Lesson Exercise 2. Audit Risk Model as a Planning Tool You are beginning an audit engagement concerning a small firm in the metal subcontracting industry. The firm is a subcontractor for several firms that are purchasing components. The managing director is the main owner of this small firm. Besides him there are two other owners, who all are the founding persons of the firm. Suppose that you are using the audit risk model quantitatively in assessing the detection risk and necessary amount of substantive tests in order to keep the overall audit risk low (5 %) in financial statement auditing. You have the working papers of the previous audit of the selling activity and accounts receivable; in this previous audit the following risk levels were set for the accounts receivable in the financial statement for the firm. Accounts receivable A = Audit Risk 0,05 (5 %) IR = Inherent Risk 0,50 (50 %) CR = Control Risk 0,40 (40 %) DR = Auditor’s Detection Risk - Calculate here:________________________. After this previous audit following has happened: The market situation has worsened in the subcontracting branch in question. Some end-product producers are anticipated to fall in troubles and are already experiencing worsening liquidity and troubles in paying bills. The three owners are old and are willing to retire. They had decided to sell their company for investors and this decision was made during the accounting period under audit. The owners wants to get as a good selling price as possible. Required a) Based on this explained changed situation, would you change the risks (IR, CR) used in the previous audit. If you change risks, calculate again the detection risk (DR). b) Justify and explain why you possibly changed the assessed risks. Lesson Exercise 3. Flowchart and Risk – Control assessment This audit is targeted to a factory’s salary payment function. In the preliminary study the auditor decided to make a flowchart of the salary payment process in question. Based on observing and interviews the auditor formed the following description of the payroll process. The personnel department kept the personnel register and a personnel secretary’s task was to keep and update the register. The factory had a clock cards system and workers had to clock in and clock out. The IT-department is responsible of the time control devices and computer system and its maintenance. If workers were doing overtime, this had to be based on overtime authorizations decided by the supervisors. Based on a personnel register, working time data and overtime authorizations data pay masters calculate the salaries and a computer salary run is made once a month. According to this payroll, the bookkeeper makes corresponding entries to the wages account in the journal. Chief accountant signs the bank payments transactions transmission and the pay lists are sent to workers. The bank after getting the approved transmission data pays the salaries to workers’ accounts. Once a month the bank sends a bank account statement to the firm. The bookkeeper makes a reconciliation between the bank statement and the wages account. Required: a) Draw a flowchart of the salary payment process. b) Think about the possible relevant risks in the salary payment process and list 5-8 risks. Point these risks to the flowchart. c) Think about the possible effective controls to these risks, and point them also to the flowchart. Lesson Exercise 4. Analytical methods Sawyer’s Internal Auditing Part 3/Scientific Methods, Multiple Choice Questions 21. What form of analytical review might uncover the existence of obsolete merchandise ? a) Inventory turnover rates. b) Decrease in the ratio of gross profit to sales. c) Ratio of inventory to accounts payable d) Comparison of inventory values to purchase invoices. 22. Which of the following analytical audit findings would most likely indicate a possible problem ? a) A material decrease in the receivables turnover. b) A material increase in inventory turnover. c) A material decrease in days-sales-outstanding d) A material increase in the acid-test ratio. Lesson Exercise 5. Control Testing with Sampling A government agency that controls environmental emissions and gives firms and other corporations permissions is a target of an audit. During the audit planning and preliminary study the auditor assessed the control environment and control activities in the agency and decided to do a statistical sampling of agency’s permission decision activity. The auditor took a statistically determined sample of 100 of total 10 000 permission decisions. The sample was randomly selected without replacement (once included in the sample, the item cannot be selected again). When evaluating the sample the auditor observed that one written permission of 100 was not properly justified for the applicant (an industrial firm). The written permission decision lacked references to environmental laws and also the appeal directions, which, according to regulations, should be included into the official decision document sent to the client. Required: a) Use the table attached below and assess with a 95 % confidence and with 5 % risk of assessing the control risk too low, what is the rate of errors in the population (10 000 permission decisions). The auditor has set a tolerable rate of control deviations to 5 % - compare the achieved upper precision limit on deviation rate to this tolerable rate of deviations. b) How critical do you deem the deviation and what are your conclusions based on this audit sampling ? What would be the auditor’s assessment of the functioning of the control activities in the government environmental agency ? A part from a statistical table, look in details Glezen & Taylor 1997, page 304. Evaluation of sample results (estimation sampling for attributes) Sample size 100 Chosen Risk level 10%, 5% or 1%, and the achieved upper precision limit on deviation rate (achieved tolerable rate) in the population Risk level Number of deviations 10 % 5 % 1 % found in the sample Achieved upper precision limit % % % 0 2,28 2,95 4,50 1 3,83 4,66 6,45 2 5,23 6,16 8,14 3 6,56 7,56 9,70 4 7,83 8,92 11,17 5 9,08 10,23 12,58 6 10,29 11,50 13,95 7 11,49 12,75 15,29 8 12,67 13,97 16,59 9 13,83 15,18 17,87 10 14,99 16,37 19,13 .. etc. Lesson Exercise 6. Attribute sampling (test of controls) The basic sample size formula for attribute sampling is following: 2 n= C pq 2 P n = sample size C = confidence coefficient (e.g., at a 95 % confidence level it equals 1,96) p = expected deviation rate q = 100 %-p P = precision (if, for instance, ± 2 %, you get 0,02) Sample size adjustment to population formula n’ = final sample size N = population n' = n/(1 +(n/N) An auditor is planning to use attribute sampling to test the effectiveness of a specific internal control related to approvals of invoices for payments. The population is 1000, The expected error rate was 5 %, and the desired precision is 2 %. The auditor wanted to have a 95 % confidence level. a) What is the statistical sample size ? b) The auditor finds 15 deviations in the sample taken according to a) What are the conclusions of the control ? c) What if the auditor finds 22 deviations, what would be the new sample size with this deviation rate ? d) Or what would be the achieved precision if the sample size is kept and not risen up with these 22 deviations ?