Professional Documents
Culture Documents
CPA 17 - Auditing & Other Assurance Services
CPA 17 - Auditing & Other Assurance Services
Solution 1
Page 1 of 25
Know general audit objectives for classes of transactions, accounts and
disclosures.
The general audit objectives of the financial statements of EBL for the periods up
to 30th June 2021 in this case will be transaction related, balance related, and
presentation and disclosure related. These are broad in nature.
Know specific audit objectives for classes of transactions, accounts and
disclosures
Like the general audit objectives, the specific audit objectives of the financial
statements of EBL for the periods up to 30th June 2021 in this case will be
transaction related, balance related, and presentation and disclosure related.
These are very specific in nature.
(ii) Document your assessment of inherent risk for the audit of EBL for the
periods up to 30th June 2021.
Nature of EBL’s business e.g., expiry of products or obsolescence.
Inherent risk varies from business to business for accounts such as inventory,
accounts receivable, investments, property, plant and equipment. EBL may face
a greater likelihood of obsolete inventory because it deals with sanitizer which
has a specific shelf life and therefore expires. Wines, spirits and alcohol
beverages have a longer shelf life than sanitizers.
Results of previous period audits of EBL, regarding misstatements.
Misstatements found in the previous year’s audit of EBL have a high likelihood of
occurring again in the current year’s audit. This is because many types of
misstatements identified in EBL are systemic in nature, and the business is often
slow in making the necessary changes to eliminate them. Therefore, an audit
team of VXL will be negligent if the results of the preceding year’s audit are
ignored during the development of the subsequent year’s audit programs.
Initial (less knowledge) versus repeat engagements with EBL.
VXL Certified Public Accountants will gain experience and knowledge about the
likelihood of misstatements in EBL after auditing for several years. The lack of
previous year’s audit results causes VXL to assess a higher inherent risk for initial
audits than for repeat engagements in which no material misstatements were
previously found. VXL will set a high inherent risk in the first year of an audit and
reduce it in subsequent years as they gain more knowledge about EBL.
Related parties & compliance with arms’ length principle.
Transactions between the EBL main plant located in Kampala and the 3
autonomous branches located in Gulu, Mbarara and Jinja, and those between the
founders (Mr. Kitti and Kazitto), management and the corporate entity, are
examples of related party transactions as defined by IFRS. Since these
transactions did not occur between two independent parties dealing at arm’s
length, a greater likelihood exists that they might be misstated or inadequately
disclosed in the financial statements, causing an increased inherent risk.
Page 2 of 25
Complex or non-routine transactions.
Transactions that are unusual for EBL, or involve lengthy or complex contracts,
are more likely to be incorrectly recorded than routine transactions because EBL
often lack experience in recording them e.g., major property acquisitions,
purchase of complex investments and restructuring charges from discontinued
operations. By gaining knowledge of EBL’s business and reviewing minutes of
management meetings, VXL can assess the consequences of complex or non-
routine transactions made by EBL.
Judgement & estimations required to correctly record account balances and
transactions.
A number of account balances such as investments recorded at fair value,
allowances for uncollectible accounts receivables, obsolete inventory, asset
impairment, major repairs versus partial replacements of assets, and bank loan
loss reserves require estimates and a great deal of management judgement
related to valuation. Since they require considerable judgement, the likelihood of
misstatements increases, and as a result VXL should increase inherent risk.
Make-up of the population especially overdue balances & large volumes.
Often, individual items making up the total population also affect VXL’s
expectation of material misstatements. VXL will use a higher inherent risk for
valuation of accounts receivable where most accounts of EBL are significantly
over-due than where most accounts are current. Such situations require more
investigations because of the greater likelihood of misstatement than occurs with
more typical transactions.
Matters of fraudulent financial reporting due to lack of integrity.
Management of EBL may lack integrity and be motivated to misstate financial
statements which increases inherent risk. VXL will be required to investigate
more because of the greater likelihood of fraudulent financial reporting resulting
from misstatements. VXL will perform additional procedures to assess fraud risk
beyond assessing the risk of misstatements in relevant audit objectives to
respond to those risks.
Matters of misappropriation of assets.
Management of EBL may lack integrity and is motivated to misappropriate assets
increasing inherent risk. VXL will be required to investigate more because of the
greater likelihood of fraudulent financial reporting resulting from the
misappropriation of assets. VXL will perform additional procedures on assets to
assess fraud risk beyond assessing the risk of misappropriation of assets in
relevant audit objectives to respond to those risks.
Weak internal controls.
A number of issues identified at EBL (e.g., missing documented TORs, absence
of board of directors, incompetent or inadequate accountants, etc.) justify the
ineffectiveness of internal controls. Thus, evidence of inherent risk associated
with high levels of weak internal controls.
Page 3 of 25
(b) Discuss with the VXL audit team;
(i) The possible features which would lead you to investigate a particular
transaction in EBL to determine whether it is a related party transaction.
Unusual terms of trade. EBL transactions between the 4 branches (located in
Kampala, Gulu, Mbarara and Jinja) and the main factory which have unusual
terms of trade, such as unusual prices like discounted prices, and repayment
terms or credit terms extended to the branches.
Lack of logical business sense. EBL transactions between the 4 branches of
EBL that may appear to lack a logical business reason for their occurrence.
Complex transactions. EBL transactions between the 4 branches of EBL
that are overly complex and not easily understood.
Newly identified related parties or transactions. EBL transactions between the
4 branches of EBL which may involve previously unidentified related parties.
Unclearly processed transactions. EBL transactions between the 4 branches
of EBL that are processed in an unusual manner.
(ii) The audit procedures to perform by VXL certified public accountants to
ensure that material related party transactions of EBL have been
identified.
Obtain a list of current known related parties of EBL for the periods
ending 30th June 2021, such as, all the EBL branches.
Ensure that the permanent file for EBL is updated for the identified related
parties.
Being the first financial audit of EBL, perform company search on EBL;
otherwise review statutory records to confirm directorships, other
directorships and significant investors.
Discuss the list of related parties obtained from EBL as disclosed by the
directors as to its accuracy and completeness.
Enquire of the EBL directors as to whether there have been any material
transactions with the related party, such as loans, purchase of inventory etc.
List and review all EBL transactions disclosed by the directors.
Review the accounting records of EBL before and after the periods ended
for any large or round sum amounts; investigate and analyse with reasons.
Analyse all loans receivable or payable for EBL, and seek confirmation of
identity of lender or borrower for accuracy and existence.
Review board minutes and enquire as to whether EBL has provided any
guarantees.
Page 4 of 25
Analyse the details of guarantees given by EBL and review the terms.
Include confirmation of all EBL related party transactions or lack of them
within the letter of representation.
Check the adequacy & accuracy of disclosure and compliance within the
context of IAS 24 in the financial statements of EBL.
(c) Describe to the VXL audit team:
(i) The business risks arising from the outsourcing of EBL’s payroll function,
and the implications for the financial statements of EBL for the periods
ending 30th June 2021.
Loss, theft or misuse of personal data obtained by the individual employees
of EBL or VXL, for the period under review.
Reputational damage for EBL resulting from non-compliance especially with
deduction and remittance of statutory obligations.
Fines for late submissions and non-submission of returns to the statutory
authorities such as URA and NSSF.
Sanctions from the government - imposed on EBL for breach of data
protection that may be considered by government of Uganda using the
laws of Uganda.
Continued incompetence of staff & management, arising from failure to internally
manage payroll function i.e. lack of opportunity for practical capacity building of
staff
Low employee motivation & likelihood of loss of key staff, in case the staff
perceive/attribute outsourcing of payroll function to be due to of lack of trust
amongst the staff by management
(ii) The key controls for the payroll and personnel cycle suitable for assessing
control risk at EBL as at 30th May 2021
Adequate separation of duties within EBL
EBL should have an in-house human resource department with clear segregation
of duties. Separation of duties at EBL is important in the payroll and personnel
cycle, especially to prevent overpayments and payments to nonexistent
employees. The payroll function at EBL should be kept independent of the
human resource function, which controls key payroll activities, such as adding
and deleting employees. Payroll processing at EBL should also be separate from
the issuance of payroll disbursements.
Proper authorisation
The human resource function of EBL should be the only authorised unit to add
and delete employees from the payroll or change pay rates and deductions. The
Page 5 of 25
number of hours worked by each employee of EBL, especially overtime, should
be authorised by the designated employee’s supervisor. Approval may be noted
on all-time records or done on an exception basis only for overtime hours.
Page 6 of 25
(d) As the audit manager, guide the audit team on:
(i) The specific conditions required to exist for the audit team to issue the standard
unqualified audit reports.
If all the financial statements agree with the records of the entity, & the records
include all the transactions for the accounting period.
(ii) The circumstances that must exist for the auditor to issue an unqualified audit
report with emphasis of matter explanatory paragraph or modified wording.
Page 7 of 25
Substantial doubt (material uncertainty) about going concern of EBL but if
adequate disclosures have been made in the report.
The auditing standards require VXL to include among his responsibilities to
evaluate whether EBL is likely to continue as a going concern. For example,
existence of the following factors causes uncertainty about the ability of EBL to
continue as a going concern: Significant recurring operating losses or working
capital deficiencies; Inability of EBL to pay its obligations as they fall due; Loss of
major customers, the occurrence of uninsured catastrophe e.g. floods,
earthquakes etc. The concern of VXL is the possibility of EBL to be able to
continue in operation or meet obligations for a reasonable period, usually not
exceeding one (1) year from the date of the audit. When VXL concludes that
there is substantial doubt of VXL to continue as a going concern, an unqualified
opinion with an emphasis of matter is required.
Page 8 of 25
Need for emphasis of matter paragraph when there is a significant uncertainty
(other than a going concern), the resolution of which is dependent upon future
events & which may affect the financial statements.
Solution 2
Ethics refers to the set of moral principles or values which may include laws and
regulations, codes of ethics for professional groups like CPAs e.g. conflict of
interest, whereas
Ethical dilemmas refer to a situation a CPA faces in which a decision must be
made about the appropriate behaviour whether to accept being both an internal
auditor manager & external auditor manager of the same client or not.
(ii) Describe the six steps approach to be adopted by the audit manager of
MMK in resolving the ethical dilemma.
Determine the people affected by the outcome of the dilemma and how each
person or group is affected. The audit manager appointed to be in charge of the
internal audit engagements of Zoch Limited is also a key member of the external
audit team of the same client. This will definitely result into a self-review threat
in executing Zoch audits.
Page 9 of 25
Determine the significance of ethical threat/issues (impact) i.e. rate or rank the
ethical issues/threats in order to appreciate the necessary safeguards to be
adopted to address the identified ethical issue/threat e.g. rank by low, medium
or high, significant or insignificant, etc. In this case, the ethical issue (conflict of
interest) or threat to objectivity or self-review is significant or high risk.
Identify the alternatives available to the person who must resolve the dilemma.
The audit manager can either decline the appointment as the audit manager for
the internal audit assignments of Zoch Limited or resign from the external audit
team of Zoch limited. This action should clearly disclose the reasons as conflict of
interest.
(i) The likely causes of audit failure that may be faced by MMK Consultants
for the audit of Zoch Limited.
The failure of the audit team to assess audit risk properly. This is where
MMK fails to properly identify the audit risks for the audit of Zoch Limited.
This is likely to be caused by failure by the audit team to fully understand the
business and control environment of Zoch Limited.
Page 10 of 25
area of competence. The audit team from MMK consultants may not have
the right knowledge, experience and competencies to properly execute
the audit in Zoch Limited.
The failure to have adequate and appropriate staff to assign separate team
members on internal & external audit engagements. The firm may have
inadequate staff to fulfil the need to separate team members of the internal
audit engagement and external audit engagement especially with increase in
clientele from 51 to 112 clients.
Inadequate time to conduct the audit engagements for Zoch alongside other
increased clientele. Lack of adequate time might result into poor quality of work-
done by the staff of MMK.
High staff turnover - especially engagement team members leaving in the middle
of the audit assignment before it's done. Exit of staff disrupts continuity of audit
engagements.
No policies & weak internal controls - lack of policies for auditor's guidance in
audit execution and having weak internal controls increases the risk of the
auditor failure to identify existing risks i.e. makes the audit failure inherent due
to high possibility of failure to identify potential risks.
If the scope and nature of internal audit services provided to Zoch Limited
by MMK Consultants is not defined. The management threat can be
unacceptably high for MMK Consultants where the scope and nature of
internal audit services is not specified. Where MMK is involved in making
decisions for the management team of Zoch Limited then the
management threat will be unacceptably high. MMK is only responsible to
the extent of making recommendations but not getting involved in
decision making of management at Zoch Limited.
Page 11 of 25
management threat is unacceptably high where MMK Consultants is
involved in taking responsibility for risk management at Zoch Limited.
MMK is only supposed to be involved in reviewing the risk management
at Zoch Limited as an internal audit function.
Page 12 of 25
compliance actually happens within the firm, through disciplinary
procedures and other systems.
MMK is required to empower all the staff of the firm at the various levels
to communicate about ethical issues. The communicating mechanism
should be handled with integrity and transparency.
Solution 3
Page 13 of 25
To maintain adequate internal control, assets and records of CTL must be
protected. If CTL assets are unprotected, they can be stolen by employees. If
CTL records are not adequately protected, they can be stolen, damaged, altered
or lost by employees. This can seriously disrupt the accounting process and
business operations of CTL. For highly computerised companies, equipment,
programs and data files must be protected.
(b) Describe the possible limitations of Internal Controls that have been
recommended to CTL in (a) above.
Limitations of internal control will always exist no matter what industry the
company is in or how strong the control procedures in place are. Hence, it is
important to understand those limitations of internal control.
Override control
Internal controls at CTL will not work if it is overridden by management or
employees with high authority. It may be possible that management can override
the controls with their authority, e.g. if the CEO tells low-level employees of CTL
to do something, they usually will do so, even if it will not comply with control
policies of CTL.
Page 14 of 25
Collusion
Internal control will not work at CTL if the employees or management collude to
by-pass the control in place. This limitation of control is the type that overtakes
the segregation of duties control procedures. For example, segregation of duties
at CTL can be extremely effective in an internal control system. However, if
employees who are supposed to act independently collude amongst themselves,
the internal control of segregation of duties here will not work anymore.
Deliberate circumvention
Although the internal controls at CTL are implemented to prevent or detect
errors, deliberate circumvention by employees in the system can still occur
Cost-benefit consideration
Controls that cost more than the benefit they are expected to give are not worth
having. Usually, CTL may decide that certain controls are too costly to
implement, considering the risk that can occur due to the lack of such controls.
However, strong internal controls for CTL are still essential despite having those
existences of internal control limitations. This is due to internal controls bringing
many benefits to the business operations of CTL. In this case, good internal
controls can help CTL achieve efficient and effective business operations.
(c) Advise the audit engagement team from INT on the common methods used to
appraise internal control implementation in CTL.
Page 15 of 25
Inspection of documents - examine relevant documents and records of CTL
The five components of internal control all involve the creation of many
documents and records for CTL. By examining completed documents, records,
and computer files, INT can evaluate whether information described in flow
charts and narratives has been implemented at CTL.
Analytical procedures
Perform applicable analytical procedures to identify or assess the plausible
correlation and relationship between the CTL’s financial records and the policy
requirements especially expected roles & responsibilities of each staff. This can
be improved by use of digital tools to identify exceptions in the design &
implementation of application controls.
(d) Advise INT on the suitable approach that could be employed to identify control
deficiencies and material control weaknesses at CTL.
Page 16 of 25
Existence of compensating controls? - consider possibility of compensating
controls at CTL.
Compensating controls are controls that are elsewhere in the system that exist to
offset the absence of a key control in CTL. When compensating controls exist
within CTL, there is no longer a significant deficiency or material weakness.
(e) Discuss the criteria that the engagement partner of INT needs to adopt to
allocate appropriate staff to the engagement team for the audit of internal
control over reporting.
The engagement partner must consider the staff’s understanding of and
practical experience with similar engagements like that of CTL to be
allocated to the audit team for the assignment.
Page 17 of 25
have limited or no knowledge of the industry, the partner should identify an
experienced auditor to supervise them or provide leadership as the audit is
performed.
Solution 4
(a) Advise the directors of MAC School on how to discharge their responsibility of
preventing and detecting fraud and errors.
Compliance with laws & regulations. The directors are expected to ensure that
the management and the employees of MAC School are fully complying with the
Laws of Uganda specifically the Anti-Corruption Act. Noncompliance to the laws
of Uganda should be reported to the relevant government bodies such as the
police for further management.
Code of ethics. The directors of MAC School are expected to develop a code of
conduct, monitoring compliance to the code and taking action against breaches.
The code should be applied consistently and the breaches dealt with precisely to
create a fraud free culture within MAC school.
Page 18 of 25
adequacy and effectiveness of governance, risk management and controls within
MAC School.
(b) Design the audit tests to be performed to detect and establish the extent of
fraud.
Inspection of documents - obtain and review relevant support documents for the
transactions/items relating to the fraud
Tests of details e.g. review of unusual transactions or key items selected from
the population of transactions relating to the affected financial statement areas
Page 19 of 25
(c) Discuss the likely limitations on audit procedures designed to enable KAU detect
fraud in MAC School
Sophisticated schemes esp cash based revenue & printed receipt book. Fraud at
MAC School may involve sophisticated and carefully organized schemes designed
to conceal it including collusion, forgery or deliberate non-recording of
transactions or intentional misrepresentation made to KAU.
Page 20 of 25
(d) Recommend actions to be taken by KAU on discovery of potential errors or fraud
at MAC school
Consider materiality. If the matter is not material in the context of the accounts
of MAC School, KAU need not take further action in connection with their audit
report but must inform management of MAC School, unless the management are
involved themselves.
If the matter identified is material, KAU will perform appropriate additional tests
to discover the possible scale and extent of fraud at MAC School.
If it appears that irregularities or errors have occurred at MAC school, and may
be material, then KAU will consider the effects on the financial statements of
MAC School and ensure that these have been prepared with such adjustments
and amendments (and disclosures) as may be required.
If further investigations are required by KAU and the accounts of MAC School
cannot be delayed, then the audit report may have to be qualified for
uncertainty.
Where errors or irregularities have occurred at MAC School, KAU will ensure that
top management of MAC School is aware of such events. If top management is
involved, reports/communication may have to be made to non-executive
directors of MAC School or regulators.
Any weakness in the system of accounting and internal control at MAC School
which may give or have given rise to errors or irregularity should be fully
discussed with, and reported to management by KAU.
Page 21 of 25
Solution 5
(a) Propose specific activities that ICPAU and the accounting profession can adopt to
reduce exposure of licensed practitioners/ registered firms to lawsuits.
Page 22 of 25
(b) Advise individual CPAs and/ or registered public accounting firms how to protect
themselves from legal liability.
Some of the common actions that can be taken by CPAs to protect themselves
from legal liability include, among others:
Individual CPAs and registered firms dealing only with clients demonstrating
integrity.
There is an increased likelihood of having legal problems when audit clients lack
integrity in dealing with their customers, employees, government etc. An
individual CPA or registered firm needs formal procedures to evaluate the
integrity of the audit clients and should dissociate itself from all clients found
lacking integrity.
Perform regular quality audits, with competent staff & independent reviews.
Quality audits are required for the CPA members to obtain appropriate evidence
and make appropriate judgements about the evidence. It’s therefore very
essential to understand the audit client’s internal controls and modify the
evidence to reflect the findings. Improved auditing reduces the likelihood of
failing to detect misstatements and resulting lawsuits.
Page 23 of 25
Exercise professional skepticism & judgement
CPAs are often liable when they are presented with information indicating a
problem that they fail to recognise. CPAs need to strive to maintain a high level
of skepticism so that they are able to identify misstatements when they exist.
Engagement letter
All practicing accountants (individuals and firms) must first sign engagement
letters stipulating responsibilities of either party, plus other terms and conditions
like fees, reporting framework, scope of work, etc. This reduces unnecessary law
suits from clients relating to responsibilities which are expected to be fulfilled by
management like financial statement preparation/presentation, fraud, etc.
(c) Justify the need for reviews by audit supervisors and audit engagement partners
on work performed by audit staff.
The purpose of the review is to consider whether the work done is in line
with the audit strategy and:
The audit supervisor and the audit partner assure themselves that the audit has
been performed in accordance with professional standards and regulatory
and legal requirements by the audit team;
Reviews by the audit partner and audit supervisor ensure that significant
matters have been raised for further consideration;
Reviews by the audit supervisors and audit partners establish whether the
work performed by the audit teams supports the conclusions reached and
is appropriately documented;
Reviews by the audit supervisors and audit partners confirm that the
evidence obtained from the engagements is sufficient and appropriate to
support the report.
Page 24 of 25
Reviews by the audit supervisors and partners help establish whether the
objectives of the engagement procedures have been achieved during
execution.
(c) Discuss the key matters needed to be considered for an effective independent
engagement quality control review within a registered firm.
Page 25 of 25