ACCA Noter Answer Paper F8 2 6int 2003 dec a

(1)

(2)

(3)

Part 2 Examination – Paper 2.6(INT)

Audit and Internal Review (International Stream) December 2003 Answers

1 Risks Controls Tests of control

(a) Human Resources

There is a risk that All staff should be required to The auditor should: staff without fill in proper application

proper experience forms and submit references – take a representative sample or training are with them. References should of staff from the payroll and employed (and be checked for all new staff inspect the relevant application might cause employed. To the extent forms to ensure that they have damage to client permitted by law, staff should been properly completed. property). be asked to provide details of References should also be

criminal convictions. All inspected. staff, particularly those

without experience, should receive proper training.

Inappropriate staff, Systems for allocating staff to – for a sample of high risk such as those with assignments should ensure clients, ensure that only criminal that only appropriate staff are appropriately classified staff convictions, allocated to high risk clients – have been utilised. perhaps, might be by means of a staff

employed in high classification system. security

environments.

Staff might There should be documentary – take a sample of entries in the misappropriate controls over the movement documentation showing company or client of cleaning materials and movements of materials and property. reviews of the usage of ensure that appropriate entries

cleaning materials. in systems have been made.

The company should ask – review the overall usage of clients regularly about the cleaning materials and levels of satisfaction with the investigate any unusual service provided (and have variations.

investigation and disciplinary

procedures in place where – review the result of client

allegations of satisfaction surveys and

misappropriation are made). establish if appropriate management responses have been made.

There is a risk that All normal payroll controls – for a representative sample of staff are paid for such as the use of timesheets, entries in the payroll, re-hours not worked, reconciliations and regular perform calculations to ensure or that incorrect reviews of payroll costs that they are made correctly, payroll deductions should be in place. Personnel ensure that appropriate are made. controls should ensure that authorisation has been made

new staff can only be entered and review the overall level of onto the payroll system with payroll cost, investigating appropriate authorisation variations.

from an independent official.

A high turnover of Staff should receive feedback – inspect the documentary staff increases all on their performance and be evidence of staff reviews, of the risks noted rewarded for good review and assess the processes

above. performance and long by which good performance

service. and long service are rewarded,

(4)

Risks Controls Tests of control (b) Procurement

There is a risk of Authorisation controls should The auditor should: fictitious or ensure that an appropriate,

excessive payment independent official – review a representative to suppliers (i.e. authorises the acceptance of new sample of suppliers on the fraudulent suppliers onto the system and system and inspect written payments). that only authorised suppliers evidence of authorisation for

can be used. them.

There is a risk of Authorisation checks on – analytically review the level inaccurate, delayed invoices should ensure that of payments for, and utilisation or incorrect only goods that have been of, goods on a periodic basis payments. received are paid for and that and investigate any significant

agreed prices are being paid. variations.

There is a risk that Controls over the purchase – review a representative the company does ledger such as reconciliations sample of invoices, credit not obtain the best with a purchase ledger notes and other documentation value for money by control account and the (hard copy or electronic) for

using existing matching of documents evidence of matching to

suppliers. should be in place to ensure appropriate goods received that discounts are obtained documentation and price lists. for timely payment and that

good relations with suppliers are maintained.

There should be regular, – review and critically assess documented negotiations with the documentation and existing suppliers and regularity of negotiations and discussions with alternative discussions.

suppliers to ensure that value for money is being obtained.

(c) Marketing

The third party The contract between The auditor should: advertiser may be Cleanco and the advertising

in breach of company should require that – review the contract with the

advertising all advertising is in company, and the advertising

regulations. accordance with regulations material to ensure that it is in and any best practice accordance with regulations The type of guidance (Cleanco wishes to and any best practice guidance. aggressive direct retain its high reputation). The auditor should ensure that mail advertising There should be clauses in the appropriate legal advice was

may actually contract requiring the taken with regard to

damage the company to indemnify indemnities and other

reputation of Cleanco against any costs important elements in the

Cleanco which arising from such breaches. contract.

might result in a Cleanco should take legal

decreasein market advice on the wording of such – obtain documentary evidence

share. clauses.

The third party should be – obtain documentary evidence required to submit all to show that the advertising advertising material to material has been approved at Cleanco for approval, and an appropriate level within Cleanco should have final Cleanco.

control over the design and content of the advertising material.

There is a risk of There should be proper – review budgets and

extensive budgeting for advertising management accounts to

marketing costs, and a regular review of ensure that advertising costs expenditure not such costs by comparison have been controlled and are resulting in new with new business obtained. resulting in an appropriate

business. level of inceased business at

Cost controls should ensure appropriate prices. that discounts offered are not

so great as to make contracts unprofitable, after marketing costs have been taken into account.

(5)

2 (a) (i) Internal control objectives

Control objectives include policies and procedures designed by management to:

1. Achieve the orderly and efficient running of the business including adherence to internal policies – this would include the regular, accurate processing and recording of payroll payments.

2. Safeguard assets – this would include the physical safeguarding of cash and safeguarding money held in bank accounts by means of other controls.

3. Prevent and detect fraud and error – fraud and error would include incorrect payments or deductions from the payroll and payments of incorrect amounts for tax and social insurance, payments for work not performed and payments to dummy employees, for example.

4. Achieve accuracy and completeness of the accounting records and timely preparation of reliable financial information; this would include making correct payments and deductions from the payroll, correct payments for tax and social insurance, and making payments for work performed only (not to dummy employees, for example), in order that quarterly or half-yearly accounts can be prepared (possibly), but in any case in order that annual accounts can be prepared within the time limits for small companies.

(ii) Internal control environment and control procedures The control environment relates to:

1. Management’s overall style in encouraging awareness of the need for good controls, for example.

2. The existence of organisational controls such as review of the payroll by an independent person such as the managing director, and the rotation of payroll duties amongst staff responsible for processing it – this helps achieve all of the objectives set out above.

3. Segregation of duties and supervisory controls to avoid the misappropriation of cash (or allegations thereof) and to avoid fraudulent collusion to create, for example, dummy employees or to make inflated payments – this prevents the loss of assets and/or inaccurate records.

Internal control procedures include:

4. Limiting direct physical access to the cash, such as the use of a security firm to deliver cash, locking doors to areas where cash is held, keeping cash in a fire-proof safe and the protection of the computer by password controls – this will help safeguard assets and ensure the completeness and accuracy of the records and financial statements.

5. Controls over computerised applications, checking the arithmetical accuracy of documents and the maintenance of control accounts – this can be achieved by, for example, the use of timesheets or clockcards, the use of reliable software with programmed controls for the calculation of deductions, and the use of batch and hash totals for information that is input into the computer system – this helps achieve the orderly and efficient running of the business and the accuracy and completeness of records and financial statements.

(6)

(b) Audit objectives, tests of control and substantive procedures

Objectives Tests of control and substantive procedures

Existence: of assets and Testing controls over the security of cash to ensure that liabilities such as cash on they are operating effectively throughout the relevant hand and in the bank, and period.

of the liability to pay staff

and the associated tax and Performing cash counts, with reconciliations to the social insurance liabilities. records and observing cash payments to staff, ensuring

that appropriate signatures are obtained and that unclaimed cash is promptly re-banked, for example.

Making checks on the physical existence of staff to ensure that the related expenses and liabilities are genuine.

Checking after date payments to staff and for tax and social insurance contributions.

Occurrence: payroll Performing cut-off tests to ensure that payroll costs transactions occurred incurred during the period have been recorded during the during the relevant period by examining entries in the payroll records just accounting period. before and just after the period-end and checking back to

source documentation, such as timesheets or clock cards.

Completeness: there are Performing starters and leavers tests to ensure that staff no unrecorded assets or are not paid before they join the company and are not liabilities (such as those paid after they leave – this involves checking the payroll noted under ‘existence’, for two separate periods and examining entries relating above) or transactions to starters and leavers in the intervening period. (such as payroll payments)

or undisclosed items (such Manually checking the accuracy of payroll calculations as unrecorded payroll to ensure that correct payments and deductions are being liabilities). made in accordance with approved pay rates and

approved deduction rates for tax and social insurance.

Reviewing evidence of authorisation controls to ensure that the payroll has already been checked.

Measurement: transactions As for completeness, above, and checking to ensure that such as payroll payments the payroll has been properly authorised and reviewed. are recorded at the correct

amounts and are recorded Checking entries relating to hours or time worked in the in the correct period. payroll to source documentation.

Presentation and Reviewing the financial statements with the aid of a disclosure: an item is disclosure checklist to ensure that disclosure disclosed and described in requirements have been met.

accordance with

accounting standards and Reviewing the overall presentation of payroll transactions

(7)

3 (a) External auditor responsibilities – going concern ISA 570Going Concern deals with this issue.

(i) Auditors are required to consider the going concern status of companies and any disclosures regarding going concern in forming their audit opinion. Companies that are listed on stock exchanges may be required to make additional disclosures in relation to going concern issues.

(ii) Auditors are required to assess the adequacy of the means (the processes) by which directors have satisfied themselves that the going concern basis is appropriate and that adequate disclosures have been made. Auditors conduct an initial analysis at the planning stage of the audit as well as assessments at later stages.

(iii) Auditors should make enquiries of the directors and examine appropriate documentation supporting the company’s going concern status such as budgets and cash flow forecasts.

(iv) Auditors consider whether the period to which directors have paid particular attention is adequate. This should normally be at least 12 months from the balance sheet date. Auditors also enquire of management as to their knowledge of events or conditions beyond this period that may cast significant doubt on the entity’s ability to continue as a going concern.

(v) Auditors need to consider the appropriateness of assumptions which directors have made, the sensitivity of assumptions to external and internal changes, any obligations, guarantees or undertakings arranged with other entities, the existence and adequacy of borrowing facilities and the directors’ plans to deal with any going concern problems.

(vi) Auditors are required to document the extent of any concerns, taking account of matters that have come to their attention during the course of the audit and in particular, financial, operational, or other indicators of going concern problems that are present.

(vii) Indicators of going concern issues would include trading losses, impairment of assets, net liabilities, defaults on loans, liquidity problems, an inability to refinance loans where necessary, fundamental changes in the markets or technology having an adverse effect on the company, loss of management, staff, customers or suppliers, or major litigation, for example.

(viii) Auditors should consider the need to obtain written management representations.

(ix) Auditors should consider the adequacy of any disclosures in the financial statements.

(b) Possible audit reports and circumstances

(i) Where the auditors consider that there is a significant level of concern about the entity’s ability to continue as a going concern (but do not disagree with the going concern basis), and where adequate disclosures of the situation are made, they modify (but do not qualify) their opinion by including an ‘emphasis of matter’ paragraph highlighting the existence of a material uncertainty as to the going concern status of the entity and drawing attention to the relevant note in the financial statements. Where adequate disclosures are not made, a qualified or adverse opinion will be issued.

(ii) Where the period to which directors have paid particular attention is less than 12 months from the balance sheet date, the auditors should consider the need to modify the audit report as a result of a limitation in the scope of the audit.

(iii) Where the auditors disagree with the preparation of the financial statements on the going concern basis, they should issue an adverse opinion. This is very rare because auditors rarely have sufficient evidence to be sure.

(iv) If the auditors are unable to form an opinion on the going concern status of a company because of a limitation in the scope of the audit, they will issue an ‘except for’ opinion, or ‘disclaimer of’ opinion – but this is unusual.

(c) Report issued to Corsco

(i) In the case of Corsco, there are some indicators of going concern problems. However, the company may still be a going concern and the fact that the company has been approached by take-over bidders does not necessarily mean that there is a going concern problem (possibly quite the opposite).

(ii) The audit opinion issued on Corsco in the current year is not likely to make reference to the going concern status of the company, as in previous years. The situation has not deteriorated significantly in the current year and it will be difficult for auditors to justify any change in their opinion from previous years.

(d) Difficulties associated with reporting on going concern

(i) If the auditors of Corsco were to report on a going concern problem, the mere act of reporting might of itself create a going concern problem (a ‘self-fulfilling prophecy’). This is particularly the case with large ‘blue-chip’ companies where the issue of an audit report that is modified in any way is unusual and might well cause the company’s share price to drop, thus precipitating a going concern problem.

(ii) This means that it is very difficult for companies such as Corsco and their auditors to send out any clear signal to the markets without running the risk of creating a panic.

(8)

(iv) Auditors are failing in their professional duties if they do not report on going concern problems of which they are aware; however, situations involving large companies are rarely clear cut and auditors who propose to make any changes at all to the audit report are likely to encounter fierce resistance from management who may genuinely believe that to make such a report would be wrong.

(v) In the company’s annual financial statements, it is not the place of the auditor of Corsco to substitute his judgement for that of directors. However, where large companies involved in complex financing arrangements are concerned, auditors may have to fight hard against vested and powerful interests if they disagree with the directors’ judgements and decide to make reference to the matter in the auditor’s report. An auditor making reference to going concern issues in an audit report in such circumstances may lose the audit (and any other work) and may run a significant risk of litigation.

4 (a) (i) Objectives and how they are met: overall review of financial statements

1. The objective of a review of financial statements is to provide the auditor with sufficient audit evidence, when taken together with the conclusions drawn from the other audit work, to form an opinion on the financial statements. This includes determining whether the information in the financial statements is properly presented and disclosed in accordance with accounting standards, legislation and other regulatory requirements. Calva is a listed company and will therefore have to comply with stock exchange disclosure requirements. The usual means of achieving this is by the completion of a disclosure checklist.

2. Auditors should consider the appropriateness of accounting policies in particular and whether they have been consistently applied, particularly where changes have been made. There is no indication that any such changes have been made.

3. Auditors should also consider whether the financial statements as a whole are consistent with the auditor’s knowledge of the business. This involves consideration of the aggregate effect of uncorrected misstatements, any overall bias in presentation and will normally involve analytical procedures on the final financial statements. This exercise involves the application of professional judgement and, in the case of Calva, it is likely to be carried out by the senior manager and/or the audit engagement partner with the assistance of the audit manager.

(ii) Objectives and how they are met: review of working papers

1. The objective of a review of working papers is to ensure that all work has been properly planned, executed and recorded and that all outstanding matters have been followed up.

2. In the case of Calva, it is likely that some work will have already been reviewed. It is common for audit seniors and audit managers to review the work of audit juniors, and for senior managers and partners to review the work of managers and seniors. There will also be a final partner review of the file.

3. Where working papers are prepared manually, staff normally evidence review of working papers by initialling the working paper. Review comments are often written in red and referred to the person preparing the working paper or to the partner where significant matters of judgement are concerned. Where papers are prepared electronically, electronic ‘signatures’ can be used.

4. It is important that a detailed review of working papers takes place in areas that are critical to the audit. In this case, critical areas are likely to include inventory (despite the fact that it is well-controlled, it is still a material item), cash and non-current assets.

5. It is also important during the final stages of the audit of Calva that all outstanding areas (i.e. the substantive areas) are completed, reviewed and any issues arising followed up. It is very easy for apparently insignificant matters to ‘slip through the net’ at this stage where both auditors and client are under pressure.

(b) (i) Responsibilities

ISA 560 Subsequent Eventsdeals with this issue.

1. Auditors should perform procedures designed to obtain sufficient appropriate audit evidence that all material subsequent events up to the date of the audit report which require adjustment or disclosure in the financial statements have been properly made.

2. If matters requiring adjustment or disclosure are discovered after the date of the audit report but before the financial statements are issued, or even after they have been presented, auditors should ascertain whether and how any necessary changes are to be made to the financial statements.

3. The decision as to whether financial statements should be changed is that of the directors. Auditors cannot ‘change their minds’ once the audit report has been signed but if new financial statements are issued they can issue a new audit report which should make reference to the previous financial statements and audit report.

4. If auditors consider that the financial statements contain material errors or are misleading, they may exercise any right to speak at general meetings and to make written representations to members.

(9)

(ii) Subsequent events review procedures

1. These include making enquiries of management as to how they have ensured that subsequent events have been identified, although it is likely that in this case the company will rely on the audit firm to help them with this.

2. Auditors will read the minutes of management, shareholders and other meetings and review relevant accounting records. In this case, they are likely to review any budgets or cash flow forecasts. It is likely that these will have been prepared as a result of the negotiations with the bank.

3. In the case of Calva, the auditors are likely to enquire as to the possibility of any new share or loan issue to fund the expansion which may require disclosure. They may also enquire as to any significant changes in the property market that might (if the supermarket properties are carried at valuation) require either disclosure or adjustment in the accounts.

4. Auditors will also consider the need for disclosure of significant leasing transactions occurring early in the following year.

5 (a) Risks and implications for audit risk Inherent and control risks

(i) Charities can be viewed as inherently risky because they are often managed by non-professionals and are susceptible to fraud, although many charities and the volunteers that run them are people of the highest integrity who take a great deal of care over their work. The assessment of this aspect of inherent risk depends on each individual charity and the areas in which it operates.

(ii) Charities are also at risk of being in violation of their constitutions which is important where funds are raised from public or private donors who may well object strongly if funds are not applied in the manner expected. Other charities and regulatory bodies supervising charities may also object. Again, the auditors will assess the level of risk. The involvement of a recently retired Chartered Certified Accountant in the preparation of accounts in the past may lower the auditor’s assessed inherent risk to an extent.

(iii) Most small charities have a high level of control risk because formal internal controls are expensive and are not often in place. This means that donations are susceptible to misappropriation. Charities rely on the trustworthiness of volunteers. The auditors will assess the level of risk.

Detection risk

(iv) Detection risk comprises sampling risk and non-sampling risk. It is possible in this case that all transactions will be tested and therefore sampling risk (the risk that samples are unrepresentative of the populations from which they are drawn) is not present.

(v) Non-sampling risk is the risk that auditors will draw incorrect conclusions because, for example, mistakes are made, or errors of judgement are made in interpreting results, or because the auditors are unfamiliar with the client, as is the case here.

Audit risk

(vi) Audit risk is the product of inherent risk, control risk and detection risk and is the risk that the auditors will issue an inappropriate audit opinion. This risk can be managed by decreasing detection risk by altering the nature, timing and extent of audit procedures applied. Where inherent risk is high and controls are weak (as may be the case here) more audit work will be performed in appropriate areas in order to reduce audit risk to an acceptable level.

(b) Audit tests – fund raising events

(i) Attend fund raising events and observe the procedures employed in collecting, counting, banking and recording the cash. This will help provide audit evidence that funds have not been misappropriated and that all income from such events has been recorded. Sealed boxes or tins that are opened in the presence of two volunteers are often used for these purposes.

(ii) Perform cash counts at the events to provide evidence that cash has been counted correctly and that there is no collusion between volunteers to misappropriate funds.

(iii) Examine bank paying in slips, bank statements and bank reconciliations and ensure that these agree with records made at events. This also provides evidence as to the completeness of income.

(iv) Examine the records of expenditure for fund raising events (hire of equipment, entertainers, purchase of refreshments. etc.) and ensure that these have been properly authorised (where appropriate) and that receipts have been obtained for all expenditure. This provides evidence as to the completeness and accuracy of expenditure.

(v) Review the income and expenditure of fund raising events against any budgets that have been prepared and investigate any significant discrepancies.

(vi) Ensure that all necessary licences (such as public entertainment licences) have been obtained by the trustees for such events in order to ensure that no action is likely to be taken against the charity or volunteers.

(10)

6 (a) Disclosure of information relating to clients to third parties

(i) Auditors are permitted or required to disclose information about their clients to third parties without their knowledge or consent in very limited circumstances.

(ii) Generally, auditors can be required to, or are permitted to, disclose information to certain regulatory bodies, including certain specialist units within police forces under legislation. Such legislation in many countries includes financial services legislation, legislation concerning banks and insurance companies, legislation concerning money laundering and legislation concerning the investigation of serious fraud or tax evasion.

(iii) Auditors are also permitted or required to disclose information where they are personally involved in litigation, including litigation that involves the recovery of fees from clients, or where they are subject to disciplinary proceedings brought by ACCA or similar professional bodies.

(iv) Auditors are also permitted to disclose information where they consider it to be in the ‘public interest’ or in the interests of national security. Factors to take into account include the seriousness of the matter, the likelihood of repetition and the extent to which the public is involved. This right is rarely used in practice.

(b) Response to requests

(i) It is not unusual in practice for various bodies to request information from auditors ‘informally’ because it relieves them of the obligation to obtain the necessary statutory authorities which may be time consuming or difficult.

(ii) Auditors must not disclose information without the consent of the client or unless the necessary statutory documentation is provided by the person(s) requesting the information.

(iii) Unless the auditor has reason to believe that there is a statutory duty notto inform the client that an approach has been made, the client should first be approached to see if consent can be obtained, and to see if the client is aware of the investigations, as should normally be the case. The auditor should ensure that the client is aware of the fact that voluntary disclosure may work in the client’s favour in the long run, but if the client refuses, the auditor should inform the client if the auditor has a statutory duty of disclosure.

(iv) Auditors should consider taking legal advice in all of the cases described.

(v) Where auditors are made aware of potential actions against the client that may have an effect on the financial statements, they must consider the effect on the audit report. If the client is aware of the investigation, auditors will be able to seek audit evidence to support any necessary provisions or disclosures in the financial statements.

(vi) The auditors should consider whether the suspected fraud relating to the managing director relates to the company and affects the financial statements.

(vii) Auditors will be in a very difficult situation if they become aware of an action that may materially affect the financial statements, but where the client is not, and where auditors are under a statutory duty not to inform the client. This situation will not be improved by the resignation of auditors as they may be obliged to make a statement on resignation. This puts auditors in a very difficult position and legal advice is essential in such circumstances.

(viii) Tax authorities normally have powers to ask clients to disclose information voluntarily. Such voluntary disclosure is often looked on favourably by the tax authorities and the courts. Tax authorities normally also have statutory powers to demand information from both clients and auditors. The same is generally true of environmental and health and safety inspectors.

(11)

Part 2 Examination – Paper 2.6(INT)

Audit and Internal Review (International Stream) December 2003 Marking Scheme

Marks

1 (i) Human Resources

Up to 1 mark per point to a maximum of 8

(maximum 3 marks for risk, controls and tests, respectively)

(ii) Procurement

(maximum 2·5 marks for risk, controls and tests, respectively)

(iii) Marketing

(maximum 2·5 marks for risk, controls and tests, respectively)

––––

Total 20

––––

2 (a) (i) Internal control objectives

(ii) Internal control environment and control procedures

(maximum 3 marks for environment and procedures respectively)

(b) (i) Audit objectives

(ii) Tests of control and substantive procedures

––––

Total 20

––––

3 (a) External auditor responsibilities – going concern

(b) Possible audit reports and circumstances

Up to 1·5 marks per point to a maximum of 5

(c) Report issued to Corsco

Up to 2 marks per point to a maximum of 4

(d) Difficulties associated with reporting on going concern

Up to 1·5 marks per point to a maximum of 6

––––

Total 20

––––

4 (a) (i) Objectives and how they are met: overall review of financial statements

(ii) Objectives and how they are met: review of working papers

(b) (i) Responsibilities

(ii) Subsequent events review procedures

––––

Total 20

(12)

Marks

5 (a) Risks and implications for audit risk

(b) Audit tests – fund raising events

––––

Total 20

––––

6 (a) Disclosure of information relating to clients to third parties

(b) Response to requests

––––