Procedures
General
- What is the verb
- Source document it relates to
- The purpose (Control objective/ assertions)
Substantive Procedures
- Substantive test of detail
- Analytics
- CAATs
Test of controls
- Do something
- To something
- For a purpose
Audit procedures
- Test of control (control objectives)
- All substantive’s (TOD& analytics& Disclosure)
Analytics:
- Investigate any unexpected or unusual changes in volume and nature of xxxxx
- Analyse occurrence, ageing and volume recons
- Review volume and value transactions by comparing xxxxx
- Analyse P/L by product etc and consider hedging
System description
Different colors
- People
- Document flow
- Data (complete, accurate, valid)
- FinAcc
Purchase of something new
Consider nature, timing and extent
Criticize working paper
- General stuff
- Risk assessment
- Risk should be high based on… - Controls in place
- Audit approach
- Substantive procedures
- Responses to risk - Sample selected
- Findings
- Conclusion
Overall
- Documentation is not appropriate as the name of the trainee who performed the testing was not recorded, nor the date on which the working paper was completed.
- A first year has performed the review - he does not have the necessary expertise which is evident by numerous errors made in the working paper.
- It does not appear as if the WP has been reviewed.
- Appropriate detail is not provided on the discussion with management:
- The working paper needs to state the name of the person with whom the discussion was held, their position within the entity, as well as the date on which the discussion was held. The exact characteristics of the work performed needs to be documented.
- It is stated that the assurance between a review and audit engagement do not differ significantly, this is incorrect as a review has limited assurance and an audit has reasonable assurance.
- The auditors application of S30(2A) is not appropriate - this brings into question their competence
- S30(2A) deals with the exemption from an audit, however the clerk has interpreted it to state that the company required an audit.
- Saving the client money is not a reason to do a review engagement - the legislation needs to be adhered to.
- The document states that substantive procedures have been performed below, however the work done below is only analytical.
- Furthermore a review engagement does not require you to do substantive procedures unless risk of material misstatement is identified.
- The trial balance was not agreed to the financial statements as is required by ISRE 2400
Materiality:
- If no separate working paper has been prepared for materiality the documentation within this working paper is not sufficient.
- Information should have been provided on the benchmark, ranges and working of the figure selected.
- Basing materiality on profit after tax is inappropriate as the entity is making a loss (description inappropriate).
- Profit/loss before tax also seems to be volatile at the moment - a stable base or an average should be considered
- Furthermore the value of materiality does not seem reasonable if it has been calculated on a loss of R2m the figure of R1,5m does not seem correct.
Analytical
- The calculation of the movement of non-current assets is inaccurate. It should be 20,447.
- Depreciation was not considered in the PPE balance - movement does not seem large enough
- Receivables explanation is wrong - revenue have increased - however the movement is consistent therefore no additional risk identified
- Revenue increased by 53% and receivables by 64%, the higher increase in receivables is explained by the economic environment
- The explanation in bank is not precise enough - more detail should be provided - even though the increase is in line with the increase in revenue and the sale of the building (money was used for settling debt)
- The explanation obtained for equity movements does not appear correct as losses decreased by approximately R6m and not R2m.
- Payables is considered to be immaterial - this has been determined based on the materiality level and not performance materiality, furthermore as discussed, materiality is not reasonable - therefore this balance should be analysed in more detail. The sign for payables is also incorrect.
- Revenue is in line with management discussion however it should be considered if such a significant increase is reasonable in the industry.
- A risk of overstatement can be identified in the insurance pay-out - further substantive procedures should be perfumed (inspection of bank statement/correspondence with insurer) as this contributes significantly to the higher profit and based on the state of the company management has an incentive to overstate.
- The expenses explanation states that the increase is consistent with inflation of 5%, however when recalculated it is almost a 50% increase - a more specific expectation should be set.
- The increase in expenses is however consistent with the increase in revenue.
- The worked performed to assess the going concern assumption of the entity is not sufficient in terms of the ISRE.
- Solvency and liquidity of the company needed to be reviewed in terms of the companies act - the company does appear to be solvent and liquid in 2021 but it was not in 2020.
- This is a review engagement, therefore no tests of controls needed to be performed.
Concerns regarding the reportable irregularity being reported.
- As we are not the auditors of the company, we cannot report an RI in terms of the APA.
- An RI needs to be reported in terms of a review engagement as stipulated in Regulation 29 of the companies act
- There has been an unlawful act committed by management - they met the requirements to register as a VAT vendor and they have not done this.
- This action will cause material financial loss due to fines and penalties that will become payable to SARS.
- It is fraudulent in nature due to non-compliance for personal gain of the company (not paying VAT).
- Based on the solvency and liquidity ratios the company is currently solvent however the impact of the penalties and fines should be considered.
- Therefore the definition of an RI in terms of R29 has been met, and the RI has to be reported to the CIPC and not IRBA
- The auditors did not inform management of the report sent to Commissioner within 3 days.
Conclusion
- The conclusion includes an opinion that is not appropriate for a review engagement as it is considered to be a positive (reasonable assurance) conclusion.
- A negative opinion should have been provided by stating that “nothing has come to our attention that caused us to believe that the financial statements are not free from material misstatement”.
General things to include when criticizing WP or evaluating it
-There is no indication that a risk assessment process has been
undertaken on nature an extent
-Failed to perform the audit work with professional scepticism
- Excessive reliance
-Did not assess the reasonableness
-CASH FLOW: CPI is predicted to increase and a rate of 4% is
unrealistically low, leading to a very conservative cost projection for the next five years
Audit plan to obtain sufficient appropriate audit evidence
🔺Risk associated with inventory high due to existence
- General responses (professional scepticism)
- NTE
- Procedures
Weaknesses
- What is the issue?
- What is the consequence?
- What does it result in?
Criticizing working paper or something
- Is it appropriate? What should be done?
- Argument for something? (In terms of what they did)
- What else should be considered?
- Objective considered?
- Nature of testing?
- Is audit procedure explained?
- Consider wording of audit procedure
- Any omitted assertions
- Is conclusion provided?
Describe audit procedures to obtain sufficient appropriate audit evidence to ensure invoice was appropriately recognized and measured
- General procedures
- Request schedule from management
- Reperform casting - Occurrence and Completeness
- Classification (cost capitalization)
- Accuracy and cut off
Materiality
- If the balance is above performance materiality always mention: There is an inherent risk of MM as balance is above PM
- Benchmark
- How is company managed or where does value lie? (Revenue/ Assets)
- Users of FS interested in profit
- Remove once off items
- Don’t use PBT because of volatility or instability
- Argument for or against benchmark - Base
- Is the balance grossed up
- Significant misstatement of balances (revenue or assets)
- Audited PY AFS?
- Any adjustment for CY events? if no, use them - Range
- Is the one used appropriate?
- Any other range to consider
- Based on auditors judgment, can industry norms be applied?
- Don’t use PBT if making losses - Overall materiality
- Higher risk therefore low materiality
- Factors that increase risk? (Fraud, listing)
- Factors that decrease risk? (King IV implemented)
- Risk low, medium or high - Performance materiality
- Should be below overall materiality it is haircut based on detection risk
- If detection risk is high give it 25% materiality
- Might need to be updated as new information is obtained
- What increases detection risk? ( auditors long association therefore can detect risk of fraud/ familiarity threat affects independence, tight audit deadline creates DR)
Detection Risk
- Consider impact on sufficient appropriate audit evidence
External auditor), having not detected the weaknesses in Indlovu’s prior year audits.
- The auditor is not required to identify all weaknesses in the internal control system of an audit client, as his primary objective is to express an opinion on the fair presentation of the client’s annual financial statements in accordance with an applicable financial reporting framework
- However, when planning the audit, the external auditor is required to obtain an understanding of the internal controls relevant to the audit (5 components of the client’s internal control system)
- This understanding of control activities is to assess the risks of material misstatement (due to fraud or error), including how the entity has responded to risks arising from IT.
- The auditor is further required to evaluate the design and implementation of the entity’s controls responsive to any significant risks identified.
- Based on this understanding, any weaknesses in the internal control system should have been identified and their effect on the assessment of the risk of material misstatement in the financial statements considered.
- However, in making these risk assessments, the auditor considers internal control in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control.
- Should D&C Inc. have tested and relied on the application controls within the Brand-IT system, then they should have first tested the General controls in the system (e.g. Antivirus etc) and they would have identified the weaknesses
- Any significant deficiencies identified in controls should have been reported to Those Charged with Governance of Indlovu in terms of ISA 265 requirements
Service legal agreement Audit approach
- Risk assessment
Appy services relates to revenue, VAT, related commission expenses as well as cash receipts for bookings made.
-Due to the outsourcing of the bookings function there is an increased risk of completeness and accuracy in revenue (appy might not communicate all sales or might not pay over the full amount of cash, i.e. take a bigger commission.
Strategy
- Timing of communication with IAS auditors has to be considered as well as period of Type 2 report.
- Revenue is considered a significant risk (see above) and outsourcing bookings will increase risk - therefore the audit team will direct their efforts to gaining comfort over these transactions
- More experienced team members should be allocated to the audit of the service organisation as they will have to exercise more judgment on the evaluation of IAS auditors.
Nature - from 1 March 2021
-All bookings run through Appy - this could be a large volume of transactions, therefore tests of controls might be considered necessary.
-Testing controls could be considered desirable as it will lead to more effective audit.
-Possibility of controls testing should be considered based on the fact that the audit team would not have access to Appys control environment and will have to rely on the controls testing of IAS.
-To determine if reliance is possible the following has to be considered:
Obtaining knowledge of the content of the service level agreement (SLA)) between Indlouv and Appy to gain an understanding of the arrangement, including the following (max
the responsibilities of each party to the agreement
-ownership of data – Indlovu vs Appy
-How data / bookings will be transferred to Appy
-Whether the controls at the service organization include:
-physical controls at the premises
-encryption of data that is processed
-the use of firewalls for communication of data
-anti-virus software to prevent loss of data
-emergency and disaster recovery plans
backup procedures that should be followed
-Evaluate the professional reputation of Appy by considering:
-Competence and qualifications of Appy staff
Independence of Indlovu from Appy (ie. not a related party)
-Quality of services provided by Appy, including reliability and stability (any information available to the contrary)
-Evaluate the professional competence and independence of IAS Inc. auditor who prepared the Type 2 report.
-Evaluate the adequacy of standards maintained by IAS Inc. for the issue of the Type 2 report.
-With regard to the type 2 report obtained from IAS Inc.:
i) Determine if the period of the type 2 report is appropriate for the audit - considering that it was at 30 April and this may be a potential issue - audit team will have to determine if evidence over operating effectiveness of controls can be obtained in the intermittent period.
ii) Evaluate whether the tests of controls are relevant to the assertions for which audit evidence is needed at Indlovu:
Based on your reliance or not on the controls relating to the Appy portal, determine the nature, timing and extent of substantive procedures to be performed.
-Consider the materiality of transactions processed on Appy portal in terms of Indlovu’s financials - this is most likely fairly significant.
Timing
Reliance on IAS should be assessed during interim to determine if possible, if not, alternative procedures can be performed at year end.
Extent
Revenue risk is considered to be high, therefore large samples are already selected, however judgemental sampling should be used to select transactions specifically relating to Appy bookings.
-No indication that materiality should change as revenue will already be tested.
-Procedures over the completeness and accuracy of revenue should be tested, including the recalculation of VAT, obtaining listing of bookings from Appy and reconciling it to bank receipts, etc.
Impact on Audit Report
- Material uncertainty
- Management refuses, disagreement
- Consider if disagreement is material and pervasive
- If financial statements will not fairly represent (adverse opinion )
- RI should be mentioned in audit report
Types of misstatements
- Factual
- Judgmental
- Projected
Matters that group auditor should consider regarding issues encountered with component auditors
- X is a significant component of the group as they represent x% of consolidated assets
- Group auditor should obtain sufficient and appropriate audit evidence over FS
- This can be done by considering reliance on work of sub auditor (ISA 600)
- Consider subs mngt integrity
- Consider the impact on group FS (KAM)
- Consider audit responses applied by component auditors
- Risk that further MM in FS
- Possible RI
- Audit opinion
Audit fee
- Audit fee is dependent on time spent on audit as well as the experience and expertise of staff
- If we can rely on IA work and it is relevant to the audit, this could result in lower audit fees
- The auditor should obtain sufficient appropriate evidence to draw reasonable conclusions to base audit opinion
- If EA places reliance on work of IA they must be satisfied that this provides appropriate audit evidence
- Rely on the work of IA (ISA 610)
Concerns of audit work for trade debtors
- Sample selection: told they use statistical sample
- Stratify population based on nature of debtors and risk attached to each category
- Test population for completeness and accuracy
- Is sample size too small to represent entire population?
- Consideration given to materiality or risk balances to obtain coverage
- No consideration to appropriate sampling plan to be used to achieve objective - Documentation errors:
- Difference between objective and what is actually done
-In audit testing use performance materially not overall materiality - Findings:
-Further testing should be performed over debtors and obtain corroborating evidence - Conclusion:
- Is conclusion provided correct? did they consider both qualitative and quantitative factors?
Projected misstatement:
balance (given) 5 959 300
Diff noted (debtors not accounted for)172 580
sample size= total 1 128 270
% of sample (172580/1128720)=15.2%
15.2%*5959300=905913.60 diff must be included on summary of audit difference
-Even if this is less that total materilaity cumulative effect of all diff must be considered as well as nature of diff as this may affect response due to mngt integrity
Discuss legality
- Co Act
- If auditors are restricted access
- s93
- APA s44
Restricting the audit team’s attendance inventory count
-Conduct drone counts
-live stream the count on
-live session is recorded to refer back to / place on file.
-takes pictures of high value stock items
-perform the physical
stock count at a later date and perform rollback procedures
-The inputs into the rollback calculation (potentially a sample) need to be corroborated against the relevant supplier invoice/invoice to Franchisees /credit/debit notes
General considerations if asked on matters
- Still want to be involved?
- Can you rely on management information?
- Existence of fraud?
- Legal advise obtained?
- Limit reliance on audit report
What to do with unresolved audit differences
- Factual/ judgmental misstated?
- Quantitatively material or qualitatively (Contravene Income Tax Act etc. )?
- Possible RI
- Impact on audit report
- NOCLAR
