Auditing and Assurance Chapter 4: Risk Assessment and Internal Control
CA Inter Auditing and Assurance Chapter 4, Risk Assessment and Internal Control, Important Solved Questions for May 2021 & November 2021 Exams
XYZ Ltd is engaged in the business and running several stores dealing in variety of items such as ready made garments for all seasons, shoes, gift items, watches etc. There are security tags on each and every item. Moreover, inventory records are physically veriﬁed on monthly basis.
Discuss the types of inherent, control and detection risks as perceived by the auditor.
Inherent Risk: Because items may have been misappropriated by employees, therefore, risk to the auditor is that inventory records would be inaccurate.
Control Risk: There is a security tag on each item displayed. Moreover, inventory records are physically veriﬁed on monthly basis. Despite various controls being implemented at the stores, still collusion among employees may be there and risk to auditor would again be that inventory records would be inaccurate.
Detection Risk: Auditor checks the eﬃciency and eﬀectiveness of various control systems in place. He would do that by making observation, inspection, enquiry, etc. In addition to these, the auditor would also employ sampling techniques to check few sales transactions from beginning to end. However, despite all these procedures, the auditor may not detect the items which have been stolen or misappropriated.
Mr. N, one of the team members of the auditors of Reasonably Cheerful Limited was of the view that risks that were identified during the course of audit were not required to be documented. Explain with a reason whether the viewpoint of Mr. N is justified.
The auditor shall document the identiﬁed and assessed risks of material misstatement at the ﬁnancial statement level and at the assertion level ; and
the risks identiﬁed, and related controls about which the auditor has obtained an understanding.
Keeping in view the above, the viewpoint of Mr. N is not justified because risks that were identified during the course of audit of Reasonably Cheerful Limited were required to be documented by the auditors.
Extremely Fine Limited is an unlisted public limited company . For the financial year 2019-20, the turnover of the above mentioned company was ₹ 256 crore. In order to comply with provisions of Companies Act, 2013 the Board of Directors of Extremely Fine Limited during the financial year 2020-21, appointed an internal auditor. Comment on the appointment of Internal Auditor.
The appointment done by Board of Directors of Extremely Fine Limited is justified because according to Section 138 of the Companies Act, 2013 every unlisted public company having a turnover of ₹ 200 crore or more during the preceding financial year is required to appoint an internal auditor.
In the above mentioned question, Extremely Fine Limited is an unlisted public company having a turnover of ₹ 256 crore for the financial year 2019-20, which is more than ₹ 200 crore, therefore during the financial year 2020-21, Extremely Fine Limited is required to appoint an internal auditor.
One of the directors of Stability Establishment Limited was of the view that Internal Audit has no relation with Internal Control of a company. Comment
The objectives and scope of internal audit functions typically include assurance and consulting activities designed to evaluate and improve the eﬀectiveness of the entity’s governance processes, risk management and internal control such as the Activities Relating to Internal Control:
(i) Evaluation of internal control: The internal audit function may be assigned speciﬁc responsibility for reviewing controls, evaluating their operation and recommending improvements thereto. In doing so, the internal audit function provides assurance on the control. For example, the internal audit function might plan and perform tests or other procedures to provide assurance to management and those charged with governance regarding the design, implementation and operating eﬀectiveness of internal control, including those controls that are relevant to the audit.
(ii) Examination of ﬁnancial and operating information: The internal audit function may be assigned to review the means used to identify, recognize, measure, classify and report ﬁnancial and operating information, and to make speciﬁc inquiry into individual items, including detailed testing of transactions, balances and procedures.
(iii) Review of operating activities: The internal audit function may be assigned to review the economy, eﬃciency and eﬀectiveness of operating activities, including nonﬁnancial activities of an entity.
(vi) Review of compliance with laws and regulations: The internal audit function may be assigned to review compliance with laws, regulations and other external requirements, and with management policies and directives and other internal requirements.
Keeping in view above, the viewpoint of the director of Stability Establishment Limited is incorrect because internal audit has a very strong relation with internal control of a company. Internal Audit analyzes the effectiveness with which the internal control of a company is operating and also makes suggestions for improvement in that internal control.
Mr. T, one of the directors of Over Careful Limited was of the view that internal financial controls have nothing to do with accounting records of a company. Comment on the views of Mr T.
Clause (e) of Sub-section 5 of Section 134 explains the meaning of internal ﬁnancial controls as, “the policies and procedures adopted by the company for ensuring the orderly and eﬃcient conduct of its business, including adherence to company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable ﬁnancial information.”
In view of above, viewpoint of Mr. T is incorrect.
When auditor identiﬁes deﬁciencies and report on internal controls, he determines the signiﬁcant ﬁnancial statement assertions that are affected by the ineffective controls in order to evaluate the effect on control risk assessments and strategy for the audit of the ﬁnancial statements. Explain
Control risk assessment when control deﬁciencies are identiﬁed: When auditor identiﬁes deﬁciencies and report on internal controls, he determines the signiﬁcant ﬁnancial statement assertions that are affected by the ineffective controls in order to evaluate the effect on control risk assessments and strategy for the audit of the ﬁnancial statements.
When control deﬁciencies are identiﬁed and auditor identiﬁes and tests more than one control for each relevant assertion, he evaluates control risk considering all of the controls he has tested. If auditor determines that they support a ‘rely on controls’ risk assessment, or if compensating controls are identiﬁed, tested and evaluated to be effective, he may conclude that the ‘rely on controls’ is still appropriate. Otherwise we change our control risk assessment to ‘not rely on controls.’
When a deﬁciency relates to an ineffective control that is the only control identiﬁed for an assertion, he revises risk assessment to ‘not rely on controls’ for associated assertions, as no other controls have been identiﬁed that mitigate the risk related to the assertion. If the deﬁciency relates to one WCGW (what can go wrong) out of several WCGW’s, he can ‘rely on controls’ but performs additional substantive procedures to adequately address the risks related to the deﬁciency.
Obtaining an understanding of the entity and its environment, including the entity’s internal control, is a continuous, dynamic process of gathering, updating and analysing information throughout the audit. Analyse and explain giving examples.
Obtaining an understanding of the entity and its environment, including the entity’s internal control, is a continuous, dynamic process of gathering, updating and analysing information throughout the audit. The understanding establishes a frame of reference within which the auditor plans the audit and exercises professional judgment throughout the audit, for example, when:
- Assessing risks of material misstatement of the ﬁnancial statements;
- Determining materiality in accordance with SA 320;
- Considering the appropriateness of the selection and application of accounting policies;
- Identifying areas where special audit consideration may be necessary, for example, related party transactions, the appropriateness of management’s use of the going concern assumption, or considering the business purpose of transactions;
- Developing expectations for use when performing analytical procedures;
- Evaluating the sufficiency and appropriateness of audit evidence obtained, such as the appropriateness of assumptions and of management’s oral and written representations.
Internal control over safeguarding of assets against unauthorised acquisition, use, or disposition may include controls relating to both ﬁnancial reporting and operations objectives. Explain stating clearly the objectives of Internal Control.
Objectives of Internal Control
Internal control over safeguarding of assets against unauthorised acquisition, use, or disposition may include controls relating to both ﬁnancial reporting and operations objectives. The auditor’s consideration of such controls is generally limited to those relevant to the reliability of ﬁnancial reporting. For example, use of access controls, such as passwords, that limit access to the data and programs that process cash disbursements may be relevant to a ﬁnancial statement audit. Conversely, safeguarding controls relating to operations objectives, such as controls to prevent the excessive use of materials in production, generally are not relevant to a ﬁnancial statement audit.
Objectives of Internal Control are :
(i) transactions are executed in accordance with managements general or speciﬁc authorization;
(ii) all transactions are promptly recorded in the correct amount in the appropriate accounts and in the accounting period in which executed so as to permit preparation of ﬁnancial information within a framework of recognized accounting policies and practices and relevant statutory requirements, if any, and to maintain accountability for assets;
(iii) assets are safeguarded from unauthorised access, use or disposition; and
(iv) the recorded assets are compared with the existing assets at reasonable intervals and appropriate action is taken with regard to any differences.
It has been suggested that actual operation of the internal control should be tested by the application of procedural tests and examination in depth. Explain with the help of example in respect of the procedure for sales.
It has been suggested that actual operation of the internal control should be tested by the application of procedural tests and examination in depth. Procedural tests simply mean testing of the compliance with the procedures laid down by the management in respect of initiation, authorisation, recording and documentation of transaction at each stage through which it ﬂows.
For example, the procedure for sales requires the following:
1. Before acceptance of any order the position of inventory of the relevant article should be known to ascertain whether the order can be executed in time.
2. An advice under the authorisation of the sales manager should be sent to the party placing the order, internal reference number, and the acceptance of the order. This advice should be prepared on a standardised form and copy thereof should be forwarded to inventory section to enable it to prepare for the execution of the order in time.
3. The credit period allowed to the party should be the normal credit period. For any special credit period a special authorisation of the sales manager would be necessary.
4. The rate at which the order has been accepted and other terms about transport, insurance, etc., should be clearly speciﬁed.
5. Before deciding upon the credit period, a reference should be made to the credit section to know the creditworthiness of the party and particularly whether the party has honoured its commitments in the past.
Sweet Fruits Private Limited had a turnover of ₹ 155 crore for the financial year 2019-20. Explain whether during the financial year 2020-21, Sweet Fruits Private Limited would be required or not required to appoint an internal auditor, keeping in view the provisions of Companies Act, 2013.
During the financial year 2020-21, Sweet Fruits Private Limited would not be required to appoint an internal auditor because according to Section 138 of the Companies Act, 2013 every private company having a turnover of more than or equal to ₹ 200 crore during the preceding financial year is required to appoint an internal auditor.
It is given in the question that Sweet Fruits Private Limited during the financial year 2018-19 had a turnover of ₹ 155 crore which is less than ₹ 200 crore. Therefore, during the financial year 2020-21, Sweet Fruits Private Limited will not be required to appoint an internal auditor.