Knowledge Based Questions- Audit & Assurance

1.Explain the benefits of audit planning.

Answer:

An adequate planning benefits the audit of financial statements in several ways:

• Helping the auditor to devote appropriate attention to important areas of the audit.

• Helping the auditor to identify and resolve potential problems on a timely basis

• Helping the auditor to properly organize and manage the audit engagement so that
it is performed in an effective and efficient manner.

• Facilitating the direction and supervision of engagement team members and the
review of their work.

• Assisting, where applicable, in coordination of work done by experts

2. Explain the PURPOSE of an audit engagement letter and list FOUR items which
should be included in an audit engagement letter.

Answer:

Engagement letters

Purpose of an engagement letter

The letter of engagement outlines the responsibilities of both the audit firm and the
audit client. Its purpose is to:

• Minimise the risk of any misunderstanding between the auditor and the client

• Confirm acceptance of the engagement; and

• Forms the basis of the contract by outlining the terms and conditions of the
engagement.

Items to be included in an engagement letter

• The objective and scope of the audit

• The responsibilities of the auditor

• Responsibilities of management

• The basis on which the audit firm will calculate its fees

• Any restrictions on the auditor’s liability

3. In line with ISA 220 Quality Control for an Audit of Financial Statements, describe
the audit supervisor’s responsibilities in relation to supervising and reviewing the
audit assistants’ work during the audit.

Answer:

Supervision and review of the assistants’ work

Supervision

During the audit, the supervisor should keep track of the progress of the audit
engagement to ensure that the audit timetable is met and should ensure that the audit
manager and partner are kept updated of progress.

The competence and capabilities of individual members of the engagement team

should be considered, including whether they have sufficient time to carry out their
work, whether they understand their instructions and whether the work is being
carried out in accordance with the planned approach to the audit.

Review

The supervisor would be required to review the work completed by the assistants and
consider whether this work has been performed in accordance with professional
standards and other regulatory requirements and if the work performed supports the
conclusions reached and has been properly documented.

The supervisor should also consider whether all significant matters have been raised
for partner attention or for further consideration and where appropriate consultations
have taken place, whether appropriate conclusions have been documented.

4. Define and explain materiality and performance materiality.

Answer:

Materiality

Materiality is defined as follows: ‘Misstatements, including omissions, are considered

to be material if they, individually or in the aggregate, could reasonably be expected to
influence the economic decisions of users taken on the basis of the financial
statements.”

A misstatement may be considered material due to its size (quantitative) and/or due to
its nature (qualitative) or a combination of both. The quantitative nature of a
misstatement refers to its relative size. A misstatement which is material due to its
nature refers to an amount which might be low in value but due to its prominence and
relevance could influence the user’s decision, for example, directors’ transactions.

Performance materiality

Performance materiality is defined as follows: ‘The amount set by the auditor at less
than materiality for the financial statements as a whole to reduce to an appropriately
low level the probability that the aggregate of uncorrected and undetected
misstatements exceeds materiality for the financial statements as a whole’.

Hence performance materiality is set at a level lower than overall materiality for the
financial statements as a whole. It is used for testing individual transactions, account
balances and disclosures. The aim of performance materiality is to reduce the risk that
the total of all of the errors in balances, transactions and disclosures exceeds overall
materiality.

5. Explain why analytical procedures are used during THREE stages of an audit.

Answer:

Analytical procedures

Analytical procedures can be used at all stages of an audit, however, ISA 315 (Revised
2019) Identifying and Assessing the Risks of Material Misstatement and ISA 520
Analytical Procedures identify three stages.

During the planning stage, analytical procedures must be used as risk assessment
procedures to help the auditor to obtain an understanding of the entity and assess the
risk of material misstatement.

During the final audit, analytical procedures can be used to obtain sufficient
appropriate evidence. Substantive procedures can either be tests of detail or
substantive analytical procedures.

At the final review stage, the auditor must design and perform analytical procedures
which assist them when forming an overall conclusion as to whether the financial
statements are consistent with the auditor’s understanding of the entity.

6. Describe Auditor’s responsibilities in relation to the prevention and detection of

fraud and error.
Answer:

Fraud responsibility

The Audit firm is responsible for obtaining reasonable assurance that the financial
statements taken as a whole are free from material misstatement, whether caused by
fraud or error.

In order to fulfil this responsibility, the audit firm is required to identify and assess
the risks of material misstatement of the financial statements due to fraud.

They need to obtain sufficient appropriate audit evidence regarding the assessed risks
of material misstatement due to fraud through designing and implementing
appropriate responses. In addition, the audit firm must respond appropriately to fraud
or suspected fraud identified during the audit.

When obtaining reasonable assurance, the audit firm is responsible for maintaining
professional skepticism throughout the audit, considering the potential for
management override of controls and recognizing the fact that audit procedures which
are effective in detecting error may not be effective in detecting fraud.

7. Describe the process the audit firm should have undertaken to assess whether the
PRECONDITIONS for an audit were present when accepting the audit of new client.

Answer:

Preconditions for the audit

Auditors should only accept a new audit engagement when it has been confirmed that
the preconditions for an audit are present. To assess whether the preconditions for an
audit are present, the audit firm should have determined whether the financial
reporting framework to be applied in the preparation of client’s financial statements is
acceptable. In considering this, the auditor should have assessed the nature of the
entity, the nature and purpose of the financial statements and whether law or
regulation prescribes the applicable reporting framework.

In addition, the firm should have obtained the agreement of Prancer Construction Co’s
management that it acknowledges and understands its responsibility for the following:

-Preparation of the financial statements in accordance with the applicable financial

reporting framework, including where relevant, their fair presentation

-For such internal control as management determines is necessary to enable the

preparation of financial statements which are free from material misstatement,
whether due to fraud or error.
8.Define audit risk and the components of audit risk.

Answer:

Audit risk and the components of audit risk

Audit risk is the risk that the auditor expresses an inappropriate audit opinion when
the financial statements are materially misstated. Audit risk is a function of two main
components, being the risk of material misstatement and detection risk. The risk of
material misstatement is made up of a further two components, inherent risk, and
control risk.

Inherent risk is the susceptibility of an assertion about a class of transaction, account

balance or disclosure to a misstatement which could be material, either individually or
when aggregated with other misstatements before consideration of any related
controls.

Control risk is the risk that a misstatement which could occur in an assertion about a
class of transaction, account balance or disclosure and which could be material, either
individually or when aggregated with other misstatements, will not be prevented, or
detected and corrected, on a timely basis by the entity’s controls.

Detection risk is the risk that the procedures performed by the auditor to reduce audit
risk to an acceptably low level will not detect a misstatement which exists, and which
could be material, either individually or when aggregated with other misstatements.
Detection risk is affected by sampling and non‐sampling risk.

9.Describe the matters which should have been considered prior to accepting the audit
of new client.

Answer:

Matters to be considered prior to accepting the audit of Centipede Co

It sets out a number of processes which the auditor should perform prior to accepting
a new engagement.

The auditor should have considered any issues which might arise which could threaten
compliance with ACCA’s Code of Ethics and Conduct or any local legislation, such as
the level of fees from Centipede Co, to ensure it is not unduly reliant on these fees, as
well as considering whether any conflicts of interest arise with existing clients. If
issues arise, then their significance must be considered.

In addition, the firm should have considered whether it was competent to perform the
work and whether it has appropriate resources available, as well as any specialist skills
or knowledge required for the audit of Centipede Co.
Additionally, the auditor should have considered the level of risk attached to the audit
of Centipede Co and whether this was acceptable to the firm. As part of this, it should
have considered whether the expected audit fee was adequate in relation to the risk of
auditing Centipede Co.

Permission should have been obtained from Centipede Co’s management to contact
the previous auditor. If this was not given, the engagement should have been refused.
Once received, the response from the previous auditor should have been carefully
reviewed for any issues which could affect acceptance.

10.Explain the additional factors Amethyst & Co should consider during the audit in
relation to Aquamarine Co’s use of the payroll service organization.

Answer:

Payroll service organization

• The audit team should gain an understanding of the services being provided by Coral
Payrolls Co, including the materiality of payroll and the basis of the outsourcing
contract.

• They will need to assess the design and implementation of internal controls over
Aquamarine Co’s payroll at Cora Payrolls Co

• The team may wish to visit Coral Payrolls Co and undertake tests of controls to
confirm the operating effectiveness of the controls.

• Amethyst & Co is responsible for obtaining sufficient and appropriate evidence,

therefore no reference may be made in the auditor’s report regarding the use of
information from Coral Payrolls Co’s auditor.

11.Identify FIVE sources of information relevant to gaining an understanding and

describe how this information will be used by the auditor.

Answer:

Understanding an entity

Prior year financial statements

Provides information in relation to the size of a company as well as the key

accounting policies, disclosure notes and whether the audit opinion was modified or
not.

Discussions with the previous auditors/access to their files

Provides information on key issues identified during the prior year audit as well as the
audit approach adopted.

Company website

Recent press releases from the company may provide background on the business
during the year as this will help in identifying the key audit risks.

Discussions with management

Provides information in relation to the business, any important issues which have
arisen or changes to accounting policies from the prior year.

Review of board minutes

Provides an overview of key issues which have arisen during the year and how those
charged with governance have addressed them.

12.Explain the quality control procedures that Maple & Co should have in place during
the engagement performance.

Answer:

Quality control Briefing/direction of the team

The audit team should be informed of their responsibilities, the objectives of their
work, the nature of the client’s business and any other relevant information to enable
them to perform their work efficiently and effectively. This will enable them to identify
material misstatements and know which areas require greater attention.

Review of work

Each team member’s work should be reviewed by someone more senior. This is to
ensure the work has been to the required standard. The reviewer may identify
additional work that needs to be performed before a conclusion can be drawn reducing
the risk that material misstatements go undetected.

EQCR

An engagement quality control review will be necessary for listed clients and other
high risk clients, for example to provide an additional safeguard for clients where
independence issues have been identified. The engagement quality control reviewer
should be someone independent of the audit team who has no prior knowledge of the
client and is able to assess the judgmental areas of the audit with an objective mind.

Supervision – considering competence of team

 The audit supervisor will consider the competence of the audit team and will provide
additional coaching if required. The supervisor should be available for the team
members to refer to in case of any queries.

Documentation

Audit work must be documented to provide evidence that the work was performed in
accordance with professional standards and provides a basis for the audit opinion
issued. Documentation should enable an experienced auditor to understand the
nature, timing and extent of the procedures performed, the results of those
procedures and any significant judgments formed.

13.Explain the purpose of review engagements and how these differ from external
audits and describe the level of assurance provided by external audits and review
engagements.

Answer:

Review engagements

Review engagements are often undertaken as an alternative to an audit, and involve a

practitioner reviewing financial data, such as six‐monthly figures. This would involve
the practitioner undertaking procedures to state whether anything has come to their
attention which causes the practitioner to believe that the financial data is not in
accordance with the financial reporting framework.

A review engagement differs to an external audit in that the procedures undertaken

are not nearly as comprehensive as those in an audit, with procedures such as
analytical review and enquiry used extensively. In addition, the practitioner does not
need to comply with ISAs as these only relate to external audits.

Levels of assurance

The level of assurance provided by audit and review engagements is as follows:

External audit

This provides comfort that the financial statements present fairly in all material
respects (or are true and fair) and are free of material misstatements.

A high but not absolute level of assurance is provided. This is known as reasonable
assurance.

Review engagements
The practitioner gathers sufficient evidence to be satisfied that the subject matter is
plausible.

In this case negative assurance is given whereby the practitioner confirms that nothing
has come to their attention which indicates that the subject matter contains material
misstatements.

14.Explain the benefits of audit planning.

Answer:

Importance of audit planning

• It helps the auditor to devote appropriate attention to important areas of the audit.

• It helps the auditor to identify and resolve potential problems on a timely basis.

• It helps the auditor to properly organize and manage the audit engagement so that it
is performed in an effective and efficient manner.

• It assists in the selection of engagement team members with appropriate levels of

capabilities and competence to respond to anticipated risks and the proper assignment
of work to them.

• It facilitates the direction and supervision of engagement team members and the
review of their work.

• It assists, where applicable, in the coordination of work done by experts

15.For each of the THREE methods identified in the table:

(i) Describe the method for documenting internal control systems, and
(ii) (ii) Explain an ADVANTAGE of using this method.

Answer:

Description Advantages
Narrative notes Narrative notes consist of They are simple to record;
a written description of after discussion with staff
the system. They detail members, these
what occurs in the system discussions are easily
at each stage and include written up as notes.
details of any controls
which operate at each They can facilitate
stage understanding by all
members of the audit
 team, especially more
junior members who
might find alternative
methods too complex.

Flowcharts Flowcharts are With flowcharts it is easy

diagrammatic illustrations
of the internal control
system. Lines usually
demonstrate the sequence
of events and standard
symbols are used to
signify controls or
documents
Questionnaires Internal control
questionnaires (ICQs) or
internal control evaluation
questionnaires (ICEQs)
contain a list of questions
for each major transaction
cycle
ICQs are used to assess
whether controls exist
whereas ICEQs assess the
effectiveness of the
controls in place
to view the system in its
entirety as it is all
presented together in one
diagram.
Due to the use of standard
symbols for controls, it
can be effective in
identifying missing
controls
Questionnaires are quick
to prepare, which means
they are a timely method
for recording the system.
If drafted thoroughly they
ensure that all controls
present within the system
are considered and
recorded, hence missing
controls or deficiencies are
clearly highlighted by the
audit team

16.Describe FOUR matters the auditor may consider in determining whether a

deficiency in internal control is significant

Answer:

Significant deficiencies

Examples of matters the external auditor may consider in determining whether a

deficiency in internal controls is significant include:

• The likelihood of the deficiencies leading to material misstatements in the financial

statements in the future.

• The susceptibility to loss or fraud of the related asset or liability.

• The subjectivity and complexity of determining estimated amounts.

• The financial statement amounts exposed to the deficiencies.

• The importance of the controls to the financial reporting process.

• The interaction of the deficiency with other deficiencies in internal control.

17.List FOUR limitations of internal control components

Answer:

• Human error – mistakes made by those responsible for performing controls.

• Ineffective controls – controls which do not work as intended.

• Collusion of staff – staff work together (collude) to bypass the control of segregation
of duties.

• The abuse of power by those with ultimate controlling responsibility (management

override) − management may falsify accounting records or post unauthorized journals
to present a different result in the financial statements.

• Use of management judgment on the nature and extent of controls it chooses to

implement.

18.Explain why it is important for auditors to communicate throughout the audit with
those charged with governance; and (ii) Identify TWO examples of matters which the
auditor may communicate to those charged with governance.

Answer:

Importance of communicating with those charged with governance

• It assists the auditor and those charged with governance in understanding matters
related to the audit, and in developing a constructive working relationship. This
relationship is developed while maintaining the auditor’s independence and
objectivity.

• It helps the auditor in obtaining from those charged with governance, information
relevant to the audit. For example, those charged with governance may assist the
auditor in understanding the entity and its environment, in identifying appropriate
sources of audit evidence and in providing information about specific transactions or
events.
• It helps those charged with governance in fulfilling their responsibility to oversee the
financial reporting process, thereby reducing the risks of material misstatement of the
financial statements.

• It promotes effective two‐way communication between the auditor and those

charged with governance.

Matters to be communicated to those charged with governance.

• The auditor should explain the planned approach to the audit as well as the audit
timetable.

• Any key audit risks identified during the planning stage should be communicated.

• In addition, any significant difficulties encountered during the audit should be

communicated.

• Also,significant matters arising during the audit, as well as significant accounting

adjustments.

• During the audit, any significant deficiencies in the internal control system identified
should be communicated in writing or verbally.

• If any suspected frauds are identified during the audit, these must be communicated.

19.Compare and contrast the role of external and internal audit.

Answer:

External Audit Internal Audit

Objective Express an opinion on the
truth and fairness of the
financial statements in a
written report
Reporting Reports to shareholders
Availability of report Publicly available
Scope of work Verifying the truth and
fairness of the financial
statement
Improve the company's
operations by reviewing
the efficiency and
effectiveness of internal
controls
Reports to management or
those charged with
governance
Not publicly available.
Usually only seen by
management or those
charged with governance
Wide in scope and
dependent on
management's
requirements
 Appointment and removal By the shareholders of the By the audit committee or
company board of directors

20.Describe assignments the internal audit department could carry out.

Answer:

Value for money review – The IAD could be asked to assess whether Raspberry Co is
obtaining value for money in areas such as capital expenditure.

Review of financial/operational controls – The IAD could undertake reviews of

controls at head office and the power station and make recommendations to
management over such areas as the purchasing process as well as the payroll cycle.

IT system reviews – Raspberry Co is likely to have a relatively complex computer

system linking production data to head office. The IAD could be asked to perform a
review over the computer environment and controls.

Cash controls – Raspberry Co’s internal auditors could undertake controls testing over
cash payments. 70% of employees are paid in cash rather than bank transfer, therefore
on a weekly basis cash held is likely to be significant, therefore the cash controls in
payroll should be tested to reduce the level of errors.

Fraud investigations – The IAD can be asked to investigate any specific cases of
suspected fraud as well as review the controls in place to prevent/detect fraud.

21.Describe FOUR different types of control activities as given in ISA 315 (Revised
2019) Identifying and Assessing the Risks of Material Misstatement and, for each type,
provide an example control a company may implement.

Answer:

Control activities

Segregation of duties

Assignment of roles or responsibilities to ensure the tasks of authorizing and

recording transactions and maintaining custody of assets are carried out by different
people, thereby reducing the risk of fraud and error in the normal course of their
duties. For example, the payables ledger clerk recording invoices in the payables
ledger, and the finance director authorizing the payment of those purchase invoices.

Verifications
Controls which compare two or more items with each other or compare an item with a
policy. Verifications include information processing controls such as the use of batch
control totals when entering transactions into the system.

Authorization

Approval of transactions by a suitably responsible official or higher level of

management to ensure transactions are valid and genuine. For example, authorization
by a responsible official of all purchase orders.

Physical or logical controls

Restricting access to physical assets as well as computer programs and data files,
thereby reducing the risk of theft of assets or data. For example, cash being stored in a
safe which only a limited number of employees are able to access.

Reconciliations

Reconciliations compare two or more data elements to confirm completeness or

accuracy of the data. For example, the cash book being reconciled to the bank
statements on a regular basis to identify any discrepancies which can then be resolved
on a timely basis.

22.Explain the advantages and disadvantages for Equestrian Co of outsourcing the

internal audit department

Answer:

Outsourcing internal audit

Advantages

Staffing

Equestrian Co wishes to expand its internal audit department in terms of size and
specialist skills. If it outsources, there will be no need to spend money on recruiting
further staff as the service provider will provide the staff members.

Immediate solution

As the current internal audit department is small, outsourcing can provide the
number of staff needed straight away. If Equestrian Co was to recruit, it would take
more time to obtain the additional people required.

Skills and experience

 A service provider is likely to have a large pool of staff available to provide the
internal audit service to Equestrian Co and is likely to have staff with specialist skills
already available.

Cost control

Outsourcing can be an efficient means to control the costs of internal audit as any
associated costs such as training will be eliminated as the service provider will train its
own employees. In addition, the costs for the internal audit service will be agreed in
advance. This will ensure that Equestrian Co can budget accordingly.

Disadvantages

Existing internal audit department

Equestrian Co has an existing internal audit department. If the staff cannot be

redeployed elsewhere in the company, then they may need to be made redundant and
this could be costly for Equestrian Co. Staff may oppose the outsourcing if it results in
redundancies.

Increased costs

As well as the cost of potential redundancies, the internal audit fee charged by the
service provider may increase over time, proving to be very expensive.

Confidentiality

Knowledge of company systems and confidential data will be available to the service
provider. Although the engagement letter would include confidentiality clauses, this
may not stop breaches of confidentiality.

Control

Once outsourced, Equestrian Co will need to discuss areas of work and timings well in
advance with the service provider which means losing some control over the activities
of its internal audit department.

23.Explain examples of matters the auditor should consider in determining whether a

deficiency in internal controls is significant.

Answer:

Examples of matters the external auditor should consider in determining whether a

deficiency in internal controls is significant.
 • The likelihood of the deficiencies leading to material misstatements in the financial
statements in the future.

• The susceptibility to loss or fraud of the related asset or liability.

• The subjectivity and complexity of determining estimated amounts.

• The financial statement amounts exposed to the deficiencies.

• The volume of activity that has occurred or could occur in the account balance or
class of transactions exposed to the deficiency or deficiencies.

• The importance of the controls to the financial reporting process

24.Identify and briefly explain the FIVE components of an entity’s internal control.

Answer:

Control environment

The control environment refers to the set of controls, processes and structures that
address:

• how management’s oversight responsibilities are carried out

• the independence of and oversight over the entity’s system of internal control by
those charged with governance.

• the entity’s assignment of authority and responsibility

• how the entity attracts, develops and retains competent individuals,

Entity’s risk assessment process

The entity’s risk assessment process covers how the entity identifies business risks
relevant to financial reporting objectives, assesses the significance of those risks
including the likelihood of occurrence, and how the entity addresses those risks.

The entity’s process to monitor the system of internal control

Thisisthe client's ongoing process of evaluating the effectiveness of controls over time
and taking necessary remedial action in respect of control deficiencies. If the entity has
an internal audit function, it will assist with monitoring process.

The information system and communication

The information system and communication consists of all of the activities and
policies relevant to the preparation of financial statements. It includes the procedures
within both computerized and manual systems to initiate, record, process, and report
entity transactions. It also looks at how the entity communicates significant matters
that support the preparation of the financial statements and related reporting
responsibilities in the information system.

Control activities relevant to the audit

Control activities are designed to ensure proper application of policies in all the other
components of the entity’s system of internal control. These include segregation of
duties, verifications, reconciliations, physical or logical controls and authorizations.

25.List and explain the purpose of FOUR items that should be included on every
working paper prepared by the audit team.

Working papers

• Name of client – identifies the client being audited.

• Year‐end date – identifies the year‐end to which the audit working papers relate.

• Subject – identifies the area of the financial statements that is being audited, the
topic area of the working paper, such as receivables circularization.

• Working paper reference – provides a clear reference to identify the number of the
working paper.

• Preparer – identifies the name of the audit team member who prepared the working
paper, so any queries can be directed to the relevant person.

• Details of work performed – the audit tests performed along with sufficient detail of
items selected for testing.

• Results of work performed – whether any exceptions arose in the audit work and if
any further work is required.

• Conclusion – the overall conclusion on the audit work performed, whether the area is
true and fair.