Guaranteed

95.5% Pass Rate

CPA
Intermediate Leval
Auditing and Assurance September 2021
Suggested solutions

Audit and assurance
Revision Kit

QUESTION 1(a)

Q Controls in an entity's information technology system may consist of a combination of automated controls and manual controls.

Required:
(i) Evaluate eight risks that automated controls pose to an entity's internal control system.

(ii) Analyse four circumstances in which manual controls may be more suitable for use in an entity.
A

Solution


Risks of Automated Controls


  1. Technology Failure: Automated controls are susceptible to technical glitches, system crashes, or software bugs.
  2. Unauthorized Access: Hackers may exploit vulnerabilities in automated systems, leading to unauthorized access and potential data breaches.
  3. Data Integrity Issues: Automated controls may face challenges in ensuring the accuracy and completeness of data, risking errors in financial reporting.
  4. Dependency on IT Personnel: Reliance on specialized IT skills can be a risk if there is a shortage of qualified personnel or a high turnover rate.
  5. Software Updates: Failure to timely implement software updates and patches may expose the system to security vulnerabilities.
  6. Insufficient Testing: Inadequate testing of automated controls can result in undiscovered weaknesses or errors in the control processes.
  7. Inadequate User Training: Users may lack the necessary skills and knowledge to effectively use and monitor automated controls.
  8. Data Interoperability: Compatibility issues between different systems may lead to data integration problems and compromise control effectiveness.
  9. False Positives/Negatives: Automated controls may generate false alerts (false positives) or fail to detect actual issues (false negatives).
  10. Complacency: Overreliance on automated controls may result in complacency, leading to a lack of attention to potential risks.

Circumstances for Manual Controls


  1. Complex Judgment: Situations requiring nuanced decision-making or complex judgment may be better handled by human evaluators.
  2. Changing Environment: In dynamic and rapidly changing environments, manual controls allow for more flexibility and adaptability.
  3. Small Scale Operations: For small-scale operations, manual controls can be more cost-effective and practical than implementing complex automated systems.
  4. New or Custom Processes: Manual controls are often more suitable when dealing with new or customized processes that lack automation solutions.
  5. Regulatory Compliance: In some cases, regulatory requirements may demand human involvement to ensure compliance and proper documentation.
  6. Employee Collaboration: Situations requiring collaboration, communication, and interpersonal skills are better managed through manual controls.
  7. Resource Constraints: Organizations with limited resources may find manual controls more feasible than investing in expensive automated solutions.
  8. Exception Handling: Manual controls are preferable when dealing with exceptional or non-routine situations that automated systems may struggle to address.
  9. Training and Education: Manual controls can be beneficial for training purposes, allowing employees to understand the intricacies of control processes.
  10. Continuous Monitoring: Human oversight is crucial for continuous monitoring, especially in situations where automated systems may not provide real-time feedback.

More info

QUESTION 1(b)

Q Examine six factors that might be taken into consideration by an audit engagement team when determining the extent of tests of control to be performed.
A

Solution


Factors in Determining the Extent of Tests of Control


When conducting an audit, the engagement team considers various factors to determine the extent of tests of control. These factors help in assessing the reliability of internal controls and designing an effective audit strategy:

  1. Control Environment: Evaluate the overall control environment, including management's commitment to integrity and ethical values.
  2. Complexity of Transactions: Assess the complexity of the entity's transactions to determine the extent of control testing required for accuracy and completeness.
  3. Information System: Consider the effectiveness and reliability of the information system, including data processing controls and security measures.
  4. Management's Risk Assessment: Understand how management identifies and assesses risks, as it influences the design and operation of internal controls.
  5. Changes in Internal Controls: Take into account any recent changes in internal controls to ensure that the audit procedures remain relevant and effective.
  6. Size and Composition of the Population: Consider the size and composition of the population being tested, as larger or more diverse populations may require more extensive testing.
  7. Frequency of Transactions: Assess the frequency of transactions to determine the likelihood of errors or irregularities occurring and the corresponding need for testing.
  8. Effectiveness of Previous Controls: Consider the effectiveness of controls identified in previous audits, as this may impact the extent of testing required in the current period.
  9. Presence of Manual Overrides: Evaluate the existence and appropriateness of manual overrides within the system, as they may introduce additional risks that need to be tested.
  10. External Factors: Take external factors, such as changes in economic conditions or industry regulations, into account when assessing the risk environment and designing control tests.


More info

QUESTION 1(c)

Q Highlight two features of a non-statutory audit.
A

Solution


Features of a Non-Statutory Audit


A non-statutory audit is conducted voluntarily by an organization, and it is not legally required. Below are some key features of a non-statutory audit:

  • Voluntary Nature: Non-statutory audits are not mandated by law or regulatory authorities; rather, they are initiated voluntarily by the organization.
  • Management's Decision: The decision to undertake a non-statutory audit is made by the management or stakeholders of the organization based on their internal needs and objectives.
  • Scope Flexibility: The scope of a non-statutory audit can be tailored to specific areas or objectives that the organization wishes to examine, providing flexibility in the audit process.
  • Objective Alignment: Non-statutory audits are often aligned with specific organizational objectives, such as improving internal controls, assessing financial performance, or ensuring compliance with internal policies.
  • Customized Procedures: Audit procedures in a non-statutory audit can be customized to address the unique risks and circumstances of the organization, allowing for a more tailored approach.
  • Frequency Determined by Stakeholders: The frequency of non-statutory audits is determined by the organization's stakeholders, and it may vary based on business needs, industry practices, or specific events.
  • Internal and External Auditors: Non-statutory audits can be conducted by internal audit teams, external audit firms, or a combination of both, depending on the organization's preferences and resources.
  • Emphasis on Value Addition: Besides regulatory compliance, non-statutory audits often focus on providing value to the organization by offering insights, recommendations, and improvement opportunities.
  • Less Formal Reporting: Reporting requirements for non-statutory audits are generally less formal compared to statutory audits, allowing for more flexibility in communication and documentation.
  • Continuous Improvement: Non-statutory audits contribute to the organization's continuous improvement efforts by identifying areas for enhancement and supporting informed decision-making.

More info

QUESTION 2(a)

Q Distinguish between "reasonable assurance engagement" and "limited assurance engagement".
A

Solution


Distinction: Reasonable Assurance vs. Limited Assurance Engagement


When it comes to assurance engagements, there are two primary levels of assurance provided by auditors: reasonable assurance and limited assurance. Here's a distinction between the two:

  • Reasonable Assurance Engagement:
    • Characterized by a high level of assurance provided by auditors.
    • Objective: To obtain enough evidence to express a positive and high level of confidence in the reliability of the financial statements or information under review.
    • Extensive Procedures: Involves a comprehensive set of audit procedures, including testing, verification, and analysis, to provide a thorough evaluation of the subject matter.
    • Communication: The auditor expresses a positive opinion, affirming that, based on the audit procedures performed, the financial statements are free from material misstatements.
    • Typically associated with statutory audits and audits of public companies.

  • Limited Assurance Engagement:
    • Characterized by a moderate level of assurance provided by auditors.
    • Objective: To obtain a moderate level of confidence that there are no material misstatements in the financial statements or information under review.
    • Limited Procedures: Involves a more focused and restricted set of audit procedures compared to reasonable assurance engagements.
    • Communication: The auditor provides a conclusion expressing limited assurance, indicating that, based on the procedures performed, nothing has come to their attention that suggests material misstatements in the financial statements.
    • Common in review engagements, where the scope is narrower compared to a full audit.

More info

QUESTION 2(b)

Q International Standard on Auditing (ISA) 705, "Modifications to the Opinion in the independent Auditor's Report", sets out the different types of modified opinions.

Required:
With reference to the above Standard, discuss three ways in which an auditor's opinion may be modified
A

Solution


ISA 705: Modifications to the Auditor's Opinion


International Standard on Auditing (ISA) 705 outlines various circumstances under which an auditor may need to modify their opinion in the independent auditor's report. Here are three ways in which an auditor's opinion may be modified:

  1. Qualified Opinion:

    A qualified opinion is issued when the auditor concludes that, overall, the financial statements are fairly presented, with the exception of a specific matter. The qualification specifies the nature and extent of the departure from the applicable financial reporting framework.

  2. Adverse Opinion:

    An adverse opinion is issued when the auditor determines that the overall financial statements are not fairly presented. This type of modification is appropriate when the misstatements, individually or in aggregate, are both material and pervasive, meaning they affect the users' understanding of the financial statements as a whole.

  3. Disclaimer of Opinion:

    A disclaimer of opinion is issued when the auditor is unable to obtain sufficient appropriate audit evidence and is, therefore, unable to express an opinion on the overall fairness of the financial statements. This may occur due to significant limitations in the scope of the audit, such as the inability to confirm certain balances or transactions.


These modifications provide a clear indication to financial statement users about the auditor's assessment of the reliability and fairness of the information presented in the financial statements.

More info

QUESTION 2(c)

Q (i) Define the term "going concern" as per International Standard on Auditing (ISA) 570, "Going Concern".

(ii) Propose four responsibilities of auditors with respect to going concern.
A

Solution


(i) Definition of "Going Concern" as per ISA 570


According to International Standard on Auditing (ISA) 570, "Going Concern," the term "going concern" refers to the assumption that the entity will continue its operations for the foreseeable future. The foreseeable future is typically considered to be at least 12 months from the end of the reporting period. The going concern assumption is fundamental in the preparation of financial statements, as it implies that the entity will be able to realize its assets, discharge its liabilities, and conduct its normal business activities.

(ii) Responsibilities of Auditors Regarding Going Concern


Auditors have specific responsibilities outlined in ISA 570 with respect to going concern. These responsibilities include:


  1. Evaluation of Management's Assessment:

    Assessing the appropriateness of management's assessment of the entity's ability to continue as a going concern and considering the supporting evidence provided by management.

  2. Evaluation of Disclosures:

    Evaluating the adequacy of the disclosure in the financial statements related to management's use of the going concern assumption, including the presence of any material uncertainties.

  3. Assessment of Financial Support:

    Considering any plans or actions taken by management to mitigate identified risks and assessing the adequacy of financial support available to the entity.

  4. Consideration of Events and Conditions:

    Identifying and evaluating events or conditions that may cast significant doubt on the entity's ability to continue as a going concern, both at the time of the audit and up to the date of the auditor's report.

  5. Reporting:

    If the auditor concludes that there is a material uncertainty related to going concern and adequate disclosures are not provided in the financial statements, the auditor should express a qualified or adverse opinion, depending on the severity of the situation.




More info

QUESTION 2(d)

Q Describe four ways an internal audit function of a government entity would achieve independence in conduct of its functions in relation to the Internal Audit Guidelines for National Government Entities in your country.
A

Solution


Achieving Independence in Internal Audit Functions


The independence of an internal audit function within a government entity is crucial for ensuring objectivity, credibility, and the ability to provide unbiased assessments. The Internal Audit Guidelines for National Government Entities typically recommend the following ways to achieve independence:

  • Reporting Line:

    Ensure that the Chief Internal Auditor or Head of Internal Audit reports directly to the highest governance body, such as the board, audit committee, or an equivalent oversight body. This helps prevent undue influence from management and ensures independence in reporting.

  • Organizational Structure:

    Establish a clear organizational structure for the internal audit function that promotes independence. This may involve avoiding dual-hatting arrangements where internal auditors have conflicting responsibilities that compromise their independence.

  • Appointment and Removal:

    Ensure that the appointment and removal of the Chief Internal Auditor are conducted through a transparent and independent process, with involvement from the governance body. This reduces the risk of interference from management in the internal audit function.

  • Professional Standards and Code of Ethics:

    Adhere to professional standards and a code of ethics relevant to internal auditing. This includes compliance with international standards, such as those established by The Institute of Internal Auditors (IIA), to ensure the integrity and objectivity of the internal audit function.

  • Access to Information:

    Ensure unrestricted access to information, records, personnel, and assets necessary for the performance of internal audit activities. Independence is enhanced when internal auditors have the authority to access all relevant information without hindrance.

  • Communication Channels:

    Establish direct communication channels between the internal audit function and the governance body. This includes regular reporting and direct interaction to convey audit findings, recommendations, and any significant issues affecting the entity's governance, risk management, and control processes.

  • Resource Allocation:

    Ensure adequate resources, both in terms of staffing and budget, for the internal audit function. Sufficient resources are essential for the function to operate independently and effectively carry out its responsibilities.

  • Whistleblower Protection:

    Implement mechanisms to protect whistleblowers who report concerns related to the internal audit function. This encourages a culture of openness and helps prevent retaliation against individuals raising valid concerns.

  • Continuous Professional Development:

    Encourage continuous professional development for internal auditors to enhance their skills, knowledge, and competence. This ensures that the internal audit function remains current and capable of delivering high-quality, independent assessments.

  • External Quality Assessments:

    Conduct periodic external quality assessments of the internal audit function. External assessments provide an independent evaluation of the function's conformance with standards and its overall effectiveness.




More info

QUESTION 3(a)

Q International Standard on Auditing (ISA) 315, "Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment"; requires the auditor to perform risk assessment procedures which include obtaining an understanding of the entity and its environment, including its internal controls.

Required:
(i) Explain the purpose of risk assessment procedures.

(ii) Propose four sources of audit evidence the auditor might use as part of risk assessment procedures
A

Solution


(i) Purpose of Risk Assessment Procedures


International Standard on Auditing (ISA) 315 emphasizes the importance of risk assessment procedures in the audit process. The purpose of risk assessment procedures is to enable the auditor to:

  1. Understand the Entity and Its Environment:

    Gain a comprehensive understanding of the entity, including its industry, operations, regulatory environment, and other factors that may impact its financial statements.

  2. Identify and Assess Risks:

    Identify and assess the risks of material misstatement in the financial statements. This includes considering both inherent risks and control risks that may affect the accuracy and completeness of the financial information.

  3. Design an Effective Audit Strategy:

    Develop an audit strategy that is tailored to the assessed risks, ensuring that audit resources are focused on areas where the risk of material misstatement is highest.

  4. Respond Appropriately to Identified Risks:

    Determine the nature, timing, and extent of further audit procedures based on the assessed risks. This involves designing procedures that provide sufficient and appropriate audit evidence to address the identified risks.


(ii) Sources of Audit Evidence for Risk Assessment Procedures


As part of risk assessment procedures, auditors may gather evidence from various sources to form a basis for understanding the entity and assessing risks. Sources of audit evidence include:


  1. Entity's Financial Statements:

    Reviewing the entity's financial statements, including the balance sheet, income statement, and cash flow statement, to understand its financial position and performance.

  2. Management Interviews:

    Conducting interviews with management to gain insights into the entity's business strategies, objectives, and the overall control environment.

  3. Internal Control Documentation:

    Examining documentation related to the entity's internal controls, including policies, procedures, and manuals, to assess the design and implementation of controls.

  4. Industry Analysis:

    Performing an analysis of the industry in which the entity operates to understand external factors that may impact its operations and financial performance.

  5. Regulatory Filings:

    Reviewing regulatory filings, if applicable, to understand the entity's compliance with relevant laws and regulations.

  6. Observation and Inspection:

    Observing the entity's operations and inspecting physical assets to gather evidence about the nature of its business and potential risks.

  7. Analysis of Historical Financial Data:

    Analyzing historical financial data to identify trends, patterns, and anomalies that may be indicative of risks or areas requiring closer examination.

  8. External Confirmations:

    Requesting external confirmations from third parties, such as banks or customers, to verify information provided by the entity and assess the reliability of financial data.

  9. Industry Benchmarks:

    Comparing the entity's performance and financial metrics with industry benchmarks to identify areas that may deviate significantly and require further investigation.

  10. Technology-Based Tools:

    Utilizing technology-based tools, such as data analytics, to analyze large volumes of data and identify potential risks or areas of interest for the audit.

More info

QUESTION 3(b)

Q Your firm has diverse clientele from various sectors. You have been allocated the task of planning for an audit of Tamuko Creameries Ltd., a company that manufactures a variety of milk products. This will be the second year your firm is providing audit services to Tamuko Creameries Ltd.

The following information is available:
1. The company's finance manager has informed you that the company has recorded fast growth. The company's financial accounting systems have been changing rapidly and appropriate control systems are proving challenging to maintain. Additional services in terms of review and implementation of control systems have been requested.

2. The company has recently established an internal audit unit and the finance manager wants you to ensure that external audit work is limited by using this unit.

3. The company plans to produce and market a new brand of yoghurt specifically for export to neighbouring countries. This has not been approved by the Export Licencing Agency.

4. The granting of the export licence is dependent on the financial stability of the company.

5. The finance manager has indicated that the company will be required to provide a report to the Export Licencing Agency on cash flow forecasts for the upcoming financial year to support licence application

Required:
As part of your risk assessment procedures for the audit of Tamuko Creameries Ltd., evaluate five items to be considered when providing services to this client.
A

Solution


Risk Assessment for Tamuko Creameries Ltd. Audit


When providing audit services to Tamuko Creameries Ltd., several factors need careful consideration in the risk assessment process. Here are five items to be evaluated:

  • Rapid Changes in Financial Accounting Systems:

    Evaluate the impact of the company's rapidly changing financial accounting systems on the accuracy and completeness of financial information. Assess the effectiveness of internal controls to address the challenges associated with fast growth and changing systems.

  • Integration with Internal Audit Unit:

    Consider the newly established internal audit unit and assess its capabilities, independence, and the extent to which it can be relied upon. Determine the collaboration and coordination required between the external audit team and the internal audit unit to optimize audit efforts.

  • New Product Launch and Export Plans:

    Examine the company's plans to launch a new brand of yoghurt for export. Assess the associated risks, including regulatory compliance, the status of the Export Licencing Agency approval, and the potential impact on the financial stability of the company.

  • Dependence on Export Licence for Financial Stability:

    Evaluate the company's dependence on the export licence for financial stability. Understand the criteria set by the Export Licencing Agency for granting the licence and assess the implications for the company's financial position and operations.

  • Reporting Requirements for Licence Application:

    Review the finance manager's indication of the need to provide a cash flow forecast to support the export licence application. Assess the accuracy and reliability of the company's cash flow forecasting processes and their alignment with the reporting requirements of the Export Licencing Agency.

More info

QUESTION 3(c)

Q Compare the responsibilities of the internal auditor and those of the external auditor in respect to detection of fraud.
A

Solution


Comparison: Internal vs External Auditor Responsibilities in Fraud Detection


While both internal and external auditors play crucial roles in detecting fraud, their responsibilities differ due to their distinct positions within an organization:

  • Internal Auditor Responsibilities:

    Internal auditors are employees of the organization and are responsible for evaluating and improving the effectiveness of risk management, control, and governance processes. Regarding fraud detection, internal auditors have the following responsibilities:

    • Conducting Regular Internal Audits: Internal auditors perform routine audits of various processes and operations within the organization to assess compliance with policies and procedures, identifying any irregularities that may indicate fraud.
    • Evaluating Internal Controls: Internal auditors assess the design and effectiveness of internal controls to prevent and detect fraud. They may recommend improvements to strengthen control environments.
    • Assisting in Fraud Risk Assessment: Internal auditors actively participate in the identification and assessment of fraud risks, helping management understand and address potential vulnerabilities.
    • Investigating Suspected Fraud: When internal auditors come across indicators or suspicions of fraud during their audits, they are responsible for conducting further investigations and reporting findings to management.
    • Providing Recommendations: Internal auditors offer recommendations to enhance fraud prevention measures and improve overall control systems within the organization.
  • External Auditor Responsibilities:

    External auditors are independent professionals hired by the organization to provide an unbiased evaluation of its financial statements. Their responsibilities related to fraud detection include:


    • Assessing Financial Statement Risks: External auditors analyze the risk of material misstatement in the financial statements due to fraud. This involves understanding the industry, the entity, and its internal controls.
    • Performing Substantive Procedures: External auditors design and execute substantive procedures, including tests of details and analytical procedures, to obtain audit evidence about the potential occurrence of fraud in financial statements.
    • Evaluating Internal Controls: Although external auditors consider internal controls, their primary focus is on the controls relevant to the audit of the financial statements rather than the organization's broader control environment.
    • Reporting to Stakeholders: External auditors communicate their findings to the stakeholders through the issuance of an audit report. If fraud is identified, they are required to report it to appropriate levels of management and, in some cases, regulatory authorities.
    • Expressing Professional Skepticism: External auditors maintain professional skepticism throughout the audit, questioning management assertions and remaining vigilant for any indications of fraud or error.

While both internal and external auditors contribute to fraud detection, the internal auditor's role is more focused on ongoing risk management and control improvement, while the external auditor's focus is on providing an independent assurance on the accuracy of financial statements.

More info

QUESTION 4

Q You are the training officer in Makau and Associates. You have been appointed to give an induction course to a group of new trainee audit staff regarding fraud and error.

A number of the trainees have indicated that they are aware that the issue of fraud and error is something they will likely face in the completion of their assignments, but are unsure as to what their responsibilities and those of the directors are in this area.

You have decided to provide them with explanatory notes with regard to audit matters pertaining to fraud and error.

Required:
Prepare notes for the trainee audit staff undertaking your induction course which:

(a) Differentiate the responsibilities of the auditor and those of the directors with respect to fraud.

(b) Discuss five steps which the auditor might take when fraud is suspected.

(c) Evaluate three limitations of audit procedures in detecting fraud and error.
A

Solution


(a) Differentiating Responsibilities of Auditor and Directors Regarding Fraud


It's essential for auditors and directors to understand their distinct responsibilities when it comes to fraud:

  • Responsibilities of the Auditor:

    As auditors, the primary responsibility is to detect material misstatements in the financial statements, whether caused by fraud or error. This includes assessing the risk of fraud, designing procedures to address those risks, and obtaining sufficient and appropriate audit evidence.

  • Responsibilities of the Directors:

    Directors are responsible for the prevention and detection of fraud within the organization. They must establish and maintain internal controls, create a culture of honesty and integrity, and promptly report any suspected or identified fraud to the auditors and appropriate authorities.


(b) Steps the Auditor Might Take When Fraud is Suspected


When fraud is suspected, auditors should take the following steps:


  1. Assess the Initial Suspicions:

    Evaluate the nature and source of suspicions, considering any unusual or unexpected findings during the audit process.

  2. Discuss with Management:

    Engage in open and honest discussions with management to gather additional information and insights regarding the suspicions.

  3. Consider Legal and Regulatory Obligations:

    Understand legal and regulatory obligations related to fraud reporting. If necessary, consult with legal counsel to ensure compliance with reporting requirements.

  4. Expand Audit Procedures:

    Modify and expand audit procedures to specifically address the areas where fraud is suspected, focusing on obtaining additional evidence to confirm or refute suspicions.

  5. Document Findings:

    Thoroughly document all findings, discussions, and actions taken regarding the suspected fraud. This documentation is essential for supporting audit conclusions and, if necessary, legal proceedings.


(c) Limitations of Audit Procedures in Detecting Fraud and Error


While audit procedures are designed to detect fraud and error, there are limitations that auditors should be aware of:


  1. Collusion and Intentional Concealment:

    Auditors may face challenges in detecting fraud when there is collusion among employees or when individuals intentionally conceal their fraudulent activities. Collusion can undermine the effectiveness of internal controls and audit procedures.

  2. Management Override of Controls:

    In some cases, management may override internal controls to perpetrate fraud. Auditors may not always identify instances where management manipulates or overrides controls to conceal fraudulent activities.

  3. Complex Financial Transactions:

    Fraudulent schemes involving complex financial transactions or sophisticated methods of manipulation may be difficult to detect through standard audit procedures. Specialized forensic skills may be required to uncover such activities.

More info

QUESTION 5

Q The key element of the external audit and internal audit is the independence of the individual or the firm holding the appointment or in the case of internal audit, the status of the internal audit department in the organisation.

However, if the auditor is to carry out his function independently, he must be granted access to all the information he requires.

Required:
(a) Explain two reasons why the internal and external auditors need to be granted access to all information required.

(b) Discuss whether the right of access granted to internal and external auditors creates any obligations for the auditor.

(c) Evaluate seven circumstances which may give rise to auditor's legal liability.
A

Solution


(a) Reasons for Granting Access to Information to Auditors


Both internal and external auditors require access to all necessary information due to the following reasons:

  • Evidence Gathering:

    Access to information is crucial for auditors to gather sufficient and appropriate evidence to support their audit opinions. It helps them assess the accuracy and completeness of financial information and ensures a reliable basis for their conclusions.

  • Risk Identification and Assessment:

    Access to relevant information enables auditors to identify and assess risks within an organization. This includes evaluating the effectiveness of internal controls and understanding the overall risk environment, which is essential for a comprehensive audit.


(b) Obligations Arising from Right of Access for Auditors


The right of access granted to internal and external auditors comes with certain obligations:


  • Professional Standards:

    Auditors are obligated to adhere to professional standards and ethical guidelines. They must conduct their work with integrity, objectivity, and independence, ensuring that the information accessed is treated confidentially and used solely for audit purposes.

  • Legal and Regulatory Compliance:

    Auditors must comply with relevant laws and regulations governing their profession. This includes respecting the confidentiality of sensitive information and ensuring that their access to information aligns with legal requirements.

  • Communication of Findings:

    Auditors have an obligation to communicate their findings and conclusions to relevant stakeholders. This involves reporting any identified deficiencies in internal controls or instances of non-compliance with laws and regulations.


(c) Circumstances Leading to Auditor's Legal Liability


Several circumstances may give rise to an auditor's legal liability:


  • Fraud and Misrepresentation:

    Legal liability may arise if the auditor fails to detect material misstatements due to fraud or misrepresentation in the financial statements, leading to financial losses for stakeholders.

  • Failure to Detect Material Errors:

    If the auditor overlooks material errors in the financial statements, resulting in misleading financial information, legal liability may arise for negligence in the performance of audit procedures.

  • Failure to Comply with Professional Standards:

    Legal liability may occur if the auditor fails to comply with professional auditing standards and ethical guidelines, leading to a breach of duty owed to clients or third parties.

  • Non-compliance with Reporting Requirements:

    If the auditor fails to meet reporting requirements, such as not issuing a required opinion or adequately communicating significant audit findings, legal liability may arise due to non-compliance with regulatory obligations.

  • Lack of Independence:

    Legal liability may result if the auditor lacks independence or is perceived as having a conflict of interest, compromising the objectivity and impartiality required for an unbiased audit.

  • Reliance on Misrepresented Information:

    If the auditor relies on misrepresented or fraudulent information provided by the client without exercising due professional skepticism, legal liability may arise for failure to obtain sufficient appropriate audit evidence.

  • Failure to Disclose Known Deficiencies:

    Legal liability may occur if the auditor fails to disclose known deficiencies in internal controls or other significant issues identified during the audit, impacting the stakeholders' ability to make informed decisions.


Auditors must be diligent in their work, adhere to professional standards, and fulfill their obligations to minimize the risk of legal liability.

More info

Comments on CPA past papers with answers:

New Unlock your potential with focused revision and soar towards success
Pass Kasneb Certification Exams Easily

Comments on:

CPA past papers with answers