THE AUDIT PROCESS: PLANNING AND QUALITY CONTROL

INDUSTRIAL CONTEXT
Quality control is primarily the responsibility of the management. However the auditor has
also
the responsibility of controlling the quality of his work. This is done through proper planning
of hid audit work and delegation of duties to qualified and competent staff.

Stages of a Modern Audit

The main features of an audit are as follows, with a brief note on the procedures to use:
i. Ascertainment of the nature and constitution of the client’s business and how it is
carried on. Procedures would include visits to the client’s premises, discussions with
officers, study of documents such as past accounts, prospectuses, audit files, etc.

ii. Planning and subsequently controlling the audit. Procedures would include
preparation of an “audit memorandum” setting out work to be done and timing and staff
requirements. A preliminary review of the client’s management accounts and previous
audit files would also have been required.

iii. Ascertaining, evaluating and testing the client’s accounting systems and internal
controls. There are several ways of dealing with this. A modern way is to ascertain by
asking `grass roots’ staff; recording the facts by means of low charts etc. and evaluating
by the use of the `key’ questions and criteria questions using a hypothetical or normative
model of the appropriate systems.

iv. Carrying out tests on the systems to determine if they are effective and are
consistently applied at all relevant times. This is done by means of “compliance”
tests preferably operated on a statistically valid basis.

v. Verifying the existence, title and amounts included in the balance sheet in
respect of assets, liabilities and capital. This is done by a variety of means including
assessment of internal control procedures and by means of “substantive” tests which give
direct evidence of the items to the auditor, e.g. bank letter, and debtors circularisation.
vi. Checking the inancial statement with the accounting records. This is a requirement
of the 7th Schedule of the Companies Act and is achieved by simply making such a
comparison.
vii. Examining the income statement to confirm that it reflects the results of the
operations of the enterprise. This is achieved by assessment of internal control
procedures and the quality of the records, by seeking direct evidence, and by seeking
out and probing anomalies or differences from expectations.THETH
viii. Examining the financial statements for conformity with acceptable accounting
practices and for compliance with legal and other disclosure requirements. This
is achieved by the use of check lists.

ix. Considering the financial statements as a whole and reviewing the audit work and
conclusions drawn there from in order to determine whether such statements
give a true and fair view. This is achieved by a review conducted by experienced
personnel considering the audit working papers; any revealed anomalies and any
uncertainties and any disagreements with directors or other parties responsible for the
preparation of the accounts.

x. The drafting of an auditor’s report giving the auditor’s opinion on the truth and
fairness and compliance with statute of the accounts. The wording of the report
will depend on the conclusion drawn by the auditor from his audit, and the report may
be qualified or unqualified.E

Introduction to planning
The primary objective of an audit is the expression of an expert and independent opinion on
the truth and fairness of the information contained in the annual financial statements
expressed in the audit report and the ascertainment and evaluation of the accounting systems
as the basis for the preparation of financial statements.

It is for the auditor to decide the extent of audit work he considers necessary in order to
support
his opinion.

ISA 200 Objectives and General Principles governing an audit of financial statements states
that the auditor should carry out an audit in accordance with ISAs and ethical principles to
provide reasonable assurance that the financial statements are free from material
misstatement.
The auditor should plan the audit work so that the audit will be performed in an effective
manner
“Planning” means developing a general strategy and a detailed approach for the expected
nature, timing and extent of the audit. The auditor plans to perform the audit in an efficient
and
timely manner.

International Standard on Auditing (ISA) 300 Planning establishes standards and provides
guidance on planning an audit of financial statements.
An audit is an assignment. To complete the assignment efficiently and effectively in an
economical and cost effective manner then it must be planned for in some detail before
commencement and the strategy constantly reviewed as the audit progresses. Planning
consists of determining what is to be done, determining when it is to be done, determining
who is to do it; and determining what it will cost in terms of hours and money.

Audit Planning Memorandum

Planning must be formalised in a written document ordinarily called an Audit Planning Memorandum
(APM).

In practice, such a plan includes the following information:

1. Section 1 can be a summary of the terms of engagement, basically summarizing the

expected scope of the assignment and the reports or other communications called for
under the terms of engagement.

2. Section 2 would consist of the history or a brief background of the client and any
major changes that have taken place since the previous audit visit. Accordingly, this
paragraph will cover such matters as the kind of business the client is in, the products,
the spread of the company’s products, the location from which the client operates,
changes in key personnel, accounting policies and procedures, legislation and even
changes in the industry structure.

If the company is a part of a group, then a summary of the relationship with other
companies in the group may also be provided.

3. Section 3 would summarize those areas with high inherent risk. These are those
areas whereby because of the nature of the business environment, in which the client
operates, there is a high chance of misstatement or misreporting those are areas
where the auditor could reach a wrong conclusion unless special audit procedures are
adopted.
4. Section 4 could summarize the financial position and results. This normally involves
summarizing the balance sheet and the profit and loss account for the last audited year
and having alongside those figures the latest a management accounts figures as well
as the budgeted figures. The auditor then carries out a ratio analysis on the financial
information to identify other audit risk areas or areas where apparently there have been
new developments or significant changes that require investigation and explanations.

5. Section 5 could consist of a listing of incomes, expenses, assets and liabilities i.e.
the significant components of the financial statements and a brief description of the
methods to be adapted to verify them.
6. Section 6 is materiality levels, which would be set for every material component of the
financial statements and the related audit approach.
7. An outline of the proposed audit approach. The aspects that would be covered here
include:
• The expected client staff assistance in the preparation of supporting schedules
• The expected reliance on the Internal Control Systems (ICS)

• The intended use of internal auditor’s work

• The intended use of experts or specialists

This section would also highlight the expected levels of assurance to be derived from:
- tests of control
- analytical review procedures
- substantive procedures of details
8. Section 8 could consist of a timetable on timing of key events or activities such as the
proposed date of the AGM, the date of audit clearance, the date of the stock take and
the date of the various audit units.

9. Section 9 could deal with the staffing arrangements, identifying the partner responsible
for the audit, the manger, the accountant in charge and the audit assistants.

10. Section 10 could be for the budget and a fee quotation. This would show for every staff
member, the number of man hour as well as the cost of throe hours.T

IMPORTANCE OF AUDIT PLANNING

Adequate planning of the audit work helps to ensure:
• That appropriate attention is devoted to important areas of the audit,
• That potential problems are identified
• That work is completed expeditiously.
• Proper assignment of work to assistants
• Coordination of work done by other auditors and experts.
The extent of planning will vary according to the size of the entity, the complexity of the
audit and the auditor’s experience with the entity and knowledge of the business.
Obtaining knowledge of the business is an important part of planning the work.
The auditor’s knowledge of the business assists in the identification of events, transactions
and
practices which may have a material effect on the financial statements.
The auditor may wish to discuss elements of the overall audit plan and certain audit
procedures
with the entity’s audit committee, management and staff to improve the effectiveness and
efficiency of the audit and to coordinate audit procedures with work of the entity’s personnel.
The overall audit plan and the audit program; however, remain the auditor’s responsibility.

Controlling
The auditor carries out his work using different levels of staff. To achieve the plan requires
control at all stages. The elements of control are:

(a) Directing or Direction: Staff must have the instructions to follow. This could be
Formalised audit programmes clearly setting out what the
staff must do.

(b) Supervision: Every member of the audit team should be subject to supervision by his
superior to ensure that the plan is being carried out as expected and all necessary work is
being
done.
(c) Reviewing: The work done would be reviewed at all levels and evidence of this review
should be available.

(d) Recording: The entire audit process must be properly documented in the form of working
papers.

THE OVERALL AUDIT PLAN

The auditor should develop and document an overall audit plan describing the expected scope
and conduct of the audit. While the record of the overall audit plan will need to be
sufficiently
detailed to guide the development of the audit program, its precise form and content will vary
depending on the size of the entity, the complexity of the audit and the specific methodology
and technology used by the auditor.

Matters to be considered by the auditor in developing the overall audit plan include the
following;

Knowledge of the Business

 General economic factors and industry conditions affecting the entity’s business.
  Important characteristics of the entity, its business, its financial performance and its
reporting requirements including changes since the date of the prior audit.
 The general level of competence of management.

Understanding the Accounting and Internal Control S

 The effect of new accounting or auditing pronouncements.

 The auditor’s cumulative knowledge of the accounting and internal control systems
and the relative emphasis expected to be placed on tests of control and substantive
procedures.
 The accounting policies adopted by the entity and changes in those policies.

RiskRisk and Materiality

 The expected assessments of inherent and control risks and the identification of
significant audit areas.
 The setting of materiality levels for audit purposes.
 The possibility of material misstatement, including the experience of past periods, or
fraud.
 The identification of complex accounting areas including those involving accounting
Estimates
Nature, Timing and Extent of Procedures
 Possible change of emphasis on specific audit areas.
 Other Matters
 The effect of information technology on the audit.
 The work of internal auditing and its expected effect on external audit procedures.

Coordination, Direction, Supervision and Review

 The involvement of other auditors in the audit of components, for example,
subsidiaries, branches and divisions.
 The involvement of experts.
 The number of locations.
 Staffing requirements.
 The possibility that the going concern assumption may be subject to question.
 Conditions requiring special attention, such as the existence of related parties.
 The terms of the engagement and any statutory responsibilities.
 The nature and timing of reports or other communication with the entity that are
expected under the engagement

AUDIT PROGRAM
The auditor should develop and document an audit program setting out the nature, timing and
extent of planned audit procedures required to implement the overall audit plan.
The audit program serves as a set of instructions to assistants involved in the audit and as a
means to control and record the proper execution of the work. The audit program may also
contain the audit objectives for each area and a time budget in which hours are budgeted for
the various audit areas or procedures.
In preparing the audit program, the auditor would consider the specific assessments of
inherent
and control risks and the required level of assurance to be provided by substantive
procedures.
The auditor would also consider the timing of tests of controls and substantive procedures,
the
coordination of any assistance expected from the entity, the availability of assistants and the
involvement of other auditors or experts.

Changes to the Overall Audit Plan and Audit Program

The overall audit plan and the audit program should be revised as necessary during the course
of the audit. Planning is continuous throughout the engagement because of changes in
conditions or unexpected results of audit procedures. The reasons for significant changes
would be recorded.
AUDIT APPROACHES
1. Substantive procedures
2. Balance sheet Approach
3. Audit Risk Approach
4. Business Risk Approach
5. Systems Based Audit approach
6. Directional Testing
7. Analytical Procedures

Substantive procedures
This involves creating and using audit programs for material account balances and
transactions.
The two categories of substantive testing include tests of detail of transactions and balances
and analytical procedures.
Statement of Financial Position Approach
This approach is based on the assumption that the statement of financial position is the most
important aspect of the financial statements and therefore if the statement of financial
position is correct, the other statements must be correct. It is suitable for small companies and
larger property companies. It concentrates audit testing on the account balances with limited
testing of the profit and loss account.
Audit Risk Approach

AUDIT RISK
As we have seen many parties rely on the audit opinion to make decisions, and therefore it is
now a well-established fact that if the auditor gives an audit opinion that is wrong in some
particular then they stand a chance of suffering some damage.
Audit risk therefore could be defined as the chance of damage to the audit firm as a result of
giving an opinion that is wrong in some particular. Or put another way, it could be explained
as the possibility that financial statements contain material mis-statements which had escaped
detection by both an internal control on which the auditor has relied and on the auditor’s own
substantive tests and other work.
It could be looked at also as: the possibility that the auditor may be required to pay damages
to the client or other persons as a consequence of:
1. The financial statements containing a mis-statement;
2. The complaining party suffering a loss as a direct consequence of relying on the financial
statement and
3. Negligence by the auditor in not detecting any reporting on the mis-statement which
can be demonstrated.

Damage to the audit firm or the auditor may be in the form of monetary damages paid to the
complainant as compensation or simply damage to their reputation with a client or the
business
community.
All audits involve an element of risk such that however strong the audit evidence and
however
careful the auditor, there is always a possibility of an error or a fraud going undetected. It is
generally known that the auditor who organises his office and staff in a competent manner
and
follows auditing standards and guidelines is unlikely to be found negligent and to pay
damages
as a consequence of fraud or error not being discovered by him.
Audit risk can be either normal or higher than normal.

Normal audit risk

Indications that an audit is a normal risk audit are:
(a) The client having management and staff who are competent and have integrity;
(b) Where the client has an accounting system that is well designed, works and is subject
to strong internal controls;
(c) Where the client has no special financial problems;
(d) The auditor’s past experience;
(e) Where the client is old, well established and the business of the entity is not subject to
rapid change;
(f) If the client’s board of directors are actively engaged in the company and they provide
control and leadership of a good quality;
(g) If the board of directors has competent non-executive directors;
(h) If the organization has an audit committee.
When the auditor is faced with the normal audit risk, the audit approach adopted is usually
one of reliance on key controls supported by substantive tests, compliance tests and analytical
review.

Higher than normal risk

Several audit assignments involve high audit risk and usually in any client there will always
be
at least one high risk area. Indications that an audit has an element of higher than normal
audit
risk include:
(a)Poor management with lack of control and poor book-keeping;
(b)Liquidity problems and high gearing;
(c)The opposite of all the factors mentioned in the normal risk above;
(d)Recent changes in ownership, control or key staff;
(e)Changes in accounting policies or procedures;
(f)Future plans to seek quotation on the Stock Exchange;
(g)Over-reliance on a few products, customers, suppliers and investments in new
ventures
or products;
(h) Problems inherent in the nature of the business for example difficulties in stock
counting or valuation, difficulties in determining the extent of claims and provisions
and cut-off problems;

(i) The existence of put upon enquiry situations, dominance by the single person and
lack of involvement of directors or proprietors. In such a situation, the auditor
approaches his audit in a manner that is:
 Sceptical, relying on high calibre staff
 Collection of audit evidence in each area from a wide range of sources
 Taking extreme care in the preparation of audit working papers
 Investigating thoroughly high risk and problematic areas
 Exercising extreme care in drafting the audit report
In addition to normal risk and higher than normal risk discussed above, the auditor can also
be exposed by sub-standard work such as:

i. His failure to recognise put upon enquiry situation

ii. His failure to draw correct inferences from audit evidence and the analytical review

iii. His use of wrong procedures in a particular situation

iv. His failure to perform necessary audit work because of time and cost consideration

v. His failure to detect errors or fraud because of poor sampling methods or the selection
of inadequate sample sizes

It is essential that an audit firm should organize itself in such a way that it can minimise the
risk of suffering any damage. We can look at these measures from two points of view. Broad
measures taken by the profession as a whole and measures to be taken by the individual
auditor
in minimising this audit risk.

Measures to Be Taken by the Individual Auditor

(a) Proper recruitment and training of all staff;

(b) Allocating staff to particular audits where they have the appropriate skills;
(c) Planning the jobs well in advance so that it can be approached in a relaxed but
disciplined manner and any timing problems can be accommodated;
(d) Use of audit manuals that conform to audit standards and guidelines;
(e) Use of up-to-date letters of engagements;
(f) Quality control measures that ensure review at every stage of the audit;
(g) Good briefing of auditing staff so that they can recognise put upon enquiry situation;
(h) Emphasising on materiality and use of adequate sample sizes

Procedures the Auditor Adopts

The auditor’s procedures will include:

a) Getting an understanding of the entity as a whole in order to see the accounting system
in proper perspective and thus be able to assess how effective and appropriate the
system is;

b) By use of enquiry or internal control questionnaires or reading manuals ascertain the

complete system;

c) Record the system that he has ascertained either in the form of narrative notes, low
charts, check lists or answers to the ICQ;
d) If the auditor intends to rely on the internal control then he further has to record the
system of controls in detail;
e) If the system’s record was provided by the client or was obtained through reading
manuals, then the auditor must perform walk through tests to confirm the correctness
of the record and also his own understanding of the system;
f) The auditor then performs a preliminary assessment of the system, and if he is relying
on controls then he performs a preliminary evaluation of those controls;
g) If the system of controls and accounting seems adequate and the auditor feels that he
can rely upon the controls he then designs and performs compliance tests. However,
if he does not wish to rely on the controls then he performs substantive tests on the
records;
h) He has to evaluate his evidence and form an opinion on whether proper books of
accounts have been kept and whether the books of accounts form a reliable basis for
the preparation of the financial statements.

BUSINESS RISK APPROACH

This approach requires the auditor to determine what are the very important business risks
which the client faces. This line of approach both helps the client and also enables the auditor
to appreciate and understand his clients business and appreciate all aspects of the business
activities. It is then for the auditor to determine where the risks are likely or unlikely and
whether the risks are likely to produce serious consequences. This enable the audit to be
focussed on those matters where there is a possibility of misstatement. This is the basis of
revised auditing standards.

The big firms have largely adopted this approach within their audit methodology.
The history of auditing shows a gradual change over time as detailed testing of transactions
moved to system audits. The next development was the audit risk model which focuses the
audit and the extent of audit procedures on to the areas of an audit where the auditor was
most at risk of giving an inappropriate opinion.

Here we consider concept of risk from the view point of the business as a whole:

The Business Risk Approach to Auditing

In recent years the broader concept of business risk has been developed by the larger firms. It
was the subject of the ICAEW auditing road show ‘Tomorrow’s audit today’ in the late 1990s
in the UK. The concept has not been fully reined but its main principles are now well
established.
Business risk is the threat that an event or action will adversely affect a business’s ability
to achieve its ongoing objective. It can be split between external and internal factors.

The business risk approach to auditing involves examining the business in it’s entirely and
evaluating the various risks to which it is exposed. The business risks are factors which affect
the company’s ability to meet its goals. The risks may be controllable (to some extent) or
uncontrollable (for example, external factors). It may be possible to trade-off some risks (e.g.
insurance). The auditor is concerned about those risks which may impact upon the financial
statements and therefore needs a full understanding of the business and its risks in order to
do this. The auditor will then plan the audit strategy with these business risks clearly focused
in mind.

The Effects of the Business Risk Approach

There are some general points which can be made about the business risk approach and the
effect it has had on the auditing process.
This ‘top down’ approach to the audit, beginning with business risk and ending with the
financial statements
There is still a lack of clarity in the relationship between business risk and audit risk
The ideas of inherent risk and control risk have tended to merge into the larger concept
of business risk.

The ideas of inherent risk and control risk can be called residual risk which has to be
minimized by audit action. An audit action carries with it detection risk.
The approach is very much a high level approach and should include consideration of
all matters which are critical to the business. For example, ‘could the client lose the
XYZ franchise and what would be the possible consequences for the company and its
financial statements?’

Because of the high level of understanding required of a client’s business it is possible

to use analytical procedures more frequently as a procedure for verification of financial
statement assertions

It is an aid to the firm’s acceptance and continuation procedures for clients (do we want
this client?)

Business failure risk is an important aspect of overall business risk. The assessment of
business failure risk will assist the auditor when considering the going concern status of
the clients business.

The audit needs to be tailor made and a generalized approach to audits is neither
productive nor economical

Auditors need more understanding of business and to that end the larger firms set up
larger databases of information about the economy and the business world
§ The concept implies a continuing relationship with the client rather than a one off view
with each year being separate.

As should be evident from this summary the business risk approach is a more holistic
approach
to the audit. The business risk approach starts at a stage back from the traditional audit risk
model and offers more benefit to auditors and clients alike.

Business activity information financial statements

Whereas the audit risk model encompasses the last two aspects the business risk approach
starts with examining the business activity and identifies the risk relating to it, before examining
the risks of the information and subsequently the financial statements being misstated.
The consequences of the business risk approach should be a more efficient and focused
performed by a more knowledgeable auditor resulting in a better auditor – client relationship. For
example, the audit will have less emphasis on transactions. The auditor may well provide other
benefit to the client given this greater understanding of the business and its risk profile.

Advantages of the Business Risk Approach

The advantages of the business risk approach are as follows:

 Research showed that processing errors were rarely a cause of audit problems
  Major audit problems (e.g. companies going bust shortly after a clean audit report)
typically arise out of issues such as going concern, major fraud by top management,
larger scale systems breakdown etc.
 Investigation of business risk enables the auditor to have a profound knowledge of the
business (as required by ISA 310 knowledge of the business).
 The approach focuses the audit on to the high risk areas which are material to the
business.
 The approach adds value to the audit and enables the auditor to offer some
commercial
benefits to the audit.
 The previous emphasis on transactions and systems was expensive and uneconomic
 The pace of change in business and in computing and communications means that
companies are much more at risk of failure than ever before.
 Auditing needs to be aware of such changes
 Audit firms wish to be in van of innovation to attract clients.
 Audit firms are anxious to show product differentiation to potential clients
 The business environment and corporate governance issues, and the nature of
management control are all now more significant for and translate more quickly into
the financial statements
 The approach tends to involve partners and senior managers much more in the
planning
stages of an audit
 The business risk review may show up areas where the auditor can suggest that its
highly paid services can be offered to the client.

Disadvantages of the Business Risk Approach

There are some disadvantages to the approach, as follows:
 More highly qualified and competent staff are required
 The added value idea does tend to oppose the notion of independence
Business Risk Analysis

Business risk can be analyzed between external and internal risks

External risks

 Changing legislation (e.g. minimum wage)

 Changing interest rates (especially with highly geared companies)
 Changing exchange rates
 Public opinion, attitudes, fashions (e.g. environmental factors)
 Price wars initiated by competitors (e.g. supermarkets)
 Import competition (e.g. the textile trade)
 Untried technologies and ideas (e.g. dot.com traders)
 Natural hazards (e.g. ire or flood or effects of global warming)
 Bad debts
 Litigation
 Environmental matters
 Inflation
  Political factors

Internal Risks

 Internal risks can also damage the company. These include:

 Failure to modernize products, processes, labour relations, marketing resulting in loss
of competitive edge
 Employees (e.g. ineffective recruitment or training policies)
 Board members (e.g. ineffective corporate governance)
 The process of dealing with suppliers or customers
 Excessive reliance on a dominance chief executive (thereby weakening internal
control)
 Inadequate cash flow and the risk of corporate failure
 Inappropriate gearing (resulting in a lack of financial efficiency)
 Related parties resting in inappropriate terms of trading
 Inappropriate acquisitions and poor future prospects
 Overtrading resulting in cash shortages
 Excessive reliance on one of a few products, customers, suppliers
 Internal control weaknesses
 Computer systems failure and loss of records
 Fraud

Companies’ Modes of Operation

Some companies (especially small ones) operate without any overtly expressed plan and
simply carry out the business as always, responding to market changes as they happen. Such
companies are often very adaptable and survive well.

Large companies normally plan their activities in a hierarchal way, as follows:

 Mission statement
 Strategic plan
 Budgets

Businesses are at risk if their business objectives are not achieved. It is therefore desirable for
the management to identify all business risks and if necessary to amend the plan to
accommodate the risks or make contingency plans to survive.

For example, a company which has over reliance on one customer might decide actively to
seek new customers or markets, perhaps by acquisition. Another example would be a company
which is totally reliant on is computer system should have backup facilities.

Classification of Individual Business Risk

Individual business risk can be low or high impact and low or high likelihood. Here are some
examples for a satirical magazine.
What can management do about risks once they are identified? Clearly what to do depends on
the risk and there are an infinite variety of risks. One possible classification of potential
reactions by management is as follows:
 Do nothing and hope for the best
 Develop internal controls
 Develop quality controls over production of goods, production of services,
staff
recruitment
 Join in government schemes like Famine Relief or Poverty Reduction
 Train staff
 Diversify – acquisition, new products, multiple sourcing, adding to customer
base perhaps by exporting

 Risk reduction – raising staff awareness of risk, tighter discipline in all areas,
physical measures such as sprinklers. Diversified computer systems instead of
one complex one

 Transfer of risk – by insurance, sub-contracting, outsourcing

 Avoidance – e.g. leaving a market such as the USA to avoid product liability

In the end, the business of the entrepreneur is risk raking and all risk cannot be removed. The
basic economic truism is that there is a correlation between risk and return and high returns
are
not possible without risk.

Audit Risk and Business Risk

We saw in earlier studies that audit risk is often categorized as the product of inherent risk,
control risk and detection risk

Auditors should consider business risk in three ways:

 By enquiring into and assessing business risk, thereby gaining an excellent knowledge
of the business. This is a basic requirement in all audit engagements.
  By helping their clients to recognize, assess and respond to risk – by welcoming it,
ignoring it, managing it, eliminating it, developing a recovery plan, insuring against it
etc. This can be a lucrative source of fees. They may also help to eliminate or manage
risk, which reduces audit risk in the future.
 By seeing the connection between audit risk and business risk and the risk of
misstatement in the financial statements, which focuses the audit or risks likely to lead
to possible misstatement.

The Implications of Business Risk for the Audit

Below is a checklist of the possible planning implications for the audit of business risk
 Is the control environment good?
 Does the management manage risk effectively?
 Is the accounting system adequate?
 Do any risks threaten the going concern status of the company?
 Do any of the risks have implications for cash low?
 Is there a high risk of fraud – e.g. poor controls, management override, overwhelming
ambition and arrogance in the chief executive?
 Are there related parties with different agendas?
 Is the business under threat of being taken over, with the risk of management
misstating financial statements?
 Is there a risk of litigation against the company?
 Is there any risk of withdrawal of support by loan or trade payables?

Ultimately many of the audit risks come down to the following factors or a combination
of them.
 Possible misstatements due to lack of controls. Recent company failures (often
shortly after clean audit reports) have been caused by overvaluation of inventory
under
allowance for bad debtors etc.
 Working capital shortage leading to cash low difficulties and technical insolvency,
often due to expansion which has been rapid.
 Inappropriate accounting policies. These can often lead to overstatement of assets or
understatement of liabilities.
 Suppression of liabilities
 Fraud by management
 Related parties’ transactions or activities
 Going concern appropriateness
 Computer failures
 Litigation or regulatory problems

Test Your Understanding

As manager responsible for prospective new clients you have visited Hard bridge Lorry
Component Ltd which supplies a small range of components for lorry manufacturers. The
chief executive and majority shareholder is Mr. Alfred and he has asked your firm to make a
proposal for the company’s audit and other services.

During the initial meeting you have ascertained the following information:
 The company’s turnover has increased by about 30% a year for the last three years
 Mr. Alfred is a dominating personality who seems tireless and has limitless ambition
 The company has two major customers and a few small ones
 The largest customer has recently announced major expansion plans and Harbridge
have already purchased additional land and have signed a contract for more building
to
increase production. You have read in The Daily Times that the customer’s expansion
plans are viewed with some skepticism by the city which seems to doubt the
company’s
viability.
 Harbridge has borrowed heavily from its bank and a major repayment of the loan is
due shortly. The company is already on its overdraft limit and has yet to fund the new
building construction. Mr. Alfred is in negotiation with a Middle Eastern bank for
further finance.
 Many of the company’s parts are sourced in a country with an exchange rate which is
very favourable to the UK. The financial press has lately suggested that this rate may
change in the near future.
 The company recently purchased a very large and very complex computer system to
control all its affairs. Mr. Alfred admits that his admin staff (headed by his brother,
who
has recently returned from ive years back packing abroad) does not really have the
competence to run it properly.
 The company recently purchased a company jet aircraft which Mr. Alfred says he
finds
essential for visiting customers and suppliers. Mr. Alfred pilots the aircraft himself.
He
has just been to Miami where there are neither customers nor suppliers.
§ Mr. Alfred admitted that the company had recently been issued with writs alleging
that the company had breached a patent in one of its vital processes and that the
company had failed to pay the sum due to a supplier. Mr. Alfred did not consider this
as serious and said that failure to pay was because the new computer system had not
agreed the amount due with the supplier’s statement
 The company has no formal management accounting system. The new computer
system is supposed to remedy that but nothing has been done as yet.
 Mr. Alfred has plans to float the company in the near future.

Required
(a) Identify and describe the principal business risks relating to Harbridge Lorry
Components ltd.

(b) Justify an appropriate audit strategy for the first audit of Harbridge Lorry
Components Ltd.

(c) Suggest some procedures that Harbridge could implement immediately to improve
is accounting procedures and financial controls.
 Business risk is the risk that the audited entity will fail to achieve its objectives. This
approach is said to offer a top down, rational, value added, focused and economical
audit with good coverage of audit work. The business risk approach is to be preferred
because it should result in a more efficient and focused audit performance by a more
knowledgeable auditor resulting in a better auditor client relationship.

Systems Based audit approach

The basis of IAS 400, Risk Assessment and Internal Control

The term systems audit refers to the typical audit approach to medium and large companies
and is based on the assumption that such companies have internal control systems which will
hopefully constitute a reliable base for the preparation of the accounts. In other words, the
characteristic of a systems audit is an examination of internal control.
We have already established that many small companies cannot achieve satisfactory internal
control and it is hence clearly futile for the auditor to seek to rely on controls if they don’t
exist or are patently unreliable. For such enterprises the auditor has no alternative but to carry
out a so called ‘substantive audit’ involving extensive verification of transactions followed by
a detailed examination of the balance sheet (verification of assets and liabilities and review of
the financial statements).

The contemporary audit approach to reasonably sophisticated companies is therefore to carry

out a system-based audit during the course of the accounting year, followed by a balance
sheet
audit at the year-end - if the systems audit work is successful, i.e. the controls prove reliable,
the auditor can use his judgement to reduce the extent of the balance sheet work (in no
circumstances will the balance sheet work be eliminated entirely!).

Directional Testing

The concept of directional testing recognises that it is the purpose of the audit test which will
determine the direction of the test.

EXAM QUESTIONS

Question one

You are the audit manager at Zabuko and Associates responsible for the audit of the books
of account of Ziwani Spares Ltd. In the course of the audit of the financial statements for the
year ended 30 June 2020, your preliminary evaluation of the internal controls indicated that
reliance could be placed on the system. However, compliance tests carried out during the
audit
disclosed that the system was not operating effectively. This situation has necessitated
various
amendments and additions to your original audit plan.
Required:
Describe the changes to be effected:

a) During the interim audit. (13

marks)

b) After the end of the financial year. (7 marks)

(Total: 20 marks)

Question two

The Board of D Ltd., a company quoted on the stock exchange, has decided to introduce an
internal audit function. As a first step, the Board wishes to outsource the service and has
invited
your audit firm to tender for the contract. The terms of reference will entail a range of
activities
including:
• Review accounting, internal control and risk management systems.
• Examination of financial and operating information.
Your firm has provided a number of services to this client for many years including, he
statutory audit of the annual financial statements and on-going consultancy work.
Required:

(a) Explain the importance of the concept of independence to external auditing. (6 marks)
(b) Identify and discuss the threats to your audit firm’s independence which may arise from
the provision of all the services outlines above and suggest how these treats may be resolved
by your firm. ( 14
marks)
( Total 20
marks)

Question three

You are the manager responsible for the audit of BCD Stores Ltd. which has a number of
stores
which sell household products to the general public, including furniture, electrical equipment,
cooking equipment and carpets. The company has annual sales of about $1,600 000. In
previous years’ audits, there have been problems with:

1. Misappropriations of inventory by employees and customers

2.Slow moving and damaged goods which are worth less than cost, and
3. Incomplete recording of sales when the customers pay by cash (these represent 55%
of all sales)

The company has a small internal audit department, the staff of which visit branches and
perform appropriate audit work at the head office.
Required:
(a) Describe the work you will carry out and the matters you will consider in planning the
audit prior to the commencement of the detailed audit work, including consideration of
the timetable for the audit. ( 12
marks)

(b) Describe the procedure you will carry out to control the audit including reviewing the
work
of the audit staff. (8
marks)

(Total: 20 marks)