Audit Assurnce XXX

Question 1

Governance problem

Answer 1

Governance = econ & admin authority given to certain individuals to manage the affairs (resources) of an org BUT those charged with governance are not conducting affairs of entity in line with certain rules/regulations
… act against the interest of principal owners of business (taxpayer, citizen, public)
Management (leadership) / board directors are not acting in ways to uphold interest of shareholders (resource providers)

Ownership and management separated… cant trust managers to have good intentions

Eg government not following laws

Question 2

Auditor and governance
What do auditor do for governance

Answer 2

• Auditor is a check mechanism of what leaders (governance) do
• Auditor obtains reasonable assurance whether financial statements as a whole have been prepared in line with rules/regulations/standards
  And
  Financial statements are not materially misstated
• Owners / shareholders dont 100% trust governance, they get independent third party to check what managers have done

Question 3

Agency problem

Answer 3

Pursuit of own personal interest. Natural inherent human nature to pursuit own personal interest first, this may not be inline with the orgs objectives. Auditor helps check governance isnt acting putting own interest first

Question 4

Objective of auditor

Answer 4

Obtain reasonable assurance about whether the financial report as a whole is free from material misstatement, whether due to fraud or error

Question 5

Effectiveness of audit engagement

Answer 5

The effectiveness of the assurance engagement comes from the auditors relationship with the entity’s management body and governance body

Question 6

Auditor and who they work with / responsible for / whos interested in their work

Answer 6

Responsible to:
Audit committee. Involved in employment of audit committee.
Shareholder.. job to serve their interests (not managers)

Board of director form audit committee (oversee work of management)

Working relationship with:
Audit committee, management, board of directors

Interested:
external user

Question 7

Economic authority

Answer 7

Authority given to make money eg
Operating investing financing policies… tied to making money

Question 8

COSO’s internal control elements
Control environment description

Answer 8

The foundation for all other components of internal control. The core of any business is its people - their individual attributes including integrity, discipline, ethical values and competence - and the environment in which they operate. They are the engine that drives the organisation and the foundation on which everything rests

Question 9

COSO’s internal control elements
Control environment examples

Answer 9

-commitment to integrity and ethics
-internal control oversight by the board of directors, independent of management
-structures, reporting lines and appropriate responsibilities in the pursuit of objectives established by management and overseen by the board
-commitment to attract, develop and retain competent individuals in alignment with objectives
-holding individuals accountable for their internal control responsibilities in pursuit of objectives

Question 10

COSO’s internal control elements
Control activities - description

Answer 10

Control policies and procedures that help ensure the actions identified by management to address risks and achieve the org’s objectives are effectively carried out. Control activities are performed at all levels and at various stages within the org

Question 11

COSO’s internal control elements
Control activities
Selecting and developing controls that might help mitigate risk to an acceptable level - examples

Answer 11

Segregation of Duties - assigning different employees to handle different aspects of a transaction - eg one person handles record-keeping, another handles authorisation, another handles custody of assets. Reduce risk of fraud/error
Approval and Authorisation Controls - implementing approval mechanisms - eg requiring management to approve transactions over a certain amount. Prevents unauthorised activities
Reconciliation and Review - performing regular reconciliation - eg bank, physical inventory counts v records. Reviews of transactions to detect and correct discrepancies

Question 12

Reconciliation meaning

Answer 12

Process of comparing two sets of financial records to ensure they are accurate and consistent
Ensures accuracy, transactions recorded complete and correct, identify error or fraud

Question 13

COSO’s internal control elements
Control activities
Selecting and developing general control activities over technology - examples

Answer 13

Access Control - implementing user access controls eg unique user ID, strong passwords, role based access. Prevents unauthorised access to sensitive information and systems.
Change Management Controls - establishing process for approving and documenting changes to IT systems eg software updates or configuration changes, to ensure they dont negatively affect system functionality
Backup and Recovery Procedures - developing and testing data backup & disaster recovery procedures to ensure data integrity and availability in case of system failure or data loss

Question 14

COSO’s internal control elements
Control activities
Deploying control activities as specified in policies and relevant procedures - examples

Answer 14

Physical Controls - securing physical assets - eg inventory, cash using measures eg locks, access badges & security cameras. Prevent theft/damage
Performance Reviews - conducting regular performance reviews & analyses eg budget to actual comparison, variance analysis and KPI monitoring. Identify and address deviations from expected results
Document and Record Keeping Controls - maintaining comprehensive documentation of transactions, approvals & reviews. Provides an audit trail and support accountability and transparency

Question 15

COSO’s internal control elements
Risk assessment - description

Answer 15

Org must identify, analyse & manage its risks. Managing risk is a dynamic process. Management must consider changes in the external environment & within the business that may be obstacles to its objectives

Question 16

COSO’s internal control elements
Risk assessment
Specifying objectives clearly enough for risks to be identified and assessed - examples

Answer 16

Setting Financial Targets - defining specific financial targets eg revenue growth or cost reduction, allows for the identification of risks like the market volatility or cost overruns that could impact these targets
Optional Goals - establishing clear operational goals eg production efficiency or service delivery standards, helps in assessing risks related to supply chain disruptions, equipment failures or labour shortages

Question 17

COSO’s internal control elements
Risk assessment
Identifying and analyzing risks to determine how they should be managed - examples

Answer 17

Risk Mapping- creating a risk map that categorises risks based on their likelihood and impact, helping management prioritise which risks to address first.
Scenario Analysis- conducting scenario analyses to understand the impact of various risks under different conditions, such as changes in economic conditions, regulatory environments or competitive landscapes

Question 18

COSO’s internal control elements
Risk assessment
Considering the potential of fraud - examples

Answer 18

Fraud Risk Assessment Workshops - conducting workshops to identify potential fraud risks across departments, such as procurement fraud, payroll fraud, or financial reporting fraud.
Segregation of Duties Reviews - regularly reviewing the segregation of duties
to ensure no single employee has control over all aspects of a financial transaction, which could increase the risk of fraud.

Question 19

COSO’s internal control elements
Risk assessment
Identifying and assessing changes that could significantly impact the system of internal
control - examples

Answer 19

Regulatory Changes - assessing the impact of new laws or regulations, such as data protection regulations or tax laws, on existing internal controls and updating controls as needed.
Organisational Changes - evaluating risks arising from significant organisational changes, such as mergers, acquisitions, restructurings, or changes in key personnel, which could disrupt established processes or introduce new risks.

Question 20

COSO’s internal control elements
Information and communication - description

Answer 20

Information and communication are fundamental components of an organisation’s internal control system. They ensure that relevant, accurate, and timely information is identified, captured, and communicated effectively to enable employees and management to carry out their responsibilities. Effective communication flows both vertically (upward and downward within the org) and horizontally (across departments).

Question 21

COSO’s internal control elements
Information and communication
Internal reporting system - description + example

Answer 21

Developing internal reporting systems that provide timely and accurate information for decision-making.
examples
Management Dashboards - real-time dashboards that provide KPI’s and financial data to managers, allowing them to monitor progress toward objectives and make informed decisions.
Exception Reports - reports that highlight deviations from expected performance or procedures (e.g., budget overruns, inventory discrepancies) to prompt corrective action.

Question 22

COSO’s internal control elements
Information and communication
Policies and Procedures Manuals - description + example

Answer 22

Communicating policies, procedures & expectations to employees to ensure consistency and compliance across the org.
examples
Employee Handbooks - distributing handbooks that outline organisational policies on ethics, compliance, and conduct to ensure employees understand their responsibilities.
Training Programs - conducting regular training sessions to communicate updates to policies, procedures & regulatory requirements.

Question 23

COSO’s internal control elements
Information and communication
External Communication - description + example

Answer 23

Effectively communicating with external stakeholders eg investors, regulators & customers, to provide accurate and transparent information.
Examples
Financial Statements - providing accurate & comprehensive financial statements to shareholders and investors to communicate the org’s financial health.
Regulatory Filings - submitting timely and accurate reports to regulatory bodies, eg tax authorities and industry regulators, to comply with legal requirements

Question 24

COSO’s internal control elements
Monitoring - description

Answer 24

Monitoring is the process of continually assessing the effectiveness of an org’s internal controls over time.

This involves both ongoing activities and separate evaluations to ensure controls are operating as intended and are adapted to address any new risks or changes in the org’s environment.

Question 25

COSO’s internal control elements
Monitoring
Regular Internal Audits - description + examples

Answer 25

Conducting periodic internal audits to evaluate the effectiveness of internal controls & ensure compliance with policies and regulations.
Examples
Process Audits - reviewing specific business processes (e.g., procurement, payroll) to ensure controls are adequate & functioning as intended.
Compliance Audits - assessing compliance with laws, regulations, & internal policies to identify areas of non-compliance and recommend corrective actions.

Question 26

COSO’s internal control elements
Monitoring
Management Reviews - description + examples

Answer 26

Performing regular management reviews of key performance & control activities to identify potential issues and areas for improvement.
Examples
Variance Analysis - analysing budget-to-actual variances to identify unexpected discrepancies that may indicate control failures or inefficiencies.
Review Meetings - holding regular meetings to discuss performance results, control issues, and action plans to address identified gaps

Question 27

COSO’s internal control elements
Monitoring
Feedback Mechanisms - description + examples

Answer 27

Implementing feedback mechanisms to identify control deficiencies & opportunities for improvement.
Examples
Whistleblower Hotlines - establishing anonymous reporting channels for employees to report suspected fraud or control weaknesses.
Customer Complaints Systems - monitoring customer feedback and complaints to identify trends that may indicate underlying control or operational issues.

Question 28

Agency Theory - explanation

Answer 28

Agency theory explains the relationship between owners & managers.
Due to the remoteness of the owners from the entity, the owners have an incentive to hire an auditor to assess info provided by management

Question 29

Audit failure

Answer 29

failure in audit opinion. Incorrect or inaccurate audit opinion. Failure of audit process to detect material or significant misstatements…. Leading to release of incorrect information……. Maybe from negligence, faulty internal control, collusion (auditor and manager)

Question 30

How agency theory results in demand for auditing
QQ

Answer 30

In an agency relationship, investors (as principals) entrust their resources to managers (as agents). The agent’s self-interest is expected to diverge from the principals’ interest, giving rise
to agency costs. A consequence of this agency problem is that investors will ‘price protect’ themselves on the assumption that managers are acting for themselves. It is therefore a rational response that there is a demand for a financial statement audit to verify the assertions made by management

Question 31

Corporate failure

Answer 31

bad financial management making companies fail - company goes insolvent- companies inability to pay off dept.. Company becoming bankrupt. Company collapse.