practicing audit 2

16
Session 2 Solutions Self-Study Questions 3.11 Explain the relationship between the risk assessment, risk response and reporting phases of an audit. Planning is an ongoing process during the audit because the plan is modified if necessary based on the results of the audit procedures. Planning an audit usually precedes the risk response phase, and the reporting phase is last stage of the audit. The risk assessment phase includes gaining an understanding of the client, identifying significant accounts and transactions, setting planning materiality, identifying the factors that can go wrong in the audit, gaining an understanding of key internal controls and developing an audit strategy. Risk assessment is in the first phase of audit ASA 300.8 (ISA 300) Planning an Audit of a Financial Report requires an auditor to plan their audit to reduce audit risk to an acceptably low level. Therefore, the auditor must identify the risks to the audit so that the auditor can plan to gather the evidence required to reduce those risks. Effective and efficient planning ensures that sufficient appropriate evidence is gathered for those accounts at most risk of material misstatement. 3.13 List and briefly explain the key factors that the auditor would consider during preliminary risk assessment. The auditor would consider the following factors during preliminary risk assessment: 1. Understand the client – consider issues at the entity, industry, and economy level. What does the client do? How does the client function? What is its ownership structure and sources of finance? Who are its customers and suppliers? Does 1

Upload: kelin-doan

Post on 09-Dec-2015

27 views

Category:

Documents


0 download

DESCRIPTION

Session 2 solutions

TRANSCRIPT

Page 1: Practicing Audit 2

Session 2 Solutions

Self-Study Questions

3.11 Explain the relationship between the risk assessment, risk response and reporting phases of an audit.

Planning is an ongoing process during the audit because the plan is modified if necessary based on the results of the audit procedures. Planning an audit usually precedes the risk response phase, and the reporting phase is last stage of the audit.

The risk assessment phase includes gaining an understanding of the client, identifying significant accounts and transactions, setting planning materiality, identifying the factors that can go wrong in the audit, gaining an understanding of key internal controls and developing an audit strategy. Risk assessment is in the first phase of audit

ASA 300.8 (ISA 300) Planning an Audit of a Financial Report requires an auditor to plan their audit to reduce audit risk to an acceptably low level. Therefore, the auditor must identify the risks to the audit so that the auditor can plan to gather the evidence required to reduce those risks.

Effective and efficient planning ensures that sufficient appropriate evidence is gathered for those accounts at most risk of material misstatement.

3.13 List and briefly explain the key factors that the auditor would consider during preliminary risk assessment.

The auditor would consider the following factors during preliminary risk assessment: 1. Understand the client – consider issues at the entity, industry, and economy level. What does the client do? How does the client function? What is its ownership structure and sources of finance? Who are its customers and suppliers? Does it import or export? How does the client adapt to changes in technology? Is it liable for warranties? What are its operations? Who are its employees? What industry does it operate in? What are the industry’s issues – competition, government support, demand and supply constraints? How does the economy’s health affect the client?

2. Identify related parties – (AASB 124, ASA 550) – who are the related parties, including parent companies, subsidiaries, joint ventures and associates?

3. Fraud risk – factors indicating high risk of fraud, identify incentives, pressures, and opportunities for fraud, management attitudes (ASA 240)

4. Going concern risk – risk and mitigating factors, is it appropriate to assume that the client will remain as a going concern?

5. Corporate governance – board structure, listing status, audit committee – is governance likely to be effective?

1

Page 2: Practicing Audit 2

6. Understand internal controls – what are the control risks, how will auditor gain an understanding of the system?

7. Understand IT environment – risks to processes, security, changes, and controls

8. Significant accounts – identify so that enough time spent on testing these accounts

9. Significant classes of transactions - identify so that enough time spent on testing these transactions

10. Closing procedures – types of procedures, monitoring, pressure on resultsSet planning materiality – For all questions, define what will be considered to be a material misstatement or risk

3.14 When gaining an understanding of a client an auditor will be interested in an entity’s relationships with both its suppliers and customers. What aspects of these relationships will the auditor be interested in and how would they affect the assessment of audit risk?

Customers:Auditors are interested in the relationship between the audit client and its customers because this could affect the reliability of cashflow due to problems with collectability of debts from customers. If the relationship is poor, customers could withhold payment, hence, increases the settlement period for the accounts receivable (debtor). If the customers are not satisfied with the goods or services provided due to poor quality the audit client could be liable for warranty claims, therefore the auditor should check the reasonableness of provision for warranty claims (liability).

Auditors are also interested in risks associated with the client’s reliance on a few major customers because non-payment or leaving of major customers can have significant effect on cashflow in the short term. However, in the long term, can be a going concern issues for the audit client

Suppliers:Poor relations between the audit client and its suppliers could be indicators of cash flow problems for the client. The supplier could be supplying faulty goods, leading to issues with customers and problems with warranty claims. Poor relationship between the audit client and its suppliers could potentially affect the business operation of audit client and therefore affect the production and sales of the audit client.

For audit client who entered into a contract with their suppliers could be locked into unfavourable arrangement over a period of time affecting its ability to survive as a going concern. If the client is not paying its suppliers on a timely basis, it might lose access to that supplier, affecting its ability to continue to trade.

2

Page 3: Practicing Audit 2

In both cases, the auditor would be interested in whether the other parties are located overseas because of the additional risks associated with international transactions and foreign exchange (which could apply to domestic trading partners as well).

3.15 In the context of fraud, explain the differences between (1) incentives and pressures, (2) opportunity and (3) attitudes and rationalisation. Why is it important for an auditor to consider client systems relevant to all three concepts?

Incentives and pressures are the motivating factors for the client’s personnel to commit fraud. For example, a regional manager could be under pressure to achieve a sales target to keep their job or to receive a bonus. This motivates the manager to consider fraud possibilities.

The manager would be able to commit a fraud only if there is an opportunity to do so. An example of an opportunity would be an unlocked storeroom (for asset misappropriation) or loose controls over cut-off (to push a sale from one period to the next to create fraudulent financial reporting). If the manager did not have the incentive or pressure to commit the fraud, the opportunity would not lead to a fraud.

Attitudes and rationalisation refer to the ethical beliefs of the manager and the more senior management of the client. If there is an attitude at the top that achieving sales targets is more important than following policies and procedures, then the manager could use this attitude to justify misstating sales for the period. Rationalisation refers to the view about the fraud, for example “They push me very hard and I work a lot of weekends, I am entitled to this bonus.”

An auditor must consider client systems relevant to all three because they would be more likely to detect fraud by doing so. Perpetrators of fraud are likely to take great care to conceal the fraud, and considering only one set of indicators increases the risk that the auditor will not detect a material misstatement resulting from fraud.

3

Page 4: Practicing Audit 2

3.16 What does it mean when we say that a business is a ‘going concern’ or, alternatively, has ‘going concern issues’? Why must an auditor specifically consider evidence about the going concern assessment for each client?

ASA 570 (ISA 570) states that under the going concern assumption, an entity is viewed as continuing in business for the foreseeable future. It also notes that a general purpose financial report is prepared on the going concern basis, unless management intends to liquidate the entity or to cease operations, or has no realistic alternative but to do so. When the going concern assumption is appropriate, assets and liabilities are recorded on the basis that the entity will be able to realise its assets and discharge its liabilities in the normal course of business.

Therefore, if the going concern basis is not appropriate, the management should prepare a special purpose report which reflects that state. ‘Going concern issues’ mean that there is doubt about the going concern assumption’s applicability to the client’s financial report, and if these doubts are serious enough, the entity should prepare a special purpose report.

The auditor must consider evidence about the appropriateness of the going concern assumption for the client in order to express the appropriate audit opinion. If there is not sufficient evidence to support the assumption, the auditor cannot issue an unqualified opinion on general purpose reports. If the going concern uncertainty is appropriately disclosed in the financial report by management and those charged with governance, the auditor can issue an unqualified audit opinion with an emphasis of matter paragraph. However, if adequate disclosure is not made in the financial report, the auditor shall express a qualified or adverse opinion.

3.17 What are mitigating factors in the context of the going concern assessment? Give some examples of mitigating factors for a loss-making client.

Mitigating factors are factors that reduce the risk that the going concern assumption may be in doubt. For example, if the client has lost a key customer, this could raise doubt about its ability to continue as a going concern. However, this doubt would be mitigated by ongoing negotiations with a potential new customer.

If the client is making a loss, doubt about its ability to continue in business could exist. This doubt could be mitigated by:

- plans to introduce new profitable products

- management planning to merge with another company

- plans and progress towards expansion into another market

- financial support from a parent (or any other factor indicating that the losses can be borne for some time without defaulting on debts etc.)

- restructuring, retrenchment, downsizing plans (to cut costs)

4

Page 5: Practicing Audit 2

-making, sound financial reporting and time disclosures, protection of shareholders’ rights, comprehensive risk management policies and procedures, and fair and responsible remuneration practices. Listed companies are usually observed more closely than unlisted companies by the financial press and large investors, encouraging their compliance with the ASX principles.

3.20 Why does an auditor need to understand a client’s IT system? Explain how IT affects the financial report.

IT is part of a company’s accounting processes, from transaction initiation to the financial reports. ASA 315 (ISA 315) requires the auditor to gain an understanding of client’s IT systems and its associated risks (para 18). Paragraphs A53-A59 (Application and other explanatory material) explain how IT benefits an entity’s internal controls but also poses specific risks to that internal control. For example, IT allows an entity to consistently perform complex calculations in processing large volumes of transactions or data. However, if that processing is inaccurate, reliance on those systems would be inappropriate because of the risk of material misstatement in the entity’s financial report. The auditor needs to understand where the risk of inaccurate processing lies within the IT system and whether the client has other controls (e.g. manual controls or other automated controls) over processing systems which would provide greater assurance that the reported figures are accurate.

3.21 Give an example of a client closing procedure. Using your example, explain the accounts that would be affected if the closing procedure is performed inadequately.

Examples of client closing procedures include:Depreciation or amortisation of assets (debit depreciation expense, credit accumulated depreciation)Accruals e.g. salaries, interest expense (debit expense, credit accrued expense)Prepayments e.g. prepaid insurance, prepaid rates, prepared registration of motor vehicles (debit prepaid expense, credit prepayment)

Other closing procedures include procedures to test the identification of revenues and expenses which belong in the current reporting period or the next and to include the item in the correct period (i.e. client’s entries to ensure correct cut-off).

For each example, the following are the accounts affected:Depreciation/amortisation: depreciation expenses are understated and accumulated depreciation is understatedAccruals: expenses are understated and liabilities are understated (e.g. salaries expense are understated and accrued salaries are overstated)Prepayments: expenses are understated and assets are overstated (e.g. Insurance expense is understated and prepaid insurance is overstated).

Cut-off entries are required to ensure that late expenses (e.g. invoice for goods or services received) are identified as belonging to the current financial year. If this is not done, expenses are understated and liabilities are understated.

5

Page 6: Practicing Audit 2

For revenue items, ensure that revenue is not recognised until goods are despatched or delivered (depending on the terms of sale). If this is not done and the sale is recorded in the current financial year instead of the next financial year, revenue in the current year is overstated and assets (debtors) are overstated.

3.22 What is a related party? Why is an auditor interested in identifying related parties during the risk assessment phase of an audit?

AASB124 Para 9 defines related party as a person or entity that is related to the entity preparing the financial statement( e.g. close member of the family has control or significant influence or holds a key management position in the reporting entity ; an entity is in joint venture or an associate of the reporting entity.)

Auditors search for related parties during the risk assessment phase of an audit so that they consider the risks associated with transactions between the client and the related parties (such as whether sales between them are genuine and recorded at arm’s length), and to assess whether the client has made the required disclosures under AASB124 (IAS24). Omission of required disclosure would require the auditor to issue a modified report

ASA 550 (ISA 550) is a guidance for auditors’ responsibilities relating to related party relationships and transactions in an audit of a financial report As per Para 2, the standard notes that many related party transactions are in the normal course of business and pose no greater risk than any other transaction. However, under certain circumstances, transactions between the client and related parties can give rise to higher risks of material misstatements. The examples provided include: increased complexity of the arrangements and transactions; ineffective information systems for identifying or summarising the transactions and outstanding balances for related parties; transactions not conducted under normal market terms and conditions (e.g. no consideration).

6

Page 7: Practicing Audit 2

Session 2 Solutions

Workshop Questions

1.23 Audit reports

Required:(a) Explain the relevance of the paragraphs ‘Directors’ responsibility for the financial

report’ and ‘Auditor’s responsibility’ in the audit report to the audit expectation gap.

These paragraphs highlight to readers that the directors of the company and the auditors have separate and distinct responsibilities. The directors are responsible for maintaining the accounting systems and preparing the reports, and the auditors are responsible for conducting an audit of these reports by evaluating their contents against the criteria of the accounting standards and relevant legislation. The auditor’s responsibilities do not include preparing the reports and the auditor must use judgement when choosing procedures and evaluating the evidence.

(b) Find the lines in the audit report that express the auditor’s opinion – is it an unqualified or modified audit opinion?

The paragraph is headed ‘Auditor’s opinion’. It states that in the auditor’s opinion the reports are consistent with the relevant legislation including giving a true and fair view of the financial position and performance of the company. This means that the opinion is unqualified and unmodified.

(c) Find the lines in the review report that express the auditor’s conclusion – is it an audit opinion? Is it a positive or negative statement?

The auditor expresses a conclusion, not an opinion, in the review report. It is not an opinion because they did not conduct an audit. The statement is a negative one – ‘we have not become aware… is not in accordance’.

(d) Make a list of the other differences between the audit report and the review report.Other differences include:Interim report refers to AASB 134 on interim reporting, reference to IFRS in audit relates to adoption of those standards in the annual report.Audit report refers to audit of remuneration (the company does not make these disclosures in half-yearly report)Close reading of the description of the work done by the auditor will reveal that the procedures used for the interim report review are less comprehensive than those done for the full year audit (also see reference to ASRE 2410 in interim review). This is the main difference between the reports and why the audit report contains an opinion and the review report expresses a conclusion.

7

Page 8: Practicing Audit 2

1.30 Expectations gapDiscuss the expectations gap that could exist for the audit of Securimax. Consider the existence of any special interests of the users of Securimax’s financial reports.

The expectations gap is the difference between the expectations of financial report users and the auditor’s performance. Special users for Securimax could include:

Government agencies, including Department of Foreign Affairs and Trade, who would be interested in the purchases by foreign governments and individuals of this type of security vehicle.

Competing companies and/or governments who would be interested in sensitive information about the construction of the vehicles and the identity of the purchasers.

Wollongong local government and NSW State Government, who would be interested in the financial viability of the business and its impact on local employment and economic activity.

Suppliers of technological equipment – it is possible that the Terrain Master uses specialised components. These suppliers would be interested in the financial viability of the business and the likelihood of its timely payment for goods purchased on credit. Such equipment could be made to specialised order with limited alternative customers. The suppliers would have large investments to support eh manufacture of these specialised components.

Other potential customers Usual relationships would exist with lenders, shareholders, employees.

Discussion: Consider how well Securimax’s financial reports would provide the information that these users would require, given the highly sensitive and confidential nature of the manufacturing process. Management is responsible for preparing the reports, but the users may look to the auditors to make sure that the required information is provided. Also consider how well the audit process would be able to meet the users’ needs for this information.

8

Page 9: Practicing Audit 2

2.29 Auditor liability for misleading accountsRequiredDiscuss the auditor’s liability for losses suffered by (a) Mega Shopping Centres investors, and (b) other parties.

The misclassification of liabilities as non-current instead of current potentially means that anyone analysing the financial position of Mega Shopping Centres would be misled. If the liabilities are current, it is likely that they are due to be paid within 12 months, although they could also be renegotiated and the repayment date extended. The reader of the accounts would not be sure if Mega had to repay the debt, and would have doubt about the ability of the company to continue in business.

The directors and managers of Mega are likely to say that they relied on information provided to them by the finance department. The reports from the finance department probably did not state that the debts were due to be repaid soon. However, the directors and managers are under an obligation to ask questions about important matters such as large debts. They are also obliged to monitor the financial position of their company. They cannot just rely on others.

The auditors are likely to say that they relied on information provided by the managers about the due date for the debt repayments. However, the auditors should gather evidence about the repayment date, not just rely on what the managers tell them.

(a) The investors in Mega could bring legal action against the auditors, arguing they suffered financial loss as a result of the misclassification of the debt. The auditors reported that the financial accounts were in accordance with the Corporations Act and accounting standards (which they were not, because the debt was misclassified), and that the accounts were true and fair (which they were not because they gave a misleading picture).

It is likely that the auditors are liable to the investors in Mega Shopping Centres because of their loss and the failure of the auditors to following auditing standards, such as those requiring auditors to gather sufficient and appropriate evidence about the liabilities and their disclosures. The auditor could be liable under both contract law (failure to perform the audit they were contracted to do) and tort of negligence. The investors would need to establish that the auditor owed them a duty of care and the duty of care was breached, and that the investors suffered a loss as a result of that negligence.

(b) Third parties cannot rely on contract law. Other parties would try to rely on tort law. In addition, to duty of care, breach of the duty and loss, they have to establish that there was reasonable foreseeability. This means that the other parties would have to establish that the auditor was aware, or should have been aware, that any negligence on their part could cause a loss to the third parties. This is more difficult than establishing foreseeability of the loss suffered by investors. Caparo (1990) established the concept of reasonable proximity, where the auditor must be aware of the third party as a group and the decision they intend to make when using the audited report. Third parties would have a better case if they obtain a Privity Letter which can be used to prove that a duty of care was owed to them. Otherwise, there would need to be some special circumstances before the auditor was liable to them in this case.

9

Page 10: Practicing Audit 2

2.35 Independence threats and safeguards

Required

(a) Are there any threats to independence for KFP in its audit of Securimax?(b) Can you propose any recommendations to safeguard KFP against the potential

independence threats you have identified? Explain.

Issues raised in the case: (i) The client’s internal audit department is headed by an ex-partner of KFP. Both APES 110 and the Corporations Act place restrictions on audits where a former audit partner has a senior role within the client. The Corporations Act restriction (CORPORATIONS ACT 2001 - SECT 324CK) is limited to a period of 5 years between leaving the audit firm and the current audit (2 years if the person retired rather than just left the firm s. 324CI). On this basis, there is no contravention of the Act. In addition, the restriction applies to ex-auditors who become an officer of the company. In the case of Securimax, Rydell Creek does not appear to be an officer of the company (e.g. a director or senior manager) – he is the head of the internal audit department.APES 110 does not specify a 5 year time limit, and the person could be an officer or director or an employee in a position to exert direct and significant influence over the subject matter of the engagement. This would certainly include the CFO or CEO, but it is unlikely to include the head of the internal audit department.

(b) Safeguards: Ensure that Rydell Creek is not regarded as able to exert direct and significant influence over the subject matter of the external audit.Ensure that there wasn’t a significant and personal relationship between Rydell Creek and the other members of the audit team based on their previous association as colleagues (to deal with the general familiarity threat).APES 110:200.7 Examples of circumstances that may create familiarity threats include, but are not limited to: (extract)• A former Partner of the Firm being a Director or Officer of the Client or an employee in a position to exert direct and significant influence over the subject matter of the Engagement.

(ii) Clarke Field has been the partner for 5 years and will remain as review partner when Sally Woodrow is appointed as partner for the audit.APES 110 and the Corporations Act require rotation of senior audit personnel as follows:APES 110: 290.154 Using the same:• Lead Engagement Partner, or• Audit Review Partner (if any), or• Engagement Quality Control Revieweron an audit over a prolonged period may create a familiarity threat.This threat is particularly relevant in the context of a Financial Statement audit of a Listed Entity and safeguards should be applied in such situations to reduce such threat to an acceptable level. Accordingly in respect of the Financial Statement audit of Listed Entities: (a) The Lead Engagement Partner, the Audit Review Partner (if any) and the Engagement Quality Control Reviewer should be rotated after serving in any of these capacities, or a combination thereof, for a pre-defined period, no longer than five financial years within a seven year period; and, (b) Such an individual rotating after a pre-defined period should not

10

Page 11: Practicing Audit 2

participate in the Audit Engagement until a further period of time, no less than two years, since the end of the financial year following the end of the pre-defined period has elapsed.

(b) Safeguards:Clarke Field should not participate in the audit for two years.

(iii) Appointment of Sally Woodrow to position of partner and as partner in charge of the Securimax audit.Is Sally Woodrow experienced enough to lead the audit? She is being promoted to partner to enable her to take over the audit. If she is not sufficiently experienced and qualified to lead the audit there is a risk that the independence of the audit will be compromised.

(b) Safeguards:An independent (i.e. not previously involved with Securimax) senior audit partner should be appointed as review partner to assist Sally Woodrow

11