Session 5 solutions

Self study questions

6.12

Explain the difference between entity-level controls and transaction-level

controls. Is an auditor interested in both?

Entity-level controls are:

1. the control environment
2. the entitys risk assessment process
3. the information system, including the related business processes, relevant to financial
reporting, and communication
4. control activities
5. monitoring of controls
Each of these controls relates to the whole organisation.
Transaction-level controls are controls that impact a particular transaction or group of
transactions.
Therefore, the difference is that entity-level controls have the potential to impact all of the
processes in the organisation, including those that have a direct impact on the financial report
and others, while transaction-level controls impact only a specific group of transactions.
Transactions make up the financial report that the auditor is auditing, and can be impacted by
both entity-level and transaction-level controls. This is why an auditor would be interested in
both types of controls.
6.13

Discuss the contention that the control environment is the most important part of
a system of internal controls because it provides the foundation.

The control environment sets the tone of the entity and influences the control consciousness
of its people. People, through their actions, determine the effectiveness of internal controls. If
the control environment does not encourage ethical behaviour and high quality work, the
people within an organisation could fail to implement controls or override them when
performing their duties. Even the best control system is not 100% effective, and all systems
are less effective if the people working with them do not support the systems.
However, all components of an internal control system are important. Having a strong control
environment will not be sufficient by itself to ensure that an organisation is able to achieve its
objectives.

6.15

What sort of risks would an entitys risk assessment process consider? Give some
examples for a retailer. Which of these risks would be relevant to financial
reporting? Explain.

An entitys risk assessment process would consider risks to its achievement of its objectives
at all levels. These would include: risks to revenue through product competition, to attracting
and retaining staff, exchange rate risks, transport interruption risks (both freight and
passenger transport delays affecting staff and customers), climate change risk, financing risk
(obtaining and servicing loans), supply risks, and risks relating to protection of assets from
theft and fraud etc.
A retailer would have a particular focus on the risk of not being able to buy the appropriate
products from reputable suppliers, product quality risks which would lead to sales returns
and/or warranty claims, exposure to exchange rate risks if suppliers are located in other
countries, transport risk affecting imports, competitive risks from other retailers in the same
location or servicing the same type of customer, staff risks relating to attracting and retaining
the right type of staff for all shifts, physical risks including power interruption, shopping
centre building issues, financing risks relating to funding product purchases and paying
expenses prior to receipt of cash from customers, and protection of assets and the integrity of
sales and other transactions in the accounts. The retailer would be interested in identifying
and controlling risks to its ability to operate and achieve its objectives.
All uncontrolled risks for the entity could affect the ability of the entity to survive (i.e. be a
going concern). Therefore, all risks are of interest to the auditor. However, the auditor is most
directly concerned with risks relating to protection of assets and the integrity of transactions
in the accounts. The auditor must consider the risk to the accounts so that the audit can be
planned with appropriate consideration of the risk of material misstatement
6.16

Explain the importance of segregation of incompatible duties. What sort of

duties would be segregated within the sales process? Why?

Segregation of incompatible duties is a part of the control activities of an organisation.

Control activities are policies and procedures that help make sure managements directives
are carried out. The concept of segregation of incompatible duties is that no one employee or
group of employees should be in a position both to perpetrate and hide errors or fraud in the
normal course of their duties. If these duties are not segregated, an employee could steal
assets (such as cash or stock) and adjust the records to conceal the theft. If the duties are
segregated, the employee stealing the assets would have to get the cooperation of another
employee to adjust the records to hide the theft.
Therefore, it is very important for the effective operation of a control system that
incompatible duties are split between different employees.
Within the sales process, the person making the sale is not responsible for recording the sale,
and should not be able to process a sales return or other adjustment to a debtors account
balance. If these duties were not segregated, the sales employee could record a sale to a
fictitious customer and take the goods for themselves. To conceal the theft, the employee
would later process a sales return or adjustment to eliminate the balance in the fictitious
debtors account.

6.17

Why would an auditor be interested in a clients control monitoring processes?

A client should have processes for monitoring the effectiveness of its internal controls
because circumstances and conditions change over time and controls need to adjust
accordingly. An out-of-date control system may not be able to alert management to new risks,
or control new types of transactions. The monitoring process allows the client to assess the
need for changes to internal controls. As such, the auditor will be interested in the
effectiveness of the monitoring system and whether the clients management are able to be
sure that internal controls remain current and valid. The auditor will also be able to assess the
clients management attitude to internal control systems through evaluation of the monitoring
processes within the client.
6.18 Discuss the role of internal audit in an entitys system of internal controls. Is
internal audit an essential element of a control system? Explain.
Internal audit is a part of an entity with responsibility for assessing the performance of the
entitys control systems and making evaluations of clients activities. Internal auditors
provide information about the functioning of the entitys internal control system, its strengths
and weakness, and make recommendations for improvements, to the entitys management.
Although internal audit departments are usually separate to other functions within the client,
they are not independent of the client.
Not all organisations have an internal audit department. Smaller organisations usually do not
have an internal audit function and many larger organisations outsource the internal audit
function to a third party. However, as organisations become larger, the level of importance
placed by an entity on its internal audit function can be a guide to its overall commitment to
internal control.
6.21

Why dont auditors usually test entity-level controls as part of the audit?

Entity level controls are the collection of the internal control components of control
environment, entitys risk assessment process, the information system, control activities, and
control monitoring (ASA 315/ISA315). The entity level controls exist at an organisational or
entity level rather than at a more detailed transaction level.
The auditor is required to gain an understanding of the entity level controls, but they are not
specifically tested. They are not specifically tested because of the difficulty in trying to do so.
For example, there is rarely audit evidence that a control such as the ethics/tone at the top of
an organisation is in existence and operating effectively, in the same way that there would be
evidence that sales transactions above a specified level must be authorised by the sales
manager. In addition, entity-level controls by themselves are not usually sensitive enough to
prevent or detect and rectify material errors, such as controls over large sales transactions
would prevent an incorrect sales figure entering the system.

6.22 In the sales transaction process, a key control affecting the accuracy assertion for
sales is Credit committee review and approve all applications for credit over $1000.
Explain the impact of this control on the valuation assertion for sales receivable
(debtors).
A control such as Credit committee review and approve all applications for credit over
$1000 will require applications for credit over the specified amount being separately
authorised. This control is related to the accuracy assertion for sales because it prevents sales
transactions being recorded that are incorrectly processed. For example, if a data entry error
is made so that a sale for $500 is incorrectly entered as $5,000, the transaction would not be
accepted until it had been authorised. Because there is a data entry error, the person
responsible for authorising the transaction should notice that it is not for $5,000, but should
be entered as $500. The control also impacts on the valuation assertion for sales receivable
because it would prevent the incorrect sale being entered to the debtors account, and thus
prevent it from being overstated. In addition, if sales are genuinely being made for amounts
over $1,000, the authorising person has a chance to consider if the debtor has capacity to pay
large amounts. Procedures to check the credit-worthiness of debtors is likely to improve the
chances of the amounts being paid by the debtors (because only debtors that can and will pay
their debts are allowed to buy on credit), increasing the likelihood that debtors are valued
correctly.

Workshop questions

5.24

Assertions and evidence

Required
(a) Identify the key assertions at risk in relation to inventory and prepayments.
(b) For each assertion in (a), identify a type of evidence that would be persuasive.
Inventory
Inventory assertion most at risk for this client: valuation will be at risk because the
constantly changing nature of the type of merchandise held suggests that items will become
obsolete (and their value impaired) each season. The special branding and promotional
packaging will make it difficult for the client to sell these items after the promotional period
ends, and the client will also find it difficult to return the items to the supplier.
Evidence:
Auditor should inspect the terms of the contract with suppliers to determine if there is any
provision for return of items not sold.
Inspection of inventory records to determine if any items are held for long periods,
suggesting they could be obsolete.
Physical inspection of inventory to search for out of date items (e.g. at back of shelves,
dusty, branded with discontinued promotional material).
Existence of inventory is also at risk. Do all items shown in the inventory account exist?
There is a risk that items shown as purchased from suppliers have not been received, and
items sold have not been removed from inventory records.
Evidence:
Vouch items held in inventory to the suppliers invoices
Observe client stocktake, perform test counts, to obtain evidence that items shown in
inventory records are held by client.
Prepayments
Prepayments assertion most at risk for this client: Existence. Large deposits are paid when
items of inventory are ordered. The payments are made 6 months in advance from overseas
suppliers. There is a risk that orders are not completed and the prepayments shown in the
accounts should be reversed, or that when orders are completed, the prepayment amount is
not reversed when the balance of the account is paid to the supplier. In both cases, the
prepayment account is at risk of overstatement and the assertion most at risk is
existence (the prepayment does not exist).
Evidence:
Auditor should inspect the terms of the contract with suppliers to determine the amount
agreed as a prepayment and payment terms when contract is completed.
All outstanding amounts in prepayments should be matched to unfilled contracts.
Completeness of prepayments is also at risk. There is a risk that amounts paid in advance to
suppliers are not correctly recorded as prepayments (the amount is debited in error to
expenses at the time of payment).
Evidence:

The auditor should inspect all outstanding contracts for supply of inventory to
determine if amounts have been paid in advance and determine if they are recorded
correctly in the accounts.

5.25

Types and persuasiveness of audit evidence

Required
(a) List the types of audit evidence gathered by Jenna and comment on the
persuasiveness of each type.
(b) Link each type of evidence to the relevant accounts receivable assertions.
(a) Jenna has gathered the following evidence:
- external confirmations 30% of which were positive confirmations and 70% negative
confirmations
- documentary invoices, cash receipts and sales returns vouchers
- verbal interviews with accounts receivable manager, CFO and accounts receivable
department
(b) The external confirmations provide evidence about the existence of accounts
receivable when the debtors reply and confirm that they owe the client money for
goods or services. Negative confirmations provide more limited evidence about
existence when the customer does not reply to state that they do not owe the client
money. The confirmations also provide evidence about rights and obligations
assertion because the customer confirms that they owe the client.
The documentary evidence relates to the existence and valuation and allocation
assertions for accounts receivable when Jenna vouches the balances back to the
underlying sales documents. It relates to the completeness assertion when Jenna traces
the sales transactions to the accounts receivable balance. In addition, the vouching of
accounts receivable back to sales returns and cash receipts documents provides
evidence about the occurrence of these transactions, and thus the completeness of the
accounts receivable balance. The tracing of these transactions to accounts receivable
provides evidence about the completeness of the record of these transactions, and thus
the existence of the accounts receivable balance. The review of subsequent cash
receipts also provides evidence about existence and valuation and allocation because
when a customer pays their account they are confirming that they owed the balance on
the balance date and they were in a position to make a payment.
The verbal evidence could relate to all assertions, depending on the topic of
conversation. The auditor is likely to ask about procedures used to identify potential
bad debts (valuation and allocation), about credit control (valuation and allocation),
segregation of duties (primarily existence, rights and obligations, completeness),
about control systems in general (which would relate to all assertions).

5.28

Account balances at risk

Required
(a) What account balances are at risk? Explain.
(b) What key assertions for the above accounts are likely to be affected?
Various supplies and asset accounts (food, alcohol, table linen, kitchen and restaurant
equipment) are at risk of overstatement because items are missing because of theft
existence assertion.
The auditor should perform test counts and observe client stocktakes to determine if the
accounts are overstated.
Sales revenue could be overstated (completeness and valuation assertions) if the employees
have been covering their thefts by recording fictitious sales or overstating genuine sales. The
auditor should investigate if there is documentation (either signed sales dockets or cash
register records) to support the sales.
5.30

Revenue assertions 1
Required
(a) Does the procedure address the stated assertion? Explain.
(b) If your answer to (a) is no, provide the correct assertion or explain what work would
be required to address the assertion.
(c) Explain what type of evidence is obtained by performing the stated procedure. How
persuasive is it?
(a) The completeness assertion relates to the claim by management that revenue shown in
the profit and loss is a complete record of all revenue earned by the client. If the
auditor tests the revenue that has been recorded in the accounts they are testing the
occurrence assertion that recorded revenue did occur, not the completeness
assertion.
(b) A more appropriate test of the completeness of revenue would be to select a sample of
the delivery dockets or customer orders and trace the details to the revenue account. This
test would detect any orders or deliveries of goods that were not subsequently invoiced to
the customer and recorded as a debit to debtors and credit to sales.
(c) The evidence obtained from the procedure described in the question is documentary
evidence. The sales invoice is internally generated. The customer order is generated by a
third party. The delivery docket that has been authorised by the customer is verified by a
third party. The third party documents are more persuasive than internally generated
documents.

5.34

Gathering evidence
Required
(a) Discuss Susans comment that they have already started the audit. What evidence
have they gathered so far?
(b) Explain what work is being done with the spreadsheets of financial data. Give some
specific examples for this client. How is this type of work relevant to all stages of the
audit?
(c) When Susan is touring the clients premises, she is taking notes of equipment and
furniture items she sees, especially anything that looks either newly purchased or older
and unused. Why might she be doing this? Explain.
(a) Susan has been gathering the following types of evidence:
- Oral: Susan has been holding conversations with staff. During these conversations she
will be discovering how they perform their duties, whether there are staff shortages in
certain areas at various times, how management are communicating their attitudes
towards control systems and profit targets, whether controls are overridden at various
times.
- Physical evidence: Susan has inspected physical assets of the company during her
tours. She can see if assets exist, whether they are being protected, their condition,
how they are used. For example, she can see if construction equipment appears to be
new or well maintained. She can also observe staff performing their duties, both on
the construction sites and in the offices.
- Computational evidence: Susan is calculating ratios and reviewing the trial balance.
She is looking for indicators of problems, such as unusual fluctuations, and whether
the data appear to reflect the state of the business as described by management.
(b) The spreadsheets are reviewed to identify unusual patterns which could indicate
problem areas for further investigation, and to calculate trends and ratios, including
common size statements, to quantify the fluctuations. Susan will use the results of the
analytical procedures to justify increased or decreased focus on specific areas, and the
nature, timing and extent of further procedures.
For example ,for this type of business Susan will be using the data to determine if
profitability is comparable to previous periods and with other similar clients. It will be a
guide to such considerations as to whether revenue recognised on building in progress is
consistent with the progress and cost of the construction?
(c) Observing the assets during the tour provides a starting point for investigating the
assertions of completeness (whether the items she observes are in the accounting
records) and valuation (whether the items appear to be in poor condition, and thus
have impaired values) of PPE. The older items or unused items are more likely to be
obsolete and thus either impaired in value or scrapped from the accounting records.
The newer items are more likely to be of higher value, but could also be not recorded
in the accounting records.