Question 1

Your firm of Certified Public Accountants has recently gained a new audit client, Farai Limited
(Farai). The previous external auditors identified some employee fraud which had been
perpetrated by a group of employees over several years. The fraud was only discovered in last
year’s audit. As a result of the extensive fraud, Farai have developed an internal audit function
comprising a highly experienced chief internal auditor and two part-qualified staff. Your audit
partner is keen to ensure that this year you will work closely with the new internal audit function
to ensure that any further fraud is identified.

You are aware that ISA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of
Financial Statements, deals with an external auditor’s responsibilities however, both internal and
external auditors are required to deal with risks to the entity and this includes risks associated
with fraud and error.

REQUIRED:
(a) Explain how this new internal audit function can help Farai deal with the risk of fraud
and error.
 Internal audit can help management manage risks in relation to fraud and error by
commenting on
management’s own risk management processes and the appropriateness and effectiveness
of these
processes. They can also periodically review and audit the systems and/or operations to
determine the risks of fraud and error and make recommendations for improvement in
these systems and operations.
 Internal auditors can also specifically test areas where the management or audit
committee believes there is a serious risk of fraud or error and report back to
management or the audit committee on their findings.
 In practice, the work of internal audit focuses heavily on the systems of control set in
place to ensure adequate procedures are there for preventing, detecting and reporting of
fraud and error and as such they have a responsibility for identifying and reporting on
fraud and error.
 However, it should be recognised that many significant frauds by-pass normal internal
control processes e.g. management override of controls or management involvement in
fraud. These are much harder for the internal auditor to identify and report.
(b) Discuss the responsibilities of external auditors in respect of the risk of fraud and error
in an audit of financial statements.
I. External auditors are required by ISA 240 The Auditor’s Responsibilities Relating to
Fraud in an Audit of Financial Statements to consider the risks of material misstatements
in the financial statements due to fraud. Fraud is classified into two categories:
Misstatements arising from fraudulent financial reporting and Misstatements arising from

King Danny 1 | P a g e
 misappropriation of assets. In accordance with ISAs the auditor is required to identify and
assess the risks of material misstatement due
to fraud at the financial statement level and at the assertion level. The auditor must
determine overall
responses to address those risks and is required to design and perform further audit
procedures whose
nature, timing and extent are responsive to them

II. Their audit procedures will then be based on a risk assessment. Regardless of the risk
assessment, auditors are required to be alert to the possibility of fraud throughout the
audit and maintain an attitude of professional scepticism, notwithstanding the auditors’
past experience of the honesty and integrity of management and those charged with
governance. Members of the engagement team should discuss the susceptibility of the
entity’s financial statements to material misstatements due to fraud. The auditor is
responsible for maintaining professional scepticism throughout the audit, and must
consider the possibility of management of override of controls and recognise that audit
procedures effective for detecting errors may not be effective for detecting fraud.

III. The auditor is required to consider, as part of the planning, risk identification and
assessment process, the accounting and internal control systems that management has put
in place in order to address the risk of material misstatements in the financial report
arising from fraud. The auditor needs to be aware of the distinction between management
and employee fraud and where they uncover fraudulent activity they need to report to the
appropriate level of management - normally the Board or Audit Committee. As part of
the audit planning process, the audit team must discuss the susceptibility of the client's
financial statements to material misstatement by fraud.

IV. Auditors should consider fraud risk factors, unusual relationships, and assess the risk of
misstatements due to fraud, identifying any significant risks. Auditors should evaluate the
design of relevant internal controls, and determine whether they have been implemented.

V. Auditors should determine an overall response to the assessed risk of material

misstatements due to fraud and develop appropriate audit procedures, including testing
certain journal entries, reviewing estimates for bias, and obtaining an understanding of
the business rationale of significant transactions outside the normal course of business.
Appropriate management representations should be obtained.

VI. Auditors are only concerned with risks that might cause material error in the financial
statements. External auditors might therefore pay less attention than internal auditors to
small frauds (and errors), although they must always consider whether evidence of single
instances of fraud (or error) are indicative of more systematic problems

(c) Identify what additional roles the internal auditors may have within Farai.

 Assist with risk management, establishing and maintaining good systems of internal
control.
 Help with implementation of new accounting standards.

King Danny 2 | P a g e
  Review all policies and procedures to ensure best practice and better performance for the
organization.
 Audit areas not audited by external auditors specifically operational areas.
 Liaise with external auditors to improve audit quality and audit economy.
 Identify efficiencies in systems and processes through e.g. VFM or Best value audits.

Purpose and content of the engagement letter

Purpose
The engagement letter should define clearly the extent of the auditors’ responsibilities and so
minimize the possibility of any misunderstanding between the client and the auditors. In this
way it helps to reduce the expectation gap. It acts as a contract between the two parties and
provides written confirmation of the auditors’ acceptance of the appointment, the scope of the
audit, the form of their report and the scope of any non-audit services.
Content
The form and content of the letter of engagement may vary for each client, but they would
generally include reference to the following:

 The objective of the audit

 Management’s responsibilities
 The applicable financial reporting framework
 The scope of the audit (including reference to applicable legislation, regulations or
pronouncements of professional bodies to which the auditor adheres)
 The form of any reports or other communication of results of the engagement
 The fact that because of the test nature and inherent limitations of an audit, together with
the inherent limitations of any accounting and internal control system, there is an
unavoidable risk that some material misstatement may remain undiscovered
 Unrestricted access to records, documentation and other information requested in
connection with the audit
 Basis on which fees are computed and billing arrangements

King Danny 3 | P a g e
Question 6
A and C, Chartered Certified Accountants, recently held a staff training session on quality
control. The session concluded with staff being invited to raise matters from their
experience relating to the ethical rules on independence.
Some of these matters are given be low.

(i) Shortly before commencing the final audit of a large listed company, a junior staff
member on the audit team inherited a substantial number of shares in that company. No
action was taken because, although representing a large investment for the staff member
concerned, the number of shares was totally immaterial with respect to the company.
Moreover; the partner knew that when the company's results were announced the share
price would rise and he did not think it was fair to require the staff member to sell them
now.

(ii) The management accountant of another listed company client had an accident and was
away from work for three months. At the time of the accident the audit senior was winding
up the prior year's audit and, because of his familiarity with the company's management
accounting system, it was agreed that he would take over as management accountant for
the three months.

(iii) In its management letter to another audit client, A and C warned the company that
their computer system lacked essential controls. The company decided to install a totally
new computer system and A and C's management consultancy department was appointed
to design the new system.

(iv) A and C was recently approached by a large company that was not then an audit client,
for a second opinion. The company was in dispute with its existing auditors who were
proposing to issue a modified auditor's report because of disagreement over inventory
valuation. A and C's technical partner reviewed the evidence provided by the company and
advised the company that its accounting treatment was in order. Shortly afterwards A and
C were invited to accept nomination as auditors. The reply to the letter of enquiry to the
existing auditors made it clear that the inventory valuation dispute was not as
straightforward as the company had made it out to be.
Required:

(a) Discuss whether A and C may have impaired their independence or otherwise acted
unprofessionally in each of the situations described
Shareholding by staff member
While partners are not allowed to hold shares in client companies there is no specific prohibition
in the Code of Ethics on the holding of shares in audit clients by audit staff providing the staff
members concerned are not personally involved in the audit of such clients. However, some audit

King Danny 4 | P a g e
firms have adopted a prohibition on the holding of shares in audit clients by audit staff as an in-
house rule.

The argument that independence is not impaired because the holding is insignificant is incorrect.
If the holding is of such a size as is likely to influence the behaviour of the audit staff member,
then it is material. If the staff member was allowed to retain the shares then he or she should not
have been included in the audit team.

If the partner advised the staff member not to sell the shares until after the audit was completed,
then this would have been unethical and possibly illegal in that it constitutes insider dealing – the
use of privileged information to secure a personal advantage in the trading of shares.

Management accounting services

Preparation of accounting records on behalf of a listed or public interest company is normally
prohibited. An exception to this Rule allows such work to be performed in an emergency
situation which does not extend beyond the minimum period necessary and where every care was
taken that management accepted full responsibility for the work of the audit firm’s staff member.

It is more reasonable, however, to argue that the assignment of a staff member to the position of
management accountant is likely to breach the rules on independence. It amounts to a staff
member of the firm being engaged in making management decisions on behalf of the client. The
firm will thus be reporting on a statement of financial performance in which one of its own
employees had played an active part. A user of the financial statements might conclude that the
audit firm might have an incentive to conspire with management in concealing poor performance
attributable, in part, to the actions of its own staff member.

(Advice on controls)
This raises a controversial area in auditor independence. While the reporting of control
weaknesses discovered during the audit is a required procedure, advising on the development of
new systems to overcome those weaknesses is seen by some critics as a possible threat to
independence. There is both a general and a specific issue. The general issue is that audit firms
generate revenues from clients for both audit and non-audit work. However, contracts for non-
audit work are given by management. In performing the audit, the auditors may be reluctant to
disagree with management for fear of losing non-audit contracts. The specific issue is that known
as selfreview.

Since the firm designed the new internal control system, there is a presumption, when evaluating
control effectiveness at the next audit, that there will be no weaknesses in the system.

King Danny 5 | P a g e
While providing non-audit services by auditors is not prohibited, the firm should ensure that they
should not exceed the overall fee limit of 15% from any one client. However, they do stress that,
in advising the client, the audit firm must not make executive decisions. The implementation of
advice is the responsibility of management over which the auditor has no control. At the next
audit the auditor must check that the system has been properly put into operation and that it is
being operated effectively.

Advice to non-audit clients

Although A and B are not threatening their own independence their action is in breach of
professional rules. By offering advice they are prejudicing the independence of the auditors of
the company they are advising. This practice is sometimes referred to as ‘opinion shopping’ and
is carried out by companies in order to exert pressure on their existing auditors. When invited to
provide such advice, professional rules require A and B to communicate directly with the
company’s auditors to ensure that their advice is based on all available facts relevant to the
judgement. A and B are under an ethical responsibility to decline to be nominated as auditors and
to write to the company retracting the advice previously given in the light of further information.

(b) Briefly explain the term ‘confidentiality’ and explain the situations where an auditor
may disclose confidential information about a client.
Confidentiality is an implied term on auditors’ contracts with their clients. For this reason
auditors should not disclose confidential information to others persons, against their client’s
wishes. The obligation of the confidentiality continues even though a professional relationship
ended.

However, there are circumstances where auditor may disclose information to third parties
without obtaining permission. These are categorized as obligatory and voluntary disclosures.

Obligatory

Auditors are obliged to make disclosure where, for example, where there is a statutory right or
duty to disclose, such as if the auditor suspects the client is involved in money laundering,
terrorism or drug trafficking in which case they must notify the relevant authorities.

Auditors must make disclosure if compelled by the process law, for example under the court
order or summons, under which they are obliged to disclose information.

King Danny 6 | P a g e
Voluntary

In certain circumstances auditors are free, as opposed to obliged, to disclose information without
obtaining the client’s permission first. These circumstances can be categorized into the four areas
below.
Public interest – An auditor may disclose information which would otherwise be confidential if
disclosure can be justified in the ‘public interest’. This would be perhaps if those charged with
governance are involved in fraudulent activities.
Protect a member’s interest – Members/auditors may disclose information to defend themselves
against a negligence action, disciplinary proceedings or if suing for unpaid fees.
Authorized by statute/laws – There are cases of express statutory provision where disclosure of
information to a proper authority overrides the duty of confidentiality.
Non-governmental bodies – Auditors may be approached by non-governmental bodies seeking
information concerning suspected acts of misconduct not amounting to a crime or civil wrong.
Disclosure should only be made to those bodies with statutory powers to compel disclosure

King Danny 7 | P a g e
Question 8 solution below
Matambo & Co sells cars, car parts and petrol from 25 different locations in one country.
Each branch has up to 20 staff working there, although most of the accounting systems are
designed and implemented from the company’s head office. All accounting systems, apart
from petty cash, are computerised, with the internal audit department frequently advising
and implementing controls within those systems.

Matambo & Co has an internal audit department of six staff, all of whom have been
employed at Matambo & Co for a minimum of five years and some for as long as 15 years.
In the past, the chief internal auditor appoints staff within the internal audit department,
although the chief executive officer (CEO) is responsible for appointing the chief internal
auditor. The chief internal auditor reports directly to the finance director. The finance
director also assists the chief internal auditor in deciding on the scope of work of the
internal audit department.
Required:
(a) Explain the issues which limit the independence of the internal audit department in
Matambo & Co. Recommend a way of overcoming each issue.
Reporting system
The chief internal auditor reports to the finance director. This limits the effectiveness of the
internal audit reports as the finance director will also be responsible for some of the
financial systems that the internal auditor is reporting on. Similarly, the chief internal auditor
may soften or limit criticism in reports to avoid confrontation with the finance director.

To ensure independence, the internal auditor should report to an audit committee. (2 marks)
Scope of work
The scope of work of internal audit is decided by the finance director in discussion with the chief
internal auditor. This means that the finance director may try and influence the chief internal
auditor regarding the areas that the internal audit department is auditing, possibly directing
attention away from any contentious areas that the director does not want auditing.

To ensure independence, the scope of work of the internal audit department should be decided by
the chief internal auditor, perhaps with the assistance of an audit committee. (2 marks)

King Danny 8 | P a g e
Audit work
The chief internal auditor appears to be auditing the controls which were proposed by that
department. This limits independence as the auditor is effectively auditing his own work, and
may not therefore identify any mistakes.

To ensure independence, the chief internal auditor should not establish control systems in
Matambo. However, where controls have already been established, another member of the
internal audit should carry out the audit of petty cash to provide some limited independence. (2
marks)

Length of service of internal audit staff

All internal audit staff at Matambo have been employed for at least five years. This may limit
their effectiveness as they will be very familiar with the systems being reviewed and therefore
may not be sufficiently objective to identify errors in those systems.

To ensure independence, the existing staff should be rotated into different areas of internal audit
work and the chief internal auditor independently review the work carried out. (2 marks)

Appointment of chief internal auditor

The chief internal auditor is appointed by the chief executive officer (CEO) of Matambo. Given
that the CEO is responsible for the running of the company, it is possible that there will be bias
in the appointment of the chief internal auditor; the CEO may appoint someone who he knows
will not criticize his work or the company.

To ensure independence, the chief internal auditor should be appointed by an audit committee or
at least the appointment agreed by the whole board. (2 marks)

Part b)

King Danny 9 | P a g e
You are an audit manager in the internal audit department of Matambo & Co. You are
currently auditing the petty cash systems at the different branches. Your initial systems
notes on petty cash contain the following information:

1. The average petty cash balance at each branch is $5,000.

2. Average monthly expenditure is $1,538, with amounts ranging from $1 to $500.
3. Petty cash is kept in a lockable box on a bookcase in the accounts office.
4. Vouchers for expenditure are signed by the person incurring that expenditure to confirm
they have received re-imbursement from petty cash.
5. Vouchers are recorded in the petty cash book by the accounts clerk; each voucher
records the date, reason for the expenditure, amount of expenditure and person incurring
that expenditure.
6. Petty cash is counted every month by the accounts clerk, who is in charge of the cash.
The petty cash balance is then reimbursed using the ‘imprest’ system and the journal entry
produced to record expenditure in the general ledger.
7. The cheque to reimburse petty cash is signed by the accountant at the branch at the same
time as the journal entry to the general ledger is reviewed.
(b) Explain the internal control weaknesses in the petty cash system at Matambo & Co.
For each weakness, recommend a control to overcome that weakness.

Deficiency Control
The amount of cash held in the petty cash
The amount of the petty cash balance at
box is
each
high ($5,000) in comparison to the
branch should be reviewed. Based on an
average
average
monthly expenditure of ($1,538). This
monthly expense of $1,538, a balance of
increases the risk that the cash will be
$2,000
stolen or that errors will be made in
would seem reasonable.
counting.
The petty cash box is not physically
The petty cash box should be kept in the
secure as it is
branch
kept on a bookcase in the accounts office.
safe or in a locked drawer in the
This
accountant's desk.
increases the risk of theft.
Reimbursement for petty cash
All petty cash claims should be supported
expenditure takes
by a
place without evidence of the
receipt.
expenditure being

King Danny 10 | P a g e
incurred eg receipt. This may result in
false claims being made.
The petty cash vouchers are not
authorised – they
All petty cash vouchers should be
are only signed by the individual
authorised by the accounts clerk.
claiming
reimbursement.
In some instances significant items are
purchased
through petty cash (up to $500). These
are not Expenditure over a certain limit (eg $50)
authorised prior to the purchase being should be authorised in advance.
made. This
could result in unnecessary expense
being incurred by the business.
Petty cash vouchers should be pre-
There is no indication that the vouchers
numbered. On
are pre
entry into the petty cash book the
numbered, meaning that the branch
sequential
cannot confirm completeness of the
numbering should be checked to ensure
vouchers. Unauthorised claims could be
that all
made and then blamed on missing
expenditure has been completely
vouchers.
recorded.
There is a lack of segregation of duties.
The petty
The accountant should check the petty
cash is counted by the accounts clerk
cash count
who is also
to confirm the accuracy of the balance
responsible for the cash balance. There is
and ensure
no
that the asset is safeguarded.
additional independent check on the petty
cash balance.
Whilst the accountant confirms that the
cheque to
The petty cash vouchers should be
reimburse petty cash agrees to the journal
reviewed by the accountant to confirm
entry to
that the monthly petty cash expenditure
the general ledger, the petty cash
agrees to the reimbursement cheque and
vouchers are not
journal entries.
reviewed to support the amounts
involved.

King Danny 11 | P a g e