Answers
Fundamentals Level – Skills Module, Paper F8 (INT)
Audit and Assurance (International) December 2011 Answers
1 (a) Payroll system implications and recommendations
11
Implication Recommendation
Clocking in process
As there is no supervision of the clocking in process then,
as witnessed, employees can clock in multiple employees
simply by using their employee swipe cards. This will result
in a substantially increased payroll cost for Chuck Industries.
The clocking in and out procedures should be supervised by
a responsible official to prevent one individual clocking in
multiple employees. In addition, Chuck Industries could
consider linking the access to the factory floor with the
employee swipe card system. Hence employees can only
access the factory one at a time upon presentation of their
employee swipe card.
In addition, this could create a weaker control environment
whereby employees consider it acceptable not to follow
controls.
Employees should be reminded about the importance of
following Chuck Industries’ policies and procedures,
especially in relation to the clocking in/out process.
Without supervision/monitoring of the clocking in or out
process, employees could try to boost their hours worked by
clocking out several hours after their shift has finished, this
will lead to invalid and unauthorised overtime payments.
Overtime hours should be reviewed by the production
supervisor prior to payment, to ensure that only previously
authorised overtime is paid for.
Wages calculations
The wages calculations are generated by the payroll system
and there are no checks performed. Therefore, if system
errors occur during the payroll processing then this would
not be identified. This could result in wages being over or
under calculated, leading to an additional payroll cost or
loss of employee goodwill.
A senior member of the payroll team should recalculate the
gross to net pay workings for a sample of employees and
compare their results to the output from the payroll system.
These calculations should be signed as approved before
wages payments are made.
Hourly wage increase
The hourly wage has been increased by the Human
Resources (HR) department and notified to the payroll
department verbally. As payroll can be a significant expense
for a business, any decision to increase this should be made
by the board as a whole and not just by HR.
All increases of pay should be proposed by the HR
department and then formally agreed by the board of
directors.
The payroll department should not accept verbal
notifications of pay increases as it could be an unauthorised
increase, or an effort by an employee in HR to increase the
pay of certain members of staff, such as their friends.
Written notification of the increase should be sent to payroll
and HR and only then should the pay rise be incorporated
into the payroll package.
Wage payout
The factory supervisor should not be given the pay packets
of the night shift staff as this is a significant amount of
cash, being approximately one-third of the workforce. This
cash will not be in a secure location and so is open to the
risk of theft.
Consideration should be given to operating a shift system for
the payroll department on Fridays. This will ensure that
there are sufficient payroll employees to perform the wages
payout to the night shift employees. Therefore the same
controls applied to the morning and late afternoon shifts can
be put in place for the night shift.
In addition, the supervisor is not sufficiently independent to
pay wages out. He could adjust pay packets to increase
those of his close friends whilst reducing others.
Employees who miss the payout by the payroll department
will need to wait until Monday for their pay. No factory
supervisor should be allowed to hand out wages.
For employees absent on pay day, the supervisor retains the
wages and only returns them on Monday. This cash is
therefore not secure and is susceptible to loss or theft.
Pay packets of absent employees should be safely secured
in the safe overnight and then banked on Monday.
Joiners/leavers
Notification of joiners and leavers should be made on a
timely basis to the payroll department, even if some staff are
on holiday. Otherwise Chuck Industries could continue
making payments to employees who have left, or pay new
employees late, resulting in a loss of employee goodwill.
During periods of illness or holidays, key roles of the
affected employees should be reallocated to other members
of the team to ensure that controls are maintained.
Forms for new joiners should be completed when they are
appointed with appropriate start dates filled in, these should
then be distributed to all relevant departments. This should
reduce the risk of new joiners being missed out by the
payroll department.
(b) Payroll substantive procedures
– Agree the total wages and salaries expense per the payroll system to the detailed trial balance, investigate any
differences.
– Cast a sample of payroll records to confirm completeness and accuracy of the payroll expense.
– For a sample of employees, recalculate the gross and net pay and agree to the payroll records to verify accuracy.
– Re-perform calculation of statutory deductions to confirm whether correct deductions for this year have been included
within the payroll expense.
– Compare the total payroll expense to the prior year and investigate any significant differences.
– Review monthly payroll charges, compare this to the prior year and budgets and discuss with management any
significant variances.
– Perform a proof in total of total wages and salaries, incorporating joiners and leavers and the pay increase. Compare this
to the actual wages and salaries in the financial statements and investigate any significant differences.
– Select a sample of joiners and leavers, agree their start/leaving date to supporting documentation, recalculate that their
first/last pay packet was accurately calculated and recorded.
– For salaries, agree the total net pay per the payroll records to the bank transfer listing of payments and to the cashbook.
– For wages, agree the total cash withdrawn for wage payments equates to the weekly wages paid plus any surplus cash
subsequently banked to confirm completeness and accuracy.
– Agree the year-end tax liabilities to the payroll records, and subsequent payment to the post year-end cash book to
confirm completeness.
– Agree the individual wages and salaries per the payroll to the personnel records and records of hours worked per clocking
in cards.
(c) Laws and regulations
Under ISA 250 Consideration of Laws and Regulations in an Audit of Financial Statements, management have a
responsibility to ensure that the operations of Chuck Enterprises are conducted in accordance with the provisions of laws and
regulations. This includes compliance with laws and regulations that determine amounts and disclosures in financial
statements, including tax liabilities and charges.
Auditors are not responsible for preventing non-compliance with laws and regulations, and cannot be expected to detect
non-compliance with all laws and regulations. They have a responsibility to obtain reasonable assurance that the financial
statements are free from material misstatement, whether caused by fraud or error.
Blair & Co’s responsibility differs in relation to the two different categories of laws and regulations identified below:
– Laws and regulations which have a DIRECT effect on the determination of material amounts and disclosures in financial
statements. Here the auditor is responsible for obtaining sufficient appropriate audit evidence regarding compliance.
– Laws and regulations which DO NOT HAVE A DIRECT EFFECT on the determination of material amounts and disclosures
in financial statements, but may impact the entity’s ability to continue to trade. Here the auditor’s responsibility is limited
to specified audit procedures to help identify non-compliance with those laws and regulations that may have a material
effect on the financial statements. This includes inquiring with management whether the entity is in compliance with
such laws and regulations, and inspecting correspondence with relevant licensing or regulatory authorities.
Blair & Co also has a responsibility to remain alert, by maintaining professional scepticism, to the possibility that other audit
procedures may bring instances of identified or suspected non-compliance with laws and regulations.
(d) Substantive procedures to verify redundancy provision
– Discuss with the directors of Chuck Industries as to whether they have formally announced their intention to make the
sales ledger department redundant, to confirm that a present obligation exists at the year end.
– If announced before the year end, review supporting documentation to verify that the decision has been formally
announced.
– Review the board minutes to ascertain whether it is probable that the redundancy payments will be paid.
– Obtain a breakdown of the redundancy calculations by employee and cast it to ensure completeness.
– Recalculate the redundancy provision to confirm completeness and agree components of the calculation to supporting
documentation.
– Review the post year-end period to identify whether any redundancy payments have been made, compare actual
payments to the amounts provided to assess whether the provision is reasonable.
– Obtain a written representation from management to confirm the completeness of the provision.
– Review the disclosure of the redundancy provision to ensure compliance with IAS 37 Provisions, Contingent Liabilities
and Contingent Assets.
12
(e) Reliance on internal audit
ISA 610 Using the Work of Internal Auditors details the factors the external auditors should consider in order to place reliance
on the work of the internal audit (IA) department as follows:
Objectivity
They should consider the status of IA within the company and if they are independent of other departments, in particular the
finance department. In addition, consideration should be given as to who IA reports to, whether this is directly to those
charged with governance or to a finance director.
Technical competence
The technical competence of IA staff should be considered. Consideration should be given to whether they are members of a
professional body and have relevant qualifications and experience.
Due professional care
The external auditors should consider if the IA department have exercised due professional care, the work would need to have
been properly planned including detailed work programmes, supervised, documented and reviewed.
Communication
In order to place reliance there needs to be effective communication between the internal auditors and the external auditor.
This is most likely to occur when the IA department is free to communicate openly and regular meetings are held throughout
the year.
2 (a) Internal control components
ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment
considers the components of an entity’s internal control. It identifies the following components:
(i) Control environment
The control environment includes the governance and management functions and the attitudes, awareness, and actions
of those charged with governance and management concerning the entity’s internal control and its importance in the
entity. The control environment sets the tone of an organisation, influencing the control consciousness of its people.
The control environment has many elements such as communication and enforcement of integrity and ethical values,
commitment to competence, participation of those charged with governance, management’s philosophy and operating
style, organisational structure, assignment of authority and responsibility and human resource policies and practices.
(ii) Entity’s risk assessment process
For financial reporting purposes, the entity’s risk assessment process includes how management identifies business risks
relevant to the preparation of financial statements in accordance with the entity’s applicable financial reporting
framework. It estimates their significance, assesses the likelihood of their occurrence, and decides upon actions to
respond to and manage them and the results thereof.
(iii) Information system, including the related business processes, relevant to financial reporting, and communication
The information system relevant to financial reporting objectives, which includes the accounting system, consists of the
procedures and records designed and established to initiate, record, process, and report entity transactions (as well as
events and conditions) and to maintain accountability for the related assets, liabilities, and equity.
(iv) Control activities relevant to the audit
Control activities are the policies and procedures that help ensure that management directives are carried out. Control
activities, whether within information technology or manual systems, have various objectives and are applied at various
organisational and functional levels.
(v) Monitoring of controls
Monitoring of controls is a process to assess the effectiveness of internal control performance over time. It involves
assessing the effectiveness of controls on a timely basis and taking necessary remedial actions. Management
accomplishes the monitoring of controls through ongoing activities, separate evaluations, or a combination of the two.
Ongoing monitoring activities are often built into the normal recurring activities of an entity and include regular
management and supervisory activities.
(b) Audit report elements
The following elements should be included within an auditor’s report:
Title – The auditor’s report shall have a title that clearly indicates that it is the report of an independent auditor, this
distinguishes this report from any other.
Addressee – The auditor’s report shall be addressed as required by the circumstances of the engagement, it is determined by
law or regulation but is usually to the shareholders.
13
Introductory paragraph – The introductory paragraph in the auditor’s report shall identify the entity whose financial statements
have been audited, state that the financial statements have been audited, identify the title of each statement that comprises
the financial statements, refer to the summary of significant accounting policies and other explanatory information, and
specify the date or period covered by each financial statement.
Management’s responsibility for the financial statements – This section of the auditor’s report describes the responsibilities of
those in the organisation who are responsible for the preparation of the financial statements. The description shall include an
explanation that management is responsible for the preparation of the financial statements in accordance with the applicable
financial reporting framework, and for such internal control it determines is necessary to enable the preparation of the
financial statements that are free from material misstatement, whether due to fraud or error.
Auditor’s responsibility – The auditor’s report shall state that the responsibility of the auditor is to express an opinion on the
financial statements based on the audit and that the audit was conducted in accordance with International Standards on
Auditing and ethical requirements and that the auditor plan and perform the audit to obtain reasonable assurance about
whether the financial statements are free from material misstatement.
Opinion paragraph – When expressing an unmodified opinion the auditor’s opinion shall either state that the financial
statements ‘present fairly’ or ‘give a true and fair view’ in accordance with the applicable financial reporting framework.
Other reporting responsibilities – If the auditor addresses other reporting responsibilities in the auditor’s report, these shall be
addressed in a separate section in the auditor’s report titled ‘Report on Other Legal and Regulatory Requirements’.
Signature of the auditor – The auditor’s report must be signed, this is normally the personal name of the auditor or, if a partner
is signing on behalf of the audit firm, then the signature is of the name of the firm.
Date of the auditor’s report – The auditor’s report shall be dated no earlier than the date on which the auditor has obtained
sufficient appropriate audit evidence on which to base the auditor’s opinion on the financial statements.
Auditor’s address – The auditor’s report shall name the location where the auditor practises.
3 (a) Components of audit risk
Inherent risk
The susceptibility of an assertion about a class of transaction, account balance or disclosure to a misstatement that could be
material, either individually or when aggregated with other misstatements, before consideration of any related controls.
Inherent risk is affected by the nature of an entity and factors which can result in an increase include:
– Changes in the industry it operates in.
– Operations that are subject to a high degree of regulation.
– Going concern and liquidity issues including loss of significant customers.
– Developing or offering new products or services, or moving into new lines of business.
– Expanding into new locations.
– Application of new accounting standards.
– Accounting measurements that involve complex processes.
– Events or transactions that involve significant accounting estimates.
– Pending litigation and contingent liabilities.
Control risk
The risk that a misstatement that could occur in an assertion about a class of transaction, account balance or disclosure and
that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected
and corrected, on a timely basis by the entity’s internal control.
The following factors can result in an increase in control risk:
– Lack of personnel with appropriate accounting and financial reporting skills.
– Changes in key personnel including departure of key management.
– Deficiencies in internal control, especially those not addressed by management.
– Changes in the information technology (IT) environment.
– Installation of significant new IT systems related to financial reporting.
Detection risk
The risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a
misstatement that exists and that could be material, either individually or when aggregated with other misstatements.
Detection risk is affected by sampling and non-sampling risk and factors which can result in an increase include:
– Inadequate planning.
– Inappropriate assignment of personnel to the engagement team.
– Failing to apply professional scepticism.
– Inadequate supervision and review of the audit work performed.
– Incorrect sampling techniques performed.
– Incorrect sample sizes.
14
(b) Audit risks and responses
15
Audit risk Audit response
The finance director of Abrahams is planning to capitalise
the full $2·2 million of development expenditure incurred.
However in order to be capitalised it must meet all of the
criteria under IAS 38 Intangible Assets.
There is a risk that some projects may not reach final
development stage and hence should be expensed rather
than capitalised. Intangible assets could be overstated and
this risk is increased due to the loan covenant requirements
to maintain a minimum level of assets.
A breakdown of the development expenditure should be
reviewed and tested in detail to ensure that only projects
which meet the capitalisation criteria are included as an
intangible asset, with the balance being expensed.
The inventory valuation method used by Abrahams is
standard costing. This method is acceptable under IAS 2
Inventories; however, only if standard cost is a close
approximation to actual cost.
Abra