Manual Time Card System:

➧ Deficiency: The use of manual time cards can lead to errors, intentional or unintentional, in recording employee attendance.
➫ Risk: Incorrect payment calculations, potential for time theft, and the possibility of fraudulent time reporting.

Absence of Independent Verification of Time Cards:

➧ Deficiency: There is no independent verification of time cards, leaving room for manipulation.
➫ Risk: Increased likelihood of inaccurate recording of hours worked, leading to incorrect wage payments and potential employee dissatisfaction.

Lack of Segregation of Duties in Payroll Processing:

➧ Deficiency: The same payroll clerk who records transactions is involved in payroll processing, including signing and distributing paychecks.
➫ Risk: Increased potential for errors, intentional manipulation, or fraud as there is insufficient separation of duties in the payroll process.

Manual Signing of Payroll Checks:

➧ Deficiency: Payroll checks are manually signed by the chief accountant, which may lead to a lack of control over the authorization process.
➫ Risk: The potential for unauthorized or fraudulent payments, as the manual signing process lacks proper oversight and authorization controls.

Inadequate Payroll Record Management:

➧ Deficiency: Employees are automatically removed from the payroll when they fail to return a time card, but this process lacks proper documentation and confirmation.
➫ Risk: Potential for errors in removing employees, leading to overpayment or underpayment, and a lack of clarity regarding the status of each employee.

Bank Confirmations:

a. Prepare a bank confirmation request and send it directly to the bank to confirm the client's cash balances as of 31 December 2022.
b. Follow up with the bank to ensure timely responses and investigate any discrepancies.

Bank Reconciliation:

a. Obtain a copy of the bank reconciliation prepared by the client as of 31 December 2022.
b. Test the reconciliation by vouching a sample of bank transactions to supporting documents, such as bank statements and canceled checks.
c. Verify the mathematical accuracy of the reconciliation.

Cash Count:

a. Perform surprise cash counts at various locations where cash is held.
b. Compare the results of the cash count to the recorded cash balance.

Analytical Procedures:

a. Conduct analytical procedures on cash balances by comparing current and prior-year balances, assessing trends, and comparing to industry benchmarks.
b. Investigate any significant fluctuations or anomalies identified during the analytical review.

Review of Bank Statements and Canceled Checks:

a. Obtain and review bank statements for the last month of the fiscal year.
b. Inspect canceled checks and verify payees, dates, and amounts against recorded disbursements.

Legal Confirmations:

a. Inquire with the client's legal counsel regarding any legal restrictions or encumbrances on the company's cash.

Subsequent Events:

a. Inquire about any significant changes in cash balances or transactions that occurred between the year-end and the audit report date.
b. Review subsequent bank statements and reconciliations.

(ii) Discussion on Reversing Outstanding Cheques:

The client's proposal to adjust the cash balance and accounts payable by Sh.27,600,000 raises concerns about the propriety of this adjustment. The following points should be considered:

Timing of Mailing the Cheques:

a. Verify the client's claim that the unmailed cheques were mailed before the auditor's arrival.
b. Obtain evidence, such as postal receipts or confirmations from creditors, to support the timing of mailing.

Proper Accounting Treatment:

a. Assess whether the client's accounting treatment conforms to accounting principles and standards.
b. Evaluate the appropriateness of recognizing the cheques in December if they were not mailed until after the year-end.

Impact on Financial Statements:

a. Consider the effect of reversing the outstanding cheques on the financial statements, particularly on the cash balance and accounts payable.
b. Evaluate the impact on financial statement users' understanding of the company's financial position.

Management's Intent:

a. Discuss with management their intent behind the proposed adjustment.
b. Evaluate whether the adjustment aligns with the objective of presenting a true and fair view of the financial position.

1. Financial Reporting Oversight:

a. Review Financial Statements: The committee reviews and assesses the accuracy, completeness, and fairness of the financial statements and related disclosures.

2. Internal Control Assessment:

a. Evaluate Internal Controls: Assess the effectiveness of the organization's internal control systems to manage risks, safeguard assets, and ensure reliable financial reporting.
b. Risk Management: Monitor the organization's risk management processes and evaluate the adequacy of risk mitigation strategies.

3. External Audit Oversight:

a. Select and Appoint External Auditors: Participate in the selection and appointment of external auditors.
b. Review Auditor's Independence: Evaluate the independence and objectivity of external auditors.
c. Monitor Audit Process: Oversee the external audit process, ensuring it is thorough and objective.
d. Review Audit Findings: Discuss and review audit findings, management responses, and the implementation of corrective actions.

4. Internal Audit Function Oversight:

a. Evaluate Internal Audit Function: Oversee the internal audit function, ensuring it is independent, competent, and adequately resourced.
b. Review Internal Audit Plans: Review and approve internal audit plans and ensure alignment with organizational objectives.
c. Assess Internal Audit Reports: Examine internal audit reports and management's response to identified issues.

5. Compliance Oversight:

a. Monitor Legal and Regulatory Compliance: Oversee compliance with relevant laws, regulations, and industry standards.
b. Review Code of Conduct and Ethics: Ensure the organization has an effective code of conduct and ethics and monitor compliance.

6. Whistleblower Protection:

a. Establish Whistleblower Mechanism: Establish procedures for employees to report concerns about unethical behavior, fraud, or other wrongdoing.
b. Ensure Confidentiality: Ensure the confidentiality and protection of whistleblowers.

7. Communication with Stakeholders:

a. Communication: Communicate with stakeholders, including shareholders, about the committee's activities and findings.
b. Transparency: Promote transparency in financial reporting and governance practices.

8. Educational and Training Initiatives:

a. Continuous Education: Ensure committee members are adequately trained and informed about relevant financial reporting and governance developments.
b. Training for Management: Encourage and support ongoing training for management in financial reporting and internal control matters.

9. Review and Approval of Policies:

a. Review Financial Policies: Review and, if necessary, approve financial policies, including those related to risk management, financial reporting, and internal control.

10. Cybersecurity Oversight:

a. Evaluate Cybersecurity Risks: Assess the organization's cybersecurity risks and strategies.
b. Review Cybersecurity Policies: Oversee the development and implementation of cybersecurity policies and procedures.

11. Crisis Management:

a. Crisis Preparedness: Ensure the organization is prepared for financial crises and has effective crisis management plans.

2. Qualified Opinion:

Circumstances: A qualified opinion is issued when the auditor concludes that, except for specific issues, the financial statements are fairly presented. This opinion is given when there is a limitation in scope or a departure from accounting principles.
Ideal Circumstances: When the auditor encounters a specific issue (e.g., a limitation in obtaining audit evidence), but it does not affect the overall fairness of the financial statements.

3. Adverse Opinion:

Circumstances: An adverse opinion is issued when the financial statements are not fairly presented, and the departures are so significant that they materially impact the overall reliability of the statements.
Ideal Circumstances: When the financial statements contain pervasive material misstatements that the auditor believes cannot be rectified or when there is a fundamental departure from accounting principles.

4. Disclaimer of Opinion:

Circumstances: A disclaimer of opinion is issued when the auditor is unable to form an opinion due to severe limitations in the scope of the audit or when there is substantial doubt about the entity's ability to continue as a going concern.
Ideal Circumstances: When there are limitations in obtaining sufficient audit evidence, such as when the auditor is unable to verify key transactions or balances, or when there are uncertainties about the entity's ability to continue its operations.

5. Qualified with a Scope Limitation:

Circumstances: This opinion is issued when there is a limitation on the scope of the audit, but the auditor concludes that the rest of the financial statements are fairly presented.
Ideal Circumstances: When the auditor encounters specific issues that prevent a complete and thorough examination of certain transactions or accounts, but these issues do not undermine the overall fairness of the financial statements.

The main objectives of a review engagement include:

(ii) Features that Distinguish Review Engagements from Audit Engagements in Relation to Financial Statements:

Several key features distinguish review engagements from audit engagements:

➢ Limited Assurance: In a review engagement, the auditor provides limited assurance, whereas in an audit, the assurance provided is higher (reasonable assurance).

➢ Scope: Review engagements involve analytical procedures, inquiries, and discussions with management, while audit engagements encompass a more extensive examination, including testing of controls, substantive procedures, and the verification of balances.

➢ Express Opinion: The result of a review engagement is a conclusion as to whether the financial statements are plausible, with no formal expression of an opinion. In an audit, the auditor issues a formal opinion on whether the financial statements present a true and fair view.

➢ Report Format: The report for a review engagement typically contains a conclusion and may highlight any identified modifications required in the financial statements. In contrast, an audit report includes a clear expression of opinion and detailed explanations regarding the audit procedures performed.

(iii) The Main Focus of Reviews on:

Value for Money Audits:

➧ Purpose: The focus of a review in a value-for-money audit is to assess the economy, efficiency, and effectiveness of the entity's use of resources.
➫ Procedures: The review involves analyzing key financial and non-financial performance indicators, comparing budgeted versus actual results, and assessing the overall value derived from the resources expended.

Social and Environmental Audits:

➧ Purpose: Reviews in the context of social and environmental audits aim to evaluate the entity's adherence to social and environmental policies and practices.
➫ Procedures: The review includes an examination of policies, procedures, and disclosures related to social and environmental initiatives. Analytical procedures and inquiries are conducted to assess the entity's compliance with relevant standards and regulations.

Material Misstatement in Financial Statements:

If auditors fail to detect material misstatements in the financial statements that would have a significant impact on the decisions of financial statement users, they may be held liable. This could include errors, fraud, or other irregularities.

Failure to Identify and Report Fraud:

If the auditors overlook or fail to detect fraudulent activities within the company, especially those involving top management, and do not report them to the appropriate authorities, they may be held liable for negligence.

Non-Compliance with Accounting Standards:

If the auditors do not identify or report instances where the company's financial statements do not comply with recognized accounting frameworks or relevant regulatory requirements, they may be held liable for not fulfilling their responsibility to ensure compliance.

Lack of Independence and Objectivity:

Auditors are expected to maintain independence and objectivity. If there is evidence that the auditors have a conflict of interest, lack independence, or compromise their objectivity, their credibility may be questioned, leading to potential liability.

Failure to Identify Going Concern Issues:

If auditors do not adequately assess the company's ability to continue as a going concern and fail to disclose uncertainties related to the company's financial viability, they may be held liable for not providing sufficient information to stakeholders.

Inadequate Documentation:

Auditors are required to maintain proper documentation of their audit procedures and findings. If they fail to adequately document their work, making it difficult to support their conclusions, they may face liability in case of legal challenges.

Negligence in Audit Procedures:

If auditors perform their audit with negligence, meaning they do not exercise the level of care and skill expected of a competent auditor, and this negligence leads to financial statement misstatements not being detected, they may be held liable.

Failure to Report Internal Control Weaknesses:

Auditors are required to evaluate and report on the effectiveness of internal controls. If they fail to identify and report material weaknesses in internal controls that could lead to financial misstatements, they may be held liable.

It's important for auditors to exercise due professional care, maintain independence, and conduct thorough and objective audits to mitigate the risk of liability. Professional skepticism, adherence to auditing standards, and effective communication of audit findings are critical elements in fulfilling their responsibilities and minimizing potential legal exposure.

Mindset:

Mindset represents the overall attitude and approach that an auditor adopts when performing an audit. A skeptical mindset involves a healthy level of doubt and an awareness of the potential for bias or misrepresentation. It requires auditors to approach audit evidence with a critical eye, recognizing the possibility of management override of controls or intentional misstatements.

Action:

Action refers to the practical steps taken by auditors to apply skepticism in their audit procedures. This involves actively seeking out and critically evaluating audit evidence, corroborating information from multiple sources, challenging management explanations, and thoroughly investigating areas of complexity or judgment. The action element ensures that skepticism is not just a theoretical concept but is actively integrated into the audit process.

(ii) Auditable Areas Requiring Professional Skepticism:

Revenue Recognition:

Given the potential for manipulation, auditors need to exercise skepticism in the audit of revenue recognition. This includes scrutinizing sales transactions, assessing the recognition criteria, and validating the accuracy of reported revenues.

Management Estimates and Judgments:

Areas involving significant management estimates, such as fair value measurements, provisions, and impairments, require skepticism. Auditors should critically evaluate the assumptions and methodologies used by management, seeking external sources to corroborate estimates.

Related Party Transactions:

Transactions with related parties can be susceptible to manipulation or conflicts of interest. Skepticism is essential to ensure that these transactions are appropriately disclosed and do not unduly benefit certain individuals at the expense of the company.

Going Concern Assessments:

Assessing an entity's ability to continue as a going concern requires skepticism, especially when there are indicators of financial distress. Auditors need to critically evaluate management's plans and assess the reliability of supporting evidence.

Financial Statement Presentation and Disclosure:

Skepticism is crucial in reviewing financial statement presentations and disclosures. Auditors should ensure that information is presented fairly, transparently, and in accordance with accounting standards. This includes scrutinizing footnotes and disclosures for completeness and accuracy.

Asset Valuations:

Valuation of assets, such as property, plant, and equipment, intangible assets, and investments, requires skepticism. Auditors need to independently assess the valuation methods applied by management, challenging assumptions and seeking external valuations if necessary.

Fraud Risk Assessment:

Auditors must exercise skepticism in identifying and assessing the risk of fraud. This involves considering the potential for management override of controls, understanding the company's internal control environment, and actively looking for indicators of fraudulent activities.

IT Systems and Controls:

In an increasingly digital business environment, auditors need to be skeptical when assessing the effectiveness of IT systems and controls. This includes evaluating the integrity and security of financial information and the reliability of automated controls.

Control Risk:

Control risk is the risk that a material misstatement could occur in an assertion, and not be prevented or detected on a timely basis by the entity's internal controls. It is influenced by the effectiveness of internal control procedures. If controls are ineffective, control risk is higher, increasing the likelihood that material misstatements may not be prevented or detected in a timely manner.

Detection Risk:

Detection risk is the risk that the auditor's procedures will not detect a material misstatement that exists in an assertion. It is under the control of the auditor and is influenced by the nature, timing, and extent of audit procedures performed. As detection risk increases, the risk of the auditor failing to detect a material misstatement also increases.

(ii) Four Audit Risk Procedures in a High-Risk Audit:

Detailed Substantive Testing:

➫ Procedure: Conduct detailed substantive testing in areas identified as high-risk. This involves performing extensive substantive procedures such as substantive analytical procedures and substantive tests of details to obtain sufficient and appropriate audit evidence.
➢ Sources of Information: Examination of detailed transaction records, corroborating evidence from external sources, and analyzing complex calculations and estimates.

Increased Sample Sizes:

➫ Procedure: Increase the sample sizes for audit procedures in high-risk areas. This allows the auditor to obtain a more representative sample of transactions or account balances and increases the likelihood of identifying material misstatements.
➢ Sources of Information: Sampling from a larger population of transactions or items, selecting a more extensive sample of invoices, receipts, or other relevant documents.

External Confirmations:

➫ Procedure: Use external confirmations to independently verify the accuracy of selected account balances or transactions. This involves obtaining direct confirmation from third parties regarding the amounts reported by the entity.
➢ Sources of Information: Confirmations from customers, suppliers, banks, or other relevant third parties to validate account balances, receivables, payables, or other significant items.

Specialist Involvement:

➫ Procedure: Involve specialists, such as valuation experts or industry specialists, to assess complex transactions or estimates in high-risk areas. Specialists can provide independent assessments and insights that enhance the reliability of audit evidence.
➢ Sources of Information: Reports and analyses prepared by specialists, industry publications, and expert opinions to evaluate the reasonableness of management's estimates or assertions.

• Clear credit approval policies and procedures.
• Segregation of duties between credit origination, approval, and disbursement functions.
• Adequate documentation of the credit approval process, including rationale for approval decisions.

Customer Due Diligence:

• Comprehensive customer due diligence procedures to assess creditworthiness.
• Verification of customer information, financial statements, and collateral documentation.
• Adequate documentation of the customer risk assessment process.

Loan Documentation:

• Standardized and consistent loan documentation processes.
• Documentation completeness and accuracy checks.
• Compliance with regulatory requirements for loan agreements.

Collateral Management:

• Procedures for the valuation and verification of collateral.
• Segregation of duties in handling and recording collateral.
• Regular monitoring and updating of collateral values.

Credit Limits and Exposure Monitoring:

• Establishment and enforcement of credit limits for individual customers.
• Regular monitoring of credit exposure to prevent concentration risk.
• Automated systems for tracking credit limits and exposures.

2. Monitoring:

Credit Review and Renewal:

• Periodic review of existing credit portfolios.
• Evaluation of changes in customers' creditworthiness.
• Clear procedures for credit renewal or modification.

Financial Statement Analysis:

• Ongoing analysis of customers' financial statements.
• Timely identification of financial distress indicators.
• Processes for addressing deteriorating credit quality.

Covenant Compliance Monitoring:

• Monitoring compliance with loan covenants.
• Automated systems to track covenant requirements.
• Early warning systems for covenant breaches.

Regular Reporting:

• Regular reporting on the credit portfolio's performance.
• Exception reporting for loans with payment issues or other concerns.
• Reporting to senior management and the board on credit risk.

3. Collection:

Aging Analysis:

• Regular aging analysis of overdue accounts.
• Policies for the timely identification and categorization of non-performing loans.
• Procedures for addressing accounts in arrears.

Collection Strategies:

• Well-defined strategies for collections, including contact frequency and methods.
• Segregation of duties in the collection process.
• Compliance with legal and regulatory requirements in the collection process.

Loan Workout Procedures:

• Established procedures for loan workouts and restructuring.
• Documentation of negotiations and agreements with borrowers.
• Escalation procedures for loans at risk of default.

Write-off Process:

• Clearly defined criteria for write-off decisions.
• Approval processes for writing off loans.
• Regular review of the adequacy of the allowance for loan losses.

Some of the key audit procedures that can be undertaken to achieve the audit objective are:

1. Review of Performance Contracts and Key Performance Indicators (KPIs):

• Examine the performance contracts between the government and state corporations to understand the established targets and KPIs.
• Verify that the performance indicators are specific, measurable, achievable, relevant, and time-bound (SMART).
• Confirm that the performance contracts align with key national policy priorities.

2. Assessment of Internal Controls:

• Evaluate the internal controls established by state corporations to monitor and report on performance contracting targets.
• Assess the design and implementation of control activities that ensure the reliability of the data reported.
• Identify any weaknesses in internal controls that could impact the accuracy and completeness of performance information.

3. Testing the Accuracy of Data:

• Select a sample of reported performance data and trace it back to the underlying supporting documentation, such as performance reports, project documents, and other relevant records.
• Verify the mathematical accuracy of computations and calculations used to determine performance achievements.
• Confirm that data sources are accurate and reliable.

4. Substantive Analytical Procedures:

• Perform substantive analytical procedures to assess the reasonableness of reported performance data.
• Compare current performance results with historical data and industry benchmarks to identify any significant variations or anomalies.
• Investigate and obtain explanations for unexpected fluctuations in performance indicators.

5. External Confirmation:

• Consider obtaining external confirmation from relevant stakeholders, such as government authorities or independent evaluators, to validate reported performance achievements.
• Confirm with external parties the accuracy and completeness of key performance indicators and the overall attainment of performance targets.

6. Review of Management Reports and Board Minutes:

• Examine management reports and board minutes to gain insights into the discussions and decisions related to performance contracting.
• Ensure that any challenges or deviations from the planned performance are adequately disclosed and explained.
• Verify that corrective actions, if any, have been implemented as a result of performance assessments.

7. Testing Compliance with Policies and Regulations:

• Evaluate compliance with relevant policies, regulations, and guidelines governing performance contracting in the public sector.
• Confirm that state corporations adhere to reporting requirements and disclose any deviations from regulatory expectations.

8. Interviews and Inquiry:

• Conduct interviews with key personnel involved in performance contracting and reporting to understand the processes, controls, and challenges.
• Inquire about the methodologies used to collect and report performance data, ensuring consistency and accuracy.

9. Review of Documentation and Evidence:

• Examine the documentation supporting the reported performance, including project plans, progress reports, and evidence of achieved milestones.
• Verify the authenticity and reliability of documents used in the performance assessment process.

10. Continuous Monitoring and Follow-Up:

• Implement continuous monitoring procedures to identify any subsequent events or developments that could impact the accuracy of reported performance data.
• Follow up on any issues or concerns identified during the audit to ensure corrective actions have been taken.