CPA
Intermediate Leval
Auditing and Assurance May 2017
Suggested solutions

Internal auditors primary responsibilities and roles typically include:

• Risk Assessment: Identifying and evaluating the organization's risks, both operational and strategic. This involves assessing the likelihood and impact of various risks on the organization's objectives.
• Internal Control Evaluation: Reviewing and testing internal controls to ensure they are designed effectively and operating as intended. This helps prevent and detect errors, fraud, and non-compliance with policies and regulations.
• Compliance Auditing: Ensuring that the organization complies with applicable laws, regulations, and internal policies. Internal audit staff verify that the organization follows legal and regulatory requirements in its operations.
• Operational Auditing: Evaluating the efficiency and effectiveness of operational processes and procedures. This includes reviewing activities in various departments to identify opportunities for improvement.
• Financial Auditing: Reviewing financial statements and transactions to ensure the accuracy and integrity of financial reporting. This is essential for maintaining the trust of stakeholders.
• Fraud Detection and Prevention: Investigating allegations of fraud and implementing measures to prevent fraud. Internal audit staff can play a key role in identifying and mitigating fraud risks.
• Information Technology (IT) Auditing: Assessing the organization's IT systems, including data security, information systems, and IT governance. This role is becoming increasingly important in the digital age.
• Performance Auditing: Evaluating the efficiency and effectiveness of programs, projects, and initiatives to determine if they are achieving their intended outcomes.
• Operational Efficiency and Cost Management: Identifying cost-saving opportunities and areas where operational efficiency can be improved.
• Reporting and Communication: Preparing and presenting audit findings and recommendations to senior management and those charged with governance. Effective communication is crucial to ensure that audit results are understood and acted upon.
• Continuous Monitoring and Follow-Up: Ongoing monitoring of key controls and risk areas and ensuring that management takes action on audit recommendations. Internal audit staff often follow up to confirm that corrective actions have been implemented.
• Advisory Services: Providing advisory services to management to help them improve internal controls, mitigate risks, and enhance processes and operations. This role involves being a trusted advisor to the organization.
• Education and Training: Promoting a culture of awareness and understanding of internal controls and risk management throughout the organization. This includes conducting training programs for staff.
• Quality Assurance and Improvement: Ensuring that the internal audit function operates effectively and efficiently. This involves conducting periodic quality assessments and making necessary improvements to the internal audit process.
• Ethical and Whistleblower Support: Providing guidance and support to employees who wish to report ethical concerns or wrongdoing within the organization.

The key capabilities and competencies as espoused in ISA 220:

• Ethical Requirements: The engagement team is expected to have a clear understanding of and comply with relevant ethical requirements. This includes independence, integrity, objectivity, professional skepticism, and a commitment to act in the best interest of the public and stakeholders.
• Professional Competence and Due Care: Engagement team members should possess the necessary technical knowledge and skills to perform their roles effectively. This includes staying current with developments in auditing and accounting standards. The team is also expected to exercise due professional care throughout the audit process.
• Independence and Objectivity: Team members should be independent both in fact and appearance. They should have the ability to make impartial judgments and decisions and not be influenced by conflicts of interest or undue external pressures.
• Audit Team Leadership: For those in leadership roles, there is an expectation of strong leadership capabilities. This includes the ability to set the tone for the audit, establish the audit strategy, and provide guidance to team members.
• Communication Skills: Effective communication is vital in the engagement team. Team members should be able to communicate clearly, both within the team and with management, those charged with governance, and external stakeholders.
• Professional Judgment: Audit professionals need the ability to exercise professional judgment in various aspects of the audit, such as materiality assessment, risk assessment, and evaluating audit evidence.
• Teamwork and Collaboration: The audit process often involves collaboration among team members, including specialists, to address complex issues. Effective teamwork is essential for conducting a successful audit.
• Risk Assessment and Response: The engagement team must have the capability to identify and assess risks of material misstatement, develop appropriate responses to those risks, and adapt the audit plan as needed.
• Audit Documentation: Team members are expected to have strong skills in maintaining thorough and well-organized audit documentation. This is essential for ensuring the audit's quality and for facilitating inspections and reviews.
• Continual Professional Development: Engagement team members should commit to ongoing professional development to stay up-to-date with changes in auditing standards, industry developments, and regulatory requirements.
• Data Analytics and Technology Competence: With the increasing use of data analytics and technology in audits, the engagement team should have the ability to leverage these tools effectively to enhance the audit process and identify unusual patterns or anomalies.
• Time Management and Efficiency: Efficient time management skills are crucial to complete audit procedures within the allocated time frame and budget.

Here are several benefits of this communication:

• Enhanced Understanding of Audit Process: Auditors can explain the scope and objectives of the audit to those charged with governance, helping them understand the audit process and what to expect.
• Clarity on Roles and Responsibilities: Clear communication ensures that both auditors and those charged with governance are aware of their respective roles and responsibilities, reducing the risk of misunderstandings.
• Identification of Key Risks: Auditors can discuss key risks and potential challenges with governance, allowing them to provide insights and additional information that may be vital to the audit.
• Efficient and Effective Audit Process: Communication can lead to a more efficient and effective audit as governance can provide access to necessary information and personnel, making the audit process smoother.
• Timely Resolution of Issues: Any issues or questions that arise during the audit can be addressed promptly, preventing delays and ensuring a timely audit completion.
• Disclosure of Relevant Information: Governance may possess knowledge of significant events, transactions, or risks that should be disclosed in the financial statements or related disclosures. Their input helps ensure completeness and accuracy.
• Confirmation of Compliance and Ethics: Communication enables governance to confirm that the company complies with relevant laws and regulations and adheres to ethical standards, which can be critical for the audit.
• Support in Fraud Detection and Prevention: Governance can help auditors understand the company's internal control systems and may provide insights into fraud prevention and detection measures.
• Independence Confirmation: Governance can confirm the auditors' independence and objectivity, which is vital for maintaining the integrity and credibility of the audit.
• Early Warning for Material Concerns: Governance can raise concerns about material issues that may affect the company's financial statements, allowing auditors to address these issues in their audit.
• Feedback for Improvement: Communication can provide an opportunity for auditors to receive feedback from governance on the audit process, which can lead to improvements in future audits.
• Enhanced Trust and Confidence: Open and transparent communication fosters trust and confidence between auditors and governance, reinforcing the credibility of the audit process and the financial statements.
• Alignment with Strategic Goals: Governance can share the company's strategic goals and objectives, helping auditors align their audit procedures with the organization's priorities.
• Improved Risk Management: Governance can provide insights into the company's risk management processes, which can inform the audit approach and help identify areas of concern.
• Transparency and Accountability: Communication promotes transparency and accountability, which is essential in maintaining public trust and ensuring that the audit process serves the interests of stakeholders.

(ii) Contingent Liability:

A "contingent liability" is a potential liability that may or may not become an actual liability, depending on the occurrence of a specific future event. These potential obligations arise from past events but their existence and amount are uncertain. Contingent liabilities are disclosed in the financial statements when they are considered probable and the amount can be reasonably estimated. If a contingent liability is considered possible but not probable, it may be disclosed in the notes to the financial statements.

(iii) Audit Committee:

An "audit committee" is a subcommittee of a company's board of directors or governing body, typically composed of independent directors or members who are not involved in the day-to-day management of the company. The primary role of the audit committee is to oversee and monitor the financial reporting process, internal controls, and the external audit. They work to ensure the integrity and accuracy of the financial statements, compliance with laws and regulations, and the effectiveness of the internal audit and external audit functions. Audit committees play a critical role in maintaining transparency and accountability in corporate governance.

(iv) Assurance Engagement Risk:

"Assurance engagement risk" refers to the level of risk that the auditor or assurance provider accepts when performing an assurance engagement. It encompasses the possibility that the assurance provider may issue an incorrect report or conclusion, and that the report may not detect a material misstatement in the information being assured. Assurance engagement risk is inherent in the nature of assurance services and must be managed through proper planning, risk assessment, and audit procedures to reduce it to an acceptable level.

Factors that might influence the decision:

• Legal Requirements: Legal regulations and requirements specific to the jurisdiction where the subsidiary operates may mandate a separate engagement letter. Compliance with local laws and regulations is crucial.
• Distinct Legal Entity: If the subsidiary is a separate legal entity, it might be advisable to have a separate engagement letter. This clarifies the scope of services, responsibilities, and liabilities between the parent company and the subsidiary.
• Independent Operations: If the subsidiary operates independently, has its own management, and conducts its business autonomously, a separate engagement letter could be appropriate to address its unique needs.
• Different Services: If the services provided to the subsidiary differ significantly from those provided to the parent company, it may make sense to have a separate engagement letter outlining the specific services rendered to the subsidiary.
• Confidentiality: If the subsidiary's financial or operational information needs to be kept confidential from the parent company, a separate engagement letter can address confidentiality clauses specific to the subsidiary.
• Conflict of Interest: If there is a potential conflict of interest between the parent company and the subsidiary, having separate engagement letters can help in clearly defining the boundaries and avoiding conflicts.
• Financial Reporting Requirements: Different financial reporting requirements for the parent company and the subsidiary might necessitate separate engagement letters to ensure compliance with specific accounting standards.
• Insurance Purposes: Some professional liability insurance policies may require separate engagement letters for subsidiaries to provide coverage for services rendered to those entities.
• Client Expectations: If the subsidiary or the parent company has specific expectations regarding the engagement terms, a separate engagement letter might be necessary to address these expectations explicitly.
• Clarity and Transparency: Having separate engagement letters can provide clarity and transparency to all parties involved, outlining the specific obligations, services, and terms applicable to the subsidiary.
• Risk Management: From a risk management perspective, clearly defining the engagement terms with each entity (parent and subsidiary) can help manage risks associated with misunderstandings, disputes, or legal issues in the future.

Factors for Sending a New Engagement Letter in a Recurring Audit for Baraka Ltd.:

• Change in Key Personnel: If there have been significant changes in key personnel on the client side or within the audit team, it's advisable to issue a new engagement letter to ensure everyone is aligned on the terms and responsibilities.
• Change in Scope: If there has been a substantial change in the audit scope, objectives, or procedures from the previous year, a new engagement letter should be issued to reflect the updated scope.
• New Regulations or Standards: If there have been changes in accounting, auditing, or regulatory standards that impact the audit, a new engagement letter should incorporate these changes.
• Material Changes in the Business: Significant changes in the client's business operations, structure, or financial condition may require a new engagement letter to reflect the current circumstances.
• Client's Request: If the client requests a new engagement letter or specific revisions to the existing one, it's essential to accommodate their preferences and issue an updated engagement letter.
• Changes in Risk Profile: If there has been a material change in the client's risk profile or significant developments that affect audit risk assessment, a new engagement letter should address these factors.
• Long Time Gap: In cases where a substantial amount of time has passed since the previous engagement letter, it's prudent to issue a new one to reaffirm the terms and expectations for the audit.
• Enhanced Services: If the client requests additional services beyond the standard audit, a new engagement letter should clearly outline these services and their terms.
• Legal or Regulatory Changes: Changes in local laws or regulations that impact the audit may necessitate a new engagement letter to ensure compliance.

Factors to consider when designing an internal control system:

• Risk Assessment: Understand and assess the organization's risks, both internal and external. Identify areas where errors, fraud, or mismanagement are most likely to occur. This is the foundation for designing control measures.
• Clear Objectives: Clearly define the objectives of the internal control system. What are the specific goals you want to achieve, such as fraud prevention, accurate financial reporting, or operational efficiency?
• Segregation of Duties: Implement a system where responsibilities are divided among different individuals or departments to prevent any single person from having too much control or access. This reduces the risk of fraud and errors.
• Written Policies and Procedures: Develop and document written policies and procedures that outline how tasks should be performed and how controls should be executed. Ensure that employees understand and follow these guidelines.
• Authorization Levels: Define authorization levels for different transactions, expenditures, and access to information. Only authorized personnel should have the power to make certain decisions or access specific data.
• Physical Safeguards: Secure physical assets and sensitive information with measures such as locks, security systems, and restricted access areas.
• IT Controls: Implement strong IT controls, including firewalls, encryption, and access controls, to protect digital assets, data, and systems.
• Auditing and Monitoring: Regularly monitor and audit transactions, processes, and controls to detect any anomalies, errors, or unusual activities. Use tools such as data analytics to identify patterns and anomalies.
• Management Oversight: Ensure that there is appropriate oversight from management and governing bodies. This includes regular reviews and assessments of the control system's effectiveness.
• Employee Training: Provide training to employees about their roles, responsibilities, and the importance of following internal controls. Make sure they understand the consequences of non-compliance.
• Whistleblower Mechanism: Establish a confidential mechanism that allows employees to report suspicious activities or concerns without fear of retaliation.
• Segregation of Recordkeeping: Separate recordkeeping and custody of assets to prevent unauthorized alterations or theft of assets.
• Change Management: Develop procedures for managing changes in processes, systems, or personnel to ensure that internal controls are updated as needed.
• Documentation and Record-Keeping: Maintain comprehensive records of all transactions, decisions, and control activities. These records serve as evidence of compliance and effectiveness.
• Compliance with Regulations: Ensure that the internal control system aligns with legal and regulatory requirements relevant to the industry and geographic location of the organization.
• Continuous Improvement: Regularly review and enhance the internal control system based on changing risks and circumstances. Learn from past incidents and improve controls accordingly.
• Cost-Benefit Analysis: Consider the cost of implementing controls versus the potential benefits and risks mitigated. Not all controls are cost-effective, so prioritize those with the most significant impact.
• Crisis Management: Develop a crisis management plan to address situations that could disrupt operations or compromise controls, such as natural disasters or cyberattacks.
• Board and Management Reporting: Establish reporting mechanisms to inform the board of directors and senior management about the effectiveness of internal controls and any areas of concern.
• Independence and Objectivity: Ensure that those responsible for designing, implementing, and monitoring controls maintain independence and objectivity in their roles.

Definitions

Operational Audit:

An operational audit is an examination and assessment of an organization's operations, processes, and procedures to evaluate their efficiency, effectiveness, and adherence to organizational policies and objectives. It focuses on non-financial aspects of an organization, such as its internal processes, management of resources, and achievement of operational goals. The primary goal of an operational audit is to provide recommendations for improving operational efficiency and effectiveness.

Financial Audit:

A financial audit, often referred to as an external audit, is an examination of an organization's financial statements and accounting records by an independent auditor to determine whether they accurately represent the financial position and performance of the entity. The primary objectives of a financial audit are to provide an opinion on the fairness of the financial statements, detect material misstatements, and ensure compliance with accounting standards and regulatory requirements.

Agreed Upon Procedures Engagement:

An agreed upon procedures engagement is an audit-like engagement in which an auditor performs specific procedures agreed upon by the client and other interested parties to provide a report that details the findings. The procedures can be tailored to address specific financial or non-financial aspects of an organization. The report typically includes the results of the agreed-upon procedures without expressing an opinion or conclusion, leaving the interpretation of the findings to the user of the report. This type of engagement is often used when there is a need for specific, detailed examinations or verification of certain aspects of an organization's operations.

Positive Assurance:

Positive assurance, in the context of auditing, refers to a type of audit opinion that provides a clear statement of assurance that the financial statements or other information being audited are free from material misstatements and are presented fairly in accordance with applicable accounting standards or criteria. A positive assurance opinion is typically expressed using language like "in our opinion, the financial statements present fairly, in all material respects." It conveys a high level of confidence in the accuracy and reliability of the information being audited.

External auditor responsibilities in relation to fraud include:

• Understanding and Assessing Fraud Risks: The auditor is responsible for understanding the entity's environment, including its industry, operations, and internal control systems, to assess the risk of fraud. This involves identifying potential risk factors and considering where and how fraud might occur.
• Professional Skepticism: Auditors are required to maintain a skeptical attitude throughout the audit. This means they should critically assess the information provided and not readily accept explanations or documents without proper verification. Professional skepticism helps auditors identify red flags and potential fraud indicators.
• Fraud Risk Assessment: The auditor should perform a risk assessment specifically focused on fraud risks. This includes assessing the susceptibility of the financial statements to material misstatements due to fraud and considering the different ways fraud can be perpetrated.
• Internal Control Evaluation: The auditor assesses the adequacy and effectiveness of the organization's internal control systems. Weak internal controls can increase the risk of fraud. Auditors will look for control deficiencies that may allow fraud to occur and may design audit procedures to address these deficiencies.
• Testing Controls and Transactions: Auditors perform substantive testing, including tests of details and substantive analytical procedures, to detect material misstatements due to fraud. These tests are designed to provide reasonable assurance that fraud is not present in the financial statements.
• Professional Judgment and Skepticism in Testing: When performing substantive tests, auditors exercise professional judgment and skepticism to identify unusual or unexpected transactions, patterns, or inconsistencies that could indicate fraud.
• Use of Data Analytics: Auditors may use data analytics techniques to analyze large volumes of data to identify anomalies, patterns, or outliers that could be indicative of fraudulent activity.
• Communication and Reporting: If the auditor discovers evidence of fraud, they have a responsibility to communicate this to management and, in some cases, the board of directors or audit committee. Depending on the severity, the auditor may also need to report to regulatory authorities or law enforcement.
• Documentation: Comprehensive documentation of the audit process, including procedures performed and evidence obtained, is crucial. This documentation provides transparency and evidence of the auditor's work in relation to fraud detection and prevention.
• Maintaining Independence and Objectivity: Auditors must maintain independence and objectivity when performing their duties. This includes being free from conflicts of interest and external pressures that could compromise their ability to detect and report fraud.
• Continuous Professional Development: Auditors should stay updated on the latest fraud detection techniques and emerging fraud schemes. Continuous professional development ensures that auditors are equipped with the necessary knowledge and skills to combat evolving fraud risks.
• Whistleblower Reporting: Auditors should be aware of and provide guidance on whistleblower reporting mechanisms within the organization. These mechanisms can help in the early detection of fraud and misconduct.

(ii) Unqualified opinion with an Exception - Debtors Misstatement:

Opinion: The financial statements receive an unqualified opinion, except for the misstatement in the debtors' accounts, which the auditor brings to attention.

(iii) Adverse opinion - Widespread Impact of Depreciation Omission:

Opinion: An adverse opinion is given because the omission of depreciation has a significant and pervasive impact on the financial statements.

(iv) Unqualified opinion - Minimal Chance of Legal Suit Success:

Opinion: The financial statements receive an unqualified opinion because the likelihood of the legal case succeeding is deemed to be minimal.

Factors that can impact the extent of substantive tests in an audit:

• Nature of the Client's Business: The type of industry and business operations can significantly affect the extent of substantive tests.
• Inherent Risks: Inherent risks relate to the susceptibility of financial statement accounts to material misstatement.
• Control Environment: The effectiveness of the client's internal controls plays a crucial role.
• Materiality Threshold: The materiality threshold set by auditors and the client's management influences the extent of substantive testing.
• Audit Objectives: The specific objectives of the audit can affect the extent of substantive tests.
• Risk Assessment: The auditor's risk assessment process is crucial.
• Sampling Methods: The choice of sampling methods can influence the extent of substantive testing.
• Audit Resources: The availability of audit resources, including time, personnel, and budget, impacts the extent of substantive testing.
• Audit Technology: The use of audit technology and data analytics tools can improve the efficiency and effectiveness of substantive testing.
• Legal and Regulatory Requirements: Legal and regulatory requirements specific to the client's industry may necessitate extensive testing.
• Client's Accounting Policies: The complexity of the client's accounting policies and the use of estimates or fair value measurements can impact the extent of substantive testing.
• Prior Audit History: The results of previous audits can influence the extent of substantive tests.
• Quality of Client's Documentation: The quality and completeness of the client's documentation can affect the extent of substantive testing.

Substantive procedures that an auditor might perform on year-end trade payables:

• Vouching Invoices: Select a sample of trade payables from the accounts payable ledger and vouch these to the corresponding vendor invoices.
• Confirmations: Send confirmation requests to a sample of vendors to verify the accuracy and existence of trade payables.
• Analysis of Aged Payables: Review the aged accounts payable listing to assess the aging of payables.
• Reconciliation to Vendor Statements: Reconcile the trade payables ledger to vendor statements, especially for major vendors.
• Testing Cut-off Procedures: Examine invoices received after the balance sheet date to confirm that they are recorded as liabilities in the correct period.
• Review of Unusual Transactions: Investigate any unusual or large transactions, credits, or adjustments in the accounts payable ledger.
• Analytical Procedures: Perform analytical procedures to identify any significant fluctuations or anomalies in the accounts payable balances.
• Review of Purchase Orders and Receiving Reports: Examine supporting documents such as purchase orders, receiving reports, and vendor invoices to ensure the goods or services were actually received.
• Recalculation of Accruals: Recalculate any accrued expenses related to trade payables to confirm the accuracy of the recorded liabilities.
• Review of Terms and Conditions: Evaluate the terms and conditions of outstanding liabilities.
• Review of Correspondence and Contracts: Examine vendor correspondence and contracts to confirm the terms of trade.
• Subsequent Payments: Verify subsequent payments made after the year-end to ensure they are properly accounted for as year-end trade payables.
• Assessment of Estimates: Assess the reasonableness of any estimated liabilities within the trade payables.
• Evaluation of Legal Obligations: Investigate any potential legal obligations.
• Review of Documentation and Workpapers: Ensure that all supporting documentation, workpapers, and audit trails are properly maintained and documented for audit evidence.