein the statement of financial position to ensure it is correctly classifiedinto
the current and non current elements.
Bank and cash – other evidence

• Obtain a list of all bank accounts, cash balances and bank loans andoverdrafts and agree to totals
to figures included in current assets andcurrent liabilities in the financial statements
• Obtain a copy of the client's bank reconciliation, cast and agree thebalances to the cash book and
bank letter
• Trace all outstanding lodgements and unpresented cheques to pre-yearendcash book and post-
yearendbank statements
• Ensure all accounts in the bank certificate are included in the financialstatements
• Ensure bank loans and overdrafts are not offset against positive bankbalances in the financial
statements
• Count the petty cash in the cash tin at the end of the year and agree thetotal to the balance included
in the financial statements
• Note. It is vital for an auditor conducting a cash count to do so in thepresence of a member of the
client’s staff and to obtain a signature forthe amounts handed back into the client’s custody
• Where there are multiple cash balances – a number of tills in adepartment store, etc. – it is
important to ensure amounts cannot bemoved between tills and that proper cutoffprocedures are
in place.
Income statement and other account entries related to bank andcash

• Clearly, bank loans, overdrafts and bank deposits all have interestimplications.
• The bank letter may reveal details of security, borrowings andcontingent liabilities which need
to be disclosed in the financialstatements.

• Ensure that bank and cash have been included in the financialstatements in the heading of current
assets and overdraft loanspresented in current liabilities and non-currentliabilities.
• Ensure the financial statement amounts agree back to the trial balanceamount.

7.5 The audit of tangible Non-Current Assets

Existence
• Select a sample of assets visible at the client premises and inspect theasset register to ensure they
are included.
Completeness
• Select a sample of assets from the non-currentasset register andphysically inspect them.
• Examine the repairs and maintenance accounts in the general ledgerfor large and unusual items
that may be capital in nature.
Valuation
• Reperform depreciation calculations by:
– selecting a sample of assets from the register and recalculating the charge for the year
– recasting the list of individual asset depreciation charges
– agreeing the total charge to the financial statement.
• Alternatively, agree this year’s charge as reasonable by taking lastyear’s charge and amending it
for additions, disposals, revaluations,changes in method or policy, etc. Compare the predicted
charge for theyear with the actual charge, and seek explanations for any materialdifferences.
• Assess depreciation policies for reasonableness by:
– comparing methods used with prior year
– comparing methods used with similar companies
– analysing the recent trend of profits and losses on asset disposals.
• If any assets have been revalued during the year:
– agree new valuation to valuer’s report
– verify that all similar assets have also been revalued
– reperform depreciation calculation to verify that charge is based on new carrying value.
• For a sample of assets, agree cost to purchase invoice (or otherrelevant documentation) ensuring
all relevant costs have been included.

• If any assets have been constructed by the company, obtain analysis ofcosts incurred and agree
to supporting documentation (timesheets,materials invoices, etc.).
• When physically inspecting assets, take note of their condition andusage in case of impairment.
Rights and Obligations

• For a sample of recorded assets, obtain and inspect ownershipdocumentation:
– title deeds for properties
– registration documents for vehicles
– insurance documents may also help to verify ownership (and assetvalues).
• Where assets are leased, inspect the lease document to assesswhether the lease is operating or
finance (if the latter, the asset shouldbe included on the company’s statement of financial position).
Disclosure
• Agree opening balances with prior year financial statements.
• Compare depreciation rates in use with those disclosed.
• For revalued assets, ensure appropriate disclosures made (e.g. nameof valuer, revaluation policy).
• Agree breakdown of assets between classes with the general ledgeraccount totals.
NON-CURRENT ASSETS

ASSERSIONS PROCEDURES
EXISTANCE PHYSICAL INSPECTION
COMPLETENESS REVIEW LIKELY ACCOUNTS FOR

MISPOSTINGS
INSPECT TITTLE DEEDS E.T.C
RIGHTS AND OBLIGATIONS

INSPECT PURCHASE
CONTRACTS
CONTRACTSCONTRACTS
INSPECT INVOICES E.T.C
RECALCULATE DEPRECIATION
CHARGE
VALUATION CONFIRM VALUATION WITH

EXPERT
CONSIDER IMPAIRMENT

7.6 The audit of Non-currentliabilities
NON-CURRENT LIABILITIES
ASSERTIONS PROCEDURES
EXISTANCE
BANK LETTER
RIGHTS AND OBLIGATIONS LENDER STATEMENTS
VALUATION
COMPLETENESS
BACK TO BACK WITH RELATED
ASSETS
REVIEW PAYMENTS TO
POSSIBLE LENDERS
COMPILED BY MAJORY TINOTENDA NYAZEMA REVIEW MINUTES, E.T.C

Page 179
AND CHECK CALSULATIONS

OF INTEREST
Loan payables
• Agree loan balance to the loan statement confirms rights and obligationand valuation.
• Agree interest payments to the loan agreement and the bankstatements, to confirm rights and
obligations.
• Analyse relevant disclosures of interest rates, amounts due (e.g.between current and
noncurrentpayables) to ensure complete andaccurate.
• Recalculate the interest accrual to ensure arithmetical accuracy.
Provisions and contingencies

Provisions are a form of payable where the amount or timing of payment isuncertain. As such they
are harder to audit.
Where the likelihood of payment is only possible, rather than probable, noamounts will be entered
in the accounts. However, the matter (contingentliability) must be adequately disclosed.
• Discuss the matter giving rise to the provision with the client to verifywhether an obligation
exists.
• Obtain confirmation from the clients lawyers as to the possible outcomeand probability of having
to make a payment.
• Review subsequent events. By the time the final audit is taking placethe matter may have been
settled.
• Obtain a letter of representation from the client as the matter is one ofjudgement and uncertainty.

7.8 Relying on the work of others

• Auditors may need to rely on the work of others. (The ISAs stress theneed for auditors to consult
with others in appropriate circumstances.)
• Auditors may choose to rely on the work of others because they find iteffective and efficient to
do so.
The need to consult others

Auditors do not need to be experts in all aspects of their clients’ business. Where they are unable
to form an opinion without expert help the auditorswill need to consult. Examples are:
• property valuations
• construction work in progress
Choosing to consult others

Because of the circumstances at a particular client, it may be effective andefficient for the auditor
to rely on the work of others. Examples are:
• specialist inventory – livestock, food and drink in the restaurant trade,technically complex
inventory
• actuarial valuations for pension schemes.
• internal audit
• confirmation from external holders of the client’s inventory
• another firm of auditors for assurance on an overseas branch orsubsidiary
• service organisations
What attributes do these ‘other people’ need?

ISA 620: Using the Work of an Expert states that the auditor should obtainsufficient and
appropriate evidence that the work of the expert is adequatefor the purpose of the audit.
In making this assessment the external auditor must assess the expert’s:

• independence and objectivity

• competence – consider:
– qualifications
– experience.
For example, the auditor might inspect a valuation report to provideevidence of a revaluation of
land and buildings. However, this report mightbe have been produced by a qualified valuer who is
a close friend or relativeof one of the directors.
The auditor will have to decide whether:

• the valuer is sufficiently independent
• the report provided is reliable or not.
7.8.1 Relying on internal audit

• Internal audit forms a part of the client’s system of internal control.
• It may well therefore reduce control risk.
• The auditor will take this into consideration when planning auditprocedures and reduced levels
of substantive testing may therefore beappropriate.
The auditor cannot devolve responsibility for the audit opinion onto theinternal audit department.
“ISA 610: Considering the Work of Internal Audit” states that before relying onthe work of
internal audit, the external auditor must first assess the internalaudit function with regard to:
• the objectivity and technical competence of the internal audit staff
• whether the internal audit function is carried out with due professionalcare
• the effect of any constraints or restrictions placed on the internalfunction by management or those
charged with governance.
If the function is assessed and is found not to be sufficiently independent ofthe management
structure or the staff are not suitably qualified and trained,there is no point in the external auditor

going to the trouble of assessing thework that has been performed by the function during the year
as it will not beconsidered reliable enough for external audit purposes.
However, if the internal audit function has been assessed as reliable, thespecific work should be
evaluated to ascertain its adequacy.
The externalauditor must consider whether:

• the work is properly supervised, reviewed and documented
• the persons performing the work have relevant experience and training
• sufficient and appropriate evidence has been obtained
• the conclusions drawn are valid given the results of the work performed
• recommendations made have been acted on by management.
If the auditor assesses both the function and the specific work to be reliableand adequate, the work
will be relied on and reduced levels of testing will beperformed.
7.8.2 Service organisations

The client may outsource certain functions to another company – a serviceorganisation, e.g.
• payroll
• receivables collection
• the entire finance function
• internal audit.
Advantages from the auditor’s point of view

• The independence of the service organisation may give increasedreliability to the evidence
obtained.
• Specialist skills readily available and tend to have a broader range ofexpertise
• Less detailed work may therefore be required.

Disadvantages
• May not obtain information readily
• Difficulties in assessing the reliability of the outsource company
• Lack of sufficient appropriate evidence.
Other considerations
• The auditor will need to be confident of the reliability and theindependence of the service
organisation.
• If the audit firm provides some of these services itself – e.g.bookkeeping or payroll services – it
will need to ensure that it canmaintain its own independence and objectivity as auditor.
Reference to the work of others in the audit report

It is the auditors' responsibility to obtain sufficient and appropriate auditevidence in order to arrive
at the correct audit opinion.
Therefore, no reference should be made in the audit report to the use ofothers during the audit.
If the auditors cannot satisfy themselves that the work of others is sufficientlyreliable then the
auditor must find another means of obtaining the requiredlevel of comfort.
They cannot pass the blame onto another party.
7.9 Accounting estimates

Accounting estimates are of particular concern to the auditor as by theirnature there may not be
any physical evidence to support them.
They aresubjective and judgemental and therefore prone to management bias.
If thedirectors wish to manipulate the accounts in any way, accounting estimates

are the easy way for them to do this. The auditor must take care whenauditing estimates to ensure
this has not been the case.
Procedures used by the auditor in respect of estimates are:

• Discuss with management their process for calculating the estimateand assess whether this
appears reasonable.
• For estimates such as provisions it may be possible to obtain anindependent expert opinion for
example correspondence from lawyersregarding a legal provision or a surveyor’s report for
evidence of anenvironmental provision.
• Review subsequent events, for example if there is a pending legal casewith a legal provision at
the statement of financial position date, thecase may have been settled by the time of the audit and
therefore willprovide evidence as to whether the provision was reasonably stated.
An accrual can be compared with the actual invoice if the invoice hasbeen received by the client
by the time of the audit.
7.10 Computer assisted audit techniques (CAATs)

The use of a computer to either perform, be tested or to assist the auditorsin carrying out their audit
procedures.
With so many accounting systems now held on computer, the assuranceprovider may wish to make
use of CAAT’s. There are two types of CAAT’s
(1) Audit software
(2) Test data- live
- dead
7.10.1 Audit software

Description
This is software specifically designed for audit purposes, there are anumber of off-the-
shelfpackages available, or the auditor could have atailor-madesystem.

It is used to process the client’s data in order to checkthat the figures themselves are correct. It can
therefore carry out a wholerange of substantive procedure, across all sorts of different data.
Examples of what audit software can do include:

• Extract a sample according to specified criteria
– Random
– Over a certain amount
– Below a certain amount
– At certain dates
• Calculate ratios and select those outside the criteria
• Check calculations (for example additions)
• Prepare reports (budget vs actual)
• Produce letters to send out to customers suppliers
• Follow items through a computerised system
Package programmes are generally designed to;

• read computer files
• select information
• perform calculations
• create data files, and
• print reports in a format specified by the auditor
7.10.2 Test data

The assurance provider supervises the process of running data through theclients system. To do
this the auditor would have to
• Note controls in the clients system
• Decide upon the test data
It maybe processed during a normal production run -‘live’ test data orduring a special run at a
point in time outside the normal cycle -‘dead’ testdata, either with real data or dummy data.

• Run the test data

• Compare results with those expected
• Conclude on whether controls are operating properly
Through test data. This is data generated by the auditor in order to test thesystems, processing
logic, calculations and controls, to ensure that thecontrols within the system are operating properly.
An auditor would take a transaction through a system, testing the systemslimits. So you would
have ‘normal’ transactions and invalid transactions totest that the system work. If the results are
positive that means the auditorcan rely on the system and have more confidence that the output
isaccurate.
What are the benefits of CAAT’s?

Benefits / Advantages Examples
CAAT’s force the auditor to rely on Credit limits within a system canonly be
programmed controls during the audit. changed by theaccountant. A computerassisted
Sometimes it may be the only way to test check will test that thisis the case.
controls within a computer system, therefore
enables the auditor to test program controls
Using CAAT’s enables the auditors to
comply with ISA of obtaining appropriateaudit
evidence increasing the overallconfidence for
the audit opinion
Large number of items can be tested Checking the depreciationcharged on each

quickly and accurately asset wouldbe quicker with a computerassisted
program than manually

CAAT’s test original documentationinstead of Actual wages will be testedinstead of paper

print outs, therefore theauthenticity of the copies.
document is more validthis way.
After initial set up costs, using CAAT’sare Examples of use or audit tests
likely to be cost effective, as thesame audit (1) Calculation checks
software can be used eachyear as long as the (2) Reviewing lists of old oroutstanding items
system doesn’tchanged andinvesting those specifically
(3) Detecting for unreasonableitems
(6) Detecting violation of thesystem rules
(5) New analysis
(6) Completeness checks
(7) Selects samples
(8) Identifying exceptionreporting facilities
Allow the results from using using CAATsto If the two sources of evidenceagree then this
be compared with ‘traditional’ testing, too will increasethe overall audit confidence
What are the weaknesses, or problems with CAAT’s, and how canthey be resolved?
Weaknesses / problems Recommendations / resolve

Limitations
CAAT’s will be limited depending onhow well Ensure you understand the system
the computer system isintegrated. The more to assess whether audit software
integrated thebetter the use of CAAT’s. For will be relevant for the company.
examplethe invoices should be Need to assess whether there is a

computergenerated and then processed need for the audit software.

throughthe accounts system to feed in to
thefinancial statements
The existing system made do some ofthe

functions of the CAAT, for examplehighlight
old balances or obsoleteinventory.
Reliability Assess the reliability, document

CAAT’s are only useful methods oftesting if and then make a decision whether
you can rely on the system, so it’s relevant to use audit software
the auditor would have to assess thereliability as part of the evidence collected.
first, before use.
Cost A cost benefit analysis from theaudit point of

It takes time to design CAAT’s teststherefore view should becarried out prior to deciding to
may not be cost effective ifthe auditor is usethe audit software.
dealing with a bespokesystem, as there maybe
a lot of set upcosts. The reason for this is it
takestime to write specific test data or
toprogram the audit software to theneeds of the
client.
Lack of software documentationIf the Shouldn’t use audit software untilthese have
company you are auditing can notconfirm all been identified. Holduntil this point.
system documentation isavailable, then the
auditors will beunable to do the tests
effectively due to
lack of understanding.

Change to clients systems A cost benefit analysis from theaudit point of

If there is a change in the accountingyear or view should becarried out prior to deciding to
from the previous year then the usethe audit software.
audit software will have to be reset and
designed, therefore may be costly. Or if you know there to be achange in the near
future hold theaudit software until that year.
Lack of direction and uselessresults The audit manager needs to beclear exactly
Audit tests may be done just becausethe what audit assertionsare being tested, and what
auditors have the facility to dothem, therefore theexpected outputs are.
the output of results willeither be inconclusive
or not required.
Therefore having an inefficient andcostly
audit.
Use of copy files To ensure the files are genuineeither the

Clients tend to provide the auditorswith copies auditor should supervisethe copying or use the
of the system notes andany other relevant originals inthe first place.
information. Theproblem here is do we know
if thoseare the actual files?
Test data – problems

Damage of computer systemBecause we are Ensure as auditors we understandthe system
testing the limits of thesystem the dummy and have support ifneed be form software
process maydamage the computer system. experts.
Need to reverse or remove dummytransactions Ensure there is a process forensuring all

Ideally test data should be run ‘live’ ifnot dummy transactionsare cleared and the auditor
possible then the ‘dead’ test dataneeds to be hasdiscussed when they can use thecomputer
used under identicalsystems for it to be valid, and for what test
and enoughcomputer time should be provided. specifically.

The transactions may be incorrectly or

incompletely removed, leaving dummy
data in a live system.
Examples of Test Data
Tests Reason for the Test
Revenue
Input an order into the clientssystem that The order should not be accepted, orshould
would cause acustomer to exceed theircredit raise a query whether you are sureyou wish to
limit proceed. If this happens thenthe auditors will
have confidence the systemis working
properly
Input a negative number ofitems on an order Ensures only positive quantities areaccepted
Input incomplete customerdetails The system should not process the orderunless
all information is completed
Input an excessive amount There are reasonable checks in the systemto
identify possible input errors. A
warningshould appear on the screen
confirming thenumber
Input and invalid inventorycode Ensures that the computer detects the
invalid code and presents an errormessage
rather than taking the nearest

code and accepting it
Input of invalid details Ensures that no errors are made for sippingand
payment
Purchases
Raise an order from asupplier not on the A query should be raised as to whether
preferredsupplier list youwant to proceed with this transaction
Process an order with anunauthorised staff ID The system should reject the processaltogether
or send the request through to anappropriate
person for authorisation
Try and make changes to thesupplier standing The system should reject the processaltogether
data usingthe ID of someone who is or send the request through to anappropriate
notauthorised to do so person for authorisation
Payroll
Try and set up a newemployee up on the The system should reject the processaltogether
payrollsystem using an unauthorized ID or send the request through to anappropriate
person for authorisation
Try and make employeechanges of detail using The system should reject the processaltogether
anunauthorised or send the request through to anappropriate
ID person for authorisation
Make an excess change forexample increase The system should have parameters inplace to
someone’ssalary by $1,000,000 bysomeone question this amount, and maybereject it due to
authorised it being outside the normalrange

Receivables Audit software examples
Cast the receivables ledgerto ensure it agrees To ensure the completeness and accuracyof the
with thetotal on the receivables items on the receivables controlaccount
control account
Compare the balances to thecredit limits to To check or violation of the system rules
ensure theyhaven’t been exceeded
Review the balances toensure they don’t To check for unreasonable items in the
exceed thetotal sales to that customer ledger
To review the receivable dayson a monthly To obtain new / relevant statistical

basis andcompare to year information
To form receivable balancesto show all To select specific items for the audit test.
material items andselect appropriate
samplingfor testing.
To produce an agedreceivables analysis to To assist in the receivables valuation

assistwith identification ofirrecoverable testing.
receivables.

Give examples of test using CAATs when dealing with orders received,goods despatched, and
invoices raised.
Solution
Orders

Place orders on the website using test data.

Goods dispatched
Programme audit software to select a sample of customer orders, obtain the GDN number from
each order, and verify that each GDN number exists in the GDN file.
Invoice
Programme audit software to select a sample of GDNs, obtain the invoice numbers from each order
and verify that each invoice number exists in the invoice file. (GDN – goods despatch note)
7.12 Not for profit organisations

A not for profit organisation is an organisation whose primary objective isother than making a
profit, examples being:
• charities
• clubs
• public schools.
7.12.1 Audit techniques

Differences
• The auditor will test the utilisation of funds to ensure they are beingspent correctly.
• Tend to perform substantive procedures due to lack of systems,evidence being analytical
procedures, discussion and regulations.
• Sample size tends to be high, due to the volume of transactions beinglow. In some cases
populations can be tested 100%.
• Observation presents its self as a problem, due to people acting ingood behaviour when observed.
Therefore the auditor may not obtain atrue reflection of what's going on.
• Not for profit organisations tend to have poor systems due to
– lack of segregation of duties, as the organisation will be restrictedwith the amount of staff who
work
– people tend to be volunteers, therefore likely to be unqualified andhave an unawareness of the
importance of controls.
• Whereas profit organisations do.

• In not for profit organisations the transactions tend to be less formal, sothere maybe no receipt
for expenses or receipts of money. Whereas aprofit organisation will document all communication
and transactions.
• Revenue is unpredictable in non profit organisations, so if difficult toforecast, unlike profit
organisations who tend to hold contracts andorders, so difficult to test the going concern basis.
Question 1
During the final audit of Powerfast, the following points arose in the audit manager’s review of
the audit of inventories for the year ending 31 May 2019.
(a) No audit work had been conducted in order to ascertain whether any inventory items should be
written down to net realisable value. (12 marks)
(b) The client utilises large quantities of coal in order to produce their output. The coal is stored in
large piles and is transported to the factory units by means of a conveyor system. Perpetual
inventory records are maintained showing the amount of coal on hand, and receipts and
withdrawals of coal. No audit work has been carried out in this area, the perpetual inventory
records having been accepted for financial statement purposes. (8 marks)
Required:
Describe the audit procedures which would be carried out at this late stage of the audit in
order to satisfy the audit manager’s review points and ensure that inventories are accurately
stated in the financial statements.
(c) Another client of your firm is Camry Products. You are reviewing the plans for a physical
inventory count at the company's warehouse on 31 May 2019. The company assembles domestic
appliances, and inventory of finished appliances, unassembled parts and sundry inventories are
stored in the warehouse which is adjacent to the company's assembly plant. The plant will continue
to produce goods during the inventory count until 5 pm on 31 May 2019. On 30 May 2019, the
warehouse staff will deliver the estimated quantities of unassembled parts and sundry inventories
which will be required for production for 31 May 2019; however, emergency requisitions by the
factory will be filled on 31 May. During the inventory count, the warehouse staff will continue to
receive parts and sundry inventories, and to despatch finished appliances. Appliances which are
completed on 31 May 2019 will remain in the assembly plant until after the physical inventory

count has been completed.

Required:
Describe the procedures which Camry Products Ltd should establish in order to ensure
that all inventory items are counted and that no item of inventory is counted twice.
(10 marks)
Question 2
ISA 500 requires that ‘The auditor should obtain sufficient appropriate audit evidence to be able
to draw reasonable conclusions on which to base the audit opinion.’ The explanatory material
contained within ISA 500 identifies a number of procedures for obtaining audit evidence. ISA 500
also offers guidance as to assessing the reliability of audit evidence.
Required:
(a) Identify and describe five of the procedures for obtaining audit evidence. (5 marks)
(b) For each of the procedures, describe an audit test using that procedure to obtain evidence
as to the balance of plant and equipment including the related balances of accumulated
depreciation and charges to income. (5 marks)
(c) For each of the procedures, discuss considerations affecting your judgement as to
the reliability of the evidence with particular reference to the test described in your
answer to (b). (10 marks)
Question 3
ISA 500 Audit Evidence requires auditors to obtain evidence that supports the relevant financial
statement assertions. One of these assertions is that of valuation. Evidence is therefore required to
ensure that assets or liabilities are recorded at an appropriate carrying value. Many audit failures
are associated with difficulties experienced by auditors in verifying this assertion in the face of
attempts by management to engage in creative accounting. In verifying valuation auditors need to
determine that the basis of valuation is consistent with accepted accounting practice usually aided
by reference to financial reporting standards. Additionally auditors need to obtain sufficient
evidence as to the values themselves. Valuation problems likely to be encountered by auditors
include those associated with determining:

(i) the appropriate amount of overhead carried forward as part of the cost of closing inventory.
(ii) the carrying amount of property, plant and equipment having a limited useful economic life.
(iii) development costs deferred in the year and recognised as an intangible asset.
Required:
For each of the three items:
(a) state the acceptable basis of valuation. (6 marks)
(b) state and explain the audit approach and procedures to be performed in verifying
the appropriateness of the basis of valuation and the correctness of the actual
amounts. (14 marks)
Note: You are only required to consider audit procedures relevant to the valuation assertion.
(Total: 20 marks)

CHAPTER 8
Completion and review
8.1 Introduction
This chapter deals with some of the procedures which happen at the completion stage of the audit.It
deals with:
• the significance of the partner’s file review
• what to do about errors
• subsequent events (events after the reporting period)
• going concern
• management representations.
It does not deal with the technicalities of how to carry out a file review or some of the other issues
which tend to arise at the completion stage. You will come across these later in your studies.
8.2 Overall review of evidence

The review is one of the three pillars of quality control, the other two being planning and
supervision.
The role of review in quality control is set out in ISA 220 Quality Control forAudits of Historical
Financial Information.
8.2 Unadjusted differences

ISA 260 allows for a threshold to be set to avoid the necessity for reporting errors which are
clearly trivial,but this reinforces the need for the ‘errors schedule’ to be completed methodically
as the audit progresses.

• Errors identified through sampling need to be extrapolated so that the potential error in the
population as a whole can be estimated. If such errors reveal a potentially material adjustment, the
audit team should have carried out additional work to determine whether or not the error actually
is material, before the assignment reaches the review stage.
• ISA 260 Communication of audit matters with those charged with governance states that the
auditors would normally report:
– material audit adjustments whether or not recorded by the entity and
– aggregate uncorrected misstatements
– Consideration of errors identified in the course of the audit will often provide useful input to the
planning process for the following year’s audit.
8.3 Events after the reporting period review

ISA 560 Subsequent Events details the responsibilities of the auditors with respect to subsequent
events and the procedures they can use. As auditors are responsible for their audit work right up
to the date that the financial statements are issued, they should perform subsequent event reviews
until that date has passed.
However, the nature of their responsibility changes at the point the audit report is signed – see
section 'Going concern reviews – the auditor's role below.
Audit procedures undertaken in performing a subsequent events review might include any of the
following:
• Enquiring into management procedures/systems for the identification of subsequent events.
• Reading minutes of members’ and directors’ meetings, and of audit and executive committee
meetings, and enquiring about matters not yet minuted.
• Reviewing accounting records including budgets, forecasts and interim information.
• Making enquiries of directors to ask if they are aware of any subsequent events, adjusting or non-
adjusting,that have not yet been included or disclosed in the financial statements.
• ‘Normal’ post reporting period work performed in order to verify year end balances:
– checking after date receipts from receivables
– verifying the value of accrued expenses by checking invoices when received

– checking inventory valuations are at lower cost and net realizable value by testing to
eventual selling prices.
• Obtaining, from management, a letter of representation.
Illustration
A few days after signing an audit report, but before the client’s financialstatements have been
approved by the shareholders at the AGM, theauditors receive a phone call from a director
indicating a material errorin the financial statements.
• Client produces a revised set of financial statements.
In such circumstances, a number of things may happen.Where this happens, the auditor needs to
produce a new audit report, asthe audit report must always be dated on or after the date that
thefinancial statements are signed by the directors. The auditor willtherefore need to extend ‘active
duties’ on all other matters from theoriginal date of the audit report to the new date.
• Client refuses to change the financial statements.
Now the financial statements are materially wrong, but the initial auditreport said they were true
and fair. The auditor should ask for the auditreport back, so that a new qualified report can be
issued. However, theclient may refuse this as well.
In such circumstances, the auditor should obtain legal advice, considerresignation, and speak at
the AGM to notify shareholders.

The date is 3 September 2017. The audit of Brand Co is nearlycomplete and the financial
statements and the audit report are due to besigned next week. However, the following additional
information on twomaterial events has just been presented to the auditor. The company'syear end
was 30 June 2017.

Event 1 – Occurred on 6 July 2017

The filiments in a new type of light bulb have been found to be defectivemaking the light bulb
unsafe for use. There have been no sales of thislight bulb; it was due to be marketed in the next
few weeks. Thecompany's insurers estimate that inventory to the value of $600,000 hasbeen
affected. The insurers also estimate that the light bulbs are nowonly worth $125,000. No claim can
be made against the supplier offiliments as this company is in liquidation with no prospect of any
amounts being paid to third parties. The insurers will not pay Brand forthe fall in value of the
inventory as the company was underinsured. All ofthis inventory was in the finished goods store
at the end of the year andno movements of inventory have been recorded post yearend.
Event 2 – Occurred 3 August 2017

Production at the Bask factory was halted for one day when an oil truckreversed into a metal pylon,
puncturing the vehicle allowing oil to spreadacross the factory premises and into a local reservoir.
TheEnvironmental Agency is currently considering whether the release of oilwas in breach of
environmental legislation. The company's insurers havenot yet commented on the event.
Required:
(a)For each of the two events above:
(i) Explain whether the events are adjusting or non-adjustingaccording to IAS 10Events After the
Reporting Period.(6 marks)
(ii)Explain the auditors' responsibility and the auditprocedures and actions that should be carried
outaccording to ISA 560 (Redrafted) Subsequent Events.(12 marks)
(a) Assume that the date is now 15 September 2017, the financialstatements and the audit report
have just been signed, and theannual general meeting is to take place on 10 October 2009.
TheEnvironmental Agency has issued a report stating that Brand Co isin breach of
environmental legislation and a fine of $800,000 willnow be levied on the company. The
amount is material to thefinancial statements.
Required:
Explain the additional audit work the auditor should carry outin respect of this fine.(6 marks)

Solution
(a) Event 1
(i) The problem with the light bulb inventory providesadditional evidence of conditions existing
at the endof the reporting period as the inventory was inexistence and the faulty filiments were
included inthe inventory at this time.1 mark
The value of the inventory is overstated and shouldbe reduced to the lower of cost and net
realizable value in accordance with IAS 2 Inventories.1 mark
An adjustment for this decrease in value must bemade in the financial statements.1 mark
The inventory should therefore be valued at$125,000 being the net realisable value.1 mark
(ii) The decrease in value of inventory took place afterthe end of the reporting period but before
thefinancial statements and the audit report weresigned.
1 mark
The auditor is therefore still responsible foridentifying material events that affect the
financialstatements.1 mark
Audit procedures are therefore required todetermine the net book value of the inventory andcheck
that the $125,000 is the sales value of thelight bulbs.1 mark
Audit procedures will include:

– Obtain documentation from the insurersconfirming their estimate of the value of the lightbulbs
and that no further insurance claim can bemade for the loss in value.1 mark
– Obtain the amended financial statements andensure that the directors have included$125,000 as
at the end of the reporting period.1 mark
– Ensure that the yearendvalue of inventory hasbeen decreased to $125,000 on the statementof
financial position, statement of financialposition note and the income statement.1 mark
– Review inventory lists to ensure that thedefective filiments were not used in any otherlight bulbs
and that further adjustments are notrequired to any other inventory.1 mark

– Obtain an additional managementrepresentation point confirming the accuracy ofthe amounts

writtenoffand confirming that noother items of inventory are affected.1 mark
Event 2
(i) The release of oil occurred after the end of thereporting period, so this is indicative of
conditionsexisting after the end of the reporting period – theevent could not be foreseen at the end
of thereporting period.1 mark
In this case, no adjustment to the financialstatements appears to be necessary.

1 mark
However, the investigation by the EnvironmentalAgency could result in legal claim against
thecompany for illegal pollution so as a material event itwill need disclosure in the financial
statements.1 mark
(ii) As with event 1, the event takes place before thesigning of the audit report, therefore the
auditorshave a duty to identify material events affecting thefinancial statements.1 mark
Audit procedures will include:
– Obtain any documentation on the event, forexample board minutes, copies of
environmental legislation and possibly interimreports from the Environmental Agency
todetermine the extent of the damage.1 mark
– Inquire of the directors whether they will disclosethe event in the financial statements.1 mark
– If the directors plan to make disclosure of theevent, ensure that disclosure appearsappropriate.1
mark
– If the directors do not plan to make anydisclosure, consider whether disclosure isnecessary and
inform the directors accordingly.1 mark
– Where disclosure is not made and the auditorconsiders disclosure is necessary, modify theaudit
opinion on the grounds of disagreementand explain the reason for the qualification inthe report.
This will be for lack of disclosure (notprovision) even though the amount cannot yetbe
determined.1 mark

– Alternatively, if the auditor considers that therelease of oil and subsequent fine will affectBrand's
ability to continue as a going concern,draw the members' attention to this in anemphasis of matter
paragraph.1 mark
(b) The notification of a fine has taken place after the audit report hasbeen signed.
– Discuss the matter with the directors to determinetheir course of action.
– Where the directors decide to amend the disclosurefinancial statements, audit the amendment
and thenredraftand redatethe audit report as appropriate.
– Where the directors decide not to amend thefinancial statements as the disclosure the auditor
can consider other methods of contacting themembers. For example the auditor can speak in
theupcoming general meeting to inform the members ofthe event.
– Other options such as resignation seeminappropriate due to the proximity fo the annualgeneral
meeting (AGM). Resignation would allowthe auditor to ask the directors to convene
anextraordinary general meeting, but this could nottake place before the AGM so the auditor
shouldspeak at the AGM instead.
8.5 Going concern ISA 570

According to IAS 1 financial statements should be prepared on the basis that the company is a
going concern unless it is inappropriate to do so.
• The going concern concept is defined in IAS 1 as the assumption that the enterprise will continue
in operational existence for the foreseeable future.
• Any consideration involving the ‘foreseeable future’ involves making a judgement about future
events, which are inherently uncertain.
• Uncertainty increases with time and judgements can only be made onthe basis of information
available at any point – subsequent events can overturn that judgement.
• Management (and auditors) should generally look ahead at least one year from the date of the
directors’ approval of the financial statements,in assessing the validity of the going concern basis.
• There may be circumstances in which it is appropriate to look furtherahead. This depends on the
nature of the business and the associatedrisks.

8.5.1 The going concern concept – significance

Whether or not a company can be classed as a going concern affects how its financial statements
are prepared.
• Financial statements are usually prepared on the basis that the reporting entity is a going concern.
• IAS 1 states that ‘an entity should prepare its financial statements on agoing concern basis, unless
– the entity is being liquidated or has ceased trading, or
– the directors have no realistic alternative but to liquidate the entity or to cease trading.’
• Where the assumption is made that the company will cease trading, the financial statements are
prepared using the breakup basis under
which:
– assets are recorded at likely sale values
– inventory and receivables are likely to require more provisions, and
– additional liabilities may arise (severance costs for staff, the costsof closing down facilities,
etc.).
8.5.2 Going concern reviews – the auditor’s role

Auditors are concerned with ensuring that financial statements give a ‘true and fair’ view, which
includes being satisfied that they have been prepared using the correct basis.
• A set of financial statements is typically put together on the presumption that the company will
continue trading for the foreseeable future (as aguide, at least one year).
• Auditors may appear negligent if they issue a ‘clean’ audit report on a company’s financial
statements that paint a positive picture, only for that company to quickly go out of business.
• Hence it is important for auditors to be assured that the company is a going concern, to confirm
that the correct basis of preparation has been used.
• Auditors undertake ‘going concern reviews’ to obtain this assurance.
The procedures that the auditors undertake for their going concern review will depend on the risk
that the company may not be a going concern.
• In a company where profits are high, cash flows are positive, finance is in place, and there is no
obvious exposure to large losses, goingconcern procedures are likely to be minimal.
• Where any doubts regarding going concern exist, procedures are more extensive.

• When companies go out of business, it is more likely to be due to a lack of cash than a lack of
profits. However, in the long term, profits are ofcourse essential for survival.
• The auditor should remain alert for evidence of events or conditions which may cast significant
doubt on the entity’s ability to continue as agoing concern, both in the planning stage and
throughout the audit.
8.5.3 Indicators of going concern problems

Typical indicators of going concern problems include the following:
• Net current liabilities (or net liabilities overall!).
• Borrowing facilities not agreed.
• Default on loan agreements.
• Unplanned sales of non-currentassets.
• Behind with tax payments.
• Behind with paying staff.
• Major cash outflows.
• Unable to obtain credit from suppliers.
• Major technology changes in the industry.
• Legal claims against the company.
• Loss of key management or staff.
• Overreliance on a small number of products or staff.
This is not an exhaustive list and you may identify other factors from the scenario given to you in
the exam.
8.5.4 Going concern – disclosure requirements

Where there is any doubt over the going concern status of a company, the directors should include
disclosures in the financial statements explaining:
• the doubts
• the possible effect on the company.

Where the directors have been unable to assess going concern in the usual way (e.g. for less than
one year beyond the date on which they sign the financial statements), this fact should be disclosed.
Where the financial statements are prepared on a basis other than thegoing concern basis, the basis
used should be disclosed.
8.5.6 Going concern reviews – reporting implications

Here it is important for you to understand the following.
• Financial statements are normally prepared on the going concern basis.
• Where the going concern basis is used and is appropriate, the auditors do not need to mention the
fact in their report.
• If the auditors believe that the going concern basis is inappropriate, or the disclosures given by
management about the going concern issues are inadequate, but the directors do not, the audit
report will need to be qualified, i.e. the auditors will be saying that the financial statements do not
give a true and fair view.
• If the going concern basis is not appropriate and the directors prepare the financial statements on
some other, appropriate basis, the auditors would normally refer to this in their report because it is
a matter of extreme significance – this is called an ‘emphasis of matter paragraph’for obvious
reasons.
8.6 Class Disscusion

Smithson Co provides scientific services to a wide range of clients.Typical assignments range from
testing food for illegal additives toproviding forensic analysis on items used to commit crimes to
assist lawenforcement officers.
The annual audit is nearly complete. As audit senior you have reportedto the engagement partner
that Smithson is having some financialdifficulties. Income has fallen due to the adverse effect of
two high-profilecourt cases, where Smithson's services to assist the prosecution werefound to be
in error. Not only did this provide adverse publicity forSmithson, but a number of clients withdrew
their contracts. A senioremployee then left Smithson, stating lack of investment in new
analysismachines was increasing the risk of incorrect information beingprovided by the company.

A cash flow forecast prepared internally shows Smithson requiringsignificant additional cash
within the next 12 months to maintain even thecurrent level of services.
Required:
(a)Define 'going concern' and discuss the auditor's anddirectors responsibilities in respect of going
concern.(5 marks)
(b)State the audit procedures that may be carried out to try todetermine whether or not Smithson
Co is a going concern.(10 marks)
(c)Explain the audit procedures the auditor may take where theauditor has decided that Smithson
Co is unlikely to be agoing concern.(5 marks)
8.7 Management representations ISA 580

Management representations are a particular type of enquiry, whereby the auditor asks
management to confirm, in writing, a number of issues covered by or surrounding the financial
statements.
• These may be general matters such as:
– the directors’ understanding that it is their responsibility to produce financial statements
that show a true and fair view or
– whether all information that the auditors need for the purpose of the audit has been
communicated to the auditors.
• They may be specific to the client or this particular year’s financial statements such as:
– confirmation of values where there is a significant degree of estimation or judgement
involved, e.g. development expenditure onnew products or the outcome of litigation
– formal confirmation of the directors’ judgement on contentious issues, e.g. the recognition
of revenue, or the value of assets where there is a risk of impairment.
8.7.1 How are management representations obtained?

As the audit progresses, the audit team will assemble a list of those items about which it is
appropriate to seek management representations.
As part of the completion process the auditors will write to the client’s management stating the
issues about which they are seeking representations.
The representations themselves may take any of the following forms.

• A letter from the client’s management to the auditors covering the necessary points. Usually the
auditors will provide management with a draft of the letter for them to produce on the client’s
letterhead and sign.
• A letter from the auditors to management setting out the necessary points, which management
signs in acknowledgement and returns to the auditors.
• Minutes of the meeting at which representations were made orally which can be signed by
management as a true record of what was discussed.
8.7.2 Why do auditors need management representations?

You may think that as the auditor’s job is to form an independent opinion about whether or not the
financial statements prepared by management give a true and fair view, the value of representations
from management might be questionable.
However, there are three good reasons why management representations are necessary:
(1) Precisely because it is management’s responsibility to produce financial statements that show
a true and fair view, the most obvious first source of audit evidence is to ask them whether or not
they have done so.
(2) There may be circumstances where no other sufficient, appropriate audit evidence may
reasonably be expected to exist – the issues concerning estimation and judgement mentioned above
are the most obvious examples.
(3) ISA 580 Management representationsand the requirements of a number of other ISAs make
it compulsory for the auditors to obtain management representations on a number of specific
issues.
8.7.3 The quality and reliability of management representations

We have seen in Chapter on audit evidence that the quality and reliability of audit evidence
depends on a number of issues, in particular:

• its source (independent, external or auditor generated evidence is better than evidence generated
internally by the client)
• how it is obtained (evidence obtained directly by the auditor is better than evidence obtained
indirectly by inference)
• its medium (documentary, particularly original rather than copied,evidence is better than oral
evidence).
Clearly written management representations are documentary evidence obtained directly by the
auditor which is the good news.
The bad news is that management representations are not independent.The auditor will therefore
have to make judgements about:
• management’s competence to make the representations
• management’s integrity
• whether circumstances are such that management’s behaviour may be expected to be different
from how it has been in the past.
If, for example the client was:
• under increased financial pressure because of difficult trading conditions
• subject to being taken over, where the value of managements’shareholdings could vary widely
depending on the terms of the takeover the auditors might revise their judgement about the
reliability of management representations.
8.9 ISA 260 (Revised) Communication with Those Charged with

Governance and ISA 265 Communicating Deficiencies in
Internal Control to Those Charged with Governance and
Management
These standards require the external auditors to engage in communications with management. The
main forms of formal communication between the auditors and management are: the engagement
letter and another written communication, usually sent at the end of the audit, which is often
referred to as 'the management letter/ Letter of weakness/ Recommendation letter.'

The objectives of these communications are:

• To communicate the responsibilities of the auditor and an overview of the scope and timing of
the audit.
• To obtain, from those charged with governance, information relevant to the audit.
• To provide timely observations arising from the audit that are significant to the responsibilities
of those charged with governance.
• To promote effective two way communication between the auditor and those charged with
governance.
Whilst a formal communication is usually sent at the conclusion of the audit there may be a need
to communicate particular matters at other times to help meet the third objective, for example, if a
fraud is discovered.
Audit matters of governance interest include:
• Auditor's responsibilities in relation to the audit.
• Planned scope and timing of the audit.
• Significant findings from the audit:
– Auditor's views about qualitative aspects of the entity's accounting practices, policies, estimates
and disclosures.
– Significant difficulties encountered during the audit, e.g. unavailability of expected information.
– Significant matters discussed with management.
– Written representations requested.
– Circumstances that affect the form and content of the auditor's report, if any. This includes any
expected modifications to the audit report and key audit matters to be communicated in accordance
with ISA 701.
– Other matters arising significant to the oversight of the reporting process.
• Auditor independence.

Question 1
Green Co grows crops on a large farm according to strict organic principles that prohibits
the use of artificial pesticides and fertilizers. The farm has an organic certification, which
guarantees its products are organic. The certification has increased its sales of flour, potatoes
and other products, as customers seek to eat more healthily.
Green Co is run by two managers who are the only shareholders. Annual revenue is $50
million with a profit before tax of 5%. Both managers have run other businesses in the last
10 years. One business was closed due to a suspected tax fraud although no case was ever
brought to court.
Green Co’s current auditors provide audit services. Additional assurance on business
controls and the preparation of financial statements are provided by a different accountancy
firm.
Last year, a neighbouring farm, Black Co started growing genetically modified (GM) crops,
the pollen from which blows over Green Co’s fields on a regular basis. This is a threat to
Green Co’s organic status because organic crops must not be contaminated with GM
material. Green Co is considering court action against Black Co for loss of income and to
stop Black Co growing GM crops.
You are an audit partner in Lime & Co, a 15 partner firm of auditors and business advisors.
You have been friends with the managers of Green Co for the last 15 years, advising them
on an informal basis. The managers of Green Co have indicated that the audit will be put out
to tender next month and have asked your audit firm to tender for the audit and the provision
of other professional services.
Required:
(a) Using the information provided, identify and explain the ethical threats that could
affect Lime & Co. (8 marks)
(b) In respect of the going concern concept:

(i) Define ‘going concern’ and state two situations in which it should NOT be
applied in the preparation of financial statements; (3 marks)
(ii) Explain the directors’ responsibilities and the auditors’ responsibilities
regarding financial statements prepared on the going concern principle.
(4 marks)
(c) List the audit procedures that should be carried out to determine whether or not
the going concern basis is appropriate for Green Co. (5 marks)
(Total: 20 marks)
Question 2
You are auditing the financial statements of Hope Engineering for the year ending 31 March 2018.
The partner in charge of the audit instructs you to carry out a review of the company’s activities
since the financial year end. Mr Smith, the chief executive of Hope Engineering, overhears the
conversation with the partner and is surprised that you are examining accounting information
which relates to the next accounting period.
Mr Smith had been appointed on 1 March 2018 as a result of which the contract of the previous
Chief Executive, Mr Jones, was terminated. Compensation of $500,000 had been paid to Mr Jones
on 2 March 2018.
As a result of your investigations you find that the company is going to bring an action against Mr
Jones for the recovery of the compensation paid to him. It had come to light that two months prior
to his dismissal, he had contractually agreed to join the board of directors of a rival company. The
company’s solicitor had informed Hope Engineering that Mr Jones’ actions constituted a breach
of his contract with them, and that an action could be brought against the former Chief Executive
for the recovery of the moneys paid to him.
Required:
(a) List and explain the reason for the audit procedures which would be carried out in order
to identify subsequent events. (12 marks)
(b) Discuss the audit implications of the company’s decision to sue Mr Jones for the recovery
of the compensation paid to him. (8 marks)
(Total: 20 marks)

Question 3
Written representations are an important source of audit evidence. These representations may be
oral or written, and may be obtained either on an informal or formal basis. The auditor will include
information obtained in this manner in his audit working papers where it forms part of his total
audit evidence.
Required:
(a) Explain the nature and role of written representations. (6 marks)
(b) Explain why it is important for the auditor to discuss the contents of the letter of
representation at an early stage of the audit. (4 marks)
(c) Explain why standard letters of representation are becoming less frequently used
by the auditing profession. (4 marks)
(d) Discuss the implications for the auditor of a small company, if the directors refuse
to sign the letter of representation. (6 marks)
(Total: 20 marks)

CHAPTER 9
THE EXPRESSION OF THE AUDIT OPINION
9.0 THE AUDIT OPINION

A company’s auditor must report their opinions to shareholders/members on two primary matters:
1. Whether the financial statements give a true and fair view (or present fairly in all material
respects).
2. Whether the financial statements have been properly prepared in accordance with relevant
rules, e.g. – International Accounting Standards,
– a particular country’s legal requirements.
These considerations are assessed on the basis of the audit work carried out and the evidence
obtained from this.In addition, certain other matters may have to be reported by exception. These
matters, which are also referred to as implied reporting, are laid down by a country’s laws.
These matters are:
• where Returns are not received from all branches of the company
• where Accounting records are inconsistent with the Financial statements
• where Proper accounting records have not been kept
• where all Information and explanations were not received
• where Director transactions with the company are missing from Financial Statements.
**The above can be remembered using the mnemonic RAPID.
Reporting by exception is not the same as a qualification; however, as the matters dealt with are
usually legal requirements, non-compliance will probably lead to a qualification anyway. For
instance, if all informations and explanations have not been received, there will most likely be a
limitation of scope. This term is explained later in the chapter.

9.1 THE AUDITOR’S REPORT ON FINANCIAL

STATEMENTS
ISA 700 The Auditor's Report on Financial Statements, explains the basic principles of audit
reporting and identifies the elements of the auditor’s report.
9.1.1 Contents of an audit report

ISA 700 describes the elements that make up the audit report as:
• Title
The title should be ‘appropriate’. The use of ‘Independent Auditor’s Report’ distinguishes this
report from any other report produced internally or by other non-statutory auditors.
• Addressee
• The report should be addressed to the intended user of the report which is usually the
shareholders, board of directors or other party defined in the engagement or local regulations.
This varies from country to country, but is usually addressed to the members of the company.
This is to prevent other parties relying on the report when it is not intended for their use.
• Opinion
- This covers the primary statements and associated notes referred to in the introductory
paragraph (even though only the first two are referred to explicitly).
- Truth and fairness (or presented fairly in all material respects).
- Preparation in accordance with the financial reporting framework – applicable legislation
and accounting standards.
• If applicable, any other matters required under a country’s regulations. Such a statement
would be made at the end of the opinion paragraph.
• Key Audit matters
• Other Information
• Statement of responsibilities of management
- Preparation of the financial statements which show a true and fair view or present
fairly in all material respects and in accordance with the applicable financial
framework.

- Designing and implementing an effective internal control system.

- Applying appropriate accounting policies.
- Making reasonable accounting estimates.
• Statement of responsibilities of the auditors
- Express opinion.
- Assess the risk of material misstatement.
- The fact that the audit was planned and performed to obtain reasonable assurance
about whether the financial statements are free from material misstatement.
- Consider internal control as a basis for preparing financial statements without
responsibility for implementing it.
- Obtain sufficient, appropriate audit evidence on which to base the opinion.
• Scope Paragraph
- The standards under which the audit was conducted i.e. ISAs.
- A summary of audit processes and procedures in general terms e.g. examining on
a test basis, evidence to support the financial statement amounts and disclosures.
- Evaluate the appropriateness of accounting policies.
- Evaluate the overall presentation of the financial statements.
• Auditor’s signature
- This should include reference to the auditor's status as a Registered Auditor.
- The report may be signed by the firm, by the auditor individually or both.
- Normally the firm’s signature is given as the firm as a whole assumes responsibility for
the audit.
• Date of report
- The audit report must be signed after the directors have approved the financial
statements and preferably on the same day.
- It is not necessary that the final typewritten copies of financial statements are available
for signature – draft copies may be signed, provided the draft documents are
sufficiently clear to enable a proper overall assessment of presentation to be made.
• Auditor’s address

The audit report should name a specific location, which is normally the city where the auditor
maintains the office that has responsibility for the audit.
9.1.2 Example of a clean audit report

Title INDEPENDENT AUDITOR’S REPORT
Addressee (APPROPRIATE ADDRESSEE)
Report on the financial statements
Introductory paragraph
We have audited the accompanying financial statements of the XXX Company, which comprise
the statement of financial position as at 31 December, 20XX, and the income statement, statement
of changes in equity and statement of cash flow for the year then ended, and a summary of
significant accounting policies and explanatory notes.
Management responsibilityfor the financial statements
Management is responsible for the preparation and fair presentation of these financial statements
in accordance with International Financial Reporting Standards (IFRS’s). This responsibility
includes, designing, implementing and maintaining internal control relevant to the preparation and
fair presentation of financial statements that are free from material misstatement, whether due to
fraud or error; selecting and applying appropriate accounting policies; and making accounting
estimates that are reasonable in the circumstances.
Auditor's responsibility
Our responsibility is to express an opinion on these financial statements based on our audit.
Scope paragraph
We conducted our audit in accordance with International Standards on Auditing. Those Standards
require that we comply with ethical requirements and plan and perform the audit to obtain
reasonable assurance about whether the financial statements are free of material misstatement.

An audit involves performing procedures to obtain audit evidence about the amounts and
disclosures in the financial statements. The procedures selected depend on the auditor’s judgment,
including the assessment of the risks of material misstatement of the financial statements, whether
due to fraud or error. In making those risk assessments, the auditor considers internal control
relevant to the entity’s preparation and fair presentation of the financial statements in order to
design audit procedures that are appropriate in the circumstances, but not for the purpose of
expressing an opinion on the effectiveness of the entity’s internal control. An audit also includes
evaluating the appropriateness of accounting policies used and the reasonableness of accounting
estimates made by management, as well as evaluating the overall financial statement presentation.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis
for our audit opinion.
Opinion
In our opinion, the financial statements give a true and fair view of (or ‘present fairly, in all material
respects',) the financial position of the Company as of31 December, 20XX, and of its financial
performance and its cash flows for the year then ended in accordance with International Financial
Reporting Standards.
Other reporting responsibility
Report on other Legal and Regulatory
[Form and content of this section of the auditor’s report will vary depending on the nature of the
auditor’s other reporting responsibilities.]
Auditor signature
Date of the auditor’s report
9.1.3 Audit reports

AUDIT REPORT
If auditor agrees the FS are true If auditor is unable

to state the true and And fair they would give an
fair or disagrees with some aspects of the FS, a
UNMODIFIED/UNQUALIFIED
MODIFIED REPORT IS
/CLEAN AUDIT REPORT
REQUIRED
The opinion would be;
There are threepossibilities
-“do give a true and fair view”, when this kind of report is
or present in material respects”, given
-“do comply with applicable

reporting framework”
-do not give the auditor any

need to report other matters
under exception reporting rules
ADVERSE AUDIT “EXCEPT FOR” /

REPORT DISCLAIMER AUDIT “PARAGRAPH OF
REPORT EMPHASIS “ AUDIT
REPORTIf the auditor
agrees with the financial
statements but would like
to draw readers’ attention
to something through an
9.1.4 The ‘emphasis of matter’ paragraph

Modified without modifying the opinion – the FS show a true and fair view but there is something
that needs to be brought to the attention of the user by way of an additional paragraph. (ISA 570
(Revised) Going Concern and ISA 706 (Revised) Emphasis of Matter Paragraphs and Other
Matter Paragraphs in an Auditor's Report).
Examples of matters that lead to a paragraph of emphasis;
• Where the financial statements have been prepared on a basis other than the going concern
basis.
• An uncertainty relating to the future outcome of exceptional litigation or regulatory action.
• A significant subsequent event occurs between the date of the financial statements and the date
of the auditor's report.
• Early application of a new accounting standard.
• Major catastrophes that have had a significant effect on the entity's financial position.
• Where the corresponding figures have been restated.
• Where the financial statements have been recalled and reissued or when the auditor provides an
amended auditor's report.
The emphasis of matter paragraph is placed after the opinion paragraph.The paragraph is given a
separate heading.
The auditor makes it clear in the paragraph that the opinion is not qualified.
The sections of the report prior to the paragraph are unchanged. Where possible, the potential
financial effect on the financial statements should be quantified.
Where there are particular circumstances surrounding the financial statements and they are fully
disclosed, the auditors may wish to draw the reader’s attention to them in the audit report e.g.

• significant uncertainties whose outcome depends on future events
• going concern problems
• material misstatements in prior period figures
• the financial statements have been prepared on a break up basis not a going concern.
Examples of emphasis of matters
‘Without qualifying our opinion we draw attention to Note X to the financial statements. The
Company is the defendant in a lawsuit alleging infringement of certain patent rights and claiming
royalties and punitive damages. The Company has filed a counter action, and preliminary hearings
and discovery proceedings on both actions are in progress. The ultimate outcome of the matter
cannot presently be determined, and no provision for any liability that may result has been made
in the financial statements.’
Effect on the audit report
The result of these matters on the audit report is shown below. Note the circumstances given at the
top of the example reports that will give you an indication of when each type will be appropriate.
9.2 Modified Opinion
QUALIFIED REPORTS
If the auditor has been unable to obtain Evidence which should have been available then a
modified opinion will be given or where there is a disagreement with management regarding;
- acceptability of the accounting policies
- the method of their application

LIMITATION OF SCOPE DISAGREEMENT
Material Material & pervasive Material Material & pervasive
Qualified Disclaimer Qualified Adverse
Opinion Opinion
ISA 700 uses the phrase “material and pervasive” we know that unless the matter is material, it
will not cause the report to be qualified at all. So the nature of the qualification depends on the
degree of effect that the auditor considers it may have on the financial statements.
To be considered pervasive, it must affect the view given by the financial statements as a whole.
As such;
- If the circumstance is a limitation of scope it will leave the auditor unable to form an
opinion at all
- If it is a disagreement, it will be of such significance that the financial statements do not
give a true and fair view
Class discussion
i. Example: Limitation of scope – material but not pervasive
Previous paragraphs as per standard report
Auditor’s responsibility
Our responsibility is to express an opinion on these financial statements based on our audit. Except
as discussed in the following paragraph, we conducted our audit in accordance with …
We did not observe the counting of the physical inventories as of 31 December 20XX, since that
date was prior to the time we were initially engaged as auditors for the Company. Owing to the

nature of the company’s records, we were unable to satisfy ourselves as to inventory quantities by
other audit procedures.
Opinion
In our opinion, except for the effects of such adjustments, if any, as might have been determined
to be necessary had we been able to satisfy ourselves as to physical inventory quantities, the
financialstatements give a true and …
Example : Limitation of scope – pervasive therefore a disclaimer
‘We were engaged to audit the accompanying financial statements of the XXX Company, which
comprise the statement of financial position as of 31 December, 20XX and the income statement,
the statement of changes in equity and the cash flow statement for the year then ended, and a
summary of the significant accounting policies and other explanatory notes.
Management responsibility paragraph as per standard report (omit the sentence stating the
responsibility of the auditor).
(The paragraph discussing the scope of the audit would either be omitted or amended according to
the circumstances.)
(Add a paragraph discussing the scope limitation as follows.)
We were not able to observe all physical inventories and confirm accounts receivable due to
limitations placed on the scope of our work by the Company.Because of the significance of the
matters discussed in the preceding paragraph, we do not express an opinion on the financial
statements.’
Example :Disagreement – material but not pervasive
Previous paragraphs as per standard report ...Opinion
As discussed in Note X to the financial statements, no depreciation has been provided in the
financial statements which practice, in our opinion, is not in accordance with International
Financial Reporting Standards. The provision for the year ended 31 December, 20XX, should be
XXX based on the straight-line method of depreciation using annual rates of 5% for the building

and 20% for the equipment. Accordingly, the non-current assets should be reduced by accumulated
depreciation of XXX and the loss for the year and accumulated deficit should be increased by
XXX and XXX, respectively.
In our opinion, except for the effect on the financial statements of the matter referred to in the
preceding paragraph, the financial statements give a true and ...’
Iv. Example: Disagreement – pervasive therefore adverse opinion
Previous paragraphs as per standard report … Opinion paragraph
‘In our opinion, because of the effects of the matters discussed in the preceding paragraph(s), the
financial statements do not give a true and fair view of (or do not “present fairly”) the financial
position of the Company as of 31 December, 20XX, and of its financialperformance and its cash
flows for the year then ended in accordance withInternational Financial Reporting Standards.’
As you can see, there is a potentially difficult decision process to go through when deciding what
kind of modified audit report may be appropriate.
9.2.1 Qualified Audit Opinion

If the misstatement or lack of sufficient appropriate evidence is material but not pervasive, a
qualified opinion will be issued.
• This means the matter is material to the area of the financial statements affected but does not
affect the remainder of the financial statements.
• 'Except for' this matter, the financial statements give a true and fair view.
• Whilst significant to users' decision making, a material matter can be isolated whilst the
remainder of the financial statements may be relied upon.

9.2.3 Adverse opinion

An adverse opinion is issued when a misstatement is considered material and pervasive. This will
mean the financial statements do not give a true and fair view. Examples include:
Preparation of the financial statements on the wrong basis.
• Nonconsolidation
of a subsidiary.
• Material misstatement of a balance which represents a substantial proportion of the assets or

profits e.g. would change a profit to a loss.
9.2.4 Disclaimer of opinion
A disclaimer of opinion is issued when the auditor has not obtained sufficient appropriate evidence
and the effects of any possible misstatements could be pervasive. The auditor does not express an
opinion on the financial statements in this situation. Examples include:
• Failure by the client to keep adequate accounting records.

• Refusal by the directors to provide written representation.
• Failure by the client to provide evidence over a single balance which represents a
substantial proportion of the assets or profits or over multiple balances in the financial
statements.
9.3 Question approach

1) Ask yourself what the directors have disclosed in the financial statements.
2) Ask yourself, do we as the auditors agree or have we obtained sufficient evidence to give a
clean audit report.
3) Give opinion.
4) State why.

9.4 The impact of auditors’ reports

• The unqualified report is a summary of the auditor’s work and conclusions. It adds
credibility to the contents of the financial statements.
• Clearly, if the audit report has any impact, the management should be reluctant to get
themselves into a position where a qualification is required.
• If the subject matter of the qualification is a disagreement, then a large or public company
faces possible/probable investigation resulting in a company reissuing its accounts with the
ultimate sanction that it can take the company to court if it does not comply with
government’s wishes.
• If the subject matter is a limitation of scope, the company may find itself in financial
difficulties. Trade payables may be reluctant to supply goods on credit terms and the bank
may call in any overdraft. It should be appreciated that overdrafts are technically repayable
on demand.
• The severity of these potential effects helps to ensure that the auditor decides very carefully
whether a qualification is required and ensures that management take the ‘threat’ of
qualification seriously.
9.5 Management imposed limitation of scope

If after accepting the engagement management impose a limitation of scope that will result in a
modified opinion, the auditor will request management remove the limitation.
If management refuse, the matter must be discussed with those charged with governance.
• The auditor should perform alternative audit procedures to obtain sufficient appropriate evidence,
if possible.
• If the auditor is unable to obtain sufficient appropriate evidence and the matter is material but
not pervasive, the auditor must issue a qualified audit opinion.
• If the matter is considered pervasive, the auditor must withdraw from the audit.
• If withdrawal is not possible before issuing the auditor's report, a disclaimer of opinion should
be issued.
• If the auditor decides to withdraw from the audit, the auditor must communicate any material
misstatements identified during the audit to those charged with governance before withdrawing.

9.6 ISA 720 (revised) The Auditor’s Responsibilities Relating to

Other Information
The objectives of the auditor are:
• To consider whether there is a material inconsistency between the other information and
the FS.
• To consider whether there is a material inconsistency between the other information and the
auditor’s knowledge obtained during the course of the audit.
• To respond appropriately when the auditor identifies such inconsistencies.
The auditor must read and consider the other information to identify any materially inconsistencies
with the financial statements or the auditor’s knowledge obtained during the audit. Material
misstatements or inconsistencies in the other information may undermine the credibility of the
financial statements and the auditor’s report.
The auditor must not be knowingly associated with information which is misleading.
Other information refers to financial or nonfinancial information, other than the financial
statements and auditor's report thereon, included in the entity's annual report, that are not
necessarily subject to audit. Examples of other information include:
• Chairman's report
• Operating and financial review
• Social and environmental reports
• Corporate governance statements
Question 1
You are auditing the financial statements of Hope Engineering for the year ending 31 March
2018. During the audit you discover that the contract of the previous Chief Executive, Mr
Jones, was terminated during the year and compensation of $500,000 was paid to him on
2 March 2018. Mr Smith was appointed as his replacement in March 2018.

Mr Smith informs you that the company is going to bring an action against Mr Jones for the
recovery of the compensation paid to him. It has since been discovered that two months prior
to his dismissal, Mr Jones had contractually agreed to join the board of directors of a rival
company. The company’s solicitor has informed Hope Engineering that Mr Jones’ actions
constitute a breach of contract, and that an action could be brought against the former Chief
Executive for the recovery of the moneys paid to him. The solicitor has advised that it is
probable that this action will be successful.
Required:
(a) Describe FIVE audit procedures which should be performed with regard to the
dismissal of Mr Jones and the subsequent legal action. (5 marks)
(b) Explain THREE steps the auditor should take if Mr Smith announces that he is
going to amend the draft financial statements to include a gain of $500,000 with
regard to this legal action. (3 marks)
(c) Describe the impact on the auditor’s report if this gain is included in the financial
statements and the amount is considered material. (4 marks)
ISA 580 Written Representations requires the auditor to obtain written representations
towards the end of the audit.
(d) State FOUR matters that would be included in a written representation letter.
(4 marks)
(e) Explain the implications for the auditor’s report if the client fails to provide a
signed written representation letter. (4 marks)
(Total: 20 marks)
Question 2
Reddy and Co, Chartered Certified Accountants, are the external auditors of Drummoyne, a listed
company. On completing the audit for the year ended 30 September 2018 the following list of
matters was prepared for the partner’s attention.

(a) On 25 November 2018 Drummoyne agreed to a pay rise of 5% for all of its employees
backdated to 1 July 2018. No provision for this has been made in the financial
statements. (5 marks)
(b) The draft Chairman’s Statement, to be included in the Annual Report, states that profit
before tax has increased by 25%. It is true that operating profit has increased by 25%
but, after deducting reorganisation costs and losses on disposals of property, plant and
equipment profit before tax has increased by only 4% compared with the previous year.
(5 marks)
(c) The audit revealed a major control deficiency in the management of investments. The
company recently recruited a financial analyst, as an employee, to manage the
investment of surplus funds. Company policy is to invest in the shares of large quoted
companies. The audit discovered a number of situations where the financial analyst
had made substantial profits for the company by speculating in risky investments such
as derivatives. Such investments could result in massive losses. The matter was
reported verbally to the chief financial officer four months ago but no action has yet
been taken. (4 marks)
(d) One of the company’s oil tankers has just run aground off the coast of California. There
is a risk of a serious oil spill which could cost a significant amount to clear up as is
required by local legislation. This could have a significant effect on the future of the
company. Further information will not be available until after the auditors’ report has
been signed. (6 marks)
Assume that each of these matters is potentially material and is to be considered
independently of each of the others.
Required:
Consider what further actions Reddy and Co should take with respect to each of the
matters listed including the potential impact on the auditor’s report.(Total: 20 marks)

Advanced Auditing Module Guide

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Advanced Auditing Module Guide

Uploaded by

Copyright:

Available Formats

ADVANCED AUDITING (ACC 410) MODULE GUIDE

ADVANCED AUDITING MODULE

MODULE OUTLINE (ACC 410) ADVANCED AUDITING

Objective of the module

• ACC 214 – INTRODUCTION TO PERFORMING THE AUDIT PROCESS

COMPILED BY MAJORY TINOTENDA NYAZEMA Page 1

1. Pre – engagement activities

2. Planning for an audit (isa 300, 315, 330)

3. Obtaining audit evidence (ISA 500)

4. Concluding an audit and audit reports

COMPILED BY MAJORY TINOTENDA NYAZEMA Page 2

• Agreed upon procedures (ISRS 4400)

6. Corporate governance (king iii)

7. Companies act (chapter 24:03)

8. Public accountants and auditors act (chapter 27:12)

3. IAASB Handbook – Volume 1 & 2, 2013/14

5 Dynamic Auditing, Marx B

COMPILED BY MAJORY TINOTENDA NYAZEMA Page 3

1.2 Definition of auditing

Auditing is the independent examination of and expression of an opinion on the financial

COMPILED BY MAJORY TINOTENDA NYAZEMA Page 4

Alternatively, an audit can also be described as:

2) a systematic process of objectively obtaining and evaluating evidence regarding assertions

COMPILED BY MAJORY TINOTENDA NYAZEMA Page 5

1.3 Why the need for audit services

• reduce the risk to the user of those services.

1.4 Nature of audit work

COMPILED BY MAJORY TINOTENDA NYAZEMA Page 6

1.5 Framework for auditing and related services

1.5.1 Review Engagement

• The practitioner is not carrying out an audit

• directors of the predator company in a takeover/merger situation.

COMPILED BY MAJORY TINOTENDA NYAZEMA Page 7

1.5.2 Attestation engagements

It involves reporting on an expanded set of financial information beyond financial statements or

a. Historical or prospective performance or condition (for example, historical or prospective

COMPILED BY MAJORY TINOTENDA NYAZEMA Page 8

b. Physical characteristics (for example, narrative descriptions, square footage of facilities)

d. Analyses (for example, break-even analyses)

e. Systems and processes (for example, internal control)

Examples of attestation engagements

1. Agreed Upon procedures Engagements: e.g. verifying inventory quantities and

2. Financial forecasts and projections: such as analysis of prospective or hypothetical

3. Reporting on pro-forma Financial information: such as retroactively analysing the

4. An examination of an entity’s internal control over financial reporting that is

5. Compliance attestation: such as ascertaining a clients’ compliance with debt covenants

6. Examination of management’s discussion and analysis: prepared in pursuant to the

7. Reporting on controls at a service organisation: such as organisations that provide

COMPILED BY MAJORY TINOTENDA NYAZEMA Page 9

1.5.3 Assurance services

They are normally commissioned voluntarily.

The important elements involved in assurance engagement are:

COMPILED BY MAJORY TINOTENDA NYAZEMA Page 10

An assurance service is a professional service, meaning it draws on the CPA's experience,

This area of service—assurance services—is an extension of the audit/attest tradition. It is

COMPILED BY MAJORY TINOTENDA NYAZEMA Page 11

Services includes lending credibility to information whether financial or non-financial.

Information in an assurance service can be;

• discrete data or information about systems,

• internal or external to the decision maker.

Examples of assurance engagements;

1. Vote counts e.g. PWc used to count oscars