- 20 Marks
AA – L2 – Q36 – Internal Control Systems
Question
An audit is often carried out in more than one sitting, especially when there are tight reporting deadlines. The auditors will carry out an interim audit during the period under review followed by a final audit shortly after the year end. Work at the interim audit will often include obtaining audit evidence about the operating effectiveness of controls.
(a)(i) Describe the impact on the final audit of performing work on internal controls at an interim audit.
(ii) Assuming an interim audit has taken place and work on internal controls was carried out, list the factors the auditor should consider when deciding how much more work is needed at the final audit in relation to internal controls.
Businesses may establish an audit committee to help improve corporate governance within a company. This can provide benefits to both internal and external auditors.
(b) Explain how an audit committee can benefit both the external auditors and the internal auditors of an entity.
There are similarities and differences between the responsibilities of internal and external auditors. Both internal and external auditors have responsibilities relating to the prevention, detection and reporting of fraud, for example, but their responsibilities are not the same.
(c) Explain the difference between the responsibilities of internal auditors and external auditors for the prevention, detection and reporting of fraud and error.
ISA 610 Using the Work of Internal Auditors provides guidance to external auditors on the use of internal audit work.
(d) List and explain the various criteria that should be considered by external auditors when assessing whether to take reliance from work performed by internal audit.
Answer
(ai) If the auditors are to place reliance on internal controls they must obtain evidence that controls have operated effectively throughout the period.
If the auditor obtains audit evidence about the operating effectiveness of controls at the interim audit, when it comes to the final audit, instead of having to gain evidence over controls covering the whole year the auditor can focus on obtaining audit evidence about significant changes to those controls subsequent to the interim period.
The auditor will need to determine the extent of the additional audit evidence to be obtained for the remaining period.
(aii) At the final audit the auditor will need to gain additional audit evidence about controls that were operating during the period between the interim audit and the year end. When determining the extent of the additional work needed the auditor will take into account:
- The significance of the assessed risks of material misstatement at the assertion level.
- The specific controls that were tested during the interim period, and significant changes to them since they were tested, including changes in the information system, processes, and personnel.
- The degree to which audit evidence about the operating effectiveness of those controls was obtained.
- The length of the remaining period.
- The extent to which the auditor intends to reduce further substantive procedures based on the reliance of controls.
- The strength of the control environment.
(b) Benefits of an audit committee to external auditors
An audit committee can benefit the external auditor because the committee provides a channel of communication and forum for issues of concern. This acts to strengthen the position of the external auditor and reduces the risk of intimidation threat arising which may occur when providing feedback directly to the board.
The audit committee therefore allows the external auditor to assert his/her independence in the event of a dispute with management.
Benefits of an audit committee to internal auditor
The audit committee will help maintain the quality of the internal audit function since one of its roles will be to monitor and review the effectiveness of the company’s internal audit function.
Since the internal auditors are able to report findings to the audit committee rather than directly to the board, as with the external auditors, their independence is strengthened and they should feel more comfortable when reporting irregularities and problems, and making recommendations, in areas where there has been board member involvement.
External Auditors
Prevention and detection
The external auditors are bound by the requirements of ISA 240. This requires that auditors recognize that fraud and error may materially affect the financial statements and design procedures to ensure that the risk is minimized. The auditors have no specific requirement to prevent or detect fraud. However, they must maintain professional scepticism throughout the audit, recognizing that circumstances may exist that cause the financial statements to be materially misstated.
By conducting the audit in accordance with ISAs the auditor obtains reasonable assurance that the financial statements are free from material misstatement caused by fraud or error. However, due to the nature of fraud the risk of not detecting fraud is higher than the risk of not detecting error.
Reporting
ISA 240 also sets out the requirements in relation to reporting fraud. If auditors suspect or detect a fraud, they must report it on a timely basis to the appropriate level of management.
If management are implicated the matter must be communicated to those charged with governance unless the fraud necessitates immediate reporting to a third party.
The matter should only be referred to in the auditor’s report if the opinion is modified on those grounds. It may also be that the matter is one which needs reporting to a relevant authority in the public interest. If the auditors feel that this is so, they should seek legal advice before taking any action, and request that the entity reports itself. If the directors refuse to make any disclosure in these circumstances, the auditors should make the disclosure themselves.
(c) Internal auditors
Prevention and detection
It is likely that the internal auditors will have a role both in the prevention and detection of fraud. Indirectly, they play a role in their involvement with the internal controls of a business, which are set up to limit risks to the company, one of which is fraud. Directly, they may be engaged by the directors to carry out test when a fraud is suspected, or routinely to discourage such activity.
However, if a serious fraud was suspected, a company might bring in external experts, such as forensic accountants or the police.
Reporting
If internal auditors discovered issues which made them suspect fraud, they would report it immediately to their superiors, who would report to those charged with governance. In the event that an internal auditor suspected top level fraud, he might make disclosure to the relevant authority in the public interest.
(d) Criteria to be considered when assessing whether to place reliance on internal audit work include the following:
Objectivity of function
The external hunting rifle The external auditor should consider whom the internal auditors report to and whether they are subject to any conflicting responsibilities, constraints or restrictions. This will affect the capability of the internal auditors to communicate significant matters openly.
Scope of function
The external auditors should consider the extent and nature of assignments performed by the internal auditors and the action taken by management as a result of internal auditor’s reports.
Technical Competence
The external auditors should consider whether the internal auditors have adequate technical training and proficiency.
Due professional care
The external auditors should consider whether the work of internal audit is properly planned, supervised, reviewed and documented.
- Tags: Detection, Error, External Auditors, Fraud, Internal Auditors, ISA 240, Prevention, Reporting
- Level: Level 2
- Topic: Fraud and Error
- Uploader: Samuel Duah