Planning & Risk Assessment (3): Audit Documentation

Question 1

Why is audit documentation important?
Explanation
Includes 4 things

Answer 1

Audit documentation supports the auditor’s opinion and is required by the International Standards on Auditing (ISAs). It should be understandable by an experienced auditor and includes:

• Audit strategy & planning
• Audit procedures
• Audit evidence
• Conclusions

Question 2

What should an experienced auditor understand from audit documentation? (4)

Answer 2

The auditor should be able to understand:

• The nature, timing, and extent of procedures to comply with ISAs and legal requirements.
• The results of the procedures and evidence gathered.
• Conclusions reached on significant matters, including:
  
  • Single significant matters (e.g., internal controls)
  • Financial statements as a whole

Question 3

What types of files are used in audit documentation? (2)

Answer 3

Audit documents are categorized into:

• Permanent Files: Contain historical data of continuing relevance.
• Current Files: Relate specifically to the current year’s audit, including both interim and final documents.

Question 4

What documents are typically found in permanent files? (5)

Answer 4

Permanent files may include:

• Memorandum and articles of association
• Organization charts
• Lease or purchase documents
• Accounting manual
• Control system flowcharts

Question 5

What documents are typically found in current files? (5)

Answer 5

Current files may include:

• Financial statements and the auditor’s report
• Audit strategy and audit plan
• Working trial balance
• Adjustments to trial balance
• Supporting working papers

Question 6

What are the typical features of working papers? (5)

Answer 6

Working papers should include:

• Heading with client name and year-end date
• Title of working paper
• Actual date
• Indexing and cross-referencing to other working papers and the audit plan
• Marks to show the work done (e.g., @ for additions, V for validation)

Question 7

Who owns audit documents?

Answer 7

Audit documents are the property of the auditor but must not be shown to anyone without the client’s consent, except under specific ethical circumstances.

Question 8

What are the requirements for document custody? (4)

Answer 8

The firm must ensure documents are:

• Kept confidential and in safe custody
• Protected from unauthorized amendment
• Accessible and retrievable
• Kept for the required time period

Question 9

What are the key components of planning and risk assessment in auditing? (7)

Answer 9

• Understand the business
• Assess risk (AR = IR x CR x DR)
• Adopt professional skepticism
• Understand materiality and fraud
• Understand substantive procedures
• Create audit strategy and plan
• Rely on the work of others

Question 10

What are internal controls?

Explanation
They ensure the business is?

Answer 10

Internal controls are rules, policies, and procedures designed by management to prevent material misstatements or detect them in time for remedial actions. They ensure the business is:

• Operating effectively and efficiently
• Complying with relevant laws and regulations
• Providing reliable financial reporting

Question 11

Who is responsible for internal controls? (3)

Answer 11

It is the responsibility of:

• those charged with governance,
• management, and
• other personnel to design, implement, and monitor internal controls.

Question 12

What are the five key components of internal controls?

Answer 12

• Control Environment
• Risk Assessment Procedures
• Information System Relevant to Financial Reporting
• Control Activities
• Monitoring of Controls

Question 13

What does the control environment encompass? (6)

Answer 13

It relates to the culture and tone of the organization, and depends on:

• Communication and enforcement of integrity and ethical values
• Commitment to competence
• Participation by those charged with governance
• Management’s philosophy and operating style
• Organizational structure
• Assignment of authority and responsibility
• Human resource policy & practices

Often known as the ‘tone at the top’

Question 14

What is involved in the risk assessment process? (1+5)

Answer 14

The client’s process for identifying and responding to business risks, including:

• Changes in operating environment
• New personnel
• Rapid growth
• New or revamped information systems
• Corporate restructuring

Question 15

What constitutes the information system relevant to financial reporting & communication?

What does relevant to financial reporting mean?

What does communication mean>

Answer 15

It includes the infrastructure, software, people, procedures, and data necessary for preparing financial statements and facilitating decision-making.

‘Relevant to financial reporting’ means sufficient to prepare the financial statements and allow relevant and reliable decision making.

‘Communication’ means how well people understand their roles, and can include training and policy manuals, and open channels of communication.

Question 16

What are control activities?

Explanation
4 examples

Answer 16

Policies and procedures that help ensure management directives are carried out, including:

• Information processing (general IT & application controls)
• Segregation of duties
• Physical controls
• Performance reviews

Question 17

How are controls monitored? (3)

Answer 17

Monitoring can be done by:

• Management through routine checks
• Internal auditors focusing on internal controls
• Third parties, such as regulators and customers

Question 18

Why is communication important in internal controls?

Answer 18

Effective communication ensures that all personnel understand their roles and responsibilities, which can include training and policy manuals.

Question 19

What is the purpose of segregation of duties?

Answer 19

To prevent individuals from both perpetrating and concealing fraud by dividing responsibilities among different people.