Solution Assurance and Audit Practice May 2008

7/28/2019 Solution Assurance and Audit Practice May 2008

1/7

SOLUTION: ASSURANCE & AUDIT PRACTICE MAY 2008

QUESTION 1

(a) Repairs Provision

Unless management can prove that there is a similar programme of repairs year on year the

level of provision would appear not to meet the criteria under IAS 37.

Redundancy ProvisionManagement should prove that they were committed to the redundancy at year end and staff

are satisfied with the arrangement making up the GH200,000 after having received formal

communication that they were going to be made redundant.

Bonus Provision

Inquire from management why the bonus was significantly higher than firm policy in the

current year and vouch payment of bonus to supporting documentation.

Stock of Customer in Liquidation- Verify whether any of this stock was sold post year end and paid for- Confirm whether any of this stock will be recovered from customer

- Review correspondence with liquidator.

(b) Uncorrected Misstatements year ended Dec 2007

Profit and Loss Balance Sheet

Dr Cr Dr Cr GH GH GH GH

1.

2.

3.

4.

Repairs Provision

Provisions

Operating Expenses(Being provision not

related to 2007)

RedundancyProvision

Operating Expenses

(Being provision notrelated to 2007)

Bonus Provision

Provision

Operating Expenses(Being understatement of

2007 bonus provision)

StockStock

Cost of sales

(Being overstatement ofstock due to liquidated customer)

50,000

40,000

_____

90,000

20,500

200,000

______

220,500

20,500

200,000

______

220,500

50,000

40,000

_____

90,000

1


2/7

(c) Auditors should seek to obtain a written representation from those charged with governance

that explains the reasons for not correcting misstatements brought to their attention by theauditor.

The uncorrected misstatement should be included or attached with the letter of

representation.

QUESTION 2

(a)

(i) Minimum password length Best practice would indicate that this should be a minimum of

6 characters.

(ii) Maximum force change periods Best practice would suggest that the maximum age of

password before force expiry should be to the region of 30 to 45 days.

(iii) Password history The password history will retain a list of the users previous usedpasswords to ensure that the practice of reuse or rotation of passwords is not adopted.

(iv) Lockout settings Should be reviewed ideally these should be set to lock out an accessattempt after 3 unsuccessful login attempts with the lockout duration being forever until

administrator intervention.

(v) The settings that restrict the access times of staff to systems should be reviewed to ensure

that they are set to restrict access where operationally possible.

(vi) Ensuring the desktop has a time out enabled that will automatically invoke a passwordprotected screen saver where the keyboard has not been used for n minutes.

(vii) Provide access rights to individual users that will restrict their actions in an applicationsystem and provide an expected level of segregation of duties.

(viii) Grant access permissions on folders and files within working groups on a shared/networkdrive.

(b) - The organization should consider controls in place to authenticate customers

- The organization should access the security/confidentiality of orders

- The organization should consider what controls are in place to keep the website secure egfirewall, security architecture and intrusion detection system, keep all system software

versions up to date, consider also vulnerability testing.

(c) The supplementation of the new computer system may allow the auditor to apply ComputerAssisted Auditing Techniques (CAAT) to increase the efficiency and effectiveness of the

audit and also to reduce the amount of substantive audit testing.

2


3/7

QUESTION 3

(a) Four audit related issues that the auditor should be aware of are:

(i) Illegal acts

(ii) Audit Risk

(iii) Clean up cost (if any)

(iv) Potential for material contingent liability

i. Illegal Acts

The auditor is not responsible for the decision or procedures to detect illegal acts;however the auditor should make enquiries of Lat Oil Rig Ltd management about

policies they have implemented to prevent ground water contamination where there

is a possibility of its occurrence, to ensure compliance with environmental laws,

regulation and estimate clean up costs.

Given the considerable attention drawn to environmental disasters including oilspills, the auditor should inquire of management whether the company has a high

risk of exposure to environmental liabilities.

Consideration of laws and regulations and an audit of financial statements of legal

and regulatory framework in which the company operates, especially laws and

regulations that relate directly to the determination of material amounts and

disclosures in the financial statements such as licensing laws should be consideredby the auditor.

ii. Audit Risk The auditor should consider assessing inherent risk of environmental issues at the

maximum level when planning implication of costs and cash flows and going

concern status creation of uncertainties about assets and liabilities.

iii. Clean up Costs (if any)

In view of the nature of the companys operations the company may be affected by

environmental issues.

Provisions for clean up cost and associated liabilities should be made in the financial

statement.

iv. Potential for Material Contingent Liabilities

The auditor should be aware of potential contingent liabilities because a constructiveobligation might amount to a public commitment to environmental expenditure by

the company which though may not be legally binding, the company would have to

honour because of adverse publicity if it fails to do so. Where no liability can be

recognized the disclosure of contingent liabilities would still be required andextended notes on these matters should appear in the financial statement when

planning audit risk.

3


4/7

(b) Engagement AcceptanceWhen considering acceptance of engagement the quality control procedures the firm should

undertake are as follows:

(i) Assess whether the firm has adequate partners and staff with the necessary

experience and training to render service to the company.

(ii) Assess whether the statutory laws and regulatory framework under which the

company operates are understood by partners and staff.

(iii) Assess whether availability of partners and staff is satisfactory at the time when the

audit of the company is expected to take place.

(iv) Assess whether training arrangements are in place to maintain staff knowledge andexperience of the sector in which the client company operates.

(v) Assess whether there may be any conflict of interest with other clients or other

independence and objectivity issues.

(vi) Assess the adequacy of the firms professional indemnity cover.

Planning:

(i) Ensure staff and partners assigned to the audit have adequate experience, trainingand skills.

(ii) Ensure sufficient resources are allocated to the audit assignment to allow for the set-

up phase for a new client systems work documentation, risk assessment among

others.

(iii) Ensure audit is properly focused.

(iv) Ensure staff are properly briefed.

(v) Ensure arrangement for consultations are in place.

(vi) Ensure planning is properly documented

Supervision:

(i) An audit senior should be scheduled to carry out on-site reviews of junior staffs

work.

(ii) Adequate arrangement for on-site visit by manager probably more frequent in the

first year audit.

(iii) Partner involvement should be more intensive in the first year audit.

(iv) Supervision should ensure whether the visit decisions have been made at theplanning stage.

(v) It should also ensure whether any unforeseen risk has arisen.

Review:

(i) Manager and partner should review in the normal way however reviewers should be

independent of the engagement team.

4


5/7

(ii) Design and ensure review to identify deficiencies within the firms practices and

procedures.

(iii) Ensure review to identify any problems not recognized and consider them along withother issues raised.

(iv) Consider whether further work is required and urge the firm to take decision about

opinion and the report on the engagement.

(v) Staff appraisal and de-briefing to reward quality work and constructively criticize

poor work

The last-resort to apply is to advise at least one or all clients to seek additional

advice.

QUESTION 4

(a) - There is nothing improper in a firm having two or more clients whose interest may be in

conflict.

- However the work of the firm should be so managed as to avoid the interests of one

client adversely affecting those of others.

- Where acceptance or continuance of an engagement would materially prejudice the

interest of any client the appointment should not be accepted or continued or one

appointment should be discontinued.

Reasonable steps that should be taken to minimize conflict of interest.

(i) Use of different partners and teams of staff for different engagements.

(ii) Standing instructions and all other steps necessary to prevent the leakage of

confidential information between different teams and sessions within the firm.

(iii) Regular review of the situation by a senior partner or compliance officer notpersonally involved in either client.

(b) Areas of risk to integrity, objectivity and independence may arise from

(i) Personal relationship between the auditor and the client.

(ii) Financial business relationship between the auditor and the client.(iii) Undue economic dependence on an audit client.

(iv) Acceptance by the auditing of goods and services or hospitality from the client.

(v) Provision of non-audit.

(vi) Over due fees

(vii) Litigation between the auditor and the client

5


6/7

(c) To consider the applicability of going concern assumption by management of the company

in the financial statement.

The auditor has a responsibility to

(i) Consider whether there are any material uncertainties that provide early

identification that the company may be unable to continue in business as a goingconcern that should be disclosed.

(ii) The auditor would have considered the same period as that used by management for

the assessment of the going concern at least procedures should be considered to the

date of audit report one year from the date of the financial statements.

(iii) Where symptoms or events have been identified which cast significant doubt on thecompanys ability to continue as a going concern the auditor should

(a) review management plans for future actions

(b) seek written representation from management regarding plans for the future

action when the auditor considers that there is a significant level of concern

as to appropriateness of the going concern but does not disagree with thepreparation of the financial statements on the going concern basis, the

auditors should issue unqualified opinion provided that disclosures in the

financial statements are adequate to give a true and fair view.

The auditor should include an emphasis of the matter in paragraph.

(iv) If the disclosures are inadequate the audit would issue a qualified or adverse opinion

based on the information that the auditor has received or the auditor is aware of.

(v) Where the auditor disagrees with the basis of the preparation of the financial

statements the auditor will issue an adverse opinion on the basis that the financialstatements are misleading.

QUESTION 5

(a) The following information should be disclosed in respect of a loan to a director.

(i) The existence of the loan

(ii) The name of the person to whom it was made and if the person is a connected person

(iii) The terms of the loan

(iv) The amount of the liability in respect of principal and interest at the beginning and

end of the period

(v) The maximum amount of the liability during the period

(vi) The amount of any unpaid interest at the year end.

(b) In order to gain a general understanding of the laws and regulations applicable to the client I

would

(i) Enquire of management as to the laws and regulations that are applicable to thebusiness

6


7/7

(ii) Enquire of management concerning the clients policies and procedures regarding

compliance with laws and regulations.

(iii) Discuss with management the policies or procedures adopted for identifying,evaluating and accounting for litigation, claims and assessment

(iv) Use my existing knowledge of the clients industry and business and of its

regulatory environment

(v) Discuss the legal and regulatory framework with auditors of the subsidiaries.

(c) The following are some of the risks that should be considered when transferring and

processing accounting information to and from clients.

(i) Lack of confidentiality that it may be viewed by IT department, network provider

(ii) Lack of an audit trail unless information is stored or printed and filed.

(iii) Application failure whereby information does not reach its intended target

(iv) An e-mail could be intercepted by others and it is not a secure method of transferring

information.

(v) Risk of relying on third party network providers.

(d) The following should be included in the written instruction from an entity to an expert.

(i) The objectives and scope of the expert work

(ii) A general outline as to the specific matters the experts report is to cover

(iii) The intended use of the expert work

(iv) The extent of the experts access to appropriate records and files.

(v) Information regarding the assumptions and methods intended to be used by theexpert and their consistency with those used in prior periods.

7

Documents

Solution Assurance and Audit Practice May 2008