AUDITING AND ASSURANCE July 2008 Pilot paper

QUESTION ONE

Audit planning process allows the audit senior to acquire adequate knowledge about the entity. This process ensure an effective control of audit work.

Required:

Explain the auditor‘s planning process when planning for an audit of a new client.

(8 marks)

How does audit planning assist in the conduct of an audit? (5 marks)
Explain the following controlling procedures in a well planned audit:
Direction and supervision of work. (2 marks) ii. Review and co-ordinating of work. (2 marks) iii. Quality controls. (3 marks)

(Total: 20 marks)

QUESTION ONE

Consider the background to the clients business and ascertain any problem for that sector of the industry, which may affect his audit work.
Consider an outline plan of his audit including the extent to which he may wish to rely upon internal controls and the extent to which work can be allocated to interim or

final audit stages.

Assess the effect of legislation or accounting practice on the financial statements of the client.
Review any management or interim accounts which the client may have preferred as these may indicate areas of concern in his audit.
Meet the senior management of the client to identify problem areas e.g. material variances between budgeted and actual results
Consider the timing of significant phases in the preparation of the financial statements

e.g. dates of stock taking, balancing of personal ledgers, preparation of trial balance and draft accounts

Consider the extent to which the clients employees may be able to analyse and summarize the financial data and the relevance to his audit work carried out by the

clients internal auditors.

Consider the need for expert advise
Determine the number and grade of audit staff to be allocated to each stage of the
Consult members of the audit team to discuss any foreseeable problems. Often the partners will consult the manager who then becomes responsible for communication

with other personnel used on that particular job.

A budget should be prepared allocating the time of each member or grade of the audit team. This budget should be used to control the time spent on that audit and any

major variation investigated by the manager.

The client should be informed of the expected date of attendance by the auditor‘s staff and his agreement obtained.

ISA 300 ‗planning‘ states that the main objective of planning is to enable the audit to be performed in an effective manner.

The purposes of planning are:-

To ensure that appropriate attention is paid to the different areas of the audit. This involves, ensuring that adequate time, for example, is devoted to the audit of stocks, which are usually higher risk, and that petty cash which is usually lower risk, is not over audited.

To ensure that potential problem areas are identified such as weaknesses in the _control over creditors, which might lead to a material understatement.
To facilitate review
To assist in the proper allocation of work to the audit team
Facilitates co-ordination of work done by other auditors and experts.
REVISION

c) (i) & (ii)

Audit control involves three key elements: –

Direction of audit staff
Supervision (iii) Review of work done by staff.

Direction should be given to staff to whom work is delegated. Direction will involve informing staff on their responsibilities in a given audit and the objectives of audit procedures to be performed by them.

It also involves informing the staff of matters such as the nature of the entity‘s business on possible accounting and auditing problems that may affect the nature timing and extent of fraud involved.

Written audit programmes are used as important tools to communicate audit direction. Direction is effected using time budgets audit plans.

Supervision is related to both direction and review and is conducted as follows: –

An auditor should monitor the progress of his audit work to determine whether: –

Staff have the necessary skills and competence to carry out the assigned task.
Audit staff understands properly the audit instructions.
Ensure that audit work is carried out in accordance with program and other planning documentation.

The partner should be informed of key significant questions raised during an audit to assess their significance and modify his audit programme where appropriate.

The partner should resolve any difference of professional judgment of audit personnel. Supervision required of an assignment will depend on the complexity of the assignment as well as the proficiency of audit staff. However, the reporting partner has to ensure that audit work has been performed to acceptable standards and that working paper provide adequate evidence of work that has been carried out.

AUDIT REVIEW

Audit work performed by each audit staff should be reviewed by personnel of high level competence to determine whether:

Such work has been performed in accordance with professional standards and guidelines
Audit work performed and results obtained have been documented
Any significant audit matters have not remained unresolved.
Audit objectives have been achieved and conclusions expressed are consistent with the results of audit work done and support his opinion of financial statements.

Another important technique in audit control is consultation in areas where matters of principle which are controversial, arise in which case the reporting partner should consult with other accountants, partner or independence specialists to resolve the issues.

Control is important in the final stages of an audit. In this case a checklist with sections to be filled by the reporting partner to achieve good audit control is used.

Quality Controls

This refers to the various policies and procedures put in place by the audit firm to ensure that the work carried out and opinion formed meets the audit standards as required by the ISA and the firms own quality standards.

Quality controls promote observation of personal standards relevant to audit work or described in Ethical statements published by professional bodies e.g. ICPAK. The auditor should ensure that he establish the best channel to communicate quality control to all levels of staff. Quality control policies are therefore the objectives and goals to ensure that quality audit work has been performed.

The following procedures provide assurance of achieving the objectives of quality control: –

Personnel policies:- Personnel in an audit firm should adhere to principles of objectivity and confidentiality.
Skill and competence:- The firm should be staffed by personnel who have attained and maintained the skill and competence to enable them do their work.

Audit assignment:- Audit work should be assigned to personnel who have the desired degree of technical training and proficiency required for the audit circumstances iv) Direction and supervision:- This should be sufficient of audit work at all levels to provide the firm with reasonable assurance that work done by the firm meets the

standards of quality established by the firm.

Acceptance and continuation of clients: The auditor should carry out an evaluation of audit clients prior to acceptance of audit assignments and should periodically review his association with existing clients so as to ensure that independence and ability to service such a client and achieve the proficiency of an audit is possible. In this case, the integrity of the clients management must be continuously assessed to avoid problems of auditing

clients who lack integrity who are considered to be high risk clients.

Review of working papers:- Each working paper should be signed and dated by the person who prepared. The final review of working papers should be done by the reporting partner which will enable the auditor to:

Ensure that figures in the draft account make sense in the light of evidence
Assess any impact of any unadjusted errors in the drafts and whether it maybe

necessary to request further adjustments.

To ensure that all appropriate disclosures and other requirements have been

complied with in the statements.

Ensure that there is relevant reliable and sufficient audit evidence to support the auditors opinion.QUESTION TWOExplain how you would verify the following:
- Investment income. (5 marks)
- Bank balances. (5 marks)
- Contingent liabilities. (5 marks)
- Petty cash balances. (5 marks)
(Total: 20 marks)

QUESTION TWO

Bank balances

The auditor should obtain the bank reconciliation statement as at the end of the period and perform the following procedures:

Verify that the reconciliation is accurately prepared;

Ensure that the correct balances as per the bank statement and the cash book have been picked in the reconciliation;

Verify that the reconciling items have subsequently cleared; § Ensure that there are no unexplained variances;

Verify that all un-presented cheques had been dispatched to the payees and that all un credited deposits have cleared.

This will assist the auditor in testing for window dressing. Window dressing in this context refers to attempts to overstate the liquidity of the company by keeping the cash book open such that money received after year end is credited to the cash book increasing the cash balance and reducing debtors. It could also take place by debiting cheques paid in the period under review but are not dispatched until after year- end.

This procedure of inspecting the bank reconciliation statement assists in verifying the completeness and accuracy of the bank balance. ii) The auditor should obtain a direct confirmation from the bank of the amount holding on behalf of the client. The auditor should obtain the clients consent to communicate directly with the bank. Where consent is granted a standard letter of

request should be sent to the bank.

The reply to this request is a good source of corroborative audit evidence to confirm the existence of the bank balance and other information such as the interest earned, any loans granted to the company or any restrictions placed on the operation of the account.

A contingency may be defined as a condition which exists at the balance sheet date where the ultimate outcome (gain or loss) will only be confirmed by the occurrence or non-occurrence of one or more uncertain future events.

Probable losses should be accrued, possible losses should be disclosed and probable gains should be disclosed.

In relation to pending legal matters, I would:-

Review the clients system of recording claims including the procedure for bringing them to the attention of management.
Discuss with the legal department or company secretary the procedures for instructing solicitors.
Examine board or management minutes for indications of possible claims
Examine correspondence with solicitors, including bills rendered
Obtain a list of matters referred to solicitors with the company‘s estimates of possible liabilities.
Obtain a letter of representation from the relevant directors that he is not aware of any other matters referred to solicitors

Letter of representation: –

The knowledge of contingent liabilities may be confined to management and is therefore a suitable matter for inclusion in such a letter.

In relation to guarantees: –

Examine the memorandum and articles of association of the company to ascertain whether the company‘s directors have: –

Powers to give this guarantee to other parties.
The maximum amount they can guarantee
The parties they are allowed to guarantee.

Read through minutes of directors and ascertain whether a resolution was

passed providing for this guarantee

Examine correspondence between the lender and client to ascertain:-

Amount of loan guaranteed

Interest on this loan
Date when due
Any special terms

Write to the party guaranteed and request his confirmation regarding the discharge of this liability. In case this is doubtful request client to provide for this liability

Petty cash

Examine the strength of the Internal Control System regarding petty cash payment. 2) Ensure that petty cash is maintained on an imprest system.

For all petty cash payments, a petty cash voucher should be raised and signed by the person using this amount and the authorization by a responsible officer and for this reason the auditor should take a sample of this vouchers and ensure that they are

genuine.

The auditor should count petty cash at hand using surprise visits and should add back the amount spent to ensure that both items agree with the float.
For any deficit, the auditor should obtain a certificate of shortage from the petty cashier.
The auditor should not accept IOU‘s except if these were authorized by a responsible officer

Note: The key audit procedure is to carry out a cash count and to ensure the physical balance is reconciled to the ledger (testing for completeness, accuracy and existence).

Investment Income

This is received mainly from two sources i.e. fixed interest deposits and shares in listed companies.

For fixed interest deposits, verify the overall income in the accounts by analytical review. In overall terms as the income is fixed, the expected income can be

calculated. It is necessary to consider withholding tax deducted on the income.

For fixed interest deposits, test individual receipts to the cashbooks to ensure that the expected interest was received and check the calculations.
For shares in listed companies select a sample of investments and obtain from the company details of dividend payments made during the year or the dividend
Trace receipt of these dividends to the cashbook via dividend warrants.
For shares in listed companies reconcile total income in accounts to total income in
For shares disposed or purchased in the year check to clients broker note that all dividends to which the client was entitled have been received in the year.

QUESTION THREE

Do you believe that the auditors should be responsible to users other than the

shareholders? Give reasons to support your answer. (5 marks)

Does the auditor require a codified definition of ―reasonable care and skill‖ or should this be left to professional judgment? Explain. (5 marks)
Why should the auditor be unwilling to take full responsibility for the detection of fraud during the annual audit? Explain.(5 marks)
Discuss the proposition that the ‗expectations gap‘ has arisen because of the

public‘s ignorance and should therefore be resolved by the public themselves. (5 marks)

(Total: 20 marks)

QUESTION THREE

As a result of developments in case law Donahue V Stephenson in 1932 to Hedley Byrne & Co. Ltd V Heller & Partners Ltd in 1963, auditors may be held to owe a duty of care to third parties under certain circumstances. A third party who suffers a loss through reliance on misleading audited accounts may bring an action for damages against the auditor in tort.

Such a requirement would make auditors more vigilant in their work because

of potential liabilities.

Creates an avenue to compensate other users for lose occasioned by auditors iv) Protection of public interests at large from fraudulent auditors.

Woolf J; in his judgment in the case of Jeb Fasteners Ltd V Mark Bloom & Co. identified the conditions to be met in actions under tort as follows :-

Foreseeability, by the dependent, of the plaintiff‘s.
Reliance by the plaintiff on the accounts
Negligence by the defendant in preparing, (auditing) the accounts.
Causation of loss suffered by the plaintiff in consequence of the negligence.
Quantum of the loss suffered by the plaintiff arising out of the defendants negligence.

This is because every audit is different and what may be seen to be reasonable care and skill in one audit may not be for a different audit.

Thus to codify is to issue uniform exceptions of reasonable care and skill. This would be wrong, as the circumstances of every audit are different.

Thus, whatever is reasonable skill and care should be determined by an individual auditor by exercising his judgment depending on the circumstances of his audit.

The auditor should be unwilling to take full responsibility for the detection of fraud during the annual audit as fraud is committed with the intention to conceal it. Thus, there is a great chance that even a well planned and properly carried out audit will be unable to detect fraud. This is especially if the fraud has been perpetrated by the management of the entity. In addition, an auditor carries out his work during a very short duration of the financial period. It would be unreasonable to expect him to review everything that took place during the year, a role that could be better played by management.

The expectations gap should be reduced by the auditing profession since it is the profession, which suffers as a result of the gap. This is because, the users of the auditors report do not understand it and hence claims for negligence may be raised against the auditor.

A more detailed look at expectations gap follows:-

The Expectation Gap

There has been considerable discussion in recent years on the role of the auditor, and the ‗Expectation Gap‘.

In general terms this can be described as the gap that exists between what the public, especially users of financial statements, believe auditors do (or ought to do) and what the auditors actually do. Such a gap usually surfaces on the unexpected failure of a company.

Various elements of this gap have been identified

A Standard gap

Where the public perceive auditing standards as different from what they actually are.

A performance gap

Where auditors perform below existing standards.

A liability Where the public does not know to whom an audit is legally responsible.

Potential ways of closing the gap

Understanding financial statements and the audit report

False or unrealistic expectations in users of financial statements are frequent. They may not appreciate the conventions on which accounts are prepared, the inevitable degree of estimation and judgment involved or the test nature of audit work.

Communication with these users to improve their understanding could be improved. The most significant work on this area has been ISA700 Auditors‘ Reports on Financial Statements, which requires the auditor‘s report to define the responsibilities of the auditor and the directors in relation to the financial statements.

Fraud

When questioned, a high proportion of the public believes that the auditor has a responsibility to detect fraud of all kinds, or that he should actively search for fraud. However, deep-seated fraud with wide collusion maybe virtually impossible to identify, given the limitations of audit techniques. The auditor may not reasonably be expected to have discovered a particular fraud in particular circumstances.

Once again, the profession should attempt to explain these limitations to the users of accounts, so that they are aware of the auditor‘s responsibility is to have only a ‗reasonable expectation‘ of detecting material fraud.

Alternatively the auditor could be required to limit the opportunity for fraud in the first place. Requirement could be set for companies and their auditors to review the effectiveness of controls to prevent material fraud, and to report material deficiencies.

Control of the auditing profession

At a national level, legislation to control auditors varies. At an international level

IFA produces ISA‘S and ethical guidance which influences good practice.However these pronouncements are not legally enforceable.

Audit failures are sometimes due to poor performance. Education (keeping up to date) should remedy this. Legal action and disciplinary proceedings serve as a warning.

QUESTION FOUR

Explain the following terms:

Materiality; (4 marks)
The duty of confidentiality; (5 marks)

(c)	Professional indemnity insurance;	(3 marks)
(d)	Peer review;	(3 marks)
(e)	Quality Control.	(5 marks)
		(Total: 20 marks)
		(December 1997 Q.6)

QUESTION FOUR (DECEMBER 1997 QUESTION 6)

Materiality is defined in ISA 320 to be the expression of the relative significance or importance of a particular matter in the context of the financial statements as a

whole. A matter is material if its omission or misstatement would reasonably influence the decisions of an addressee of the auditors report. Materiality is not capable of general mathematical definition as it has both quantitative and qualitative aspects.

The auditors‘ responsibility is to plan and perform their audit to obtain reasonable assurance that the financial statements are free of material misstatement and give a true and fair view. Thus anything that would distort the view given by accounts must lead to a qualification, but only if it is material.

The duty of confidentiality requires that information acquired in the course of professional work should not be disclosed except where consent has been obtained from the client, employer or other proper source, or where there is a legal or professional right or duty to disclose.

A member acquiring information in the course of professional work should neither use nor appear to use that information for his personal advantage or for the advantage of a third party.

Where a member is in any doubt, the matter if appropriate should initially be discussed fully within his firm or organization. If not appropriate, or if it fails to

resolve the problem, he should consider taking legal advice and/or consult ICPA (K)

Confidentiality in practice

An accountant should only act for a client on the understanding that the client will make full disclosure to him. In the absence of such an understanding the accountant should decline the appointment.

If during the course of an engagement, the client fails to furnish all the information considered necessary, the accountant should disclose this in his report. The accountant should also consider whether he can continue to act.

Sometimes in the course of his work an accountant may obtain information from a client that has a bearing on information supplied to him by another client.

In such circumstances, it would be breach of confidence to reveal the information to the second client without the permission of the first client.

The accountant should instead endeavour to substantiate the information with evidence obtained directly from the books and records of the second client. This may necessitate direct confirmation. Ultimately he may have to qualify his report or resign.

A part of gross income of the auditing firms is paid to insurance firms as part of professional indemnity insurance (PII) such that when negligence claims are brought against the audit firm, then the insurance will settle these claims.

Some professional bodies require their members in public practice to hold PII covering all civil liability incurred in connection with the conduct of the firm‘s business by partners, directors or employees. This means that if a client or other party successfully sues the firm for negligence, then the firm will not meet the claim but the insurer will. So if the firm is unable to pay a very large claim, the insurance will have the required resources.

Peer review: A system where one firm of auditors reviews the working practices of

The work of the review is limited to: –

Professional aspects of the practice.
Overall quality control policies
Professional aspects of firm‘s accounting and auditing practices like maintenance of working papers work products such as financial statements.

( Quality controls

ISA 220, ―Quality control for audit work requires that all firms implement quality control policies and procedures at the levels of the audit firm, and on individual audits. Those policies and procedures should be communicated to staff, via formal policy statements, audit manuals and informal briefings, and monitored to ensure that they are implemented.

Quality controls ensure the audit is carried out: –

– In accordance with international accounting standards.

In conformity with statutory and contractual requirements
In accordance with ethnical standards.

QUESTION FIVE

You are an audit senior in a firm of practicing accountants and your manager has gone out for an urgent meeting with a partner. Mr. Charo, a manager with Charo and Company, a wholesale business has come to your office with a request that your firm becomes their auditors.

Required:

Describe to Mr. Charo the legal, ethical and practical factors your firm would consider before accepting the appointment.(10 marks)
Explain to Mr. Charo the qualification and disqualification of an accounting firm under

the provisions of the Companies Act to become auditors. (10 marks)

(Total: 20 marks)

QUESTION FIVE

The question requires you to describe to Mr. Charo the legal, ethical and practical factors your firm would consider before accepting the appointment. This implies that you must touch on the company‘s Act provisions and the guidelines issued by ICPAK.

Before your firm accepts appointment the following factors should be considered:

Statutory matters

Ensure that your firm is professionally, legally and ethically qualified to act as an auditor. The auditor must ensure that he has not contravened any provisions of the companies Act in regard to independence. He must ensure that he is not a servant or in partnership with a servant of the company. In case the company has a holding company or subsidiaries it is also important to ensure that your firm has not previously been disqualified from being eligible for appointment as auditors of such subsidiaries or the holding company.

Ethical matters

Your firm must also ensure that it has fulfilled all the professional ethical requirements in regard to independence. I.e. the firm must not have any personal, family or business relationships with the prospective client among other provisions;

Your firm should establish it has the technical proficiency to undertake the audit. This will include determining whether the firm posses the necessary technica l skills to carry out the assignment;

Establish whether the firm‘s resources are adequate to service the needs of the new client i.e. staff time with the necessary technical competence and experience;

Your firm should seek references about the status of the company and its management. Such references will assist the auditor in assessing the potential risk in associating with this new client. Information sought would include the reputation of the company and its directors. It is a professional requirement that very firm must evaluate all

prospective clients before accepting appointment. Seeking references about the client provides useful information in carrying out this evaluation;

I would try to determine the reason for the change in auditor. The question says that the directors believe they do not receive a cost effective service from the existing auditor. However, there may be problems with the level of audit fee or the existing auditor may want to qualify his report which the directors are trying to prevent;

I would obtain a copy of the previous years audited accounts. If the audit report is qualified, it indicates that the audit has a higher than normal risk. From these accounts I would assess whether the company is having going concern problems by calculating appropriate ratios such as the gear ing ratio and if there could be weaknesses in the system of internal control;

I would check that no conflict of interest arises through my acceptance of appointment as auditor of the company;

I would consider the level of fee I would charge. It should be sufficient to provide an acceptable return, as an inadequate fee could result in insufficient audit work being carried out and thus increase the audit risk;

Communicate to the outgoing auditor-Your firm should request the client‘s permission to communicate with the existing/outgoing auditor. If such permission is denied your firm should decline the appointment. If your firm receives permission from the client, you should write to the existing auditor requesting all the information which ought to be made available to you to enable you decide whether or not you are prepared to accept appointment. Communication with the existing auditor is not just a matter of professional courtesy. Its main purpose is to enable the prospective auditor ensure that there are no reasons which preclude him from accepting the appointment. It would be important at this stage to confirm with the outgoing auditor whether the true reason for being requested to resign is because their firm is perceived by management as not providing a value for money audit or could there be other reasons behind this.

Before replying to the prospective auditor the outgoing auditor should obtain the client‘s permission to discuss his affairs fully with the prospective auditor. If the outgoing auditor is duly authorized by the client to discuss the client‘s affairs with the prospective auditor, then he may communicate any relevant information he believes to be true, including the reasons for the proposed change and any other matter he considers that the prospective auditor should be made aware.

The prospective auditor must treat any information given by the outgoing auditor in the strictest confidence and should weigh this carefully in reaching a decision whether or not to accept the appointment.

If the client refuses the existing auditor authority to discuss his affairs with the prospective auditor, the outgoing auditor should inform the prospective auditor who should then decline the appointment.

If the outgoing auditor considers that there are professional reasons to prevent the prospective auditor accepting nomination he must disclose these to the prospective auditor. The prospective auditor should endeavor to ascertain the reasons for the change in auditors. If after doing this, he is of the opinion that the existing auditor is being treated unfairly, he may decline the appointment.

Therefore communicating with the outgoing auditor is important:

To get necessary information that could guide him on whether to accept or reject nomination;
n To enquire on the reasons for the change in auditors;
- Professional courtesy.

Having considered these factors your firm should then make a decision on whether to accept the appointment.

After your firm accepts nomination it should carry out the following procedures

Ensure that the removal or resignation of existing auditor is properly carried out in

at the AGM removing the current auditors.accordance with the Companies Act Chapter 486. I.e. a simple resolution was passed

That your appointment is valid and obtain a copy of new resolution passed in AGM to appoint you as the new auditor.

Set up a letter of engagement to the directors of company.

Disqualification for Appointment

Section 161 (1)

A person or a firm shall not be qualified for appointment as an auditor of a company or in the case of a firm, every partner of the firm is a holder of a practicing certificate pursuant to Section 21 of the accountants act 1977 and such a certificate issued under the following conditions

A person with CPA III
A person with at least 3 year post graduate experience
A person registered with RAB
A person registered with KASNEB
A person who is a member of ICPAK

Section 161 (2)

None of the following persons shall be qualified as a n auditor of a company:-

A servant of a company
A person who is a partner or is in employment of an officer or servant of a

company

A body corporate

Section 161 (3)

A person cannot be qualified for appointment if he has by virtue of subsection (2) above been disqualified as an auditor of a body corporate which is that company‘s subsidiary or holding company or subsidiary of the company‘s holding company or would be disqualified if the body corporate were a company.

Section 161 (4)

If any person not qualified as an auditor of a company acts as one, then such a person or an officer of the company in default shall be liable to a default fine not exceeding 4,000/=

Revision Questions and Answers

Qualification of an auditor under the Accountant Act Cap 531 Section 21

A person shall be qualified to be an auditor of a company if such a person or in the case of a firm all partners are members of one of the professional bodies specified in the first column of the Accountants Act e.g. ICPA (K), ACCA, ICAEW. This is necessary because:-

These bodies are watchdogs over professional ethics of their professionals

They ensure that their members keep up with professional competence in the latest developments in the accounting profession through continuous professional education:-

If the person is a holder of the final certificate of a recognized professional board.

- If the person is registered with RAB
- If the person has at least a two year of post graduate experience in an audit environment § _{_{If the person is registered with KASNEB}}

QUESTION SIX

The cashier of a firm who also acts a bookkeeper has been suspected of dishonesty. The books have not been audited for the last nine months.

You have been asked to investigate the records to establish whether the cashier has committed a fraud.

Required:

Outline how you would proceed with the investigation. (Total: 20 marks)

QUESTION SIX

An investigation may be defined as an inquiry into the financial affairs of a business, including the examination of its audited accounts for recent years and its current and estimated future position as will enable the investigating accountant to ascertain and Marshal in his report the information relevant to the investigation.

The nature and scope of a fraud investigation are dependent on the instructions given. The main problems usually are:

The past time period that needs to be investigated. This could be a few or many years.
The scope of the investigation. We have to determine whether we are investigating an individual, a whole company, a whole department or a group of companies.
The question of individuals. This can be a very painful exercise and the following general rules can be helpful:

The questioner should have a colleague present;
The person being interviewed should be allowed to have a friend present; iii. Accusations should not be made but evidence should be presented and explanations requested;
The questioning should be in private;
If necessary, judge‘s rule should be observed. This means that a person being questioned understands the nature of the question and should not unwittingly incriminate himself;

There are two categories of fraud

Fraud involving the manipulation of the records and the accounts usually by the company‘s senior officer with a view to benefiting in some way from the false

picture which they convey.

Frauds usually by employees involving the theft, misappropriation or embezzlement of the company‘s funds usually in the form of cash or other assets.

Below is a summary of procedures the investigating accountant will be required to follow in arriving at estimates of losses from case (b), assuming that it is already known that a defaulting employee has been at work..

He has to ascertain the level of authority and the nature of duties of the defaulting employee;
Cast and vouch the cashbook and obtain certificates of opening and closing balances

from the bank.

Check the cash book against bank statements paying particular attention to the dates of

lodgement to ascertain whether receipts were banked promptly; iv. Examine pay-in-slips at the bank and compare with counterfoils as these may reveal teeming and lading.

Carry out a positive circularisation of debtors; vi. Review the cash book for any apparently irregular payments;

Examine return cheques comparing names or payees with the details in the cash book

and invoices;

Obtain duplicates of missing expenditure vouchers;

Vouch all amounts shown as partners or directors‘ drawings or loans; Vouch and cast the petty cash book;
Confirm names of all employees shown on payroll with the chief accountant and the

personnel manager and confirm amounts payable to them;

If the defrauder has access to all books then postings should be checked and a tail

balance extracted;

Confirm all bad debts written off, discounts allowed and returned goods;
Check the order book against the sales daybook, or copy sales invoices in order to

detect any unrecorded sales;

Vouch purchase invoices with purchases daybook, and see that none of them has been processed twice;

Obtain duplicates of all missing purchase vouchers;
Compare the creditors statements against purchase ledger balances; Check goods inwards book or order against invoices to ensure that the latter relate genuine purchases.

The cashier who keeps books of accounts might have misappropriated cash in any of the following ways:

Omitting to enter the receipt of cash
Entering less amount in the cash book than what has been received
Showing fictitious payments
Entering more amount in the cashbook than what has actually been paid

The investigator should follow the line of actions detailed below:-

Permission should be obtained from his client to issue a circular to the debtors and creditors asking them to confirm the balance owing by them or to them respectively.
He should pay attention to cash sales and see whether there is a loop hole. If so, he must probe into the matter.

The investigator should pay special attention to the following points:-

Remuneration of the directors, managing agents etc
Whether the funds of the company are properly and profitably employed.
Loans advanced to the directors of the company interest charges thereon, and the security offered by such a director.
The current account of the managing agents with the company

The contracts entered into by the managing agents with other companies in which such managing agents or directors are interested. 6. The assets and liabilities should be verified and valued.

QUESTION SEVEN

It has often been said that the auditors‘ report is the formal result of all his efforts. This being the case, it is very important that the reader well understands the meaning of the Audit Report, particularly where the auditor wishes to qualify his opinion on the financial statements.

Required:

Under statutory provision, what are the main contents of the auditors‘ report?(6 marks)
Explain how the international standards on auditing attempt to ensure that the report of the auditors is clearly understood.(8 marks)
Describe clearly the circumstances in which an adverse opinion and a disclaimer of opinion would be appropriate and give two examples, one each, to illustrate your

answer. (A full audit opinion is not required). (6 marks)

(Total: 20 marks)

QUESTION SEVEN

Basic elements of the unqualified audit report.

Describe clearly the circumstances in which an adverse opinion and a disclaimer of opinion would be appropriate and give two examples, one each, to illustrate your answer. (A full audit opinion is not required).

Title

Audit reports should be addressed to the members of the company on whose behalf the audit is undertaken.

Introductory paragraph

It identifies the financial statements audited to distinguish such information from other documents that have not been subject to audit e.g. chairman‘s report.

This paragraph also refers to the accounting convention under which the financial statements have been prepared.

Statement of responsibility of directors and auditors. This states that it is the responsibility of the directors to prepare financial statements that show a true and fair view.

Basis of opinion (scope paragraph)

Audit carried out in accordance with IAS, ISA and Company‘s Act requirement and other statutory requirements.

A statement that the audit was planned and performed to obtain reasonable assurance that financial statements are free from material misstatements.

It should describe an audit as including:

Examining on a test basis evidence to support the financial statement amounts and
Assessing the accounting policies used in preparing the financial statements
Assessing the significant estimates made by directors in preparation of financial
Evaluating the overall financial statement presentation.

It should clearly state the auditor‘s opinion as to whether the financial statements give a true and fair view in accordance with financial reporting framework and their compliance with statutory requirements. In particular whether the balance sheet and the profit and loss account show a true and fair view of the state of the financial position of the company and its financial performance.

It should date the report as of audit completion date i.e. when the auditor receives all evidence required to support his opinion.

It should be signed in the audit firm‘s name and should name the audit firm office.

The ISA attempt to ensure that the report of the auditors is clearly understood by giving guidelines to auditors as to how the report should be constructed and what details it

should contain. This supplements the requirements of the companies Act and ensures that the audit report is well understood by the users of the audited financial statements.

For example it requires auditors to: –

Identify the financial statements to which the report covers.
Describe the scope of an audit as having been conducted in accordance with ISA‘s

or relevant national standards.

A statement describing the audit as including:-

examining on a test basis evidence to support the financial statement
disclosures amounts and
assessing the accounting principles used in the preparation of the financial statements
assessing the significant estimates made by management in the preparation of the financial statements
evaluatingfor the opinion. the overall financial statement and also that the audit provides a reasonable basis

iv) A paragraph educating the users of the report on the responsibilities of the auditor and the directors responsibility regarding the financial statements.

c) A disclaimer of opinion is issued when there is a limitation in the scope of the audit or an inherent uncertainty that is so material and pervasive that the auditor has not been able to obtain sufficient appropriate audit evidence and accordingly is unable to express an opinion.

A limitation in the scope of the auditors work may be caused by: –

The entity e.g. when his engagement terms specify that he will not carry out what he believes to be necessary.

Circumstances e.g. where the appointment of t he auditor is after stock taking and therefore the auditor is unable to observe the exercise.

_{Inability to carry out audit procedures believed to be desirable.} §

A disclaimer of opinion could be issued when the accounting records of a client are destroyed by fire or become corrupted (when held on soft copy) making it difficult to obtain the required information or where management refuses to give the auditor information on an issue that is fundamental to the financial statements.

Adverse opinion

This is expressed when the effect of a disagreement is so material and that a qualification of reports is not adequate to disclose the misstatement or incompleteness of financial statements.

Auditors may disagree with management regarding: –

n The acceptability of accounting policies selected

n Methods of application of accounting policies n Adequacy of financial statement disclosures.

An example when an adverse opinion is required is when the management refuses to make a provision for a contingent liability whose crystallisation appears imminent or write off a bad debt

QUESTION EIGHT

Printa Limited is a large printing company, which has an on-line computer accounting system. The system is based around a central main frame computer, with terminals serving individual departments. As part of the interim audit work, you have been asked to carry out a preliminary evaluation of ;

The integrity of the data base as far as it is relevant to your audit and The effectiveness of the computer controls over sales and debtors.

Required:

Describe the controls, which you would expect to be in operation in order to maintain

integrity of the database. (10 marks)

Set out the points, which you would raise, in your preliminary evaluation of controls over sales and debtors. (10 marks)

(Total: 20 marks)

QUESTION EIGHT

CIS ENVIRONMENTS – DATABASE SYSTEMS

This question required the students to have a thorough understanding of the database. Since this is an area that has not been covered in sufficient depth by students at this level, ISA 1003, CIS environment – data based systems is reproduced in its entirety below

In relation to this question, paragraphs 16,17,18,19,20 & 21 suffice.

The purpose of this statement is to help the auditor implement ISA 400 ―Risk Assessments ad Internal Control,‖ and Internal Auditing Practice

Statement 1008 ―Risk Assessments and Internal Control – CIS

Characteristics and Considerations,‖by describing database systems. The Statement describes the effects of a database system on the accounting system and related internal controls and on audit procedures.

Database Systems

Database systems are comprised principally of two essential components – the database and the database management system (DBMS). Database systems interact with other hardware ad software aspects of the overall computer system.

A database is a collection of data that is shared and used by a number of different users for different purposes. Each user may not necessarily be aware of all the data stored in the database or of the ways that the data may be used for multiple purposes. Generally, individual users are aware only of the data that they use and may view the data as computer files utilized by their applications.

The software that is used to create, maintain and operate the database is referred to as DBM software. Together with the operating system, the DBMS facilitates the physical storage of data, maintains the interrelationships among the data, and makes the data available to application programs. Usually, the DBMS software is supplied by a commercial vendor.

Database systems may reside on any type of computer system, including a microcomputer system. In some microcomputer environments, database systems are used by a single user. Such systems are not considered to be databases fro the purposes of this Statement. The contents of this Statement, however, are applicable to all multiple user environments.

Database System Characteristics

Database systems are distinguished by two important characteristics: data sharing and data independence. These characteristics require the use of a data dictionary (paragraph 10) and the establishment of a database administration function (paragraphs 11-14).

Data Sharing

Database is composed of data which are se up with defined relationships and are organized in a manner that permits many users to use the data in the database for different purposes. For example, an inventory item unit cost maintained by the database may be used by one application program to produce a cost of sales report and by another application program to prepare an inventory valuation.

Data Independence From Application Programs

Because of the need for data sharing, there is a need for data independence from application programs. This is achieved by the DBMS recording the data once for use by various application programs. In non-database systems, separate data files are maintained for each application and similar data used by several applications may be repeated on several different files. In a database system, however, a single file of data (or database) is used by many applications, with data redundancy kept to a minimum.

DBMS‘s differ in the degree of data independence they provide. The degree of dataindependence is related to the ease with which personnel can accomplish changes to application programs or to the database. T rue data independence is achieved when the structure of data in the database can be changed without affecting the application programs, and vice versa.

Data Dictionary

Significant implication of data sharing and data independence is the potential for the recording of data only once for use in several applications. Because various application programs need to access this data, a software facility is required to keep track of the location of the data in the database. This software within the DBMS is known as a data dictionary. It also serves as a tool to maintain standardized documentation and definitions of the database environment and application systems.

Database Administration

the use of the same data by various application programs emphasizes the importance of centralised coordination of the use and definition of data and the maintenance of its integrity, security accuracy and completeness. Coordination is usually performed by a group of individuals whose responsibility is typically referred to as ―database administration.‖ The individual who heads this function may be referred to as the―database administrator‖. The database administrator is responsible generally for the definition, structure, security, operational control and efficiency of databases, including the definition of the rules by which data are accessed and stored.

Database administration tasks may also be performed by individuals who are not part of a centralized database administration group. Where the tasks of database administration are not centralized, but are distributed among existing organizational units, the different tasks still need to be coordinated.

Database administration tasks typically include:

Defining the database structure – determining how data are defined stored and accessed by users of the database in order to ensure that all their requirements are met on a timely basis.
Maintaining data integrity, security and completeness-developing, implementing and enforcing the rules for data integrity, completeness and access. Responsibilities include:

Defining who may access data and how the access is accomplished (i.e., through passwords and authorization tables);
Preventing the inclusion of incomplete or invalid data;
Detecting the absence of data;
Securing the databases fro unauthorized access and destruction; and

Arranging total recovery n the event of a loss.

Coordinating computer operations related to the database-assigning responsibility for physical computer resources and monitoring their use relative to the operation of the database.
Monitoring system performance-developing performance measurements to monitor the integrity of the data and the ability of the database to respond to the needs of users.
Providing administrative support-coordinating and liasing with the vendor of the DBMS, assessing new releases issued by the vendor of the DBMS and the extent of their impact on the entity, installing new releases and ensuring that appropriate internal education is provided.

In some applications, more than one database may be used. In these circumstances, the tasks of the database administration group will need to ensure that:

Adequate linkage exists between databases;
Coordination of functions is maintained: and Data contained in different databases are consistent.

Internal Control in a Database Environment

Generally, internal control in a database environment requires effective controls over the database, the DBMS and the applications. The effectiveness of internal controls depends to a great extent on the nature of the database administration tasks, described in paragraphs 11 – 14, and how they are performed.

Due to data sharing, data independence and other characteristics of data-base systems general computer information systems (CIS)² controls normally have a greater influence than CIS controls over the database, the DBMS and the activities of the database administration function have a pervasive effect on application processing. The general CIS controls of particular importance in a database environment can be classified into the following groups:

Standard approach for development and maintenance of application

programs;

Data ownership;
Access to the database; and  Segregation of duties

Standard Approach for Development and Maintenance of Application Programs

Since data are shaded by many users, control may be enhanced when a standard approach is used for developing each new application program and for application program modification. This includes following a formalized step-bystep approach that requires adherence by all individuals developing or modifying an application program. It also includes performing an analysis of the effect of new and existing transactions on the database each time a modification is required. The resulting analysis would indicate the effects of the changes on the security and integrity of the database. Implementing a standard

approach to develop and modify application programs is a technique that can help improve the accuracy, integrity and completeness of the database.

Data Ownership

In a database environment, where many individuals may use programs to input and modify data, a clear and definite assignment of responsibility is required from the database administrator for the accuracy and integrity of each item of data. A single data owner should be assigned responsibility for defining access and security rules, such as who can use the data (access) and what functions they can perform (security). Assessing specific responsibility for data ownership helps to ensure the integrity of the database. For example, the credit manager may be the designated ―owner‖ of a customer‘s credit limit and would therefore be responsible for determining the authorized users of that information. If several individuals are able to make decisions affecting the accuracy and integrity of given data, the likelihood increases of the data becoming corrupted or improperly used.

Access to the Databases

User access to the database can be restricted through the use of passwords. These restrictions apply to individuals, terminal devices and programs. For passwords to be effective, adequate procedures are required for changing passwords, maintaining secrecy of passwords and reviewing and investigating attempted security violations. Relating passwords to defined terminal devices, programs and data helps to ensure that only authorized users and programs can access, amend or delete data. For example the credit manager may give salesmen authority to refer to a customer‘s credit limit, whereas a warehouse clerk may have such authorization.

User access to the various elements of the database may be further controlled through the use of authorization tables. Improper implementation of access procedures can result in unauthorized access to the data in the database.

Segregation of Duties

Responsibilities for performing the various activities required to design, implement and operate a database are divided among technical, design, administrative and user personnel. Their duties include system design, database design, administration and operation. Maintaining adequate segregation of these duties is necessary to ensure the completeness, integrity and accuracy of the database. For example those persons responsible for modifying personnel database programs should not be the same persons who are authorized to change individual pay rates in the database.

The Effect of Databases on the Accounting System and Related Internal Controls.

The effect of a database system on the accounting system and the associated risks will generally depend on:

The extent to which databases are being used by accounting applications;
The type and significance of financial transactions being processed
The nature of the database, the DBMS (including the data dictionary), the database administration tasks and the applications (e.g. batch or on-line update); and

		 The general CIS controls which are particularly important in a database environment.
	12.	Database systems typically provide the opportunity for greater reliability of data
		than non-database systems. This can result in reduced risk of fraud or error in the accounting system where databases are used the following factors, combined with adequate controls, contribute to this improved reliability of data:  Improved consistency of data is achieved because data are recorded and update only once, rather than in non-database systems, where the same date are stored in several files and updated at different times and by different
		programs.  Integrity of data will be improved by effective use of facilities included in the DBMS, such as recovery, restart routines, generalized edit and
 		validation routines, and security and control features.  Other functions available with the DBMS can facilitate control and audit procedures. These functions include report generators which may be used to create balancing reports, and query languages which may be used to identify inconsistencies in the data.
	13.	Alternatively risk of fraud or error may be increased if database systems are used without adequate controls. In a typical non-database environment, controls exercise by individual users may compensate for weaknesses in general CIS controls. However, in a database system, this may not be possible, as inadequate database administration controls cannot always be compensated for by the individual users. For example, accounts receivable personnel cannot effectively control accounts receivable data if other personnel are not restricted from modifying accounts receivable balances in the database.

The effect of Databases on Audit Procedures

	14.	Audit procedures in a database environment will be affected principally by the extent to which the data in the database are used by the accounting system. Where significant accounting applications use a common database, the auditor may find it cost-effective to utilize some of the procedures in the following paragraphs.
	15.	In order t o obtain an understanding of the database control environment and the flow of transactions, the auditor may consider the effect of the following on audit risk in planning the audit:
		 The DBMS and the significant accounting applications using the database;  The standards and procedures for development and maintenance of
		application programs using the database;
		• The database administration function; • Job descriptions, standards and procedures for those individuals responsible
		for technical support, design, administration and operation of the database;  The procedures used to ensure the integrity, security and completeness of
 		the financial information contained in the database; and  The availability of audit facilities within the DBMS.
	16.	During the risk assessment process, in determining the extent of reliance on internal controls related to the use of databases in the accounting system, the auditor may consider how the controls described in paragraphs 17 – 21 are

used in the system. If he subsequently decides to rely on these controls, he would design and perform appropriate compliance tests.

Where the auditor decides to perform compliance or substantive tests related to the database system, audit procedures may include using the functions of the DBMS (see paragraph 23) to:

Generate test data;
Provide an audit trail
Check the integrity of the database;
Provide access to the database or a copy of relevant parts of the database  for the purpose of using audit software (see International Audit Practice Statement 1009 ―Computer-Assisted Audit Techniques‖); or
Obtain information necessary for the audit.

When using the facilities of the DBMS, the auditor will need to obtain reasonable assurance regarding their correct functioning.

Where the auditor determines he cannot rely on the controls in the database system, he would consider whether performing additional substantive test on all significant accounting applications which use the database would achieve his audit objective as inadequate database administration controls cannot always be compensated for by the individual users.

The characteristics of database systems may make it more effective for the auditor to perform a pre-implementation review of new accounting applications rather than to review the applications after installation. This pre-implementation review may provide the auditor with an opportunity to request additional functions, such as built-in audit routines, or controls within the application design. It may also provide the auditor with sufficient time to develop and test audit procedures in advance of their use.

In my preliminary evaluation of controls over sales and debtors I would carry out tests of controls, which would be designed to check that control procedures are being applied and that control objectives are being achieved. The questions I would raise include the following:

i) Whether there is a proper credit control department that carries out the following functions:

Evaluates the credit profile of the customer before awarding credit facilities to a

Recommends to management the terms of credit to be awarded to the various customers. This would include determining the credit limit, the number of days

allowed and any other special terms such as award of discounts;

Follows up accounts when they fall due for payment and recommends action to

management of overdue accounts.
Whether all sales orders are authorised by a senior responsible official. Before the orders are authorised whether the customer‘s account has been checked to ensure that the customer is operating within the credit limit.

Whether there are controls to ensure that all sales are subsequently invoiced. This will include the use of pre-numbered dispatch records and a person to check

whether all goods dispatched are subsequently invoiced; iv) I would also seek to establish whether there is a person who reviews the invoices to ensure that the customer has been billed at the correct sales prices.

I would seek to establish what procedures are in place to ensure that all sales to customers and payments received from such customers are subsequently recorded in the ledger.
I would also seek to establish whether the customers statements are reconciled to

the ledger before being sent to the customer on a monthly basis.

I would seek to establish whether there are proper follow up procedures for overdue accounts and write off of bad debts.

(Visited 102 times, 1 visits today)

AUDITING AND ASSURANCE July 2008 Pilot paper

QUESTION SEVEN

Written by MJ

Leave a Reply Cancel reply