TUTORIAL REVIEW QUESTIONS AND ANSWERS

 AUDITING

QN1. Discuss:

a) The components of internal controls

b) The elements of Control activities

ANSWER

a) Internal controls are a set of procedures and mechanisms put in place by an organization to
ensure the accuracy of financial reporting, compliance with laws and regulations, and the
effectiveness and efficiency of operations. The components of internal controls typically include:

1. Control Environment: This refers to the overall attitude, awareness, and actions of
management and employees regarding the importance of internal control. It sets the tone
for the organization's internal control system.
2. Risk Assessment: This involves identifying and analyzing potential risks that could
prevent the organization from achieving its objectives. It includes assessing the likelihood
and impact of risks and determining how they should be managed.
3. Control Activities: These are the specific policies, procedures, and practices established
to address the risks identified during the risk assessment process. Control activities are
designed to mitigate risks and ensure that operations are conducted in accordance with
management's objectives.
4. Information and Communication: This component involves the timely and accurate
communication of relevant information throughout the organization. It includes providing
employees with the information they need to perform their duties effectively and ensuring
that communication channels are open and effective.
5. Monitoring: This involves the ongoing assessment of the internal control system to
ensure that it is operating effectively. Monitoring activities may include regular reviews,
internal audits, and management oversight.
b) Control activities are the specific actions taken by an organization to mitigate risks and
achieve its objectives. They are one of the components of internal controls and can be
categorized into various elements, including:

1. Segregation of Duties: This involves dividing responsibilities among different individuals

to prevent any single person from having control over all aspects of a transaction or
process. For example, the person responsible for authorizing a transaction should be
different from the person responsible for recording it.
2. Authorization and Approval: This involves obtaining appropriate authorization and
approval before conducting certain transactions or activities. For example, purchases
above a certain threshold may require approval from a supervisor or manager.
3. Physical Controls: These are measures put in place to safeguard physical assets and
resources. This may include locks and security systems to prevent unauthorized access, as
well as procedures for verifying the accuracy of physical counts.
4. Reconciliation and Review: This involves comparing records and documents to ensure
that they are accurate and complete. For example, bank reconciliations are used to verify
the accuracy of cash balances recorded in the accounting records.
5. Information Processing Controls: These controls ensure the accuracy, completeness, and
integrity of information processed by the organization's systems. This may include data
validation checks, encryption, and backup procedures.
6. Performance Reviews: These involve evaluating the performance of individuals and
processes to ensure that they are meeting objectives and operating efficiently. This may
include regular performance evaluations and variance analysis.

Overall, control activities are designed to reduce the risk of error or fraud and ensure that the
organization's objectives are achieved effectively and efficiently.

QN2. Discuss how the independence of Internal audit function can be enhanced within the
organization that has internal audit department

ANSWER
Enhancing the independence of the internal audit function within an organization is crucial for
ensuring the effectiveness and credibility of internal audit activities. Here are several strategies to
enhance the independence of the internal audit function:

1. Reporting Line: Ensure that the internal audit function reports directly to the highest
level of management or the board of directors. This helps to minimize the potential for
undue influence or interference from management that could compromise the
independence of the internal audit function.
2. Appointment and Removal: The appointment and removal of the Chief Audit Executive
(CAE) or head of the internal audit function should be approved by the board of directors
or an independent oversight committee. This helps to protect the CAE from undue
pressure or influence from management.
3. Budgetary Independence: Provide the internal audit function with its own budget that is
approved independently of management. This ensures that the internal audit function has
the necessary resources to carry out its activities effectively without being subject to
financial constraints imposed by management.
4. Access to Information: Ensure that the internal audit function has unrestricted access to
all records, personnel, and information necessary to perform its duties. This includes the
authority to conduct audits and investigations without interference from management.
5. Rotation of Auditors: Implement policies for the rotation of internal audit staff to
prevent familiarity or conflicts of interest from developing with specific areas or
individuals within the organization. Rotation helps to maintain objectivity and
independence in the audit process.
6. Professional Development: Encourage continuous professional development and
training for internal audit staff to keep them abreast of best practices, industry standards,
and emerging risks. Well-trained auditors are better equipped to maintain independence
and objectivity in their work.
7. Audit Committee Oversight: Establish an independent audit committee composed of
members of the board of directors who are not involved in the day-to-day operations of
the organization. The audit committee should provide oversight and support to the
internal audit function, ensuring that it operates independently and effectively.
 8. Whistleblower Protection: Implement policies and procedures to protect whistleblowers
who report concerns or wrongdoing within the organization. This encourages employees
to come forward with information without fear of retaliation and supports the
independence of the internal audit function by providing access to critical information.
9. External Quality Assessment: Conduct periodic external quality assessments of the
internal audit function by independent third-party firms. External assessments help to
validate the effectiveness and independence of the internal audit function and identify
areas for improvement.

By implementing these strategies, organizations can enhance the independence of their internal
audit function, thereby strengthening the effectiveness of internal controls, risk management, and
governance processes.

QN3. Compared and contrast the quality of internal audit work between outsourced audit service
and from within the organization

ANSWER

Comparing the quality of internal audit work between outsourced audit services and internal
audit departments within an organization involves considering various factors. Let's explore
some key points of comparison:

1. Expertise and Knowledge:

 Internal Audit Department: Internal auditors have an in-depth understanding of
the organization's operations, culture, processes, and risks. They may possess
specialized knowledge tailored to the industry and specific organizational
nuances.
 Outsourced Audit Service: External auditors bring a broader perspective gained
from working with multiple clients across industries. They may offer specialized
expertise in certain areas but might lack the depth of knowledge about the
organization compared to internal auditors.
2. Independence and Objectivity:
  Internal Audit Department: While internal auditors may face pressure or bias from
management, efforts can be made to ensure independence, such as reporting
directly to the board or an audit committee. Objectivity can be maintained through
rotation of audit staff and adherence to professional standards.
 Outsourced Audit Service: External auditors are inherently independent from
management, which can enhance objectivity. However, they may face challenges
in understanding the organization's culture and internal dynamics, potentially
impacting the depth of their insights.
3. Cost and Resource Allocation:
 Internal Audit Department: The cost of maintaining an internal audit department
is typically more predictable and may be lower in the long term compared to
outsourcing. However, it requires ongoing investment in staff training,
technology, and infrastructure.
 Outsourced Audit Service: Outsourcing audit services may initially appear cost-
effective, especially for smaller organizations or those with fluctuating audit
needs. However, costs can vary depending on the scope and frequency of
engagements, and there may be additional fees for ad-hoc services.
4. Flexibility and Scalability:
 Internal Audit Department: Internal audit departments can be more flexible in
adapting to changes in organizational priorities and emerging risks. They can
tailor audit plans and strategies based on real-time insights and collaborate closely
with management and other internal stakeholders.
 Outsourced Audit Service: Outsourced audit services offer scalability, allowing
organizations to access specialized expertise and resources as needed without the
overhead of maintaining an internal team. However, responsiveness may vary
depending on the service provider's availability and other client commitments.
5. Cultural Fit and Relationship Building:
 Internal Audit Department: Internal auditors are integrated into the organizational
culture and can build strong relationships with management and staff over time.
This can facilitate open communication, trust, and cooperation, which are
essential for effective risk management and control.
  Outsourced Audit Service: External auditors may struggle to establish rapport and
trust with internal stakeholders due to their transient nature. However, they can
bring an objective perspective and challenge assumptions that internal auditors
may overlook.

In summary, both internal audit departments and outsourced audit services have their strengths
and weaknesses in terms of quality, expertise, independence, cost, flexibility, and relationship-
building. The choice between the two depends on factors such as organizational size, complexity,
risk profile, budget, and strategic objectives. Many organizations may benefit from a hybrid
approach that combines internal audit capabilities with selective outsourcing to leverage the best
of both worlds.

QN4. State the differences between internal check and internal audit

ANSWER

Internal check and internal audit are both important components of an organization's internal
control system, but they serve different purposes and functions. Here are the key differences
between internal check and internal audit:

1. Purpose:
 Internal Check: Internal check refers to the routine checks and controls built into
day-to-day operations to ensure accuracy and reliability of transactions. Its
primary purpose is to prevent errors and fraud at the transactional level and
promote efficiency.
 Internal Audit: Internal audit, on the other hand, is an independent and systematic
examination of an organization's activities, operations, and controls. Its primary
purpose is to provide assurance to management and the board of directors
regarding the effectiveness of internal controls, risk management, and governance
processes.
2. Scope:
  Internal Check: Internal check is typically focused on specific processes or
transactions within an organization, such as sales, purchases, cash handling, or
inventory management. It involves routine checks and procedures performed by
employees as part of their daily duties.
 Internal Audit: Internal audit has a broader scope and can encompass various
aspects of the organization, including financial, operational, compliance, and
strategic risks. Internal audit engagements are typically planned and conducted
periodically or as needed, covering specific areas or processes based on risk
assessment.
3. Independence:
 Internal Check: Internal check is embedded within the organization's operational
structure and is carried out by employees who are responsible for executing day-
to-day tasks. While it provides a level of control, it may lack independence, as
employees may be reluctant to report errors or irregularities due to concerns about
job security or reprisal.
 Internal Audit: Internal audit is an independent function within the organization,
separate from operational departments. Internal auditors are expected to maintain
objectivity and impartiality in their assessments and findings. They report to
senior management or the board of directors and are often granted unrestricted
access to information and records.
4. Frequency and Timing:
 Internal Check: Internal checks are ongoing and embedded in the routine
operations of the organization. They are performed continuously or periodically
as part of daily tasks and processes.
 Internal Audit: Internal audits are conducted periodically or as needed, typically
on a scheduled basis determined by the organization's audit plan and risk
assessment. They are more comprehensive and systematic than internal checks,
involving planning, fieldwork, testing, and reporting phases.
5. Reporting and Communication:
 Internal Check: Results of internal checks are usually communicated informally
within the operational departments or to immediate supervisors. Any issues or
 discrepancies identified may be addressed and rectified promptly at the
operational level.
 Internal Audit: Internal audit reports are formal documents prepared by internal
auditors summarizing their findings, conclusions, and recommendations. These
reports are typically communicated to senior management, the audit committee,
and the board of directors, providing assurance and insights into the organization's
control environment.

In summary, while internal check and internal audit both contribute to the overall effectiveness
of an organization's internal control system, they differ in purpose, scope, independence,
frequency, and reporting mechanisms. Internal check focuses on routine controls at the
operational level, while internal audit provides independent assurance and evaluation of the
organization's overall control environment and risk management processes

QN5 Identify and discuss three main roles of each of the following parties to the internal
control of an entity: Board of Directors, Management, Employees, External auditor, Internal
auditor and Sole proprietor

ANSWER

1. Board of Directors:
 Oversight and Governance: The board of directors plays a crucial role in
establishing and overseeing the internal control framework of the organization.
They are responsible for setting the tone at the top regarding the importance of
internal control, risk management, and compliance with laws and regulations.
 Risk Assessment and Strategy: The board is responsible for assessing the
organization's risks and determining appropriate risk management strategies. They
provide guidance on risk appetite, tolerance levels, and strategic priorities,
ensuring that internal controls align with organizational objectives.
 Monitoring and Accountability: The board monitors the effectiveness of the
internal control system through regular reviews, assessments, and reporting. They
 hold management accountable for maintaining adequate internal controls and
ensuring compliance with policies, procedures, and regulatory requirements.
2. Management:
 Design and Implementation: Management is responsible for designing,
implementing, and maintaining effective internal control systems tailored to the
organization's objectives, risks, and operating environment. They develop
policies, procedures, and controls to mitigate risks and safeguard assets.
 Risk Identification and Mitigation: Management identifies and assesses risks to
the achievement of organizational objectives and develops strategies to mitigate
these risks. They establish control activities to prevent or detect errors, fraud, and
non-compliance with policies and regulations.
 Monitoring and Evaluation: Management continuously monitors and evaluates
the effectiveness of internal controls through ongoing supervision, reviews, and
assessments. They respond to control deficiencies promptly, implementing
corrective actions and improvements to strengthen the internal control
environment.
3. Employees:
 Adherence to Policies and Procedures: Employees are responsible for adhering
to established policies, procedures, and control measures in the performance of
their duties. They ensure compliance with internal controls related to financial
transactions, reporting, data security, and operational processes.
 Internal Reporting and Communication: Employees play a role in reporting
potential control weaknesses, errors, or irregularities to management or internal
audit. They communicate relevant information regarding operational activities,
risks, and control deficiencies to facilitate timely corrective actions.
 Ownership and Accountability: Employees take ownership of internal controls
within their areas of responsibility, recognizing their role in maintaining a strong
control environment. They are accountable for the accuracy, integrity, and
reliability of data, transactions, and processes under their control.
4. External Auditor:
  Independent Assurance: The external auditor provides independent assurance to
stakeholders, including shareholders, creditors, and regulatory authorities,
regarding the reliability of financial statements and the effectiveness of internal
controls over financial reporting.
 Risk Assessment and Testing: The external auditor assesses the organization's
internal control environment to identify risks of material misstatement in financial
statements. They perform testing of controls to evaluate their design and operating
effectiveness in preventing or detecting errors and fraud.
 Reporting and Recommendations: The external auditor communicates findings
and recommendations to management, the audit committee, and the board of
directors through audit reports. They provide insights into control deficiencies and
areas for improvement, enhancing the organization's internal control environment.
5. Internal Auditor:
 Independent Evaluation: The internal auditor conducts independent evaluations
of the organization's internal control environment, risk management processes,
and governance practices. They provide assurance and consulting services to
management and the board of directors on the effectiveness of internal controls.
 Risk Management and Advisory: The internal auditor assists management in
identifying, assessing, and managing risks across the organization. They offer
recommendations for enhancing controls, improving operational efficiency, and
achieving strategic objectives while mitigating risks.
 Monitoring and Compliance: The internal auditor monitors compliance with
policies, procedures, laws, and regulations, identifying areas of non-compliance
and potential risks. They conduct audits and reviews to assess the adequacy of
internal controls and provide insights for remediation and enhancement.
6. Sole Proprietor:
 Ownership and Control: As the sole owner of the business, the proprietor has
direct control over all aspects of internal control. They are responsible for
designing, implementing, and monitoring internal controls to protect assets,
manage risks, and ensure compliance with regulations.
  Risk Management and Decision-Making: The proprietor assesses risks
associated with business operations and makes decisions to mitigate these risks
effectively. They establish control measures to safeguard assets, prevent fraud,
and maintain the integrity of financial reporting.
 Continuous Improvement: The proprietor continuously evaluates the
effectiveness of internal controls and seeks opportunities for improvement. They
adapt control measures to changes in the business environment, emerging risks,
and operational needs to maintain a strong internal control framework.

In summary, each party involved in the internal control of an entity plays distinct roles in
establishing, maintaining, and evaluating the effectiveness of internal controls. Collaboration and
coordination among these parties are essential to ensure a robust internal control environment
that safeguards assets, promotes operational efficiency, and enhances stakeholder confidence.

6QN6 Discuss the limitations of Internal Controls

ANSWER

While internal controls are essential for safeguarding assets, ensuring compliance, and achieving
organizational objectives, they have several limitations that organizations need to be aware of.
Here are some key limitations of internal controls:

1. Human Error and Override: Internal controls rely on individuals to design, implement,
and execute control activities. However, human error or negligence can compromise the
effectiveness of controls. Additionally, management or employees may intentionally
override controls, either for personal gain or to meet operational objectives, undermining
the control environment.
2. Cost vs. Benefit Trade-off: Implementing and maintaining internal controls can be
resource-intensive in terms of time, effort, and financial costs. Organizations need to
strike a balance between the benefits of controls in reducing risks and the costs associated
with their design, implementation, and ongoing monitoring. In some cases, the cost of
controls may outweigh the benefits, especially for smaller organizations with limited
resources.
3. Complexity and Inflexibility: As organizations grow in size and complexity, their
internal control environments become more intricate. Complex processes, systems, and
regulations can make it challenging to design and implement effective controls that
address all potential risks comprehensively. Moreover, rigid control structures may
hinder innovation, agility, and adaptability to change.
4. Collusion and Management Override: Internal controls are designed based on the
assumption of segregation of duties and checks and balances to prevent fraud and errors.
However, collusion among employees or management override of controls can
circumvent these safeguards. Collusion involves two or more individuals working
together to bypass controls, while management override refers to the deliberate
manipulation of controls by those in positions of authority.
5. Limitations of Detection: Internal controls are not foolproof and may fail to detect
errors, fraud, or irregularities due to inherent limitations. For example, control activities
such as reconciliations, approvals, and reviews may be ineffective in detecting
sophisticated fraud schemes or errors that are deliberately concealed. Additionally,
controls may be designed to prevent certain types of risks but not others, leaving
vulnerabilities unaddressed.
6. Technological Risks and Cyber Threats: With the increasing reliance on technology in
business operations, internal controls face new challenges related to cybersecurity risks,
data breaches, and IT system vulnerabilities. Traditional control measures may be
insufficient to mitigate emerging technological risks, such as malware, phishing attacks,
ransomware, and insider threats.
7. Management Bias and Judgment: Management plays a significant role in determining
the design, implementation, and assessment of internal controls. However, management
bias, subjective judgment, or conflicts of interest can influence control decisions and
compromise their effectiveness. Management may prioritize certain objectives over
others or underestimate risks, leading to control deficiencies.
8. Change in Business Environment: Internal controls are designed based on an
organization's operating environment, including its industry, regulatory requirements, and
risk profile. However, changes in the business environment, such as mergers and
acquisitions, regulatory reforms, technological advancements, or economic downturns,
 can render existing controls ineffective or obsolete. Organizations need to continuously
reassess and adapt their internal control frameworks to evolving risks and circumstances.

In conclusion, while internal controls are indispensable for managing risks and ensuring
organizational integrity, they are not without limitations. Organizations must recognize these
limitations and adopt a holistic approach to risk management that incorporates complementary
strategies, such as internal audits, employee training, ethical culture promotion, and regular
review and enhancement of control processes.

QN7.Discuss the importance of internal controls to the organization

ANSWER

Internal controls are essential to the functioning and success of an organization across various
aspects of its operations. Here are some key reasons why internal controls are important:

1. Safeguarding Assets: Internal controls help protect an organization's assets from theft,
loss, or misuse. By establishing procedures for proper authorization, custody, and
recording of assets, internal controls reduce the risk of fraud and ensure the integrity of
financial and physical resources.
2. Ensuring Accuracy of Financial Reporting: Internal controls play a critical role in
ensuring the accuracy and reliability of financial information. By implementing checks
and balances in accounting processes, such as reconciliations, reviews, and approvals,
internal controls help detect and prevent errors or irregularities in financial reporting,
enhancing transparency and accountability.
3. Promoting Compliance with Laws and Regulations: Internal controls help
organizations comply with legal and regulatory requirements governing their operations.
By establishing policies and procedures to ensure adherence to laws, industry standards,
and contractual obligations, internal controls mitigate the risk of non-compliance,
regulatory penalties, and reputational damage.
4. Optimizing Operational Efficiency: Internal controls streamline business processes and
promote operational efficiency by standardizing procedures, minimizing duplication of
 efforts, and identifying opportunities for improvement. By implementing controls to
mitigate risks and address inefficiencies, organizations can enhance productivity and
resource utilization.
5. Mitigating Risks and Uncertainties: Internal controls help organizations identify,
assess, and manage risks that may impact their objectives. By implementing control
activities to prevent, detect, or mitigate risks, internal controls reduce the likelihood and
impact of adverse events, such as fraud, errors, disruptions, and compliance breaches,
safeguarding organizational value and reputation.
6. Facilitating Decision-Making and Governance: Internal controls provide reliable
information and insights to support decision-making processes at all levels of the
organization. By ensuring the accuracy and integrity of data, internal controls enable
management and stakeholders to make informed decisions, allocate resources effectively,
and monitor performance against strategic objectives. Additionally, internal controls
enhance governance by promoting transparency, accountability, and ethical behavior
throughout the organization.
7. Building Stakeholder Confidence: Effective internal controls enhance stakeholders'
confidence in the organization's operations, financial reporting, and risk management
practices. By demonstrating a commitment to sound governance, integrity, and
accountability, organizations can build trust with investors, creditors, customers,
employees, and other stakeholders, fostering long-term relationships and sustainable
growth.

In summary, internal controls are integral to the organization's overall governance, risk
management, and compliance framework. By safeguarding assets, ensuring accuracy of financial
reporting, promoting compliance, optimizing efficiency, mitigating risks, facilitating decision-
making, and building stakeholder confidence, internal controls contribute to the organization's
resilience, sustainability, and success.

QN8.Discuss the relationship between internal and external auditor

ANSWER
The relationship between internal and external auditors is critical for ensuring effective
governance, risk management, and internal control within an organization. While they have
distinct roles and responsibilities, collaboration and coordination between internal and external
auditors are essential to achieving common objectives. Here's a discussion of their relationship:

1. Independence and Objectivity:

 Internal Auditor: Internal auditors are employees of the organization and are
responsible for conducting independent evaluations of internal controls, risk
management processes, and governance practices. They report to management
and the board of directors, providing insights and recommendations for
improvement.
 External Auditor: External auditors are independent third-party firms hired by
the organization to provide assurance on the accuracy and reliability of financial
statements to external stakeholders, such as shareholders, creditors, and regulatory
authorities. They report to shareholders or those charged with governance, such as
the audit committee.
2. Collaboration and Coordination:
 Internal and external auditors often collaborate and coordinate their activities to
optimize the use of resources, minimize duplication of efforts, and enhance the
overall effectiveness of the audit process. They may share information, coordinate
audit plans, and communicate findings to ensure a comprehensive understanding
of risks and control deficiencies.
 While internal auditors focus on evaluating the effectiveness of internal controls
and operational processes, external auditors primarily focus on auditing financial
statements and assessing compliance with accounting standards and regulatory
requirements. However, their findings may overlap in areas where financial
reporting risks intersect with operational risks.
3. Information Sharing and Cooperation:
 Internal auditors may provide information and insights to external auditors
regarding the organization's internal control environment, risk assessment
 processes, and significant audit findings. This helps external auditors understand
key risks and control mechanisms and tailor their audit procedures accordingly.
 External auditors may request information and documentation from internal
auditors to support their audit procedures and validate the reliability of financial
statements. Internal auditors facilitate access to relevant records, policies, and
procedures, ensuring transparency and cooperation throughout the audit process.
4. Quality Assurance and Continuous Improvement:
 Internal and external auditors contribute to each other's quality assurance
processes by providing feedback, sharing best practices, and collaborating on
professional development initiatives. They may participate in peer reviews,
training sessions, and knowledge-sharing forums to enhance their auditing skills
and methodologies.
 By exchanging insights and lessons learned from their respective audit
engagements, internal and external auditors promote continuous improvement in
auditing practices, risk management processes, and governance frameworks. They
work together to address emerging risks, regulatory changes, and evolving
business challenges.

In summary, the relationship between internal and external auditors is characterized by

collaboration, communication, and mutual respect for each other's roles and responsibilities. By
working together effectively, they contribute to the organization's overall governance, risk
management, and compliance efforts, ultimately enhancing stakeholder confidence and trust in
the organization's operations and financial reporting.

QN9. Why is it important for external auditor to assess the effectiveness of internal controls of
the audit client?

ANSWER

Assessing the effectiveness of internal controls is an essential component of the external audit
process for several reasons:
1. Reliance on Internal Controls: External auditors rely on the effectiveness of internal
controls to plan and execute their audit procedures efficiently. Well-designed and
operating internal controls provide assurance regarding the accuracy and reliability of
financial information. By assessing the effectiveness of internal controls, external
auditors can determine the extent to which they can rely on these controls to reduce
substantive testing and audit risk.
2. Risk Assessment: Understanding the internal control environment helps external auditors
identify and assess risks of material misstatement in the financial statements. Effective
internal controls mitigate the risk of errors, fraud, and non-compliance with laws and
regulations. By evaluating the design and operating effectiveness of internal controls,
external auditors gain insights into the organization's risk management processes and can
tailor their audit procedures accordingly.
3. Materiality and Audit Scope: The effectiveness of internal controls influences the
materiality thresholds and audit scope determined by external auditors. If internal
controls are strong and reliable, auditors may place greater reliance on them and perform
fewer substantive tests of transactions and account balances. Conversely, weaknesses or
deficiencies in internal controls may lead auditors to expand their audit procedures to
address higher inherent risks.
4. Detection of Errors and Fraud: Internal controls are designed to prevent, detect, and
correct errors and irregularities in financial reporting. Assessing the effectiveness of
internal controls helps external auditors identify areas of weakness or vulnerability where
errors or fraud may occur. By testing the design and operating effectiveness of internal
controls, auditors can identify control deficiencies that may increase the risk of material
misstatement in the financial statements.
5. Compliance with Auditing Standards: Auditing standards require external auditors to
obtain an understanding of the internal control environment and assess its effectiveness as
part of the audit process. The International Standards on Auditing (ISAs) and other
regulatory requirements mandate auditors to evaluate the design and implementation of
internal controls relevant to the audit objectives. Compliance with auditing standards
ensures the credibility and integrity of the audit process.
 6. Communication with Stakeholders: External auditors communicate findings regarding
the effectiveness of internal controls to stakeholders, including management, the audit
committee, and regulatory authorities. Reporting control deficiencies or weaknesses
allows stakeholders to take corrective actions to strengthen internal controls and improve
governance, risk management, and compliance practices. Transparency regarding internal
control effectiveness enhances stakeholder confidence in the reliability of financial
reporting.

In summary, assessing the effectiveness of internal controls is crucial for external auditors to
plan and execute their audit procedures effectively, identify and assess risks, determine
materiality thresholds and audit scope, detect errors and fraud, comply with auditing standards,
and communicate findings to stakeholders. By evaluating the internal control environment,
auditors enhance the credibility and reliability of the audit process and contribute to the integrity
and transparency of financial reporting.

QN10 Discuss the important factors that the external auditor should consider in the assessment
of internal controls.

ANSWER

When assessing internal controls, external auditors consider several important factors to evaluate
the design and operating effectiveness of controls relevant to the audit objectives. These factors
help auditors understand the organization's control environment, identify risks of material
misstatement, and determine the extent of reliance on internal controls in their audit procedures.
Here are some key factors that external auditors consider in the assessment of internal controls:

1. Control Environment:
 Auditors evaluate the overall tone at the top set by management and the board of
directors regarding the importance of internal control, ethics, and compliance.
They assess the organization's culture, values, and attitudes towards risk
management, integrity, and accountability.
2. Risk Assessment Process:
  Auditors examine the organization's risk assessment processes to understand how
risks are identified, assessed, and managed. They assess the adequacy of risk
identification techniques, the accuracy of risk assessments, and the effectiveness
of risk response strategies.
3. Control Activities:
 Auditors evaluate the specific control activities implemented by management to
mitigate risks and achieve control objectives. They assess the design and
operating effectiveness of control activities related to authorization, segregation of
duties, physical controls, information processing, and monitoring.
4. Information and Communication:
 Auditors review how information is communicated throughout the organization,
including policies, procedures, and relevant guidelines. They assess the
effectiveness of communication channels in providing employees with the
information they need to perform their duties effectively and understand their
roles in internal control processes.
5. Monitoring Activities:
 Auditors assess how management monitors the effectiveness of internal controls
over time. They evaluate the frequency and nature of monitoring activities, such
as management reviews, internal audits, self-assessments, and corrective actions
taken in response to control deficiencies.
6. Segregation of Duties:
 Auditors analyze the segregation of duties within the organization to ensure that
no single individual has control over all aspects of a transaction or process. They
assess whether key duties and responsibilities are appropriately segregated to
prevent errors, fraud, or manipulation of financial information.
7. Control Deficiencies and Weaknesses:
 Auditors identify and evaluate control deficiencies and weaknesses in the internal
control environment. They assess the significance of control deficiencies in
relation to the audit objectives, considering factors such as the nature, frequency,
magnitude, and potential impact of control failures on financial reporting.
8. Management Override:
  Auditors assess the risk of management override of internal controls, which
involves management circumventing or overriding controls to manipulate
financial information for fraudulent purposes. They evaluate the effectiveness of
compensating controls and the extent of management oversight and review.
9. IT General Controls:
 Auditors consider the effectiveness of information technology (IT) general
controls, such as access controls, change management, and IT security measures.
They assess the impact of IT systems and processes on financial reporting and the
adequacy of controls to mitigate IT-related risks.
10. Regulatory and Legal Compliance:
 Auditors evaluate the organization's compliance with applicable laws, regulations,
and contractual agreements. They assess the effectiveness of controls designed to
ensure compliance with regulatory requirements and identify any instances of
non-compliance or legal risks.

By considering these factors, external auditors gain a comprehensive understanding of the

internal control environment, assess the risks of material misstatement, and determine the extent
of reliance on internal controls in their audit procedures. This enables auditors to plan and
execute their audit effectively, provide assurance on the reliability of financial reporting, and
communicate findings to stakeholders.

QN11 Discuss the following:

a) Audit plan

b) The purpose of audit planning

c) The benefits of audit planning

d) The determinants of audit planning

ANSWER

a) Audit Plan: An audit plan is a comprehensive roadmap that outlines the scope, objectives,
procedures, and timelines for conducting an audit engagement. It serves as a guide for auditors to
systematically plan, execute, and document their audit procedures. The audit plan typically
includes key components such as the audit scope, objectives, risk assessment, materiality
thresholds, audit approach, staffing requirements, communication protocols, and reporting
timelines.

b) The Purpose of Audit Planning: The primary purpose of audit planning is to ensure that the
audit is conducted efficiently, effectively, and in accordance with auditing standards and
regulatory requirements. Key objectives of audit planning include:

 Establishing the scope and objectives of the audit engagement.

 Identifying and assessing risks of material misstatement in the financial statements.
 Determining materiality thresholds for planning and performing audit procedures.
 Developing an appropriate audit approach and methodology tailored to the organization's
risks and circumstances.
 Allocating resources, including staffing and budget, to the audit engagement.
 Communicating audit objectives, responsibilities, and expectations to audit team
members and management.
 Establishing timelines and milestones for completing audit procedures and issuing audit
reports.
 Facilitating coordination and collaboration among audit team members and stakeholders
involved in the audit process.

c) The Benefits of Audit Planning: Effective audit planning provides several benefits to
auditors, organizations, and stakeholders:

 Ensures Focus and Relevance: Audit planning helps auditors identify key risks and areas
of focus, ensuring that audit procedures are targeted and relevant to the organization's
objectives and risks.
 Enhances Efficiency: By systematically planning audit procedures and allocating
resources based on risk assessment, audit planning enhances the efficiency of the audit
process and minimizes unnecessary effort and duplication of work.
  Improves Risk Management: Audit planning enables auditors to assess and address risks
of material misstatement in a timely manner, enhancing the organization's risk
management practices and internal control environment.
 Facilitates Communication: Audit planning promotes clear and effective communication
among audit team members, management, the audit committee, and other stakeholders,
ensuring alignment of expectations and responsibilities throughout the audit engagement.
 Enhances Audit Quality: Well-planned audits are more likely to produce reliable and
high-quality audit findings, conclusions, and recommendations, enhancing the credibility
and value of the audit process and reports.

d) The Determinants of Audit Planning: Several factors influence audit planning and
determine the scope, approach, and priorities of the audit engagement:

 Organizational Size and Complexity: The size, complexity, and nature of the
organization's operations influence the scope and depth of audit procedures required.
 Regulatory and Industry Requirements: Regulatory requirements, industry standards, and
specific audit mandates may dictate the focus and objectives of the audit engagement.
 Risk Profile: The organization's risk profile, including financial, operational, compliance,
and strategic risks, influences the identification and assessment of risks of material
misstatement.
 Materiality Thresholds: Materiality thresholds for financial statement items and
performance indicators determine the level of scrutiny and significance of audit
procedures.
 Previous Audit Findings: Previous audit findings, internal control deficiencies, and
management responses may inform the planning and prioritization of audit procedures.
 Audit Team Expertise and Resources: The skills, experience, and availability of audit
team members influence staffing requirements, training needs, and resource allocation for
the audit engagement.

Overall, audit planning is a critical phase of the audit process that sets the foundation for a
successful and value-added audit engagement. By systematically identifying objectives, risks,
resources, and timelines, audit planning enhances the efficiency, effectiveness, and quality of the
audit process and outcomes.

QN12.Why understanding of entity and its environment is very essential when planning the
audit? Identify the key elements to be considered in understanding the entity and its
environment.

ANSWER

Understanding the entity and its environment is essential when planning the audit because it
provides auditors with valuable insights into the organization's operations, risks, and control
environment. This understanding enables auditors to assess the risks of material misstatement in
the financial statements and design appropriate audit procedures to address those risks
effectively. Key elements to consider in understanding the entity and its environment include:

1. Nature of the Entity's Operations:

 Auditors should understand the entity's industry, business model, products,
services, markets, and operating characteristics. This knowledge helps auditors
assess the inherent risks associated with the entity's operations and tailor audit
procedures accordingly.
2. Business Strategies and Objectives:
 Understanding the entity's strategic goals, objectives, and performance metrics
provides context for assessing risks and evaluating the reasonableness of financial
performance. Auditors consider the entity's growth strategies, competitive
positioning, and market dynamics in their risk assessment.
3. Regulatory and Legal Environment:
 Auditors need to be aware of the regulatory and legal requirements applicable to
the entity's industry and operations. This includes understanding relevant laws,
regulations, standards, and contractual agreements that may impact the entity's
financial reporting and compliance obligations.
4. Governance Structure and Oversight:
  Auditors assess the entity's governance structure, including the roles and
responsibilities of the board of directors, management, audit committee, and other
governance bodies. They evaluate the effectiveness of governance practices in
promoting transparency, accountability, and ethical behavior.
5. Internal Control Environment:
 Auditors evaluate the design and operating effectiveness of the entity's internal
control environment, including control activities related to financial reporting,
operations, compliance, and IT systems. They assess the reliability of internal
controls in preventing, detecting, and correcting material misstatements in the
financial statements.
6. Organizational Structure and Management Philosophy:
 Auditors consider the entity's organizational structure, management philosophy,
and leadership style in their risk assessment. They evaluate the competence,
integrity, and ethical values of management and their commitment to effective
internal control and risk management practices.
7. External Factors and Economic Conditions:
 Auditors analyze external factors and economic conditions that may impact the
entity's financial performance and risk profile. This includes assessing
macroeconomic trends, industry dynamics, market volatility, competitive
pressures, and geopolitical risks that may affect the entity's operations and
financial position.
8. Related Parties and Transactions:
 Auditors identify and assess risks associated with related party relationships and
transactions, including transactions with subsidiaries, affiliates, joint ventures, and
significant customers or suppliers. They evaluate the nature, substance, and
significance of related party transactions to determine their potential impact on
the financial statements.

By understanding these key elements of the entity and its environment, auditors gain valuable
insights into the organization's business, risks, and control environment. This understanding
informs the audit planning process, risk assessment, and the design of audit procedures tailored
to address the specific risks and circumstances of the entity. It also enhances the auditors' ability
to provide valuable insights and recommendations to management and stakeholders to improve
governance, risk management, and internal control practices.

QN13. Differentiate between materiality and performance materiality. Describe determinants of

Financial statements materiality

ANSWER

Materiality and performance materiality are both concepts used in auditing to determine the
significance of misstatements in financial statements, but they serve different purposes and are
applied at different stages of the audit process. Let's differentiate between them:

1. Materiality:
 Definition: Materiality refers to the threshold or level of significance beyond
which misstatements in the financial statements could influence the economic
decisions of users. In other words, a misstatement is considered material if it
could reasonably be expected to affect the decisions of users based on the
financial statements.
 Purpose: Materiality helps auditors and financial statement preparers determine
the significance of errors, omissions, or discrepancies in the financial statements.
Auditors consider materiality when planning the audit, evaluating the results of
audit procedures, and forming an opinion on the fairness of the financial
statements as a whole.
 Factors Considered: Auditors consider quantitative and qualitative factors when
assessing materiality, including the size, nature, and circumstances of the
misstatement, its impact on key financial ratios, regulatory requirements,
contractual obligations, user expectations, and the entity's overall financial
position and performance.
2. Performance Materiality:
  Definition: Performance materiality is a lower threshold of materiality applied to
individual account balances, transactions, or disclosures within the financial
statements. It represents a portion of overall materiality allocated to specific areas
or components of the financial statements to guide the planning and execution of
audit procedures.
 Purpose: Performance materiality helps auditors determine the extent of audit
procedures to be performed on specific areas or components of the financial
statements. It provides a margin of safety to ensure that the aggregate effect of
undetected misstatements does not exceed overall materiality.
 Calculation: Performance materiality is typically calculated as a percentage of
overall materiality, often ranging from 50% to 75% of materiality, depending on
factors such as the assessed level of inherent risk, the complexity of the entity's
operations, and the effectiveness of internal controls.

Determinants of Financial Statements Materiality:

Determining financial statements materiality involves evaluating various quantitative and

qualitative factors to establish a threshold that is considered significant in the context of the
financial reporting framework and user needs. Key determinants of financial statements
materiality include:

1. Nature and Size of the Entity:

 The nature and size of the entity, including its industry, business model, revenue
streams, assets, liabilities, and operating characteristics, influence the assessment
of materiality. Larger and more complex entities may have higher absolute
materiality thresholds due to the scale and complexity of their operations.
2. Financial Statement Users and Stakeholder Needs:
 Consideration of the needs and expectations of financial statement users,
including investors, creditors, regulators, analysts, and other stakeholders, is
essential in determining materiality. Materiality thresholds should reflect the
significance of financial information to users' decision-making processes and risk
assessments.
 3. Regulatory Requirements and Reporting Framework:
 Compliance with regulatory requirements, accounting standards, and reporting
frameworks (e.g., Generally Accepted Accounting Principles or International
Financial Reporting Standards) influences the determination of materiality.
Materiality thresholds should be aligned with applicable regulatory and reporting
requirements to ensure compliance and consistency in financial reporting.
4. Inherent Risks and Control Environment:
 The assessment of inherent risks, control environment effectiveness, and the
reliability of internal controls impacts the determination of materiality. Higher
inherent risks and weaker internal controls may warrant lower materiality
thresholds to mitigate the risk of material misstatement in the financial statements.
5. Financial Performance and Trends:
 Consideration of the entity's financial performance, trends, and key performance
indicators helps auditors assess the significance of individual misstatements in
relation to the entity's overall financial position and operating results. Materiality
thresholds should reflect changes in financial performance and market conditions
over time.
6. Industry and Competitive Environment:
 The industry and competitive environment in which the entity operates influence
the assessment of materiality. Industry-specific factors, competitive pressures,
market dynamics, and regulatory scrutiny may affect the significance of financial
information and the materiality thresholds applied.
7. Quality of Management and Governance:
 The quality of management, governance practices, and ethical standards within
the entity impact the assessment of materiality. Auditors consider management's
integrity, competence, transparency, and commitment to effective financial
reporting and internal controls when determining materiality thresholds.

In summary, materiality and performance materiality are critical concepts in auditing that help
auditors assess the significance of misstatements in financial statements and guide the planning
and execution of audit procedures. Determining financial statements materiality involves
evaluating various quantitative and qualitative factors to establish a threshold that is considered
significant in the context of the financial reporting framework, regulatory requirements, user
needs, and entity-specific circumstances.

QN14 For each of the controls identified below, identify a control test to be performed by the
auditor.

a) Performance of monthly bank reconciliation by purchase ledger clerk, approved by financial

controller

b) Purchase invoices stamped as “paid”

c) Stock counts performed by client at each month end

d) Written procedures manual containing procedures and policies maintained by client

e) The role of chasing outstanding debtor balances on the sales ledger is segregated from the role
of updating the sales ledger for cash received from debtors.

ANSWER

For each control described, here are potential control tests that an auditor could perform to assess
the effectiveness of the control:

a) Performance of monthly bank reconciliation by purchase ledger clerk, approved by

financial controller:

 Control Test: Select a sample of monthly bank reconciliations and verify that they have
been completed by the purchase ledger clerk and approved by the financial controller.
 Test Procedure: Review the bank reconciliation files to ensure they are prepared by the
purchase ledger clerk and contain evidence of approval by the financial controller. Verify
the accuracy of reconciliations by tracing a sample of reconciling items to supporting
documentation such as bank statements, cash receipts, and disbursement records.

b) Purchase invoices stamped as "paid":

  Control Test: Select a sample of paid purchase invoices and verify that they are stamped
as "paid" in accordance with the control procedure.
 Test Procedure: Examine the purchase invoice files to ensure that invoices marked as
"paid" are stamped with the appropriate designation. Confirm the accuracy of the "paid"
stamps by comparing them against payment records, bank statements, and cancelled
checks.

c) Stock counts performed by the client at each month end:

 Control Test: Obtain evidence that stock counts are conducted by the client at each month
end as per the control procedure.
 Test Procedure: Review stock count schedules, observation reports, and inventory count
sheets to verify that stock counts are performed by the client at the end of each month.
Confirm the accuracy of stock count records by comparing them against inventory
records, sales data, and purchase orders.

d) Written procedures manual containing procedures and policies maintained by the client:

 Control Test: Review the written procedures manual to assess its completeness, accuracy,
and relevance to the client's operations.
 Test Procedure: Examine the written procedures manual to ensure that it contains
comprehensive procedures and policies covering key areas of the client's operations, such
as accounting, finance, purchasing, sales, and inventory management. Evaluate the
currency and effectiveness of procedures by comparing them against industry standards,
regulatory requirements, and best practices.

e) Segregation of duties between chasing outstanding debtor balances and updating the
sales ledger for cash received from debtors:

 Control Test: Verify that the roles of chasing outstanding debtor balances and updating
the sales ledger are segregated as per the control procedure.
  Test Procedure: Review job descriptions, organizational charts, and segregation of duties
matrices to confirm that the responsibilities for chasing outstanding debtor balances and
updating the sales ledger are assigned to different individuals or departments. Interview
staff members and management to ensure awareness and compliance with segregation of
duties policies.

These control tests help auditors assess the effectiveness of internal controls and determine the
reliability of financial information reported by the client. By performing these tests, auditors can
gain assurance over the accuracy, completeness, and validity of financial transactions and
balances.

QN15 Identify some categories of experts that the auditor may decide to use during the audit of
financial statements

ANSWER

During the audit of financial statements, auditors may decide to engage various categories of
experts to obtain specialized knowledge or assistance in evaluating specific aspects of the audit
engagement. Some categories of experts commonly used by auditors include:

1. Valuation Experts:
 Valuation experts provide expertise in determining the fair value of assets,
liabilities, and financial instruments. They may assist auditors in valuing complex
financial instruments, intangible assets, derivatives, investments, and other
valuation-related matters.
2. Forensic Accountants:
 Forensic accountants specialize in investigating and detecting financial fraud,
misconduct, and irregularities. They may assist auditors in conducting forensic
examinations, analyzing financial transactions, tracing funds, and identifying
potential fraudulent activities.
3. IT Specialists:
  IT specialists provide expertise in information technology systems, controls, and
security. They may assist auditors in evaluating the design and effectiveness of IT
controls, conducting data analytics, assessing cybersecurity risks, and testing IT
systems and applications.
4. Legal Counsel:
 Legal counsel provides expertise in interpreting complex legal and regulatory
requirements applicable to the audit engagement. They may assist auditors in
assessing legal risks, contractual obligations, compliance issues, and litigation
matters affecting the financial statements.
5. Industry Experts:
 Industry experts possess specialized knowledge of specific industries, markets,
and business practices. They may assist auditors in understanding industry trends,
competitive dynamics, regulatory changes, and unique accounting issues relevant
to the client's industry sector.
6. Tax Experts:
 Tax experts provide expertise in tax compliance, planning, and reporting. They
may assist auditors in evaluating tax provisions, deferred tax assets and liabilities,
uncertain tax positions, and tax-related disclosures in the financial statements.
7. Environmental Experts:
 Environmental experts specialize in assessing environmental risks, liabilities, and
compliance requirements. They may assist auditors in evaluating the financial
implications of environmental regulations, remediation costs, and contingent
liabilities related to environmental matters.
8. Actuaries:
 Actuaries provide expertise in evaluating and estimating insurance liabilities,
pension obligations, and other actuarial matters. They may assist auditors in
assessing the reasonableness of actuarial assumptions, calculations, and
disclosures in the financial statements.
9. Engineering Experts:
 Engineering experts specialize in evaluating the physical condition, value, and
useful life of tangible assets such as property, plant, and equipment. They may
 assist auditors in performing physical inspections, appraisals, and assessments of
asset impairment or obsolescence.
10. Medical Experts:
 Medical experts provide expertise in evaluating healthcare-related matters, such
as medical billing practices, insurance claims, and healthcare regulations. They
may assist auditors in assessing the reasonableness of healthcare provisions,
liabilities, and disclosures.

By engaging experts from various disciplines, auditors can enhance their audit procedures, obtain
specialized knowledge, and address complex audit issues effectively. Collaboration with experts
helps auditors maintain audit quality, credibility, and compliance with auditing standards and
regulatory requirements.

QN16. (a) Explain the term ‘audit risk’ and the three elements of risk that contribute to total
audit risk.

ANSWER

Audit risk refers to the risk that the auditor expresses an inappropriate audit opinion when the
financial statements are materially misstated. In other words, it is the risk that the auditor fails to
detect material misstatements in the financial statements, whether due to errors or fraud. Audit
risk is a fundamental concept in auditing and is composed of three key elements:

1. Inherent Risk:
 Inherent risk represents the susceptibility of the financial statements to material
misstatement before considering the effectiveness of internal controls. It is
influenced by factors such as the nature of the entity's operations, industry
conditions, complexity of transactions, and accounting estimates. Inherent risk is
generally higher for inherently risky transactions or accounts, such as those
involving significant judgment, estimation uncertainty, or susceptibility to fraud.
2. Control Risk:
  Control risk refers to the risk that the entity's internal controls fail to prevent or
detect material misstatements in the financial statements. It reflects the risk that
weaknesses or deficiencies in the design or operation of internal controls could
result in errors or fraud not being prevented or detected on a timely basis. Control
risk is influenced by the effectiveness of the entity's internal control environment,
including the design and implementation of control activities, monitoring
mechanisms, and the competence and integrity of personnel.
3. Detection Risk:
 Detection risk represents the risk that the auditor's substantive procedures fail to
detect material misstatements that exist in the financial statements. It is the only
component of audit risk that the auditor directly controls through the nature,
timing, and extent of audit procedures performed. Detection risk is inversely
related to the assurance provided by substantive procedures; as detection risk
decreases (i.e., more effective audit procedures are performed), audit risk
decreases. Auditors assess detection risk based on factors such as the
effectiveness of audit procedures, sampling methods, audit evidence obtained, and
the competence and judgment of audit team members.

The relationship between these three components of audit risk can be expressed using the audit
risk model:

Audit Risk=Inherent Risk×Control Risk×Detection RiskAudit Risk=Inherent Risk×Control Risk

×Detection Risk

The auditor's objective is to plan and perform audit procedures to reduce audit risk to an
acceptably low level, typically through a combination of assessing inherent and control risks and
designing substantive procedures to achieve an appropriate level of assurance regarding the
fairness of the financial statements. By understanding and managing these elements of risk,
auditors can enhance the effectiveness and efficiency of the audit process and provide
stakeholders with reliable assurance on the integrity of financial reporting.
The HURUMA charity was established in 1960. The charity’s aim is to provide support to
children from disadvantaged backgrounds who wish to acquire higher education. HURUMA has
a detailed constitution which explains how the charity’s income can be spent. The constitution
also notes that administration expenditure cannot exceed 10% of income in any year. The
charity’s income is derived wholly from voluntary donations. Sources of donations include: (i)
Cash collected by volunteers asking the public for donations in shopping areas, (ii) Cheques sent
to the charity’s head office, (iii) Donations from generous individuals. Some of these donations
have specific clauses attached to them indicating that the initial amount donated (capital) cannot
be spent and that the income (interest) from the donation must be spent on specific activities. The
rules regarding the taxation of charities in the country HURUMA is based are complicated, with
only certain expenditure being allowable for taxation purposes and donations of capital being
treated as income in some situations. Required: (b) Identify areas of inherent risk in the
HURUMA charity and explain the effect of each of these risks on the audit approach. (c) Explain
why the control environment may be weak at the charity HURUMA

b) Areas of Inherent Risk in HURUMA Charity and Effect on Audit Approach:

ANSWER

1. Complexity of Taxation Rules:

 Effect on Audit Approach: The complexity of taxation rules increases the risk of
misinterpretation or misapplication of tax regulations by the charity. Auditors
need to thoroughly understand the tax laws applicable to charities and assess the
charity's compliance with these regulations. This may involve engaging tax
specialists to assist in evaluating the tax treatment of donations, income, and
expenditure.
2. Restrictions on Donations:
 Effect on Audit Approach: Donations with specific clauses attached, such as
restrictions on the use of capital and requirements to spend income on specific
activities, introduce complexities in accounting for and reporting on these funds.
Auditors need to verify compliance with donor restrictions and ensure that funds
 are used in accordance with donor intentions. This may involve reviewing donor
agreements, tracing donations to specific activities, and assessing the charity's
accounting policies for restricted funds.
3. Limitation on Administration Expenditure:
 Effect on Audit Approach: The limitation on administration expenditure to not
exceed 10% of income introduces a risk of misclassification or understatement of
administrative expenses. Auditors need to evaluate the charity's procedures for
monitoring and controlling administrative costs, including reviewing expenditure
records, assessing cost allocation methodologies, and testing the accuracy of
expense classifications. This may involve comparing administrative expenses to
total income and assessing reasonableness based on industry benchmarks or
historical trends.
4. Voluntary Donations Collection:
 Effect on Audit Approach: The reliance on voluntary donations collected by
volunteers introduces a risk of misstatement or misappropriation of funds.
Auditors need to assess the charity's procedures for collecting, recording, and
safeguarding donations, including evaluating controls over cash handling,
ensuring segregation of duties, and verifying the completeness and accuracy of
donation records. This may involve testing the reconciliation of donation records
to bank deposits and conducting surprise cash counts at collection points.

c) Weaknesses in the Control Environment at HURUMA Charity:

ANSWER

1. Lack of Oversight and Governance:

 The charity may lack effective oversight and governance structures, such as a
board of directors or audit committee, to provide guidance and oversight of
financial management practices. This could result in inadequate accountability
and transparency in decision-making processes, increasing the risk of fraud or
mismanagement.
2. Limited Segregation of Duties:
  Due to the small size of the charity or limited resources, there may be inadequate
segregation of duties over key financial processes, such as cash handling,
recording donations, and approving expenditures. This increases the risk of errors
or fraud going undetected, as there may be insufficient checks and balances in
place.
3. Inadequate Financial Controls:
 The charity may lack formalized financial policies and procedures, leading to
inconsistencies or inefficiencies in financial management practices. This increases
the risk of errors, omissions, or unauthorized transactions occurring in the
accounting records or financial statements.
4. Dependency on Volunteers:
 The charity's reliance on volunteers for key operational tasks, such as fundraising,
administration, and financial reporting, may introduce risks related to
competence, reliability, and oversight. Volunteers may lack the necessary
expertise or training to perform their roles effectively, increasing the risk of errors
or inconsistencies in financial reporting.
5. Complex Donor Restrictions:
 Donor-restricted funds with specific clauses attached may pose challenges in
compliance monitoring and tracking of expenditures. The charity may struggle to
accurately account for and report on restricted funds, leading to potential
misstatements or non-compliance with donor requirements.

Addressing these weaknesses in the control environment requires strengthening governance

structures, implementing formalized policies and procedures, enhancing segregation of duties,
providing training and oversight for volunteers, and improving transparency and accountability
in financial reporting practices.

QN17. Kishoju Ltd sells coffee from 25 different locations in the country. Each branch has up to
30 staff working there, although most of the accounting systems are designed and implemented
from the company’s head office. All accounting systems, apart from petty cash, are
computerized, with the internal audit department frequently advising and implementing controls
within those systems. Kishoju Ltd has an internal audit department of eight staff, all of whom
have been employed at Kishoju Ltd for a minimum of 7 years and some for as long as 12 years.
In the past, the chief internal auditor appoints staff within the internal audit department, although
the chief executive officer (CEO) is responsible for appointing the chief internal auditor. The
chief internal auditor reports directly to the finance director. The finance director also assists the
chief internal auditor in deciding on the scope of work of the internal audit department. You are
an audit manager in the internal audit department of Kishoju Ltd. You are currently auditing the
petty cash systems at the different branches. Your initial systems note on petty cash contain the
following information:

a. The average petty cash balance at each branch is Tzs10mil.

b. Average monthly expenditure is Tzs 4mil, with amounts ranging from Tzs10,000 to Tzs 1mil.

c. Petty cash is kept in a lockable box on a bookcase in the accounts office.

d. Vouchers for expenditure are signed by the person incurring that expenditure to confirm they
have received re-imbursement from petty cash.

e. Vouchers are recorded in the petty cash book by the accounts clerk; each voucher records the
date, reason for the expenditure, amount of expenditure and person incurring that expenditure.

f. Petty cash is counted every month by the accounts clerk, who is in charge of the cash. The
petty cash balance is then reimbursed using the ‘imprest’ system and the journal entry produced
to record expenditure in the general ledger.

g. The cheque to reimburse petty cash is signed by the accountant at the branch at the same time
as the journal entry to the general ledger is reviewed.

Required:

i. Explain the issues which limit the independence of the internal audit
department in Kishoju Ltd. Recommend a way of overcoming each issue.
ii. ii. Explain the internal control weaknesses in the petty cash.

ANSWER
i. Issues Limiting the Independence of the Internal Audit Department:

1. Appointment Process for Internal Audit Staff:

 Issue: The chief internal auditor appoints staff within the internal audit
department, which could potentially compromise the independence of the audit
function.
 Recommendation: The appointment process for internal audit staff should be
conducted independently of the chief internal auditor to ensure objectivity and
impartiality. This could involve the involvement of Human Resources or a
separate audit committee in the recruitment and selection process.
2. Reporting Line to the Finance Director:
 Issue: The chief internal auditor reports directly to the finance director, which
may create a perception of influence or pressure from management.
 Recommendation: The reporting line of the chief internal auditor should be
revised to ensure independence and objectivity. Ideally, the chief internal auditor
should report directly to the audit committee or the CEO, who can provide
oversight and support for the audit function.
3. Involvement of Finance Director in Internal Audit Scope:
 Issue: The finance director assists the chief internal auditor in deciding on the
scope of work of the internal audit department, which may lead to interference or
bias in audit planning and execution.
 Recommendation: The scope of work for the internal audit department should be
determined independently by the chief internal auditor in consultation with the
audit committee or the CEO. The finance director should not have a direct role in
setting audit objectives or priorities.

ii. Internal Control Weaknesses in Petty Cash System:

1. Lack of Segregation of Duties:

 Weakness: The same person (accounts clerk) is responsible for recording
vouchers in the petty cash book, counting cash, and preparing reimbursement
cheques, which increases the risk of errors or misappropriation going undetected.
  Recommendation: Implement segregation of duties by assigning different
individuals to perform key tasks in the petty cash process. For example, one
person should record vouchers, another should count cash, and a third person
should prepare reimbursement cheques.
2. Limited Oversight and Review:
 Weakness: There is no independent review of petty cash transactions or
reconciliations, as the accountant at the branch only signs the reimbursement
cheque without reviewing supporting documentation or verifying the accuracy of
transactions.
 Recommendation: Implement a review process for petty cash transactions, where
a supervisor or manager independently verifies vouchers, reconciliations, and
supporting documentation before authorizing reimbursement. This helps detect
errors or irregularities and ensures compliance with policies and procedures.
3. Physical Security of Petty Cash:
 Weakness: Petty cash is kept in a lockable box on a bookcase in the accounts
office, which may not provide adequate security against theft or unauthorized
access.
 Recommendation: Enhance physical security measures for petty cash by storing
cash in a secure safe or vault with restricted access. Implement procedures for
issuing and returning keys to ensure accountability and control over access to
petty cash funds. Additionally, consider implementing surveillance cameras or
alarms to deter theft and enhance monitoring of cash handling activities.

QN18 Ikizu Ltd is a construction company with a large number of workers on various
construction sites. The internal audit department of Ikizu Ltd is currently reviewing cash wages
systems within the company. The following information is available concerning the wages
systems:

(i) Hours worked are recorded using a clocking in/out system. On arriving for work and
at the end of each day’s work, each worker enters their unique employee number on a
keypad
 (ii) (ii) Workers on each site are controlled by a foreman. The foreman has a record of all
employee numbers and can issue temporary numbers for new employees.
(iii) (iii) Any overtime is calculated by the computerized wages system and added to the
standard pay.
(iv) (iv) The two staff in the wages department make amendments to the computerized
wages system in respect of employee holidays, illness, as well as setting up and
maintaining all employee records.
(v) (v) The computerized wages system calculates deductions from gross pay, such as
employee taxes, and net pay. Finally, a list of net cash payments for each employee is
produced.
(vi) (vi) Cash is delivered to the wages office by secure courier.
(vii) (vii)The two staff place cash into wages packets for each employee along with a
handwritten note of gross pay, deductions and net pay. The packets are given to the
foreman for distribution to the individual employees.

Required:
(a) (i) Identify and explain weaknesses in Ikizu Co system of internal control
over the wages system that could lead to mis-statements in the financial
statements;
(ii) For each weakness, suggest an internal control to overcome that
weakness.
(b) Compare the responsibilities of the external and internal auditors to detect
fraud

ANSWER

a) (i) Weaknesses in Ikizu Co's Internal Control over the Wages System:

1. Lack of Segregation of Duties:

 Weakness: The same two staff members in the wages department make
amendments to the computerized wages system, calculate deductions, and prepare
 cash packets for distribution. This lack of segregation of duties increases the risk
of errors or fraud going undetected.
 Internal Control: Implement segregation of duties by assigning different
individuals to perform key tasks in the wages process. For example, one staff
member should be responsible for making amendments to the computerized
system, while another should handle cash preparation and distribution. This
segregation helps prevent collusion and enhances accountability.
2. Manual Preparation of Cash Packets:
 Weakness: Cash packets for each employee are prepared manually by the two
staff members in the wages department, along with a handwritten note of gross
pay, deductions, and net pay. Manual preparation increases the risk of errors in
recording and calculating cash payments.
 Internal Control: Automate the preparation of cash packets by using a
computerized system that generates printed pay slips or vouchers for each
employee. This reduces the risk of manual errors and provides a more accurate
record of cash payments. Additionally, implement reconciliation procedures to
verify the accuracy of cash packets before distribution.

(ii) Responsibilities of External and Internal Auditors to Detect Fraud:

1. External Auditor:
 The primary responsibility of the external auditor is to express an opinion on the
fairness of the financial statements in accordance with auditing standards. While
the external auditor is not specifically responsible for detecting fraud, they are
required to plan and perform the audit to obtain reasonable assurance that the
financial statements are free from material misstatement, whether due to error or
fraud.
 External auditors perform various audit procedures to assess the risk of fraud,
including evaluating internal controls, assessing the reliability of financial
reporting, and testing the effectiveness of controls in preventing and detecting
fraud. They also consider fraud risk factors, such as management override of
 controls, unusual transactions, and incentives or pressures to manipulate financial
results.
 If the external auditor identifies indicators of fraud during the audit, they are
required to consider the implications for the audit and may need to perform
additional procedures to address the risk of material misstatement due to fraud.
However, the external auditor's primary focus is on providing an opinion on the
financial statements rather than detecting fraud.
2. Internal Auditor:
 The internal auditor is responsible for evaluating and improving the effectiveness
of internal controls, risk management processes, and governance structures within
the organization. While the internal auditor may not express an opinion on the
financial statements, they play a key role in identifying and addressing fraud risks
through ongoing monitoring and assessment of controls.
 Internal auditors perform comprehensive reviews of business processes, including
the wages system, to identify weaknesses, inefficiencies, and potential fraud risks.
They conduct risk assessments, develop audit plans, and perform tests of controls
and substantive procedures to detect and prevent fraud.
 Internal auditors also provide recommendations for strengthening internal
controls, enhancing compliance with policies and procedures, and mitigating
fraud risks. They work closely with management to implement corrective actions
and monitor the effectiveness of control improvements over time. Additionally,
internal auditors may investigate allegations of fraud and misconduct, gather
evidence, and report findings to senior management and the audit committee.

QN19 Explain the similarities and differences of auditing and accounting

ANSWER

Auditing and accounting are closely related disciplines within the field of finance, but they serve
distinct purposes and involve different roles and responsibilities. Here are the similarities and
differences between auditing and accounting:
Similarities:

1. Both are Financial Disciplines:

 Auditing and accounting are both financial disciplines that deal with the
recording, analysis, and reporting of financial information. They are essential for
businesses to manage their financial affairs effectively and provide stakeholders
with reliable information for decision-making.
2. Both Involve Financial Information:
 Both auditing and accounting deal with financial information, including
transactions, balances, and other financial data related to an organization's
operations, performance, and financial position. Both disciplines focus on
ensuring the accuracy, completeness, and reliability of financial information.
3. Both Aim for Compliance and Accuracy:
 Both auditing and accounting aim to ensure compliance with relevant accounting
standards, regulations, and principles, such as Generally Accepted Accounting
Principles (GAAP) or International Financial Reporting Standards (IFRS). They
both strive to maintain the accuracy, integrity, and reliability of financial records
and reports.

Differences:

1. Purpose:
 Accounting: The primary purpose of accounting is to record, classify, summarize,
and interpret financial transactions and prepare financial statements (e.g., balance
sheet, income statement, cash flow statement) to provide information about an
organization's financial performance and position to internal and external users.
 Auditing: The primary purpose of auditing is to examine, evaluate, and provide
assurance on the reliability and fairness of financial statements and underlying
financial information. Auditors assess whether financial statements are presented
fairly in accordance with applicable accounting standards and regulatory
requirements.
2. Roles and Responsibilities:
  Accounting: Accountants are responsible for recording financial transactions,
maintaining accounting records, preparing financial statements, analyzing
financial data, and providing financial insights and recommendations to
management for decision-making purposes.
 Auditing: Auditors are responsible for examining and verifying the accuracy and
completeness of financial records and reports prepared by accountants. They
assess the effectiveness of internal controls, perform audit procedures to detect
errors or fraud, gather audit evidence, and express an opinion on the fairness of
financial statements.
3. Timing:
 Accounting: Accounting activities are ongoing and performed regularly
throughout the accounting period to record transactions, close accounting periods,
and prepare financial statements at the end of the reporting period (e.g., monthly,
quarterly, annually).
 Auditing: Auditing activities are typically performed after the completion of
accounting processes and the preparation of financial statements. Auditors
conduct audits periodically (e.g., annually) to provide an independent assessment
of financial statements and ensure compliance with auditing standards and
regulations.

In summary, while auditing and accounting are related disciplines that both deal with financial
information and aim for compliance and accuracy, they serve different purposes, involve distinct
roles and responsibilities, and are performed at different stages of the financial reporting process.
Accounting focuses on the preparation and interpretation of financial information, while auditing
focuses on verifying and providing assurance on the reliability of financial information.

QN20 Explain the following terms as used in auditing i. True and fair view ii. Going concern as
per ISA 570 iii. Materiality as per ISA 320

ANSWER

Let's delve into each term as used in auditing:

i. True and Fair View:

 The concept of "true and fair view" refers to the overarching objective of financial
reporting and auditing to present financial information accurately, impartially, and
without bias. In auditing, the auditor's objective is to express an opinion on whether the
financial statements provide a true and fair view of the entity's financial position,
financial performance, and cash flows. This means that the financial statements should
reflect the underlying financial reality of the entity's transactions and events in a manner
that is faithful to the accounting standards and principles applicable to the reporting
framework used. To achieve a true and fair view, auditors assess the fairness of financial
statements by evaluating the completeness, accuracy, and presentation of financial
information, considering the significance of estimates and judgments made by
management, and ensuring compliance with relevant accounting standards and regulatory
requirements.

ii. Going Concern as per ISA 570:

 Going concern is a fundamental assumption in accounting and auditing that assumes an

entity will continue to operate in the foreseeable future without the need to liquidate
assets or cease operations. ISA 570 (International Standard on Auditing 570) provides
guidance to auditors on evaluating an entity's ability to continue as a going concern when
preparing and reporting on financial statements. Auditors assess an entity's going concern
status by considering its financial position, liquidity, solvency, operational plans, and
external factors such as economic conditions and industry trends. If there are material
uncertainties about the entity's ability to continue as a going concern, auditors are
required to disclose these uncertainties in the audit report and consider the implications
for the financial statements, such as the need for adjustments to accounting estimates,
disclosures, or the inclusion of an emphasis of matter paragraph in the audit report. The
going concern assessment is crucial because it affects the reliability and relevance of the
financial statements to users' decision-making.

iii. Materiality as per ISA 320:

  Materiality is a key concept in auditing that relates to the significance or importance of an
item, transaction, or error in the financial statements. ISA 320 (International Standard on
Auditing 320) provides guidance to auditors on determining materiality and its
implications for audit planning, procedures, and reporting. Materiality is assessed based
on both quantitative and qualitative factors, considering the nature, size, and
circumstances of the item or error relative to the financial statements as a whole.
Materiality is a relative concept and varies depending on the specific circumstances and
user needs. Auditors use materiality to plan and perform audit procedures by focusing on
areas that are more likely to contain material misstatements and evaluating the effect of
identified misstatements on the overall fairness of the financial statements. Materiality
also guides auditors in determining the form and content of audit reports, including the
need to communicate material weaknesses or deficiencies in internal control and the
significance of audit findings to users of the financial statements.

QN21 Briefly explain the elements of an assurance services

ANSWER

Assurance services encompass a broad range of activities aimed at providing stakeholders with
confidence, assurance, and reliability regarding various aspects of an organization's operations,
processes, and information. The key elements of assurance services typically include:

1. Objective Evaluation:
 Assurance services involve an independent and objective evaluation of
information, processes, or systems to provide stakeholders with credible and
reliable conclusions. The assurance provider assesses whether the subject matter
meets specific criteria or standards, such as compliance with regulations or
effectiveness of internal controls.
2. Systematic Approach:
 Assurance services follow a systematic and structured approach to gathering
evidence, performing procedures, and reaching conclusions. The assurance
 provider employs appropriate methodologies, techniques, and tools to obtain
sufficient and appropriate evidence to support their conclusions.
3. Professional Competence:
 Assurance services are conducted by professionals with relevant expertise,
knowledge, and qualifications in the subject matter being evaluated. The
assurance provider possesses technical proficiency, industry experience, and
adherence to professional standards and ethics to perform their responsibilities
effectively.
4. Independence and Objectivity:
 Assurance services require independence and objectivity to ensure impartiality
and credibility in the evaluation process. The assurance provider maintains
independence from the subject matter being evaluated and exercises professional
skepticism to avoid bias or undue influence.
5. Communication of Results:
 Assurance services involve communicating the findings, conclusions, and
recommendations to stakeholders in a clear, transparent, and understandable
manner. The assurance provider prepares reports or opinions that convey the
assurance obtained, identify areas of improvement or concern, and provide
actionable insights for decision-making.
6. Risk Assessment and Management:
 Assurance services consider the risks associated with the subject matter being
evaluated and provide assurance on the effectiveness of risk management
processes. The assurance provider identifies, evaluates, and addresses risks that
may impact the reliability or integrity of information or processes.

Overall, assurance services play a crucial role in enhancing confidence, transparency, and
accountability in organizational activities by providing stakeholders with independent and
reliable assessments of the subject matter under review. These services contribute to informed
decision-making, risk management, and organizational performance improvement.
QN22 Explain the term “limited assurance” in the context of an examination of a company’s
cash flows forecast and explain how this differs from the assurance provided by an external audit

ANSWER

"Limited assurance" refers to a level of assurance provided by an assurance engagement that is

less than the level of assurance provided by a reasonable assurance engagement, such as an
external audit. In the context of examining a company's cash flows forecast, limited assurance
means that the assurance provider performs procedures to obtain a moderate level of confidence
regarding the reliability and reasonableness of the forecast, but their level of assurance is not as
high as that provided by a full external audit.

Here's how limited assurance differs from the assurance provided by an external audit:

1. Level of Confidence:
 Limited Assurance: In a limited assurance engagement, the assurance provider
performs procedures to obtain a moderate level of confidence that the subject
matter being examined is free from material misstatement or error. However, the
level of confidence is lower compared to a reasonable assurance engagement.
 External Audit: In an external audit, the auditor provides reasonable assurance,
which means they perform extensive audit procedures to obtain a high level of
confidence that the financial statements are free from material misstatement.
External auditors express an opinion that the financial statements present fairly, in
all material respects, the financial position, results of operations, and cash flows
of the company.
2. Nature and Extent of Procedures:
 Limited Assurance: In a limited assurance engagement, the assurance provider
performs procedures that are more limited in scope and extent compared to an
external audit. The procedures are designed to provide a level of assurance that is
appropriate given the specific engagement objectives and circumstances.
 External Audit: In an external audit, the auditor conducts comprehensive audit
procedures, including tests of controls, substantive testing, analytical procedures,
 and verification of financial statement components. The auditor gathers sufficient
and appropriate audit evidence to support their opinion on the financial
statements.
3. Reporting:
 Limited Assurance: In a limited assurance engagement, the assurance provider
issues a report that communicates the findings of their procedures and the level of
assurance obtained. The report may include limitations on the scope of work
performed and may express a conclusion with less certainty compared to an audit
opinion.
 External Audit: In an external audit, the auditor issues an audit report that
contains an opinion on the fairness of the financial statements. The audit report
provides stakeholders with assurance that the financial statements have been
audited in accordance with applicable auditing standards and present a true and
fair view of the company's financial position and performance.

In summary, limited assurance provides a moderate level of confidence regarding the reliability
of the subject matter being examined, such as a cash flows forecast, but it is not as
comprehensive or definitive as the assurance provided by an external audit, which offers
reasonable assurance regarding the fairness of the financial statements.

QN23. Explain each of the FIVE fundamental principles of ACCA’s Code of Ethics and
Conduct for professional accountants

ANSWER

The ACCA's (Association of Chartered Certified Accountants) Code of Ethics and Conduct for
professional accountants is based on five fundamental principles that guide the behavior and
ethical decision-making of accountants. These principles are:

1. Integrity:
 Integrity requires accountants to be straightforward, honest, and truthful in all
professional and business relationships. Accountants should act with integrity by
 avoiding conflicts of interest, refraining from engaging in dishonest or deceptive
practices, and maintaining their professional competence and objectivity. Integrity
also involves being transparent and disclosing all relevant information, even if it
may be unfavorable or detrimental to oneself or others.
2. Objectivity:
 Objectivity requires accountants to approach their work with impartiality,
fairness, and independence of mind. Accountants should not allow bias, prejudice,
or undue influence to affect their professional judgment or decision-making. They
should critically evaluate information, exercise professional skepticism, and
remain independent from undue influence or pressure from others. Objectivity
also entails disclosing any potential conflicts of interest and refraining from
activities or relationships that could compromise professional judgment or
integrity.
3. Professional Competence and Due Care:
 Professional competence and due care require accountants to maintain the
necessary knowledge, skills, and expertise to perform their professional
responsibilities competently and diligently. Accountants should continually
update their knowledge and skills through ongoing education and training, stay
informed about developments in accounting standards and regulations, and apply
professional judgment and critical thinking to solve complex problems and make
informed decisions. They should also exercise due care by performing their work
with diligence, accuracy, and thoroughness, meeting professional standards and
fulfilling their obligations to clients, employers, and other stakeholders.
4. Confidentiality:
 Confidentiality requires accountants to respect the confidentiality of information
acquired as a result of their professional and business relationships. Accountants
should safeguard confidential information and only disclose it when authorized or
required by law, professional standards, or consent of the parties involved. They
should exercise discretion and care in handling sensitive information, maintain the
privacy and confidentiality of client data, and avoid unauthorized disclosure or
misuse of confidential information for personal gain or advantage.
5. Professional Behavior:
 Professional behavior requires accountants to comply with relevant laws,
regulations, and professional standards and act in a manner that upholds the
reputation and integrity of the accounting profession. Accountants should conduct
themselves with courtesy, respect, and professionalism in their interactions with
clients, colleagues, regulators, and the public. They should avoid conduct that
could discredit or undermine public confidence in the profession, such as
engaging in unethical or illegal activities, misrepresenting their qualifications or
experience, or engaging in conduct that could bring the profession into disrepute.
Professional behavior also involves promoting ethical behavior and integrity
within the profession and adhering to the principles of the ACCA's Code of Ethics
and Conduct in all professional activities.