- 20 Marks
Question
Awayewaserere Bakery Limited has been in business for over ten years. It has an internal control system in place, but it is not implemented as designed. The control lapses identified are indications that the company will find it difficult to cope with a rapidly changing business environment.
Despite computerisation of its operations, manual processing of transactions are still taking place. The employees have gate passes and tags that they should wear before entering the company premises. However, experience has shown that some of the tags are misplaced or stolen and used by unauthorised people to access the premises. Some of the directors are not committed and hardly do they meet the expected yearly number of times for which they are required to attend Board of directors‟ meeting.
Added to this, many of them bought goods from the company on credit and in most cases, did not pay back. A background check conducted on two of the Directors revealed that they engaged in unethical business practices, which had a negative impact on the image of the company and its market share.
A partner of the company’s auditors is the younger brother of the company’s Chairman. The auditors hardly issue any report on weaknesses identified in the internal control system of the company despite the indications of inclusion of material misstatements in the financial statements. The audit firm does not have capable staff. The Managing Director is very powerful to the extent that he can approve any amount of money or transaction. The supply of flour and other stock items are not subjected to competitive bidding, but by those nominated by the Managing Director and this sometimes led to over invoicing. Inventory count rarely takes place in the company, while impaired tangible assets are not identified.
The software available for processing transactions has not been updated since acquisition, and has been assessed unsuitable to support good financial reporting. Most of the staff of the organisation are poorly trained and the few experienced ones are not allowed to go on leave for fear of the inability of the inexperienced staff to perform when they are on vacation. Over-reliance on some staff and care-free attitude of the directors in performing their functions have made fraud to be perpetrated unnoticed.
The company’s revenue has dwindled over time and has led to the inability to meet financial obligations as at when due. Some creditors had threatened not to supply goods, except all outstanding debts owed them are paid. There are receivables in the company’s books of account that cannot be substantiated, hence they are as good as bad debts waiting to be written off. Payment of salaries and allowances of staff has become a problem and the relevant tax authority had threatened to prevent the company from operations if all statutory taxes are not paid. Due to the precarious financial situation of the company, a friend of the Chairman, who has been warning him about the business and other risks in the company, has suggested the need to look for a good investor that will inject fresh capital and introduce informed directors who are capable of turning the company around. He has also suggested the need to engage a new audit firm that will adopt a modern audit approach which is „risk-based‟ that will lead to transparency and confidence in the financial reporting of the company.
The Chairman of the company learnt that you work for one of the reputable audit firms in the country and has invited you for a discussion to help him understand the position of his friend on the need to allow new investors into the company.
Required:
a. Evaluate the main audit risks that prospective auditors are expected to assess and manage effectively in the above situation, if engaged. (6 Marks)
b. Discuss business risk and identify how it can be linked to the financial statements of Awayewaserere in the above scenario. (5 Marks)
c. State the financial statements risks that will affect audit risks in the above scenario. (9 Marks)
Answer
The main audit risks the prospective auditor will assess are:
i. Inherent risk: This is the risk that items may be misstated as a result of their inherent characteristics. Inherent risk may result from either:
the nature of the items themselves, for example, estimated items are inherently risky because their measurement depends on an estimate rather than a precise measure; or
the nature of the entity and the industry in which it operates, for example, a company in the construction industry operates in a volatile and high-risk environment, and items in its financial statements are more likely to be misstated than items in the financial statements of companies in a more low risk environment, such as a manufacturer of food and drink. When inherent risk is high, this means that there is a high risk of misstatement of an item in the financial statements. Inherent risk operates independently of controls and therefore cannot be controlled. The auditor must accept that the risk exists and will not „go away‟.
ii. Control risk: Control risk is the risk that a misstatement would not be prevented or detected by the internal control system that the client has in operation. In preparing an audit plan, the auditor needs to make an assessment of control risk for different areas of the audit. Evidence about control risk can be obtained through „tests of control‟ for each of the major transaction cycles. The initial assumption should be that control risk is very high, and that existing internal controls are insufficient to prevent the risk of material misstatement. However, tests of controls may provide sufficient evidence to justify a reduction in the estimated control risk, for the purpose of audit planning. It is unlikely that control risk will be zero because of the inherent limitations of any internal control system.
iii. Detection risk: The risk that the audit testing procedures will fail to detect a misstatement in a transaction or in an account balance. For example, if detection risk is 10%, this means that there is a 10% probability that the audit tests will fail to detect a material misstatement.
Detection risk can be lowered by carrying out more tests in the audit. For example, to reduce the detection risk from 10% to 5%, the auditor should carry out more tests.
In preparing an audit plan, the auditor will usually:
set an overall level of audit risk which he judges to be acceptable for the
particular audit; and
assess the levels of inherent risk and control risk, and then adjust the level of detection risk in order to achieve the overall required level of risk in the audit.
In other words, the detection risk can be managed by the auditor in order to control the overall audit risk. Inherent risk cannot be controlled because it operates independently of controls. Control risk can be reduced by improving the quality of internal controls; however, recommendations to the client about improvements in its internal controls can only affect control risk in the future, not control risk for the financial period that is being audited.
Audit risk can be reduced by increasing testing and reducing detection risk.
Business risk is the threat that an event or development may adversely affect the ability of the entity to achieve its objectives. It is the risk of an adverse development that could have a major impact on the company’s business, such as the loss of a major customer or an increase in the cost of a key commodity. An adverse business event is likely to affect the company’s business significantly, and so should be expected to affect its financial statements.
Business risks are risks faced by the management of the client entity, which could have an impact on the financial statements (including the going concern assumption). In the case of Awayewaserere, the business is exposed to the following:
i. Regulatory/compliance risk – Awayewaserere Bakery Limited is at risk of cessation of operations as threatened by the tax authority; if adequate provisions have not been made, then the financial statements may be misstated;
ii. Financial risk – Awayewaserere Bakery Limited is struggling with poor liquidity, impacting its ability to meet its short-term cash needs. This threatens the going concern of the entity, and if this is not indicated or provided for in the financial statements, it increases the risk of a material misstatement;
iii. Reputational risk – The unethical actions of some of the directors, affects the company’s goodwill and willingness of the customers to do business with them, and the reduction in market share could finally lead to a loss of capital investment; and
iv. operational risk – Over-reliance on a few key employees, which does not provide room for segregation of duties and controls, poor internal controls giving room for fraud, uncontrolled access to the company’s premises and obsolete accounting software – these are some operational risks the Awayewaserere is exposed to.
The financial statement risks that will affect audit risk in view scenario include:
(i) Risk of over-statement of revenue or other income. There may be some risk that revenue has not been recognised in accordance with the requirements of IFRS 15 Revenue from contracts with customers, and is over-stated. This risk will occur when customers make staged payments (for example staged payments for contract work) or pay deposits in advance (for example customer bookings for holidays): revenue should not be recognised until the performance obligation has been met, not when the payment is received.
(ii) Risk of over-statement of current assets. For example, there may be some doubts about whether amounts receivable will actually be recovered. A company may fail to make a sufficient allowance for irrecoverable amounts, and when this happens receivables and profit will be over-stated. Another example may be the risk of over-statement of inventories, due to the timing of the physical inventory count or the procedures used in the inventory counting process.
(iii) Risk of over-statement of non-current assets. There may be a risk that some non- current assets are over-stated in value, when there is some reason to suppose that impairment has occurred (for example impairment to a building due to fire or flood damage).
(iv) Risk of under-statement of liabilities. There may be a risk that some liabilities are not fully stated, particularly provisions. There may be no provision in the financial statements when it would be appropriate to make one, and so reduce profit and increase liabilities.
(v) Risk of understatement of operating expenses. As a general rule there is usually a fairly consistent ratio from one year to the next between elements of cost and sales revenue. For example the ratio of administrative expenses to revenue and the ratio of sales and distribution costs to revenue are often fairly consistent from one year to the next. Some changes may occur, but not usually large changes. So for example if sales revenue is increasing but the ratio of administrative costs to sales is falling sharply, this could indicate a risk of under-statement of operating expenses.
(vi) Risk from accounting estimates. The auditor should check accounting estimates carefully. These rely on management judgment and when estimates are a material amount there will be a significant risk of misstatement.
(vii) Failure to comply with the requirements of specific accounting standards. The risks of disclosure of misstatement or non-disclosure due to a failure to comply properly with the requirements of the accounting standard.
- Tags: Assets, Audit risks, Bad Debts, Business Environment, Business risk, computerisation, confidence, director commitment, Financial obligations, financial situation, financial statements link, financial statements risks, Fraud, internal control lapses, Internal Control Weaknesses, Inventory, investor suggestion, Payables, prospective auditors, Receivables, Revenue, revenue decline, Risk Assessment, Risk-Based Audit, Software, Tax, tax threats, Transparency, unethical practices
- Level: Level 3
- Topic: Risk Management in Audits
- Series: MAY 2025
- Uploader: Samuel Duah