Auditing and Assurance Chapter 4: Risk Assessment and Internal Control
CA Inter Auditing and Assurance Chapter 4, Risk Assessment and Internal Control, Important Solved Questions for May 2021 & November 2021 Exams
Question 1
XYZ Ltd is engaged in the business and running several stores dealing in variety of items such as ready made garments for all seasons, shoes, gift items, watches etc. There are security tags on each and every item. Moreover, inventory records are physically verified on monthly basis.
Discuss the types of inherent, control and detection risks as perceived by the auditor.
Solution
Inherent Risk: Because items may have been misappropriated by employees, therefore, risk to the auditor is that inventory records would be inaccurate.
Control Risk: There is a security tag on each item displayed. Moreover, inventory records are physically verified on monthly basis. Despite various controls being implemented at the stores, still collusion among employees may be there and risk to auditor would again be that inventory records would be inaccurate.
Detection Risk: Auditor checks the efficiency and effectiveness of various control systems in place. He would do that by making observation, inspection, enquiry, etc. In addition to these, the auditor would also employ sampling techniques to check few sales transactions from beginning to end. However, despite all these procedures, the auditor may not detect the items which have been stolen or misappropriated.
Question 2
Mr. N, one of the team members of the auditors of Reasonably Cheerful Limited was of the view that risks that were identified during the course of audit were not required to be documented. Explain with a reason whether the viewpoint of Mr. N is justified.
Solution
The auditor shall document the identified and assessed risks of material misstatement at the financial statement level and at the assertion level ; and
the risks identified, and related controls about which the auditor has obtained an understanding.
Keeping in view the above, the viewpoint of Mr. N is not justified because risks that were identified during the course of audit of Reasonably Cheerful Limited were required to be documented by the auditors.
Question 3
Extremely Fine Limited is an unlisted public limited company . For the financial year 2019-20, the turnover of the above mentioned company was ₹ 256 crore. In order to comply with provisions of Companies Act, 2013 the Board of Directors of Extremely Fine Limited during the financial year 2020-21, appointed an internal auditor. Comment on the appointment of Internal Auditor.
Solution
The appointment done by Board of Directors of Extremely Fine Limited is justified because according to Section 138 of the Companies Act, 2013 every unlisted public company having a turnover of ₹ 200 crore or more during the preceding financial year is required to appoint an internal auditor.
In the above mentioned question, Extremely Fine Limited is an unlisted public company having a turnover of ₹ 256 crore for the financial year 2019-20, which is more than ₹ 200 crore, therefore during the financial year 2020-21, Extremely Fine Limited is required to appoint an internal auditor.
Question 4
One of the directors of Stability Establishment Limited was of the view that Internal Audit has no relation with Internal Control of a company. Comment
Solution
The objectives and scope of internal audit functions typically include assurance and consulting activities designed to evaluate and improve the effectiveness of the entity’s governance processes, risk management and internal control such as the Activities Relating to Internal Control:
(i) Evaluation of internal control: The internal audit function may be assigned specific responsibility for reviewing controls, evaluating their operation and recommending improvements thereto. In doing so, the internal audit function provides assurance on the control. For example, the internal audit function might plan and perform tests or other procedures to provide assurance to management and those charged with governance regarding the design, implementation and operating effectiveness of internal control, including those controls that are relevant to the audit.
(ii) Examination of financial and operating information: The internal audit function may be assigned to review the means used to identify, recognize, measure, classify and report financial and operating information, and to make specific inquiry into individual items, including detailed testing of transactions, balances and procedures.
(iii) Review of operating activities: The internal audit function may be assigned to review the economy, efficiency and effectiveness of operating activities, including nonfinancial activities of an entity.
(vi) Review of compliance with laws and regulations: The internal audit function may be assigned to review compliance with laws, regulations and other external requirements, and with management policies and directives and other internal requirements.
Keeping in view above, the viewpoint of the director of Stability Establishment Limited is incorrect because internal audit has a very strong relation with internal control of a company. Internal Audit analyzes the effectiveness with which the internal control of a company is operating and also makes suggestions for improvement in that internal control.
Question 5
Mr. T, one of the directors of Over Careful Limited was of the view that internal financial controls have nothing to do with accounting records of a company. Comment on the views of Mr T.
Solution
Clause (e) of Sub-section 5 of Section 134 explains the meaning of internal financial controls as, “the policies and procedures adopted by the company for ensuring the orderly and efficient conduct of its business, including adherence to company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information.”
In view of above, viewpoint of Mr. T is incorrect.
Question 6
When auditor identifies deficiencies and report on internal controls, he determines the significant financial statement assertions that are affected by the ineffective controls in order to evaluate the effect on control risk assessments and strategy for the audit of the financial statements. Explain
Solution
Control risk assessment when control deficiencies are identified: When auditor identifies deficiencies and report on internal controls, he determines the significant financial statement assertions that are affected by the ineffective controls in order to evaluate the effect on control risk assessments and strategy for the audit of the financial statements.
When control deficiencies are identified and auditor identifies and tests more than one control for each relevant assertion, he evaluates control risk considering all of the controls he has tested. If auditor determines that they support a ‘rely on controls’ risk assessment, or if compensating controls are identified, tested and evaluated to be effective, he may conclude that the ‘rely on controls’ is still appropriate. Otherwise we change our control risk assessment to ‘not rely on controls.’
When a deficiency relates to an ineffective control that is the only control identified for an assertion, he revises risk assessment to ‘not rely on controls’ for associated assertions, as no other controls have been identified that mitigate the risk related to the assertion. If the deficiency relates to one WCGW (what can go wrong) out of several WCGW’s, he can ‘rely on controls’ but performs additional substantive procedures to adequately address the risks related to the deficiency.
Question 7
Obtaining an understanding of the entity and its environment, including the entity’s internal control, is a continuous, dynamic process of gathering, updating and analysing information throughout the audit. Analyse and explain giving examples.
Solution
Obtaining an understanding of the entity and its environment, including the entity’s internal control, is a continuous, dynamic process of gathering, updating and analysing information throughout the audit. The understanding establishes a frame of reference within which the auditor plans the audit and exercises professional judgment throughout the audit, for example, when:
- Assessing risks of material misstatement of the financial statements;
- Determining materiality in accordance with SA 320;
- Considering the appropriateness of the selection and application of accounting policies;
- Identifying areas where special audit consideration may be necessary, for example, related party transactions, the appropriateness of management’s use of the going concern assumption, or considering the business purpose of transactions;
- Developing expectations for use when performing analytical procedures;
- Evaluating the sufficiency and appropriateness of audit evidence obtained, such as the appropriateness of assumptions and of management’s oral and written representations.
Question 8
Internal control over safeguarding of assets against unauthorised acquisition, use, or disposition may include controls relating to both financial reporting and operations objectives. Explain stating clearly the objectives of Internal Control.
Solution
Objectives of Internal Control
Internal control over safeguarding of assets against unauthorised acquisition, use, or disposition may include controls relating to both financial reporting and operations objectives. The auditor’s consideration of such controls is generally limited to those relevant to the reliability of financial reporting. For example, use of access controls, such as passwords, that limit access to the data and programs that process cash disbursements may be relevant to a financial statement audit. Conversely, safeguarding controls relating to operations objectives, such as controls to prevent the excessive use of materials in production, generally are not relevant to a financial statement audit.
Objectives of Internal Control are :
(i) transactions are executed in accordance with managements general or specific authorization;
(ii) all transactions are promptly recorded in the correct amount in the appropriate accounts and in the accounting period in which executed so as to permit preparation of financial information within a framework of recognized accounting policies and practices and relevant statutory requirements, if any, and to maintain accountability for assets;
(iii) assets are safeguarded from unauthorised access, use or disposition; and
(iv) the recorded assets are compared with the existing assets at reasonable intervals and appropriate action is taken with regard to any differences.
Question 9
It has been suggested that actual operation of the internal control should be tested by the application of procedural tests and examination in depth. Explain with the help of example in respect of the procedure for sales.
Solution
It has been suggested that actual operation of the internal control should be tested by the application of procedural tests and examination in depth. Procedural tests simply mean testing of the compliance with the procedures laid down by the management in respect of initiation, authorisation, recording and documentation of transaction at each stage through which it flows.
For example, the procedure for sales requires the following:
1. Before acceptance of any order the position of inventory of the relevant article should be known to ascertain whether the order can be executed in time.
2. An advice under the authorisation of the sales manager should be sent to the party placing the order, internal reference number, and the acceptance of the order. This advice should be prepared on a standardised form and copy thereof should be forwarded to inventory section to enable it to prepare for the execution of the order in time.
3. The credit period allowed to the party should be the normal credit period. For any special credit period a special authorisation of the sales manager would be necessary.
4. The rate at which the order has been accepted and other terms about transport, insurance, etc., should be clearly specified.
5. Before deciding upon the credit period, a reference should be made to the credit section to know the creditworthiness of the party and particularly whether the party has honoured its commitments in the past.
Question 10
Sweet Fruits Private Limited had a turnover of ₹ 155 crore for the financial year 2019-20. Explain whether during the financial year 2020-21, Sweet Fruits Private Limited would be required or not required to appoint an internal auditor, keeping in view the provisions of Companies Act, 2013.
Solution
During the financial year 2020-21, Sweet Fruits Private Limited would not be required to appoint an internal auditor because according to Section 138 of the Companies Act, 2013 every private company having a turnover of more than or equal to ₹ 200 crore during the preceding financial year is required to appoint an internal auditor.
It is given in the question that Sweet Fruits Private Limited during the financial year 2018-19 had a turnover of ₹ 155 crore which is less than ₹ 200 crore. Therefore, during the financial year 2020-21, Sweet Fruits Private Limited will not be required to appoint an internal auditor.