Audit and assurance Flashcards
without extensive crime
Audit failure
Failure in audit opinion. Inaccurate incorrect audit opinion
Audit failure occurs where an auditor gives an opinion that the financial report is free from material error when this is not the case.
Failure in audit process to detect and/or report material errors, which can lead to the release of incorrect information
The risk is that users will make financial decisions based on the information contained in the financial report unaware that they contain material errors.
Users place reliance on an audit opinion that is wrong and can suffer losses as a consequence.
Corporate failure
Failure as a result of financial management
Corporate failure is the failure of the org to continue trading. Where a company is unable to meet its debts when they fall due it is insolvent and the company is no longer a going concern. There is likely to be an attempt to save some or all of the business from liquidation to maximise the ability to pay off creditors and possibly the shareholders.
Where the business cannot be saved, the assets will be sold to pay off the debts and surplus funds remaining, if any, will be given back to the shareholders. On completion of the liquidation the company no longer exists. When corporate failures occur, it is likely that some, if not all, the creditors will not receive all that is owed to them and the shareholders generally do not get any return.
The auditor only considers going concern to the extent that it is met so that the accounts can be prepared on a going concern basis. The auditor (unlike the directors) makes no positive assertion about the going concern of the company.
Insolvency = company bankrupt
Governance problem
Governance = econ & admin authority given to certain individuals to manage the affairs (resources) of an org BUT those charged with governance are not conducting affairs of entity in line with certain rules/regulations
… act against the interest of principal owners of business (taxpayer, citizen, public)
Management (leadership) / board directors are not acting in ways to uphold interest of shareholders (resource providers)
Ownership and management separated… owners cant trust managers to have good intentions
Eg government not following laws
Auditor and governance
What do auditor do for owners
- Auditor is a check mechanism of what leaders (governance) do
- Auditor obtains reasonable assurance whether financial statements as a whole have been prepared in line with certain rules/regulations/standards
And
Financial statements are not materially misstated - Owners / shareholders dont 100% trust governance to uphold their interest, they get independent third party (auditor) to check what managers have done for a particular period
Agency problem
Pursuit of own personal interest. Natural inherent human nature to pursuit own personal interest first. This may not be inline with the orgs objectives. Auditor helps check governance isnt acting in line with org objectives
Agency Theory - explanation
Agency theory explains the relationship between owners & managers.
Due to the remoteness of the owners from the entity, the owners have an incentive to hire an auditor to assess info provided by management
How agency theory results in demand for auditing
QQ
In an agency relationship, investors (as principals) entrust their resources to managers (as agents). The agent’s self-interest is expected to diverge from the principals’ interest, giving rise to agency costs. A consequence of this agency problem is that investors will ‘price protect’ themselves on the assumption that managers are acting for themselves. It is therefore a rational response that there is a demand for a financial statement audit to verify the assertions made by management
Users of audited financial statements & their demand for audited statements
The users of the financial statements are not limited to the shareholders or owners of the business…. other users can include:
* Investors: can include current or potential investors. Decisions include to buy, hold or sell stake in the org
* Suppliers: may want to assess whether the entity can pay them back for goods supplied.
* Customers: may look into going concern if it is to rely on the entity for goods - can they continue to meet my demands
* Lenders: to assess whether loan repayments can be made as and when they fall due. credit worthiness of client firm
* Employees: to assess whether they can pay entitlements, and stability may be assessed for job security.
* Governments: whether the entity is complying with regulations and paying appropriate taxes.
* General public: whether they should associate with the entity (future employee, customer or
supplier,) what it does and plans to do in future.
Sources of demand for audit and assurance services form users
- Remoteness: users do not have access to information themselves. Information asymmetry, manager have more access to info than owner
and prepares with proper rules/regulations - Complexity: users do not have knowledge to read and understand financial statements to be able to use them
- Competing incentives: managements incentives may have been over-represented. Users may not be able to identify, audit opinion can help identify them. Manager overrepresentation detrimental to shareholders
- Reliability: as decisions are being made based on information presented, it is important that it be reliable
C in CRIME
Control Activities
Control policies processes and procedures put in place to assist actions identified by governance to achieve the org’s objectives are effectively carried out & minimise risk to an acceptable level.
- Activities they want to be doing
eg. separation of duties…
assigning different employees to handle different aspects of a transaction - eg one person handles record-keeping, another handles authorisation, another handles custody of assets…..Reduce risk of fraud/error
Or
Physical Controls - securing physical assets - eg inventory, cash using measures eg locks, access badges & security cameras. Prevent theft / damage
R in CRIME
Risk Management
Org must identify, analyse & mitigate / manage risk to an acceptable level. Cannot eliminate risk
-not all risk have the same impact, high risk, low risk
Consider changes to the external and internal environment for potential obstacles to objectives
Eg
Fraud risk assessment workshop… conducting workshops to identify potential fraud risks across departments, such as procurement fraud, payroll fraud, or financial reporting fraud.
Risk Mapping- creating a risk map that categorises risks based on their likelihood and impact, helping management prioritise which risks to address first.
I in CRIME
Information & Communication
Fundamental component of internal control.
Ensures relevant accurate and timely info is identified captured and communicated effectively to enable employees and management to carry out their responsibilities.
Effective comms flows vertically (top management, bottom management, employees.
Horizontally, accross departments
Eg. People anonymously reporting misbehaviour eg whistle blowing
Exception Reports - reports that highlight deviations from expected performance or procedures (e.g., budget overruns, inventory discrepancies) to prompt corrective action.
Eg
Financial statements
M in CRIME
Monitoring
Process of constant assessment of the org’s internal controls effectiveness over time. This involves both ongoing activities and separate evaluations to ensure controls are operating as intended and are adapted to address any new risks or changes in the org’s environment.
Eg
Periodic internal audits eg compliance Audits - assessing compliance with laws, regulations, & internal policies to identify areas of non-compliance and recommend corrective actions.
Management reviews of kpi & control activities to find areas to improve eg variance Analysis - analysing budget-to-actual variances to identify unexpected discrepancies that may indicate control failures or inefficiencies.
Feedback mechanism eg - monitoring customer feedback and complaints to identify trends that may indicate underlying control or operational issues.
Eg audit procedure.
E in CRIME
Control Environment - foundational to all other elements
Foundational to every other internal control component. The core of any business is its people - their individual attributes including integrity, discipline, ethical values and competence - and the environment in which they operate. They are the engine that drives the organisation and the foundation on which everything rests
..Tone/culture set at the top (ethical culture, values of leadership). Strong values = strong risk assessment, control activities etc
People, culture at strategic top management
eg
Commitment to attract, develop and retain competent individuals in alignment with objectives
Governance people are committed to integrity and ethics
Broad oversight of internal control systems
Internal control objectives
Should help company achieve:
- Reliability and relevance of financial reporting want it to be accurate and useful
- Effectiveness and efficiency of operations - eg lecture doors limiting entrance outside lecture hours, job done, effective and efficient
- Compliance with applicable laws and regulations
