ICAB. Knowledge Level (Test of preparation: Assurance 09.11.

2018 , Friday)

Test yourself by showing your knowledge on the issues written in the table.

Issues Good Moderate No

level level level
Put serial number in any of the three level against each issues as you feel fit: In case of multiple issues ,
also put tick on the issue you have better knowledge and put cross on which you have no knowledge

01. Assurance Engagement. Who are the stakeholders.

02. Ethical responsibilities. Difference between Fundamental principles
and Ethical principles.
03. Independence. Threats , Safeguards.
04. Risk assessment Procedures. Find out Audit Risky areas.
05. Tests of Controls. Design an internal control system.
06. Tests of Controls under CIS environment.
07. Substantive tests. Definition, Procedures, Assertion , Quality
Evidence. Difference between Documentation and Evidence
08. Inherent limitations of Audit.
09. Inherent limitations of internal Control system.
10. Walk through Tests.
11. ICQ
12. SAAE
13. ISA 210, 230, 260, 265. Draft an engagement letter.
14. ISA 300, 315, 320 Describe the factors to be considered for designing
an audit plan.
15. ISA 500, 501, 505, 520, 530, 550, 560, 570, 580, Peer Review.
Responsibilities about Inventories. Cut offs procedures.
16. ISA 610, 620
17. ISA 700, 701, 705, 710 Types of audit Opinion. Write Opinion
paragraphs of all kinds of Audit report.
18. Expectation Gap
19. The Companies Act 1994. Sec 210- 213
20. FRC, IFAC, IASB, IAASB, CAPA, SAFA, ICAEW, NOC from previous
Auditor.
21. IAS 2, 8,12,16, 24,33,36,38, 41 , IFRS 15, Goodwill treatment.
Underlying assumptions of Accounting principles, Accounting system,
Major Attributes of a Financial Statement, Differentiate among Govt.
Accounting, Commercial Accounting and NGO sectors Accounting.
22. Solve all 50 Q & A as enclosed in the Manual. All interactive
questions and worked examples. Be familiar with the terminologies used
in the manual.
23. Write a paragraph on each of the followings: Risk Assessment, Test
of Control, Substantive Tests.
24. Practice in exam condition at least 10 exams. Follow last years
questions.
 Concept of and need for assurance
1. ICAB is a member of IFAC.  Ans: True False.
2. What is the definition of assurance engagement according to IFAC?
 Ans: Assurance Engagement: An assurance engagement is one in which a practitioner expresses
aconclusion designed to enhance the degree of confidence of the intended users other than
theresponsible party about the outcome of the evaluation or measurement of a subject matter
againstcriteria.
3. What are the benefits of an assurance engagement?  Ans: • Independent, Professional opinion.•
Confidence to others.• Deterrent to fraud.• Attention to deficiency.• Investors faith.
4. Which of the following are specialized audit?  Ans: Branch audit, Internal audit, Fraud
investigations, Bank audit, Pension scheme audit
5. Which level of assurance engagement gives the following opinion: “In the course of my seeking
evidence about the statement by the chairman, nothing has come to my attention indicating
that the statement is not reasonable.”

  Ans: Limited assurance.

6. Define expectations gap. How can you reduce expectations gap?

Ans: Expectations gap : Lack of understanding of users. Reduce by : Clearly indicating scope &
limitations.

7. What constitutes expectations gap? Explain why?

 Ans: Lack of understanding. Reasons : i. Not aware of limitations. ii. Considering as guarantee.

8. What purpose is served by spelling out clearly, the scope and limitations of an assurance
engagement in the engagement letter?  Ans: Expectation gap is reduced.
9. What is the key benefit and limitation of assurance?  Ans: Benefit :Independent, Professional
verification. Limitation :Risk of wrong conclusion.
10. What risk is associated with the limitations of assurance engagement?  Ans: To draw wrong
conclusion.

14. Under BSA 315, what do you mean by understanding of the entity? Why do we need it?

Ans: - to identify risk of material misstatement- to design audit procedures .- to provide framework for
audit judgment.

15. What matters are considered in understanding the entity?

Ans: 1. Industry- Market competition, technology2. External factors- recession/growth, interest rate,
inflation.3. Reporting framework- Accounting principles, industry specific practices4. Nature of the
entity- Financing, Financial Reporting, Business operation5. Selection & application of accounting
policies6. Objectives & strategies – Related risk might cause material misstatement.7. Review financial
performance8. Internal control

16. How can you achieve an understanding of the entity?

Ans: 1. Inquiry management, others2. Analytical procedure3. Observation & inspection – Reading
manuals, visit premises, meeting staff 4. Prior knowledge – Previous period – Determine changes.5.
Discussion – about susceptibility- about material misstatement- among team members.

17. What is professional skepticism?

Ans: A critical assessment, with questioning mind, of the validity of the evidence.

→ Not disbelieve everything

→Possess a questioning attitude

18. What is analytical procedure? Ans: Consists of 

→Significant ratios analysis to understanding entity

→Investigation of fluctuation to identify audit risk 

19. According to BSA520 what analytical procedures include?

Ans: 1. Comparison with a)Prior period information  b)Anticipated results – Budgets, expectation of
auditor  c)Industry information – Ratio of sales to trade receivables.

2. Relationship between: a)FS elements – Relation of gross profit to sales  b)Financial information and
non-financial information

→Payroll cost to no. of employees.

20. What is the basis for choosing analytical procedures for audit? Ans: Auditors professional judgment.

21. At the risk assessment stage, what are the possible sources of information about the client?

Ans: 1.Internal financial information2. Budgets3. Management accounts 4. Non- financial information
5. Bank and Cash records 6. Vat returns 7. Board minutes 8. Discussion of the correspondents with the
client at the year end.

22. What is materiality? Ans: Level of error that affects the decision of the users.

23. What does materiality depends on? Ans: Size of the error.

24. According to the BSA320, when should an auditor consider materiality? Ans: 1. Determining nature,
training & extent of audit procedure.2. Evaluating effect of misstatement
25. How does materiality assessment help the in decision making? Ans: It helps to decide: 1.How many
and what items to examine 2.Whether to use sampling techniques 3.Level of error 

→Crossing this level will lead to say FS not true and fair 

26.How risk & materiality are connected? Ans: Materiality is an audit procedure. Result of this reduces
the level of risk.

27.What is tolerable error? Can it change every year? Why? Ans: The maximum error that an auditor is
prepared to accept. Yes because: 1. Related to the size of business.

28. Why do you need to review materiality? Ans: Constantly review because of changes. Change in
– 1.Draft accounts – Due to material error 2.External Factors – It causes change in risk estimates.

29. What is audit risk: Risk of giving inappropriate opinion. Elements: 1. Risk of material Misstatement –
Depends on entity a)Inherent risk  b)Control risk 2.Risk of failing to detect material misstatement

→Depends on auditor 

30. What is Inherent risk and control risk? Differentiate. Ans: Inherent risk: Possibility of material
misstatement

→Due to nature of the items

→ No. of related internal control Control Risk: Possibility of not preventing or correcting a material
misstatement. 

→Due to accounting system

→Due to internal control system Difference: Inherent risk Control risk 1.Due to items nature 1.Due to
internal control risk 2.No internal control related 2.Internal control related

31. Give some example that might increase inherent risk.1.Balance includes estimates 2.Balance is
important 3.Financial statements

→Company in trouble

→Company to raise finance

→Directors’ motive – eg. Profit target bonus 4.FS contains complex accounting 5.Industry in which it
operates6.Regulations it falls under.

32. Define detection risk. Which part of audit risk could be controlled by the auditor? How?Ans:
Possibility of not detecting a misstatement.

→Individually or aggregated

→It is in the control of auditor Detection risk could be controlled by the auditor Because:

→Inherent and control risk are integral to client

→Auditor’s part is detection risk 

→Auditor’s aim is to reduce overall audit risk, not only one part.

33.Could detection risk be entirely eliminated? Why? Ans: No. Due to inherent limitations of audit.

35.If control risk & inherent risk both are high what effect it has on the audit? Ans:

→ Not rely on the tests of controls.

→Carry out extended test of details

→To reduce detection risk 

36.Determine the audit risk would you accept the engagement? Inherent risk Control risk Detection risk
Audit risk High High High? Medium Low Medium? Ans:1.Audit risk = High. Not acceptable

→Reduce detection risk to low level2.Audit risk = medium. Acceptable

37.If control risk is low, would you substantive procedure? Ans: No. Because auditor has to reduce
detection risk.

38.What are the steps to identify and assess risk? Ans: Step 1: Identify risk at understanding entity level.

→Obsolete inventing Step 2: identify risk at assertion level.

→Eg. Directors asserted, Inventory is xxx.Step3: Magnitude of misstatement

→Inventory is material for a mfcStep4: Likelihood of misstatement

→Regular review, scrapping, resale of inventory.

39.According to BSA 315, which factor indicate a significant risk? Ans: 1.Risk of fraud2.Recent
development

→Economic, accounting3.Complexity of transaction4.Significant transaction with a related

party5.Degree of subjectivity in the financial information6.Unusual transaction.

40.Why do unusual transaction are more likely to give rise to material misstatement than routine and
regular transactions? Ans: Because unusual transaction have more:1.Management
interventions2.Manual interventions3.Complex accounting principles or calculations4.Opportinity for –
control procedure not followed.

41.What should an auditor do when found significant risk? Ans: Auditor must evaluate the design &
implementation of entity’s control in that area.

42.What is Audit Evidence? What are the types of Audit Evidence?

ANS: Information, on which audit opinion is based.

Sample basis

Two Types:1.Test of Controls-To test effectiveness of controls. 

43. Substance Procedures-To test assertion level

Test specific balances

a) Test of details b) Substantive analytical procedures.

44. Why do Auditors Carry out test of control & substantive procedures?

ANS: Test of controls: to test internal control to-

a. Report Shareholder  b. Conclude true and fair view c. Test capability to produce correct
information. Match result with intended result.

Substantive Procedures: to test balance or transaction to-

a. Test its correctness.  b. It must always carry out.

45. What is Sufficiency and appropriateness of evidence? How to measure the appropriateness of Audit
evidence?

ANS: Sufficiency:-Quantity Appropriateness:-Quantity or Reliability. Measure Appropriateness-

 Important Issues / To be read in details:

1.0 Definition
An assurance engagement is one in which a practitioner expresses a conclusion designed to enhance
the degree of confidence of the intended users other than the responsible party about the outcome of the
evaluation or measurement of a subject matter against criteria.

1.1 The key elements of an assurance engagement are as follows:

 Three people or groups of people involved
– The practitioner (accountant)
– The intended users
– The responsible party (the person(s) who prepared the subject matter)
 A subject matter
As we shall see below, the subject matter of an assurance engagement may vary considerably.
However, it is likely to fall into one of three categories:
– Data (for example, financial statements or business projections)
– Systems or processes (for example, internal control systems or computer systems)
– Behaviour (for example, social and environmental performance or corporate governance)
 Suitable criteria
The person providing the assurance must have something by which to judge whether the information
is reliable and can be trusted. So for example, in an assurance engagement relating to financial
statements, the criteria might be accounting standards. The practitioner will be able to test whether
the financial statements have been put together in accordance with accounting standards, and if they
have, then the practitioner can conclude that there is a degree of assurance that they are reliable.
In the context of company behaviour, suitable criteria to judge whether something is reliable and can
be trusted might be the Combined Code on Corporate Governance, or, if the company has one, its
published Code of Practice.
 Sufficient appropriate evidence to support the assurance opinion
The practitioner must substantiate the opinion that he draws in order that the user can have
confidence that it is reliable. The practitioner must obtain evidence as to whether the criteria have
been met.
 A written report in appropriate form
Lastly, it is required that assurance reports are provided to the intended users in a written form and
contain certain specified information. This adds to the assurance that the user is being given, as it
ensures that key information is being given and that the assurance given is clear and unequivocal.

Interactive question 1: Assurance engagement [Difficulty level: Easy]

You are an accountant who has been approached by Jamal, who wants to invest in Company X. He has
asked you for assurance whether the most recent financial statements of Company X are a reliable basis for him to
make his investment decision.
Identify the key elements of an assurance engagement in this scenario, if you accepted the engagement.

Examples of assurance engagements

The key example of an assurance engagement in Bangladesh is a statutory audit. We shall look briefly at the
nature of this engagement in the next section.
Other examples of assurance engagements include other audits, which may be specialised due to the nature
of the business, for example:
 Local authority audits
 Insurance company audits
 Bank audits
 Pension scheme audits
 Charity audits
 Solicitors' audits
 Environmental audits
 Branch audit (where an overseas company trades in Bangladesh through a branch and requires an audit
of that branch although an audit is not required by Bangladesh law)
There are also many issues users want assurance on, where the terms of the engagement will be agreed
between the practitioner and the person commissioning the report, for example:
 Value for money studies
 Circulation reports (for example, for magazines)
 Cost/benefit reports
 Due diligence (where a report is requested on an acquisition target)
 Reviews of specialist business activities
 Internal audit
 Reports on website security, such as WebTrust
 Fraud investigations
 Inventories and receivables reports
 Internal control reports
 Reports on business plans or projections

Definition
The objective of an audit of financial statements is to enable the auditor to express an opinion whether
the financial statements are prepared, in all material respects, in accordance with an applicable financial
reporting framework.

Definitions
True: Information is factual and conforms with reality, not false. In addition the information conforms with
required standards and law. The accounts have been correctly extracted from the books and records.
Fair: Information is free from discrimination and bias in compliance with expected standards and rules. The
accounts should reflect the commercial substance of the company’s underlying transactions.

Limitations of assurance
A key issue for accountants is that there are limitations to assurance services, and therefore there is always a risk
involved that the wrong conclusion will be drawn.
The limitations of assurance services include:
 The fact that testing is used – the auditors do not oversee the process of building the financial
statements from start to finish.
 The fact that the accounting systems on which assurance providers may place a degree of reliance also have
inherent limitations (we shall look at control systems and their limitations in Chapter 5).
 The fact that most audit evidence is persuasive rather than conclusive.
 The fact that assurance providers would not test every item in the subject matter (this would be
prohibitively expensive for the responsible party, so a sampling approach is used – see Chapter 11).
 The fact that the client's staff members may collude in fraud that can then be deliberately hidden from
the auditor or misrepresent matters to them for the same purpose.
 The fact that assurance provision can be subjective and professional judgements have to be made (for
example, about what aspects of the subject matter are the most important, how much evidence to
obtain, etc).
 The fact that assurance providers rely on the responsible party and its staff to provide correct
information, which in some cases may be impossible to verify by other means.
 The fact that some items in the subject matter may be estimates and are therefore uncertain. It is
impossible to conclude absolutely that judgemental estimates are correct.
 The fact that the nature of the assurance report might itself be limiting, as every judgement and
conclusion the assurance provider has drawn cannot be included in it.

The expectations gap

The problems users may experience in connection with assurance provision also arise from the limitations
and restrictions inherent in assurance provision. This is often because users are not aware of the nature of the
limitations on assurance provision, or do not understand them and believe that the assurance provider is offering a
service (such as a guarantee of correctness) which in fact he is not.
The distinction between reasonable and limited assurance may also be misunderstood by users.
in the context of reporting, but in essence it is this lack of understanding which constitutes the expectations gap –
meaning that there is a gap between what the assurance provider understands he is doing and what the user of the
information believes he is doing.
Assurance providers need to close this gap as far as possible in order to maintain the value of the assurance provided
for the user. This is done in a variety of ways, for example, by issuing an engagement letter spelling out the work
that will be carried out and the limitations of that work
and by regularly reviewing the format and content of reports issued as a result of assurance work.

Interactive question 2: Benefits of assurance [Difficulty level: Exam standard]

Which three of the following are benefits of assurance work?
An independent, professional opinion
Additional confidence given to other related parties
Testing as a result of sampling is cheaper for the responsible party
Judgements on estimates can be conclusive
Assurance may act as a deterrent to error or fraud

Definitions
Audit strategy: The formulation of the general strategy for the audit, which sets the scope, timing and
direction of the audit and guides the development of the audit plan.

Audit plan: An audit plan is more detailed than the strategy and sets out the nature, timing and extent of
audit procedures (including risk assessment procedures) to be performed by engagement team members in order to
obtain sufficient appropriate audit evidence.

Definition
An attitude of professional scepticism means the auditor makes a critical assessment, with a questioning
mind, of the validity of audit evidence obtained and is alert to audit evidence that contradicts, or brings into
question, the reliability of documents and responses to inquiries and other information obtained from
management and those charged with governance.

Analytical procedures means evaluation of financial information made by a study of plausible

relationships among both financial and non-financial data. Analytical procedures also encompass the
investigation of identified fluctuations and relationships that are inconsistent with other relevant information
or deviate significantly from predicted amounts.

Definition
Materiality: An expression of the relative significance or importance of a particular matter in the context
of financial statements as a whole. BSA Framework for the Preparation and Presentation of Financial Statements
states that a matter is material if its omission or misstatement would reasonably influence the economic
decisions of users taken on the basis of the financial statements.
Materiality depends on the size of the error in the context of its omission or misstatement.

Interactive question 4: Materiality [Difficulty level: Easy]

You have identified the following draft figures in respect of your audit of Fairford Ltd, which is considered
to be a low risk audit. The client is well known to your firm, there have been no substantial changes in the
year that you are aware of, and you have carried out several audits in previous years.
Draft figures:
Revenue CU13,089,394
Profit before tax CU1,403,444
Total assets CU4,305,538
Based on a standard weighted average approach, preliminary materiality is likely to be set in the range:
A CU74,000 – CU148,000
B CU1,400,000 – CU2,800,000
C CU4,300,000 – CU8,600,000
D CU6,500,000 – CU13,000,000

Definition
Audit risk: The risk that the auditors give an inappropriate opinion on the financial statements.
Inherent risk: The susceptibility of an account balance or class of transactions to misstatement that could
be material individually or when aggregated with misstatements in other balances or classes, assuming there were no
related internal controls.
Control risk: The risk that a material misstatement would not be prevented, detected or corrected by the
accounting and internal control systems.
Detection risk: The risk that the auditors' procedures will not detect a misstatement that exists in an
account balance or class of transactions that could be material, either individually or when aggregated with
misstatements in other balances or classes.

Interactive question 5: Audit risk [Difficulty level: Exam standard]

Audit risk can be split into three components: inherent risk, control risk and detection risk. For each of the following
examples, indicate the type of risk illustrated.
1 The organisation has few employees in the accounts department
2 The organisation is highly connected with the building trade
3 The assurance firm may do insufficient work to detect material errors
4 The financial statements contain a number of estimates

Audit evidence: All of the information used by the auditor in arriving at the conclusions on which the
audit opinion is based.
Tests of controls: Performed to obtain audit evidence about the effectiveness of controls in preventing,
or detecting and correcting material misstatements at the assertion level.
Substantive procedures: Audit procedures performed to detect material misstatements at the assertion
level. They include:
 Tests of detail of classes of transactions, account balances and disclosures.
 Substantive analytical procedures.

The following generalisations may help in assessing the reliability of audit evidence.
Quality of evidence
External Audit evidence from external sources is more reliable than that obtained from the
entity's records
Auditor Evidence obtained directly by auditors is more reliable than that obtained indirectly or
by inference
Entity Evidence obtained from the entity's records is more reliable when related control
systems operate effectively
Written Evidence in the form of documents (paper or electronic) or written
representations are more reliable than oral representations
Originals Original documents are more reliable than photocopies, or facsimiles

Financial statement assertions: The representations by management, explicit or otherwise, that are
embodied in the financial statements.
Assertions used by the auditor
Assertions about classes of transactions and events for the period under audit Occurrence: transactions and
events that have been recorded have occurred and pertain to the entity.
Completeness: all transactions and events that should have been recorded have been recorded.
Accuracy: amounts and other data relating to recorded transactions and events have been recorded appropriately.
Cut-off: transactions and events have been recorded in the correct accounting period.
Classification: transactions and events have been recorded in the proper accounts.
Assertions about Account Balances at the period end
Existence: assets, liabilities and equity interests exist.
Rights and obligations: the entity holds or controls the rights to assets, and liabilities are the obligations of the
entity.
Completeness: all assets, liabilities and equity interests that should have been recorded have been recorded.
Valuation and allocation: assets, liabilities, and equity interests are included in the financial statements at
appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded.

Assertions about presentation and disclosure

Occurrence and rights and obligations: disclosed events, transactions and other matters have occurred and pertain
to the entity.
Completeness: all disclosures that should have been included in the financial statements have been included.
Classification and understandability: financial information is appropriately presented and described, and
disclosures are clearly expressed.
Accuracy and valuation: financial and other information are disclosed fairly and at appropriate amounts.

Example: Opinions
Audit Opinion
In our opinion: the financial statements, prepared in accordance with Bangladesh Accounting Standards (BAS), give
a true and fair view of the state of the Company's affairs as of December 31, 20XX, and of the results of its
operations and its cash flow for the year then ended and comply with the applicable sections of the Companies Act
1994 and other applicable laws and regulations.

We also report that:

(a) we have obtained all the information and explanations which to the best of our knowledge and belief
were necessary for the purposes of our audit and made due verification thereof.
(b) in our opinion, proper books of account as required by law have been kept by the company so far as
it appeared from our examination of those books and (where applicable) proper returns adequate for
the purposes of our audit have been received from branches not visited by us.
(c) the company's balance sheet and profit and loss account dealt with by the report are in agreement
with the books of account and returns.
(d) ….

Unqualified Review Report Opinion

Based on our review, nothing has come to our attention that causes us to believe that the accompanying
financial statements do not give a true and fair view (or 'are not presented fairly, in all material respects,') in
accordance with International Accounting Standards.

According to BSA 700, the audit report should include the following basic elements, usually in the following
layout.
 Title
 Addressee
 Introductory paragraph identifying the financial statements audited
 A statement of management's responsibility for the financial statements
 A statement of the auditor's responsibility
 Scope paragraph, including a description of the work performed by the auditor
 Opinion paragraph containing an expression of opinion on the financial statements
 Date of the report
 Auditor's address
 Auditor's signature
A measure of uniformity in the form and content of the audit report is desirable because it helps to
promote the reader's understanding and to identify unusual circumstances when they occur.

Definition
Internal control: ‘Internal control is the process designed and effected by those charged with governance,
management, and other personnel to provide reasonable assurance about the achievement of the entity’s objectives
with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with
applicable laws and regulations. It follows that internal control is designed and implemented to address identified
business risks that threaten the achievement of any of these objectives.’
Limitations of internal controls
Internal controls have some limitations. In other words, the risk to the business of operating cannot be
eliminated entirely.
Limitation Explanation
Expense A key limitation of controls is that they are expensive, and therefore may not be worth putting into place,
as the continual use of the control is more expensive than the cost of the risk arising. This is a matter of judgement
for the directors and often determines the structure and level of controls that are put into place in a business.
Human element
Another important limitation of controls is the human element. Most controls can only function as well as the
people that are implementing them. Controls are not necessarily fool-proof. If a human being makes a mistake
implementing a control, then that control might be ineffective. Another problem for companies associated with the
human element of controls is that of the intention of the people using them. Controls, such as keeping your computer
password secret, rely on the integrity of the people being asked to implement them. If people do not understand the
importance or relevance of the control they may be less inclined to adhere to it. At the more sinister end of this scale
for companies is the situation where staff
members want to override or avoid controls in order to defraud the company. Controls may be bypassed very
effectively and secretly by two or more people working together, that is, colluding in fraud.
Unusual transactions
Finally, a limitation of internal controls is that they are generally designed to deal with what normally or routinely
happens in a business. However, it may be the case that an unusual transaction may occur which does not fit into
the normal routines, in which case standard controls may not be relevant to the unusual transaction, and hence
mistakes may be made in relation to that unusual transaction.
Small companies may have particular problems in implementing effective internal control systems. This is largely
because of the human element discussed above. Small companies generally have fewer
employees than larger companies, meaning that there are fewer people to involve in the internal

What is the relationship between strategies of an entities and internal controls?

There is direct relationship between the strategies and internal controls because controls are
established to attain the objectives. For example if one of the objectives of the entity is orderly
and efficient operations, controls may be established to reduce wastage of material and reduce
overtime.

Why obtaining an understanding of internal controls and evaluating the design of controls
and determining whether these have been implemented, is not sufficient to serve as testing
operating effectiveness of controls?

Although the auditor . ordinarily uses .same procedures in obtaining understanding of the design
and implementation of controls and procedures for tests of operating effectiveness of controls,
(except that re performance is not a procedure for obtaining understanding) the objectives are
different. The objective of tests of control is to evaluate whether a control operated effectively.

Tests of operating effectiveness involves testing the controls throughout the period.
Tests of operating effectiveness requires a large sample size. The more the auditor intends to
place reliance on tests of controls, the greater is the extent of test of controls.

Suggest significant control procedures over cash receipts

1. The post should be opened in the presence of responsible official.

2. At least two persons should be present at the time of opining the mail
3. A date stamp should be affixed on the post indicating date of receipt
4. All cheques received should be marked “Account payee only”
5. A receipt should be given for cash receipts
6. Cash and copy of the receipts should be handed over to the cashier
7. CCTV should be installed at the point of receipt of cash

What are limitations of tests of controls?

Certain limitations of tests of controls are:

1. Tests of controls are generally applied to routine transactions only

2. The sample drawn for tests of controls may not be representative of population

How would entity’s risk assessment procedures be evaluated by:

External auditor
Internal auditor

(a) Evaluation of entity’s risks assessment procedures by external auditor.

1. Consider how management. identifies business risks relating to financial reporting.
2. Consider how the man . ment determines significance and likelihood of such risk.
3. Management actions to manage the risks.
4. Identify risks of material misstatement which the management could not identify.
5. Report weaknesses in .the entity’s risk management process to those charged with governance.

(b) Evaluation of entity’s risks assessment procedures by internal auditor.

1. Obtain understanding of entity’s objectives.

2. Discuss with departmental managers the nature of the risks in their departments.
3. Consider how the management determines significance and likelihood of such risk.
4. Assess controls to manage the risks.
5. Test controls to provide evidence that they operate and provide effective management of risk.
6. Make recommendations to departmental manager for improving the operations.
7. Assess risks due to non compliance of laws and regulations

Is the auditor always required to make preliminary assessment of internal

controls and to perform tests of controls? 

Obtaining understanding of the design of internal controls (preliminary assessment) is

mandatory. However, tests of controls are performed only when the auditor seeks to place
reliance on internal controls, or where substantive procedures alone do not provide sufficient
appropriate evidence (for example in IT environment). General control and application Control.

Discuss matters to be considered in the audit of small business

Matters to be considered in the audit of small business are:

1. Many internal controls which would be relevant to large entities are not practical in small
business, for example segregation of duties.
2. Strong management control system in which owner / manager supervisory control exist
because of direct personal knowledge of the entity and involvement in transactions
3. Extended substantive procedures have to be performed.
4. Relatively more reliance has to be placed on management representations
5. If the auditor is requested to perform accounting work, it should be clearly mentioned that the
accounts have been complied from the data provided by management. The auditor has only
assisted management in preparing financial statements and takes no responsibility for the
correctness of such statements.

Discuss the concepts “auditing around the computer” and “auditing through the
computer”

Auditing around the computer

Auting around the computer involves testing controls ignoring the computer, in an IT
environment. It is similar to testing control in a manual internal control systems. The procedures
performed are similar to the manual procedures of tracing transactions through selected
components of the client’s accounting and internal control system to he existence and
effectiveness of internal controls.

The Auditing around the computer is used when the processing applications well documented
and sufficient visual output exists or can be the client. The auditor can use familiar auditing
procedures the tests and it is not necessary to test computer programs around the computer may
be used to test most of the general IT controIs.

A disadvantage of this approach that cost-effective techniques available through the use of
CAATS are not used.

Auditing through the computer

Auditing through the computer involves use of computer – assisted audit techniques. These tests
are used generally in testing input validation routines and programmed processing controls. The
technique has to be used when a significant part of the internal controls are related to computer
program and there is a significant missing auditing trail. Disadvantages of this techniques are the
specialized knowledge and skills required, and the possible interference with the clients data
processing operation when the auditor uses client’s equipment, programs and files.
What controls should be exercised before recording accounts payable in
the books?

Before entering a liability for goods and services following control should be exercised.

1. Request the user department to authorize the purchase invoice.

2. The purchase price should also be authorized by the designated officials.
3. The accounts department should match the invoice with goo received note and purchase order.
In case of services received, the user department should be requested to certify that services have
been received to the satisfaction of user department.
4. The invoice should be checked for proper coding for expenses.
5. Arithmetical accuracy of the invoice should be checked.

Describe certain significant procedures relating to sales and receivable in IT environment

Certain significant procedures relating to sales and receivables in IT environment include:

– Customer’s order is entered on the computer

– The computer program checks the customer’s name and credit limit on the master file
– Sale department enters the customer name, account number and quantities to be delivered
– The stores department prints the dispatch note and dispatches the goods to customer
– Acknowledgment of customer is obtained on the dispatch note
– The compute updates the inventory records
– The accounts department enters sale price, prints sales invoice and sends the sales invoice to
customer
– The computer updates accounts receivable record, sales account and cost of sales
– The computer also updates the aging analysis of receivables.

(a) Describe how would you apply test data technique regarding sales and receivables.
What are the limitations of such techniques.
(b) How would you use auditing around the computer to verify sales?

(a)
1. Review clients’ documentation and identify programmed controls
2. Obtain updated print out form the client
3. Create, for example, 25 invoices
4. Enter transactions on a spread sheet
5. Calculate predetermined computer results
6. Process stimulated transactions with the client’s computer program
7. Obtain updated print Out and compare with the predetermined results
8. If the predetermined results match with updated print out, controls are assumed to be
functioning as stipulated in program documentation
9. Prepare another 25 sales invoices. This time, the invoices the should reflect invalid data
including incorrect customer numbers, invalid name, products in which the company does not
deal, funny dates, unusual credit limits
10. Check that the computer does not accept invalid invoices.
Limitations

1. The auditor cannot be sure that the same program is used in daily operations as used for test
data
2. The test data technique is time consuming and has to be tailor-made for each client
3. A successful test data run does not necessarily indicate effectiveness of client’s internal
controls because other types of errors or frauds could occur outside the computer processing
area. For example, failure to report all cash receipts.

Briefly discuss control procedures over purchases in IT environment

Control procedures over purchases and payables

When goods reach re order point, a stores requisition is generated

• The requisition is approved by the stores department and it is sent to purchasing department
• Purchasing department prepares purchase order on computer and sends it to supplier
• The computer accepts the order only if it traces the name of supplier in the standing file. Thus it
is ensured that the orders are placed only with authorized suppliers

When goods are received the details are entered in the computer system
Supplier sends the invoice to accounts
Accounts department inputs the invoice in the computer system
The computer system accepts the invoice only if the system has a record purchase order and
record of goods received
The computer system posts invoice to accounts payable record.

Audit risks is composed of inherent risk, control risk and detection risk Control risk and inherent
risk are risks prior to audit and termed as risk of misstatement in the financial statements.
Conglomerate is a high risk client is a high risk client. The auditor should be alert to following
risk areas.

Distinguish between:
a) Attribute sampling and variable sampling
b) Sampling risk and non sampling risk
c) Alpha risk and beta risk.

Attribute sampling and variable sampling

Attribute refers to presence or absence of any character. For example, test of control, matching of
delivery note with sales invoice is an attribute. The attribute sampling refers to statistics relating
to test controls and measures presence of controls or deviations from prescribed procedures. The
attribute sampling may be used for example to discover rate of deviations in payroll processing
or cash disbursements.
Variable sampling is applied to account balance verification and measures the accuracy of
amounts in account balances. For example, an auditor may use variable sampling for accounts
receivable, inventories and fixed assets balances.

Sampling risk and non sampling risk

Sampling risk refers to the fact that sample selected by the auditor may not be representative of
population. As a result the rate of deviation or monetary error may not be proportionate to these
found in the population. The risk can be reduced by increasing sample size. There an inverse
relationship between sample size and sampling risk. That is, the greater the sampling size the
lower will be the sampling risk. Accordingly, if all items in a population are checked, the
sampling risk ill be zero.

Non sampling risks refer to all aspects of audit risks not due to sampling. For example use of an
inappropriate audit procedures, or misinterpreting the errors, or reliance on erroneous
information received from another party.

Alpha risk and beta risk

The risk of incorrect rejection is called alpha risk. The consequence of the risk is that the auditor
may assume on the basis of sample results that a population is materially misstated when, in fact,
it is not.

The risk of incorrect acceptance is called beta risk. The consequence the risk is that the auditor
may assume on the basis of sample results that the population is free of material misstatement
when in fact material errors exist in the population.

Enumerate limitations of sampling

Certain limitations of sampling are:

1. Sample may not be representative of population

2. Auditor’s judgment is required in selecting sample size
3. Judgments are also required in drawing conclusions from sample results.
4. The auditor may use inappropriate population or the population may not be complete.

Explain difference between statistical and non statistical sampling

Statistical sampling is any approach to sampling that uses:

a) random sample selection; and
b) probability theory to:
(i) evaluate sample results quantitatively; and
(ii) measures sampling risk
Non statistical sampling is any approach which does not fulfill all the
characteristics necessary for statistical sampling. Non statistical sampling is also called
judgmental sampling.

Discuss sampling methods? 

(A) STRATIFICATION

1. Stratification is a technique of dividing population into sub population.

2. The sub population is generally based on monetary values

3. The technique is used in test of details and is particularly appropriate to detect overstatement

of assets.

4. By using small sample size which covers large values in an account, audit efficiency and audit
effectiveness are increased.

5. Generally, all items over book value of tolerable misstatement are tested. Systematic selection
method may be used on remaining items.

6. Class intervals are called strata

7. The sample results are evaluated for each stratum separately.

8. Stratification reduces variability within the population.

B) VALUE WEIGHTED SELECTION

1. Value weighted selection or monetary unit sampling involves computing sampling interval by

dividing sample size with population value.

2. The population is made up of fixed monetary units.

3. First item is selected randomly, other items selected are those which contain that monetary
unit.
4. The method is useful to detect overstatement of asset or revenues
5. Value weighted technique makes sure that all items above the monetary units are selected.
Small balances stand a lower chance of being selected.
6. This technique is more appropriate when the population consists
of small number of high value items.

(C) SYSTEMATIC SELECTION

1. Systematic selection involves dividing population units by the sample size and selecting every
nth item. The first item is selected randomly.
2. The method is quite simple to apply
3. Auditor’s bias is reduced
4. The bias can further be avoided but taking two starting numbers
5. The technique can be used even if the documents are not sequentially numbered
6. Auditor this technique all items whether high value or low value have an equal chance of
being selected.
7. Under this technique all items whether high value or low value have an equal chance of being
selected.

(D) RANDOM NUMBER TABLES

1. Random number tables contain rows and columns. Such rows and columns are absolutely
arbitrary.
2. The numbers are meaningless

3. The auditor should use the random number table of the same digits as contained in the
population.
4. The auditor reads the column and selects a starting point and marks the sampling unit to be
selected.
5. The selection is complete when the desired sample size has been identified.
6. The starting point is selected randomly
7. If the same number is selected twice, the duplicate number can be ignored without increasing
size.
8. The method avoids auditor’s bias and all sampling units have a chance of being selected.
9. The numbers can be read top to bottom or right to left.

(E) BLOCK SELECTION

1. In block selection, all items contained in the particular blocks are verified.

2. The blocks normally- consist of numeric sequence or specificy months. For example, an
auditor may select following blocks of sales invoices:

All invoices in the above blocks will be verified. Further sampling is not advisable.

3. The blocks may also consist of particular months. For example, sales invoices issued during
March, June, and August 2013.

4. Block sampling is not encouraged as all items in the population do not have a chance of being
selected.

(F)  HAPHAZARD SELECTION

1. Items are selected on arbitrary basis
2. However the auditor should avoid bias, as much as possible so that the sample should be
representative of population.
3. This method should not be widely used because it does not have any basis