AUDIT AND ASSURANCE (ACCA)

KNOWLEDGE BASED QUESTIONS

Topic List
1) Professional scepticism
2) 5 Elements of assurance engagement
3) Review engagement VS External audit (Limited VS Reasonable Assurance)
4) Information sources auditor uses to gain understanding of client
5) Safeguards for conflict of interest
6) Matters to be considered by auditors prior to accepting a new audit client
7) Preconditions for an audit
8) Engagement letter (Purpose and Contents)
9) Reasons to revise the engagement letter
10) Matters to be included within the audit strategy document (other than audit risks)
11) Benefits of audit planning
12) Audit risk and components of audit risk
13) Materiality and Performance materiality
14) Analytical procedures used during three stages of an audit.
15) Auditor’s responsibilities in prevention and detection of fraud and error
16) Auditor’s responsibility in considering laws and regulations
17) Matters to be considered by auditor related to client’s use of external service organisation
18) Quality management procedures that auditors should have in place during the audit
19) Audit supervisor’s responsibilities in supervising and reviewing the audit assistants’ work
20) Assessing the need for an internal audit function
21) External VS Internal Audit
22) Internal audit services
23) Advantages and disadvantages of outsourcing the internal audit function
24) Impact of internal audit on external audit during interim and final audit
25) Why auditor needs to obtain an understanding of internal controls at client place
26) Five components of an entity's system of internal control
27) Limitations of internal control
28) Documenting internal control systems
29) Checking accuracy of flowcharts and system notes currently held in audit file (from prior year)
30) Objectives of internal control systems
31) Types of control activities
32) Information processing controls
33) Controls that can be implemented to reduce risk of payroll fraud
34) Matters to consider in determining whether an internal control deficiency is significant
35) Communication with those charged with governance throughout the audit
36) Factor to consider in determining the use of analytical procedures as a substantive procedure
37) Advantages and disadvantages of using automated tools and techniques for audit
38) Going concern indicators
39) Reliability of audit evidence
40) Items to be included on audit working paper

AA – KNOWLEDGE BASED QUESTIONS 1

1. Define the term ‘professional scepticism’.

Ans: Professional scepticism is defined in ISA 200 Overall Objectives of the Independent Auditor and
the Conduct of an Audit in Accordance with International Standards on Auditing as an attitude which
includes a questioning mind, being alert to conditions which may indicate possible misstatement due
to fraud or error, and a critical assessment of audit evidence.

2. Explain the five elements of an assurance engagement.

Ans:

➢ A three-party relationship comprising of:

• The intended user (shareholder), who is the person who requires the assurance report.
• The responsible party (management), which is the organisation responsible for preparing
the subject matter to be reviewed.
• The practitioner (auditor) who is the professional who will review the subject matter and
provide the assurance.
➢ A suitable subject matter: The subject matter is the data which the responsible party has prepared
and which requires verification.
➢ Suitable criteria: The subject matter is then evaluated or assessed against suitable criteria in order
for it to be assessed and an opinion provided.
➢ Sufficient and appropriate evidence: in order to give the required level of assurance.
➢ A written assurance report: containing the conclusion or opinion which is given by the practitioner
to the intended user.

3. Explain the purpose of review engagements and how these differ from external audits, and
describe the level of assurance provided by the two.

Ans:

Purpose
Review engagements are often undertaken as an alternative to an audit, and involve a practitioner
reviewing financial data, such as six-monthly figures. This would involve the practitioner undertaking
procedures to state whether anything has come to their attention which causes the practitioner to
believe that the financial data is not in accordance with the financial reporting framework.

Difference
A review engagement differs to an external audit in that the procedures undertaken are not nearly as
comprehensive as those in an audit, with procedures such as analytical review and enquiry used
extensively. In addition, the practitioner does not need to comply with ISAs as these only relate to
external audits.

AA – KNOWLEDGE BASED QUESTIONS 2

Levels of assurance
The level of assurance provided by audit and review engagements is as follows:

A. External audit:
This provides comfort that the financial statements present fairly in all material respects (or are true
and fair) and are free of material misstatements.

A high but not absolute level of assurance is provided. This is known as reasonable assurance.

B. Review engagements:
The practitioner gathers sufficient evidence to be satisfied that the subject matter is plausible.

In this case negative assurance is given whereby the practitioner confirms that nothing has come to
their attention which indicates that the subject matter contains material misstatements.

4. Identify sources of information relevant to gaining an understanding of client and describe how
this information will be used by the auditor.

Ans:

Prior year financial statements

Provides information in relation to the size of a company as well as the key accounting policies,
disclosure notes and whether the audit opinion was modified or not.

Discussions with the previous auditors/access to their files

Provides information on key issues identified during the prior year audit as well as the audit
approach adopted.

Prior year report to management

If this can be obtained from the previous auditors or from management, it can provide information
on the internal control deficiencies noted last year. If these have not been rectified by management,
then they could arise in the current year audit as well and may impact the audit approach.

Accounting systems notes/procedural manuals

Provides information on how each of the key accounting systems operates and this will be used to
identify areas of potential control risk and help determine the audit approach.

Discussions with management

Provides information in relation to the business, any important issues which have arisen or changes
to accounting policies from the prior year.

Review of board minutes

Provides an overview of key issues which have arisen during the year and how those charged with
governance have addressed them.

Current year budgets and management accounts

Provides relevant financial information for the year to date. It will help the auditor during the
planning stage for preliminary analytical review and risk identification.

AA – KNOWLEDGE BASED QUESTIONS 3

Company website
Recent press releases from the company may provide background on the business during the year as
this will help in identifying the key audit risks.

Financial statements of competitors

This will provide information about the company’s competitors, in relation to their financial results
and their accounting policies. This will be important in assessing the performance in the year and
also when undertaking the going concern review.

5. Explain the safeguards which auditors should implement to ensure that this conflict of interest is
appropriately managed.

Ans:

➢ Both client and its competitor should be notified that auditor firm would be acting as auditors for
each company and consent should be obtained from management of each company.
➢ Auditors should consider advising one or both clients to seek additional independent advice.
➢ Auditors must ensure it appoints separate engagement teams, with different engagement partners
and team members to each client; once an employee has worked on one audit, then they should
be prevented from being on the audit of the competitor for a period of time.
➢ Adequate procedures should be in place within the firm to prevent access to information, for
example, strict physical separation of both teams, confidential and secure data filing.
➢ Auditors must set out clear guidelines for members of each engagement team on issues of security
and confidentiality. These guidelines could be included within the audit engagement letters sent
to each client.
➢ Auditors should consider the use of confidentiality agreements signed by all members of the
engagement teams of client and the competitor.
➢ Work performed should be reviewed by an appropriate reviewer who is not involved in the audit
to assess whether key judgements and conclusions are appropriate.
➢ Regular monitoring of the application of the above safeguards should be undertaken by a senior
individual in audit firm who is not involved in either audit.

6. Matters to be considered by auditors prior to accepting a new audit client.

Ans: ISA 220 (Revised) Quality Management for an Audit of Financial Statements provides guidance
to audit firms on the steps it should have taken in accepting the new audit client.

The outgoing auditor’s response

Prior to accepting an audit engagement, the auditor is required to contact the previous auditors,
after obtaining permission from client, to ask for all information relevant to the decision as to
whether or not the firm should accept appointment. If the permission was not given, the
engagement should be refused.

AA – KNOWLEDGE BASED QUESTIONS 4

If permission is obtained, then the auditor should consider the outgoing auditor’s response to assess
whether there are any ethical or professional reasons why the firm should not accept appointment.

Management integrity
If audit firm’s engagement partner has reason to believe that client’s management lack integrity,
there is a greater risk of fraud and intimidation. Auditors need to consider management integrity
because if there are serious concerns regarding this, auditor firm must not accept the audit
engagement.

Pre-conditions for an audit

Auditors can only accept an audit engagement if the preconditions are present. The preconditions
confirm that management will use an acceptable financial reporting framework under which they
will prepare the financial statements and confirms that management acknowledges and understands
its responsibilities for:
• Preparing the financial statements in accordance with the applicable financial reporting
framework
• Internal control necessary for the preparation of the financial statements to be free from
material misstatement; and
• Providing the auditor with access to information relevant for the audit and access to staff within
the entity to obtain audit evidence. If the preconditions are not present, auditors cannot accept the
audit engagement.

Ethical consideration
The auditor must consider whether any issues might arise which could threaten compliance with
ACCA’s Code of Ethics and Conduct or any local legislation, such as the level of fees from client, to
ensure it is not unduly reliant on these fees, as well as considering whether any conflicts of interest
arise with existing clients. If issues arise, then their significance must be considered.

Independence and objectivity

The auditor must consider whether there are any threats to independence and objectivity which
cannot be reduced to an acceptably low level by the use of appropriate safeguards, such as if any of
audit firm’s staff have shares in client or are related to staff employed at client company. If such
threats are present and cannot be sufficiently mitigated, Auditors must not accept the audit
engagement.

Resources available at the time of the audit

Auditors must have adequate resources with the relevant experience available at the time the audit
of client is likely to be carried out. All audit staff deployed to the audit work must be capable of
carrying out the audit in accordance with International Standards on Auditing (ISAs). Audit firm must
also assess if they have any specialist skills or knowledge required specifically for the audit. If
adequate resources will not be available, auditors must not accept the audit engagement.

Level of risk
Audit firm should consider the level of risk attached to the audit of client and whether this is
acceptable to the firm. As part of this, it should consider whether the expected audit fee was
adequate in relation to the risk of auditing the client.

AA – KNOWLEDGE BASED QUESTIONS 5

7. ISA 210 Agreeing the Terms of Audit Engagements requires an auditor to establish whether the
preconditions for an audit are present prior to accepting an audit engagement. Describe the
preconditions for an audit that Audit firm should have established prior to accepting the audit of
client.

Ans: In order to establish whether the preconditions for an audit are present, audit firm must:

➢ Determine whether the financial reporting framework (for example IFRS®) to be applied by client
in the preparation of its financial statements is acceptable. In considering this, the auditor should
have assessed the nature of the entity, the nature and purpose of the financial statements and
whether law or regulation prescribes the applicable reporting framework, and
➢ Obtain the agreement of the management of client that they acknowledge and understand their
responsibility:
• for the preparation of the financial statements in accordance with the applicable financial
reporting framework, including where relevant their fair presentation.
• for the design and implementation of internal controls which management considers
necessary to enable client to prepare financial statements which are free from material
misstatement, whether due to fraud or error, and
• to provide Audit firm with access to all information which is relevant to the preparation of
the financial statements such as records, documentation and other matters. Access to
information includes any additional information which audit firm may request from
management for the purpose of the audit and an agreement to provide unrestricted access
to client’s staff in order that audit firm can obtain relevant evidence.

8. ISA 210 Agreeing the Terms of Audit Engagements requires an auditor to issue an audit
engagement letter. Explain the purpose of an audit engagement letter and list items which
should be included in an audit engagement letter.

Ans: The audit engagement letter outlines the nature of the contract between the audit firm and the
audit client. Its purpose is to minimize the risk of any misunderstanding of the terms of the
engagement between the auditor and the client and it confirms acceptance of the engagement. The
purpose of the engagement letter is to also set out the terms and conditions of the engagement and
the responsibilities of the auditor and management.

Matters which should be included in the engagement letter include:

➢ The objective and scope of the audit

➢ The auditor’s responsibilities
➢ Management’s responsibilities
➢ Identification of the applicable financial reporting framework for the preparation of the financial
statements.
➢ Expected form and content of any reports to be issued by the auditor and a statement that there
may be circumstances in which a report may differ from its expected form and content.
➢ Elaboration of the scope of the audit with reference to legislation
➢ The form of any other communication of results of the audit engagement
➢ The requirement for the auditor to communicate key audit matters in accordance with ISA 701
➢ Communicating Key Audit Matters in the Independent Auditor’s Report.

AA – KNOWLEDGE BASED QUESTIONS 6

➢ The fact that some material misstatements may not be detected
➢ Arrangements regarding the planning and performance of the audit, including the composition of
the audit team.
➢ The expectation that management will provide written representations
➢ The expectation that management will provide access to all information relevant to or affecting
the financial statements
➢ The basis on which fees are computed and any billing arrangements
➢ A request for management to acknowledge receipt of the audit engagement letter and to agree to
the terms of the engagement
➢ Arrangements concerning the involvement of internal auditors and other staff of the entity
➢ Any obligations to provide audit working papers to other parties
➢ Any restriction on the auditor’s liability
➢ Arrangements to make available draft financial statements and any other information.

9. Identify and explain factors which would indicate that an engagement letter for an existing
audit client should be revised.

Ans:

➢ Any indication that the entity misunderstands the objective and scope of the audit, as this
misunderstanding would need to be clarified.
➢ Any revised or special terms of the audit engagement, as these would require inclusion in the
engagement letter.
➢ A recent change of senior management or significant change in ownership. The letter is signed by
a director on behalf of those charged with governance. If there have been significant changes in
management, they need to be made aware of what the audit engagement letter includes.
➢ A significant change in nature or size of the entity’s business. The approach taken by the auditor
may need to change to reflect the change in the entity and this should be clarified in the
engagement letter.
➢ A change in legal or regulatory requirements. The engagement letter is a contract; hence if legal
or regulatory changes occur, then the contract could be out of date.
➢ A change in the financial reporting framework adopted in the preparation of the financial
statements. The engagement letter clarifies the role of auditors and those charged with
governance, it identifies the reporting framework of the financial statements and if this changes,
then the letter requires updating.
➢ A change in other reporting requirements. Other reporting requirements may be stipulated in the
engagement letter; hence if these change, the letter should be updated.

AA – KNOWLEDGE BASED QUESTIONS 7

10. Identify main areas, other than audit risks, which should be included within the audit strategy
document for a client, and for each area provide an example relevant to the audit.

Ans: The audit strategy sets out the scope, timing and direction of the audit and helps the
development of the audit plan. ISA 300 Planning an Audit of Financial Statements and the
conforming amendments of ISA 220 (Revised) set out areas which should be considered and
documented as part of the audit strategy document and are as follows:

Main characteristics of the engagement

The audit strategy should consider the main characteristics of the engagement, which define its
scope. The following are examples of things which should be included:

• Whether the financial information to be audited has been prepared in accordance with the
relevant financial reporting framework.

• Whether automated tools and audit techniques will be used and the effect of IT on audit
procedures.

• The availability of key personnel at client company.

Reporting objectives, timing and nature of communication

It should ascertain the reporting objectives of the engagement to plan the timing of the audit and
the nature of the communications required, such as:

• The audit timetable for reporting including the timing of interim and final stages.

• Organization of meetings with client’s management to discuss any audit issues arising.

• Any discussions with management regarding the reports to be issued.

• The timings of the audit team meetings and review of work performed.

Significant factors affecting the audit

The strategy should consider the factors which, in the auditor’s professional judgement, are
significant in directing audit team’s efforts, such as:

• The determination of materiality for the audit.

• The need to maintain a questioning mind and to exercise professional scepticism in gathering and
evaluating audit evidence.

Preliminary engagement activities and knowledge from previous engagements

It should consider the results of preliminary audit planning activities and, where applicable, whether
knowledge gained on other engagements for client is relevant, such as:

• Results of any tests over the effectiveness of internal controls.

• Evidence of management’s commitment to the design, implementation and maintenance of sound

internal controls.

• Volume of transactions, which may determine whether it is more efficient for the audit team to
rely on internal controls.

AA – KNOWLEDGE BASED QUESTIONS 8

• Significant business developments affecting client.

Nature, timing and extent of resources

The audit strategy should ascertain the nature, timing and extent of resources necessary to perform
the audit, such as:

• The human, technological and intellectual resources assigned.

• Assignment of audit work to the team members including the assignment of appropriately
experienced team members to areas where there may be higher risks of material misstatement.

• Setting the audit budget including appropriate time set aside for areas where there may be higher
risks of material misstatement.

11. ISA 300 Planning an Audit of Financial Statements provides guidance to assist auditors in
planning an audit. Explain the benefits of audit planning.

Ans: Audit planning is addressed by ISA 300 Planning an Audit of Financial Statements. It states that
adequate planning benefits the audit of financial statements in several ways:

➢ Helping the auditor to devote appropriate attention to important areas of the audit.
➢ Helping the auditor to identify and resolve potential problems on a timely basis.
➢ Helping the auditor to properly organise and manage the audit engagement so that it is
performed in an effective and efficient manner.
➢ Assisting in the selection of engagement team members with appropriate levels of capabilities
and competence to respond to anticipated risks and the proper assignment of work to them.
➢ Facilitating the direction and supervision of engagement team members and the review of their
work.
➢ Assisting, where applicable, in coordination of work done by experts.

12. Define audit risk and the components of audit risk.

Ans: Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the
financial statements are materially misstated. Audit risk is a function of two main components, being
the risk of material misstatement and detection risk. Risk of material misstatement is made up of a
further two components, inherent risk and control risk.

Inherent risk is the susceptibility of an assertion about a class of transaction, account balance or
disclosure to a misstatement which could be material, either individually or when aggregated with
other misstatements, before consideration of any related controls.

Control risk is the risk that a misstatement which could occur in an assertion about a class of
transaction, account balance or disclosure and which could be material, either individually or when
aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely
basis by the entity’s controls.

AA – KNOWLEDGE BASED QUESTIONS 9

Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an
acceptably low level will not detect a misstatement which exists and which could be material, either
individually or when aggregated with other misstatements. Detection risk is affected by sampling and
non-sampling risk.

13. Define and explain materiality and performance materiality.

Ans: Materiality and performance materiality are dealt with under ISA 320 Materiality in Planning
and Performing an Audit. Auditors need to establish the materiality level for the financial statements,
as well as assess performance materiality levels, which are lower than the overall materiality for the
financial statements as a whole.

Materiality
Materiality is defined in ISA 320 as follows: ‘Misstatements, including omissions, are considered to be
material if they, individually or in the aggregate, could reasonably be expected to influence the
economic decisions of users taken on the basis of the financial statements.’
If the financial statements include a material misstatement, then they will not present fairly (give a
true and fair view) the position, performance and cash flows of the entity.

A misstatement may be considered material due to its size (quantitative) and/or due to its nature
(qualitative) or a combination of both. The quantitative nature of a misstatement refers to its relative
size. A misstatement which is material due to its nature refers to an amount which might be low in
value but due to its prominence and relevance could influence the user’s decision, for example,
directors’ transactions.

As per ISA 320, materiality is often calculated using benchmarks such as 5% of profit before tax or 1%
of total revenue or total assets. These values are useful as a starting point for assessing materiality,
however, the assessment of what is material is ultimately a matter of the auditor’s professional
judgement. It is affected by the auditor’s perception of the financial information, the needs of the
users of the financial statements and the perceived level of risk; the higher the risk, the lower the
level of overall materiality.

In assessing materiality, the auditor must consider that a number of errors each with a low value
may, when aggregated, amount to a material misstatement.

Performance materiality
Performance materiality is defined in ISA 320 as follows: ‘The amount set by the auditor at less than
materiality for the financial statements as a whole to reduce to an appropriately low level the
probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for
the financial statements as a whole.’

Hence performance materiality is set at a level lower than overall materiality for the financial
statements as a whole. It is used for testing individual transactions, account balances and
disclosures. The aim of performance materiality is to reduce the risk that the total of all of the errors
in balances, transactions and disclosures exceeds overall materiality.

AA – KNOWLEDGE BASED QUESTIONS 10

14. Explain why analytical procedures are used during three stages of an audit.

Ans: Analytical procedures can be used at all stages of an audit, however, ISA 315 (Revised 2019)
Identifying and Assessing the Risks of Material Misstatement and ISA 520 Analytical Procedures
identify three particular stages.

During the planning stage, analytical procedures must be used as risk assessment procedures in order
to help the auditor to obtain an understanding of the entity and assess the risk of material
misstatement.

During the final audit, analytical procedures can be used to obtain sufficient appropriate evidence.
Substantive procedures can either be tests of detail or substantive analytical procedures.

At the final review stage, the auditor must design and perform analytical procedures which assist them
when forming an overall conclusion as to whether the financial statements are consistent with the
auditor’s understanding of the entity.

15. Describe audit firm’s responsibilities in relation to the prevention and detection of fraud and
error.

Ans:

➢ Auditor must conduct an audit in accordance with ISA 240 The Auditor’s Responsibilities Relating
to Fraud in an Audit of Financial Statements and are responsible for obtaining reasonable
assurance that the financial statements taken as a whole are free from material misstatement,
whether caused by fraud or error.
➢ Auditor is required to identify and assess the risks of material misstatement of the financial
statements due to fraud.
➢ The auditor needs to obtain sufficient appropriate audit evidence regarding the assessed risks of
material misstatement due to fraud, through designing and implementing appropriate responses.
➢ Auditor must respond appropriately to fraud or suspected fraud identified during the audit, for
example, the fraud regarding the purchase of assets for personal use identified by Client.
➢ When obtaining reasonable assurance, Auditor is responsible for maintaining professional
skepticism throughout the audit, considering the potential for management override of controls
and recognizing the fact that audit procedures which are effective in detecting error may not be
effective in detecting fraud.
➢ To ensure that the whole engagement team is aware of the risks and responsibilities for fraud and
error, ISAs require that a discussion is held within the team.
➢ Auditor must report any actual or suspected fraud to appropriate parties.

AA – KNOWLEDGE BASED QUESTIONS 11

16. Explain the auditor’s responsibility to consider laws and regulations in an audit of the financial
statements.

Ans:

➢ The auditor must perform audit procedures to help identify non-compliance with laws and
regulations that may have a material impact on the financial statements.
➢ The auditor must obtain sufficient, appropriate evidence regarding compliance with laws and
regulations that have a direct effect on the financial statements e.g. the requirement to separately
disclose directors’ bonuses.
➢ The auditor must perform audit procedures to help identify non-compliance with other laws and
regulations that may have a material impact on the financial statements.
➢ Where the auditor becomes aware of non-compliance with laws and regulations they must obtain
an understanding of the act and circumstances in which it occurred and evaluate the effect on the
financial statements.
➢ The auditor must report non-compliance to management and those charged with governance.
➢ If the non-compliance has a material effect on the financial statements, the auditor must modify
the audit opinion with a qualified or adverse opinion.
➢ The auditor must consider whether they have any legal or ethical responsibility to report non-
compliance to third parties.

17. Explain factors that auditors should consider during the audit in relation to client’s use of the
external service organization.

Ans:

➢ The audit team should gain an understanding of the services being provided by the outsourcing
company, including the materiality of figures involved and the basis of the outsourcing contract.
➢ They will need to assess the design and implementation of internal controls that outsourcing
company places over the client’s data.
➢ The audit team may consider a visit to outsourcing company and undertake tests of controls to
confirm the operating effectiveness of the controls.
➢ If this is not possible, auditors should contact outsourcing company’s auditors to request either a
type 1 (report on description and design of controls) or type 2 report (on description, design and
operating effectiveness of controls).
➢ Auditor is responsible for obtaining sufficient and appropriate evidence, therefore no reference
may be made in the auditor’s report regarding the use of information from outsourcing company’s
auditors.

AA – KNOWLEDGE BASED QUESTIONS 12

18. Explain the quality management procedures that auditors should have in place during the
engagement performance.

Ans:

Briefing/direction of the team

The audit team should be informed of their responsibilities, the objectives of their work, the nature
of the client’s business and any other relevant information to enable them to perform their work
efficiently and effectively. This will enable them to identify material misstatements and know which
areas require greater attention. The audit team should also be informed of their responsibility to
contribute to the quality of the audit and that threats to quality should not result in failure to
perform planned procedures.

Supervision – tracking the progress of the audit

The audit supervisor should keep track of the progress of the audit in order to ensure the work is
being completed on time or whether action needs to be taken such as bringing in additional staff to
help complete the work or whether to agree an extended deadline with the client.

Supervision – addressing significant matters

The audit supervisor will also ensure that significant matters are being dealt with promptly. If issues
are resolved as soon as they are identified the audit is more likely to be completed within the agreed
timeframe.

Supervision – considering competence of team

The audit supervisor will consider the competence of the audit team and will provide additional
coaching if required. Where necessary, work may need to be reassigned to a more experienced team
member. The supervisor should be available for the team members to refer to in case of any queries.

Consultation
Consultation will be required where the team does not have the necessary expertise. The audit
supervisor should identify any areas where consultation with an expert is required and make
arrangements for such consultation whether this is referring the matter to another person within the
audit firm or using an external expert.

Review of work
Each team member’s work should be reviewed by someone more senior. This is to ensure the work
has been to the required standard. The reviewer may identify additional work that needs to be
performed before a conclusion can be drawn reducing the risk that material misstatements go
undetected.

EQR
An engagement quality review will be necessary for listed clients and other high-risk clients, for
example to provide an additional safeguard for clients where independence issues have been
identified.

The engagement quality reviewer should be someone independent of the audit team who has no
prior knowledge of the client and is able to assess the judgmental areas of the audit with an
objective mind. The EQR will review the proposed audit opinion and assess whether there is
sufficient appropriate evidence to support that opinion before it is issued.

AA – KNOWLEDGE BASED QUESTIONS 13

Documentation
Audit work must be documented to provide evidence that the work was performed in accordance
with professional standards and provides a basis for the audit opinion issued. Documentation should
enable an experienced auditor to understand the nature, timing and extent of the procedures
performed, the results of those procedures and any significant judgements formed. If the auditor’s
report is called into question at a later date, the audit documentation should be able to prove that
the auditor had performed the audit to the required level of quality. Documentation therefore
provides protection in the event of a negligence claim.

19. In line with ISA 220 (Revised) Quality Management for an Audit of Financial Statements, describe
the audit supervisor’s responsibilities in relation to supervising and reviewing the audit
assistants’ work during the audit of a client.

Ans:

Supervision
During the audit, the supervisor should keep track of the progress of the audit engagement to ensure
that the audit timetable is met and should ensure that the audit manager and partner are kept
updated of progress.

The competence and capabilities of individual members of the engagement team should be
considered, including whether they have sufficient time to carry out their work, whether they
understand their instructions and whether the work is being carried out in accordance with the
planned approach to the audit.

In addition, part of the supervision process should involve addressing any significant matters arising
during the audit, considering their significance and modifying the planned approach appropriately.

The supervisor would also be responsible for identifying matters for consultation or consideration by
the audit manager or engagement partner of client.

Review
The supervisor would be required to review the work completed by the assistants and consider
whether this work has been performed in accordance with professional standards and other
regulatory requirements and if the work performed supports the conclusions reached and has been
properly documented.

The supervisor should also consider whether all significant matters have been raised for partner
attention or for further consideration and where appropriate consultations have taken place,
whether appropriate conclusions have been documented.

AA – KNOWLEDGE BASED QUESTIONS 14

20. Explain the factors to be taken into consideration when assessing the need for an internal audit
function.

Ans:

Scale, diversity and complexity of activities

The more complex and diverse the activities of the company, the greater the need for internal checks
which can be performed by an internal audit function.

Number of employees
If the company employs a large number of people, the risk of fraud and error increases. An internal
audit function may be beneficial as it will act as a deterrent for fraud and may detect frauds through
the work performed.

Cost/benefit considerations
If the cost of running an internal audit function outweighs the benefits obtained, the directors may
decide there is no need for one.

Level of assurance required by management

Senior management may want to have assurance that the controls of the company are adequate and
receive advice on risk and control to help them fulfil their responsibilities.

Corporate governance
The desire to be seen to be adopting best practice voluntarily to increase confidence of shareholders
and other stakeholders.

AA – KNOWLEDGE BASED QUESTIONS 15

21. Compare and contrast the role of external and internal audit.

Ans:

22. Describe assignments the internal audit department (IAD) could carry out.

Ans:

Value for money review

The IAD could be asked to assess whether client is obtaining value for money in areas such as asset
expenditure.

Review of financial/operational controls

The IAD could undertake reviews of controls at head office and the power station and make
recommendations to management over such areas as the purchasing process as well as the payroll
cycle.

Monitoring asset levels

The IAD could undertake physical verification of property, plant and equipment (PPE) at the
production site and head office and compare the assets seen to the PPE register. There is likely to be

AA – KNOWLEDGE BASED QUESTIONS 16

a significant level of PPE and the asset register must be kept up to date to ensure continuous
production. If significant negative differences occur, this may be due to theft or fraud.

Regulatory compliance
Client will be subject to many laws and regulations such as health and safety, environmental
legislation etc. The IAD could help to monitor compliance with these regulations.

IT system reviews
Client is likely to have a relatively complex computer system. The IAD could be asked to perform a
review over the computer environment and controls.

Cash controls
Client’s internal auditors could undertake controls testing over cash payments, especially when the
client deals with a lot of cash transactions than bank (cash sales, cash payments, cash payroll).
Therefore, on a weekly basis cash held is likely to be significant, therefore the cash controls should be
tested to reduce the level of errors.

Fraud investigations
The IAD can be asked to investigate any specific cases of suspected fraud as well as review the
controls in place to prevent/detect fraud.

23. Explain the advantages and disadvantages of outsourcing the internal audit department.

Ans:

ADVANTAGES

Staffing
If it outsources, there will be no need to spend money on recruiting further staff as the service
provider will provide the staff members.

Immediate solution
Outsourcing can provide the number of staff needed straight away. If client were to recruit, it would
take more time to obtain the additional people required.

Skills and experience

A service provider are likely to have a large pool of staff available to provide the internal audit service
to client and is likely to have staff with specialist skills already available.

Cost control
Outsourcing can be an efficient means to control the costs of internal audit as any associated costs
such as training will be eliminated as the service provider will train its own employees. In addition,
the costs for the internal audit service will be agreed in advance. This will ensure that client can
budget accordingly.

AA – KNOWLEDGE BASED QUESTIONS 17

Flexibility
If the internal audit department is outsourced, client will have total flexibility in its internal audit
service. Staff can be requested from the service provider to suit the company’s workload and
requirements. This will ensure that, when required, extra staff are readily available for as long or
short a period as needed.

DISADVANTAGES

Existing internal audit department

If client already has an internal audit department, and if the staff cannot be redeployed elsewhere in
the company, then they may need to be made redundant and this could be costly for client. Staff may
oppose the outsourcing if it results in redundancies.

Increased costs
As well as the cost of potential redundancies, the internal audit fee charged by the service provider
may increase over time, proving to be very expensive.

Knowledge of company
The service provider will allocate available staff members to work on the internal audit assignment.
This may mean that each visit the staff members are different and hence they may not fully
understand the systems of client. This will decrease the quality of the services provided and increase
the time spent by client’s employees in explaining the system to the internal auditors.

Loss of in-house skills

If the current internal audit team is not deployed elsewhere in the company, valuable internal audit
knowledge and experience may be lost. If client then decided at a future date to bring the service
back in-house, this might prove to be too difficult.

Confidentiality
Knowledge of company systems and confidential data will be available to the service provider.
Although the engagement letter would include confidentiality clauses, this may not stop breaches of
confidentiality.

Control
Once outsourced, client will need to discuss areas of work and timings well in advance with the
service provider which means losing some control over the activities of its internal audit department.

AA – KNOWLEDGE BASED QUESTIONS 18

24. Explain the potential impact on the work performed by audit firm during the interim and final
audits if client was to establish an internal audit department.

Ans:

Interim audit
External auditors could look to rely on any internal control documentation produced by internal audit
(IA) to assess whether the control environment has changed during the year.

If the IA department has performed testing during the year on internal control systems, such as the
payroll, sales, and purchase systems, then external auditors could review and possibly place reliance
on this work. This may result in the workload reducing and possibly a decrease in the external audit
fee.

During the interim audit, external auditors would need to perform a risk assessment to assist in the
planning process. It is possible that the IA department may have conducted a risk assessment and so
external auditors could use this as part of its initial planning process.

External auditors would need to consider the risk of fraud and error and non-compliance with law
and regulations resulting in misstatements in the financial statements. This is also an area for IA to
consider, hence there is scope for external auditors to review the work and testing performed by IA
to assist in this risk assessment.

Final audit
It is possible that the IA department may assist with year-end inventory counting and controls and so
external auditors can place some reliance on the work performed by them. External auditors will still
need to attend the count and perform its own reduced testing.

25. Explain why the auditor needs to obtain an understanding of the components of internal
control relevant to the preparation of financial statements.

Ans:

➢ One component of audit risk is control risk. To assess control risk the auditor must understand the
components of internal control such as the control environment, control activities, etc.
➢ If the client’s system of internal control is weak, there is a greater risk of material misstatement
within the financial statements as the control system will not have prevented or detected and
corrected the misstatements occurring.
➢ If the controls are not effective the auditor cannot rely on the controls as a source of audit evidence
and therefore a more substantive approach must be taken to obtaining sufficient and appropriate
audit evidence.
➢ If the control system is effective, reliance can be placed on the controls and less substantive
evidence will be required.

AA – KNOWLEDGE BASED QUESTIONS 19

26. ISA 315 (Revised 2019) Identifying and Assessing the Risks of Material Misstatement states that
an entity's system of internal control consists of five components. Describe the five components
of an entity's system of internal control.

Ans:

Control environment
The control environment includes the governance and management functions and the attitudes,
awareness, and actions of those charged with governance and management concerning the entity’s
system of internal control and its importance in the entity. The control environment sets the tone of
an organisation, influencing the control consciousness of its people and provides the overall
foundation for the operation of other components.

The control environment encompasses many elements such as:

➢ how management’s responsibilities are carried out (such as creating and maintaining the
entity’s culture and demonstrating management’s commitment to integrity and ethical
values)
➢ how those charged with governance demonstrate independence from management and
exercise oversight of the entity’s system of internal control
➢ how the entity assigns authority and responsibility in pursuit of its objectives
➢ how the entity attracts, develops, and retains competent individuals in alignment with its
objectives
➢ how the entity holds individuals accountable for their responsibilities in pursuit of the
entity’s system of internal control.

Entity’s risk assessment process

The entity’s risk assessment process is an iterative process for identifying and analysing risks to
achieve the entity’s objectives and forms the basis for determining the risks to be managed. For
financial reporting purposes, the entity’s risk assessment process includes how management
identifies business risks relevant to the preparation of financial statements in accordance with the
entity’s applicable financial reporting framework. It estimates their significance, assesses the
likelihood of their occurrence, and decides upon actions to respond to and manage them and the
results thereof.

Entity’s process to monitor the system of internal control

Monitoring of controls is a continual process to assess the effectiveness of internal control
performance over time. It involves assessing the effectiveness of controls and taking necessary
remedial actions on a timely basis. Management accomplishes the monitoring of controls through
ongoing activities, separate evaluations, or a combination of the two.

Ongoing monitoring activities are often built into the normal recurring activities of an entity and
include regular management and supervisory activities.

Information system and communication

The information system relevant to the preparation of the financial statements consists of the
activities, policies and records designed and established to initiate, record, process, and report entity
transactions (as well as events and conditions) and to maintain accountability for the related assets,
liabilities, and equity.

AA – KNOWLEDGE BASED QUESTIONS 20

Communication which involves providing an understanding of individual roles and responsibilities
may be through policy and accounting and financial reporting manuals. It may be made
electronically, orally or through management actions.

Control activities
Control activities include controls which are designed to ensure proper application of policies in all
the components of the entity’s system of internal control and include both direct and indirect
controls. Control activities include information processing controls and general IT controls and may
be manual or automated in nature.

They have various objectives and are applied at various organisational and functional levels. They
may include authorisation and approvals, reconciliations, verifications, physical or logical controls
and/or segregation of duties.

27. Describe the limitations of internal control.

Ans:

Human error in the design of or application of an internal control (Ineffective Controls)

An entity may have an adequate internal control process over a particular area of the financial
statements. However, human error in applying that control gives rise to an inherent limitation, for
example a staff member may review a bank reconciliation but not identify an error.

There may also be a flaw in the design of internal control whereby there is an error in the design of,
or change to, an internal control which means it does not operate as intended.

Circumvention of internal control

No system of internal control will be completely effective at preventing and detecting fraud and
error. Employees may manipulate deficiencies in an entity’s internal control for personal gain or to
conceal fraudulent activity. This is more likely to be possible where there is collusion between
employees.

Management override of internal control

Management is in a position of power to override an entity’s internal control regardless of the
strength of the system of internal control. Such management override could be to conceal
information or for personal financial gain.

Use of judgement on the nature and extent of controls

Management is responsible for implementing controls which are designed to prevent, detect and
correct material misstatements and safeguard the company’s assets. Professional judgement will be
needed to determine the type and extent of internal controls needed within the company and
certain controls may be absent or ineffective. Systems may be designed to deal with routine
transactions and may therefore be inadequate in respect of non-routine transactions.

AA – KNOWLEDGE BASED QUESTIONS 21

28. Describe the methods for documenting internal control systems and for each explain a
advantage and disadvantage of using this method.

Ans:

Narrative Notes
Narrative notes consist of a written description of the system. They detail what occurs in the system
at each stage including related controls which operate at each stage.

Advantage: They are simple to record; after discussion with staff members, these discussions are easily
written up as notes. They can facilitate understanding by all members of the audit team, especially
more junior members who might find alternative methods too complex.

Disadvantage: They may prove to be time consuming and cumbersome if the internal control system
is complex or heavily automated. It may make it more difficult to identify if any internal controls are
missing in narrative notes as the notes record the detail but do not identify control exceptions clearly.

Flowcharts
Flowcharts are a diagrammatic illustration of the internal control system. Lines usually demonstrate
the sequence of events and standard symbols are used to signify controls or documents.

Advantage: With flowcharts it is easy to view the system in its entirety as it is all presented together in
one diagram. Due to the use of standard symbols for controls, it can be effective in identifying missing
controls.

Disadvantages: They can sometimes be difficult to amend, as any amendments may require the whole
flowchart to be redrawn. There is still the need for narrative notes to accompany the flowchart and
hence it can be a time-consuming method.

Questionnaires
Internal control questionnaires (ICQs) or internal control evaluation questionnaires (ICEQs) contain a
list of questions for each major transaction cycle. ICQs contain a list of questions for each major
transaction cycle and are used to assess whether controls exist whereas ICEQs assess the effectiveness
of the controls in place.

Advantage: Questionnaires are quick to prepare, which means they are a timely method for recording
the system. If drafted thoroughly they ensure that all controls present within the system are considered
and recorded, hence missing controls or deficiencies are clearly highlighted by the audit team.

Disadvantage: Internal controls may be overstated by client staff if they are aware that the auditor is
looking for a ‘yes’. Unusual or bespoke controls may not be included on a standard questionnaire and
hence may not be identified. The checklist may contain a number of irrelevant controls not related to
the client as well, which may give an outcome of ‘no’ for many questions.

AA – KNOWLEDGE BASED QUESTIONS 22

29. Steps that auditor must take to confirm whether flowcharts and system notes currently held in
audit file (from prior year) are accurate.

Ans:

➢ Obtain the system notes from last year’s audit and ensure that the documentation on the
purchases and payables system covers all expected stages and is complete.
➢ Review the audit file for indications of weaknesses in the system and note these for investigation
this year.
➢ Review the prior year report to management to identify any recommendations which were made
over controls in this area as this may highlight potential changes which have been made in the
current year.
➢ Obtain system documentation from the client, potentially in the form of a procedure manual.
Review this to identify any changes made in the last 12 months.
➢ Interview client staff to ascertain whether systems and controls have changed to ensure that the
flowcharts and notes produced last year is correct.
➢ Perform walk-through tests by tracing a sample of transactions through the system to ensure that
the flowcharts and systems notes contained on the audit file are accurate.
➢ During the walk-through tests, confirm the systems notes and flowcharts accurately reflect the
control procedures which are in place and can be used to identify controls for testing.

30. Control objectives of internal control systems

Ans:

Bank and Cash System

➢ To ensure that all valid cash receipts are received and banked promptly.
➢ To ensure all cash receipts are recorded in the bank ledger account.
➢ To ensure that all receipts are recorded at the correct amounts in the bank ledger account.
➢ To ensure that cash receipts are correctly posted to the general ledger.
➢ To ensure that cash receipts are recorded in the correct accounting period.
➢ To ensure that cash is safeguarded to prevent theft.
➢ Petty cash levels are kept to a minimum, preventing theft.
➢ Payments can only be made for legitimate business expenditure.
➢ Cash can only be withdrawn for business purposes.
➢ Cash movements are recorded on a timely basis.

Inventory System

➢ Inventory levels meet the needs of production (raw materials and components) and customer
demand (finished goods).
➢ Inventory levels are not excessive, preventing obsolescence and unnecessary storage costs.
➢ Inventory is safeguarded from theft, loss or damage.
➢ Inventory received and despatched is recorded on a timely basis.
➢ All inventory is recorded.
➢ Inventory should be recorded at the appropriate value.
➢ Only inventory owned by the company is recorded.

AA – KNOWLEDGE BASED QUESTIONS 23

Payroll System

Non-Current Asset System

➢ Assets are only purchased if there is a business need.

➢ Assets are purchased at an appropriate price.
➢ The company can afford the asset expenditure proposed.
➢ Asset expenditure is appropriately treated in the accounting records.
➢ Asset expenditure is completely and accurately recorded in the accounting records.
➢ Assets are covered by adequate insurance to prevent loss to the company.
➢ Documents relating to assets are safeguarded from theft or damage.

AA – KNOWLEDGE BASED QUESTIONS 24

Purchase System

AA – KNOWLEDGE BASED QUESTIONS 25

Sales System

31. Describe different types of control activities as given in ISA 315 (Revised 2019) Identifying and
Assessing the Risks of Material Misstatement and, for each type, provide an example control a
company may implement.

Ans:

Segregation of duties
Assignment of roles or responsibilities to ensure the tasks of authorising and recording transactions
and maintaining custody of assets are carried out by different people, thereby reducing the risk of
fraud and error in the normal course of their duties. For example, the payables ledger clerk recording
invoices in the list of individual suppliers, and the finance director authorising the payment of those
purchase invoices.

Verifications
Controls which compare two or more items with each other or compare an item with a policy.
Verifications include information processing controls such as the use of batch control totals when
entering transactions into the system.

AA – KNOWLEDGE BASED QUESTIONS 26

Authorisation
Approval of transactions by a suitably responsible official or higher level of management to ensure
transactions are valid and genuine. For example, authorisation by a responsible official of all purchase
orders.

Physical or logical controls

Restricting access to physical assets as well as computer programs and data files, thereby reducing
the risk of theft of assets or data. For example, cash being stored in a safe which only a limited
number of employees can access.

Reconciliations
Reconciliations compare two or more data elements to confirm completeness or accuracy of the data.
For example, the bank ledger account being reconciled to the bank statements on a regular basis to
identify any discrepancies which can then be resolved on a timely basis.

32. Identify and explain information processing controls that should be adopted by client to ensure
the completeness and accuracy of the input of invoices.

Ans:

Document counts – the number of invoices to be input are counted, the invoices are then entered one
by one, at the end the number of invoices input is checked against the document count. This helps to
ensure completeness of input.

Control totals – here the total of all the invoices, such as the gross value, is manually calculated. The
invoices are input, the system aggregates the total of the input invoices’ gross value, and this is
compared to the control total. This helps to ensure completeness and accuracy of input.

One for one checking – the invoices entered into the system are manually agreed back one by one to
the original purchase invoices. This helps to ensure completeness and accuracy of input.

Review of output to expected value – an independent assessment is made of the value of invoices to
be input; this is the expected value. The invoices are input, and the total value of invoices is compared
to the expected value. This helps to ensure completeness of input.

Check digits – this control helps to reduce the risk of transposition errors. Mathematical calculations
are performed by the system on a particular data field, such as supplier number, a mathematical
formula is run by the system, this checks that the data entered into the system is accurate. This helps
to ensure accuracy of input.

Range checks – a pre-determined maximum is input into the system for gross invoice value, for
example, $10,000; when invoices are input if the amount keyed in is incorrectly entered as being above
$10,000, the system will reject the invoice. This helps to ensure accuracy of input.

Existence checks – the system is set up so that certain key data must be entered, such as supplier
name, otherwise the invoice is rejected. This helps to ensure accuracy of input.

AA – KNOWLEDGE BASED QUESTIONS 27

33. Controls that can be implemented to reduce risk of payroll fraud

Ans:

Proof of ID checks
Proof of identity checks should be undertaken by the Human Resources (HR) department and
recorded on individuals’ personnel files for all new employees set up on the payroll system.

This should reduce the risk of fictitious employees being set up, as in order to be set up on the system
a fictitious set of identification would be required which would be an onerous process.

Employee numbers reconciliation

A count should be undertaken of the number of employees in each department of client. This should
be reconciled to the number of employees on the payroll system.

This would identify if there were extra employees on the payroll system, which could then be
investigated further.

HR department initiates new joiners

The HR department should initiate the process for setting up new joiners by asking new employees
to complete a joiner’s form which will be approved by the relevant manager and HR. This request
should then be forwarded to the payroll department, who should set up the employee.

This control introduces segregation of duties as to set up employees both the HR and payroll
departments are involved. Without collusion with an HR employee, the payroll supervisor would be
unable to set up fictitious employees.

Authorisation of new joiners

All new joiners should only be set up by payroll on receipt of a joiner’s form and any additions to the
system should be authorized by the payroll director. An edit report should be generated and
reviewed by HR.

As all new joiners would be authorised by the payroll director, it is unlikely that payroll employees
would risk establishing fictitious joiners. A further review by the HR department would also detect any
employees without an authorised joiner form.

Relatives not permitted to undertake related processed

Where possible, employees who are related should not be allowed to undertake processes which are
interrelated whereby they can breach segregation of duty controls for key transaction cycles. A
regular review of job descriptions of related employees should be carried out by HR.

This should reduce the risk of related staff colluding and being able to commit a fraud.

Exception report of duplicate bank details

The payroll system should be amended to run an exception report which identifies any employees
with the same bank account name or number, and this should be reviewed by HR.

Identifying the same bank account name or number will prevent multiple fraudulent payments being
made to the same employees.

AA – KNOWLEDGE BASED QUESTIONS 28

Authorisation of bank transfer requests
All bank transfer requests should be authorised by a senior responsible official, who is independent
of the processing of payments. They should undertake spot checks of payments to supporting
documentation, including employee identification cards/records.

This would introduce an additional layer of segregation of duties, which would reduce the risk of fraud
occurring. In addition, the spot checks to employee identification cards/ records would confirm the
validity of payments.

34. Auditors are required, under ISA 265 Communicating Deficiencies in Internal Control to Those
Charged with Governance and Management, to communicate in writing to those charged with
governance any significant deficiencies in internal control. Describe matters the auditor may
consider in determining whether a deficiency in internal control is significant.

Ans:

➢ The likelihood of the deficiency (or deficiencies) resulting in material misstatements in the financial
statements in the future.
➢ The susceptibility to loss or fraud of the related asset or liability.
➢ The subjectivity and complexity of determining estimated amounts.
➢ The amounts exposed to the deficiencies.
➢ The volume of activity which has occurred or could occur in the account balance or class of
transaction exposed to the deficiency or deficiencies.
➢ The importance of the identified deficient controls to the financial reporting process.
➢ The cause and frequency of the exceptions identified because of the deficiencies in the controls.
➢ The interaction of the deficiency with other deficiencies in internal control.

35. ISA 260 Communication with Those Charged with Governance provides guidance to auditors in
relation to communicating with those charged with governance on matters arising from the audit
of an entity’s financial statements. Explain why it is important for auditors to communicate
throughout the audit with those charged with governance; and give example of two such
matters to be communicated.

Ans:

Importance of communicating with those charged with governance

➢ It assists the auditor and those charged with governance in understanding matters related to the
audit, and in developing a constructive working relationship. This relationship is developed while
maintaining the auditor’s independence and objectivity.
➢ It helps the auditor in obtaining, from those charged with governance, information relevant to the
audit. For example, those charged with governance may assist the auditor in understanding the
entity and its environment, in identifying appropriate sources of audit evidence and in providing
information about specific transactions or events.

AA – KNOWLEDGE BASED QUESTIONS 29

➢ It helps those charged with governance in fulfilling their responsibility to oversee the financial
reporting process, thereby reducing the risks of material misstatement of the financial statements.
➢ It promotes effective two-way communication between the auditor and those charged with
governance.

Matters to communicate with those charged with governance

➢ The auditor’s responsibilities with regards to providing an opinion on the financial statements and
that they have carried out their work in accordance with International Standards on Auditing.
➢ The auditor should explain the planned approach to the audit as well as the audit timetable.
➢ Any key audit risks identified during the planning stage should be communicated.
➢ In addition, any significant difficulties encountered during the audit should be communicated.
➢ Also significant matters arising during the audit, as well as significant accounting adjustments.
➢ During the audit, any significant deficiencies in the internal control system identified should be
communicated in writing or verbally.
➢ How the external auditor and internal auditor may work together and any planned use of the work
of the internal audit function.
➢ Those charged with governance should be notified of any written representations required by the
auditor.
➢ Other matters arising from the audit which are significant to the oversight of the financial reporting
process.
➢ If any suspected frauds are identified during the audit, these must be communicated.
➢ If the auditors are intending to make any modifications to the audit opinion, these should be
communicated to those charged with governance.
➢ For listed entities, a confirmation that the auditors have complied with ethical standards and
appropriate safeguards have been put in place for any ethical threats identified.

36. Explain the factors to be considered in determining the suitability of using analytical procedures
as a substantive procedure.

Ans:

Nature of the balance or class of transactions

Analytical procedures are more suitable to large volume transactions that are predictable over time
such as payroll, sales and expenses.

Reliability of the information being analysed

If the information being analysed is unreliable, the results of the analytical procedures will be
unreliable. Reliability of the information will be affected by source, nature, and effectiveness of
internal controls.

Relevance to the assertion being tested

Analytical procedures would usually not be used to test the ‘existence’ assertion of a tangible asset
such as inventory or property, plant and equipment as physical inspection of the asset would provide
more reliable evidence.

AA – KNOWLEDGE BASED QUESTIONS 30

Precision of expectation
The auditor should consider whether a sufficiently precise expectation can be developed to be able
to identify a material misstatement. If not, there is limited use in using analytical procedures.

Amount of difference between expected amounts and recorded amounts that is acceptable
This will depend on the level of materiality and the desired level of assurance required by the
auditor.

37. Explain the potential advantages and disadvantages of using automated tools and techniques,
including data analytics.

Ans:

ADVANTAGES

➢ Enables the audit team to test a large volume of inventory data accurately and quickly.
➢ If audit software is utilised, then as long as the company does not change its system, it can be
cost effective after setup, especially if it is a repeat client.
➢ Test data can test program controls within the inventory system as well as general IT controls,
such as passwords.
➢ Allows the team to obtain information directly from the system and test the actual system and
records rather than printouts from the system which could be incorrect.
➢ Potentially reduces the level of human error in testing and hence provide a better quality of audit
evidence.
➢ Results from the use of automated techniques can be compared with traditional audit testing; if
these two sources agree, then overall audit confidence will increase.
➢ The use of automated tools and techniques frees up audit team members to focus on
judgemental and high-risk areas, rather than number crunching.
➢ Enables the auditor to perform audit procedures throughout the year rather than just at the year
end.

DISADVANTAGES

➢ The cost in the first year will be high as there will be significant set up costs, it will also be a time-
consuming process which increases costs.
➢ The audit team may require training if it is the first time using of software (time and cost must be
considered).
➢ If client’s system is likely to change in the foreseeable future, then costly revisions may be
required.
➢ The client’s system may not be compatible with the audit firm’s technology, in which case
bespoke software may be required which will increase the audit costs.
➢ If testing is performed over the live system, then there is a risk that the data could be corrupted
or lost.
➢ If testing is performed using copy files rather than live data, then there is the risk that these files
are not genuine copies of the actual files.

AA – KNOWLEDGE BASED QUESTIONS 31

➢ There must be adequate systems documentation available. If this is not the case for client, then it
will be more difficult to devise appropriate automated procedures due to a lack of understanding
of the system.
➢ The data obtained may not be complete which will limit the assurance that can be obtained.
➢ The balance on system may be influenced by subjective estimates and management judgement
(write examples of common judgements used based on the question). Therefore, audit staff with
appropriate experience and scepticism will still be required to audit these areas.

38. Explain factors which influence the reliability of audit evidence

Ans:

➢ The reliability of audit evidence is increased when it is obtained from independent sources
outside the entity.
➢ The reliability of audit evidence which is generated internally is increased when the related
controls imposed by the entity, including those over its preparation and maintenance, are
effective.
➢ Audit evidence obtained directly by the auditor is more reliable than audit evidence obtained
indirectly or by inference.
➢ Audit evidence in documentary form, whether paper, electronic or other medium, is more
reliable than evidence obtained orally.
➢ Audit evidence provided by original documents is more reliable than audit evidence provided by
photocopies or facsimiles, the reliability of which may depend on the controls over their
preparation and maintenance.

39. List and explain the purpose of items that should be included on every working paper prepared
by the audit team.

Ans:

➢ Name of client – identifies the client being audited.

➢ Year-end date – identifies the year end to which the audit working papers relate.
➢ Subject – identifies the area of the financial statements that is being audited, the topic area of
the working paper, such as receivables circularisation.
➢ Working paper reference – provides a clear reference to identify the number of the working
paper.
➢ Preparer – identifies the name of the audit team member who prepared the working paper, so
any queries can be directed to the relevant person.
➢ Date prepared – the date that the audit work was performed by the team member; this helps to
identify what was known at the time and what issues may have occurred subsequently.
➢ Reviewer – the name of the audit team member who reviewed the working paper; this provides
evidence that the audit work was reviewed by an appropriate member of the team.

AA – KNOWLEDGE BASED QUESTIONS 32

➢ Date of review – the date the audit work was reviewed by the senior member of the team; this
should be prior to the date that the auditor’s report was signed.
➢ Objective of work/test – the aim of the work being performed, could be the related assertion;
this provides the context for why the audit procedure is being performed.
➢ Details of work performed – the audit tests performed along with sufficient detail of items
selected for testing.
➢ Results of work performed – whether any exceptions arose in the audit work and if any further
work is required.
➢ Conclusion – the overall conclusion on the audit work performed, whether the area is true and
fair.

40. Indicators to look for, to understand that client is NOT a going concern.

Ans:

➢ Liabilities of client is greater than assets.

➢ Sudden increase in liabilities/borrowings
➢ Borrowing facility (huge loans) not agreed upon and repayment is due.
➢ Defaulted loan agreements
➢ Inability to obtain loans or any finances
➢ Unplanned sale of NCA, or frequent sale of NCA (for survival)
➢ Late / Non-payment of salary to staff, tax payment, legal penalties etc.
➢ Negative cashflows
➢ Inability to obtain credit from suppliers
➢ Suppliers reducing credit periods or discontinuing contracts/supplies.
➢ Inability to keep up with major technology changes
➢ Huge legal claims
➢ Over reliance on specific products, suppliers, customers
➢ Loss of key employees, suppliers, customers
➢ Pandemic/natural disaster
➢ Emergence of successful/strong competitor
➢ Fall in share price
➢ Significant negative publicity

THE END
AA – KNOWLEDGE BASED QUESTIONS 33