Audit Final Exam

Question 1: 33 marks
Question: Ethical principles, safeguards/action
There are 5 ethical principles.
The first principle is confidentiality. Auditors should not disclose audit client’s confidential
information to third parties unless, there is proper and specific authority from audit client to
do so, it is a legal duty or professional duty to disclose audit client’s confidential information
to third parties and it is the auditor’s professional right to do so. Auditor do not need to seek
permission for legal duty and professional right.
The second principle is integrity. Auditors should be honest and should not be associated
with financial statements or other information they believe that the information contains a
materially false or misleading statement, contains statements or information furnished
recklessly or has omission or obscurity that would be misleading.
The third principle is objectivity. Auditors should avoid relationships that are bias or unduly
influence the professional judgement of the member. They should not allow the relationship
with the company management to influence the audit opinion.
The fourth principle is professional competence and due care . Auditors should act diligently
and in accordance with applica ble technical and professional standards when providing
professional services. Auditors should have the necessary expertise or resource to perform
the audit effectively.
The fifth principle is professional behaviour. Auditors should comply with relevant laws and
regulations and avoid any action that discredits the profession.
Safeguards and Actions
1. financial interest If an audit team member or their immediate family member has a direct
or material indirect financial interest, this could lead to self-interest threat. This is significant
and no safeguards could reduce to an acceptable level. However, if their close family member
has a direct or material indirect financial interest, the significant of the threat depends on
the nature of their rel ationship and the materiality of their financial interest. Safeguards
involve close family member to dispose all or sufficient amount of the financial interest,
professional accountant to review work or remove audit team member from audit team.
2. loans and guarantees from a bank or similar institution can lead to self-interest threat. If
it not made under normal lending terms, this is so significant that no level of safeguard can
reduce the threat to an acceptable level. If it is made under normal lendin g terms, the
significance of the threat depends on the materiality of the loan. Safeguards that could be
put in place are having a professional accountant review work of the audit team. If audit
client is not a bank or similar institution, it should be avo ided unless loan is immaterial to
both firm and client.
3. business relationships can lead to self -interest or intimidation threat. If it is a commercial
relationship that operates at arm length, the threat is not significant. However, if the
business is material and significant, no amount of safeguards can reduce the threat to an
acceptable level.
4. family and personal relationships may lead to self-interest, familiarity or intimidation
threat. The significance of the threat depends on the audit team member responsibilities,
role of the family member or other individual within the audit client and closeness of the
relationship. Safeguards include, removing individual from audit team or restructuring the
responsibil ities of the audit team so that he does not deal with the matters that are within
the responsibilities of the immediate family member .
5. employment with an audit client . If a former member of the audit team or partner of the
firm has joined the audit cli ent it could lead to familiarity and intimidation threat. The
significance of the threat depends on the position the former audit team member has taken
at the client, if he will have any involvement with the audit team, length of time since he left,
former position at the audit team. If the individual was a Key Audit partner (KAP), and it has
been less than 2 years it should be avoid. If not, safeguards include, modifying the audit plan,
assign individuals to the audit team with sufficient experience and ha ving a professional
accountant review work of the former member of audit team.
6. temporary staff assignments by lending audit team member to audit client may lead to
self-review threat. The significance of the treat depends on the work involved. If he is
involved in providing non -assurance services that would not be permitted and has
management responsibilities, it should be avoided. If not, safeguards include, conducting
additional review of the work performed by the loaned staff, not giving loan staff au dit
responsibility for the work he performed or not involving him as a member of the audit team.
7. recent service with audit client could lead to familiarity th reat, advocacy threat and self -
review threat. If audit team member was a director or officer o f the audit client or was in a
position to exert significant influence during the period covered by audit report there is no
safeguards that could reduce threat to an acceptable level. However, if this was all before the
period covered by audit report, the significance of the threat depends on the position of the
position held with the client, length of time since the individual left, role he has with the
audit team. Safeguards include, reviewing the work performed by individual as a member of
audit team.
8. serving as a director or officer of an audit client , an audit partner or employee of the
audit firm cannot serve as director or officer of an audit client as this would lead to self-
review and self-interest threat that would be so significant that no level of safeguards could
reduce threat to an acceptable level.
9. long association of senior personnel (including partner rotation) with an audit client
could lead to familiarity threat. The significance of the threat depends on how long the
individual has been a member of the audit team, role of the individual on the audit team,
structure of the firm, nature of the audit engagement, whether the client’s management
team has changed and whether the nature or complexity of the client’s accounting and
reporting issues has changed. If the audit client is a public interest entity (PIE ), individual
shall not be a key audit partner (KAP) for more than 7 years. The individual shall not be a
member of the engagement team or be a key audit partner for client for 2 years. Safeguards
include rotating the senior personnel of the audit team, have a professional accountant that
is not a member of the audit team review work of senior personnel and regular independent
internal or external quality r eviews of the engagement.
10. provision of non -assurance services to an audit client
10.1 Preparing accounting records and financial statements can lead to self -review threat. If
the client is a PIE, no amount of safeguards can reduce that threat to an acceptable level
except in emergency situations such as only the firm has the resources and necessary
knowledge of the clients system and procedur es to assist the client in the timely preparation
of the accounting records and financial statements or restriction for firm to provide such
services would result difficulties for clients such as failure to meet regulatory reporting Commented [DD1]:
requirement. Safeguards for this include, providers of the services should not be members of
the audit team, services are provided for a short period of time and not expected to recur
and is discussed with those charged with governance. If not, firm may provide services
related to preparation of accounting records and financial statements where the services a re
routine and mechanical in nature. Safeguards include having an individual that is not a
member of the audit team perform such services and have a partner or senior staf f with
appropriate expertise to review the work performed.
10.2 Providing specialist valuation services such as making assumptions of computing values
for assets, liabilities or business as a whole can lead to self-review threat. The significance of
the threat depends on the materiality of the threat and whether the valuation involves a
significant degree of subjectivity.
10.3 Providing management recruiting services may lead to self-interest, familiarity or
intimidation threat. The significance of the rol e depends on the nature of the requested
assistance and the role of the person to be recruited. In all cases, firms shall not assume
management responsibilities. For clients who are PIEs, a firm cannot provide them recruiting
services for a director, offic er of the entity, senior management that is in a position to exert
significant influence over the preparation of the clients accounting records and financial
statements.
10.4 Providing corporate finance services include providing corporate strategies, iden tify
possible targets for audit client to acquire, advising disposal transactions and providing
structuring advice can lead to self -review threat. Safeguards include having separate teams
and independent review of the accounting treatment and any financia l statement treatment.
If services include, promoting, dealing in, underwriting an audit client’s shares it would
create an advocacy or self -review threat that no safeguards that could reduce threat to an
acceptable level.
10.5 Providing IT and other services can lead to self -review threat. If a client is not a PIE,
firm can provide services involving design or implementation of IT systems. Safeguards
include having the client acknowledge its responsibilities for establishing and monitoring
systems of internal controls and clients has to assign and make all management decisions
with respect to the design and implementation of the hardware or software to a senior
management, clients evaluate the adequacy of and results of the design and implementation
of the system and client is responsible for operating the system and data it uses and
generates. If client is a PIE, firm shall not provide services involving design and
implementation of IT systems that forms a significant part of internal control over the
financial reporting and generate information that is significant to the client’s accounting
records and financial statements on which the firm will express an opinion.
10.6 Providing Internal audit services involves assisting the client in the performance of the
internal audit services can lead to self -review threat. Firm shall not assume management
responsibilities. Audit clients that are PIEs shall not be provided services that forms a
significant part of internal controls over financial reporting, financial accounting systems that
generate information significant to the client’s accounting records or financial statements.
10.7 Providing taxation services does not generally create threat to independence if
management take responsibility of the returns and significant judgements made . If client is a
PIE, should not prepare tax calculations of current and deferred ta x liabilities or for the
purpose of preparing accounting entries that are material to the finan cial statements on
which the firm will express an opinion unless in emergency situations . If not, the significance
of threats depends on complexity of the relevant tax law and regulation and degree of
judgement necessary in applying them, level of tax expertise of the client’s personnel and
materiality of the amounts to the financial statements. Safeguards include having
professional who are not members of the audit team to perform the service , partner or senior
staff to review work done, obtain external ad vice from external t ax professional.
10.7.1 Providing assistance in the resolution of tax disputes can lead to advocacy threat or
self-review threat. The significance of the threat depends on whether the firm has provided
the advice which is the subject o f the tax dispute, extent of the outcome of the dispute have
a material effect on fs on which firm will express on opinion, extent to which the matter is
supported by law or regulation, whether the proceedings are conducted in public and the role
management plays in the resolution of the dispute. Safeguards include having professionals
who are not members of the audit team to perform service, have tax professional who is not
involved in the audit team and obtain advice from external tax professional.
11a Fees – relative size. When the total fees from an audit client represents a large
proportion of the fees of the firm it may lead to self -interest or intimidation threat.
Significance depends on factors such as operating structure of the f irm, whether the firm is
well established or new and the significance of the client qualitatively or quantitatively both
to the firm. Safeguards include reducing the dependency on the client, external quality
control reviews and consulting third party. If client is a PIE, and the total fees of 2 years is
more than 15% of the total fees received by firm, it must be disclosed to those charged with
governance of audit client. Safeguards include prior issuance of the audit opinion on the
second years’ financial statements, and after the audit opinion on the second year’s financial
statements have been issued and before the issuance of the audit opinion on the third year’s
financial statements to have professional accountants who is not a member of a firm
performs an engagement quality control review. If non-audit fees are 50% or more of the
total annual audit fees, firm must disclose to those charged with governance . Safeguards
include independent internal or external quality control review s of engagements and consult
third party on key audit judgements.
11b Fees – Overdue may create self -interest threat where firm is more concern on recovering
the fees. The significance of the threat depends on the materiality of the fees. If the fees are
equivalent to a loan it should be avoided. If not, safeguards include having additional
professional accountant who did not take part in the audit engagement provide advice or
review the work performed.
11c Contingent Fees are calculated on a predetermined basis relating to the o utcome of a
transition or results of the service. This will lead to self -interest threat and no safeguard can
reduce it to an acceptable level.
12. Gifts and hospitality can lead to self -interest threat. The significance of the threat
depends on the nature , value and intent of the offer. It should be trivial and inconsequential
and does not influence the decision making.
13. Actual or Threatened Litigation can create intimidation threats. The significance of the
threats depends on the materiality of the lit igation and whether the litigation relates to a
prior audit engagement. Safeguards include removing individual involved in the litigation and
professional review work performed.
Question: EP200
Anti-Money Laundering and Countering the Financing Terrorism.
Money laundering is the concealment of the origins of illegally obtained money into
legitimate business. Terrorist financing refers to both direct and indirect act of providing or
collecting property for terrorist acts, providing property and services for terrorist purposes.
Section 2: Reporting and Tipping Off It is mandatory for a person who is in the course of his
profession to lodge a suspicious transaction to the suspicious transaction rep orting office
(STRO), Commercial Affairs Department (CAD) without undue delay, if the individual suspect
transactions are related to money laundering or terrorist financing. Statutory immunity is
granted from any legal action, criminal or civil for bread o f confidence as report is made in
good faith. They are prohibited from disclosing any information to any person if doing so is
likely to prejudice an investigation .
Section 4: Customer Due Diligence and Records Keepings Professional firms have to identify
the beneficial owners of the clients. They should disclose the individuals who has a
controlling ownership interest in a legal person, individuals exercising control of the legal
person or arrangement through other means and individual who holds the position of senior
managing official.
Section 5: Reporting, Training, Compliance, Hiring and Audit This section is not mandatory
on the professional firms but provides go od guidance. Firms should establish a single
reference point within the organisation such as the Money Laundering Reporting Officer
(MLRO) for employees to report transactions that are suspected of money laundering or
terrorist financing. The MLRO will det ermine whether a report to the STRO is necessary.
Professional firms should also establish an on -going training program as well as a refresher
training to remind them of their responsibilities and kept updated of new developments.
Question: Reliability of evidence
Reliability of evidence depends on sources of evidence , effectiveness of control systems,
written or oral evidence and original or photocopied documents. Evidence are more reliable if
they are from external sources, obtained by auditors, accountin g and internal control
operates effectively, in the form of documents and written representations, original
documents, created in the normal course of business, evidence about past events and are
consistent. Evidence are less reliable if it’s from the enti ty’s records, accounting and internal
control do not operate effectively, obtained by or from entity, oral representation,
photocopies, telexes or facsimiles, specially created to satisfy auditor, evidence about future
and inconsistent.
Question: Audit procedures and related assertions
Audit procedures to obtain evidence include
1. inspection of tangible assets to check for existence. 2. reperformance is when the auditor
carries out procedures being perform by others. 3. inquiry is seeking information of
knowledgeable persons within entity or outside entity. This may range from formal written to
informal oral inquiries. 4. Observation is when auditors look at procedures perform by others
however, it is limited to the point at which observation takes place and modifying of
behaviour. 5. Recalculation is when auditor checks the arithmetical accuracy of source
documents, accounting records and investigate unusual items or fluctuations. 6. Analytical
procedures is to analyse ratios and trends to see fluctuations and relationships that are
inconsistent with other relevant information that deviate from predicted amounts 7.
Confirmation is when an auditor obtai ns a written response from outside or within, he entity
to support information contained in accounting records.

Question 2: 34 marks
Question: Internal controls, assertions addressed, TOC
Components of internal control include the following
1.Control environment is the set of standards, processes and structures that provides the
basis for carrying out internal control across organisations. A strong control environment is
one with tight budgetary controls, an affective internal audit function and can significantly
complement specific control procedures.
2. Entity’s rick assessment process allows management to identify business risk relevant to
the preparation of financial statements and determine the risks to be managed. When risks
are properly identified at the start of the management process, the appropriate control
procedures will be put place to facilitate successful operation of the control system
3. Information System and Related Business Processes relevant to the financial reporting
and communication. With an effective accounting system, companies are able to identify and
record all valid transactions, describe transactions in sufficient detail with proper
classifications for financial reporting in a timely basis, measure proper monetary value of
transactions in financial statements, determine time period in which transactions occur by
recording transactions in proper accounting period and properly present transactions and
related disclosures in financial statements.
4. Control Activities are policies and procedures that help ensure that management’s
directives are carried out. 4.1 Segregation of duties are when responsibilities of authorizing,
recording transactions and maintaining custody of assets are assigned to different peopl e to
reduce risk of any person to commit and conceal errors or fraud. 4.2 Authorization is where
transactions have to the approved by a responsible person with clearly specified
authorization limits. 4.3 Supervision is where day -to-day transactions and rec ording of such
transactions should be supervised by responsible officials. 4.4 Arithmetical Accuracy is where
the auditor cross total, performs reconciliation and sequential controls over documents. 4.5
Performance reviews is where management analyse actua l performance vs budgets,
forecasts, prior period performance, review of management accounts and internal audit
function. 4.6 Information processing includes application controls and general IT controls.
4.7 Physical controls are tangible items such as sec urity doors, guards, cameras.
5. Monitoring of controls to ensure that they are in operation and are achieving their control
objectives. This includes management’s review of bank reconciliation to find out if it if
prepared in a timely basis and internal auditors’ evaluation of a department’s employees’
compliance with the entity’s policies.
Test of controls include:
1. Inquiry is to obtain some relevant information of the accounting system and its internal
control from management and employees
2. Observation is to observe how control procedures are carried out by employees
3. Inspection is to inspect whether manual controls are being perform such as inspect a
sample of invoices and look for evidence of approval.
4. Reperformance is when auditor repeats the control on the sample of items.
Question: Control deficiencies, risk implications and recommendation
Indicators of significant deficiencies in internal control include:
Significant transactions in whi ch management is financially interest are not appropriately
scrutinized by those charged with governance, indication of management fraud that was not
prevented by internal control, management failure t o implement remedial action on
significant deficiencies previously communicated, absence of a risk assessment process where
such a process would ordinarily be expected to be established, evidence of an ineffective risk
assessment process whereby auditor would expect the company risk assessment process to
have identified, evidence of an ineffective response to identified significant risks,
misstatement detected by auditors procedures that were not prevented, detected and
corrected by the company’s internal control, evidence of management inability to oversee
the preparation of financial statements.
Question: Processes tested: Revenue, HR management & Inventory management
The revenue process affects numerous, accounts in the financial statements. Sales
transactions affects trade accounts receivable, sales, allowa nce for uncollectible accounts
and bad debt expense. Cash receipts transactions affects cash, trade accounts receivables
and cash discounts. Sales return and allowance transa ctions affects sales returns, sales
allowances and trade accounts receivables. The functions of revenue processes includes
Order entry where acceptance of customer orders for goods and services into systems
accordance with management criteria , Credit athorization whereby appropriate approval of
customer orders for credit worthiness, Shipping of goods that has been authorized , Billing
whereby issuance of sales invoices to customers for goods shipped or services provided and
processing of billings adjustem ents for allowances, discounts and returns, Cash receipts
whereby processing of cash receipts from customers , Accounts receivables whereby
recording of all sales invoices, collections and credit memora ndum in idividual customer
accounts and General ledger must have proper accumlati on, classification and summarization
of revenue, collections and receivables in financial statements accounts.
Internal controls of revenue process include, all sales order made by phone must be
confirmed in writing and all sales order by email must be from authorises person and official
email address to prevent ficticious or miscommunicated sales order , credit check must be
performed on the new customer’s accoun t to ensure that only customers with low credit risk
are given the appropriate credit terms to limit bad debt risk , details in the customer sales
order are matched with customer file to ensure that the customers are authorised, price data
file to ensure prices are based on authorised price list , all shipments are authorised to ensure
that goods are shipped based on valid orders, billing department reviews open order report
and investigates outstanding orders to ensure that all customers sales orders are exec ute and
processed promptly, sales invoices are raised only after matching details with shipping
documents and customer sales orders to ensure that customers are only invoiced when goods
have been shipped, weekly and monthly reports are generated for manage ment review so
that errors and unusual items can be detected and followed up promptly, customer
statements are sent to customers so that customers can perform reconciliation with their
own AP ledger. Daily remittance report is being reconciled with the ban k’s remittance advise
listing by cash receipt clerk who are not involved in the sales administration, recording and
approval functions to ensure that all remittances from customer are banked in and recorded,
prompt review of such report will ensure that an y error in the recording of remittance
transactions against AR ledger accounts is detected and investigated.
Test of control s of revenue process includes, test a sample of sales order and verify whether
they are attached with customers confirmation and ve rified emails, inspect a sample of new
customer’s credit application form and ensure that they have been approved by the credit
controller and supported with credit documentation, inspect a sample of customer sales
order and look for signature for employee s performing matching, auditors can reperform and
match details of customer sales order with customer file, price data file and inventory file,
insect a sample of shipping documents and look for evidence of approval, inspect a sample of
open order report for evidence of review, reperform matching of sales invoices details with
shipping documents and customer sales order to ensure that matching was done properly by
employees, inspect a sample of monthly report for evidence of management review, review a
sample of customer statement, observe reconciliation done by different employees, inspect
remittance report and ensure that it is signed by cash receipts clerk and inquire cash receipt
clerk about his or her duties performed, review error report and verify if discrepancies have
been investigated.
HR management function includes human resources, supervision, timekeeping, payroll
processing, disbursement and general ledger.
Internal control of payroll process includes, controls must be in place to ensure that no
payments are made to fictitious employees and payments to valid employees are stopped
once the employee is terminated, payments for payroll -related services are being made for
time actually worked, safe custody of pay packets, Hiring and terminating of e mployees,
setting of pay rates, awarding benefits, making direct deposits to employees’ accounts and
issuing of payroll cheques must be approved, Internal control of payroll process, payroll
expense should be properly classified between direct and indirec t labour; otherwise,
inventory and cost of goods sold may not be valued properly, Independent check of payroll
summaries to ensure that employee’s gross pay and payroll deductions are correctly
computed, Supervised clocking in/out and Segregation of duties among persons preparing pay
sheets, checking and approving the m.
Test of controls will be for occurrence; the auditor want assurance that payments for payroll -
related services are being made to valid employees for time actually worked. For
authorization, check for evidence of approval. For accuracy, the auditor’s main concern is
that the employee’s gross pay and payroll deductions may be incorrectly computed.
The function in inventory management process includes inventory management where there
has to be authorization of production activity and maintenance of inventory at appropriate
levels, issuance of purchase requisitions to the purchasing department, raw materials stores
has custody of raw materials and issuance of raw materials to man ufacturing departments,
manufacturing is where there is production of goods, finished good stores where they have
the custody of finished goods and issuance of goods to the shipping department, cost
accounting whereby maintenance of the cost of manufacturing and inventory in cost records
and general ledger has to be properly accumulated, classified and summarized.
Internal controls such as segregation of duties should include, inventory management
function should be segregated with cost accounting function to avoid manipulation and result
in over or under statement of inventory and income, inventory store function should be
segregated from cost accounting function and cost accounting function should be segregated
from general ledger function to avoid unauth orized shipments to be made and covering of
theft of goods.
Test of controls for inventory transactions for occurrence are observe and evaluate proper
segregation of duties, review and test procedures for transfer of inventory , for issuing
materials to manufacturing departments, for account for numerical sequences of material
requisition. The auditor’s main concern is that all recorded inventory should occur and not be
stolen hence review and observation are the main test. For completeness, observe physical
safeguards over inventory , review and test client procedures for consignment goods . For
authorization, review authorised production schedules, test procedures for taking ph ysical
inventory. The auditor will use test controls that are closely related to the purchasing
process. For accuracy, review and test procedures for taking physical inventory, test
procedures use to develop standard cost, cost accumulation and variance reports, identifying
obsolete, slow moving and excess quantities and reconciliation of perpetual inventory to
general ledger account . For cut-off, review and test procedures for processing inventory
included on receiving reports into the perpetual records and review test procedures for
removing inventory from perpetual records based on shipments of goods . If not recorded in
the proper period, could affect a number of accounts. For classification, review the
procedures and forms used to classify inve ntory.

Question 3: 33 marks
RMM at financial statement level
RMM at FS level relates to the financial statement as a whole and may affect many
assertions. This may occur due to fraud by management.
RMM at assertion level, quantify the misstatement, assertion affected
RMM at assertion level is categorized into 2 tables, classes of transactions and events and
account balances (asset, liability and equity) .
COT AB
Occurrence Existence
Completeness Completeness
Accuracy AVA
Cut off Rights and
obligations
Classification Classification
Presentation Presentation

Accounts affected: Equipment, Inventory, Revenue, Expense, Account Receivables

For equipment, to test for existence, auditors will usually observe the equipment . To test for
rights and obligations, verify the client's ownership of the equipment by examining titles to
the equipment. To test for completeness, trace from equipment to equipment subsidiary
ledger to determine that the equipment is recorded. To test fo r classification, obtain or
prepare an analysis of the repair and maintenance expense account - to consider if any items
should be classified as capital expenditures. To test for AVA, recalculate the accounting for
retirements of equipment.
For inventory, to test for existence, observe count of physical inventory . To test for rights
and obligations, verify that the entity has the legal right to the recorded inventory. To test
for completeness, trace test counts and tag control information to the inventory co mpilation.
To test for AVA, inventory is properly recorded in accordance with FRS , inquire of
management concerning obsolete, slow -moving, or excess inventory and review book -to-
physical adjustment for possible misstatements.
For revenue, to test for occurrence of revenue, auditors can vouch recorded sales transaction
back to customer order and shipping document. To test completeness of revenue, auditors
can inspect a batch of pre -numbered documents and ensure that they are not missing any
numbers, select a sample of shipping documents and trace them into the sales journal. To
test for accuracy, recompute. To test for authorization, inspect the documents for evidence
of approval officer signature. Match the price with the authorized price list.
For expense, to test occurrence of expense, auditors can check payroll expenses are paid to
real employees by checking list of existing employees to payroll register.
For accounts receivable , to test for existence and ava, auditors will send confirm ation to the
company’s customers to confirm that it owes the amount of account receivables or he can
examine evidence of cash receipts after year ends.