FACULTY OF BUSINESS MANAGEMENT SCIENCES AND ECONOMICS

DEPARTMENT OF FINANCE AND ACCOUNTING

STUDY NOTES (October, 2020)

Auditing and Assurance 1

AC404

1. Introduction - Auditing & Assurance I

2. Statutory Audits and Regulation
3. Corporate Governance
4. Professional Ethics
5. Internal Audit
6. Audit Planning and Risk Assessment
7. Internal control
8. Computer audit

Topic 6 of 8

1
Contents
Importance of planning ........................................................................................................................... 3
1. Understanding the entity and its external and internal environment ................................................... 3
1.1 Entity and its environment ............................................................................................................ 3
1.1.1 Industry, regulatory and other external factors ...................................................................... 4
1.1.2 The nature of the entity .......................................................................................................... 4
1.1.3 The entity’s selection and application of accounting policies................................................ 4
1.1.4 The entity’s objectives and strategies and the related business risks .................................... 5
1.1.5 Measurement and review of the entity’s financial performance ............................................ 5
1.2 The entity’s internal control .......................................................................................................... 5
1.2.1 The control environment ........................................................................................................ 5
1.2.2 The entity’s risk assessment process ...................................................................................... 6
1.2.3. The Information System........................................................................................................ 6
1.2.4. Control activities ................................................................................................................... 7
1.2.5. Monitoring of controls .......................................................................................................... 7
2. Identification of risk ............................................................................................................................ 7
2.1The audit risk model ...................................................................................................................... 8
2.1.1 Audit risk ............................................................................................................................... 8
2.1.2 Inherent risk ........................................................................................................................... 8
2.1.3 Control risk ............................................................................................................................ 8
2.1.4 Detection risk ......................................................................................................................... 8
2.2 Relationships between audit risk, inherent risk, control and detection risk .................................. 9
2.3 Conditions and evens that may indicate risks of material misstatement ..................................... 10
3. Determining materiality .................................................................................................................... 11
3.1 Definition of materiality ............................................................................................................. 11
3.2 Relationship between materiality and audit risk ......................................................................... 11
4. The overall audit strategy.................................................................................................................. 11
4.1 Scope, timing and direction ........................................................................................................ 11
5. The audit plan ................................................................................................................................... 13
5.1 The link between audit plan and audit strategy ........................................................................... 13
5.2 Risks at financial statement level and risk at assertion level ...................................................... 13
5.3 Risk assessment procedures and related activities ...................................................................... 13
6. Planning “further” audit procedures based on the risk assessment .................................................. 14
6.1 Planning the Nature, Timing and Extent of audit procedures ..................................................... 14
6.1.1 Nature of audit procedures ................................................................................................... 14
6.1.2 Timing of audit procedures .................................................................................................. 14
6.1.3 Extent of audit procedures ................................................................................................... 15
7. Exam Practice Questions .................................................................................................................. 15

2
 AUDIT PLANNING
Planning
Understanding the Identification Determining Developing overall Developing the
entity and its and Materiality audit strategy audit plan
external and internal assessment
environment of Risks of
material
misstatement
Entity and its Internal Risk Quantitative Qualitative Scope Timing Direction Nature Timing Extent
environment control Assessment materiality materiality
Industry Control Defining Risk- Step 1 Characteristics reporting results of Which When will How much
of the deadlines, previous
regulations environment (audit risk company e.g. scheduled
tests will the tests of the tests
audits
model) ZSE listings, meetings be be will be done
Nature of the Risk Risks at Step 2 Corporate conducted conducted
governance
entity assessment financial
process statement
level
Selection of Information Risks at Step 3
accounting systems assertion
policies level
Objectives Control Significant Step 4
and strategies activities risks
Measurement Monitoring Business risk Step 5
and review of controls

Importance of planning
* To ensure that appropriate attention is devoted to important areas of the
audit,
* Potential problems are identified and resolved on a timely basis,
* Work can be properly assigned to audit team members, so that
• The audit is effectively and efficiently performed
• Audit deadlines are met
* Proper procedures for direction, supervision and review can be set up to
meet quality control standards.

1. Understanding the entity and its external and internal environment

1.1 Entity and its environment

 In terms of ISA 315 (Revised) the auditor must obtain an understanding of
• the entity and its environment
* Information to be gathered:
 Relevant industry, regulatory and other external factors
 The nature of the entity
 The entity’s selection and application of accounting policies
 The entity’s objectives and strategies and related business risk
 Measurement and review of the entity’s financial performance.

• The entity’s internal control

* Components of internal control
 The control environment
 The entity’s assessment process
 The information system including the related business processes
relevant to financial reporting

3
  Control activities relevant to the audit e.g. General controls and
application controls
 Monitoring controls.

1.1.1 Industry, regulatory and other external factors

Factor Matters to consider

Industry • Cyclical or seasonal
• Risk profile
• Energy supply and cost
Regulatory • Accounting principles and industry specific practices
• Legal and regulatory framework
• Government policy

1.1.2 The nature of the entity

Factor Matters to consider
The entity : products,  Nature of business, e.g. Retailer
markets,  Stages and methods of production
Suppliers and operations  Outsourcing activities
 Geographic location of all facilities, e.g. Head office,
factories
 Labour and employment
 Products and markets and revenue sources
 Inventory locations, quantities and types
 Franchises, licenses and patents
 Research and development
 Internet trading
 Related parties
The entity : ownership and  Structures
Governance  Black economic empowerment
 Management philosophy
 Board of directors
 Operating management
 Internal audit
The entity : investments  Acquisition, mergers etc (executed or planned)
and financing  Investments
Activities  Sources of finance
 Group structure e.g. Subsidiaries
 Debt structure
The entity: financial  The reporting environment
reporting  Specifically relevant accounting practices

1.1.3 The entity’s selection and application of accounting policies

 The auditor will need to consider whether the accounting policies selected by
the client are
• Appropriate for the business
• Consistent with the financial reporting standards relevant to the industry.

4
 If the policies adopted do not satisfy the above, the risk of material
misstatement is increased.

1.1.4 The entity’s objectives and strategies and the related business risks
 A business sets itself objectives and then puts in strategies to achieve these
objectives.
 “Business risk” is the term used to describe those conditions, events,
circumstances, actions or inactions which threaten the company’s
achievement of the objectives it has set and its ability to achieve those
objectives.
 There are a number of business risks, the key is to have experienced audit
team members who can identify them and evaluate whether they will give
rise to material misstatement.
 Examples of business risks:
• Financial risk
• Strategic risk
• Compliance risk
• Operational risk
• Reputational risk etc

1.1.5 Measurement and review of the entity’s financial performance

 The auditor should consider information used by management for measuring
and reviewing financial performance.
 Examples include:
• Key performance ratios and indicators, trends etc including financial and
non-financial information
• Period-on-period financial performance analysis
• Budgets, forecasts and variance analysis
• Employee performance measures and “bonus” policies.
 The auditor should obtain an understanding of the manner in which the
performance of the entity and its management is measured.
 Measuring performance creates pressure on individuals and failure to
perform can have serious consequences.
 This may give the directors the incentive to manipulate the financial
statements in order to achieve the desired levels of profits

1.2 The entity’s internal control

1.2.1 The control environment
 This concerns the attitude and awareness of the directors and managers to
internal control and its importance to the entity.
 A good control environment will be characterized by
• Communication and enforcement of integrity and ethical values
• A commitment by management to competent performance
• A management philosophy and operating style
• An organizational structure which provides a clear framework within.
5
 • Policies, procedures and an organizational structure which clearly define
authority, responsibility and reporting relationships.
• Sound human resource policies and practices.
 Gathering of evidence relating to the control environment can be achieved
by
∙ Observation of management and employees “in action”, including
how they interact,
∙ Inquiry of management and employees,

1.2.2 The entity’s risk assessment process

 This is the process which the company has in place for, inter alia;
* Identifying business risks relevant to financial reporting objectives
* Estimating the significance of each risk
* Assessing the likelihood of its occurrence
* Responding to the risk (taking action to address the risk)

1.2.3. The Information System

 The auditor is required to obtain an understanding of the information system
relevant to financial reporting and communication.
 The chart below provides a breakdown of matters which the auditor might
consider when obtaining information about a computerised information
system.

Factor Matters to consider

Computerised • Which applications are computerised,
applications • Computer environment
• The application software
Hardware • Makes and capacities of CPU’s, drives, printers,
servers, terminals
• Physical location
Software • Details of all software which is used for
managing the functions of the hardware and
data
Organization and control • General and application controls
• Communication and reporting lines
• IT personnel and their job descriptions
• Steering committee details
• Internal audit involvement in IT
Complexities of the • The presence of:
system  Networks (LANS, WANS)
 Electronic data interchange (EDI)
 Electronic funds transfer (EFT)
 Real time systems
 The Internet
6
  High levels of system integration
 Complex databases, communication
networks
The level of dependence • Degree of disruption which would occur if the
system was not functional for a lengthy period
• The dependence of a particular functional area
on timely, accurate computing

1.2.4. Control activities

 Control activities are the policies and procedures that are implemented to
ensure that management’s objectives are carried out.
 Not all control activities relate to financial reporting and the auditor will
concern himself only with those that relate to areas where material
misstatement is more likely to occur.
 Control activities essentially include such things as:
• Authorization of transactions
• Segregation of duties,
• Physical control over assets.
• Comparison and reconciliation
• Access controls,
• Custody controls over blank/unused documents
• Good document design
• Sound general and application controls in it systems
 Information about control activities will usually be gathered in the same way
as information about the information system as a whole is gathered, e.g.
∙ Inspection of control procedure manuals,
∙ Observation of controls in action,
∙ Inquiry of employees as to the procedures they carry out and the
∙ Completion of internal control questionnaires.

1.2.5. Monitoring of controls

 Management wish to know if controls are operating as intended and
monitoring assists in providing this information.
 Monitoring as a component of the internal control process looks at all of the
components of the process not only at the control activity component.

2. Identification of risk
• The auditor’s role is to provide reasonable assurance about the fair
presentation of the company’s financial statements.
• Users want to be satisfied that the audited financial statements on which they
are relying, are free of material misstatement and their reliance is an implied
acceptance that the auditor has performed his function properly.
• However, there is always the risk that the auditor will “get it wrong” and
give an incorrect opinion.

7
2.1The audit risk model
Audit risk = inherent risk x control risk x detection risk

2.1.1 Audit risk

• Audit risk as the risk that the auditor will express an inappropriate opinion
when the financial statements are materially misstated.
• It is the risk that the auditor will give an unmodified opinion when in fact a
qualified, adverse, or disclaimer of opinion should have been given.
• The auditor always aims to keep audit risk to the lowest level possible.
• Audit risk can never be completely eliminated (to 0%) due to the limitations
of an audit which include:
 The nature of financial reporting itself.
 The nature of audit procedures
 Time constraints
 Cost/benefit

2.1.2 Inherent risk

 Inherent risk is the susceptibility of an assertion about a class of transaction,
account balance or disclosure, to a misstatement that could be material,
either individually or when aggregated with other misstatements, before
consideration of any related controls.

2.1.3 Control risk

• The risk that a misstatement that could occur in an assertion about a class of
transaction, account balance or disclosure that could be material,
individually or when aggregated with other misstatements, will not be
prevented or detected and corrected on a timely basis, by the entity’s internal
controls.
• Control risk is a function of the effectiveness of the design and operation of
internal control in achieving its objectives.
• These limitations may be described as follows:
• Cost/benefit
• Non routine transactions may bypass controls, resulting in misstatement).
• The potential for human error.
• Collusion of a member of management or an employee.
• Abuse of responsibilities.
• Procedures may become inadequate due to changes in conditions.

2.1.4 Detection risk

• The risk that the procedures performed by the auditor to reduce audit risk to
an acceptably low level will not detect a misstatement that exists and that
could be material, individually or when aggregated with other misstatements.
• Detection risk consists of 2 components: sampling and non-sampling risk

8
Sampling risk Non sampling risk
Probability and non- Auditor Selects an inappropriate audit
probability sampling procedure
Auditor misapplies an appropriate procedure
Auditor misinterprets the results of the test

• Sampling risk is the risk that material errors will not be detected by the
auditor because of the accepted auditing practice of examining less than the
whole of an account balance or class of transactions
• Non-sampling risk may be caused by
∙ Time pressure due to unrealistic budgets
∙ Lack of competence and application
∙ Failure to consult with senior staff when in doubt
∙ Irresponsibility
∙ Lack of commitment
∙ Personal or emotional stress
• Reducing detection risk is best achieved by:
 Sound planning
 Proper assignment of personnel to the engagement team,
 The application of an appropriate level of professional scepticism, and;
 Proper supervision and review of the audit work performed

2.2 Relationships between audit risk, inherent risk, control and detection risk

The Audit Risk Model

Audit Inherent Control Detection

Risk Risk Risk Risk

Risks of Material Misstatement

• The aim of the auditor is to keep audit risk as low as possible

• The risk of material misstatement is made up of inherent risk and control
risk.
• The risk of material misstatement will be highest where there is a high level
of inherent risk relating to the assertion and controls are weak.
• If controls are very strong (i.e. Low control risk) and there is low inherent
risk relating to the assertion then the risk of material misstatement relating to
that assertion will be low.

9
• Audit risk is a function of the risk of material misstatement and detection
risk.
• The auditor has no control over the client’s inherent and control risk,
however he has control over detection risk.
• If there is a high risk of material misstatement and the auditor does not
respond with effective selection and application of audit procedures, the risk
of expressing an inappropriate audit opinion (audit risk) will be very high.
• In order to keep audit risk to an acceptable level, the auditor must ensure that
detection risk is kept to a low level by
 Sound planning,
 Proper assignment of personnel to the audit team,
 Proper supervision
 Choosing appropriate samples etc

Risks of material misstatement at Risks of material misstatement at

Financial Statement Level assertion level
Refer to risks that relate pervasively to Refer to risks that relate to an
the financial statements as a whole. assertion.
- Risk indicators  Risk indicators
- Description of risk  Description of risk
- Component of audit risk  Assertion

2.3 Conditions and evens that may indicate risks of material misstatement
 The following list provides example of conditions or events that may suggest
to the auditor that there is risk of material misstatement in the financial
statements under the audit (list not exhaustive):
• The company’s operations are exposed to volatile markets
• Going concern or liquidity problems
• Significant merger or reorganisation or retrenchments
• Complex business arrangements
• Complex financing arrangements
• Lack of appropriate accounting and financial reporting skills in the
company
• Changes in key personnel
• Deficient internal control
• Incentive for management and employees to engage in fraudulent
financial reporting
• Changes in the it environment,
• A significant number of non-routine or non-systematic transactions at
year end
• The introduction of new accounting pronouncements
• Accounting measurements that involve complex processes
• The omission or obscuring of significant information in disclosure
• Pending litigation and contingent liabilities.

10
3. Determining materiality
3.1 Definition of materiality
 Information is material if its omission or misstatement could influence the
economic decisions of users taken on the basis of the financial statements.
 Materiality depends on the size of the omission or error in the given
circumstances and thus provides threshold or cut off point against which the
usefulness of information is measured

3.2 Relationship between materiality and audit risk

 The auditor should consider materiality and its relationship with the audit
risk when audit is performed.
 There is an inverse relationship between materiality and audit risk:
 The higher the audit risk, the lower materiality will be.
 The lower the audit risk, the higher materiality may be set because the
chance is small that a material misstatement could occur and go undetected,
 It affects directly the nature timing and extent of the audit procedures

4. The overall audit strategy

4.1 Scope, timing and direction
 To establish the overall audit strategy, the key engagement team members
must
* Determine the characteristics of the client company which will define
the scope of the engagement.
* Determine the reporting objectives of the engagement which will
influence the timing of the audit.
* Consider the important factors that will determine the focus or
direction of the audit.
* Consider any aspects of the preliminary engagement activities which
may affect the audit strategy.
* Ascertain the resources necessary to perform the engagement
• The resources to be allocated to specific audit areas.
• The amount of resources to be allocated.
• The timing of the allocation of resources,
• How the resources are to be managed, directed and supervised.

 In formulating the audit strategy, key engagement team members should

consider the following characteristics of the engagement which define its
scope, timing and direction.

11
Scope The financial reporting standards on which the financial information to be
audited, has been prepared
The expected audit coverage, including the number and locations of
components to be included
The involvement of other auditors
The need for specialized knowledge of the client’s industry or reporting
The availability of the work of internal auditors
The effect of information technology on the audit procedures, CAATS
Audit of consolidated financial statements
Timing The company’s timetable for reporting
Schedule of meetings with management
Expected type and timing of reports to be issued
Communication with other auditors, experts, internal audit, regarding the
expected types and timing of reports to be issued
Size, complexity
Extent and complexity of computerization at the client
Direction Materiality levels
Risk of material misstatement
Presence of significant risks
Impact of the assessed risk of material misstatement at the overall financial
statement level on direction, supervision and review
Management’s commitment to the design and operation of sound internal
control
Volume of transactions
Business developments affecting the entity

 A high risk of material misstatement at the overall financial statement level

will have the following impact on the overall audit strategy.
• Follow a substantive approach or a combined approach ( if there are
deficiencies in the control environment)
• Perform tests of detail and fewer analytical procedures
• Incorporate an element of unpredictability in testing
• Exercise professional scepticism
• Consider the use of an expert
• Perform procedures closer to year end
• Put less reliance on management representations
• Extend sample sizes
• Engage more experienced staff
• Lower materiality

12
5. The audit plan
5.1 The link between audit plan and audit strategy
Audit Strategy vs Audit Plan
Audit Strategy (overall AFS level) Audit Plan (Assertion level)
1. Scope, Timing and Direction 1. Nature, Timing and Extent
2. Limited overall response on the audit 2. Detailed response to specifics in the audit
3. Responses may include: 3. Responses may include:
 Engaging experienced staff  Follow substantive instead of a
 Lower the materiality combined approach
 Less reliance on management
representation letter
 Professional scepticism

In terms of ISA 300, the audit plan must contain:

Plan 1 Plan 2
* A description of the nature, timing and * A description of the nature, timing and
extent of planned risk assessment extent of planned further audit
procedures, sufficient to assess the risks procedures at the assertion level for
of material misstatement (plan 1) each material class of transactions,
account balance and disclosure (plan 2)

5.2 Risks at financial statement level and risk at assertion level

Risks of material misstatement at Risks of material misstatement at
Financial Statement Level assertion level
Refer to risks that relate pervasively to Refer to risks that relate to an
the financial statements as a whole. assertion.
- Risk indicators
- Description of risk
- Component of audit risk

5.3 Risk assessment procedures and related activities

• Client acceptance of continuance procedures
• Previous experience with the entity
• Inquiries of management and others
• Observation
• Inspection
• Analytical procedures
• Discussion among the audit team

13
6. Planning “further” audit procedures based on the risk assessment
 The auditor’s first response to assessed risk is to plan further audit
procedures.
 This will entail developing a plan which describes the nature, timing and
extent of further audit procedures, both tests of controls and substantive
tests, which will be conducted to reduce the risk of material misstatement
relating to the assertions remaining undetected.

6.1 Planning the Nature, Timing and Extent of audit procedures

6.1.1 Nature of audit procedures
Characteristic Matters to consider
Nature of tests – what  The suitability of a particular procedure to provide the piece of
tests will be evidence required
conducted? • Re-performance, inspection, inquiry, observation
• Recalculation, analytical procedures, external confirmation
 The need to perform tests of detail (e.g. Significant risks)
 The possibility of performing analytical procedures exclusively
 The hierarchy of evidence – how can the most relevant and
reliable evidence be gathered?
 Statistically based or non-statically based sampling
 The use of other parties
• Experts, other auditors, internal auditors
 The use of computer assisted audit techniques
• System or data orientated CAATS
 Special client requests
 Do the tests selected, address the risk adequately?

6.1.2 Timing of audit procedures

Characteristic Matters to consider
Timing of tests  The need for and desirability of
– when will the • Interim audits
tests be • Early verification of year end balances combined with “roll
conducted? forward tests”, e.g. Debtors circularisation carried out two months
prior to year end, supplemented by tests of controls, tests of
detail and analytical procedures for the subsequent period of two
months up to reporting date
 Preparatory work on 3rd party confirmations and supporting
schedules
 Non-negotiable dates set by client
• Inventory count
• Reporting deadlines
• Availability of key personnel
• Audit committee meetings
 Availability of information, e.g. Fixed asset schedules for audit,
 Timeous preparation where other parties will be used.
 Special client requests e.g. the client may request that you visit each
branch to attend inventory cycle counts at least once a year.
14
6.1.3 Extent of audit procedures
Characteristic Matters to consider
Extent of tests –  Level of assessed risk.
how much testing is  Prior year experience.
to be done?  The planning and performance materiality limits which have been
set.
 What sample sizes are required to achieve meaningful results.
 Possible reduction of testing when internal audit is used.
 3rd parties to understand “how much” they should do.
 Special client requests e.g. Positively confirm all debtors.
 The extent of testing deemed necessary should not be restricted
by deadlines.

The end

7. Exam Practice Questions

QUESTION -1 (Adapted)
Travel with Flair is Zimbabwe’s first fully automated online travel agency.
Stephan van Eck launched Travel with Flair in 2009 after his first online travel
agency in Switzerland, Mr Jet, had proved to be very successful. Travel with
Flair is a wholly-owned subsidiary of Mr Jet and both companies have the same
financial year end. The auditors of Mr Jet require the audited financial
statements of Travel with Flair within two weeks after year end in order to audit
the consolidated results in time. This is the first time that your audit firm is
providing audit services to Travel with Flair.

Travel with Flair operates its business from an office situated in Harare.
Customers can make bookings for flights, hotel accommodation and car rental
with a variety of international and national suppliers through Travel with Flair
using the Internet. During the 2019 financial year Travel with Flair experienced
rapid growth in its business. The company’s number of bookings and revenue
figures increased by more than 55% from the prior financial year. Two senior
executives are set to receive share options in Travel with Flair based on reported
profits.

Due to the rapid growth of the company Stephan van Eck has a new vision for
Travel with Flair and plans to expand Travel with Flair’s business by opening
ten new holiday resorts all over Zimbabwe. To finance this expansion, Travel

15
with Flair has to apply for a bank loan. The approval of the loan is dependent on
the audited 2019 financial statements.

In May 2018, two key staff members in the accounting department went on
maternity leave and the chief financial officer (CFO) was fired. During the
financial year the CFO has been in a major public labour dispute with Travel
with Flair. The dispute was settled in court during October 2018. The posts of
the two key staff members from the accounting department and the CFO’s post
were filled by temporary staff members who were on training for the first two
months. These temporary staff members were not performing at the optimal
level after the period that they were on training.
Travel with Flair’s revenue comprises:
 Commission received from a variety of international and national suppliers
with whom the bookings for flights, hotel accommodation and car rental are
made. Revenue from commission is recognised as soon as the booking has
been finalised. A booking is finalised as soon as the payment has been
received from the customer. Suppliers should pay the commission to Travel
with Flair at the end of the next month following the month in which a
booking has been finalised. Commission is calculated using the percentage
as agreed with the supplier in the service level agreement.
 Service fees received are fees charged on every booking made for flights,
hotel accommodation and car rentals. Revenue from service fees is
recognised as soon as a booking has been finalised. A booking is finalised as
soon as the payment has been received.
Part A
With reference to the background information of Travel with Flair:
a) Identify the risk indicators at the overall financial statement level.
b) For each identified risk indicator, identify the relevant audit risk
components.
c) For each identified risk indicator, describe the audit risks at the overall
financial statement level present in the financial statements of Travel with
Flair.

Solution
(a) Risk indicator (b) Audit risk (c) Description of the audit risks at the
(½ mark each) components (for overall financial statement level
example, (1½ marks each)
inherent, control
or detection risk)
(½ mark each)
1. Tight audit deadline. Inherent risk The annual financial statements (AFS) may be
16
 materially misstated due to error as the
financial results prepared by the
management of Travel with Flair might be
incomplete due to time pressure.
Detection risk The AFS may be materially misstated due to
error as the auditor might not have sufficient
time to obtain the audit evidence resulting in
material misstatement going undetected.
2. New audit client. Detection risk The AFS may be materially misstated due to
error as the opening balances might be
incorrect since there were different auditors
in the prior year.
Detection risk The AFS may be materially misstated due to
error as material misstatements could go
undetected as the auditor is not familiar with
Travel with Flair.
3. Conducting business Inherent risk The AFS may be materially misstated due to
internationally. error as Travel with Flair conducts business
internationally and the accounting treatment
of forex transactions is complex.
4. Travel with Flair Inherent risk The AFS may be materially misstated due to
experienced rapid manipulation in order to obtain the loan from
growth in its business. the bank (refer to point 6 below).
Control risk The AFS may be materially misstated as the
control environment could be compromised
due to the rapid growth.
5. Share options based Inherent risk The AFS may be materially misstated due to
on reported profits. manipulation as senior executives might
engage in fraudulent financial reporting, for
example overstatement of revenue and
understatement of expenses in order to
receive share options.
6. 2018 AFS to be Inherent risk The AFS may be materially misstated due to
used to obtain manipulation as directors might engage in
financing from the fraudulent financial reporting, for example
bank. overstatement of assets and revenue and
understatement of liabilities and expenses to
ensure that financing will be obtained.
7. Travel with Flair is Inherent risk The AFS may be materially misstated due to
currently in a labour error as the entity might be liable for legal
dispute with one of its damages resulting in negative publicity for
staff members. the entity. This might lead to the going
concern assumption not being properly
accounted for and/or disclosed.
17
8. Temporary staff Inherent risk The AFS may be materially misstated due to
members are not error in a poor control environment as there
performing after two might be errors in the financial records due
months of training. to a lack of knowledge by temporary staff
members and poor training.
9. Lack of personnel Inherent risk The AFS may be materially misstated as there
with appropriate might be errors occurring in the preparation
accounting and of financial records due to a lack of
financial reporting experienced personnel with appropriate
skills (Two key staff accounting and financial reporting skills to
members are on leave record complex accounting transactions
and the CFO is fired).

Audit Planning and Risk Assessment

You are currently carrying out risk assessment procedures at your client Swinn
(Pvt) Ltd, a manufacturing company and subsidiary within an industrial
conglomerate. The following information pertains to this assessment:
1. The financial director has been very evasive in answering questions,
generally displaying a very dismissive attitude to the audit.
2. Some of the products manufactured by Swinn (Pvt) Ltd have not kept up
with market requirements.
3. In prior years directors annual bonuses were based upon earnings reflected in
the audited annual financial statements. This policy has been abandoned and
directors’ monthly salaries have been increased.
4. The company decided to retrench its internal auditors in a cost cutting
exercise; the holding company internal auditors will be available if required.
5. Close to the end of the year a number of complex entries relating to asset
revaluations were put through.
6. For the six weeks prior to the year end, the credit controller was absent from
work due to ill health. During this period a number of employees in the
section took over his duties, e.g. authorizing credit terms, passing credit
notes, etc.
7. Management is regarded by the staff as being very dictatorial as certain
members of management will frequently override controls. Some staff
members have expressed the view that the holding company puts too much
pressure on management to perform.
8. Numerous transactions take place with other companies within the group.

REQUIRED
Explain whether each of the above will increase or decrease your assessment
of the risk of material misstatement. Your explanations should indicate
whether the risk of misstatement at financial statement level or at assertion level
will be affected. You are not required to consider the information collectively.

18
Solution

Risk of material misstatement

1. Increase risk at financial statement level. If management is evasive and dismissive of
the audit function, it suggests they have something to hide or they are incompetent both of
which increase the risk of fraud or manipulation in the financial statements. This is not
specific to a particular assertion and could manifest itself in numerous assertions.
2. Increase risk at assertion level. This risk relates specifically to a line item, namely
inventory, in the financial statements and is therefore classified as a risk at assertion level.
This is likely to have implications for the valuation of inventory (obsolete inventory write
down).
3. Decrease risk at financial statement level. If management’s remuneration is no longer
based upon earnings, there is less incentive for them to manipulate the financial statements eg
select inappropriate accounting policies to reflect higher earnings. The fact that their monthly
salaries have been increased further reduces this incentive.
4. Increase risk at financial statement level. Internal audit can be regarded as an internal
control and the removal of any good control increases the risk of misstatements not being
detected. The overall control environment is also weakened.
5. Increase risk at assertion level. This risk relates specifically to specific line items
regarding the revaluations of assets in the financial statements and is therefore classified as a
risk at assertion level. The more complex the transaction the greater the risk that the account
headings to which the entries relate will contain misstatement.
6. Increase risk at assertion level. The credit controller authorises credit terms and passing
of credit notes. Specific line items in the financial statements are therefore influenced,
namely debtors and revenue, which increase the risk at assertion level. The risk relates to a
serious break down in approval procedures and segregation of duties as invalid credit notes
could be passed and credit terms can be changed.
7. Increase risk at financial statement level. Overriding of controls by management
weakens internal control and the control environment. It would seem that management do this
to improve the “figures” to show the holding company that they are “performing”. Overriding
controls is a means of fraudulent manipulation and could affect any number of assertions and
line items in the financial statements and is therefore classified as a risk at financial statement
level.
8. Increase risk at financial statement level. Where there are transactions /dealings with
related parties, eg fellow subsidiaries, there is an increase in the risk that the transactions and
relationships are not disclosed correctly in the financial statements. Another risk might also
be that if transactions are not at “100% arms length” financial statements might be
manipulated (fraudulent financial reporting) in any number of ways and could affect
numerous assertions.

19