Professional Documents
Culture Documents
Knowledge Level - Suggestion
Knowledge Level - Suggestion
2018 , Friday)
Test yourself by showing your knowledge on the issues written in the table.
Ans: Expectations gap : Lack of understanding of users. Reduce by : Clearly indicating scope &
limitations.
Ans: Lack of understanding. Reasons : i. Not aware of limitations. ii. Considering as guarantee.
8. What purpose is served by spelling out clearly, the scope and limitations of an assurance
engagement in the engagement letter? Ans: Expectation gap is reduced.
9. What is the key benefit and limitation of assurance? Ans: Benefit :Independent, Professional
verification. Limitation :Risk of wrong conclusion.
10. What risk is associated with the limitations of assurance engagement? Ans: To draw wrong
conclusion.
14. Under BSA 315, what do you mean by understanding of the entity? Why do we need it?
Ans: - to identify risk of material misstatement- to design audit procedures .- to provide framework for
audit judgment.
Ans: 1. Industry- Market competition, technology2. External factors- recession/growth, interest rate,
inflation.3. Reporting framework- Accounting principles, industry specific practices4. Nature of the
entity- Financing, Financial Reporting, Business operation5. Selection & application of accounting
policies6. Objectives & strategies – Related risk might cause material misstatement.7. Review financial
performance8. Internal control
Ans: 1. Inquiry management, others2. Analytical procedure3. Observation & inspection – Reading
manuals, visit premises, meeting staff 4. Prior knowledge – Previous period – Determine changes.5.
Discussion – about susceptibility- about material misstatement- among team members.
Ans: A critical assessment, with questioning mind, of the validity of the evidence.
Ans: 1. Comparison with a)Prior period information b)Anticipated results – Budgets, expectation of
auditor c)Industry information – Ratio of sales to trade receivables.
2. Relationship between: a)FS elements – Relation of gross profit to sales b)Financial information and
non-financial information
20. What is the basis for choosing analytical procedures for audit? Ans: Auditors professional judgment.
21. At the risk assessment stage, what are the possible sources of information about the client?
Ans: 1.Internal financial information2. Budgets3. Management accounts 4. Non- financial information
5. Bank and Cash records 6. Vat returns 7. Board minutes 8. Discussion of the correspondents with the
client at the year end.
22. What is materiality? Ans: Level of error that affects the decision of the users.
23. What does materiality depends on? Ans: Size of the error.
24. According to the BSA320, when should an auditor consider materiality? Ans: 1. Determining nature,
training & extent of audit procedure.2. Evaluating effect of misstatement
25. How does materiality assessment help the in decision making? Ans: It helps to decide: 1.How many
and what items to examine 2.Whether to use sampling techniques 3.Level of error
→Crossing this level will lead to say FS not true and fair
26.How risk & materiality are connected? Ans: Materiality is an audit procedure. Result of this reduces
the level of risk.
27.What is tolerable error? Can it change every year? Why? Ans: The maximum error that an auditor is
prepared to accept. Yes because: 1. Related to the size of business.
28. Why do you need to review materiality? Ans: Constantly review because of changes. Change in
– 1.Draft accounts – Due to material error 2.External Factors – It causes change in risk estimates.
29. What is audit risk: Risk of giving inappropriate opinion. Elements: 1. Risk of material Misstatement –
Depends on entity a)Inherent risk b)Control risk 2.Risk of failing to detect material misstatement
→Depends on auditor
30. What is Inherent risk and control risk? Differentiate. Ans: Inherent risk: Possibility of material
misstatement
→ No. of related internal control Control Risk: Possibility of not preventing or correcting a material
misstatement.
→Due to internal control system Difference: Inherent risk Control risk 1.Due to items nature 1.Due to
internal control risk 2.No internal control related 2.Internal control related
31. Give some example that might increase inherent risk.1.Balance includes estimates 2.Balance is
important 3.Financial statements
→Company in trouble
→Directors’ motive – eg. Profit target bonus 4.FS contains complex accounting 5.Industry in which it
operates6.Regulations it falls under.
32. Define detection risk. Which part of audit risk could be controlled by the auditor? How?Ans:
Possibility of not detecting a misstatement.
→Individually or aggregated
→Auditor’s aim is to reduce overall audit risk, not only one part.
33.Could detection risk be entirely eliminated? Why? Ans: No. Due to inherent limitations of audit.
35.If control risk & inherent risk both are high what effect it has on the audit? Ans:
36.Determine the audit risk would you accept the engagement? Inherent risk Control risk Detection risk
Audit risk High High High? Medium Low Medium? Ans:1.Audit risk = High. Not acceptable
37.If control risk is low, would you substantive procedure? Ans: No. Because auditor has to reduce
detection risk.
38.What are the steps to identify and assess risk? Ans: Step 1: Identify risk at understanding entity level.
39.According to BSA 315, which factor indicate a significant risk? Ans: 1.Risk of fraud2.Recent
development
40.Why do unusual transaction are more likely to give rise to material misstatement than routine and
regular transactions? Ans: Because unusual transaction have more:1.Management
interventions2.Manual interventions3.Complex accounting principles or calculations4.Opportinity for –
control procedure not followed.
41.What should an auditor do when found significant risk? Ans: Auditor must evaluate the design &
implementation of entity’s control in that area.
Sample basis
44. Why do Auditors Carry out test of control & substantive procedures?
a. Report Shareholder b. Conclude true and fair view c. Test capability to produce correct
information. Match result with intended result.
45. What is Sufficiency and appropriateness of evidence? How to measure the appropriateness of Audit
evidence?
1.0 Definition
An assurance engagement is one in which a practitioner expresses a conclusion designed to enhance
the degree of confidence of the intended users other than the responsible party about the outcome of the
evaluation or measurement of a subject matter against criteria.
Definition
The objective of an audit of financial statements is to enable the auditor to express an opinion whether
the financial statements are prepared, in all material respects, in accordance with an applicable financial
reporting framework.
Definitions
True: Information is factual and conforms with reality, not false. In addition the information conforms with
required standards and law. The accounts have been correctly extracted from the books and records.
Fair: Information is free from discrimination and bias in compliance with expected standards and rules. The
accounts should reflect the commercial substance of the company’s underlying transactions.
Limitations of assurance
A key issue for accountants is that there are limitations to assurance services, and therefore there is always a risk
involved that the wrong conclusion will be drawn.
The limitations of assurance services include:
The fact that testing is used – the auditors do not oversee the process of building the financial
statements from start to finish.
The fact that the accounting systems on which assurance providers may place a degree of reliance also have
inherent limitations (we shall look at control systems and their limitations in Chapter 5).
The fact that most audit evidence is persuasive rather than conclusive.
The fact that assurance providers would not test every item in the subject matter (this would be
prohibitively expensive for the responsible party, so a sampling approach is used – see Chapter 11).
The fact that the client's staff members may collude in fraud that can then be deliberately hidden from
the auditor or misrepresent matters to them for the same purpose.
The fact that assurance provision can be subjective and professional judgements have to be made (for
example, about what aspects of the subject matter are the most important, how much evidence to
obtain, etc).
The fact that assurance providers rely on the responsible party and its staff to provide correct
information, which in some cases may be impossible to verify by other means.
The fact that some items in the subject matter may be estimates and are therefore uncertain. It is
impossible to conclude absolutely that judgemental estimates are correct.
The fact that the nature of the assurance report might itself be limiting, as every judgement and
conclusion the assurance provider has drawn cannot be included in it.
Definitions
Audit strategy: The formulation of the general strategy for the audit, which sets the scope, timing and
direction of the audit and guides the development of the audit plan.
Audit plan: An audit plan is more detailed than the strategy and sets out the nature, timing and extent of
audit procedures (including risk assessment procedures) to be performed by engagement team members in order to
obtain sufficient appropriate audit evidence.
Definition
An attitude of professional scepticism means the auditor makes a critical assessment, with a questioning
mind, of the validity of audit evidence obtained and is alert to audit evidence that contradicts, or brings into
question, the reliability of documents and responses to inquiries and other information obtained from
management and those charged with governance.
Definition
Materiality: An expression of the relative significance or importance of a particular matter in the context
of financial statements as a whole. BSA Framework for the Preparation and Presentation of Financial Statements
states that a matter is material if its omission or misstatement would reasonably influence the economic
decisions of users taken on the basis of the financial statements.
Materiality depends on the size of the error in the context of its omission or misstatement.
Definition
Audit risk: The risk that the auditors give an inappropriate opinion on the financial statements.
Inherent risk: The susceptibility of an account balance or class of transactions to misstatement that could
be material individually or when aggregated with misstatements in other balances or classes, assuming there were no
related internal controls.
Control risk: The risk that a material misstatement would not be prevented, detected or corrected by the
accounting and internal control systems.
Detection risk: The risk that the auditors' procedures will not detect a misstatement that exists in an
account balance or class of transactions that could be material, either individually or when aggregated with
misstatements in other balances or classes.
Audit evidence: All of the information used by the auditor in arriving at the conclusions on which the
audit opinion is based.
Tests of controls: Performed to obtain audit evidence about the effectiveness of controls in preventing,
or detecting and correcting material misstatements at the assertion level.
Substantive procedures: Audit procedures performed to detect material misstatements at the assertion
level. They include:
Tests of detail of classes of transactions, account balances and disclosures.
Substantive analytical procedures.
The following generalisations may help in assessing the reliability of audit evidence.
Quality of evidence
External Audit evidence from external sources is more reliable than that obtained from the
entity's records
Auditor Evidence obtained directly by auditors is more reliable than that obtained indirectly or
by inference
Entity Evidence obtained from the entity's records is more reliable when related control
systems operate effectively
Written Evidence in the form of documents (paper or electronic) or written
representations are more reliable than oral representations
Originals Original documents are more reliable than photocopies, or facsimiles
Financial statement assertions: The representations by management, explicit or otherwise, that are
embodied in the financial statements.
Assertions used by the auditor
Assertions about classes of transactions and events for the period under audit Occurrence: transactions and
events that have been recorded have occurred and pertain to the entity.
Completeness: all transactions and events that should have been recorded have been recorded.
Accuracy: amounts and other data relating to recorded transactions and events have been recorded appropriately.
Cut-off: transactions and events have been recorded in the correct accounting period.
Classification: transactions and events have been recorded in the proper accounts.
Assertions about Account Balances at the period end
Existence: assets, liabilities and equity interests exist.
Rights and obligations: the entity holds or controls the rights to assets, and liabilities are the obligations of the
entity.
Completeness: all assets, liabilities and equity interests that should have been recorded have been recorded.
Valuation and allocation: assets, liabilities, and equity interests are included in the financial statements at
appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded.
Example: Opinions
Audit Opinion
In our opinion: the financial statements, prepared in accordance with Bangladesh Accounting Standards (BAS), give
a true and fair view of the state of the Company's affairs as of December 31, 20XX, and of the results of its
operations and its cash flow for the year then ended and comply with the applicable sections of the Companies Act
1994 and other applicable laws and regulations.
According to BSA 700, the audit report should include the following basic elements, usually in the following
layout.
Title
Addressee
Introductory paragraph identifying the financial statements audited
A statement of management's responsibility for the financial statements
A statement of the auditor's responsibility
Scope paragraph, including a description of the work performed by the auditor
Opinion paragraph containing an expression of opinion on the financial statements
Date of the report
Auditor's address
Auditor's signature
A measure of uniformity in the form and content of the audit report is desirable because it helps to
promote the reader's understanding and to identify unusual circumstances when they occur.
Definition
Internal control: ‘Internal control is the process designed and effected by those charged with governance,
management, and other personnel to provide reasonable assurance about the achievement of the entity’s objectives
with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with
applicable laws and regulations. It follows that internal control is designed and implemented to address identified
business risks that threaten the achievement of any of these objectives.’
Limitations of internal controls
Internal controls have some limitations. In other words, the risk to the business of operating cannot be
eliminated entirely.
Limitation Explanation
Expense A key limitation of controls is that they are expensive, and therefore may not be worth putting into place,
as the continual use of the control is more expensive than the cost of the risk arising. This is a matter of judgement
for the directors and often determines the structure and level of controls that are put into place in a business.
Human element
Another important limitation of controls is the human element. Most controls can only function as well as the
people that are implementing them. Controls are not necessarily fool-proof. If a human being makes a mistake
implementing a control, then that control might be ineffective. Another problem for companies associated with the
human element of controls is that of the intention of the people using them. Controls, such as keeping your computer
password secret, rely on the integrity of the people being asked to implement them. If people do not understand the
importance or relevance of the control they may be less inclined to adhere to it. At the more sinister end of this scale
for companies is the situation where staff
members want to override or avoid controls in order to defraud the company. Controls may be bypassed very
effectively and secretly by two or more people working together, that is, colluding in fraud.
Unusual transactions
Finally, a limitation of internal controls is that they are generally designed to deal with what normally or routinely
happens in a business. However, it may be the case that an unusual transaction may occur which does not fit into
the normal routines, in which case standard controls may not be relevant to the unusual transaction, and hence
mistakes may be made in relation to that unusual transaction.
Small companies may have particular problems in implementing effective internal control systems. This is largely
because of the human element discussed above. Small companies generally have fewer
employees than larger companies, meaning that there are fewer people to involve in the internal
There is direct relationship between the strategies and internal controls because controls are
established to attain the objectives. For example if one of the objectives of the entity is orderly
and efficient operations, controls may be established to reduce wastage of material and reduce
overtime.
Why obtaining an understanding of internal controls and evaluating the design of controls
and determining whether these have been implemented, is not sufficient to serve as testing
operating effectiveness of controls?
Although the auditor . ordinarily uses .same procedures in obtaining understanding of the design
and implementation of controls and procedures for tests of operating effectiveness of controls,
(except that re performance is not a procedure for obtaining understanding) the objectives are
different. The objective of tests of control is to evaluate whether a control operated effectively.
Tests of operating effectiveness involves testing the controls throughout the period.
Tests of operating effectiveness requires a large sample size. The more the auditor intends to
place reliance on tests of controls, the greater is the extent of test of controls.
1. Many internal controls which would be relevant to large entities are not practical in small
business, for example segregation of duties.
2. Strong management control system in which owner / manager supervisory control exist
because of direct personal knowledge of the entity and involvement in transactions
3. Extended substantive procedures have to be performed.
4. Relatively more reliance has to be placed on management representations
5. If the auditor is requested to perform accounting work, it should be clearly mentioned that the
accounts have been complied from the data provided by management. The auditor has only
assisted management in preparing financial statements and takes no responsibility for the
correctness of such statements.
Discuss the concepts “auditing around the computer” and “auditing through the
computer”
Auting around the computer involves testing controls ignoring the computer, in an IT
environment. It is similar to testing control in a manual internal control systems. The procedures
performed are similar to the manual procedures of tracing transactions through selected
components of the client’s accounting and internal control system to he existence and
effectiveness of internal controls.
The Auditing around the computer is used when the processing applications well documented
and sufficient visual output exists or can be the client. The auditor can use familiar auditing
procedures the tests and it is not necessary to test computer programs around the computer may
be used to test most of the general IT controIs.
A disadvantage of this approach that cost-effective techniques available through the use of
CAATS are not used.
Auditing through the computer involves use of computer – assisted audit techniques. These tests
are used generally in testing input validation routines and programmed processing controls. The
technique has to be used when a significant part of the internal controls are related to computer
program and there is a significant missing auditing trail. Disadvantages of this techniques are the
specialized knowledge and skills required, and the possible interference with the clients data
processing operation when the auditor uses client’s equipment, programs and files.
What controls should be exercised before recording accounts payable in
the books?
Before entering a liability for goods and services following control should be exercised.
(a) Describe how would you apply test data technique regarding sales and receivables.
What are the limitations of such techniques.
(b) How would you use auditing around the computer to verify sales?
(a)
1. Review clients’ documentation and identify programmed controls
2. Obtain updated print out form the client
3. Create, for example, 25 invoices
4. Enter transactions on a spread sheet
5. Calculate predetermined computer results
6. Process stimulated transactions with the client’s computer program
7. Obtain updated print Out and compare with the predetermined results
8. If the predetermined results match with updated print out, controls are assumed to be
functioning as stipulated in program documentation
9. Prepare another 25 sales invoices. This time, the invoices the should reflect invalid data
including incorrect customer numbers, invalid name, products in which the company does not
deal, funny dates, unusual credit limits
10. Check that the computer does not accept invalid invoices.
Limitations
1. The auditor cannot be sure that the same program is used in daily operations as used for test
data
2. The test data technique is time consuming and has to be tailor-made for each client
3. A successful test data run does not necessarily indicate effectiveness of client’s internal
controls because other types of errors or frauds could occur outside the computer processing
area. For example, failure to report all cash receipts.
When goods are received the details are entered in the computer system
Supplier sends the invoice to accounts
Accounts department inputs the invoice in the computer system
The computer system accepts the invoice only if the system has a record purchase order and
record of goods received
The computer system posts invoice to accounts payable record.
Audit risks is composed of inherent risk, control risk and detection risk Control risk and inherent
risk are risks prior to audit and termed as risk of misstatement in the financial statements.
Conglomerate is a high risk client is a high risk client. The auditor should be alert to following
risk areas.
Distinguish between:
a) Attribute sampling and variable sampling
b) Sampling risk and non sampling risk
c) Alpha risk and beta risk.
Attribute refers to presence or absence of any character. For example, test of control, matching of
delivery note with sales invoice is an attribute. The attribute sampling refers to statistics relating
to test controls and measures presence of controls or deviations from prescribed procedures. The
attribute sampling may be used for example to discover rate of deviations in payroll processing
or cash disbursements.
Variable sampling is applied to account balance verification and measures the accuracy of
amounts in account balances. For example, an auditor may use variable sampling for accounts
receivable, inventories and fixed assets balances.
Sampling risk refers to the fact that sample selected by the auditor may not be representative of
population. As a result the rate of deviation or monetary error may not be proportionate to these
found in the population. The risk can be reduced by increasing sample size. There an inverse
relationship between sample size and sampling risk. That is, the greater the sampling size the
lower will be the sampling risk. Accordingly, if all items in a population are checked, the
sampling risk ill be zero.
Non sampling risks refer to all aspects of audit risks not due to sampling. For example use of an
inappropriate audit procedures, or misinterpreting the errors, or reliance on erroneous
information received from another party.
The risk of incorrect rejection is called alpha risk. The consequence of the risk is that the auditor
may assume on the basis of sample results that a population is materially misstated when, in fact,
it is not.
The risk of incorrect acceptance is called beta risk. The consequence the risk is that the auditor
may assume on the basis of sample results that the population is free of material misstatement
when in fact material errors exist in the population.
(A) STRATIFICATION
4. By using small sample size which covers large values in an account, audit efficiency and audit
effectiveness are increased.
5. Generally, all items over book value of tolerable misstatement are tested. Systematic selection
method may be used on remaining items.
1. Systematic selection involves dividing population units by the sample size and selecting every
nth item. The first item is selected randomly.
2. The method is quite simple to apply
3. Auditor’s bias is reduced
4. The bias can further be avoided but taking two starting numbers
5. The technique can be used even if the documents are not sequentially numbered
6. Auditor this technique all items whether high value or low value have an equal chance of
being selected.
7. Under this technique all items whether high value or low value have an equal chance of being
selected.
1. Random number tables contain rows and columns. Such rows and columns are absolutely
arbitrary.
2. The numbers are meaningless
3. The auditor should use the random number table of the same digits as contained in the
population.
4. The auditor reads the column and selects a starting point and marks the sampling unit to be
selected.
5. The selection is complete when the desired sample size has been identified.
6. The starting point is selected randomly
7. If the same number is selected twice, the duplicate number can be ignored without increasing
size.
8. The method avoids auditor’s bias and all sampling units have a chance of being selected.
9. The numbers can be read top to bottom or right to left.
All invoices in the above blocks will be verified. Further sampling is not advisable.
3. The blocks may also consist of particular months. For example, sales invoices issued during
March, June, and August 2013.
4. Block sampling is not encouraged as all items in the population do not have a chance of being
selected.