Upload
samuel-dwumfour
View
217
Download
0
Embed Size (px)
Citation preview
7/28/2019 Solution Assurance and Audit Practice May 2008
1/7
SOLUTION: ASSURANCE & AUDIT PRACTICE MAY 2008
QUESTION 1
(a) Repairs Provision
Unless management can prove that there is a similar programme of repairs year on year the
level of provision would appear not to meet the criteria under IAS 37.
Redundancy ProvisionManagement should prove that they were committed to the redundancy at year end and staff
are satisfied with the arrangement making up the GH200,000 after having received formal
communication that they were going to be made redundant.
Bonus Provision
Inquire from management why the bonus was significantly higher than firm policy in the
current year and vouch payment of bonus to supporting documentation.
Stock of Customer in Liquidation- Verify whether any of this stock was sold post year end and paid for- Confirm whether any of this stock will be recovered from customer
- Review correspondence with liquidator.
(b) Uncorrected Misstatements year ended Dec 2007
Profit and Loss Balance Sheet
Dr Cr Dr Cr GH GH GH GH
1.
2.
3.
4.
Repairs Provision
Provisions
Operating Expenses(Being provision not
related to 2007)
RedundancyProvision
Operating Expenses
(Being provision notrelated to 2007)
Bonus Provision
Provision
Operating Expenses(Being understatement of
2007 bonus provision)
StockStock
Cost of sales
(Being overstatement ofstock due to liquidated customer)
50,000
40,000
_____
90,000
20,500
200,000
______
220,500
20,500
200,000
______
220,500
50,000
40,000
_____
90,000
1
7/28/2019 Solution Assurance and Audit Practice May 2008
2/7
(c) Auditors should seek to obtain a written representation from those charged with governance
that explains the reasons for not correcting misstatements brought to their attention by theauditor.
The uncorrected misstatement should be included or attached with the letter of
representation.
QUESTION 2
(a)
(i) Minimum password length Best practice would indicate that this should be a minimum of
6 characters.
(ii) Maximum force change periods Best practice would suggest that the maximum age of
password before force expiry should be to the region of 30 to 45 days.
(iii) Password history The password history will retain a list of the users previous usedpasswords to ensure that the practice of reuse or rotation of passwords is not adopted.
(iv) Lockout settings Should be reviewed ideally these should be set to lock out an accessattempt after 3 unsuccessful login attempts with the lockout duration being forever until
administrator intervention.
(v) The settings that restrict the access times of staff to systems should be reviewed to ensure
that they are set to restrict access where operationally possible.
(vi) Ensuring the desktop has a time out enabled that will automatically invoke a passwordprotected screen saver where the keyboard has not been used for n minutes.
(vii) Provide access rights to individual users that will restrict their actions in an applicationsystem and provide an expected level of segregation of duties.
(viii) Grant access permissions on folders and files within working groups on a shared/networkdrive.
(b) - The organization should consider controls in place to authenticate customers
- The organization should access the security/confidentiality of orders
- The organization should consider what controls are in place to keep the website secure egfirewall, security architecture and intrusion detection system, keep all system software
versions up to date, consider also vulnerability testing.
(c) The supplementation of the new computer system may allow the auditor to apply ComputerAssisted Auditing Techniques (CAAT) to increase the efficiency and effectiveness of the
audit and also to reduce the amount of substantive audit testing.
2
7/28/2019 Solution Assurance and Audit Practice May 2008
3/7
QUESTION 3
(a) Four audit related issues that the auditor should be aware of are:
(i) Illegal acts
(ii) Audit Risk
(iii) Clean up cost (if any)
(iv) Potential for material contingent liability
i. Illegal Acts
The auditor is not responsible for the decision or procedures to detect illegal acts;however the auditor should make enquiries of Lat Oil Rig Ltd management about
policies they have implemented to prevent ground water contamination where there
is a possibility of its occurrence, to ensure compliance with environmental laws,
regulation and estimate clean up costs.
Given the considerable attention drawn to environmental disasters including oilspills, the auditor should inquire of management whether the company has a high
risk of exposure to environmental liabilities.
Consideration of laws and regulations and an audit of financial statements of legal
and regulatory framework in which the company operates, especially laws and
regulations that relate directly to the determination of material amounts and
disclosures in the financial statements such as licensing laws should be consideredby the auditor.
ii. Audit Risk The auditor should consider assessing inherent risk of environmental issues at the
maximum level when planning implication of costs and cash flows and going
concern status creation of uncertainties about assets and liabilities.
iii. Clean up Costs (if any)
In view of the nature of the companys operations the company may be affected by
environmental issues.
Provisions for clean up cost and associated liabilities should be made in the financial
statement.
iv. Potential for Material Contingent Liabilities
The auditor should be aware of potential contingent liabilities because a constructiveobligation might amount to a public commitment to environmental expenditure by
the company which though may not be legally binding, the company would have to
honour because of adverse publicity if it fails to do so. Where no liability can be
recognized the disclosure of contingent liabilities would still be required andextended notes on these matters should appear in the financial statement when
planning audit risk.
3
7/28/2019 Solution Assurance and Audit Practice May 2008
4/7
(b) Engagement AcceptanceWhen considering acceptance of engagement the quality control procedures the firm should
undertake are as follows:
(i) Assess whether the firm has adequate partners and staff with the necessary
experience and training to render service to the company.
(ii) Assess whether the statutory laws and regulatory framework under which the
company operates are understood by partners and staff.
(iii) Assess whether availability of partners and staff is satisfactory at the time when the
audit of the company is expected to take place.
(iv) Assess whether training arrangements are in place to maintain staff knowledge andexperience of the sector in which the client company operates.
(v) Assess whether there may be any conflict of interest with other clients or other
independence and objectivity issues.
(vi) Assess the adequacy of the firms professional indemnity cover.
Planning:
(i) Ensure staff and partners assigned to the audit have adequate experience, trainingand skills.
(ii) Ensure sufficient resources are allocated to the audit assignment to allow for the set-
up phase for a new client systems work documentation, risk assessment among
others.
(iii) Ensure audit is properly focused.
(iv) Ensure staff are properly briefed.
(v) Ensure arrangement for consultations are in place.
(vi) Ensure planning is properly documented
Supervision:
(i) An audit senior should be scheduled to carry out on-site reviews of junior staffs
work.
(ii) Adequate arrangement for on-site visit by manager probably more frequent in the
first year audit.
(iii) Partner involvement should be more intensive in the first year audit.
(iv) Supervision should ensure whether the visit decisions have been made at theplanning stage.
(v) It should also ensure whether any unforeseen risk has arisen.
Review:
(i) Manager and partner should review in the normal way however reviewers should be
independent of the engagement team.
4
7/28/2019 Solution Assurance and Audit Practice May 2008
5/7
(ii) Design and ensure review to identify deficiencies within the firms practices and
procedures.
(iii) Ensure review to identify any problems not recognized and consider them along withother issues raised.
(iv) Consider whether further work is required and urge the firm to take decision about
opinion and the report on the engagement.
(v) Staff appraisal and de-briefing to reward quality work and constructively criticize
poor work
The last-resort to apply is to advise at least one or all clients to seek additional
advice.
QUESTION 4
(a) - There is nothing improper in a firm having two or more clients whose interest may be in
conflict.
- However the work of the firm should be so managed as to avoid the interests of one
client adversely affecting those of others.
- Where acceptance or continuance of an engagement would materially prejudice the
interest of any client the appointment should not be accepted or continued or one
appointment should be discontinued.
Reasonable steps that should be taken to minimize conflict of interest.
(i) Use of different partners and teams of staff for different engagements.
(ii) Standing instructions and all other steps necessary to prevent the leakage of
confidential information between different teams and sessions within the firm.
(iii) Regular review of the situation by a senior partner or compliance officer notpersonally involved in either client.
(b) Areas of risk to integrity, objectivity and independence may arise from
(i) Personal relationship between the auditor and the client.
(ii) Financial business relationship between the auditor and the client.(iii) Undue economic dependence on an audit client.
(iv) Acceptance by the auditing of goods and services or hospitality from the client.
(v) Provision of non-audit.
(vi) Over due fees
(vii) Litigation between the auditor and the client
5
7/28/2019 Solution Assurance and Audit Practice May 2008
6/7
(c) To consider the applicability of going concern assumption by management of the company
in the financial statement.
The auditor has a responsibility to
(i) Consider whether there are any material uncertainties that provide early
identification that the company may be unable to continue in business as a goingconcern that should be disclosed.
(ii) The auditor would have considered the same period as that used by management for
the assessment of the going concern at least procedures should be considered to the
date of audit report one year from the date of the financial statements.
(iii) Where symptoms or events have been identified which cast significant doubt on thecompanys ability to continue as a going concern the auditor should
(a) review management plans for future actions
(b) seek written representation from management regarding plans for the future
action when the auditor considers that there is a significant level of concern
as to appropriateness of the going concern but does not disagree with thepreparation of the financial statements on the going concern basis, the
auditors should issue unqualified opinion provided that disclosures in the
financial statements are adequate to give a true and fair view.
The auditor should include an emphasis of the matter in paragraph.
(iv) If the disclosures are inadequate the audit would issue a qualified or adverse opinion
based on the information that the auditor has received or the auditor is aware of.
(v) Where the auditor disagrees with the basis of the preparation of the financial
statements the auditor will issue an adverse opinion on the basis that the financialstatements are misleading.
QUESTION 5
(a) The following information should be disclosed in respect of a loan to a director.
(i) The existence of the loan
(ii) The name of the person to whom it was made and if the person is a connected person
(iii) The terms of the loan
(iv) The amount of the liability in respect of principal and interest at the beginning and
end of the period
(v) The maximum amount of the liability during the period
(vi) The amount of any unpaid interest at the year end.
(b) In order to gain a general understanding of the laws and regulations applicable to the client I
would
(i) Enquire of management as to the laws and regulations that are applicable to thebusiness
6
7/28/2019 Solution Assurance and Audit Practice May 2008
7/7
(ii) Enquire of management concerning the clients policies and procedures regarding
compliance with laws and regulations.
(iii) Discuss with management the policies or procedures adopted for identifying,evaluating and accounting for litigation, claims and assessment
(iv) Use my existing knowledge of the clients industry and business and of its
regulatory environment
(v) Discuss the legal and regulatory framework with auditors of the subsidiaries.
(c) The following are some of the risks that should be considered when transferring and
processing accounting information to and from clients.
(i) Lack of confidentiality that it may be viewed by IT department, network provider
(ii) Lack of an audit trail unless information is stored or printed and filed.
(iii) Application failure whereby information does not reach its intended target
(iv) An e-mail could be intercepted by others and it is not a secure method of transferring
information.
(v) Risk of relying on third party network providers.
(d) The following should be included in the written instruction from an entity to an expert.
(i) The objectives and scope of the expert work
(ii) A general outline as to the specific matters the experts report is to cover
(iii) The intended use of the expert work
(iv) The extent of the experts access to appropriate records and files.
(v) Information regarding the assumptions and methods intended to be used by theexpert and their consistency with those used in prior periods.
7