Guaranteed

95.5% Pass Rate

CPA
Advanced Leval
Advanvced Auditing and Assurance September 2021
Suggested solutions

Advanvced Auditing and Assurance
Revision Kit

QUESTION 1(a)

Q Maisha Bora Welfare Group was established in the year 2015. The organization's aim is to provide support to children from disadvantaged backgrounds who wish to take part in athletics

The organisation has a detailed constitution which explains how the income of the welfare group can be spent. The constitution also notes that administration expenses should not exceed 10% of income in any one year.

The income of the organisation is derived wholly from voluntary donations. The sources of income include:

• Cash collected by volunteers seeking donations from the public.
• Cheques sent to the welfare group's head office.
• Donations from generous individuals. Some of these donations have specific clauses attached to them indicating that the initial amount donated (capital) cannot be spent and that the interest income from the donation must be spent on specific activities, for example, provision of sports shoes.

Required:

In the context of the above information:

(i) Explain the term "audit risk", clearly indicating three elements of risk that contribute to total audit risk.
(ii) Explore the areas of inherent risk in Maisha Bora Welfare Group, explaining the effect of each of these risks on the audit approach to be adopted.
A

Solution


(i) Audit Risk and its Elements:

Audit risk refers to the risk that an auditor may issue an incorrect or inappropriate audit opinion on the financial statements of an organization. It is a combination of three elements:

➧ Inherent Risk: Inherent risk is the susceptibility of financial statements to material misstatements before considering the effectiveness of internal controls. It arises due to the nature of an organization's transactions, accounts, and financial reporting practices. Factors that contribute to inherent risk include complex transactions, estimates, and subjective accounting policies.

➧ Control Risk: Control risk is the risk that the organization's internal controls will fail to prevent or detect material misstatements. It depends on the effectiveness of the internal control system. Weak controls or instances of control failures increase the control risk.

➧ Detection Risk: Detection risk is the risk that the auditor's substantive procedures will not detect material misstatements that exist in the financial statements. It is influenced by the nature, timing, and extent of audit procedures performed by the auditor.

The formula to understand the relationship between these elements is as follows: Audit Risk = Inherent Risk × Control Risk × Detection Risk

(ii) Areas of Inherent Risk in Maisha Bora Welfare Group and their Effects on Audit Approach:

➧ Donations with Specific Clauses: Donations that have specific restrictions on their use (e.g., only interest income can be spent) introduce inherent risk. The auditor needs to assess whether the organization complies with these restrictions and properly accounts for and discloses the use of such funds. The audit approach would involve detailed testing of transactions related to these donations, ensuring that interest income is correctly identified and spent according to the specified activities.

➧ Reliance on Voluntary Donations: Since the income of the welfare group is derived wholly from voluntary donations, there is an inherent risk related to revenue recognition. The auditor must verify the completeness and accuracy of recorded donations and ensure that all received funds have been appropriately accounted for. This may involve obtaining direct confirmations from donors and examining relevant documentation.

➧ Administration Expenses: The constitution of the organization limits administration expenses to not exceed 10% of income. Any deviation from this limit can introduce inherent risk. The auditor needs to assess whether the welfare group adheres to this restriction and if the expenses have been properly categorized. The audit approach would involve testing the accuracy and classification of expenses and ensuring they are within the allowable limit.

➧ Cash Collections: Cash collected by volunteers from the public can be prone to misappropriation or mishandling, leading to inherent risk related to cash controls. The auditor would need to assess the adequacy of cash handling procedures and perform tests to ensure that all cash collections have been appropriately recorded and deposited.

➧ Cheque Receipts: Cheques received at the head office need to be appropriately recorded and safeguarded to prevent the risk of misappropriation. The auditor would need to verify the completeness and accuracy of cheque receipts and assess the security measures in place to prevent fraud.

Summary

In conclusion, inherent risks in Maisha Bora Welfare Group are primarily related to the nature of its funding sources, the restrictions on certain donations, and compliance with the constitution's provisions. The audit approach would involve focusing on detailed testing in these areas to ensure proper accounting, compliance with restrictions, and accurate financial reporting. Additionally, the auditor would need to consider the potential impact of these inherent risks on the overall audit risk and adjust their audit procedures accordingly.

More info

QUESTION 1(b)

Q Suggest the procedures that an auditor should perform in order to gain understnnding of a client's business.
A

Solution


➦ Gaining a comprehensive understanding of a client's business is crucial for an auditor to plan and conduct an effective audit. The understanding allows the auditor to identify potential risks, tailor audit procedures, and make informed judgments about the financial statements.

Key procedures an auditor should perform to achieve this:

➧ Initial Meeting with Management: Arrange a meeting with key members of management to discuss the client's business, its objectives, operations, and any significant changes or developments since the previous audit. Understanding the management's perspective and goals helps shape the audit approach.

➧ Review of Organizational Structure and Governance: Study the organizational structure to comprehend reporting lines, subsidiaries, joint ventures, and significant business relationships. Also, assess the governance structure, including the roles and responsibilities of the board of directors and committees.

➧ Study of Financial Information: Review the client's financial statements, budgets, and performance reports for the past few years. This analysis helps identify trends, areas of focus, and potential risk areas.

➧ Industry and Regulatory Research: Conduct research on the industry in which the client operates to understand its economic environment, key competitors, challenges, and opportunities. Identify any specific regulations that might impact the client's financial reporting.

➧ Inquiry and Discussion with Employees: Interview key personnel from various departments to gain insights into the company's processes, accounting practices, and internal control environment. This helps identify potential risks and areas requiring additional attention.

➧ Assessment of Internal Controls: Evaluate the design and effectiveness of internal controls, especially those related to financial reporting. Understanding the control environment assists in determining the extent of substantive testing needed.

➧ Risk Assessment Procedures: Perform risk assessment procedures, including analytical procedures and other risk assessment tools, to identify areas with higher inherent risk and risk of material misstatements.

➧ Review of Contracts and Agreements: Examine significant contracts and agreements to understand their financial implications, including potential contingent liabilities and commitments.

➧ Site Visits and Observations: If applicable, visit the client's premises to observe operations firsthand. This helps in understanding the nature of the business, the production process, and the flow of transactions.

➧ Review of IT Systems: Evaluate the client's information technology systems and their impact on financial reporting. Understanding the IT environment is critical to assess the risk of data integrity and cybersecurity issues.

➧ Review of Related Party Transactions: Scrutinize transactions with related parties to assess their impact on the financial statements and ensure proper disclosure.

➧ Consideration of Industry-specific Risks: Tailor procedures to address risks specific to the client's industry. Different industries have unique risks that require special attention during the audit.

➧ Assessment of Going Concern: Evaluate the client's ability to continue as a going concern and any indications of financial distress or uncertainties.

➧ Review of Legal Matters: Inquire about any ongoing or pending litigation that may have a material impact on the financial statements.

More info

QUESTION 1(c)

Q You are a senior audit manager in M and M Associates Certified Public Accountants. Recently, you were assigned specific responsibility for undertaking annual reviews of existing clients. The following situation has arisen in connection with one of the clients, Reward Ltd., an exporter of specialist equipment.

The Chief Executive Officer of Reward Ltd. has requested for advice on the accounting treatment and disclosure of payments being made for security consoltancy services. The payments, which aim to ensure that consignments are not impounded in the destination country of major customer, may be material to the financial statements for the year ending, 31 December Reward Ltd. does not treat these payments as tax deductible.

Required:

Explore the ethical and other professional issues raised by the above matter and indicate the action, if any that your firm should now take.
A

Solution


➦ The situation described raises several ethical and professional issues for M and M Associates Certified Public Accountants. As a senior audit manager, you must carefully consider these issues and take appropriate actions to ensure compliance with professional standards and maintain the integrity of the audit process.

Key ethical and professional issues and the recommended actions:

➧ Independence and Objectivity: The request for advice from the Chief Executive Officer (CEO) of Reward Ltd. can potentially compromise the independence and objectivity of the audit firm. Providing accounting advice to a client on a material matter may create a self-review threat and impair the auditor's ability to maintain an unbiased perspective during the audit.

➧ Action: The firm should decline to provide specific accounting advice to the client, especially on matters that could materially impact the financial statements. Instead, it is advisable for the client to seek advice from independent accounting experts or consult the relevant accounting standards for proper treatment and disclosure of security consultancy payments.

➧ Confidentiality: The CEO's request for advice implies the disclosure of confidential information related to the security consultancy payments. Disclosing such information could breach client confidentiality, which is a fundamental ethical principle for auditors.

➧ Action: The firm should not disclose any confidential client information or details of the CEO's request to anyone outside the firm without the client's explicit consent. The matter should be handled discreetly within the firm's internal discussions with appropriate engagement team members.

➧ Professional Competence and Due Care: Providing advice on accounting treatment requires a thorough understanding of relevant accounting standards and regulations. If the firm is not well-versed in the specific area of security consultancy payments, there is a risk of providing inaccurate or incomplete advice.

➧ Action: The firm should ensure that any accounting advice it provides is based on the expertise of professionals with relevant knowledge and experience in the area of security consultancy payments. If the firm lacks the necessary expertise, it should inform the client and suggest seeking advice from external experts.

➧ Audit Integrity and Impartiality: The CEO's request for advice might indicate an attempt to influence the audit process or its outcomes. It is essential to maintain the independence and integrity of the audit to ensure the financial statements' accuracy and reliability. ➧ Action: The firm should assure the client that the audit process will be conducted with integrity and impartiality, following professional standards and guidelines. Emphasize that the audit report will be based on the audit team's findings and conclusions, without any undue influence from the client.

conclusion

In conclusion, M and M Associates Certified Public Accountants should refrain from providing specific accounting advice to the client and uphold the principles of independence, objectivity, confidentiality, and professional competence. The firm should handle the matter with discretion and ensure that the audit process remains unbiased and free from any external influence. If the client requires advice on accounting treatment, they should seek assistance from independent accounting experts or refer to relevant accounting standards.

More info

QUESTION 2(a)

Q You are a manager at Dundee Associates, a firm of Certified Public Accountants. Your specific responsibility is for the qnality of audits.

Your firm was appointed the auditor of Taka Ltd., a provider of waste management services, in January 2020. You have visited the audit team at Taka Ltd. 's head office. The team comprises an audit senior, an audit assistant and two trainees.

Taka Ltd.'s draft accounts for the year ended 31 December 2019 show revenues of Sh.118 million (2018 Sh.8.3 million) and total assets of Sh.40 million (2018 Sh.30 million). During your visit, a review of the audit working papers revealed the following:

(i) On the planning checklist, the audit senior has crossed through the analytical procedures section and written "applicable-New client". The audit planning checklist has not been signed off as having been reviewed

(ii) The audit senior last visited Taka Ltd.'s office when the final audit commenced two weeks earlier on 1 February 2020. The audit senior has since completed the audit of tangible non-curent assets including property and service equipment which amount to Sh.8 million as at 31 December 2019 (2018 Sh.8 million). The audit senior spends most of his time at your firm's office and is currently allocated three other assignments in addition to the audit of Taka Ltd.

Required:

Discuse the implications of the two findings above for Dundee Associate's quality control policies and procedures.
A

Solution


(i) Issue:

Incomplete Audit Planning and Review: The audit senior has crossed through the analytical procedures section on the planning checklist and indicated "applicable-New client." Additionally, the planning checklist has not been signed off as having been reviewed.

Implications: Incomplete or inadequate audit planning can lead to several issues:

  1. Increased Risk of Material Misstatements: Without a proper planning process, the audit team may fail to identify areas of higher risk that require additional attention during the audit. This increases the risk of material misstatements going undetected in the financial statements.
  2. Lack of Guidance for the Audit Team: The absence of a signed-off and reviewed planning checklist may result in the audit team lacking clear guidance on the scope, objectives, and risk assessment procedures for the audit engagement.
  3. Non-compliance with Quality Control Standards: Incomplete planning and lack of review of planning documentation are likely to be in violation of quality control standards set by the auditing profession.


(ii) Issue: Inadequate Time Allocation and Limited On-site Presence:

The audit senior last visited Taka Ltd.'s office when the final audit commenced, and since then, has spent most of his time at the firm's office, being allocated to three other assignments besides the Taka Ltd. audit.

Implications: Inadequate time allocation and limited on-site presence can lead to various problems:

  1. Lack of Sufficient Evidence: The audit senior's limited on-site presence may hinder their ability to gather sufficient and appropriate audit evidence to support the financial statement assertions adequately.
  2. Increased Risk of Oversight: Being allocated to multiple assignments, the audit senior may face challenges in overseeing and effectively managing the Taka Ltd. audit, leading to potential errors or omissions.
  3. Compromised Quality of Audit: Insufficient time and attention devoted to the Taka Ltd. audit may lead to a compromised audit quality, reducing the effectiveness of the audit procedures performed.


Implications for Dundee Associates' Quality Control Policies and Procedures:

➧ Audit Planning and Review Process: Dundee Associates needs to strengthen its policies and procedures related to audit planning and review. It should emphasize the importance of comprehensive audit planning, including the identification of risk areas, required procedures, and clear assignment of responsibilities. Additionally, the planning process should be reviewed and signed off by a more senior member of the engagement team.

➧ Resource Management and Workload Balancing: The firm should ensure that audit engagements are appropriately staffed, and team members are not overburdened with multiple assignments. Adequate time should be allocated to each audit engagement, considering its size, complexity, and risk profile.

➧ On-site Presence and Supervision: It is essential for the audit senior to have sufficient on-site presence during critical phases of the audit. On-site presence allows for better understanding of the client's operations, effective communication with the client's management, and proper supervision of the audit team.

➧ Quality Control Monitoring: Dundee Associates should implement a robust quality control monitoring process to review the adherence to its policies and procedures. Regular reviews of audit engagements, including the planning documentation and audit work performed, can help identify areas that require improvement.

More info

QUESTION 2(b)

Q Explain the role of support/comfort letters as evidence in the audit of goup financial statements.
A

Solution


➦ Support or comfort letters play a significant role in the audit of group financial statements, especially in the context of auditors obtaining audit evidence related to subsidiaries or components of the group. A support letter is a written confirmation provided by the management of a subsidiary company or component to the group auditor. The purpose of such letters is to obtain specific information or representations that are essential for the group auditor to form an opinion on the consolidated financial statements.

Explanation of their role in the audit:

  1. Confirmation of Balances: Support letters are commonly used to confirm the balances of significant accounts, such as trade receivables, trade payables, and bank balances, held by the subsidiary. These confirmations help the group auditor ensure the completeness and accuracy of the consolidation process and that the financial information of the subsidiary is appropriately reflected in the group financial statements.
  2. Existence and Ownership of Assets: Support letters may be used to confirm the existence and ownership of significant assets, such as property, plant, and equipment, and intangible assets, held by the subsidiary. This confirmation ensures that the assets are properly recognized and valued in the consolidated financial statements.
  3. Debt and Loan Confirmations: When subsidiaries have outstanding debts or loans with third parties, support letters may be obtained to confirm the terms, conditions, and balances of these obligations. This helps the group auditor assess the completeness and accuracy of the consolidated financial statements, especially when intercompany transactions are involved.
  4. Representations on Liabilities and Contingent Liabilities: Support letters may include representations from the subsidiary's management regarding the existence and valuation of liabilities, including contingent liabilities. These representations assist the group auditor in determining the completeness and accuracy of the group's financial statements.
  5. Compliance with Legal and Regulatory Requirements: Support letters can provide assurance that the subsidiary is compliant with relevant legal and regulatory requirements. This is crucial for the group auditor to assess any potential risks arising from non-compliance that could impact the group's financial statements.
  6. Accuracy of Financial Reporting and Disclosures: Support letters may contain representations on the accuracy and completeness of the subsidiary's financial reporting and disclosures. This helps the group auditor gain comfort that the financial information provided by the subsidiary is reliable and relevant for consolidation.
  7. Other Specific Information: In addition to the above, support letters may be used to obtain other specific information or explanations related to the subsidiary's operations or financial performance that could have a material impact on the group financial statements.


Summary

Support or comfort letters serve as critical pieces of evidence in the audit of group financial statements. They provide the group auditor with necessary information, confirmations, and representations from subsidiaries, enabling the auditor to obtain a comprehensive understanding of the group's financial position, performance, and compliance with applicable standards and regulations. The use of support letters enhances the reliability and completeness of the audit evidence, leading to a more robust and accurate audit opinion on the group financial statements.

More info

QUESTION 2(c)

Q Discuss how horizontal groups (non-consolidated entities under common control) affect the scope of an audit and the audit work undertaken.
A

Solution


➦ Horizontal groups, also known as non-consolidated entities under common control, refer to a group of entities that are controlled by the same party, but their financial statements are not consolidated into a single set of financial statements. Instead, each entity prepares its own standalone financial statements. When auditing such entities, the scope of the audit and the audit work undertaken can be affected in several ways:

➧ Scope of the Audit Engagement: In a horizontal group, the scope of the audit engagement is limited to the individual financial statements of each entity. The auditor is not required to perform a consolidation audit or combine the financial information of all entities within the group. The focus is on ensuring the accuracy and reliability of each entity's financial statements separately.

➧ Assessment of Control Relationships: The auditor needs to understand the control relationships within the horizontal group. This involves identifying the party that exercises control over the entities and assessing the nature and extent of the control. Understanding control relationships is crucial for determining the level of risk and potential intercompany transactions that may impact the financial statements.

➧ Risk Assessment and Materiality: The risk assessment process should consider the interconnectedness of the entities within the horizontal group. Auditors need to be alert to the possibility of transactions between entities that could affect the financial results and financial position of individual entities. Materiality thresholds are set considering the group's combined impact on the controlling party's financial position.

➧ Intercompany Transactions and Balances: Although the audit scope is limited to standalone financial statements, auditors still need to be vigilant about intercompany transactions and balances. Significant intercompany transactions or balances may need to be disclosed in the notes to the financial statements or may require additional audit procedures to verify their accuracy.

➧ Going Concern Assessment: Assessing the going concern assumption becomes important in a horizontal group context. If one entity within the group faces financial difficulties or goes bankrupt, it may have implications for the other entities under common control. The auditor needs to evaluate the potential impact on the group's overall ability to continue as a going concern.

➧ Group Audit Considerations: Even though the financial statements are not consolidated, auditors need to consider the relationship with other auditors if the controlling party also has consolidated financial statements. Communication and coordination with other auditors may be necessary to ensure consistency in the application of accounting policies and disclosures across the group.

➧ Internal Control Evaluation: The auditor should assess the effectiveness of internal controls at the individual entity level. Understanding control activities is important to identify risks and plan audit procedures effectively.

More info

QUESTION 3(a)

Q Following the outbreak of the Covid-19 pandemic with its associated uncertainty and crisis management requirements, intetrnal audit is now in an Interesting position to guide organisations through a completely new landscape of risk. It is evident that new trends have emerged in internal audit that will change the way audit is perceived for years to come.

Required:

In the context of the above statement, explain how the following recent trends are transforming the audit landscape:

(i) Artificial intelligence.
(ii) Soft controls and company culture
A

Solution


(i) Artificial Intelligence in Internal Audit:

Artificial Intelligence (AI) has had a significant impact on various industries, and internal audit is no exception. The application of AI in the audit process has brought about several transformations in the audit landscape:

a. Automated Data Analysis: AI-powered tools can process vast amounts of data quickly and efficiently. This enables auditors to analyze entire data sets, identifying patterns, anomalies, and trends that might have been missed in traditional sampling methods. By using AI for data analysis, internal auditors can gain deeper insights into an organization's financial transactions, operational processes, and potential risks.
b. Continuous Monitoring and Auditing: AI facilitates continuous monitoring of an organization's operations, allowing auditors to assess risks in real-time rather than relying solely on periodic audits. With continuous auditing, auditors can detect issues promptly, enabling timely corrective actions and reducing the likelihood of significant problems going unnoticed for extended periods.
c. Fraud Detection and Prevention: AI-driven algorithms can detect unusual patterns or behaviors that may indicate fraudulent activities within an organization. By analyzing data from multiple sources, AI systems can identify potential red flags and help auditors focus their efforts on investigating suspicious activities.
d. Predictive Analytics: AI's predictive capabilities enable auditors to anticipate potential risks and issues based on historical data and patterns. This helps internal audit teams prioritize their focus on areas with higher risk and proactively address emerging challenges.
e. Natural Language Processing (NLP): NLP allows AI systems to understand and interpret human language. With NLP, auditors can perform more advanced analysis of unstructured data, such as contracts, emails, and textual records. This ability enhances the depth and accuracy of audit assessments.
(ii) Soft Controls and Company Culture in Internal Audit:

Traditionally, internal audits have heavily focused on evaluating and validating financial controls and compliance measures. However, in recent times, the emphasis has shifted towards assessing "soft controls," which include company culture, ethics, and the overall tone at the top. This trend is transforming the audit landscape in the following ways:

a. Cultural Assessment: Internal auditors are now tasked with assessing an organization's culture and its impact on risk management. They evaluate whether the company's values align with its operational practices and whether employees' behavior reflects the desired ethical standards.
b. Risk Culture: Evaluating the risk culture involves understanding how risk awareness and management are integrated into the organization's day-to-day activities. A positive risk culture fosters risk-aware decision-making at all levels, reducing the likelihood of risk events.
c. Tone at the Top: Internal auditors now examine the tone set by top management and how it influences the overall control environment. A strong tone at the top, promoting ethical behavior and compliance, can significantly impact the organization's risk posture.
d. Engagement: Employee Assessing employee engagement helps auditors understand how well the workforce understands and embraces the organization's values and compliance requirements. Engaged employees are more likely to act in line with company policies and procedures, reducing the risk of non-compliance.
e. Corporate Social Responsibility (CSR): Internal audits increasingly incorporate CSR evaluations to ensure the organization is meeting its social and environmental responsibilities. This aspect is vital for maintaining the organization's reputation and reducing risks associated with negative publicity and stakeholder disapproval.


Summary

In conclusion, AI and the focus on soft controls and company culture are two key trends transforming the audit landscape. AI empowers auditors with advanced analytics, real-time monitoring, and predictive capabilities, while the evaluation of soft controls and company culture allows auditors to gain a holistic understanding of an organization's risk profile beyond traditional financial measures. These trends are likely to shape the future of internal audit practices for years to come, helping organizations navigate the complexities of a rapidly changing risk landscape.

More info

QUESTION 3(b)

Q Describe how the following factors are posing risks to internal audit in the new dispensation:

(i) Cyber security in the remote world of work.
(ii) Changing regulatory risks.
A

Solution


(i) Cyber Security in the Remote World of Work:

The shift to remote work arrangements in the new dispensation has introduced several cyber security risks that pose challenges for internal audit functions.

These risks include:

➧ Increased Vulnerability to Cyber Attacks: Remote work environments often lack the same level of security controls as traditional office setups, making employees and systems more vulnerable to cyber-attacks like phishing, ransomware, and other forms of malware.

➧ Weaker Endpoint Security: With employees using personal devices or accessing sensitive information from home networks, the endpoints become potential entry points for cybercriminals. This increases the risk of data breaches and unauthorized access to critical systems.

➧ Data Privacy and Confidentiality Concerns: Remote work may lead to the sharing of sensitive information through unsecured channels or the use of personal cloud storage solutions. This creates risks related to data privacy and confidentiality.

➧ Challenges in Monitoring and Detection: Traditional monitoring and detection mechanisms used within office premises may not be as effective in remote environments. Internal auditors may face difficulties in identifying unusual activities or potential security breaches.

➧ Insider Threats: Remote work environments may present opportunities for insider threats, where employees with access to sensitive data may misuse or leak information without immediate detection.

Implications for Internal Audit: To address these risks, internal audit functions must adapt their approach:

➫ Conducting thorough risk assessments that specifically address cyber security in the remote work environment.
➫ Evaluating and enhancing controls related to remote access, data storage, and data transfer.
➫ Implementing continuous monitoring solutions to identify security incidents in real-time.
➫ Assessing the effectiveness of employee awareness and training programs on cyber security best practices.
➫ Collaborating with IT and security teams to stay updated on emerging threats and industry best practices.

(ii) Changing Regulatory Risks:

In the new dispensation, regulatory risks are evolving rapidly due to changes in laws, regulations, and industry standards. These risks pose challenges for internal audit functions in various ways:

➧ Increased Complexity and Volume of Regulations: The rapidly changing regulatory landscape can make it difficult for internal auditors to stay updated on all relevant regulations. The volume and complexity of regulations may overwhelm audit resources.

➧ Potential Compliance Gaps: As regulations change, there is a risk that internal controls and compliance processes may become outdated or not align with new requirements, leading to compliance gaps.

➧ Cross-Border and Global Regulations: For organizations operating in multiple jurisdictions, compliance with cross-border and global regulations becomes more challenging due to varying requirements and standards.

➧ Reputational Risks: Non-compliance with new or evolving regulations can lead to reputational damage and legal consequences for the organization.

➧ Implications for Internal Audit: To address changing regulatory risks, internal audit functions should:

➫ Establish a robust compliance monitoring and testing program to ensure adherence to new regulations.
➫ Collaborate with legal and compliance departments to understand the impact of regulatory changes and assess compliance readiness.
➫ Conduct specialized training for auditors to enhance their understanding of complex regulations and their implications.
➫ Develop a system for monitoring and tracking regulatory changes to ensure timely updates to internal controls and procedures.
➫ Engage with external regulatory experts or consultants to gain insights into specific regulatory requirements that may impact the organization

More info

QUESTION 3(c)

Q Most auditing practitioners agree that legal liability is part of the risk associated with their work. However, they argue that practising auditors may also take specific action to minimise their liability.

Required:

Evaluate the measures that auditors may take to mimimise the possibilities of legal liability.
A

Solution


➧ Maintain Professional Competence and Independence: Auditors should ensure that they possess the necessary expertise and knowledge to perform their duties competently. Staying up-to-date with evolving accounting and auditing standards is crucial. Additionally, maintaining independence from the audited entity and avoiding conflicts of interest enhances the credibility of the audit and reduces the perception of bias.

➧ Observe Professional Standards and Ethics: Adhering to professional auditing standards and ethical guidelines is essential. Following the Generally Accepted Auditing Standards (GAAS) or International Standards on Auditing (ISA) ensures that the audit is conducted with due diligence and prudence, reducing the risk of negligence claims.

➧ Comprehensive and Well-Documented Audit Procedures: Thorough documentation of audit procedures, findings, and conclusions provides a clear record of the audit process. This documentation serves as evidence that the audit was conducted with professional care and diligence.

➧ Exercise Professional Skepticism: Auditors should maintain an attitude of professional skepticism throughout the audit process. This means questioning the information received and challenging assumptions to identify potential risks and material misstatements.

➧ Clear Communication with the Client: Effective communication with the client fosters transparency and mutual understanding. Auditors should clearly communicate the scope of the audit, limitations, and any potential issues identified during the engagement.

➧ Proper Engagement and Representation Letters: Engagement letters should clearly outline the terms and scope of the audit engagement, setting appropriate expectations. Similarly, representation letters obtained from management reinforce their responsibility for the financial statements and disclosure, reducing potential claims of misunderstandings.

➧ Maintain Adequate Insurance Coverage: Professional liability insurance is crucial for auditors. It provides financial protection in case of legal claims arising from audit engagements.

➧ Continuous Professional Development: Staying current with emerging trends, regulations, and industry developments is essential. Continuous professional development helps auditors adapt to new challenges and enhances their ability to identify and address potential risks.

➧ Quality Control and Peer Review: Establishing robust quality control procedures and undergoing regular peer reviews can identify areas for improvement and ensure compliance with auditing standards.

➧ Candidly Reporting Findings: Auditors should be transparent and candid in their reporting. Clearly communicating any significant issues or concerns to stakeholders, including the board of directors, can help prevent misunderstandings or allegations of withholding critical information.

More info

QUESTION 4(a)

Q You are the auditor of Benrose Ltd. which undertakes construction contracts on behalf of its clients.

Last year, you qualified the auditor's report due to lack of evidence to support the client's schedules of estimated costs to completion. During the year, a quantity surveyor joined the management team of Benrose Ltd. His main role is to prepare year end schedules, by contract, of total costs to completion. This includes:

➫ Direct costs incured to the balance sheet date.
➫ Attributable overheads.
➫ Estimated costs to completion.

You ate satisfied that the quantity surveyor is appropriately qualified and experienced

Required:

(i) Explain the nature and extent of the reliance which you would seek to place on the work of the quantity surveyor.
(ii) Describe the audit work you would perform in respect of total costs to completion.
A

Solution


(i) Nature and Extent of Reliance on the Quantity Surveyor's Work:

As the auditor of Benrose Ltd., the reliance placed on the work of the quantity surveyor would be based on a combination of professional judgment, evaluation of the quantity surveyor's qualifications and experience, and an assessment of the quality and reliability of the work performed. The nature and extent of reliance on the quantity surveyor's work would be as follows:

➧ Assessing Qualifications and Experience: Before placing reliance, the auditor would review the qualifications and experience of the quantity surveyor. A qualified and experienced professional in the field of construction contracts would enhance the credibility of the work performed.

➧ Nature of the Work Performed: The auditor would evaluate the nature of the work performed by the quantity surveyor. This would involve understanding the procedures followed by the quantity surveyor in preparing the year-end schedules of total costs to completion. The auditor would assess whether the quantity surveyor's procedures align with industry best practices and accounting standards.

➧ Independence and Objectivity: The quantity surveyor's independence and objectivity would be crucial factors to consider. The auditor would ensure that the quantity surveyor is not influenced by any bias or conflict of interest that could compromise the integrity of the work.

➧ Scope and Limitations: The auditor would review the scope and limitations of the quantity surveyor's work. This would involve understanding the extent of direct costs, attributable overheads, and estimated costs to completion covered by the quantity surveyor's procedures.

➧ Comparative Analysis: The auditor would perform a comparative analysis of the quantity surveyor's work with prior year data and other available information. This helps identify any significant changes or anomalies that may require further investigation.

➧ Testing the Accuracy and Completeness: The auditor would conduct a sample review of the quantity surveyor's schedules and calculations to test their accuracy and completeness. This validation process helps ensure that the information provided is reliable.

➧ Documentation and Communication: The auditor would request the quantity surveyor to document the work performed, including the methodologies, assumptions, and sources of information used. Open communication between the auditor and the quantity surveyor is essential to address any concerns or queries.

➧ Management's Review: The auditor would inquire whether the management team, including the quantity surveyor, has reviewed the schedules and related data for reasonableness and accuracy.

(ii) Audit Work in Respect of Total Costs to Completion:

In respect of total costs to completion, the auditor would perform the following audit procedures:

➧ Understanding of the Quantity Surveyor's Procedures: The auditor would gain an understanding of the quantity surveyor's procedures, methodologies, and assumptions used to prepare the schedules of total costs to completion.

➧ Testing Direct Costs Incurred: The auditor would examine supporting documentation for direct costs incurred to the balance sheet date, such as invoices, payment vouchers, and payroll records. This ensures the accuracy and completeness of direct cost amounts.

➧ Attributable Overheads Review: The auditor would review the allocation and calculation of attributable overheads to construction contracts. This involves assessing the appropriateness of the allocation base and the reasonableness of the overhead rates used.

➧ Analytical Procedures: The auditor would perform analytical procedures to assess the reasonableness of the estimated costs to completion. This may involve comparing the estimated costs with prior year data, industry benchmarks, and management's expectations.

➧ Inquiry and Confirmation: The auditor would inquire about the assumptions used in estimating costs to completion and confirm the completeness of contracts included in the schedules.

➧ Test of Key Contracts: The auditor would select a sample of key contracts and perform detailed substantive testing on direct costs and overheads to validate the accuracy of the quantity surveyor's calculations.

➧ Management Representation: The auditor would obtain a representation letter from management confirming the accuracy and completeness of the schedules of total costs to completion.

➧ Subsequent Events Review: The auditor would assess any subsequent events or developments that could impact the estimated costs to completion up to the date of the audit report.

More info

QUESTION 4(b)

Q Describe the audit work that you would carry out in respect of the following:

(i) Segment information
(ii) Transfer of shares.
(iii) Dividends.
A

Solution


(i) Segment Information:

Segment information refers to the financial reporting of an organization's operating segments, which are components of the organization that generate revenues and incur expenses independently. Auditors need to perform specific audit procedures to ensure the accuracy and completeness of segment information.

Some of the audit procedures that would be carried out:

➧ Understanding the Entity's Segments: The auditor would gain an understanding of the organization's operating segments, how they are identified, and how segment information is prepared and presented in the financial statements.

➧ Assessing Segment Identification and Aggregation Criteria: The auditor would evaluate the criteria used by management to identify and aggregate operating segments. This is to ensure that the segments are appropriately defined and consistent with accounting standards.

➧ Testing Segmental Data Accuracy: The auditor would select a sample of transactions and balances related to each segment and perform detailed substantive testing to verify the accuracy of segmental data.

➧ Analyzing Segment Profitability and Performance: The auditor would perform analytical procedures to assess the reasonableness of segmental profitability and performance metrics. This involves comparing current year segment results with prior years and industry benchmarks.

➧ Reviewing Segment Disclosures: The auditor would verify the adequacy and completeness of segment disclosure in the financial statements, ensuring that all required information is presented in accordance with accounting standards.

(ii) Transfer of Shares:

The transfer of shares involves the sale or transfer of ownership of shares from one party to another. For audit purposes, the transfer of shares may have implications on various aspects of the financial statements and equity section. Audit procedures related to the transfer of shares may include:

➧ Confirmation of Share Transactions: The auditor would confirm share transfers by obtaining share certificates, share registers, and other supporting documentation for significant share transactions.

➧ Review of Shareholder Agreements: The auditor would review any shareholder agreements or contracts related to share transfers to understand any restrictions or conditions that may impact the transactions.

➧ Assessment of Equity Transactions: The auditor would ensure that the share transfers are appropriately recorded in the equity section of the balance sheet and disclosed in the notes to the financial statements.

➧ Testing Completeness and Accuracy: The auditor would perform substantive testing to ensure that all share transfers, whether purchases or sales, have been recorded accurately and completely.

➧ Examination of Board Resolutions: The auditor would examine board resolutions or minutes to verify the approval and authorization of significant share transactions.

(iii) Dividends:

Dividends represent the distribution of profits to shareholders. The audit of dividends involves verifying the accuracy and appropriateness of dividend declarations.

Some of the audit procedures related to dividends:

➧ Confirming Dividend Declarations: The auditor would obtain board resolutions or minutes confirming the approval of dividend declarations.

➧ Testing Adequate Retained Earnings: The auditor would verify that there are sufficient retained earnings available to support the dividend distribution.

➧ Examining Dividend Payment Process: The auditor would assess the procedures in place for dividend payments, including verification of the payment amounts and the records of dividend recipients.

➧ Reviewing Legal Compliance: The auditor would ensure that dividend payments comply with legal requirements, such as company law and any restrictions imposed by regulatory authorities.

➧ Analytical Procedures: The auditor would perform analytical procedures to assess the appropriateness of the dividend amount declared, comparing it with historical dividend payments and the financial performance of the company.

More info

QUESTION 5(a)

Q Discuss the nature and purpose of the following audits;

(i) E-Commerce audits.
(ii) Value for money audits,
(iii) Social audits,
A

Solution


(i) E-Commerce Audits:

Nature: E-commerce audits focus on evaluating and ensuring the effectiveness, security, and compliance of an organization's e-commerce activities. E-commerce refers to business transactions conducted electronically over the internet, involving online sales, electronic payments, and digital interactions with customers, suppliers, and partners. The audit assesses various aspects of e-commerce, including website security, data privacy, transactional accuracy, and compliance with relevant laws and regulations.

➧ Purpose: The purpose of e-commerce audits is to provide assurance that the organization's e-commerce operations are reliable, secure, and aligned with best practices. These audits aim to identify potential risks and vulnerabilities in online transactions, protect customer data, and maintain the integrity of the e-commerce platform.

The objectives may include:

➫ Assessing the effectiveness of internal controls related to e-commerce operations.
➫ Verifying the accuracy and completeness of e-commerce transactions and associated financial records.
➫ Evaluating the security measures in place to protect customer information and sensitive data from cyber threats.
➫ Ensuring compliance with relevant laws and regulations, such as data protection and consumer rights.

(ii) Value for Money Audits:

➧ Nature: Value for money audits, also known as performance audits, focus on assessing the economy, efficiency, and effectiveness of an organization's programs, projects, or activities. These audits go beyond traditional financial audits and delve into the qualitative aspects of how resources are utilized and whether the desired outcomes are achieved. Value for money audits consider whether the benefits obtained are commensurate with the resources invested.

➧ Purpose: The purpose of value for money audits is to determine whether public or private organizations are achieving optimal results with their resources and to identify opportunities for improvement.

The objectives may include:

➫ Assessing the economy of resource use, i.e., whether resources are acquired at the best price.
➫ Evaluating the efficiency of resource utilization, i.e., whether resources are utilized to maximize output.
➫ Analyzing the effectiveness of programs or projects, i.e., whether the desired outcomes and objectives are being achieved.
➫ Identifying areas where cost savings or performance improvements can be made.
➫ Enhancing transparency and accountability in the use of public funds.

(iii) Social Audits:

➧ Nature: Social audits focus on evaluating an organization's social and ethical practices, including its impact on stakeholders, employees, communities, and the environment. These audits go beyond financial and operational aspects and examine the organization's social responsibility, corporate social responsibility (CSR) initiatives, and compliance with social and ethical standards.

➧ Purpose: The purpose of social audits is to assess and report on an organization's social performance and its commitment to ethical and sustainable practices.

The objectives may include:

➫ Assessing the organization's compliance with labor laws, environmental regulations, and other social standards.
➫ Evaluating the impact of the organization's operations on employees, communities, and the environment.
➫ Reviewing the organization's CSR initiatives, philanthropic activities, and contributions to social causes.
➫ Identifying areas for improvement in social and ethical practices and recommending corrective actions.
➫ Enhancing transparency and accountability in the organization's social responsibility efforts.

More info

QUESTION 5(b)

Q Discuss the practical challenges that professional bodies might face in trying to conduct audit quality assurance (AQA) activities in member audit firms.
A

Solution


➦ Conducting Audit Quality Assurance (AQA) activities in member audit firms can be challenging for professional bodies due to various practical considerations. These challenges may vary depending on the size of the audit firm, its geographical spread, and the regulatory environment in which it operates.

Here are some of the practical challenges that professional bodies might face:

➧ Independence and Objectivity: Maintaining independence and objectivity in the AQA process can be challenging. The professional body needs to ensure that the individuals involved in conducting AQA activities remain independent from the firms they are evaluating to avoid any conflicts of interest.

➧ Resource Constraints: Professional bodies might have limited resources to conduct AQA activities for a large number of member firms. Adequate staffing, funding, and time allocation for thorough reviews can be challenging, especially for smaller professional bodies.

➧ Geographical Coverage: In cases where audit firms have a global presence, conducting AQA across different jurisdictions can be complex. Overcoming geographical barriers and ensuring consistency in the AQA process can be difficult.

➧ Data Availability and Access: Access to confidential client information, audit workpapers, and proprietary systems of member audit firms is essential for conducting AQA effectively. Obtaining access to such data while respecting confidentiality and data privacy regulations can be challenging.

➧ Diverse Audit Practices: Audit firms may have diverse methodologies and practices, making it challenging to standardize the AQA process. Ensuring a consistent and objective assessment across different audit firms can be difficult.

➧ Regulatory Compliance: Professional bodies need to ensure that their AQA activities align with regulatory requirements and standards. Adhering to various regulatory frameworks across different jurisdictions can add complexity to the AQA process.

➧ Firm Cooperation: Gaining the full cooperation of audit firms during AQA activities is crucial for obtaining accurate assessments. Some firms may be reluctant to share information or may not be fully transparent during the review process.

➧ Feedback Management: Providing constructive feedback to member firms without causing defensiveness can be challenging. Professional bodies need to strike a balance between pointing out areas for improvement and maintaining positive relationships with audit firms.

➧ Frequency of Reviews: Determining the appropriate frequency of AQA reviews can be difficult. Professional bodies need to find a balance between conducting regular reviews and avoiding excessive burden on audit firms.

➧ Timely Reporting and Follow-up: Timely reporting of AQA findings and prompt follow-up on identified deficiencies are essential for improving audit quality. Ensuring that actions are taken to address deficiencies may require coordination and monitoring.

➧ Continuous Improvement: Professional bodies need to continuously enhance their AQA processes to adapt to changes in auditing standards, emerging risks, and evolving best practices.

More info

QUESTION 5(c)

Q Identify the practical steps that auditors might take to ensure independence and objectivity in their work
A

Solution


➫ Maintain Professional Skepticism: Auditors should maintain a skeptical mindset throughout the audit process, challenging assumptions, and critically evaluating evidence. Avoiding undue reliance on management representations and seeking corroborative evidence helps maintain objectivity.

➫ Comply with Independence Standards: Auditors should adhere to relevant independence standards and regulations, such as those issued by professional bodies and regulatory authorities. These standards provide guidance on relationships and activities that may impair independence.

➫ Avoid Conflicts of Interest: Auditors should identify and address potential conflicts of interest that could compromise independence. This includes evaluating financial interests, relationships, and affiliations with the audited entity or its personnel.

➫ Rotate Audit Partners and Staff: Periodically rotating audit partners and key audit staff can help prevent long-term relationships with the client, reducing familiarity threats to independence.

➫ Establish Independence Policies: Audit firms should have clear and comprehensive independence policies in place. These policies should provide guidelines on issues such as financial interests, gifts and hospitality, and employment of former employees of the client.

➫ Conduct Independence Assessments: Regularly assess and document compliance with independence policies and standards. These assessments should be performed at the individual auditor and engagement level.

➫ Decline Non-Audit Services that Threaten Independence: Auditors should carefully evaluate non-audit services offered to the client and decline those that could impair independence or create self-review threats.

➫ Educate and Train Staff: Ongoing education and training on independence and ethical principles are crucial for reinforcing the importance of independence and equipping auditors to handle challenging situations.

➫ Establish Whistleblower Mechanisms: Audit firms should have mechanisms in place for auditors and staff to report concerns related to independence without fear of retaliation.

➫ Monitor and Review Independence: Establish an internal review process to monitor compliance with independence policies and assess the effectiveness of measures taken to ensure independence.

➫ Engage External Quality Reviewers: Engaging external quality reviewers to assess the firm's independence procedures and controls can provide an independent perspective and valuable feedback.

➫ Promote a Culture of Independence: Fostering a culture that values and emphasizes independence and objectivity helps embed these principles in the firm's operations and decision-making.

More info

Comments on CPA past papers with answers:

New Unlock your potential with focused revision and soar towards success
Pass Kasneb Certification Exams Easily

Comments on:

CPA past papers with answers