- 20 Marks
AAA – L3 – Q23 – Audit Planning
Question
Your firm has been invited to tender for the audit of Marvelous Retail, a chain of twenty stores operating a sophisticated computerised inventory control and re-ordering system. Four other firms have also been invited to tender. As part of the tendering process, you have been asked to produce a written presentation.
Given the complex systems within its business, Marvelous Retail is particularly anxious to establish the ability of your audit procedures to deal with the business risks and has asked you to set out as part of your presentation, your approach concerning the following:
(1) Audit risk, and how your procedures would seek to address it to their business.
(2) Materiality, and how this might be applied.
Required
Draft the sections of the presentation to Marvelous Retail which deal with these two aspects of the audit approach.
Answer
(1) Audit risk
Our firm’s audit approach is designed to allow us to form an opinion on the financial statements as efficiently as possible.
The identification of risk of misstatement is the key to this approach since we will direct particular audit attention to areas where we have perceived that misstatements are likely, but will not waste time checking for misstatements or irregularity where we are satisfied the chance of misstatement is so low as to be immaterial or insignificant.
Risk at the overall entity level
In assessing the possibility of misstatement in the financial statements there are two aspects to be considered.
(a) Inherent risk
This first aspect involves an assessment of the inherent risk of misstatements attaching to your particular business.
This will be affected by such considerations as the nature of the business, management philosophy, staff numbers and experience, timetables for accounts production, recent trends in results and the current financial position within the retail sector.
We would obviously need to discuss many of these matters with you in more detail before reaching any conclusions. However, our experience of audits in the retail sector will, we believe, be a considerable advantage in interpreting and using the information obtained.
In addition, this inherent risk is affected by the computerised nature of the systems.
Computers process systematically in accordance with the programming instructions. There is, therefore, a reduction in risk of random misstatements in the day-to-day transactions.
The key risks will be in systems development and the prevention of technical errors and breakdowns in the hardware and software.
Our considerable experience of computer audits allows us to adopt an approach which takes advantage of this fundamental nature of computerised systems, and which uses, rather than ignores, the computer.
(b) Control risk
This second aspect involves us assessing the control risk, i.e. the risk that misstatements are not being prevented or detected and corrected by the company’s own systems.
Key factors we would consider here might be as follows:
General IT controls
Clearly, the computerised nature of the systems has a fundamental effect on the audit risk, but may overall reduce the risk dramatically if there are good general IT controls over the environment within which the computer operates.
In particular, we would be concerned with the following:
- Development controls which ensure that the programs are properly designed, documented and tested before implementation.
- Operational controls which prevent misuse of the system. These would include not only personnel controls such as adequate training, but also software and hardware error protection.
- Continuity controls such as back-up procedures to ensure recovery from a technical breakdown or error without permanent corruption of files.
- Access or file security controls to prevent unauthorised access to or amendment of data or program files.
Management control over branches
In particular we will consider the extent to which budgeting and review systems and the company’s own internal analytical review of results would identify significant misstatements or irregularities in branch figures.
Internal audit
If there is an effective internal audit function it will be possible to use the work it does to provide evidence as to the accuracy of the records, either by direct testing or by testing of the operation of other detailed internal controls.
Risk at the individual account level
Again, there are areas we might deem inherently high or low risk simply due to their nature. For example, inventory is inherently liable to misstatement due to: - shoplifting (‘shrinkage’)
- short shelf lives of perishable goods
- losses arising from any bad press surrounding particular products.
However, we will also consider the particular internal controls, and hence specific control risk, relating to each area. This will involve assessment of both manual controls and automated controls.
Where possible, we will seek to take advantage of the additional controls it will have been possible for you to set up in the computer system, particularly in relation to inventory.
(2) Materiality
A matter is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements.
Our audit approach plans to allow us to detect material misstatements and we will decide in advance of detailed planning, an approximate materiality threshold (i.e. the threshold below which an misstatement would not be considered material) based on the size of key account areas in the financial statements.
There is obviously a direct link between risk and the materiality of any area. The smaller the area the less likely it can be materialy misstated.
Thus we will not direct attention to immaterial areas such as petty cash in the office, unless this is specific work you would like us to carry out as an additional engagement.
There will of course be certain areas which despite their small size are particularly important, such as disclosure of directors’ transactions.
- Topic: Planning
- Uploader: Salamat Hamid