Adanced Audit and Audit and Assurance and Solutions to past paper questions

Advanced Auditing and Assurance

Methods and techniques of auditing high risk areas.

Substantive Procedures

Substantive procedures are performed in order to detect material misstatements at the assertion level
(like; occurrence, completeness, accuracy, valuation, existence, rights and control), and include tests of
details of classes of transactions, account balances and disclosures and substantive analytical procedures.
The auditor plans and performs substantive procedures to be responsive to the related assessment of the
risk of material misstatement. Irrespective of the assessment of risk of material misstatement, the auditor
should design and perform substantive procedures for each material class of transactions, account
balance, and disclosure.

The auditors substantive procedures should include the following audit procedures related to the
financial statement closing process:

Agreeing the financial statements to the underlying accounting records; and

Examining material journal entries and other adjustments made during the course of preparing the
financial statements.

When the auditor has determined that an assessed risk of material misstatement at the assertion level is a
significant risk, the auditor should perform substantive procedures that are specifically responsive to that
risk.

. Use and evaluation of internal control system by auditors

Test of Control The auditor is required to perform tests of controls when the internal controls are
operating effectively or when substantive procedures alone do not provide sufficient appropriate audit
evidence at the assertion level. Tests of controls comprise of testing three things:

1. Design that the internal controls are properly designed to cover the risk it is meant for. (examined
through ICQs and ICECs)

2. Implementation that the internal controls have been put into operation.(examined through a walk
through test with a little sample)

3. Operating effectiveness that the systems of internal control were operating effectively at relevant
times during the period. ( examined through compliance tests based on a judgmental sample)

Nature of Tests of Controls

These are as follows:

Inquiry and observation (e.g. inquiry about and observation of controls over opening of mail to verify
controls over cash receipts).
 Re-performance (e.g. preparation of bank reconciliation statement);

Inspection of documentation relevant to performance of controls;

Applying CAATs.

Tests of controls and tests of details may be applied simultaneously on the same transaction; tests of
control see whether e.g. invoice is approved and tests of details to detect material misstatement in that
invoice.

Timing of Tests of Controls

These may be performed at

1. a particular time or

2. on the information relating to the entire audit period.

If performed at a particular time, it would provide evidence of operating effectiveness of controls at

that particular time. Such evidence may be sufficient for the auditor e.g. observation of counting of
inventories.

However, if auditor wants to obtain evidence about the effective operation of controls throughout the
period under audit, then tests of controls should be applied on transactions of the entire period.

If auditor wants to rely on controls tested in prior periods, he should make inquiry that there is no change
in such controls. If these controls have changed, these should be tested for operating effectiveness first
before relying on these.

The auditor may not test all the controls every audit if there is no change in them. However, such
controls must be tested at least every third audit. Extent of tests of controls

The auditor designs tests of controls to obtain sufficient appropriate audit evidence that the controls
operated effectively throughout the period of reliance.

Matters the auditor may consider in determining the extent of the tests of controls include the following:

1. The frequency of the performance of the control by the entity during the period.

2. The length of time during the audit period that the auditor is relying on the operating effectiveness of
the control.

3. The relevance and reliability of the audit evidence to be obtained in supporting that the control
prevents, or detects and corrects, material misstatements.

4. The extent to which the auditor plans to rely on the effectiveness of the control (and thereby reduce
substantive procedures based on the reliance on such control).

5. The expected deviation from the control.

Reporting on compliance and other information (Chairman's statement and Directors report)
 When reporting on compliance with laws and regulation the auditors objective include

To obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws
and regulations generally recognized to have a direct effect on the determination of material amounts and
disclosures in the financial statements;
To perform specified audit procedures to help identify instances of non-compliance with other laws and
regulations that may have a material effect on the financial statements; and
To respond appropriately to non-compliance or suspected non-compliance with laws and regulations
identified during the audit.

Audit Procedures When Non-Compliance Is Identified or Suspected

If the auditor becomes aware of information concerning an instance of non-compliance or suspected non-
compliance with laws and regulations, the auditor shall obtain;
An understanding of the nature of the act and the circumstances in which it has occurred; and
Further information to evaluate the possible effect on the financial statements.
Seek legal advice if sufficient information not made available on material non-compliance, which auditor
suspects.
If information cannot be obtained consider impact on opinion.
Consider the impact of non-compliance on auditors risk assessment and the reliability of written
representations, and take appropriate action.

Reporting of Identified or Suspected Non-Compliance

Communicate to those charges d with governance, unless they themselves are involved.
If management and those charged with governance are involved consider reporting to next level of
authority like audit committee.
Where no higher authority exists, or if the auditor believes that the communication may not be acted
upon or is unsure as to the person to whom to report, the auditor shall consider the need to obtain legal
advice

Reporting Non-Compliance in the Auditors Report on the Financial Statements

If the auditor concludes that the non-compliance has a material effect on the financial statements, and has
not been adequately reflected in the financial statements, the auditor shall, express a qualified opinion or
an adverse opinion on the financial statements.
If the auditor is precluded by management or those charged with governance from obtaining sufficient
appropriate audit evidence to evaluate whether non-compliance that may be material to the financial
statements has, or is likely to have, occurred, the auditor shall express a qualified opinion or disclaim an
opinion on the financial statements on the basis of a limitation on the scope.
If the auditor is unable to determine whether non-compliance has occurred because of limitations
imposed by the circumstances rather than by management or those charged with governance, the auditor
shall evaluate the effect on the auditors opinion in accordance with ISA
Auditors responsibility on other information

Other information refers to Financial and non-financial information (other than the financial statements
and the auditors report thereon) which is included, either by law, regulation or custom, in a document
containing audited financial statements and the auditors report thereon

Other information may comprise, for example:

A report by management or those charged with governance on operations.

Financial summaries or highlights.

Employment data.

Planned capital expenditures.

Financial ratios.

Names of officers and directors.

Selected quarterly data

The auditor shall read the other information to identify material inconsistencies, if any, with the audited
financial statements

The auditor shall make appropriate arrangements with management or those charged with governance to
obtain the other information prior to the date of the auditors report. If it is not possible to obtain all the
other information prior to the date of the auditors report, the auditor shall read such other information as
soon as practicable

If, on reading the other information, the auditor identifies a material inconsistency, the auditor shall
determine whether the audited financial statements or the other information needs to be revised.

If revision of the audited financial statements is necessary and management refuses to make the revision,
the auditor shall modify the opinion in the auditors report

Audit and Assurance

Fraud prevention and deterrence:

It is the proactive identification and removal of the casual and enabling factors of fraud

It is based on the premise that fraud is not a random occurrence, it occurs when the conditions
are right for it to occur.

It attacks the root causes and enablers of fraud.

This analysis could reveal potential fraud opportunities in the process

It is performed on the premise that improving organisational procedures to reduce the casual
factors of fraud is the single best defense against fraud.

It involves both short term (procedural) and long term (cultural) initiatives

Deterrence involves an analysis of the conditions and procedures that affect fraud enablers, in essence,
looking at what could happen in the future given the process definitions in place, and the people operating
that process.

Deterrence is a preventive measure-reducing input factors

DETERRENCE VS PREVENTION

While deterrence is preventive in nature, there are semantical problems with referring to fraud
prevention. Prevention can imply complete elimination of a risk, which is not possible in the
case of fraud.

CASUAL FACTORS TO DETER FRAUD

Motive (or pressure) The need for committing fraud (need for money, etc)

Rationalization The mindset of the fraudster that justifies them to commit fraud.

Opportunity The situation that enables fraud to occur (Often when Internal Controls are weak
or nonexistent)

Has the potential to significantly improve audit quality, not just in detecting fraud, but in
detecting all material misstatements & improving quality of financial reporting process.

It requires you to determine whether Management has designed programs and controls that
address identified risks of material misstatement due to fraud and whether those programs and
controls have been placed in operation.

COSO MODEL

It describes 5 inter related components of internal control that provide the foundation for fraud
deterrence.

These elements are the means for which the opportunity factors in the fraud triangle can be
removed to most effectively limit instances of fraud.

CONTROL ENVIROMENT

Consists of actions, policies and procedures that reflect the overall attitude of the management,
directors and owners of an entity about Internal control and its importance to the entity.

SUB COMPONENTS

Integrity
 Ethical Values

Commitment to competence

Board of Directors

Audit committee participation

Managements philosophy and operating style

Organisational structure

Assignment of authority and responsibility

Human Resources Policies and Practices

RISK MANAGEMENT

It is a forward looking survey of the business environment to identify anything that could
prevent the accomplishment of organizational objectives.

As it relates to fraud deterrence, risk assessment involves the identification of internal and
external means that could potentially defeat the organizations internal control structure,
compromise an asset, and conceal the actions from management.

Risk assessment is a creative process; it involves identifying as many potential threats as possible,
and evaluating them in a way to determine which require action, and the priority for that action

CONTROL PROCEDURES

Control activities generally fall into the five following specific control activities:

1) adequate separation of duties;

2) proper authorization of transactions and activities;

3) adequate documents and records;

4) physical control over assets and records; and

5) independent checks on performance

INFORMATION AND COMMUNICATION

It relates to flow of information in two directions within an organisation.

Information should flow downward to the line functions and provide the best, most accurate
information as needed to allow the function to produce the best results possible.

Information about performance should flow upwards through management, through both formal
and informal communication channels, providing objective feedback.
 Both communication channels must function effectively to safeguard the organization

MONITORING

Monitoring activities deal with ongoing or periodic assessment of quality of internal control
performance by management to determine that controls are operating as intended and that they
are modified as appropriate for changes in conditions. Monitoring involves both fraud
deterrence and fraud detection activities.

Management must ensure that all control processes are performed as designed and approved.

Control compliance analysis to verify correct performance of procedures could reveal a control
that has been inappropriately modified or one that is not performed as approved; this control
weakness could present the opportunity for fraud.

Proactively identifying these weaknesses and correcting the weakness is this is the fraud
deterrence aspect of the monitoring process

Missing Solutions from past paper question

Advanced Management Accounting November 2015 - Qx 4b and Question 5

MIS November 2015 - Qx 2b,c and 3