Solutions manual

to accompany

Audit and assurance

1st edition
by

Leung et al.

© John Wiley & Sons Australia, Ltd 2019

 Chapter 4: Quality and standards of assurance engagements

Chapter 4: Quality and standards of assurance engagements

Review questions

4.11 Discuss why auditors and accountants are engaged in assurance

engagements other than financial statement audits.

Auditors and accountants are sometimes called upon to provide assurance on various
types of financial and non-financial information that are produced for a particular
purpose or for a segment of stakeholders. This is the case because auditors and
accountants possess the expertise and credibility to undertake an independent
engagement and to perform tests and analysis in order to provide a required level of
assurance in relation to these reports. For example, special purpose financial reports
are produced for a particular purpose and involve financial analysis that is not
typically required in a general purpose financial report. In many instances, special
purpose financial reports are required to be audited, e.g., prospectuses.

Other assurance engagements can involve non-historical financial data, a segment of

the financial statement only, reports on compliance of contractual arrangements,
reports on summarised financial reports, interim financial reports, etc. Moreover,
there are reports such as sustainability reports, and investigative reports such as
forensic audit engagements. Most of these reports involve accountants / auditors.

4.12 What is meant by reasonable and limited assurance engagements?

Give an example for each type.

Reasonable assurance engagement: aims at reducing risk to an acceptable low level of

risk as a basis for a positive conclusion (high but not absolute level of assurance). A
limited assurance engagement aims at reducing risks to a level that is acceptable in the
circumstances but the risk is greater than for a reasonable assurance engagement, as
the basis for a negative conclusion.

The assurance engagement can consist of an outcome, a set of criteria and a subject
matter, and include all the assurance engagements where ASAs, ASREs and ASAEs
apply. A financial statement audit is a reasonable assurance engagement. A
sustainability assurance engagement based on a certain set of criteria is an example of
limited assurance engagement.

4.13 List and explain the elements of an assurance engagement.

An assurance engagement involves three parties: (1) The responsible party - these are
responsible for the subject matter, (2) intended user - the person who require
assurance on the subject matter, the assurance practitioner, the person who will be
providing assurance.

The subject matter is the information that is being reviewed or audited and about
which the assurance practitioner will provide an opinion.

© John Wiley & Sons Australia, Ltd 2019 4.2

Solutions manual to accompany Audit and assurance 1e by Leung et al.

Suitable criteria are the criteria around which the subject matter has been prepared
and the assurance practitioner will compare the subject matter to the suitable criteria
to establish if there are any errors.
Appropriate evidence that the subject matter is free from errors will need to be
obtained by the assurance practitioner in order to provide an opinion.
An assurance report is the final element where the assurance practitioner provides a
formal opinion to the user.

4.14 What is forensic auditing?

Forensic auditing is an investigation by an assurance provider into specific issues such

as fraud or other irregularities. The purpose of the investigation is to gather evidence
in relation to the activities that have led to the alleged fraud or other irregularities
occurring. The processes involve establishing the facts of the case by gathering and
analysing data. The assurance report will include the evidence and the facts of the
case as they appear to the assurance provider with the possibility that this evidence
will be used to support a legal case. It is also likely than any report will include
recommendations to prevent similar problems arising in the future such as
improvements to internal controls.

4.15 Explain why an organisation might employ an assurance practitioner

to perform due diligence before deciding to purchase a new
business.

Due diligence will provide information to the buying organisation about the company
being purchased to ensure that the purchase is made with as much information about
the company being bought as possible. This should ensure that the purchasing
organisation pays a fair price for the company being bought and that there are no
nasty surprises after the purchase is complete.

The assurance practitioner will provide an impartial view of the purchase and assess
the potential benefits as well as any possible drawbacks in going ahead with the
purchase. Due diligence does not need to be carried out by an external practitioner but
internal management may have neither the time nor the skills to carry out the work
effectively.

Management will obtain information about the assets and liabilities of the company,
including goodwill and other intangibles, there will also be insights into the risks of
the company, the management and other skills, as well as any operational difficulties.
The result of the due diligence work should ensure that the buying organisation can
effectively plan the acquisition to ensure a smooth transition of the new company into
the group.

© John Wiley & Sons Australia, Ltd 2019 4.3

 Chapter 4: Quality and standards of assurance engagements

4.16 What are the likely factors that lead to fraud?

For the purpose of identifying the type of fraud, the KPMG global profiles of a
fraudster report in 2016 cited a number of ways in which technology was used to
perpetrate frauds, including:
• creating false or misleading information in the accounting records
• providing false or misleading information via email or other messaging
platform
• abusing permissible access computer systems
• obtaining access to computer systems with permission.

Other factors that lead to fraud include:

• poor security of access devices and passwords
• the ease with which valuable products and funds can be moved around the
world
• the breakdown of traditional internal controls which were replaced by poorly
understood systems controls
• the growing acceptance of a certain level of fraud in doing business
• poor internal control and internal checking procedures
• poor organisational culture e.g. Bottom line incentives
• poor recruitment procedures leading to hiring the wrong type of staff members
• poor governance framework.

4.17 What is meant by the three Es in a performance audit?

The three Es are Economy, Efficiency and Effectiveness:

Economy relates to reducing cost without reducing quality, an organisation should

attempt to reduce the costs of the processes it undertakes.

Efficiency relates to getting the best use out of resources. Using resources more
efficiently can lead to reducing resources used without reducing outputs or increasing
outputs for the same resources input.

Effectiveness is about achieving objectives, this may be about maximising output or

profitability however many organisations have a wide range of objectives to be met
only some of which might be financial.

Improvements in the three Es improve the performance of processes and organisations

should set performance measures to firstly understand how they are currently
performing but also to improve performance.

© John Wiley & Sons Australia, Ltd 2019 4.4

Solutions manual to accompany Audit and assurance 1e by Leung et al.

4.18 What is meant by the term prospective financial information?

Prospective Financial Information (PFI) relates to assumptions about future events

and the possible actions that an organisation may take in the future.

PFI can take two forms:

1. Forecasts - these are prepared by management based on what they expect to
occur - that is the events that are expected to occur and the actions that
management expect to take in the future. These can be considered as the best
estimate what might happen in the future.
2. Projections - these are hypothetical assumptions about future events and
management actions rather than expectations of what is likely to happen. They
should not therefore be relied upon as a reflection of what is likely to occur.

PFI may be a combination of both forecasts and projections where there is a mix of
best estimates and hypothetical assumptions.

4.19 Discuss the significance of assurance quality.

There is a strong view that the self-regulatory standards and regulations that ensure
the quality of professional services prevail in the profession. These self-regulatory
controls include:
• high education entry requirements
• rigorous induction programs
• character checking on entry to the profession
• compulsory public practice induction
• compulsory continuing professional development
• extensive ethical rulings and codes of ethics
• separate public practice registration
• compulsory quality review programs
• compulsory professional indemnity insurance
• adherence to detailed and mandatory auditing standards and auditing
pronouncements.

These controls set a minimum list of mechanisms and standards with which
professional accountants and auditors must comply. However, as auditors expand
their services and as their roles become more complicated, it is expected that they
must not only keep abreast of current demands in quality delivery applicable to
businesses, but also have the ability to assess the impact of such standards on their
own work.

© John Wiley & Sons Australia, Ltd 2019 4.5

 Chapter 4: Quality and standards of assurance engagements

4.20 Define total audit quality management.

With auditors becoming increasingly involved in auditing an entire business, ISO

9000 is now used by auditors to identify and review issues that have an impact on
quality management in an organisation.

Research into this issue (and the applicability of ISO 9000) has led to the design of a
tool to audit issues that have a negative impact on sustainability. Based on work
carried out in different manufacturing organisations, the sustainability of total quality
management was found, for example, to rely on factors such as continual
improvement, organisational behaviour, human resources management, industrial
relations and the labour process. These factors reflect a variety of perspectives within
business operations. The issues found to have an impact on such factors were analysis
of strengths, weaknesses, opportunities and threats (SWOT), competitors, quality and
performance standards, new technologies, industrial relations, management–worker
relationship, policies design, the positioning of quality functions and resources,
functional boundaries, communication, job flexibility, the supervisory structure, the
improvement infrastructure, and education and training.

In providing various types of assurance reviews, auditors are generally able to help
management pinpoint the matters that have a negative impact on the total quality
management of an organisation. Furthermore, they may be able to use the standards
specified in ISO 9000 as audit tool benchmarks to provide the necessary level of
assurance for effectiveness.

An understanding of the total business process is one of the strengths that financial
accountants and auditors can build on as they add value for their employers and
clients. Most accountants and auditors are good at analysing situations in
organisations, constructing detailed work plans, explaining complex situations to
clients from a variety of backgrounds and keeping confidences. Auditors can also
perform ISO audits or help clients achieve ISO registration/performance.

According to Barthelemy and Zairi, quality auditing has progressed from a practice
solely concerned with tools used to detect non-conformance (non-compliance) to one
concerned with using instruments geared towards continual improvement. They
postulate that it now encapsulates a much more dynamic approach, being more
focused on innovation and best practice than on minimum levels of performance. In
another more recent article, Francis summarised audit quality to date:
• Auditing is relatively inexpensive, typically amounting to approximately only
0.04% of sales.
• There were very infrequent outright audit failures with material economic
consequences.
• Auditor’s reports were found to be informative, despite the presence of false
positive and negatives.
• Audit quality is positively associated with earnings quality.
• Audit quality is affected by legal regimes and the incentives they create.
• There is evidence of different audit quality by the Big Four and industry
experts.

© John Wiley & Sons Australia, Ltd 2019 4.6

Solutions manual to accompany Audit and assurance 1e by Leung et al.

Professional application questions

 BASIC |  MODERATE |  CHALLENGING

4.21 Compilation, review or audit 

You have been approached by a client who is not sure of the requirements with
regard to financial reporting. Your client understands that there are
compilations, reviews and audits but is not aware of the differences between
them.
Required
Prepare notes for a meeting with your client that discuss the
differences between a compilation, a review and an audit. Identify
the different levels of assurance that will be given and what form
that opinion will take. You should also give briefs notes about the
kind of procedures that would be involved in each engagement.

Compilation

Level of assurance: None

Opinion: There may be a report prepared to accompany the compiled statements

which will state that the information has been compiled from information and
explanations provided, that the work performed does not constitute a review or audit
and that no opinion is given.

Procedures: Compilations involve taking information provided by a client and

summarising and formatting the presentation of the information to meet a particular
need. Examples of compilations include the preparation of a financial report from a
trial balance or other books and records for an organisation or the compilation of a tax
return from information provided.

Review

Level of assurance: Limited Assurance

Opinion: The opinion will state that nothing has come to the practitioner’s attention to
suggest that the subject matter does not comply with the criteria. This is negative form
assurance and gives a lower level of comfort to the user than an audit.

Procedures: Evidence gathered is largely restricted to obtaining representations from

the management team, or other responsible party and carrying out analytical
procedures rather than detailed tests of control and substantive procedures. This level
of work will reduce engagement risk to a level that is appropriate to the engagement.

Audit

Level of assurance: Reasonable Assurance

© John Wiley & Sons Australia, Ltd 2019 4.7

 Chapter 4: Quality and standards of assurance engagements

Opinion: The opinion will state that in all material respects the subject matter
complies with the criteria. This is positive form assurance which clearly states to the
users that the subject matter is free from material error.

Procedures: The auditor will plan the nature, timing and extent of procedures to
provide sufficient and appropriate evidence to ensure that engagement risk is reduced
to an acceptably low level. These procedures include: (1) obtaining an understanding
of the engagement, (2) assessing risk, (3) responding to those assessed risk, (4)
performing procedures such as substantive tests and where necessary tests of the
effectiveness of internal controls, and (5) evaluating the evidence.

4.22 Assertion-based or direct reporting 

There are different categories and different types of assurance engagements:
1. Assertion-based engagements and direct reporting engagements.
2. Absolute, reasonable, limited and no assurance engagements.
3. Positive form assurance and negative form assurance.
4. An audit and a review of a financial report.
5. General purpose financial reports and special purpose financial reports.
6. Prospective financial information and historic financial information.
7. Compliance, performance, forensic and continuous auditing.

Required
For each of the above explain in detail the characteristics of each
item and the extent to which they differ from one another.

(1) Assertion-based engagements and direct reporting

engagements

An assertion-based engagement is one in which the practitioner is expressing an

opinion on assertions made about the subject matter rather than on the subject matter
directly. A direct reporting engagement is one in which the practitioner reports
directly on the subject matter. For example, a financial report provides assertions
about the financial position, performance and cash flows of an organisation (the
subject matter), therefore an audit of a financial report is an assertion-based
engagement. Where an auditor is asked to express an opinion on an organisation’s
internal controls, then this would be a direct reporting engagement (if the auditor was
asked to give an opinion on a report, assertions, about the effectiveness of internal
controls that this would be an assertion-based engagement).

(2) Absolute, reasonable, limited and no assurance engagements

Absolute assurance would be a 100% guarantee of the accuracy of information. This

type of opinion would never be provided due to the inherent limitations in the
procedures performed, for example: samples of a population only are checked,
evidence is persuasive rather than conclusive, judgment will be required for some
issues, difficulty in auditing completeness.

Reasonable assurance provides comfort that the subject matter is not materially
misstated. The level of work performed by the auditor will ensure that the risk of

© John Wiley & Sons Australia, Ltd 2019 4.8

Solutions manual to accompany Audit and assurance 1e by Leung et al.

giving an incorrect opinion (engagement risk) is reduced to an acceptably low level.

The level of work will include detailed substantive testing and testing of internal
controls where they are being relied upon to provide evidence. Audits provide
reasonable assurance.

Limited assurance gives a lower level of comfort than reasonable assurance.

Procedures are generally restricted to obtaining representations and carrying out
analytical procedures, rather than detailed substantive testing. A review of a financial
report is an example of a limited assurance engagement.

No assurance engagements are those where no opinion is provided a statement of

findings may be provided instead. Compilations also do not include any assurance.

(3) Positive form assurance and negative form assurance

Positive form opinion is a clear statement that the subject matter is or is not in
compliance with appropriate criteria.

Negative form opinion states that nothing has come to the attention to suggest that the
subject matter is not in compliance with the criteria.

(4) An audit and a review of a financial report

An audit reduces engagement risk to an acceptably low level to provide reasonable

assurance with a positive form opinion.

A review reduces engagement risk to a level appropriate to the engagement in order to

provide limited assurance with a negative form opinion.

(5) General purpose financial reports and special purpose

financial reports

General purpose financial reports (GPFR) are those prepared to meet the needs of a
wide range of users, normal annual financial reports are (GPFR).

Special purpose financial reports meet the needs of a specific user for a specific
purpose, for example a bank providing finance to a company might request
information to be provided in a particular way to meet their information needs.

(6) Prospective financial information and historic financial

information

Prospective financial information (PFI) relates to expectations of the future. PFI is in

two forms: (1) forecasts which are best estimates based on assumptions that
management expect to occur, and (2) projections which are hypothetical assumptions
(and therefore less certain than forecasts). By its very nature PFI is uncertain and
therefore assurance will be provided on the reasonableness of the assumptions made
and the method of compiling the information rather than on the likelihood of the
projected outcomes being achieved.

© John Wiley & Sons Australia, Ltd 2019 4.9

 Chapter 4: Quality and standards of assurance engagements

Historical financial information relates to reporting events that have already occurred
and therefore evidence should be readily available to give some comfort as to the
veracity of the information.

(7) Compliance, performance, forensic and continuous auditing

Compliance engagements are those which give some comfort that the processes
carried out in an organisation are in compliance with some regulations, such as
legislation, contractual obligations or internal policies.
Performance engagements are designed to give an opinion on the economy, efficiency
and effectiveness of processes. The idea is to ensure that the organisation is achieving
its objectives, reducing waste and getting value for money.

Forensic engagements investigate the causes and effects fraudulent activities or

system failures that may be the consequences of fraud. A forensic audit may be held
in response to a claim against a company as a result of intentional or unintentional
failures of electronic systems for processing transactions.

Continuous audits allow auditors to provide opinions on information provided by

organisations on a short time frame. There is very little time for evidence gathering so
the auditor will rely on systems based procedures which are fully automated and
integrated IT audit tools.

4.23 Assurance services 

A firm provides the following service for its clients:
1. Preparation of a report giving advice to a client on the introduction of a new
system of internal controls.
2. A report giving an opinion on a school’s responses to a questionnaire
required by the auditor-general.
3. Preparation of the company’s tax returns.
4. A report to management about the success of a marketing campaign.
5. A report to directors in relation to half-year financial report for a listed
company.
6. An audit of a management report into the effectiveness of a company’s
internal control system.
7. A statement of findings to management in relation to the completeness and
accuracy of its purchase ledger balances.

Required
For each of the above identify whether assurance services are being
provided, give explanations justify your answer. For each assurance
service identify what level of assurance will be provided and what
form the opinion will take.

(1) Preparation of a report giving advice to a client on the

introduction of a new system of internal controls

This is a form of consultancy work provided recommendations and is therefore not an

assurance engagement. No assurance is provided and no opinion given.

© John Wiley & Sons Australia, Ltd 2019 4.10

Solutions manual to accompany Audit and assurance 1e by Leung et al.

(2) A report giving an opinion on a school’s responses to a

questionnaire required by the auditor general

This is an assertion based compliance engagement (ASAE 3100). The report is

providing information to the auditor general indicating the extent to which the
organisation has complied with some regulatory requirements. It is likely to be an
audit rather than a review and therefore would require reasonable assurance with a
positive form opinion.

(3) Preparation of the company’s tax returns

This is a compilation of a return from information provided by the client. No

assurance is provided and no opinion is given.

(4) A report to management about the success of a marketing

campaign

It is likely that this will be a report of findings giving details of the extent to which
revenue has increased after the marketing campaign. It is unlikely that an opinion
would be given about success unless success is very clearly defined to ensure that it is
an objective criterion against which to measure actual performance. Therefore, this is
likely to be agreed upon procedures engagement on which no assurance or opinion
would be provided.

(5) A report to directors in relation to half-year financial report for

a listed company

This is an assertion-based engagement providing an opinion on historical financial

information and the work is likely to be a review rather than an audit. These interim
reports must be either audited or reviewed and therefore most companies would have
a review performed rather than a full audit. In the case of a review there would be
limited assurance provided in a negative form. The review may be performed either
by the company’s independent auditor ((ASRE 2410) or another assurance
practitioner (ASRE 2400).

(6) An audit of a management report into the effectiveness of a

company’s internal control system

This is an assertion based engagement giving an opinion on a report on the

effectiveness of internal controls. This work could be a review or an audit. Many
organisations have their internal control processes audited, in which case reasonable
assurance would be provided in a positive form referring to the report rather than
directly on the internal controls themselves.

(7) A statement of findings to management in relation to the

completeness and accuracy of its purchase ledger balances

This is agreed-upon procedures. A statement of findings provides a statement of the

results of the procedures performed without giving an opinion as to whether the

© John Wiley & Sons Australia, Ltd 2019 4.11

 Chapter 4: Quality and standards of assurance engagements

purchase ledger balance is or are not fairly stated. No assurance is provided and no
opinion will be given.

© John Wiley & Sons Australia, Ltd 2019 4.12

Solutions manual to accompany Audit and assurance 1e by Leung et al.

4.24 Fraudulent expense claims 

You have been approached by your client Stan Frank who runs small plumbing
business. Stan’s plumbers work on a range of small domestic jobs as well as large
jobs on constructions sites. It is not unusual for Stan’s staff to be required to stay
away from home during the week.
Stan has become concerned that the amount he has been paying for travel and
accommodation expenses for staff staying away has increased significantly and
he recently sacked a member of staff on suspicion of providing a false claim.
Stan has asked to have a meeting with you to discuss the problems he has found.
He wants you to carry out an investigation into possible fraudulent expenses
claims.

Required
Prepare notes for your meeting with Stan that will allow you to
understand the nature of the engagement.

Information required from the meeting will include:

What is the purpose of the investigation - will any report be used to support an
insurance claim or justify the sacking of staff, particularly the staff member already
sacked, is there likely to be any criminal charges brought against staff accused of
theft. Is the purpose of the investigation to establish the amounts lost, identify
perpetrators, suggest internal controls to prevent further losses?
The terms of engagement should be clearly stated in an engagement letter to ensure all
parties understand the scope of the work being carried out.
Details in relation to what Stan has found out:
• How many staff are involved in the fraudulent claims?
• How long have the fraudulent claims been made?
• What is the value of the claims?
• How did Stan become aware of the fraud?
What internal controls exist in relation to preventing and detecting fraudulent claims?
Have the police been involved, has the insurance company been notified?
There should be a discussion of the approach that the investigation will take,
including the techniques used to detect the extent of the fraud, including the need for
the investigators to have unrestricted access to information in carrying out their work,
and full co-operation from the organisation.

© John Wiley & Sons Australia, Ltd 2019 4.13

 Chapter 4: Quality and standards of assurance engagements

4.25 Forensic audit 

Standard Publishing Insurance Co. Ltd provides insurance cover for
professional publishers. Australian Online Design Co. Ltd (AODCL) recently
filed a claim for the loss it incurred following a breakdown of its computer
network, in which its customers’ files were lost. AODCL sells business
publications (journals, magazines and news reports) to 1000 corporate customers
via subscriptions through the Internet. The payment and delivery systems are
also linked to the customers’ files, held by the master e-commerce system. You
are called in to conduct a forensic audit to establish the validity of the claim, and
the extent to which it is appropriate.

Required
Explain the key considerations of the forensic audit you will conduct.

A forensic audit is the investigation of irregularities, fraudulent activities or other

discrepancies to establish the causes and impact on systems and the financial position
of organisations. A forensic audit is normally conducted where there is a suspected
irregularity. Key considerations could include:
• Reviewing the overall design of the accounting system and checking for any
weaknesses that may have caused the breakdown or irregularity occurring.
• Determination if there was a system failure, and if so, why
• Analysis of the sequence of transactions to identify any intervention by
unauthorised personnel.
• Determination of whether any back up procedures have been conducted, and
whether they were conducted properly.
• Checking of the adequacy of the backup procedures.
• Review of the security procedures including the adequacy of the firewalls in
computer systems.
• Review for evidence of corruption or errors or departures from the
expectations.
• Review for evidence of breakdown.
• Interview respective personnel who are involved in the system related to the
breakdown and establish other likely factors contributing to the problem
• Quantify the potential losses to i.e. goodwill and sales.

© John Wiley & Sons Australia, Ltd 2019 4.14

Solutions manual to accompany Audit and assurance 1e by Leung et al.

4.26 Key performance indicators - social and environmental performance


Upper Crust Pizza Ltd is a profitable business that has been run for many years.
The chairman of the board of directors is Simon Strange who built the company
from nothing to the successful public company it now is. As he gets close to
retirement, Simon wants to ensure his legacy includes social and environmental
success as well as the financial success that he has enjoyed.
Simon is considering how the organisation can improve the welfare of the staff,
better look after customers, and improve how it interacts with the wider
community and the environment.

Required
Considering staff, customers, the wider community and the
environment suggest Key Performance Indicators that might be
used to improve social and environmental performance.

A wide range of KPIs could be suggested, a key issue to consider is what the
performance of the organisation will be compared to and how can improvement be
measured. Possible KPIs could include:

Staff:
Staff turnover levels - high staff turnover indicates unhappy staff
Staff absentee rates - happy staff will be happy to come to work
Spending on staff training - improving staff skills
Mix of fulltime to part time staff - compared to industry averages, other organisations
Level of salaries and other benefits - compare to industry averages
Staff satisfaction surveys

Customers:
Indications of satisfied customers:
Levels of repeat business
Customer satisfaction surveys
Levels of customer complaints

Wider Community:
Donations to local not-for-profit enterprises
Sponsorship of events
Making the restaurants available for events at no cost to charities

Environment
Levels of recycled waste
Amount spent on energy bills
Capital investment on energy reducing equipment

© John Wiley & Sons Australia, Ltd 2019 4.15

 Chapter 4: Quality and standards of assurance engagements

4.27 Business plan 

You are the auditor for Blank Space Ltd, a design group with several divisions
each focusing on a different client group. Melanie Blank, the CEO, is looking for
ways to improve the profitability of the group and has decided to focus on the
main profit-making divisions. The coming year will therefore see a restructure of
the group and Melanie wants to ensure this is done in as controlled a manner as
possible and has produced a business plan for the period of the restructure.
Melanie has asked you to provide a report on the business plan for the coming
year — you have been provided with the most up-to-date six monthly financials.
You are preparing for a meeting with Melanie initially to discuss the work you
might perform on the business plan.

Required
Identify and explain the information you would seek to obtain before
accepting appointment to report on the business plan.

Information that will be required will include:

1. What is the intended scope of the engagement, will any limitations be applied?
2. What form of report and opinion is required?
3. Will management be willing to provide written representations acknowledging
their responsibility for the preparation of the plan and the suitability of the basis
of preparation?
4. The form of the business – will it include balance sheet, income statement, cash
flow statement, and other information such as capital budgets?
5. The period covered by the plan – is it the next 12 months or longer?
6. What is the purpose of the report – will it be used to support additional
financing?
7. Who will the business plan be distributed to?
8. How and by whom has the report been prepared?
9. What are the key assumptions included in the report?
10. Has the report been prepared in accordance with normal accounting policies, as
far as they are relevant?

© John Wiley & Sons Australia, Ltd 2019 4.16

Solutions manual to accompany Audit and assurance 1e by Leung et al.

4.28 Controls and risks for payments 

You are engaged to write a checklist for Cyber-Sell, a company that buys and
sells products over the Internet as a key secondhand market.

Required
Using the following headings, identify the controls and risks you
would expect in the Cyber-Sell sales systems regarding:
(a) confidentiality of information
(b)transaction integrity
(c) authorisation of payments
(d)assurance of business credibility

(a) Confidentiality of information

Controls could include:

← Logical and physical security measures. For example password (with regular
password-changing control and encryption of data.
← Information protection to safeguard the integrity of the files.
← Privacy issues relating to customer information.
Risks include:
← Corrupt information being processed;
← Breach of confidentiality

(b) Transaction integrity

Controls could include:

← Identity controls for authorised personnel.
← Processing controls to ensure accuracy and completeness.
← Authenticity, accuracy and reasonableness controls.
Risks include:
← Unauthorised transaction being processed;
← Transaction processed incorrectly

(c) Authorisation of payments

Controls could include:

← Established levels of approval for expenditure.
← Reconciliations of payments with creditor records.
← Identity and credit verification checks to prevent unauthorised use of credit
cards
Risks include:
← Unauthorised payments made to unauthorised personnel;
← Incorrect payments made.

(d) Assurance of business credibility

Controls could include:

← Review processes to ensure changes to the business system accommodate all
aspects of commercial activities.

© John Wiley & Sons Australia, Ltd 2019 4.17

 Chapter 4: Quality and standards of assurance engagements

← Management’s awareness of the risks involved in the management of data and

associated security issues.
← Monitoring of the performance of the sales and accounting systems through
parameters agreed by management
Risks include:
← Breach of confidential commercial agreements;
← Loss of business credibility

4.29 IT tender process 

Johnson Brain is a subsidiary in the Franklin Spleen group of companies and is
about to implement a new IT solution to manage an important part of its
production process.
The Franklin Spleen group has a broad range of detailed group policies and
procedures that all companies in the group must follow. The policy around
major expenditure requires a tender process to take place as follows:
1. Full detailed project specifications should be produced.
2. Invitations to tender must be advertised publicly.
3. The receipt of tenders submitted must be documented and all submissions
opened at the same time.
4. A project team of at least three must review and assess submissions, one
of whom must have appropriate expertise in IT project management.
5. Contracts will be awarded based on an assessment matrix which gives a
score weighted across various factors of functionality, financial stability
of the supplier, track record, price, and future support.
You have been asked to provide assurance on Johnson Brain’s new IT solution.

Required
Identify the type of assurance engagement you have been asked to
carry out and for each of the five points above, suggest procedures
that might be carried out to satisfy yourself that the appropriate
tender process has been followed.

This engagement is a compliance engagement – giving assurance that required

processes have been complied with. The following procedures should be carried out
to check that the tender process has been followed.

1. Full detailed project specifications should be produced – obtain a copy of the

project specifications and review its contents to ensure that the scope of the
engagement is sufficient to cover all aspects of the project.

2. Invitations to tender must be publicly advertised – obtain details of when and

where the advertisement was published and obtain a copy of the publication.

3. The receipt of tenders submitted must be documented and all submissions opened
at the same time – request documentary evidence of the tender opening processes.
It would be expected that the project team would all be present at the opening of
the tender submissions and would all sign the document indicting their presence.

4. A project team of at least three must review and assess submissions, one of who

© John Wiley & Sons Australia, Ltd 2019 4.18

Solutions manual to accompany Audit and assurance 1e by Leung et al.

must have appropriate expertise, in this case IT project management experience –

obtain a schedule of the team members, ensuring there are at least three people on
list. Obtain copies of the resumes of the team members and copies of appropriate
IT qualifications.
5. Contracts will be awarded based on an assessment matrix which gives a score
weighted across various factors of functionality, financial stability of the supplier,
track record, price, and future support – obtain copies of each of the tenders
submitted and the appraisal documents used to assess each tender. Ensure the
appraisal documents are in line with the project’s specifications and ensure that
each tender is scored for each of the assessment areas. Check that the overall score
has been correctly computed and that the highest scoring tender was selected.
Review minutes of team meetings to ensure the decision of the team has been
finalised in accordance with the required processes.

4.30 Audit quality 

You have just started carrying out the fieldwork for the audit of the financial
report of Jocular Services Ltd for the year ended 30 June 2017. It has become
apparent through your discussions with the client that there was something
significantly wrong with last year’s audit that was carried out by your firm.

Your discussions with the manager of last year’s audit indicate that the audit
senior carried out the work on his own as the client is only small. The audit visit
was one week and at the end of the Friday of that week, the senior handed over
the completed audit working papers to the manager. That Friday happened to be
the last day of employment for the audit senior who had accepted a job with a
circus, as CFO.

It is clear to you that the audit file has recorded work that was not actually
carried out. The file includes procedures that refer to documents that the client
does not maintain and also includes explanations that do not correspond to what
you now know to be the case. You suspect that the audit file from last year is an
elaborate fiction. It looks like an audit file should and appears in all regards to
be plausible; however, the details do not appear to correspond to the reality of
the audit client.

You are discussing with the audit manager how to proceed.

Required
(a) Discuss the significance of audit quality control and identify the likely
outcome of the above.
(b) How could the situation described above have been prevented?

(a) Quality audits are essential to ensure that the profession meets its responsibilities
to clients, to the general public and to regulators who rely on independent
auditors to maintain the credibility of financial information. To help assure
quality audits, the profession and the regulators have developed a multilevel
regulatory framework. Professional accountants must comply with various
accounting standards, auditing standards and standards relating to specific

© John Wiley & Sons Australia, Ltd 2019 4.19

 Chapter 4: Quality and standards of assurance engagements

professional services covered by a range of miscellaneous professional

statements. Non-compliance represents unacceptable professional conduct.

The quality of auditing services rendered by a firm depends on auditing standards

for each engagement, and on quality control policies and procedures for the
firm’s auditing practice as a whole. ASA 220 (ISA 220) identifies the
responsibilities of an engagement partner and the engagement team in an audit
engagement. The engagement partner should be responsible on behalf of the firm
for the quality control and promotion of a quality-oriented culture on each audit
engagement to which that engagement partner is assigned. He or she should set
an example regarding audit quality that emphasises professional standards,
compliance and ethical requirements.

It appears from the information provided that the previous year’s audit lacked
quality control and supervision of the audit senior. This may have implications
for opening balances in the current year’s audit and the audit firm may be open to
litigation if the previous year’s financial report is found to be materially
misstated.

(b) This could have been prevented if the audit firm had implemented quality control
policies and procedures as described in APES 320 and followed the requirements
of the auditing standards. For example, to help staff meet professional standards,
firms often provide on-the-job training and require their professionals to
participate in continuing professional education courses. Personnel whose work is
substandard should be counselled and, if rapid improvement is not forthcoming,
their employment should be terminated. Motivation also results from the desire to
avoid the expense and damage to a firm’s reputation that accompany litigation
and other actions brought against the firm for alleged non-compliance with
professional standards.

© John Wiley & Sons Australia, Ltd 2019 4.20

Solutions manual to accompany Audit and assurance 1e by Leung et al.

Case studies

4.31 Environmental auditing 

(a) Explain the meaning of environmental auditing.
(b)List some standards that have been issued in relation to
environmental auditing.
(c) Describe the types of tasks that may be involved in
environmental auditing.

(a) An environmental audit is a type of audit that specifically target a company’s

ability to control its environmental performance more effectively, as well as the
level of compliance with a range of environmental regulations.

An environmental audit is similar to an audit on the environment, it involves

obtaining and evaluating evidence about:
• Economy refers to the acquisition of resources that are environmentally-
friendly (or complying with relevant regulations) of appropriate quality and
quantity at the lowest reasonable costs (such as the acquisition of recycled
paper at bulk for cost reduction),
• Efficiency refers to the use of a given set of inputs to maximise outputs (such
as minimisation of industrial wastage, use of solar-powered equipment to
reduce utility/fuel costs, etc.)
• Effectiveness focuses on the achievement of an intended outcome (such as
producing cars that comply the status as Low Emission Vehicles by meeting
certain future emission standards)

(a) These are some of the relevant standards that are especially related to
environmental audit:
• Auditing Guidance Statement AGS1036: ‘The Consideration of
Environmental Factors in the Audit of Financial Statement’
• ISO 14004 guidance on the implementation of environmental management
system
• ISO 19011 guidance on quality for environmental management audit
• ISO 14013/15 guidance on audit program review for environmental audits

(b) These tasks may be involved in an environmental audit:

· Evaluation of a company’s internal controls and risk management systems that
are specifically dealt with natural resources management, industrial waste,
treatments of hazardous materials, recycling, environmental laws and
regulations, etc,
· Perform reasonableness checks on a company’s disclosure in relation to its
compliance to environmental regulations such as Aboriginals Land Rights
(Native Titles) and extraction of resources from world-heritage protected
regions,
· Reviewing the adequacy of costs on insurance premiums, covering the costs of
clean-up in an event of leak in hazardous materials, or major environmental
disasters,
· Reviewing a company’s policy and controls on occupational health and safety
and the adequacy of provisions/expenditures on work cover.

© John Wiley & Sons Australia, Ltd 2019 4.21

 Chapter 4: Quality and standards of assurance engagements

4.32 Global Reporting Initiative (GRI) reporting 

Go to GRI’s Sustainability Disclosure Database at
http://database.globalreporting.org and search the database for Australian
mining companies. Choose six recent reports and comment on the nature and
extent of sustainability reporting and compliance with the GRI standards.

GRI’s Sustainability Disclosure Database provides users access to sustainability

reports, regardless of GRI status. Students should use the search tool using filters for
sector (mining), country (Australia) and report year (choose latest three years). From
the output, choose any six companies and access their latest sustainability report to
download. Students may use a table to summarise their findings. The answer would
depend on the six companies chosen from the database. For example:

Report
Company Nature of reporting Extent of reporting GRI status
year
The CSR section of the annual
26 pages disclosed within
Fortescue report covers a range of topics
2016 Annual Report. GRI index Core GRI-G4
Metals such as: ethics, people,
available on company’s website.
community and environment.
The CSR section of the annual
reports covers briefly safety
Gindalbie 1 page disclosed within Annual
2016 management, community Non GRI
Metals Report.
engagement and environmental
management.
The Sustainability Report
Paladin Separate 74 page Sustainability
2016 covers a wide range of topics in Core GRI-G4
Energy Report.
line with GRI-G4 reporting.
The Sustainable Development
Rio Tinto Report covers a wide range of Separate 99 page Sustainable
2016 Core GRI-G4
Coal topics in line with GRI-G4 Development Report.
reporting.
Briefly mentioned in Operations
Western Topics covered include Safety,
2016 Review section in Annual Non GRI
Areas Environment and Community.
Report.
A range of topics covered
Whitehaven 20 pages disclosed within
2016 including Safety, Community Non-GRI
Coal Annual Report.
and Environment.

© John Wiley & Sons Australia, Ltd 2019 4.22

Solutions manual to accompany Audit and assurance 1e by Leung et al.

Research question

4.33 Fraud and accountability

a. Develop a checklist for an organisation you are about to evaluate
regarding its level of risk in relation to fraud. Consult the latest
KPMG Fraud and Misconduct Survey.
b. Access the website of the AUASB and discuss its role in
promoting accountability for audit and assurance providers.

(1) The checklist to evaluate level of risk in relation to fraud should include:
• Staff turnover report and management actions;
• Frequency of reconciliation and discrepancy reporting;
• Policies of gifts, staff payments and authorisation procedures;
• Recruitment policies and reference checks;
• Staff leave arrangements;
• Electronic firewalls, password safeguards, limits checks;
• Requisitions and purchases controls, credit worthiness checks for suppliers and
customers;
• Management incentive schemes, possibility of management fraud
• Liquidity or cash flow problems, pricing policies, union disputes, labour
problems.
• Internal controls risks including failure of systems, reliance on external
supplier for system integrity, lack of internal expertise, lack of internal
checking mechanisms
• Staff morale and likely fraudulent activities, employee problems.
• Financial report risks including improper accruals, write offs, materiality
threshold, cut-off procedures, accounts receivables, inventory, ongoing losses.
• Other investment risks, transaction risks including insider trading.
• Risks relating to professional clearance and referrals

(2) The AUASB provides advice and updates regarding the matters such as quality
controls, standards, exposure drafts and developments from the international
standards setters. The AUASB gives assurance that the profession is actively
involved in improving standards and thus its image in relation to quality. Students
should access the AUASB site and become familiar with the features and services
it offered.

The role of AUASB in promoting accountability:

· It is the national auditing standards setting body – it gives the assurance of the
standards adhered to by auditors and assurance engagement providers.
· It works closely with the International Auditing and Assurance Standards
Board, hence it promotes the benchmarks towards which auditors in Australia
will use as a guide.
· It provides a vehicle in which the auditing firms seek advice and guidance in
relation to auditing practices.
· It is a public body to underpin the profession’s credibility in performance.

© John Wiley & Sons Australia, Ltd 2019 4.23