Not specifically linked

Question 1

Questions that we would ask component auditors (subsidiaries)

Answer 1

ISA 600: component auditors

Question 2

Weaknesses in a system

Answer 2

• Authorisation and approval
• Sound personnel practices
• Signing without assurance of physical control
• Docs do not agree to each other

Question 3

Masterfile controls

Answer 3

1. Strict password controls are in place
   - Password should have at least 6 characters, not be displayed on the screen & checked regularly
2. Access should be restricted
3. All amendments should be authorized
4. All amendments should be automatically sequentially logged by the system
5. Timeout facility where is automatically shuts down after 5 min inactivity.
6. Should shut down after 3 failed log in attempts
7. Should not be write access to the log of the masterfile amendments
8. MAF should be cross referenced to the credit application

Question 4

Audit opinion –> based on final materiality

Answer 4

1. Why is it a misstatement
2. What is the misstatement
3. Quantitatively (> final materiality) vs qualitatively (NOCLAR)
4. Factual (amount is given), Judgmental/projected (estimated usually from sampling)
5. Pervasive (affects the financial statements as a whole or only a single line item in then financial statements)
6. Request management to adjust (no = disagreement with management despite the auditor having sufficient and appropriate audit evidence that it is not in line with IFRS)
7. Audit opinion

Question 5

Audit opinion (subsequent events)

Answer 5

1. Event occurred on… it’s a subsequent event
2. Conditions existed before/after year end, thus adjusting vs non-adjusting
3. Implications for IAS 10 –> Disclose or include amount in AFS.
4. Adequately disclosed/adjusted by management -> qualified AO with emphasis of matter paragraph
5. Not adequately adjusted/disclosed = go into misstatement format from QvsQ

Conclude: qualified, unqualified, adverse

Question 6

Business risks

Answer 6

• MM may not comply with relevant L&R regarding … (personnel info) = legal liability and penalties
• Unauthorised access to computer system = loss of confidential data
• Fictitious customers may be created where we never receive payment from customers = financial loss
• Business continuity risk if system crashes = financial loss
• Transactions occur online = loss of data/ inadequate audit trail

Question 7

Weaknesses in IT control environment (Give scenario examples)

Answer 7

• Weak enforcement of integrity and ethical values because there’s no remedial action taking place where behavior is inappropriate
• Lack of competence -> lack of training
• Lack of participation by those charged with governance
• The board does not accept overall responsibility of governance (who has full control of everything?)
• MM operating style does not enforce sound controls which is evidenced by how..
• No segregation of duties
• Strict policies are not in place

Question 8

Application controls

Answer 8

1. Employee should use a unique username and password to log into the system
2. Password controls: Mix of letters, changed regularly, unique/random
3. Read-only access
4. Exception reports should be generated based on automated controls: Validity check, reasonableness check, limit check

Question 9

What should be considered before assigning you to be audit manager

Answer 9

1. Understanding of the audit engagement
2. Knowledge in the industry your auditing
3. Understanding of the audit standards and related regulations
4. Technical expertise in accounting and auditing dealing with (complex accounting eg FOREX)
5. Ability to apply professional judgement
6. Understanding of the firms quality control procedures
7. Independence from the company that you’re auditing.

Question 10

Overall audit plan

Answer 10

Nature:
- Because of the nature of the client, cannot use sub-procedures alone, therefore, CAATs are necessary

Timing
Focus on performing tests at/after year end due to the increased risk

Extent
- The extent of sub-procedures and manual TOC performed should be increased
- The extent of automated TO will not be affected because of the computerized process being consistent

Question 11

Ethical considerations for the integrity of MM before accepting the auditi

Answer 11

XYZ is part of the key manangement personnel, and his ingrity should be considered (list everything that he’s done & if a threat is identified)

Business reputation is sound -> ABC focuses on….

Basically, when thinking about things you need to consider before the audit, use ISQM 1:
For integrity: A68 as a huide
Main points are behavious of key management personnel (integrity should be considered) -> what did they do and do they impact CPC (If CPC lay it out)
Also think about clients operations or business practices (reputation): what are they doing for the community?

Question 12

What are general controls?

Answer 12

Everything that the company does not have control over. Includes access controls, controls over the staff (attitude, division of duties, confidential info, skills and competence and board review) + integrity and ethics.