This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The audit assistance has breached section 140.1 (a) and (b) of APES - Confidentiality. Under this section Alison is obliged to respect the confidentiality of information about the client's or employer's obtained in the course of business. This duty of confidentiality has to continue long after the relationship between Alison and the client or the employer have ceased.
It also requires that Alison acquiring information in the course of business not to use or appear to use this information for her personal advantage or for advantage of third parties.
As a result, this section requires Alison to always observe confidentiality of client's or employer's information unless there is a specific authorisation given to disclose or use such information by the client or employer or law.
In addition to the above section, the audit assistance has breached section 150.1 of APES - Professional Behaviour. For Alison not to protect and conserve the client information and not using it appropriately for authorised activities is against public's expectation for auditor. This action can discredit Alison and disrepute audit profession has it could be perceived by an objective third party with knowledge of the relevant information as improperly benefiting Alison personal interest.
Confidentiality: under section 140.5 A Member should take all reasonable steps to ensure that staff under the Member's control and persons from whom advice and assistance is obtained respect the Member's duty of confidentiality.
Internal Control: There should be proper internal control system that gives much attention to the need to manage and secure organisation's information. This is critical because this information is at risk of being mismanaged or divulged to the wrong people such as competitors and other parties that pose threats to existence of business. As a result, the organisation should give authorised employees access to business information where and when they need them, meanwhile maintaining control on who views this information and how this information is used at all times to prevent free movement of information inside and outside the organisation.
Professional Behaviour: 130.5 A Member should take steps to ensure that those working under the Member's authority in a professional capacity have appropriate training and supervision. Although improving auditor ethics is the responsibility of each individual auditor, the employer can help to achieve this goal by providing a regular, overall refresher courses on ethical decision making and the professions Code of Ethics that would help all employees keep their perspectives on ethics.(pg 6, Mead, 2000)
Case Study 5.26
According to Gay & Simnett, Inherent risk is the susceptibility of an assertion about a class of transactions, account balance of disclosure to material misstatement given the inherent and environmental characteristics, but without regard to related internal controls. In this case the most likely impact on inherent risk would be increased as the transactions are not with an independent party and the required related party disclosures need to be in place. Also if the toys that are being purchased from the Taiwanese company are in foreign currency, the inherent risk will rise as there is a possibility of making a loss there aswell. For control risk, it would depend on the kind of internal control measures that are in place and since in this case there are multiple related-party-transactions going on and are mostly controlled by the chief executive of Quality Ltd, the magnitude of control risk would be assessed as high as there is a higher chance of material discrepancy.
The magnitude of detection risk depends entirely on the auditor's personal opinion unlike inherent and control risks. In this case the level of detection risk should be low because there is always a chance of fraud and misstatements when it comes to such transactions carried out by someone in a position like this. So, proper planning and extensive testing should be in place among other things.
The type of misstatements of greatest concern would be the ones in the financial accounts of Quality Ltd. There is a possibility of liabilities being under-stated and over-stated. Under-stated in case of Young Ltd and over-stated in case of the Taiwanese company, which is controlled by the chief executive.
The audit assertion of greatest concern in this case would be Accuracy. The reason being that this assertion check that amounts and other data relating to recorded transactions and events have been recorded appropriately (Gay & Simnett). This would mean looking into the books of Quality Ltd and checking for misstatements and miscalculations. The main emphasis would be to look into the related party transactions and check for anything unusual.
The main audit procedures to collect sufficient and appropriate audit evidence related to the audit assertion identified above would be Inspection, Observation, External Confirmation and Inquiry. The auditor would first examine all original documents, records or tangible assets. All in original form and not photocopies. Through observation, the auditor could study staff behaviour and notice any irregularities or odd behaviour within the firm. The auditor could then approach the company's bank, lawyers, debtors etc to get the information which they are qualified to give out. This could paint a better picture and give the auditor a clearer view of the company's affairs.
Case Study 7.18
The payroll system was revamped during the year. The controls remain similar to those used in the old system, but the process has been streamlined.
Inherent risk is the risk that the account or section being audited is materially misstated without considering internal controls due to error or fraud. The assessment of inherent risk depends on the professional judgment of the auditor, and it is done after assessing the business environment of the entity being audited. In the case of Dreamland Ltd, who have currently revamped and streamlined their payroll system there are numerous factors affecting overall inherent risk associated with the change. According to Wright 1999, there are number of 'red flag' areas that would increase inherent risk in IT. The most in accordance to Dreamland Ltd is 'significant change in IT' which has the potential for errors to occur when a new system is converted. The inherent risk is likely to increase in this area as the new system may not work as expected or may be unreliable. In addition to the significant change in IT, the 'reliability and complexity' of IT also need to be considered. Inherent risk in this area again is likely to increase as the reliability of the new revamped payroll system will directly affect the risk of errors in processing. Furthermore, the more complex the new streamlined system is the greater the risk for errors or misinterpretation.
Due to growth in the company, Ms Fasola is keen to set up an internal audit division. At the moment the project appears to have stalled, as some of the more senior executives can't see the use of setting up such a division.
ASA 315.A105 (ISA 315.A105) states that the risk of material misstatement at the financial report level refers to risks that are pervasive to the financial report as a whole and therefore may affect many assertions (Gay & Simnett 2010). These risks represent circumstances that may increase the risks of material misstatement at the assertion level through factors such as management override of internal control, which could affect several accounts and assertions. As the senior executives at Dreamland Ltd have refused to act upon Ms Fasolas plan of setting up an internal audit division, this has shown a lack of integrity on their behalf. This inherent risk is likely to increase as it is a factor that affects inherent risk at the financial reporting level. If the senior executives lack integrity they are more likely to be prepared to produce materially misleading financial reports. The obvious indicator for the lack of integrity is shown by the senior executive's reluctance to correct the internal control weakness at Dreamland Ltd.
Ms Fasola has been with the firm for nearly 10 years and has an excellent knowledge of the firm's operations.
When establishing the factors that affect inherent risk at the financial reporting level, it is essential to observe management experience, knowledge and changes during the period. Inexperience of management and its lack of knowledge may affect the preparation of financial reports. However, in Ms Fasolas case she has been with the firm for nearly ten years and her knowledge on the day to day operations of the firm is high. This would lead us to conclude that the inherent risk on management experience would decrease. In addition Ms Fasolas long term employment would also lead to a decrease in inherent risk as honest individuals are likely to resign from management positions rather that engage in various areas of fraud. Inherent risk would only increase in this case if there was a high level of personnel turnover in Ms Fasolas position (Finance director) or in other important management positions.
Dreamland Ltd has experienced exponential growth over the past five years. However, Ms Fasola believes that talks of tough economic times and recession in the media are likely to adversely affect the popularity of the theme parks.
Occasionally an industry may be subject to a major upheaval, changes in economic and competitive conditions would be expected to have a significant effect on the inherent risk of an entity. For example the impact on book and music retailing of e-commerce. Economic downturns also produce uncertainty in relation to the ability of an entity to continue as a going concern. Dreamland Ltd's inherent risk would increase if it reports a significant increase in growth earnings when the theme park industry is experiencing a decline. The inherent risk in relation to the truth and fairness of reported earnings would increase.
Case Study 8.20
Identify four internal control activities that the auditor might rely on in the conduct of the audit
The increased capability and scope of internal audit work has enabled external auditors to rely increasingly on internal audits when conducting an external audit. Furthermore, as a result of increasing their investment in internal auditing, companies have sought ways to reduce external audit fees by substituting internal audit work. A 2005 survey of 117 chief internal audit executives found that in 88% of their companies external auditors relied to some extent on the work of the internal auditors (Kaplan & Schultz, 2006).
Relying on internal auditing can avoid unnecessarily duplicating audit procedures. In addition external auditors can benefit from internal auditors as internal auditors have greater knowledge about the company's procedures, policies, and business environment than the actual external auditor.
Control activities are the policies, procedures, techniques, and mechanisms that help ensure that management's response to reduce risks identified during the risk assessment process are carried out. Furthermore, control activities are actions taken to minimize risk. The four internal control activities that the auditor in this case might rely on are the following:
This activity requires that the purchase of assets be reviewed to compare the actual purchase of assets against Medicorp Ltds budget for assets and to look for unusually high transactions. If a disproportionate amount of expenses, either high or low have been incurred, then this may be an indication that something is occurring that was not intended. These transactions should be questioned and adequately explained.
This includes activities like checking documents for accuracy, completeness and the proper authorisation of transactions. Before entry into an electronic system or submission of a form, the document should be reviewed for the attributes listed above. This will speed up the payment, reimbursement or recording of the activity and result in an efficient processing of the document.
These are essential for the adequate control of liquid type assets like cash, inventory or equipment. In Medicorps case, the auditor can rely on the physical control of the assets purchased and to see if they are stored in a secure and locked location. Furthermore, the auditor can check whether the records for the purchase of assets match with the actual assets on hand.
Segregation of duties
This provides for the segregation of duties among different people to reduce the risk of undetected errors or inappropriate actions. For instance in Medicorps situation, responsibilities for authorising transactions, recording them, and handling the related assets are divided. The risks for smaller departments are significantly greater than larger departments due to the fact that there are fewer individuals to assign these responsibilities. Care must be taken to avoid improperly delegating responsibilities to one individual because this can create a situation whereby that one individual controls all aspects of a transaction such as the purchase, payment and receipt of goods without any oversight.
Suggest two improvements that could be made to the internal control environment at Medicorp.
Strengthen the internal communication
Strengthen the internal communication by improving the internal information system. The two most important conditions for the implementation of a successful internal control are Information and Communication. Medicorp should establish information exchange channels within the organization that are two ways, i.e. top-down information dissemination and bottom-up information reporting. Once this channel is implemented, all employees would fully understand the information relevant to their duties. At the same time, raise the overall quality of all personnel in various departments and strengthen their training in business and ethics. Also, strengthen supervision on the quality of the accounting information system and hence minimizing the incidence of distortion of accounting information.
Improved internal environment construction
Internal environment includes the organization's mission statement, leadership styles, and its organizational culture'. Medicorp should establish a reasonable internal structure that gives full play to the strength of the collective power to avoid excessive concentration of rights. At the same time, divide all the relevant departments and their functions to achieve their goals according to their characteristics, their powers and responsibilities.