Question

1. What are the two advantages of an Internal Control program to the manager?
2. What are the two types of errors that the auditor is exposed to?
3. You have been assigned a computer systems audit. But you are not a computer systems expert. What would you do?
4. During an interview somebody tells you something relevant to the audit. But no documentation can be found to support what you have been told. What should you do?
5. How would you identify fraud risk?
6. Explain the danger of the lack of segregation of duties.
7. Explain how to prepare a workpaper, and also explain what the workpaper is used for.
8. What is the test of application controls?

Answer 1

1. Advantages of Internal Control program to the manager :

a) Internal control program helps in detecting and preventing any internal control deficiencies which might lead to a material misstatement in financial statements.

b) It also keeps a check on any fraud activities being carried out by the employees through an approval or any other process.

2. The two types of errors that an auditor is exposed to are as follows :

a) Type I error : Incorrectly concluding that that there is a material misstatement

b) Type II error : Failing to detect a material misstatement

3. If you have been assigned to a computer systems audit even though you are not a computer system expert, we can take help of an "auditor's expert" who can guide us through the complex parts of the audit which are solely related and particular for a computer system. However it should be noted that the auditor is responsible for ensuring the competency, integrity and objectivity of the auditors' expert and also that the involvement of an auditor's expert does not absolve the auditor of his responsibility of his audit opinion on the financial statements.

4. There's a very popular phrase in accounting : "Work not documented is work not done". In terms of auditing, the reliability of audit evidence is very crucial. Audit evidence which is written instead of oral is much more reliable.

Hence if you are faced with a situation wherein you have been provided with an important understanding or evidence in an oral face-to-face interview, it is better to follow up the interview with a written mail highlighting the findings and conclusion of the interview and get it acknowledged by the person who provided such findings. This should also be documented by the auditors in their audit file as supportings for the conclusions reached.

5. Fraud risk assessment is something that is very important and essential both for the management and the auditors. Fraud risk identification process includes an identification of the possible incentives, pressures and opportunities to commit fraud. "Incentives, pressures and opportunities" to commit fraud is also known as "Fraud triangle". An effective fraud risk management framework will enable organisations to have controls that first prevent the fraud from occurring, detect as soon as a fraud happens and respond effectively to fraud incidents when they occur.

A fraud risk assessment will usually include the following three key elements :

a) Identify the fraud risk : The first step is to identify the fraud risk. This can be done in various ways such as implementing internal controls or conducting suprise checks like suprise cash counts or stock counts.

b) Assess significance of the fraud risk : Next step is to assess the potential likelihood of the fraud risk based on historical trends such as any frauds which have happened in the past or any known/suspected fraud schemes.

c) Responding to fraud risk : This is the most important steps which includes implementing controls/activities to eliminate the fraud risk. This can be done by implementing new policies and procedures which prevent such risk from ever arising again.

6. Danger of lack of segregation of duties : Segregation of duties is very important for an organization. Lack of segregation of duties raises the risk of management override of control which leads to greater exposure to fraud. If process owners for any 2 linked or related processes are the same, they can easily manipulate the accounts and there are higher chances of fraud occuring in such a process. For example : If the person maintaining the physical custody of fixed assets and handling the accounting of Fixed assets is the same person, he can easily manipulate the accounting records and show bogus purchases and embezel the cash himself.

7. A workpaper is very important for an auditor. A workpaper is used by the auditor for proving that the audit has been conducted in accordance with the applicable auditing standards and the laws and regulations. It serves as the basis for the conclusions that have been reached by the auditor and the opinion provided by the auditor.

A workpaper is a very descriptive paper which involves certain significant elements. Hence while preparing a workpapers auditor should ensure that the following elements are present therein :

-> A unique reference number

-> A descriptive heading of what the workpaper is about

-> Source of the data

-> How auditor has judged reliability of source of data

-> Conclusions reached on basis of work performed as per workpaper

8. First of all let's understand what are application controls : Application controls are those controls which improve the quality of the information being input into a database. These controls verify the information being input and let them be processed once they are sure that there is nothing wrong with the data. Example include validity check with other linked documents.

An auditor should test whether the application controls are working or are they being overrided by the management. There are several methods for testing application controls. Depending on the nature, timing and extent, the testing may differ however it usually includes the following :

-> Testing the system configurations

-> Checking user access lists, whether it is in accordance with the organization structure.

-> Reperforming reconciliation with the supporting documents

-> Reasonableness checks to test key data fields