Aue4862 2016 Tut102 PDF
Aue4862 2016 Tut102 PDF
Aue4862 2016 Tut102 PDF
ZAU4862/102/0/2016
NAU4862/102/0/2016
Applied Auditing
AUE4862/ZAU4862/NAU4862
Year module
Bar code
2
AUE4862/102
ZAU4862/102
NAU4862/102
INDEX Page
Due date 3
How the topics of this tutorial letter relate to the audit process 5
2 Pre-engagement activities 7
Self-assessment questions 69
HJB
3
AUE4862/102
ZAU4862/102
NAU4862/102
DUE DATE
The Department of Financial Governance has a HELPDESK for postgraduate students. All queries,
except those of a purely administrative nature, may be directed to the Helpdesk. You may contact the
Helpdesk either by e-mail or telephonically between 08:00 and 16:00, from Monday to Friday.
E-mail AUDpostgrad@unisa.ac.za
Telephone 012 429 4943
1. By this time, you should be familiar with the relevant chapters in your prescribed textbook as
well as the International Standards on Auditing covered by the study unit. Only refer to the
prescribed material if principles are contained in the questions with which you are not familiar
when working through this tutorial letter.
3. Do the questions in the study unit and make sure you understand the principles contained in
the questions.
4. Consider whether you have achieved the specific outcomes of the study unit.
5. After completion of all the study units, attempt answering the self-assessment questions to
test whether you have mastered the contents of this tutorial letter.
HJB
4
AUE4862/102
ZAU4862/102
NAU4862/102
JANUARY 2016
MONDAY TUESDAY WEDNESDAY THURSDAY FRIDAY WEEKEND
12 13 14 15 16+17
18 19 20 21 22 23+24
25 26 27 28 29 30+31
Do self- Do self-
assessment assessment
questions questions
HJB
5
AUE4862/102
ZAU4862/102
NAU4862/102
Preliminary engagement
activities (TL 102)
103)
Planning
(TL 102)
King III (TL 103)
Evaluation, conclusion
and reporting
(TL 105)
HJB
6
AUE4862/102
ZAU4862/102
NAU4862/102
INTRODUCTION
The diagram on the previous page sets out the different stages of the audit process.
The audit process can be divided into four stages. The first phase is the pre-
engagement phase. The second phase is the planning phase which includes obtaining
an understanding of the entity and its environment, the assessment of risks and
establishing the overall audit strategy and audit plan. The third phase is the auditor’s
response to the assessed risks and includes the performance of tests of controls and
substantive audit procedures. The fourth phase is the evaluation, conclusion and
reporting phase. This diagram will be included in each of the tutorial letters to follow
during the year. It will demonstrate to you where the topics covered by the tutorial letter
fit into the audit process. The topics covered in this tutorial letter as depicted on the
diagram are shaded.
While studying the diagram, you will note that the CPC, by–Laws, APA, rules regarding
improper conduct, King III and Companies Act are included in all the stages of the audit
process. It implies that they are applicable not only at a specific stage of the audit
process but also throughout the whole audit process. The auditor has to comply with
ethics, principles and laws from the time of assessing whether or not to accept the client
until the issuance of the audit report.
OBJECTIVES
identify and explain the details of each stage of the audit process.
Auditing Notes for South African Students, 9th edition, chapter 6, pages 6/6–6/8.
HJB
7
AUE4862/102
ZAU4862/102
NAU4862/102
INTRODUCTION
The first phase of the audit process is the preliminary engagement activities.
Preliminary engagement activities take place before the auditor accepts or declines an
audit engagement. These activities are performed when the auditor has to decide to
accept a new client or to continue the relationship with an existing client.
OBJECTIVES
evaluate the audit work performed when accepting new clients by referring to
ISQC1, ISA 220, ISA 300 and the CPC.
HJB
8
AUE4862/102
ZAU4862/102
NAU4862/102
Overview
As per ISA 300, par 6, the auditor shall undertake the following activities at the beginning of the
current audit engagement:
(a) performing procedures required by ISA 220 regarding the continuance of the client relationship
and the specific audit engagement;
(c) establishing an understanding of the terms of the engagement, as required by ISA 210.
IMPORTANT PRINCIPLE
As per ISA 220, par 12, and A8 and ISQC 1, par 26, before an audit firm can accept or
continue a client relationship, it has to consider the following:
2. whether the audit firm and engagement team can comply with the relevant ethical
requirements;
3. whether the audit firm has considered the integrity of the principal owners, key
management and those charged with governance of the entity; and
4. if there are any significant matters that have arisen during the current or previous
audit engagement, and their implications for continuing the relationship.
When considering the competence and capabilities of the engagement team, the engagement
partner may consider the following (ISA 220, par A11) (ISQC1, par A18):
the audit team’s experience with audit engagements of a similar nature and complexity;
the professional standards and applicable legal and regulatory requirements that must be
adhered to and whether the firm personnel have experience with these requirements, or
the ability to gain the necessary skills and knowledge;
whether the firm has sufficient personnel with the necessary competence and
capabilities;
the technical expertise within the team or access to other auditors or experts who do
have the relevant expertise (ISA600, ISA610 and ISA620);
knowledge of the relevant industry in which the client operates;
the audit team’s ability to apply professional judgement;
the ability to comply with the firm’s quality control policies and procedures as per ISQC1;
the availability of personnel to perform quality control reviews; and
the ability of the engagement team to complete the engagement within the reporting
deadline.
HJB
9
AUE4862/102
ZAU4862/102
NAU4862/102
The firm and the engagement team are required to be independent in order to comply
with the ethical requirements prior to accepting a new client or when continuing to
provide statutory audit services to an existing client.
Please refer to the Code of Professional Conduct (CPC) for the different types of threats
to independence. Please note that the CPC is only applicable to chartered accountants,
and that it might be that not all the members of the audit team are chartered accountants.
However, all the members of the audit team are required to be independent in terms of
the International Standards on Auditing. As a result, the CPC will be used as guidance to
identify any independence threats of the audit team members, including those who are
not chartered accountants.
Section 210 of the CPC deals with ethical considerations of a professional appointment.
This section also discusses procedures that need to be followed when contacting the
previous auditors.
The scenario states that the engagement partner assigned to the audit of ABC Ltd is
married to the CEO of ABC Ltd. The CEO of ABC Ltd receives a bonus based on profits.
Required: Discuss ethical concerns prior to accepting ABC Ltd as a statutory client.
If your answer was only one of the following, it will be incomplete, resulting in a loss of
marks:
There is a threat to independence and therefore, the engagement partner should not
be part of the audit of ABC Ltd.
OR
There is a familiarity threat and therefore, the engagement partner should not be part
of the audit of ABC Ltd.
Ethical requirements
There is a familiarity threat, as the engagement partner is married to the CEO of the
audit client.
There is a self-interest threat – the audit partner is married to the CEO and she has a
financial interest in ABC Ltd.
There is an intimidation threat, as the audit team might be reluctant to ask challenging
questions for fear of upsetting the audit partner’s spouse.
It will not be appropriate for the audit partner to be involved in the audit of ABC Ltd.
HJB
10
AUE4862/102
ZAU4862/102
NAU4862/102
EXAMINATION TECHNIQUE
The threats in the above answer are explained by linking them to the information in the
scenario, whereas the threats in the top part of the answer were not linked to the
information in the scenario.
3. The integrity of the principal owners, key management and those charged with
governance of the entity (ISQC 1, par A19)
When considering the integrity of the client, the engagement partner may take the following into
account (ISQC1, par A19):
The identity and business reputation of the client’s principal owners, key management,
and those charged with governance.
The nature of the client’s operations, including its business practices.
Information concerning the attitude of the client towards matters such as
an aggressive interpretation of accounting standards and the internal control
environment; and
a reputation for maintaining poor relationships with its auditors.
The client’s attitude towards paying the audit fee. (Will they be able to pay the audit fee,
or are they only concerned with keeping the fee as low as possible?)
Any indications that the client will impose a limitation on the audit.
Indications that the client might be involved in criminal activities.
The reasons for the proposed appointment of the firm and non-reappointment of the
previous firm (indicate the reason for the change of auditors).
The identity and business reputation of related parties.
When considering other significant matters, the engagement partner may consider the
following:
Any changes that occurred during the year for existing clients.
Information obtained from communication with the predecessor auditor (ISA 300, par
13(b)).
Whether there is a legal vacancy to appoint the auditors (sec 91 of the Companies Act).
Any professional and legal responsibilities that might arise (sec 45 and 46 of the Auditing
Profession Act).
After the auditor has considered the above four aspects, the terms of the audit must be agreed upon.
The auditor may only accept a new client or continue an audit engagement if the terms of the audit
have been agreed upon.
ISA 210, par 9 to 10, states that the agreed terms of the audit engagement shall be recorded in an
audit engagement letter and shall include:
HJB
11
AUE4862/102
ZAU4862/102
NAU4862/102
4. the identification of the applicable financial reporting framework for the preparation of the
financial statements; and
5. reference to the expected form and content of any reports to be issued by the auditor and a
statement that there may be circumstances in which a report may differ from its expected form
and content.
Refer to ISA 210, par 9 to 12, for the agreement on audit engagement terms and ISA 210, Appendix 1,
for an example of an audit engagement letter.
QUESTION 15 marks
You are a first-year trainee accountant at Andre Gauta Ephraim Incorporated (AGE), a medium-sized
audit firm. You are one of six audit team members to audit the DanChrome Group.
In preparation for the audit of DanChrome Group, your audit senior presented you with the following
information on the DanChrome Group:
DanChrome Ltd (DanChrome) was established in 1976 in South Africa. Its core business is the mining
and smelting of chrome ore. Chrome ore is converted to ferrochrome through intense metallurgical
processing. DanChrome is one of the largest integrated ferrochrome producers in the world with an
annual capacity of one million tons. DanChrome produces three grades of ferrochrome, namely
charge chrome, intermediate chrome and low carbon ferrochrome, each used in different areas of the
stainless steel smelting process.
DanChrome’s mining operations are situated in Meyerton. The head office is situated in the central
business district of Johannesburg. The DanChrome Group employs a workforce of 16 300 employees.
In April 2010, AGE was awarded a tender to audit DanChrome and its newly acquired subsidiary
company, SamCoal (Pty) Ltd (SamCoal) for the year ended 31 August 2010. The appointment of AGE
will be evaluated annually at DanChrome’s annual general meeting as stated in the revised
memorandum of incorporation of the company. The appointment of AGE as the auditors of
DanChrome was a direct result of the previous auditors filing a notice of resignation. The previous
auditors resigned because they regarded themselves as not having adequate resources to service
DanChrome due to the company’s growth. When AGE contacted the previous auditors, they confirmed
that they had enjoyed the long association with DanChrome and also stated that DanChrome has a
good reputation in the industry.
DanChrome acquired a 55% shareholding in SamCoal on 11 September 2009. At the time, the year
end for SamCoal was on 31 March. To ensure consistency in group reporting, the financial year end of
SamCoal was changed to 31 August. The core business of SamCoal is the mining of coal. SamCoal
has three coal-mining sites in various areas of Mpumalanga and a newly established mining site in
Limpopo. Each coal mining site has accounting staff responsible for capturing financial data. The head
office of SamCoal is situated in Middelburg.
HJB
12
AUE4862/102
ZAU4862/102
NAU4862/102
During mid-March 2010, Denzil Phillips, the audit partner on the audit, was approached by Sipho
Platinum Mines Ltd, an 80% shareholder of DanChrome, to negotiate the sale of its shares in
DanChrome. The sale was completed successfully in May 2010. This resulted in the delisting of
DanChrome from the JSE Ltd. The new shareholding of DanChrome is as follows:
In May 2010, the DanChrome Group was affected by the South African Transport Union’s strike that
lasted for a month. Employees of DanChrome Group also went on a strike in July 2010 over salary
increases. This strike lasted for two weeks. The DanChrome Group was not able to export
ferrochrome and coal to overseas customers during this period. These customers represent 80% of
the group’s customer base. As a result, the group recorded a loss for the 2010 financial year, for the
first time in years.
On 30 June 2010, the service contract of both the chief executive officer (CEO) and the managing
director (MD) of DanChrome Group came to an end. The majority shareholders decided at a general
meeting not to renew their contracts. Both the CEO and MD had been employed by DanChrome for
more than 10 years. It has been reported in the business press that they are mainly to be credited for
the financial success of DanChrome over the years. The search is on for two candidates with the
required skills, knowledge and experience to fill the vacant positions. In the meantime, the financial
director is acting as both the CEO and MD.
To ensure that the DanChrome Group is well managed, a significant part of the remuneration of
directors is incentive based. The director’s remuneration is determined by the audit committee.
A week before the DanChrome Group’s financial year end, the audit partner became aware of the
following article in the financial press:
On 5 September 2010, the attorneys of the DanChrome Group indicated that the court was likely to
rule in favour of the Department of Water Affairs and Forestry. The estimated cost set to restore the
site amounts to approximately R10 000 000.
HJB
13
AUE4862/102
ZAU4862/102
NAU4862/102
The acting CEO has informed AGE that the new holding company requires the audited financial
statements of the DanChrome Group within two weeks after the year end. The shareholders require
this information as soon as possible to determine if the group might need to be steered into a different
direction.
REQUIRED
Marks
(a) With regard to the opening paragraph and the DanChrome Group business
background information:
1. Discuss the matters to consider and the concerns AGE would have prior to
accepting the DanChrome Group as an audit client. 15
(Unisa – 2009 examination)
SUGGESTED SOLUTION
(a) 1. Matters to consider and the concerns AGE would have prior to accepting the
DanChrome Group as an audit client
(iii) Integrity of the client’s principal owners, key management and those charged
with governance.
There appears to be concerns about the integrity of the client, as SamCoal is
involved in illegal mining. (1)
HJB
14
AUE4862/102
ZAU4862/102
NAU4862/102
HJB
15
AUE4862/102
ZAU4862/102
NAU4862/102
INTRODUCTION
From the above quotes, we see that planning is a very important part of the audit to
ensure that the audit is executed and conducted properly.
Planning an audit of the financial statements forms the second phase of the audit
process.
For ease of discussion, the basic concepts that will be discussed are as follows:
4. Planning activities
OBJECTIVES
explain how the auditor can obtain an understanding of an entity and its
environment;
identify and assess the risks of material misstatements through understanding the
entity and its environment;
identify the risk indicator from the scenario and describe the audit risks/risks of
material misstatement;
know the difference between risks at overall financial statement level and risks at
assertion level;
know the difference between an audit plan and audit strategy and discuss the
details dealt with in the audit plan and audit strategy;
HJB
16
AUE4862/102
ZAU4862/102
NAU4862/102
ISA 200: Overall objectives of the independent auditor and the conduct of an
audit in accordance with International Standards on Auditing
ISA 300: Planning an audit of financial statements
ISA 315: Identifying and assessing the risks of material misstatement through
understanding the entity and its environment
ISA 320: Materiality in planning and performing an audit
ISA 330: The auditor’s responses to assessed risks
ISA 600: Audits of group financial statements (including the work of component
auditors)
Also refer to Auditing Notes for South African Students, 9th edition, chapter 7 as well as
to the “Guidance to answer questions” in Advanced Case Studies in External Auditing
and Corporate Governance, 12th edition, chapter 3.
During the planning phase, the auditor will gain an understanding of the entity and its
environment including the entity’s internal control. The auditor should obtain this under-
standing to be able to identify and assess the risks of material misstatement whether due to
fraud or error, at the financial statement and assertion level. This risk assessment will then
provide the auditor with a basis for designing and implementing responses to the assessed
risks of material misstatement (ISA 315, par 3).
ISA 315, par 11 to 24, sets out the aspects of which the auditor shall obtain an understanding
of. It is important for the auditor to obtain an understanding of the entity and its environment
(ISA 315, par 11) as well as the entity’s relevant internal controls (ISA 315, par 12–24). It is a
matter of the auditor’s professional judgement whether a control, individually or in combination
with others, is relevant to the audit. For a detailed discussion on the understanding that the
auditor should obtain with regard to the entity’s internal control, refer to study unit 4.
The auditor shall obtain an understanding of the entity and its environment, including the
entity’s internal control, in order to identify and assess the risks of material misstatement. In
identifying and assessing the risks of material misstatement the auditor shall perform risk
assessment procedures.
The risk assessment procedures shall include the following (ISA 315, par 5–10):
(a) inquiries
HJB
17
AUE4862/102
ZAU4862/102
NAU4862/102
EXAMINATION TECHNIQUE
1. Audit risk
2. Business risk
3. Control risk
4. Detection risk
5. Inherent risk
6. Risks of material misstatement
7. Significant risk
Audit risk is a function of the risks of material misstatement (inherent risk and control risk)
and detection risk.
If you are required to describe the risks of material misstatement, you will not discuss the
detection risk.
Business risk is broader than the risks of material misstatement of the financial statements,
although it includes the latter.
Risks of material misstatement at the financial statement level refer to risks that relate
pervasively to the financial statements as a whole and potentially affect many assertions (ISA
315, par A118).
The following table provides examples of conditions and events that may indicate the existence
of audit risk at the overall financial statement level. The examples provided cover a broad
range of conditions and events; however, not all conditions and events are relevant to every
audit engagement, and the list of examples provided below is not necessarily complete. Refer
to ISA 315, Appendix 2, for the list of these examples.
HJB
18
AUE4862/102
ZAU4862/102
NAU4862/102
HJB
19
AUE4862/102
ZAU4862/102
NAU4862/102
HJB
20
AUE4862/102
ZAU4862/102
NAU4862/102
EXAMINATION TECHNIQUE
No marks are allocated for the risk indicators unless you are required to list the risk
indicators. Marks are awarded for describing the risk in terms of the description of
risk column in the table above. In a scenario, the risk indicator will be mentioned in the
scenario to enable you to discuss or describe the risk.
Assertions are management representations that are embodied in the financial statements, and
they are used by the auditor to consider the different types of potential misstatements that may
occur (ISA 315, par 4(a)). ISA 315, par A124, sets out the assertions used by the auditor to
consider the different types of potential misstatements that may occur. These assertions fall
into the following three categories:
assertions about classes of transactions and events for the period under audit;
assertions about account balances at the period end; and
assertions about presentation and disclosure.
To demonstrate conditions and events which may affect risks at the assertion level we will use
the following example. (Please note that these conditions and events evident from the example
below can be found in ISA 315, Appendix 2.)
EXAMPLE
You are a first-year trainee accountant of ABC Ltd (ABC). The audit senior on the job has
provided you with the following information which you will require in the audit of ABC.
Revenue comprises sales made to local and foreign customers. Foreign customers are
invoiced in their respective currencies. During the year, ABC entered into a forward
exchange contract (FEC) for the goods it sold to one of its once-off foreign customers in
order to protect itself against foreign currency fluctuations. The normal credit terms are
30 days. ABC provides for credit losses at 2% of the trade receivables balance.
Management of ABC receive a bonus based on profit for the year. At year end, trade
receivables were factored to provide ABC with the cash flow that was required.
REQUIRED
(a) Identify the significant account balance(s) and/or class(es) of transactions in the
above scenario of ABC Ltd.
(b) Describe the risks of material misstatement of the identified account balance(s)
and/or class(es) of transactions.
SUGGESTED SOLUTION
HJB
21
AUE4862/102
ZAU4862/102
NAU4862/102
HJB
22
AUE4862/102
ZAU4862/102
NAU4862/102
Please note
1. The first two columns were not required. They are included in the suggested
solution to demonstrate to you how conditions or events may affect risks at the
assertion level.
3. Completeness and classification are not at risk relating to revenue at ABC Ltd;
hence, they are not discussed in the suggested solution.
The completeness assertion has not been dealt with for the trade receivables account, as
it is not at risk for ABC Ltd.
EXAMINATION TECHNIQUE
1. Present your answer using assertions even when not required to do so. This will
generate points and show the marker that you are able to make the link between
the risk and the assertion.
2. Use ISA 315, par A124, when answering a question on risks at the assertion level.
This will enable you to address the correct assertion that is at risk for a class of
transaction, account balance and/or disclosure.
3. When you are required to describe the risk at the assertion level, use the
information in the scenario. For instance, if you were to write “there is a risk that
trade receivables might be valued incorrectly”, your answer would be incomplete
as you did not link it to the information in the scenario. You would have to link your
answer to forex valuation and the impact of the provision for credit losses when
discussing the valuation assertion.
4. When you are required to describe the risks at the assertion level, do not confuse
it with the question on audit procedures. Audit procedures will be covered in
Tutorial Letter 104.
HJB
23
AUE4862/102
ZAU4862/102
NAU4862/102
4. Planning activities
As per ISA 300, par 7, the auditor shall establish an overall audit strategy that sets the scope,
timing and direction of the audit, and that guides the development of the audit plan.
For instance:
1. the financial reporting framework (IFRS, SA GAAP, GRAP, etc)
2. industry-specific reporting requirements (compliance with JSE regulations),
government regulations (environmental, labour, etc) and so forth
3. number of locations for expected audit coverage
(For more examples on the characteristics of the engagement, refer to ISA 300,
Appendix.)
(b) Ascertain the reporting objectives of the engagement to plan the timing of the audit and
nature of communication required.
For instance:
1. the entity’s reporting timetable for interim financial results and year-end financial
results
2. meetings with management and those charged with governance
3. communicating with auditors on components regarding deadlines
(For more examples on the reporting objectives, timing of the audit and nature of
communications, refer to ISA 300, Appendix.)
(d) Consider the results of the preliminary engagement activities and, where applicable,
whether knowledge gained from other engagements performed by the engagement
partner for the entity is relevant.
(e) Ascertain the nature, timing and extent of resources necessary to perform the
engagement.
The nature, timing and extent of resources will include the following:
1. selection of the engagement team
2. the engagement budget
(Refer to ISA 300, Appendix.)
As discussed above, refer to ISA 300, par 8 and par A8 to A11 and the Appendix for
considerations in establishing the overall audit strategy. (The Appendix has a detailed list of
considerations in establishing the overall audit strategy.)
The auditor shall design and implement overall responses to address the assessed risks of
material misstatement at the financial statement level (ISA 330, par 5).
HJB
24
AUE4862/102
ZAU4862/102
NAU4862/102
A high risk of material misstatement at the overall financial statement level will have the
following impact on the overall audit strategy (refer to ISA 330, par A1 to A3):
Follow a substantive approach or a combined approach (if there are deficiencies in the
control environment).
Perform more tests of detail and fewer analytical procedures.
Incorporate an element of unpredictability in testing.
Exercise professional scepticism.
Consider the use of an expert.
Perform procedures closer to year end.
Put less reliance on management representations.
Extend sample sizes.
Engage more experienced staff.
Lower materiality.
The completion of the overall audit strategy guides the development of the audit plan.
IMPORTANT PRINCIPLE
Risks at the overall financial statement level will be dealt with by the overall
audit strategy (ISA 330, par 5 and A3). The risks at the assertion level will be
dealt with by the audit plan (ISA 330, par 6 and A4 to A8).
The audit plan is more detailed than the overall audit strategy and includes a description of
(ISA 300, par 9)
(a) the nature, timing and extent of planned risk assessment procedures as determined
under ISA 315;
(b) the nature, timing and extent of planned further audit procedures at the assertion level as
determined under ISA 330; and
(c) other planned audit procedures that should be carried out to ensure that the engagement
complies with ISAs.
The auditor’s assessment of the identified risks at the assertion level provides a basis for
considering the appropriate audit approach (combined audit approach or substantive audit
approach) for designing and performing further audit procedures (ISA 330, par A4).
A combined audit approach which entails tests of controls and substantive procedures
may be followed. This is normally followed when the auditor intends to rely on the operating
effectiveness of controls or when substantive procedures alone cannot provide sufficient
appropriate audit evidence at the assertion level (ISA 330, par 8).
OR
A substantive approach may be followed, which entails both tests of detail and substantive
analytical procedures.
IMPORTANT PRINCIPLE
HJB
25
AUE4862/102
ZAU4862/102
NAU4862/102
IMPORTANT PRINCIPLES
Nature (ISA The nature of an audit procedure refers to its purpose (that is, test of
330, par controls or substantive procedure) and its type (inspection, observation,
A5): inquiry, confirmation, recalculation, reperformance, or analytical
procedures).
Timing The timing of an audit procedure refers to when the audit is performed.
(ISA 330, The auditor can perform procedures as follows:
par A6): before year end (interim), or
at and after year end, or
early verification just prior to year end, with roll-forward procedures at
year end, or
both in the interim and after year end.
(The auditor has to incorporate an element of unpredictability in the
timing of performing certain audit procedures.)
Extent (ISA The extent of an audit procedure refers to the quantity to be performed.
330, par This entails the quantity of tests of control, tests of detail and/or analytical
A7): procedures the auditor will perform.
For instance, if you have a strong control environment, you will perform
more tests of controls, with fewer tests of detail and more analytical
procedures (and vice versa).
(Refer to ISA 330, par A4 to A19, for a detailed response to the assessed risks at the
assertion level.)
Study ISA 320 in detail to understand the effect that the determination of materiality in planning
and performing the audit will have on conducting and concluding the audit. Know the difference
between materiality and performance materiality (Refer to ISA 320, par 10–11.) Please note
that the performance materiality calculated will be lower than the planning materiality. This
enables the auditor to minimise the risk of expressing an incorrect audit opinion.
HJB
26
AUE4862/102
ZAU4862/102
NAU4862/102
EXAMPLE
You may use the above percentages as a guide on which to base the materiality
calculation. If you are given percentages in a scenario, you should use the given
percentages.
Remember to consider the nature of the business. For an entity that is capital
intensive, you are likely to use total assets for your materiality calculation. The
materiality calculation bases will differ from audit firm to audit firm.
QUESTION 1 35 marks
The following is an extract from a Unisa examination question of 2009. This question has been
selected to assist you in using the information in the scenario to answer the auditing questions
properly. Read the required part, analyse it, and answer the question in the way you would in the
examination. Mark your answer and identify the areas in which you fell short.
Once you have completed this exercise, see the same question from page 31 to page 34 and see how
we have analysed the "required' section (to make sure you understand what is required of you and
how to link it to what you have studied). We have also taken you through the suggested solution to
show you how to answer this type of question in order to earn maximum marks. Note the markers'
comments that follow after the suggested solution.
BACKGROUND INFORMATION
You are an audit partner at Motaung & Khoza Inc (Motaung & Khoza), a medium-sized auditing firm
based in Southern Africa. You were promoted to partnership seven years ago after being with the firm
for 11 years.
You are currently conducting the audit of Paparazzi (Pty) Ltd (Paparazzi) for the year ended
31 August 2009. You have worked on the audit of Paparazzi since joining Motaung and Khoza, first as
a trainee accountant and now as the partner in charge of the audit. Paparazzi has never had a
modified audit opinion. During a discussion held with the CEO of Paparazzi, Tumisho Khumalo, he
promised you and your family of four a free subscription to the Paparazzi magazine if an unmodified
audit opinion were issued for the 2009 financial year. Realising that your 18-year-old daughter wants
to become a journalist, Mr Tumisho Khumalo also indicated that the company would grant her a
comprehensive study bursary (to the value of approximately R40 000) if you expressed an unmodified
audit opinion. To remain ethical, your daughter will have a commitment to work at Paparazzi for five
years after her graduation.
Attached are the following documents that deal with various aspects of the audit.
Description
Paparazzi is a magazine company that was founded 18 years ago by Tumisho Khumalo. The
magazine, called Paparazzi, covers the lives of local and international celebrities. Paparazzi is sold in
South Africa, Botswana and Namibia.
HJB
28
AUE4862/102
ZAU4862/102
NAU4862/102
The head office of Paparazzi is situated in Cape Town, with branches in Durban and Johannesburg.
Each branch and the head office are responsible for the printing of the magazines for selected
regions. All printing machines are acquired on lease and are replaced every second year. At the end
of the second year, the printing machines are sent back to the lessor. The printing machines have a
useful life of five years.
During the 2008 financial year, 15% of the shares were issued to the directors in terms of a share
incentive scheme. Share options have not yet vested. One of the vesting conditions is that Paparazzi
yield earnings per ordinary share of at least 180 cents. Paparazzi intends listing on the JSE Ltd in the
next financial year.
Michael Strauss has informed you that the audited financial statements will be used to apply for
financing at the bank. This financing will be used to pay a settlement amount on the acquisition of an
80% interest in Top Decor Ltd (Top Decor), a magazine company that caters for upmarket home-
owners. Top Decor was acquired by Paparazzi on 15 May 2009. Top Decor is the brainchild of Lee
Zing, a world-renowned interior decorator, originally from Namibia. The company is situated in
Namibia and is audited by one of the other medium-sized audit firms in Namibia.
Paparazzi created a website (refer to working paper B1) to cater for the increased demand for
the Paparazzi magazine. The website will be used for information and trading purposes.
Lorraine & Mable (Pty) Ltd (Lorraine & Mable), a cosmetics company, was running a competition
in the Paparazzi magazine, whereby five lucky readers would each win a Volkswagen Polo
vehicle. The competition disclosed in the Paparazzi magazine, however, stated erroneously that
the lucky readers would each win a Mini Cooper vehicle. In accordance with the advice from its
legal advisors, Lorraine & Mable had to award the winning prizes, five Mini Coopers, to the lucky
readers on 25 August 2009. Lorraine & Mable is now suing Paparazzi for the difference in cost
between the Mini Cooper vehicles and the Volkswagen Polo vehicles, which amounts to
R750 000. The legal counsel of Paparazzi is studying the claim and at this point, they cannot
comment on the likelihood of possible significant liability arising from this dispute.
HJB
29
AUE4862/102
ZAU4862/102
NAU4862/102
Accounting policies
The accounting policies used in the preparation for the 2009 financial statements are consistent with
those applied in the previous financial year. The following are extracts from these policies:
1. Revenue
Revenue is recognised at fair value to the extent that it is probable that the economic benefits
will flow to the entity and the revenue can be reliably measured. The following specific
recognition criteria are adopted: turnover from net invoiced sales and circulation; revenue is
recognised when risk is transferred to the customer; dividend income is recognised when the
last date to register for the dividend has passed; and interest is recognised on a time
proportion basis which takes into account the effective yield on the asset over the period it is
expected to be held.
2. Operating leases
Leases, whereby the lessor retains the risks and rewards of ownership of the underlying asset,
are classified as operating leases. Payments made under operating leases are charged
against income on a straight-line basis over the period of the leases.
3. Financing leases
Leases that transfer substantially all the risks and rewards of ownership of the underlying asset
to the group are classified as finance leases. Assets acquired in terms of finance leases are
capitalised at the lower of fair value and present value of the minimum lease payments at the
inception of the lease, and depreciated over the estimated useful life of the asset.
The capital element of future obligations under the leases is included as a liability in the
statement of financial position. Lease payments are allocated using the effective interest
method to determine the lease finance cost, which is charged against income over the lease
period, and the capital repayment, which reduces the liability of the lessor.
HJB
30
AUE4862/102
ZAU4862/102
NAU4862/102
Revenue
Sales of magazines are up 46% when compared to the previous year. This is attributed to the
increased demand for the magazines and the introduction of a website to accept orders.
– Sales to retail outlets are made at a discount of 20% of the selling price of the magazine.
The retail outlets acquire the magazines on credit. At the end of the month, the
magazines, which were not sold, are sent back to Paparazzi. Paparazzi then invoices the
retail outlets for the actual magazines sold.
– Sales to the subscribers are made at a discount of 15% on the selling price of the
magazine. For the subscription to be valid, the subscribers are required to pay upfront.
The subscription for the magazine is for a 12-month period. The subscription can take
place any time during the year.
Foreign sales comprise sales made in Botswana and Namibia. Individuals who wish to
purchase the Paparazzi in these foreign countries can only purchase it at their local retail
outlet.
Advertisers are contracted with Paparazzi for a period of at least one year to advertise in the
Paparazzi magazine. The cost differs depending on space (the number of pages) and location
(specific part of magazine) used by advertisers in order to advertise their products. The
advertisers are required to pay the one-year advertising fee at the inception of the contract.
This advertising fee is non-refundable, regardless of whether advertising opportunities are used
during the contracted period or not.
HJB
31
AUE4862/102
ZAU4862/102
NAU4862/102
REQUIRED Marks
(a) Identify the significant audit risks of Paparazzi and its group at the overall financial
statement level for the 2009 financial year by using the additional information on the
business. 15
(b) Regarding working paper A1 (Revenue):
1. Identify the risks at the assertion level relating to revenue. You have to refer to
all the revenue sources of Paparazzi. 8
(c) Discuss when Paparazzi should recognise revenue from the different sources of
revenue in terms of IAS 18. 12
(Unisa – 2009 examination)
EXAMINATION TECHNIQUE
What follows is the same question, but with notes to indicate how to answer this type of
question. The notes on the scenario are the same type of notes a student should be
making during the reading time, to organise the information logically, to mark important
key words or phrases and to be on the lookout for certain types of questions that might
be asked based on the scenario provided.
QUESTION 1 35 marks
BACKGROUND INFORMATION
You are an audit partner at Motaung & Khoza Inc (Motaung & Khoza), a medium-sized auditing firm
based in Southern Africa. You were promoted to partnership seven years ago after being with the firm
for 11 years.
You are currently conducting the audit of Paparazzi (Pty) Ltd (Paparazzi) for the year ended
31 August 2009. You have worked on the audit of Paparazzi since joining Motaung and Khoza, first as
a trainee accountant and now as the partner in charge of the audit. Paparazzi has never had a
modified audit opinion. During a discussion held with the CEO of Paparazzi, Tumisho Khumalo, he
promised you and your family of four a free subscription to the Paparazzi magazine, if an unmodified
audit opinion were issued for the 2009 financial year. Realising that your 18-year-old daughter wants
to become a journalist, Mr Tumisho Khumalo also indicated that the company would grant her a
comprehensive study bursary (to the value of approximately R40 000) if you expressed an unmodified
audit opinion. To remain ethical, your daughter will have a commitment to work at Paparazzi for five
years after her graduation.
Attached are the following documents that deal with various aspects of the audit.
Description
HJB
32
AUE4862/102
ZAU4862/102
NAU4862/102
Paparazzi is a magazine company that was founded 18 years ago by Tumisho Khumalo. The
magazine, called Paparazzi, covers the lives of local and international celebrities. Paparazzi is sold in
South Africa, Botswana and Namibia (risks a1 and a3) (risks b3).
The head office of Paparazzi is situated in Cape Town, with branches in Durban and Johannesburg
(risks a3 and a5.7). Each branch and the head office are responsible for the printing of the magazines
for selected regions. All printing machines are acquired on lease (risks a5.1) and are replaced every
second year. At the end of the second year, the printing machines are sent back to the lessor. The
printing machines have a useful life of five years.
During the 2008 financial year, 15% of the shares were issued (risk a11) to the directors in terms of a
share incentive scheme. Share options have not yet vested. One of the vesting conditions is that
Paparazzi yield earnings per ordinary share of at least 180 cents (risk a4.1 and risk b1.1). Paparazzi
intends listing on the JSE Ltd (risk a4.4) in the next financial year.
Michael Strauss has informed you that the audited financial statements will be used to apply for
financing at the bank (risks a4.3 and a6). This financing will be used to pay a settlement amount on
the acquisition of an 80% interest in Top Decor Ltd (Top Decor), a magazine company that caters for
upmarket homeowners (risk a7). Top Decor was acquired by Paparazzi on 15 May 2009 (risks a5.4
and a10). Top Decor is the brainchild of Lee Zing, a world-renowned interior decorator, originally from
Namibia. The company is situated in Namibia and is audited by one of the other medium-sized audit
firms in Namibia (risks a5.5 and a7).
Paparazzi created a website (risk a5.6) to cater for the increased demand for Paparazzi
magazine. The website will be used for information and trading purposes (risk a8, risk b2).
Lorraine & Mable (Pty) Ltd (Lorraine & Mable), a cosmetics company, was running a competition
in the Paparazzi magazine, whereby five lucky readers would each win a Volkswagen Polo
vehicle. The competition disclosed in the Paparazzi magazine, however, stated erroneously that
the lucky readers would each win a Mini Cooper vehicle. In accordance with the advice from its
legal advisors, Lorraine & Mable had to award the winning prizes, five Mini Coopers, to the lucky
readers on 25 August 2009. Lorraine & Mable is now suing Paparazzi (risk a9) for the difference
in cost between the Mini Cooper vehicles and the Volkswagen Polo vehicles, which amounts to
R750 000. The legal counsel of Paparazzi is studying the claim and at this point, they cannot
comment on the likelihood of possible significant liability arising from this dispute (risk a5.3).
HJB
33
AUE4862/102
ZAU4862/102
NAU4862/102
Accounting policies
The accounting policies used in the preparation for the 2009 financial statements are consistent with
those applied in the previous financial year. The following are extracts from these policies:
2. Operating leases
Leases, whereby the lessor retains the risks and rewards of ownership of the underlying asset,
are classified as operating leases. Payments made under operating leases are charged against
income on a straight-line basis over the period of the leases.
3. Financing leases
Leases that transfer substantially all the risks and rewards of ownership of the underlying asset
to the group are classified as finance leases. Assets acquired in terms of finance leases are
capitalised at the lower of fair value and present value of the minimum lease payments at the
inception of the lease, and depreciated over the estimated useful life of the asset.
The capital element of future obligations under the leases is included as a liability in the
statement of financial position. Lease payments are allocated using the effective interest method
to determine the lease finance cost, which is charged against income over the lease period, and
the capital repayment, which reduces the liability of the lessor.
HJB
34
AUE4862/102
ZAU4862/102
NAU4862/102
Revenue
Sales of magazines are up 46% when compared to the previous year. This is attributed to the
increased demand for the magazines and the introduction of the website to receive orders (risk
b1.2).
– Sales to retail outlets are made at a discount of 20% of the selling price (risk b1.8) of the
magazine. The retail outlets acquire the magazines on credit. At the end of the month,
the magazines, which were not sold, are sent back to Paparazzi. Paparazzi then invoices
the retail outlets for the actual magazines sold (risk b1.7).
– Sales to the subscribers are made at a discount of 15% on the selling price (risk b1.8) of
the magazine. For the subscription to be valid, the subscribers are required to pay
upfront. The subscription for the magazine is for a 12-month period. The subscription can
take place at time during the year (risk b1.4).
Foreign sales comprise sales made in Botswana and Namibia (risk b1.3). Individuals who wish
to purchase the Paparazzi in these foreign countries may only purchase it at their local retail
outlet.
Advertisers are contracted with Paparazzi for a period of at least one year to advertise (risk
b1.5) in the Paparazzi magazine. The cost differs depending on space (the number of pages)
and location (specific part of magazine) used by advertisers in order to advertise their products.
The advertisers are required to pay the one-year advertising fee at the inception of the
contract. This advertising fee is non-refundable, regardless of whether advertising opportunities
are used during the contracted period or not.
HJB
35
AUE4862/102
ZAU4862/102
NAU4862/102
REQUIRED Marks
(a) Identify the significant audit risks of Paparazzi and its group at the overall financial
statement level for the 2009 financial year, by using the additional information on the
business. 15
(b) Regarding working paper A1 (Revenue):
1. Identify the risks at the assertion level relating to revenue. You have to refer to
all the revenue sources of Paparazzi. 8
(c) Discuss when Paparazzi should recognise revenue from the different sources of
revenue in terms of IAS 18. 10
(Unisa – 2009 examination)
SUGGESTED SOLUTION
(a) Significant audit risks at the overall financial statement level of Paparazzi
1. The company trades in neighbouring countries and it has a subsidiary in Namibia, which
has foreign exchange implications (Reserve Bank regulations). (1)
5. The fairly complex requirements for complying with IFRS (International Financial
Reporting Standards) increase the risk of incorrect accounting treatment of
measurement, recognition and disclosure of the following: (1)
5.1 leased assets, specifically compliance with International Accounting Standards (IAS
17) regarding the publishing machines under operating leases (1)
5.2 the accounting and recognition (IAS 18) of revenue on the sale of magazine and
advertising income (including complexity related to sales on consignment) (1)
5.3 the accounting and recognition (IAS 37) of the disputes, and possible provisions or
contingencies, with regard to the claim instituted by Lorraine & Mable (1)
5.4 the acquisition of Top Decor magazine, which needs to be accounted for in
accordance with IFRS 3 (1)
5.5 the consolidation of the foreign subsidiary (1)
HJB
36
AUE4862/102
ZAU4862/102
NAU4862/102
5.6 the cost relating to capitalising the website as per IAS 38 – intangible asset (1)
5.7 verification of branch financial information in terms of IFRS 8 (1)
Detail: Maximum 2
6. The audited financial statements will be used to obtain financing from a financial
institution.
6.1 There is a risk that the auditor will be liable to the third party should an incorrect
opinion be expressed and the bank relied on the audited financial statements. (1)
7. Top Decor, in which Paparazzi holds an 80% interest, is audited by another medium-
sized audit firm.
7.1 There is a risk that the other auditor might not be competent and/or independent,
leaving us with a legal liability. (1)
8. The new website and internet sales system have the risk of
8.1 loss of data; (1)
8.2 continuity problems if the system does not function effectively; (1)
8.3 risk of unauthorised access if firewalls are not effective; and (1)
8.4 risk of errors if staff are not properly trained. (1)
8.5 Any other valid point. (1)
9. The company is being sued: There is a risk of reputational damage, which could lead to
possible client loss (advertisers) should the company be at fault. (1)
11. The company issued share options during the year. There is a risk that Paparazzi does
not comply with Company Act requirements. (1)
Available 21
Maximum 15
1. There is a risk that the revenue from all sources might be overstated because the
directors received a share incentive scheme with a vesting condition based on
earnings per share (all assertions). (1)
1.1 The occurrence assertion is at risk: Fictitious or very risky revenue from all
sources might be recorded to inflate the sales. (1)
1.2 The accuracy assertion is at risk: Revenue from all sources might be
recorded at inflated amounts. (1)
1.3 The cut-off assertion is at risk: Sales after year end might be recorded as
current-year sales. (1)
2. Internet sales might be recognised before risks and rewards of ownership have
passed (before delivery has occurred – occurrence). (1)
3. With regard to export sales, there is a risk that sales are translated at the incorrect
spot rate (accuracy). (1)
4. With regard to the subscription contracts, there is a risk that the revenues are not
recognised at the correct stage of completion as per IAS 18 (accuracy and cut-off).
(1)
5. There is a risk that revenue from advertising may not be properly recognised at the
correct stage of completion as per IAS 18 (accuracy and cut-off). (1)
HJB
37
AUE4862/102
ZAU4862/102
NAU4862/102
6. The revenue for all sources accounts comprises complex transactions, and there is
a risk of errors being made (accuracy). (1)
7. Sales to retail outlets may be recognised incorrectly if magazines are delivered, in-
stead of being treated as consignment goods (accuracy, occurrence and cut-off).(1)
8. The sales to retail outlets and subscribers are made at a discount. There is a risk
that discounts might not be excluded as per IAS 18 when accounting for revenue
(accuracy). (1)
(c) When Paparazzi should recognise revenue from the different sources of revenue
1. Papparazzi's revenue arises from the sale of goods (magazines) and the rendering of
services (advertising the products of external companies in Paparazzi). (1)
2. Sale of goods
In terms of IAS 18, paragraph 14, revenue from the sale of goods shall be recognised
when all the following conditions have been met:
2.1 Paparazzi has transferred to the buyer the significant risks and rewards of
ownership of the goods.
The risks and rewards are transferred to the subscribers when the magazines are
delivered to them. (1)
With respect to the retail outlets, the risks and rewards are only transferred to
the retail outlets when they sell the magazines to the customers. (1)
The risks and rewards are not transferred when the magazines are delivered
to the retail outlets, because magazines are on consignment and retail outlets
will only be invoiced for magazines sold. (1)
If magazines are not sold, they will be returned to Paparazzi, and the retail
outlets will not be held liable. (1)
2.2 Paparazzi retains neither continuing managerial involvement to the degree usually
associated with ownership, nor effective control over the goods sold.
Once the magazines are delivered to the subscribers, Paparazzi will not retain
managerial involvement. (1)
With respect to retail outlets, Paparazzi does not retain managerial involvement
once the retail outlets make a sale of the magazine to the buyers. (1)
2.4 It is probable that the economic benefits associated with the transaction will flow to
Paparazzi.
There is an active market for the Paparazzi. Once the magazines are sold by the
retail outlets, the amount accrues to Paparazzi. Subscribers are required to make
an upfront payment. (1)
HJB
38
AUE4862/102
ZAU4862/102
NAU4862/102
2.5 The costs incurred or to be incurred in respect of the transaction can be measured
reliably.
The costs associated with the sale of the magazine entail printing costs, delivery
costs, etc. These costs can be measured reliably, as the company has been in
business for the past 18 years. (1)
3. Rendering of services
In terms of IAS 18, paragraph 20, revenue from the rendering of services shall be
recognised when all the following conditions have been met:
3.2 It is probable that the economic benefits associated with the transactions will flow to
Paparazzi.
Economic benefits flow to Paparazzi when the advertising contract is signed,
because external parties are required to pay a fee at the inception of the contract.
(1)
3.3 The stage of completion of the transaction at the end of the reporting period can be
measured reliably.
The stage of completion will be determined with reference to the number of months
the external parties have been serviced at the reporting date. External parties are
contracted for a period of at least one year. (1)
3.4 The costs incurred for the transaction and the costs to complete the transaction can
be measured reliably.
These costs will entail printing costs, labour, etc. These costs can be measured
reliably, because the company has existed for the past 18 years. (1)
Available 14
Maximum 12
MARKERS’ COMMENTS
General
Poor numbering was a problem throughout question one. Students did not use the
same numbers that were used in the required part, making the marking process very
difficult.
Students also did not indicate properly if they finished one question to continue with
another, and then subsequently continued with the first question.
Part (a)
This part of the question dealt with significant risks at the financial statement level.
This part of the question was poorly answered although you could have earned marks
easily.
Students do not understand the difference between risks at financial statement level
and at assertion level.
Most students mentioned the risk factors instead of discussing the audit risk, which
should include the impact/effect of the risk factor on the financial statements, should it
materialise.
Some students made general comments such as “the risk is that we will have to rely on
the work of other auditors”. In itself, this is of course not a risk if the student failed to
demonstrate correctly why they perceive it as a risk, that is, that they might not be
independent or competent enough, which would lead to material misstatements in the
financial statements not being detected.
Some students gave recommendations instead of risks, thereby wasting precious time,
as these were not asked. For instance, such students wrote “The company is planning
to list on the JSE Ltd; therefore, the company will have to familiarise itself with stringent
JSE regulations, or appoint an expert in this field.” This is incorrect. When you are
asked to formulate a risk you are supposed to write: “The company is planning to list on
JSE Ltd; therefore, there is a risk that the financial statements might be materially
misstated to meet JSE requirements”. When wording an audit risk, think about what can
go wrong with the financial information.
Part (b)
This part of the question related to risks at the assertion level.
Students who battled with risk questions made the same mistake as in (a) above, by
not wording the risk adequately enough to earn the mark.
Several students included all assertion level risks, even though the risk may not relate
to revenue.
Even though the scenario clearly indicates that revenue would be prone to
overstatement, students incorrectly included the completeness of revenue as a risk.
Part (c)
This part of the question related to revenue recognition.
Although the theory is clearly set out in IAS 18 (included in the textbooks that students
were allowed to take into the examination with them), students still struggled with this
part of the question.
Students failed to apply the revenue recognition criteria individually for all instances of
the different sources of revenue. Most students just quoted the correct paragraph from
the standard but then failed to apply the criteria to the scenario given. At this level, this
is not acceptable, as we are testing skills on applying audit knowledge.
HJB
40
AUE4862/102
ZAU4862/102
NAU4862/102
INTRODUCTION
Obtaining an understanding of the entity and its environment, including its internal
control, forms part of the planning phase of the audit process. For ease of discussion,
the basic concepts that will be discussed are as follows:
4. IT governance
OBJECTIVES
HJB
41
AUE4862/102
ZAU4862/102
NAU4862/102
explain how the audit approach should be adapted when advanced computer
technology is utilised in a CIS environment; and
Also, refer to the following chapters in Auditing Notes for South African Students, 9th
edition, chapter 5, pages 5/1–5/28, chapter 7, pages 7/1–7/21 and chapter 8–14.
Although it might seem as if you will have to work through a lot of material, it is only
revision of work you already covered during your undergraduate studies and
CTA level 1.
COMMENT
It is very important that you work meticulously through the theory in Auditing Notes
regarding the business cycles. This will build the foundation that you will need to answer
questions on risks in a manual and CIS environment.
It is not sufficient to work through this tutorial letter only. The information contained in the
relevant chapters in Auditing Notes is not duplicated in the tutorial letter and they should be
studied from Auditing Notes. You will miss crucial information if you do not study these
relevant chapters.
You need to have sound basic knowledge (acquired from your undergraduate studies and
prescribed study material) before attempting to answer any questions. We as lecturers can
clearly see from a test/examination which students lack this basic knowledge, specifically
relating to computer auditing. It is highly unlikely that you will ever audit in a fully manual
environment. You must, however, be able to apply the basic principles of auditing in a
manual environment to an audit in a computerised environment.
You have to be comfortable with these basic principles in a manual system before moving
on to the more complex principles of auditing in a computerised information system (CIS)
environment.
HJB
42
AUE4862/102
ZAU4862/102
NAU4862/102
Due to its integrated nature, computer auditing should not be viewed in isolation. It can be
combined and integrated into almost all the other auditing topics and tutorial letters. You
can therefore expect integrated computer auditing questions in almost every test during the
year, in the final examination and on board level.
We as lecturers do not expect you to be information technology (IT) experts. The basic
concepts covered in this tutorial letter and in the relevant chapters of Auditing Notes should
be sufficient for you to answer computer-related questions.
IMPORTANT PRINCIPLE
ISA 315, par 12, stipulates that the auditor has to obtain an understanding of internal control
relevant to the audit. Internal control is designed and implemented to deal with identified
business risks that threaten the achievement of any of the above objectives. When the auditor
obtains an understanding of internal control, he/she has to (ISA 315, par 13) do the following:
Evaluate the design of those controls. Does a control (individually or in combination
with others) effectively prevent, or detect and correct material misstatements?
Determine whether these controls have been implemented. It is no use having
brilliant controls in theory if they are not implemented and used effectively by the entity.
Inquiry from the entity’s personnel alone is not sufficient. Other procedures (e.g.
observation, inspection, etc) have to be performed as well.
COMMENT
Internal control, according to ISA 315, par 14-24, consists of the following
components:
the control environment;
the entity’s risk assessment process;
the information system (including the related business processes relevant
to financial reporting and communication);
control activities relevant to the audit; and
monitoring of controls.
HJB
43
AUE4862/102
ZAU4862/102
NAU4862/102
Study these components from ISA 315. Also make use of ISA 315, Appendix 1,
for further guidance on these components. Flag Appendix 1 of ISA 315, as it
explains these components in detail and gives valuable examples to guide you in
a test or the examination.
When the auditor obtains an understanding of the entity’s control activities, ISA 315, par 21,
stipulates that the auditor must ALSO obtain an understanding of how the entity responds to
risks arising from information technology (IT), as the use of IT affects the way in which control
activities are implemented. From an audit perspective, controls over IT systems are effective
when they maintain the integrity of information and the security of the data and include effective
general and application controls (ISA 315, par A103–A105).
COMMENT
It is important for you to familiarise yourself with ISA 315, par A60 to A66. These
paragraphs deal with the characteristics of manual and automated elements of
internal control.
In a completely manual system, it is relatively easy to trace the path of a transaction from its
initiation to its inclusion in the financial statements by following the flow of documentation.
However, in computerised system environments, it may be more difficult to trace transaction
flows through systems, as these may not be visible. In some cases, it may be impossible to
obtain an understanding of the flow of transactions without the aid of sophisticated computer
programs which map out the flow of data as the data move through the live processing phases
of a computer system.
Business cycles may be described as the process of grouping together similar types of
transactions or transaction processing systems.
Organisations would typically group their accounting transactions according to the following five
common business cycles:
the revenue and receipts cycle;
the acquisition and payments cycle;
the inventory and production cycle;
the payroll and personnel cycle; and
the finance and investment cycle.
ISA 315, par 27, requires the auditor to determine whether any of the risks identified are in
his/her judgment a significant risk.
HJB
44
AUE4862/102
ZAU4862/102
NAU4862/102
IMPORTANT PRINCIPLES
HJB
45
AUE4862/102
ZAU4862/102
NAU4862/102
HJB
46
AUE4862/102
ZAU4862/102
NAU4862/102
EXAMINATION TECHNIQUE
Internal control related questions are typically examined in the following ways (in tests
and examinations):
A question can either only require one of the above (eg only the weaknesses), or it
can require a combination of two (eg weaknesses and risks), or even weaknesses,
risks and recommendations.
If more than one of the above are required, present your answer in a tabular
format (even if the question does not specifically require it). This will assist you in
presenting your answer in a structured manner and it will make it easier for the
marker.
For example:
Identify the weaknesses, potential risks/consequences of the weaknesses and your
suggestions for improvement thereof relating to the revenue and receipts cycle.
Please note: These discussions should still be relevant to what is given in the scenario.
EXAMPLE
John is responsible for the maintenance of the fixed asset register of the company. He is
also responsible for preparing a reconciliation of the fixed asset register to the general
ledger accounts on a regular basis. He also records all purchases and sales of fixed
assets in the accounting records. John signs all documents and reconciliations he
prepares.
Required
HJB
47
AUE4862/102
ZAU4862/102
NAU4862/102
Weaknesses
Firstly, identify those weaknesses from the scenario (i.e. those internal
controls that are not performed correctly):
John performs incompatible duties, since he
is responsible for the maintenance of the fixed asset register;
prepares a reconciliation between the fixed asset register and the
general ledger accounts; and
records all purchases and sales of fixed assets in the accounting
records.
Secondly, identify those internal controls that you know should be
performed, but are not mentioned in the given scenario (but which are still
relevant to the scenario):
No one reviews and authorises the reconciliation between the fixed
assets register and the general ledger accounts.
No one investigates the discrepancies or long outstanding items in the
reconciliation.
As you can see, these internal controls are not mentioned in the scenario and
are therefore considered to be weaknesses (as they are not performed). They are
however still relevant to the given scenario.
The following control activities can be found in any good internal control system. They apply to
all the business cycles. When you are answering a question on internal control, always keep
the control activities in mind and apply them to the given scenario.
Always remember that you should mainly discuss the control activities that are most relevant to
the given scenario.
What is the difference between identifying a weakness, describing the risk and making a
recommendation?
Risk You might be asked to describe the risks in a given scenario. The
risk is the potential consequence of the weaknesses mentioned
above. This is normally what management and we as auditors are
concerned about, as the risk usually relates to the influence on the
financial statements and/or the financial/reputational influence on
the client’s business.
HJB
48
AUE4862/102
ZAU4862/102
NAU4862/102
EXAMPLE
Weakness Risk/Consequence
There is poor segregation of duties Possible fraud or other irregularities could go
since Mr X performs all of the undetected, which could have a negative
following functions (list the financial impact on the entity.
functions): = Potential consequence
= Internal control is not being
performed at all.
No tests of creditworthiness are Sales could be made to clients who are not
carried out on clients before the creditworthy. This could have severe financial
order is processed. implications for the entity.
= Internal control is not being = Potential consequence
performed at all.
The product catalogue is updated The product catalogue that a client is using
only quarterly. might be out of date, which could lead to sales
= Existing control is being being made at incorrect prices. This could lead
performed incorrectly. to financial losses for the company.
= Potential consequence
There is no independent review of As Mr X is not independently reviewed, he
the work performed by Mr X. could commit fraud and/or make errors, which
= Internal control is not being could go undetected. This could have a
performed at all. negative financial impact on the entity.
= Potential consequence
A question can also require you to “evaluate the effectiveness of an internal control system”.
Here you will have to address both negative (weaknesses) and positive aspects of the controls
being performed. An evaluation means that you compare the negative and the positive
elements of a certain matter and come to a conclusion.
A question can require you to identify/list/describe the internal controls (both manually and
automated) that should be present in a client's internal control system, or that should be
implemented to ensure certain control objectives are met. Don’t confuse this with tests of
controls. You should be comfortable with the various business cycles and the internal controls
that should be performed in each cycle. You cannot describe controls that a client should have
in place if you are not familiar with the controls in each cycle.
HJB
49
AUE4862/102
ZAU4862/102
NAU4862/102
EXAMPLE
Control
A reconciliation between deposits captured and bank statements should be
performed by the accounting department.
This reconciliation should be reviewed by a senior official (manager).
Any security breaches must be logged and followed up by management.
As you can see, you are not testing the control, but merely stating what the
control should be.
General aspects
Refer to all the self-assessment questions in this tutorial letter for past Unisa test and
examination questions. These questions will provide you with guidance on how internal control
related topics were tested and examined in the past. Please note that you have to determine
exactly what a question requires you to do. Does the question only require you to look at a
certain function of a transaction cycle? Does it require you to discuss only certain control
objectives (assertions)? The golden rule is to limit your answer to what is required from you!
Determine from whose point of view the question is asked (i.e. the external auditor, internal
auditor or management). This would influence the way in which you will formulate your answer.
As discussed in the previous section, controls in a CIS environment include both general and
application controls. These controls can be both manual controls and controls designed and
built into computer programs (automated controls).
In terms of ISA 315, par A104, general IT controls are policies and procedures relating to
many applications and supporting the effective functioning of application controls. They
apply to mainframe, mini-frame and end-user environments.
Refer to Auditing Notes, pages 8/7 to 8/25 for a discussion on the categories of general
controls.
HJB
50
AUE4862/102
ZAU4862/102
NAU4862/102
As per ISA 315, par A105, application controls are manual or automated procedures that
typically operate at a business process level and apply to the recording of transactions by
individual applications. Application controls relate to specific tasks performed by
computerised information systems and can be preventative or detective in nature. Their
function is to provide reasonable assurance that the initiation, recording, processing and
reporting of financial data are properly performed. Application controls are categorised as
“input”, “processing”, “master file maintenance” and “output” controls. Application
controls relate primarily to the occurrence, authorisation, accuracy and completeness of
transactions within a specific application in an organisation. General controls, in turn,
provide the standards and guidelines under which employees function in their work and
that govern the functions of developing, maintaining and operating systems to process
data.
Refer to Auditing Notes, pages 8/26 to 8/41 for a discussion on application controls.
COMMENT
Contained in chapters 10 to 14 of Auditing Notes for South African students, are sections
in which the computerisation of the particular business cycle is discussed. It is crucial for
you to study this together with chapter 8 of Auditing Notes.
EXAMINATION TECHNIQUE
The following table should always be used when planning your answer on an application
control related question.
First of all determine which transaction cycle (or part of it) is being dealt with in the
scenario (e.g. payroll cycle). Secondly, determine which function of the process in the
transaction cycle is being discussed in the scenario. Does the scenario deal with any of
the following:
input phase;
processing phase;
output phase; and/or
master file maintenance phase.
For example, capturing employees’ clock card hours onto the payroll system would fall
into the input phase of the payroll transaction cycle.
Thirdly, determine which control objective(s) is/are being discussed. Does the question
require you to deal with the following:
occurrence;
authorisation;
accuracy; and/or
completeness.
HJB
51
AUE4862/102
ZAU4862/102
NAU4862/102
EXAMPLE
List the controls that management of company 1X should implement to ensure the
accuracy and completeness of the capturing of clocked hours on the clock cards.
You will only discuss the input phase of the payroll cycle and the accuracy and
completeness control objectives.
Most marks in the test or examination will normally be allocated to the input and
processing phases. Master file change controls are VERY popular, for relatively
high mark allocations.
IMPORTANT PRINCIPLE
Access controls can be both general and application controls. Use the following as
guidance:
Access controls
HJB
52
AUE4862/102
ZAU4862/102
NAU4862/102
Remember that general controls are very important. You will not test application controls if
you cannot rely on the general controls. For example, if a company does not have proper
personnel practices regarding the employment of honest, qualified, competent staff (general
control), it is highly unlikely that we will be able to rely on the application controls (i.e.
transactions and data will probably not be very reliable).
GENERAL CONTROLS
Payroll program Inventory program
Application controls Application controls
I P O M I P O M
O&A O&A
A A
C C
I P O M I P O M
O&A O&A
A A
C C
The illustration above indicates that general controls relate to all applications. If there is a
weakness in the general controls, it could affect some or all of the applications.
The following general controls are very popular for tests and examinations:
Access controls:
Know the theory on access control as set out in Auditing Notes
it is not just passwords!!
Continuity of operations:
This includes disaster recovery plans, physical elements, back-ups, etc.
ISA 315, par A60, clearly indicates that an entity’s system of internal controls contains both
manual and automated elements.
HJB
53
AUE4862/102
ZAU4862/102
NAU4862/102
Study the topics above from Auditing Notes. The theory covered in chapter 9 should be
sufficient to enable you to answer advanced CIS environment-related questions.
The topics on an advanced CIS environment may easily be integrated with the
application controls topic in a question.
HJB
54
AUE4862/102
ZAU4862/102
NAU4862/102
4. IT GOVERNANCE
Information technology governance
As per the 2009 Institute of Directors in South Africa – King Code of Governance for South
Africa:
We, therefore, deal with IT governance in detail in King III for the
first time. The IT governance chapter (Chapter 5) is focused on
providing the most salient aspects of IT governance for directors. Due
to the broad and ever-evolving nature of the discipline of IT
governance, the chapter does not try to be the definitive text on this
subject but rather to create a greater degree of awareness at director
level.
HJB
55
AUE4862/102
ZAU4862/102
NAU4862/102
Study chapter 5 – "The governance of information technology" (IT) from the King Code of
Corporate Governance for South Africa, 2009. This is very topical and the theory can be
integrated into any test and/or examination.
EXAMPLE
Music4U (Pty) Ltd is a company offering its clients online music download facilities.
Customers may purchase their favourite songs by means of SMS downloads. Customers
are required to register online by supplying certain personal details such as name,
surname, ID number, address, etc.
John Daily was recently appointed as the Chief Information Officer (CIO).
Apart from other tasks, John was also given the sole responsibility for the management
and protection of all customers' personal information. During the year, John sold customer
details to a cellphone provider. John explained that he was not aware that it was private
information.
REQUIRED
Identify and discuss any governance of information technology concerns that you may
have.
Do not discuss things that are done correctly if you are required to give concerns (i.e.
things that are done incorrectly).
CONCERN 1
John, the recently appointed CIO, is a registered internal auditor and has no IT
governance experience = CONCERN
According to principle 5.3 (par 21 of King III), the CIO should be a suitably qualified
and experienced person = PRINCIPLE
John is not suitably qualified, as he is a registered internal auditor and he does not
have the required IT governance experience = CONCLUSION
CONCERN 2
The financial manager appointed John as the CIO = CONCERN
According to principle 5.3 (par 20 of King III), the chief executive officer (CEO) should
appoint the CIO = PRINCIPLE
John was thus not correctly appointed, as he was appointed by the financial manager
and not the CEO = CONCLUSION
HJB
56
AUE4862/102
ZAU4862/102
NAU4862/102
CONCERN 3
John was given the sole responsibility for the management and protection of all
customers' personal information. During the year, John sold customer details to a
cellphone provider = CONCERN
According to principle 5.6 (par 38 of King III), the board should ensure that systems
are in place that will ensure that the company treats all personal information as an
important business asset and that all personal information processed by the company
is identified = PRINCIPLE
The board should take responsibility for the protection of personal information and
should not assign it to the CIO. They should put systems in place to protect the
information = CONCLUSION
QUESTION 1 15 marks
BACKGROUND INFORMATION
You are a second year trainee accountant at Amanda, Mirriam & Gert Incorporated (AMG), a firm of
registered auditors. AMG is a medium-sized audit firm in South Africa with offices in Cape Town,
Durban, Mangaung and Pretoria.
You were allocated to the audit team that is conducting the audit of Cottonworth Holdings Limited
(Cottonworth). AMG was recently reappointed at Cottonworth's annual general meeting as the external
auditor of the company and of the group’s financial statements for the year ended 31 August 2013.
AMG is also the external auditor of Cottonworth (Proprietary) Limited (CPL). The partner in charge of
the audit was excited about the reappointment since Cottonworth and CPL represent at least 80% of
revenue earned by AMG.
You held several discussions with the Chief Information Officer (CIO), the Information Technology (IT)
manager and other staff members in the IT department at Cottonworth. The following is an e-mail you
sent to the senior trainee accountant on the audit:
From: unisa.student@amg.co.za
Sent: Friday, 16 August 2013, at 14:32
To: Helen.Peterson@amg.co.za
Subject: General and application controls at Cottonworth
Dear Helen
I had a meeting with the current CIO, Don Futherton, on Monday, 5 August 2013. He provided
me with a breakdown of salaries for all Cottonworth employees even though I didn’t request it.
HJB
57
AUE4862/102
ZAU4862/102
NAU4862/102
This made me feel a bit uncomfortable, as he made a joke that he liked the feeling of having
sensitive company information at the push of a button and the power to use it as he saw fit. I
formed the idea that he is very friendly and helpful, but maybe not the most ethical person.
Don showed me the hard copy of the Cottonworth code of ethical behaviour. He informed me
that there was currently only one copy of this document and that employees were welcome to
come and read it in his office if they had ethical concerns. He mentioned that this was not
specifically communicated but that he believed employees would speak up if they had issues.
Don informed me that a database administrator, Mark Jacobs, was appointed during
January 2013. Don explained that IT management take the word of new employees when it comes
to their experience and qualifications, as employees need to prove themselves anyway. IT
management don’t believe in strict rules governing their recruitment practices.
After Don and Mark became friends on Facebook, Don saw the following comment on Mark’s
Facebook profile made during January 2013: “Guys, you would not believe my luck. I got a job at
Cottonworth and they pay me a HUGE salary. Since I am not nearly qualified or experienced for
the job, I had to improvise a bit in the interview. They are such IDIOTS ;-) I also have access to
change my own salary and I have so much time at work to surf the internet and watch movies.
What a pleasure to work for Cottonworth”. Don explained that due to time constraints, a
disciplinary hearing will be held early in 2014 and that Mark will continue to work as a database
administrator until such time.
I had a discussion with Mark on Tuesday, 13 August 2013. He believes that his apparent “lack of
competence” in the tasks allocated to him as database administrator were not communicated to
him by management or his supervisors at any stage during the year and that it was never clearly
explained to him what his role or specific tasks would be.
I had a meeting with the IT manager, Will Smithers, on Wednesday, 14 August 2013. Will is
responsible for all general controls over the continuity of operations at Cottonworth. Will
explained to me that Cottonworth faced tremendous challenges during the current financial year.
One of the biggest challenges faced was a fire that broke out at head office during
August 2013. Luckily no employees suffered any injuries. However, numerous personal computers
(PCs) and servers were completely damaged in the fire. The week after the fire was apparently
quite interesting (in Will’s own words).
HJB
58
AUE4862/102
ZAU4862/102
NAU4862/102
After taking note of the Facebook comment made by Mark Jacobs about the fact that he has
access to make changes to his own salary, I did some investigations and it seems that his salary
on the master file is substantially higher than the salary documented in his employment contract
(signed in January 2013).
I don’t want to sound like “Trainee of the year”, but I read the relevant ISAs (International
Standards on Auditing) over the weekend and came to the following conclusions:
I don’t believe the incident can be classified as fraud. It was committed by an ordinary employee
and not by management of Cottonworth, and it was an isolated incident only.
I also don’t believe it is a significant risk or a significant deficiency in internal control. I saw on
the prior year audit file that we tested payroll-related access controls in detail and I don’t see
why we should test them again this year.
I don’t think it is necessary to discuss this with management, as I think I should have a chat with
Mark and inform him that we are aware of his activities. I used to work as a bouncer at a club
during my student days and I know how to handle these types of situations.
I know what you might be thinking – I am only a trainee accountant and already I am showing
partner qualities, but that is just who I am: a born leader… (Just joking!)
Regards
Unisa student
REQUIRED Marks
Evaluate the reasoning and conclusions of the second-year trainee accountant with
reference to the change in salary information mentioned in the e-mail to Helen Peterson.
Note: Detailed reporting requirements of significant risks and significant deficiencies 14
in internal controls are not required.
Communication skills: Logic, structure and layout 1
(Unisa – 2013 examination, adapted)
SUGGESTED SOLUTION
Evaluate the reasoning and conclusions of the second-year trainee accountant with reference
to the change in salary information mentioned in the mail to Helen Peterson.
Fraud:
1. The trainee accountant's statement that the incident cannot be classified as fraud is incorrect.
(1)
HJB
59
AUE4862/102
ZAU4862/102
NAU4862/102
2. In terms of the definition of fraud set out in ISA 240, the incident does constitute fraud. (1)
3. The incident
(a) was an intentional act by an employee (which is included in the definition of fraud), as
Mark Jacobs intentionally made changes to his salary; and (1)
(b) he used deception to obtain an unjust or illegal advantage, as making unauthorised
changes to salary detail gave Mark an unjust and illegal advantage. (1)
4. The trainee accountant's statement that he believes the incident to be an isolated incident is
not correct. (1)
5. If there is an indication of fraud (as per ISA 240, par 35), the auditor shall evaluate the
implications of the misstatement in relation to other aspects of the audit and the auditor
should recognise that fraud is unlikely to be an isolated incident. (1)
Significant risk
6. The trainee accountant's statement that the incident is not a significant risk is incorrect. (1
7. In terms of ISA 315, paragraph 28, the auditor shall, in exercising judgment about which risks
are significant risks, consider whether the risk is a risk of fraud. (1)
8. In terms of ISA 240, par 27, the auditor shall treat the assessed risk of material misstatement
due to fraud as a significant risk. (1)
9. The statement made that payroll-related access controls were tested in detail in the prior year
and that he does not believe it should be tested in the current year is incorrect. (1)
10. In terms of ISA 330, par 15, should the auditor want to place reliance on controls over a risk
that has been identified as a significant risk, the auditor shall test those controls in the
current period. (1)
11. ISA 240, par 27, also states that the auditor shall obtain an understanding of the entity’s related
controls, including control activities, relevant to significant risks. (1)
12. The trainee accountant's statement that there is no significant deficiency in internal control is
incorrect. (1)
13. As the incident might not be an isolated incident and the extent of the fraud might be difficult to
ascertain, the deficiency in the controls relating to access to payroll files could possibly lead to
material misstatements in the financial statements. (1)
14. The access controls over payroll-related data do not operate effectively, as Mark was
able to change his own salary. (1)
15. In terms of ISA 265, par 6, this would constitute a deficiency in internal control, (1)
as the controls were not able to prevent, detect or correct misstatements in the financial (1)
statements on a timely basis.
16. According to ISA 265, par A6, in considering whether a deficiency in internal control can be
classified as a significant deficiency in internal control, the auditor should consider whether the
related asset or liability is susceptible to fraud – in this case, the asset, namely salaries, is
susceptible to fraud. (1)
HJB
60
AUE4862/102
ZAU4862/102
NAU4862/102
17. In terms of ISA 265, par A7, misstatements, which are detected by the auditor’s
procedures and were not prevented, or detected and corrected by the entity’s internal
controls, are indicators of significant deficiencies in internal controls. (1)
18. The deficiencies in the access controls over payroll data would therefore constitute a significant
deficiency in internal control. (1)
19. The trainee accountant's comment about it being not necessary to discuss this with
management is incorrect. (1)
20. In terms of ISA 265, par 9, the auditor should respond to a significant deficiency in internal
control by communicating it in writing on a timely basis to those charged with
governance. (1)
Communication skills: Logic, structure and layout (1)
Available 23
Maximum 15
QUESTION 2 36 marks
BACKGROUND INFORMATION
Your audit firm was recently appointed as the auditors of Gym2Earn (Pty) Ltd (Gym2Earn). After
completing his master’s degree through Unisa, John Fitness (the founder and CEO of Gym2Earn)
developed an idea for a new cellphone application. He did research for his master's degree on the
topic “Motivation through financial incentives”. John, being a gym fanatic himself, realised that people
need some form of financial incentive to fulfil gym commitments, as finding the time and energy to go
to the gym has become increasingly difficult.
John founded Gym2Earn in March 2011 after approaching RedBerry, a cellular service provider in
South Africa, with his innovative idea for the Gym2Earn application. He signed a five-year contract
with RedBerry for the exclusive rights to manage the Gym2Earn application.
The aim of the Gym2Earn application is to add a financial incentive for RedBerry users to exercise.
The RedBerry user stands to lose money for not meeting gym commitments but could also earn
money as an incentive for meeting them.
a. Initial sign-up
The user (gym member) downloads the Gym2Earn application from RedBerry
Application World, available on the internet for free. The user should have his/her
personal RedBerry phone to be able to use the Gym2Earn application. Additional
information on the application is also available on the website at
www.gym2earn.co.za via the internet.
Upon registration, the user completes his/personal details such as name, surname
and banking details on the Gym2Earn application. The user also has to enter an e-
mail address which serves as the user identification.
HJB
61
AUE4862/102
ZAU4862/102
NAU4862/102
The user is then requested to choose the gym of his/her choice from a drop-down
menu containing South African Gym2Earn-accredited gyms. The user is not able to
add a gym to this list.
The Gym2Earn application then requires the user to enter a unique password and
to re-confirm the chosen password.
A link to the terms and conditions is given so that the user can read and accept
them. If the user selects the option, “I accept the terms and conditions”, the initial
sign-up is complete. If the option, “I do not accept the terms and conditions”, is
selected, the application does not allow the user to complete the initial sign-up.
The user lastly has to agree to the fixed monthly fee of R30 by selecting a “yes” or
“no” option. If the “no” option is selected, the user will not be able to complete the
sign-up process. If the “yes” option is selected, the user will be billed a fixed fee of
R30 on a monthly basis. This amount will automatically be deducted from the user’s
bank account monthly via a debit order.
The user goes to an accredited gym and accesses the Gym2Earn application on his/her
RedBerry upon entering the gym.
The Gym2Earn application then links to the global positioning system (GPS) on the user’s
RedBerry and confirms that he/she is actually at the accredited gym that he/she selected
upon initial sign-up.
The work-out session at the gym needs to be for at least 30 uninterrupted minutes and is
calculated from the moment the member selects the “start session” option on the
application, enters his/her password and the position is confirmed by GPS. This logs the
user’s attendance at the specific accredited gym. The Gym2Earn application will show a
clock on the user’s RedBerry on which the user’s time at the gym is shown.
The user receives an e-mail notification (sent to the e-mail address selected as user
identification number) to confirm that a gym session was started.
When the user leaves the gym, he/she must select the “end session” option on the
application, which will stop the clock on the application. The clock shows the total time
the user spent at the specific gym. The Gym2Earn application then again links to the
GPS on the user’s RedBerry to confirm that the user is still at the accredited gym.
HJB
62
AUE4862/102
ZAU4862/102
NAU4862/102
An e-mail notification is then received by the user to notify him/her that the gym session
was ended.
3. Penalty charges
Each Sunday evening, the user is billed for committed gym sessions missed during the
week (charged at the penalty amount chosen by the user) and the total amount due is
deducted automatically from his/her credit card. Should the member be able to e-mail a
valid doctor’s sick note by Sunday mornings, the amount will not be charged.
The user receives an e-mail notification on Sunday evenings detailing the total penalty
amount deducted from his/her bank account as well as the dates of the week to which
the penalty applies.
4. Reward payouts
All penalty charges collected from users who did not meet their commitments for the
week are pooled each Tuesday. Gym2Earn retains 20% as an administrative fee and
pays RedBerry 10% of the total money pool.
The remaining 70% is paid out as rewards every Tuesday afternoon by Gym2Earn to
users who did indeed meet all their gym commitments for the week through automatic
electronic funds transfer (EFT) transactions.
Each Tuesday, a list of all amounts received from users for the previous week is down-
loaded into an Excel spreadsheet by the accountant of Gym2Earn. The list contains the
following detail:
User ID (e-mail Gross amount Less 20% Less 10% Net amount
address) collected administrative RedBerry fee collected
fee
For example:
jpharding@gmail.com R500 R100 R50 R350
TOTAL R500 R100 R50 R350
The total of the “net amount collected” column is the amount used to do the distribution
each Tuesday afternoon. A distribution file is downloaded into an Excel spreadsheet
each Tuesday and used to do the EFT payments.
The pay-out is made to all users who met their gym commitments for the week based on
the total amount each user was willing to forfeit for missed gym sessions that week.
HJB
63
AUE4862/102
ZAU4862/102
NAU4862/102
REQUIRED Marks
1. Describe the automated (programmed) controls that exist and/or should be
implemented in the Gym2Earn application to ensure the completeness of the initial
sign-up process. 5
2. Recommend controls that could be put in place to ensure validity (occurrence and
authorisation) and accuracy of the EFT payments made every Tuesday afternoon to
users (gym members) who fulfilled their gym commitments in the previous week. 31
Present your answer under the following headings:
Validity (occurrence and authorisation) (22)
Accuracy (7)
Communication skills: Language, layout and logic (2)
SUGGESTED SOLUTION
PART 1
Describe the automated (programmed) controls that exist and/or should be implemented in the
Gym2Earn application to ensure completeness of the initial sign-up process.
COMPLETENESS
(MARKS ARE AWARDED FOR VALID EXAMPLES AND NOT FOR MERELY NAMING THE
EDIT/PROGRAMME CHECK. STUDENTS MAY BE AWARDED THE MARK FOR ANY VALID
EXAMPLE, AS THE EXAMPLES BELOW ARE ONLY GIVEN AS A GUIDELINE.)
Mandatory fields where the sign-up process cannot continue unless certain fields, such
as user ID or banking details, have been completed. These fields are normally indicated
with an asterisk. (1)
An error message should appear stating that certain mandatory fields have not been
completed. (1)
The terms and conditions (“I agree”) field and the “yes” option to agree to the monthly
fixed fee of R30 should be completed; otherwise, the user will not be able to complete the
sign-up process. (1)
Missing data checks that detect blank fields (eg user did not complete name and
surname, etc). (1)
An error message should appear stating that data are missing. (1)
3. Users should be given sequential numbers by the application upon initial-sign up (or sequential
account numbers should be allocated to users). (1)
4. The application should report on missing numbers in the sequence through exception reports.
(1)
HJB
64
AUE4862/102
ZAU4862/102
NAU4862/102
PART 2
Recommend controls that could be put in place to ensure validity (occurrence and
authorisation) as well as accuracy of the EFT payments made every Tuesday afternoon to
users (gym members) who fulfilled their gym commitments in the previous week.
1. A senior employee (eg financial manager) of Gym2Earn should authorise the EFT payment
file after scrutinising the list downloaded by the accountant. He could, for example, sign on the
payment file. (1)
2. Only a restricted (limited) number of personal computers (PCs) should be used to do the
EFT transfers (preferably only one PC). (1)
3. In order to make the transfers effective, two or more passwords should be required by the
EFT application (multi-level passwords). (1)
One-time passwords could be used where Gym2Earn’s bank sends a password (each time
the EFT application is accessed, but that can only be used once) to the authorised employee’s
cellphone, e-mail address or handheld PIN device. (1)
The employee who enters the password to make the EFT payment and the employee receiving
the one-time password should not be the same person. (1)
4. The various banks to which the EFT payments are made should be able to identify the
Gym2Earn PC(s) as an authorised PC to make the transfer. This should be done before the
payments are accepted (eg address resolution protocol, digital signatures/certificates,
dial-back facilities, SSLs [secure socket layers], key pairs, etc.). MARKS MAY BE
AWARDED FOR VALID EXAMPLES. (1)
5. After three unsuccessful attempts to make the transfer (e.g. if incorrect passwords were
entered), the terminal should switch off or the EFT application should be locked. (1)
7. The least privilege principle and segregation of duties should apply where EFT payment
functions are restricted to specific employees only. (1)
Access can be restricted through the use of user identification (user ID), passwords, user
profiles, etc. (1)
The accountant, who downloads the Excel lists, should preferably not be the person doing
the EFT transfers (segregation of duties). (1)
8. EFT data transmitted over telephone lines should be protected through, for example,
encryption, dial-and-dial-back, etc. (1)
HJB
65
AUE4862/102
ZAU4862/102
NAU4862/102
10. A limit on the total amount that may be transferred on a Tuesday afternoon should be agreed
on with the bank. (1)
11. EFT transfers should be restricted to a Tuesday afternoon (e.g. between 12:00 and 18:00).
(1)
12. The EFT application should perform a validity/existence test (edit check) to test whether
payments are made to valid users found in the master file. (1)
13. The various banks receiving the EFT transfers should acknowledge receipt thereof and
should request final confirmation before these amounts are transferred to the individual
users’ bank accounts. (2)
14. Confirmation of all EFT payments for that week (received from the bank) should serve as an
audit trail of each EFT transfer made (e.g. electronic or hard copy bank statements listing all
EFT transactions). (1)
15. The audit trail (bank confirmation) should be reviewed by Gym2Earn management and the
EFT transactions should be reconciled with the approved list prepared by the accountant
(both validity and accuracy). (2)
16. The accountant should perform weekly bank reconciliations which should be reviewed and
approved by a senior employee (e.g. the financial manager). (1)
17. Management should be aware of IT risks and the need for sound controls (IT governance). (1)
18. Timely follow-up of exception reports should take place, for example, following up on
exception reports on security breaches/violations, etc. (1)
19. Management review and timeous corrective action of user complaints are critical. (1)
21. Physical access controls over EFT terminal(s), for example terminal locks, should be in place.
(1)
Available 29
Maximum 22
ACCURACY
1. The senior employee (e.g. financial manager) authorising the EFT should test the
calculations and mathematical accuracy of the payments file. This person may review the
list for any duplications, etc. (1)
2. The senior employee (e.g. the financial manager) should also agree the total amount of the
“net amount collected” column with the total amount of the payments file. (1)
3. The following edit checks/tests could be put in place to address the accuracy of EFT
payments made:
HJB
66
AUE4862/102
ZAU4862/102
NAU4862/102
(MARKS ARE AWARDED FOR VALID EXAMPLES AND NOT FOR MERELY NAMING THE
EDIT/PROGRAMME CHECK.)
Formatting tests/alpha numeric checks: The EFT application should test whether the
names of the users, to whom payments are made, are in alphabetic order and whether
amounts and bank account numbers are numeric, etc. (1)
Screen dialogue/prompts: The screen prompts the person making the EFT transfer to
verify certain detail, for example, “are you sure” with reference to the amounts to be
transferred. (1)
Errors are immediately corrected by users (no further input until errors are corrected). (1)
Limit/reasonableness tests:
The amount paid to each user should not exceed a predetermined reasonable limit
per week. (1)
A limit of one (1) payment may be made to a user per week. (1)
Check digits: The EFT application tests the accuracy of codes or account numbers
entered. (1)
Control totals: The EFT application agrees the total for all EFT transactions to be made
on that Tuesday afternoon with the bank totals (i.e. the total amount of the EFT payment
may not exceed the amount in the suspense/clearing/”imprest” bank account). (1)
Field size tests: The EFT application should test the field size of payment instructions,
for example, bank account numbers should have a certain number of digits, etc. (1)
Sign tests: The amount paid should be a positive amount. (1)
4. Exception reports should be generated and exceptions should be investigated, for example all
amounts paid out, which were not “round amounts”, should be indicated as exceptions. (1)
5. Monthly reconciliation of EFT payments to Excel calculation pay out totals should be done. (1)
Available 13
Maximum 7
Communication skills: Language, layout and logic (2)
MARKERS’ COMMENTS
Part (1)
Students also received no marks for merely stating the names of certain controls (eg,
“Missing data check”, “Error message”, “Mandatory fields”, etc.). It was specifically required
that the controls be described. Students were therefore required to provide a description of
the control by applying it to the scenario (sign-up process). On CTA and board level, you
will almost never be awarded marks for merely giving the name of a control or programme
check. It is expected of you at this level to be able to give a valid example of how the
control will work in the context of that scenario.
Only the completeness control objective was required. Many students gave controls
relating to the validity (occurrence and authorisation) and accuracy control objectives. No
marks were awarded for these controls. (For example, “The user should have a user name
and unique password”. This control deals with validity and NOT with completeness.)
HJB
67
AUE4862/102
ZAU4862/102
NAU4862/102
Part (2)
It is a point of concern that most students failed this part of the question, as we considered
this part easy.
It is required of students on CTA and board level to relate the controls to a specific
scenario (where possible). A “memory dump” of controls over EFTs was not required.
As the "required" section mentioned that controls should be recommended only, you
should have included both manual and computerised controls. These controls were directly
obtained from Auditing Notes for South African students.
Students again received no marks for merely stating the names of programme checks
under the accuracy control objective.
Students also received two marks for presentation for merely attempting to answer this
part of the test.
Overall
HJB
68
AUE4862/102
ZAU4862/102
NAU4862/102
SELF-ASSESSMENT QUESTIONS
The following questions are included in this tutorial letter. The questions are extracts from previous
Unisa tests and Unisa examinations. Please note that the reading and the writing time were rounded
up. As per SAICA you receive 30 minutes' reading time for a 100-mark question and two and a half
hours' writing time.
HJB
69
AUE4862/102
ZAU4862/102
NAU4862/102
COMMENT
We recommend that you approach these questions in the same way you would in a test
and examination. Read the scenario first in the time allocated prior to reading the
requirements. Do not look at the requirements until your reading time is up. Once the
reading time is up, read the requirements, plan your answers and write down your
answers in the same way you would in a test and examination. You should write down
your answers in the time allocated (writing time). You need to stick to the writing time to
train yourself in speed and adhering to time. When writing out your answers please do
not refer to the suggested solution until you have finished writing. Once you have finished
writing your answers down, refer to the suggested solution, which you would use to mark
your own work. When marking your work, you should pay attention to the following:
Points included in our suggested solution, which you did not include when
writing your answers: You should pay attention to these points, as they are an
area of concern to you. You will need to identify why you omitted these points from
your solution. During this process, you will easily identify and be able to explain why
you missed some of these points in your solution. Make notes of them so that you
don’t repeat the same mistake of omitting them (when applicable) in a test or
examination. Some points, however, might require you to read the requirement and
scenario again to identify what has led to the point being included in the suggested
solution. If you are still not certain about why the points are included in the
suggested solution, refer to the marker's comments included under the suggested
solution for a possible explanation. If you are then still not clear about the reason
for the inclusion of some points in the suggested solution, do not hesitate to contact
us.
Points that you have written in your answer but that do not form part of our
suggested solution: In this instance, you will follow the same process as indicated
in the above comment.
Spend enough time when marking your own work and don’t get anxious. This is when
real learning occurs. Don’t be discouraged by low marks when attempting to answer
these questions. The questions are included to evaluate the knowledge you have and
assist you in identifying areas to which you need to pay more attention prior to the test
and examination.
HJB
70
AUE4862/102
ZAU4862/102
NAU4862/102
If you feel, after attempting to answer the self-assessment questions, that you want to do
some more questions, you may attempt the following questions from Advanced Case
Studies in External Auditing & Corporate Governance, 12th edition.
You are a first-year trainee accountant at Motholo & Terblanche Incorporated (Motholo & Terblanche),
a medium-sized audit firm in South Africa. Motholo & Terblanche operates from its only office situated
in Johannesburg. There have been talks among the directors of the firm to open an office in
Bloemfontein and East London once the clientele of Motholo & Terblanche has increased.
You are currently involved in the 31 July 2011 year-end audit of Billing4U Limited (Billing4U) and have
been provided with the following information by your audit senior:
In September 2010, Motholo & Terblanche was appointed for a third term (a term is a five-year period)
as the statutory auditors of Billing4U. Billing4U was established in 1998 and was listed on the AltX of
the JSE in 2002. Billing4U deals exclusively with providing billing solutions to eighth (8) metropolitan
municipalities in South Africa. Billing4U bills the residents living in the relevant municipalities for
services, including water, electricity and rates, on behalf of the municipalities. Billing4U has provided
this service to metropolitan municipalities since 2001, following the first municipal elections held in
South Africa in December 2000.
Billing4U’s policy is to evaluate the reappointment of the audit firm every five (5) years. The audit
committee of Billing4U believes this is in accordance with the Companies Act, 2008, and that this will
ensure that the independence of the audit firm is not threatened. Motholo & Terblanche assigned the
following audit team members to the statutory audit and tax return preparation of Billing4U:
HJB
71
AUE4862/102
ZAU4862/102
NAU4862/102
The number of audit team members planned for the audit of Billing4U has decreased in comparison to
that of prior years. During the financial year, Billing4U was able to gain control of three companies that
are in the business of providing billing solutions to district and local municipalities. Billing4U is now
your firm’s largest audit client in terms of revenue. The companies that Billing4U acquired have a
31 July year end. This resulted in Billing4U changing its year end from 31 March to 31 July. The three
companies are located in various parts of South Africa and for their 31 July 2011 financial year end,
they will be audited by their respective audit firms. None of these companies is an audit client of
Motholo & Terblanche.
During February 2011, Billing4U changed its software from Billfast X200 to Speedbill 9000 in order to
streamline the accounts of the residents for the services provided by the municipalities.
In March 2011, thousands of households in the City of Johannesburg were disconnected from the
services provided by the municipality. According to media reports, there were numerous complaints
from residents. These complaints included inaccurate and hugely inflated bills. Complaints in other
metropolitan municipalities were also reported but they are said to be insignificant compared to the
complaints about the City of Johannesburg. The residents of the City of Johannesburg marched in
protest to the Mayor’s office, demanding that their municipal services be reconnected and for their bills
to be corrected. The Mayor of the City of Johannesburg contacted the CEO of Billing4U, Julius Zille, to
help deal with the residents’ crisis. Julius Zille knew about these issues after he has received
numerous complaints from residents following the implementation of the new billing software system.
However, he informed the Mayor that there was no crisis regarding the billing of the residents, as he
believed the number of complaints is immaterial to the total number of residents in the City of
Johannesburg.
The Mayor independently investigated the matter and found that there are problems within the billing
system of Billing4U. The Mayor decided to terminate the contract with Billing4U when it reaches the
end of its term on 31 March 2012. The Mayor lodged a lawsuit against Billing4U for the inconvenience
caused to the residents of the City of Johannesburg. The lawsuit is set to cost Billing4U R210 million,
and the legal team is confident that the ruling will be in favour of the Mayor. Billing4U does not have
insurance to cover such lawsuits. The revenue received by Billing4U from the City of Johannesburg is
the largest compared to revenue received from other metropolitan municipalities.
Julius Zille has informed the audit partner that the audited consolidated financial statements for the
year ended 31 July 2011 are required a week after year end to enable the group to apply for a loan to
cover the lawsuit instituted by the Mayor.
HJB
72
AUE4862/102
ZAU4862/102
NAU4862/102
The directors of Billing4U receive share options annually driven by profits for the year.
HJB
73
AUE4862/102
ZAU4862/102
NAU4862/102
Both the administrative fee income and the penalties structures were approved by management
and were included in one of Billing4U’s policy documents.
The billing to the various residents by Billing4U on behalf of the municipalities is based on a
monthly data file received by the latest on the 20th of each month.
This data file from the municipalities contains each resident’s unique account number as well as
the movement in meter readings that has to be billed.
An invoice is prepared at the end of each month for each municipality and contains the
administrative fee, a penalty deduction (if necessary), VAT and the net administrative fee
amount, all calculated in accordance with the standard contract.
Administrative fee income is charged according to the number of residents appearing on the
data files received from the respective municipalities. The standard contract with the
municipalities contains the following administrative fee structure:
HJB
74
AUE4862/102
ZAU4862/102
NAU4862/102
There is also a penalty clause incorporated into the standard contract, which results in a
reduction of Billing4U’s administrative fee income for complaints relating to incorrect billing. The
total number of all billing complaints received by Billing4U in a month, which was due to their
own fault and not due to an error on the data file they received from a municipality, is used to
calculate the penalty based on the following sliding scale:
The penalty percentage is multiplied with both the administrative fee that was raised in the
previous month (to which the complaint relates) as well as the valid number of complaints
received from residents. Therefore, a backdated provision will be raised for any disputes that will
be lodged relating to the July 2011 administration fees, as the details will only be available in
August 2011.
During the conversion process from the Billfast X200 system to the Speedbill 9000 system, a
power outage occurred when master files of the City of Johannesburg were transferred. This
resulted in an estimated 98 000 valid complaints from residents.
The number of valid complaints is derived from a list that is drawn from the “Disputes” module of
the new Speedbill 9000 system.
HJB
75
AUE4862/102
ZAU4862/102
NAU4862/102
Billing4U decided to take out a forward exchange contract (FEC) on the same day to cover it
against major fluctuations in the exchange rate, as there were rumours in the market that a
weakening of the rand could be expected at the beginning of 2011. The invoice was only
payable in 2011 after the Speedbill 9000 system had been implemented and was fully
operational.
Costs directly attributable to the Speedbill 9000 systems (e.g. the feasibility study) were incurred
by Billing4U and amounted to R250 000.
Training was provided to the personnel of Billing4U by Mr Johnson, the information technology
manager (IT manager), to operate the system effectively, and the cost thereof amounted to a
further R500 000.
After discussions with the international supplier and based on a feasibility study, it was
concluded that the Speedbill 9000 system can be used without problems for a period of four
years. Thereafter, Billing4U will need to consider updating the system for it to continue operating
effectively. However, management decided to write the Speedbill 9000 system off over a period
of six years.
As this system was bought in the current year, management did not deem it necessary to do an
impairment test on this system.
HJB
76
AUE4862/102
ZAU4862/102
NAU4862/102
During August 2010, the IT director, Mrs Rosa, sent out a questionnaire to the staff members
who would be performing billing functions in order to obtain an understanding of their specific
needs and requirements in terms of the new billing system.
Only Mr Johnson, the IT manager, replied to this questionnaire. As he is mainly responsible for
the effective functioning of the new system, Mrs Rosa decided that Mr Johnson spoke on behalf
of all the staff members and she decided not to waste any more time on further queries
regarding this matter.
Mrs Rosa conducted an extensive feasibility study in September 2010. She did some market
research and discussed the following matters with the international supplier of the
Speedbill 9000 system:
all the specifications and requirements of this new billing system versus those of other
billing systems (locally and abroad) on the market;
all relevant costs associated with this new system (purchase costs as well as
implementation and maintenance costs);
whether there would be new, updated versions of the Speedbill 9000 system in the future,
as this is a standard package; and
whether the international supplier has a good reputation locally and abroad.
The international supplier of the Speedbill 9000 system has several branches and offices
abroad. However, the South African branch closed down in 2009.
No problems were identified during the feasibility study conducted by Mrs Rosa.
Mrs Rosa contacted one company abroad currently using the Speedbill 9000 system. The
company indicated that it did not experience any problems, although this company did not
provide billing services to municipalities with a customer base of more than 250 residents. Mrs
Rosa was of the opinion that if it worked for a customer base of 250 residents, it would work for
a customer base of 1,2 million residents, as in the case of the City of Johannesburg.
After a detailed cost-benefit analysis conducted by Mrs Rosa and the financial manager,
Mr Kriel, it was decided that the Speedbill 9000 system would be purchased from the
international supplier. The purchase was authorised by management as well as the steering
committee appointed by management to run the Speedbill 9000 project.
HJB
77
AUE4862/102
ZAU4862/102
NAU4862/102
Mrs Rosa was assigned to oversee the conversion process by the steering committee and
management. She was appointed as the only member of the “conversion project team”. She was
mainly responsible for
deciding on an appropriate conversion method;
setting deadline dates and cut-off points;
setting time schedules for specific stages of the project;
allocating specific tasks to appropriate staff members;
giving clear guidance and support to these staff members as well as time schedules for
completion of these tasks;
regularly monitoring the progress of the process;
identifying possible problems in the process; and
reporting to the steering committee at regular intervals.
Mr Johnson was allocated to the training of staff members on the Speedbill 9000 system, as he
trained himself in the use of the new system. Due to time constraints, he had brief discussions
with the management of each department. He advised management that task descriptions would
not have to be changed, as each person would still be responsible for the same functions in
general.
As part of the preparation for conversion, Mrs Rosa assigned the tedious task of preparing
standing data files for the Speedbill 9000 system as well as the task of balancing files on the
existing Billfast X200 system to Mr Kriel. She explained that in her opinion, Mr Kriel was the
financial manager and therefore would know much about making things balance.
After Mr Kriel had performed the above preparation tasks, the data transfer was authorised by
management and the steering committee. Supervisors (senior management) were appointed to
oversee the conversion. The external auditors, Motholo & Terblanche, also attended the
conversion.
It was decided that the system would not be tested after the conversion and that the first month
of actual billing to residents would be the test run of the Speedbill 9000 system.
All Speedbill 9000 system flowcharts, system descriptions, operating manuals, etc either were
drawn up or were updated.
Back-ups were made of the new system and they were kept off site.
HJB
78
AUE4862/102
ZAU4862/102
NAU4862/102
BACKGROUND INFORMATION
Billing4U deals with all residents’ bill disputes, queries and complaints on behalf of its
municipalities on a monthly basis. A separate module on the Speedbill 9000 system called
“Disputes” is used specifically for this purpose. On average, approximately 1 500 disputes are
received in aggregate for all the municipalities on a monthly basis.
In the month following the implementation of the Speedbill 9000 system, thousands of disputes
regarding bills were received from the City of Johannesburg residents. It was agreed by the City
of Johannesburg and Billing4U that Billing4U would conduct a formal investigation, as the
number of disputes were far in excess of the average number of monthly disputes.
After a full investigation by Billing4U, the following matter was identified as the main cause for
the disputes:
During the conversion process from the Billfast X200 system to the Speedbill 9000 billing
system, a power outage occurred.
The power outage took place during the transfer of data files for the City of Johannesburg
from the old to the new billing system.
As the generator had not been used in several months, it did not function on the day of the
power outage.
A comparison between the files on the Billfast X200 system and the files on the Speedbill
9000 system for the City of Johannesburg was made as part of the investigation. It was
estimated that data on approximately 98 000 residents of the City of Johannesburg were
lost, incorrectly transferred or duplicated.
The City of Johannesburg residents were given the option either to lodge a formal dispute
personally at one of four Billing4U care centres in the Johannesburg area or to call the Billing4U
call centre. Operating hours at the care centres and the call centre were from 08:00 to 18:00,
from Monday to Saturday.
Billing4U employed temporary clerks at each of the four Billing4U care centres, as well as at the
call centre, to capture the formally lodged disputes on the “Disputes” module. All temporary
clerks signed employment contracts that were valid for a period of two months.
HJB
79
AUE4862/102
ZAU4862/102
NAU4862/102
After capturing the resident’s unique account number, the “Disputes” module automatically
retrieves the resident’s details from the Speedbill 9000 master file and displays them on the
screen. The system does not allow the clerks to delete or edit resident’s master file details.
The “Disputes” module only allowed the following types of disputes to be captured:
incorrect stand and physical addresses;
excessive billing amounts;
deeds transfers not correctly updated on the Speedbill 9000 system;
incorrect estimated meter readings;
bills not received;
receiving duplicate bills;
incorrect detail given on bills; and
services unduly disconnected.
HJB
80
AUE4862/102
ZAU4862/102
NAU4862/102
REQUIRED Marks
a) With regard to the "Understanding of the entity" information:
(i) Discuss the factors that Motholo & Terblanche should have considered prior to
accepting the reappointment as statutory auditors of Billing4U. 13
(ii) Describe the risk of material misstatement, at the overall financial statement level,
in the financial statements of Billing4U and at the group level for the year ended
31 July 2011. 13
b) With regard to working paper 2600-1 and working paper 2700-1:
(i) Discuss the risk of material misstatement at the assertion level for net
administrative fee income and for the recognition of the Speedbill 9000 system. 11
c) With regard to working paper 2800-1, describe the weaknesses in the procedures
followed by Billing4U, which relate to the purchase of Speedbill 9000, as well as the
conversion, testing and post-implementation review thereof. 25
d) With regard to working paper 2900-1, describe any additional computerised
(programmed) application controls that you would expect to see in order to ensure the
(i) occurrence and authorisation; and 11
(ii) completeness of the lodged disputes by the temporary clerks. 2
Total 75
(Source – Unisa examination 2011)
You are an audit senior at Storm Incorporated (Storm) a medium-sized audit firm in South Africa.
Storm has offices in Cape Town, Durban and Bloemfontein, and the head office is situated in
Johannesburg. Storm has a workforce of 800 employees, including 12 partners.
In March 2010, the board of directors of Howzit (Pty) Ltd (Howzit) awarded a tender to Storm for the
audit of Howzit. Howzit is one of the largest mobile communication companies providing voice and
data services in South Africa. Howzit will be the largest client of Storm in terms of fee revenue.
After completing the preliminary engagement activities, the audit partner requested one of the trainee
accountants, assigned to the audit, to prepare a draft engagement letter to be issued to Howzit. The
draft engagement letter has been included as Annexure 1.
BUSINESS BACKGROUND
Howzit is a wholly owned subsidiary of Dial-IT SA Limited (Dial-IT). Dial-IT supplies analogue
residential phone lines with standard voice functionality. Dial-IT established Howzit three years ago
with the intention to provide mobile communication in South Africa. Dial-IT is audited by one of the big
four audit firms.
HJB
81
AUE4862/102
ZAU4862/102
NAU4862/102
Howzit’s head office is situated in the central business district of Johannesburg. Howzit has 250 sales
and service outlets across South Africa. The call centres established to handle all customers’ queries
are based in Johannesburg and Cape Town.
During the first months of the 2011 financial year, Howzit grew its operations to include networks in
Lesotho, Botswana, Namibia and Mozambique. At year end, Howzit was providing its services to 1,1
million subscribers, in total, in these countries. Howzit plans to expand its infrastructure in these
countries in order to have 7 million subscribers by 2012. To finance the infrastructure expansion,
Howzit has applied for a bank loan. The approval of the loan is pending the audited 2011 financial
statements.
In August 2010, the Competition Commission subpoenaed two executives of Howzit and executives of
another mobile communication company for suspected price-fixing. It was difficult for the Competition
Commission to prove the collusion, but Howzit agreed to lower the prices of the services it provides.
The two executives, together with other senior executives, are set to receive share options in Howzit
based on reported profits.
In November 2010, three key staff members in the accounting department went on maternity leave.
Their posts were filled by temporary staff members who were on training for the first two months and
were not performing at the optimal level during the period they were on training. The auditors of Dial-IT
require the audited financial statements of Howzit a week after the year end in order to audit the
consolidated results in time.
Financial data
The following accounts, among other things, were identified as significant accounts from the trial
balance of Howzit:
Revenue comprises sale of airtime, data usage, and sale of handsets and accessories. Subscribers in
foreign countries transact in their respective currencies. Revenue is recognised as follows:
Inventory consists of merchandise such as handsets and accessories. The merchandise is purchased
from foreign countries such as Finland, Canada and China. When the merchandise is purchased from
foreign countries, Howzit is invoiced in the respective currencies of the foreign countries. Howzit takes
out forward exchange contracts to protect itself against foreign currency fluctuations. Inventory from
foreign countries takes at least three weeks before being delivered in South Africa. Inventory from
foreign countries is purchased free on board (FOB). At year end, merchandise estimated at R9 million
was in transit.
HJB
82
AUE4862/102
ZAU4862/102
NAU4862/102
ANNEXURE 1
(Page 1 of 2)
PO Box 610
Johannesburg
2000
Tel: 011 777 2222
Fax: 011 777 2223
26 March 2010
The Accountant
Howzit (Proprietary) Limited
PO Box 333
Johannesburg
2000
Dear Sir
We have been requested to audit the annual financial statements of Howzit (Pty) Ltd, which com-
prises the statement of financial position at 28 February 2011, the statement of comprehensive
income, the statement of changes in equity, the cash flow statement for the year then ended, the
summary of significant accounting policies, other explanatory notes and the certificate issued by the
company’s directors. Our audit will be undertaken with the objective of expressing an opinion on the
correct presentation of the financial statements.
We will conduct our audit in accordance with International Standards on Auditing, the Code of
Professional Conduct of the South African Institute of Chartered Accountants, the King III Report and
the Companies Act of 2008. The standards require that we plan and perform the audit to obtain
assurance about whether the financial statements are free of material misstatements. The procedures
selected depend on the auditor’s judgment, including the assessment of the risks of material
misstatement of the financial statements, whether due to fraud or to error. An audit involves
performing procedures to obtain audit evidence about the amounts and disclosures in the financial
statements.
An audit also includes evaluating the appropriateness of accounting policies used and the
reasonableness of accounting estimates made by management, as well as evaluating the overall
presentation of the financial statements.
In making our risk assessments, we consider internal controls relevant to the entity’s preparation of the
financial statements in order to design audit procedures that are appropriate in the circumstances. Our
statutory audit will include the expression of an opinion on the effectiveness of the entity’s internal
control.
HJB
83
AUE4862/102
ZAU4862/102
NAU4862/102
ANNEXURE 1
(Page 2 of 2)
We remind you that the responsibility for the preparation of financial statements and their fair
presentation is that of management of the company. This responsibility includes the maintenance of
adequate accounting records and internal controls that management determine are necessary to
enable the preparation of financial statements that are free from material misstatement, whether due
to fraud or to error. We confirm our agreement to accept a management representation letter signed
by the financial director as sufficient appropriate audit evidence on the revenue and inventory
accounts.
We look forward to full cooperation from your staff, as the daughter of the financial director is included
in the audit team. We trust that your staff will make available to us whatever records, documentation
and other information we may request in connection with the audit.
Our audit fees, which will be billed as the work progresses, will be R1,6 million (including VAT and
excluding disbursements) and will not be adjusted for a period of five years. The audit fee to be
charged is 15% lower than the fee charged by the previous auditors.
In addition to the statutory audit, we will prepare calculations of current and deferred tax liabilities (or
assets) for Howzit. The fee for these calculations will be charged at 10% of the resulting tax refund.
The maximum liability of Storm Incorporated for any claims resulting from any services rendered in
terms of this engagement letter shall be limited to an amount equal to twice the fees billed.
This letter will be effective for future years unless the agreement is terminated or amended with our
consent.
Yours faithfully
HJB
84
AUE4862/102
ZAU4862/102
NAU4862/102
REQUIRED Marks
(a) Critically discuss your concerns about the draft engagement letter prepared by the
trainee accountant (see Annexure 1). Your answer should comprise the following: 26
1. the requirements in terms of ISA 210 (13)
2. the requirements in terms of the SAICA Code of Professional Conduct and the
Auditing Profession Act of 2005. (13)
(PPE 2009 – adapted)
(b) Describe the audit risk at the overall financial statement level of Howzit for the year
ended 28 February 2011. 10
(c) Conclude on the level of the audit risk at the overall financial statement level of Howzit
and discuss the effect of your conclusion on the overall audit strategy. 8
(d) Describe the risk at the assertion level for revenue and inventory of Howzit for the
year ended 28 February 2011. 6
Total 50
(Unisa –Test 1, 2011)
BACKGROUND INFORMATION
You are a first-year trainee auditor forming part of the audit team assigned to the 2012 audit of SA
New-Age Taxi Corporation Limited (SANATACO), a company operating in the taxi industry in South
Africa. SANATACO appointed your firm in July 2011 after the previous auditors had issued a qualified
("except for") audit opinion in their audit report on the 2011 financial statements of the company.
Management of SANATACO refused to make the necessary adjustments to the financial statements
as a result of the misstatements identified by the previous auditors. Each of these misstatements was
in excess of the materiality figure. SANATACO is listed on the JSE Ltd and its year end is 30 April.
For the past five years’, management of SANATACO have been planning to venture into the airline
industry. In January 2011, SANATACO obtained South African Civil Aviation Authority approval as well
as the Air Services Licence, allowing them to operate as an airline in South Africa. SANATACO have
also confidently passed the relevant South African safety benchmarks, which are acknowledged as
being among the most stringent in the world, for their aircraft.
On 1 November 2011, SANATACO launched a new low-cost airline to supplement its road service.
The company decided to start its new flight service by operating two flights per day between Lanseria
in Gauteng and Bisho in the Eastern Cape. Initial bookings proved this route to be extremely popular
with customers who often made a 14-hour road trip for business and leisure travels to destinations in
this part of the country. Being a low-cost airline, snacks and drinks are not included in the cost of
flights but may be purchased during the flight or may be pre-ordered and paid for when booking a
flight.
HJB
85
AUE4862/102
ZAU4862/102
NAU4862/102
SANATACO operates the acclaimed Boeing 737 series aircraft, which has been sourced from an
international aircraft leasing company, Aergo. This modern plane has been arranged in a cost-effective
148-seater, all-economy class configuration. The Boeing 737 is currently the world's most largely
produced aircraft.
On 13 November 2011, SANATACO gained control over two companies, Fuel-Up (Pty) Ltd (Fuel-Up),
which supplies SANATACO with fuel for its taxis and aircraft, and Snack-Attack (Pty) Ltd (Snack
Attack), which supplies SANATACO with the snacks and drinks it offers for sale on their flights. Fuel-
Up and Snack-Attack each have a 30 April year end, and they will be audited by their respective audit
firms for the 2012 financial year end.
During the interim audit, the financial manager of SANATACO provided you with the following
information on revenue.
Nature of revenue
Revenue consists of passenger airfare revenue, taxi fare revenue, and sale of snacks and drinks on
flights.
The prior-period figures only include revenue on taxi fares. The budgeted figures were projected
based on the shareholders' perception of how lucrative the airline industry is.
Revenue on sales of snacks and drinks is recognised at the fair value of consideration received.
SANATACO entered into a service level agreement with GoodBuy (a grocery retail store) to sell
passenger airline tickets to its customers. In terms of the service level agreement, GoodBuy outlets
will be paid a flat rate as an administration fee plus a commission based on the number of tickets sold.
SANATACO prepares a schedule of the amount payable by GoodBuy outlets on a daily basis based
on the daily airline ticket sales. The GoodBuy outlets check the schedules for their accuracy and, if
satisfied, sign them and return them to SANATACO. The payments are then made to SANATACO by
the GoodBuy outlets within 24 hours of receipt of the acknowledgement of the schedules. The
payments are made net of administration fee and commission.
GoodBuy has outlets across South Africa, which are easily accessible to SANATACO customers.
Currently, SANATACO airline tickets can only be purchased at a GoodBuy outlet.
When purchasing an airline ticket, a customer is required to present the cashier with an identity
document or passport of the individual wishing to travel. The booking of the flight is done by the
cashier on the computer which is linked to the SANATACO system via a wide area network. Access to
the computer, on which the purchase of airline tickets is made, is limited to authorised cashiers.
HJB
86
AUE4862/102
ZAU4862/102
NAU4862/102
The cashier captures the customer’s name according to the identification document provided, date,
time and place of departure, and destination. The computer automatically draws the ticket price from
the airline tickets master file and checks the availability of seats. The computer numbers purchased
tickets sequentially and also keeps a log of tickets purchased.
The airline tickets vary in price depending on when they are purchased. The ticket cost comprises the
selling price, VAT, airport taxes and travel insurance.
Customers, who purchase their tickets at least three months in advance of the date of their travel,
receive a discount on the price of the ticket purchased. Tickets purchased on discount can only be
used for the flight specified when making the booking. If it is not used, the customer forfeits the
amount paid.
There are also no cash refunds on tickets purchased at the normal price. If a customer does not wish
to use the ticket purchased anymore, the customer may redeem the ticket value for a voucher that
may be used in any of the GoodBuy outlets. Tickets are redeemable within seven days from the day
the customer was due to travel.
The airline ticket price list is reviewed on a daily basis by the financial director and amended if
necessary.
REQUIRED Marks
(a) Describe the significant audit risk of SANATACO and the SANATACO group at the
overall financial statement level. 10
(b) Describe the risk of material misstatement for revenue on the sale of airline tickets at
the assertion level for SANATACO. 4
(c) Describe how the assessment of the risk of material misstatement for revenue on the
sale of airline tickets at the assertion level will affect the nature, timing and extent of
the planned audit procedures for revenue. 9
(d) List the controls that SANATACO should implement to ensure the occurrence and
accuracy of the airline tickets sales by GoodBuy outlets. 11
Total 34
(Source – Unisa test 1, 2012)
HJB
87
AUE4862/102
ZAU4862/102
NAU4862/102
You are a first-year trainee accountant at Sakhile & Davids (S&D), a firm of registered auditors. S&D is
a medium-sized audit firm in South Africa (SA) with offices in Cape Town, Durban, Mangaung and
Johannesburg. In the past year, S&D won major tenders to be the statutory auditors of companies
including SA’s biggest mobile operator, one of SA’s manufacturers and distributors of beer, and SA’s
national airline. As a result, S&D increased its first-year trainee accountant intake for 2013 by 70%
when compared to the prior year.
Shortly after joining S&D in January 2013, you were assigned to the audit team conducting the audit of
Cottonworth. Cottonworth is an investment holding company and one of the top 100 companies listed
on the JSE Ltd. Its core business is the provision of retail and financial services to upper- and middle-
income groups mainly in South Africa, the United Kingdom (UK) and New Zealand. Cottonworth
operates through the following subsidiaries:
Farm Road Limited (hereafter referred to as FRD). FRD is based in the UK and offers apparel
and homeware in its own retail stores and through concessions in major UK department stores.
The functional currency of FRD is the pound. FRD is audited by an audit firm in the UK.
You are responsible for the audit of the following accounts of CPL for the year ended
28 February 2013:
Land and building rentals comprise rentals for all retail stores in the urban areas and shopping malls.
Plant and equipment comprise mainly the rental of a factory and machinery used in the production of
food products. Each of the lease contracts has its own lease terms; however, all the lease contracts
require CPL to pay compensation should the contract be terminated prior to its termination date. CPL
has terminated some contracts in the past prior to their termination date and has identified some
contracts to be ended prior to their termination date in the 2014 financial year. The early termination of
lease contracts is as a result of the development of new malls close to existing ones providing better
lease terms. The provision for onerous lease commitments is recognised in respect of these early
lease terminations.
HJB
88
AUE4862/102
ZAU4862/102
NAU4862/102
Merchandise consists of clothing, food, homeware and beauty products. Most of the clothing products
are purchased from suppliers in China and India. These suppliers’ accounts are settled in their
respective currencies. Prior to yearend, a free-on-board (FOB) transaction was concluded with the
Chinese supplier and this stock was at sea at year end. The cost of food products that are produced
by the company is determined using standard costing. The majority of the allowance above is the
mark-down of clothing merchandise at the end of seasons. The cost of raw material includes work in
progress.
Prior to the merchandise being sold on credit, customers are required to open an account. Once the
account has been approved (after performing the credit checks), a customer is allocated an account
number and credit limit and is given a card in order to make purchases. The credit terms of sale of
merchandise on credit are as follows:
Settlement of the account in over six months but within 12 months – interest is charged on the
outstanding amount after six months at the prime rate.
Settlement of the account in a period beyond 12 months – interest is charged at the prime rate
plus 3% on the amount outstanding after 12 months. Interest is charged at the prime rate for
any balance outstanding between 6 and 12 months.
The applicable financial reporting framework of Cottonworth and its group is International Financial
Reporting Standards.
HJB
89
AUE4862/102
ZAU4862/102
NAU4862/102
REQUIRED Marks
1. Describe the risks of material misstatement at the overall financial statement level of
Cottonworth Holdings Limited and its group for the year ended 28 February 2013 7
2. Describe the risks of material misstatement at the assertion level for the year ended
28 February 2013 of Cottonworth (Proprietary) Limited on the following accounts: 15
Operating lease expense
Inventory
Trade and other receivables
Note: Ignore the risks relating to presentation and disclosure.
Total 22
(Unisa test 1 – 2013)
BACKGROUND INFORMATION
You are a third-year audit trainee at the audit firm TOE Incorporated (TOE). TOE has recently been
appointed as the auditor of Top-Electric (Pty) Ltd (Top-Electric).
Top-Electric owns and operates 15 retail stores in South Africa and provides electrical equipment
including televisions, DVD players, portable radios, irons, ovens, cordless phones, etc., to the general
public. Since its inception in 2005, the company has established itself as the leading conglomerate in
South Africa in electrical equipment, offering the public low and competitive prices. Through increased
brand awareness and radical marketing strategies, Top-Electric continues to grow in popularity and
size.
Top-Electric has succeeded in winning over the South African consumer by fulfilling its promise to
provide the widest variety of electrical products at the lowest retail prices. Its continuous battle against
inflation-based price escalation has given it the nickname “inflation rebel”.
Top-Electric's financial year end is 31 March 2011 and the financial director indicated that he would
like to have the final audit report on 20 April 2011 at the latest.
You have been assigned by the audit manager to review the controls that Top-Electric currently has in
place over the ordering and receiving of goods and to comment on the draft report on significant
deficiencies in internal controls. You have been provided with the following working papers and other
documentation:
HJB
90
AUE4862/102
ZAU4862/102
NAU4862/102
Entity name: Top-Electric Prepared by: A Morgan Year end: 31 March 2011
AA – 1
Reviewed by: DH Mabotja Date: 3 January 2011
Information on the acquisition and payments cycle: Ordering of goods
General
Top-Electric’s retail stores purchase goods (electrical equipment) over the internet and then sell
the goods to the general public.
Each of the 15 retail stores is responsible for ordering and receiving its own goods.
Standardised procedures (stipulated in the Standardised Procedures Manual) are established
by Top-Electric’s management, and should be followed by the retail stores for consistency
purposes.
Discussions with management at each of the 15 retail stores revealed that only 7 of these retail
stores’ personnel were aware of the existence of such a manual.
A predetermined mark-up percentage is added to the purchase price of an item to calculate the
selling price to the public. This mark-up percentage is stipulated in the Standardised
Procedures Manual.
Ordering of goods
Top-Electric’s management believe that using the internet is the best way of doing business.
They believe that the most competitive prices are obtained through thorough internet research
and bulk purchases.
Each retail store has its own ordering department with a number of order clerks. The number of
order clerks depends on the size of the retail store. At this stage, there are 16 order clerks at
the largest store and 4 order clerks at the smallest store.
Each order clerk is equipped with a personal computer with internet access. Their main task is
to search on the internet for low and competitive prices with discounts on bulk purchases.
As soon as an order clerk identifies a “bargain” on the internet, that clerk has the authority to
immediately place an order with the relevant supplier.
The order clerk has to obtain an order confirmation document from the supplier, which is then
filed in an order file that is kept by each order clerk.
HJB
91
AUE4862/102
ZAU4862/102
NAU4862/102
Entity name: Top-Electric Prepared by: A Morgan Year end: 31 March 2011
BB – 1
Reviewed by: DH Mabotja Date: 3 January 2011
Information on the acquisition and payments cycle: Receiving of goods
Receiving of goods
The goods receiving department receives a copy of the order confirmations from the ordering
department.
Each of the retail stores has its own goods receiving department and warehouse with a
number (depending on the size of the retail store) of goods receiving clerks.
Upon arrival of the supplier’s delivery vehicle, goods are offloaded into the goods receiving
area.
Any available goods receiving clerk then obtains the delivery note from the supplier’s truck
driver and checks that the quantity of the received goods corresponds with the supplier’s
delivery note.
Consistent problems with theft have been experienced at six of the retail stores, which have
led to major losses for Top-Electric. Management are under the impression that the problems
are experienced owing to fraudulent activities by some of the company’s personnel. These
cases of theft are still under investigation.
REQUIRED Marks
1. Identify the weaknesses and discuss the potential business risks of each weakness
relating to the ordering of goods as evident from the background information and
working paper AA – 1. 20
Note: Do not include any weaknesses or business risks relating to the use of the
internet as part of your answer.
2. Recommend in detail improvements to the current receiving of goods function of the
company as described on working paper BB – 1. 10
Total 30
(Unisa test 2 –2011, adapted)
HJB
92
AUE4862/102
ZAU4862/102
NAU4862/102
BACKGROUND INFORMATION
You are the audit senior at Green Auditors Inc responsible for the 30 September 2012 audit of Save-a-
Rhino Pty (Ltd) (Save-a-Rhino). Save-a-Rhino has been a wholly owned subsidiary of South Africans
Against Rhino Poaching Ltd (SAARP) since December 2010.
Despite increased public awareness, numerous donations and various tip-offs, 448 known cases of
rhino poaching were reported during 2011. During 2012 (prior to April 2012), an alarming 162 cases
were reported. The main purpose of Save-a-Rhino is to raise public awareness and support for the
ongoing and ever-increasing war against rhino poaching in South Africa through an independent web-
based platform. Save-a-Rhino’s objective is to
act as an online rhino poaching reporting system (with an online form for tip-offs that are routed
directly to the South African Police Service); and
collect donations from both private and corporate donors. (In the interest of transparency,
information on all funding allocations is made available on the website.)
Donations are received from both local donors and international donors (both on an ad hoc and an
ongoing basis). For all donations greater than R100 000, a logo of the donor company and a website
link to the donor company’s website are placed on the Save-a-Rhino website. The website only allows
once-off donations of up to R10 million. Thereafter, the donor is required to contact a Save-a-Rhino
delegate personally to arrange payment. Donors making donations exceeding R10 million are referred
to as VIP- (very important person) donors and are allowed to attend board meetings where the
allocation of their donation is discussed.
For the year ending 30 September 2012, a total of approximately R64 million was received from
private and corporate donors. Save-a-Rhino retains 5% of all donations for administrative purposes
and also receives a monthly administration fee from SAARP of R200 000 to fulfil its duties
(administration fees are mainly used to cover salary and wage expenses).
The board of Save-a-Rhino is responsible for allocating donations to various crucial initiatives. The
initiatives are focused mainly on training and the purchase of vital equipment for rhino protection
projects in provincial reserves. The board consists of six independent rhino specialists (with expertise
in rhino management, research and security), the CEO (Chief Executive Officer) and the CFO (Chief
Financial Officer) of both SAARP and Save-a-Rhino. The board meets once a month to decide on
allocations of funds to initiatives.
Donations may be made by credit card, direct deposit or PayPal. A PayPal account is not a bank
account, but a virtual wallet that may be used to securely and conveniently pay for goods and services
online. PayPal protects the donor’s financial information with industry-leading security and fraud
prevention systems. When a donor uses PayPal, his/her financial information is not shared with Save-
a-Rhino. A payment notification should be sent by the donor directly after making the payment to
Save-a-Rhino either via fax to 082 888 8888 or via e-mail to info@save-a-rhino.com.
HJB
93
AUE4862/102
ZAU4862/102
NAU4862/102
For direct deposits, Save-a-Rhino’s banking details are provided on its website. An additional SWIFT
code is given for international donors. A SWIFT code is a unique identification code for a particular
bank. These codes are used for transferring money and messages between banks.
A link to www.paypal.com is given on the Save-a-Rhino website for any PayPal donations (with fields
similar to the fields for credit card donations, but Save-a-Rhino will not be able to view this
information).
The following is an extract from the Save-a-Rhino website, setting out the fields to be completed by a
donor making an online credit card donation:
Donation
Amount (ZAR
Donate online using your credit card? (This box needs to be ticked by the donor if
he/she wishes to donate through the use of a credit card.)
Title Mr
(with a list of possible titles to choose from)
First name
Surname
E-mail address
Phone
City
State/Province
Country
● Private donor
Corporate donor
Payment information
Credit card type (with a list of possible credit cards)
Credit card number
CVV number
(The CVV number is the special 3-digit code on the back of the donor’s
credit card.)
Month and year of credit card expiry date
The donor then has to agree to the terms and conditions (available on the website)
by selecting the “I agree with the terms and conditions” option.
REQUIRED Marks
1. Discuss the business risks that Save-a-Rhino (Pty) Ltd faces when receiving
donations and donors’ personal information over the internet. 10
2. Describe the additional computerised (programmed) controls that should be
implemented by Save-a-Rhino to ensure the accuracy of the online process for credit
card donations. 5
Total 15
(Unisa test 4 – 2012)
BACKGROUND INFORMATION
You are an audit partner at Motaung & Khoza Inc (Motaung & Khoza), a medium-sized auditing firm
based in Southern Africa. You were promoted to partnership seven years ago, after being with the firm
for 11 years.
Description
Working paper B1: New company website
HJB
95
AUE4862/102
ZAU4862/102
NAU4862/102
Until recently, orders were placed via the call centre and by mail. The demand for the Paparazzi
magazine has increased “as not only teenagers have shown interest in the lives of the celebrities but
grown-ups as well”. To handle this increased demand and to ensure efficiency, Paparazzi established
a website, www.paparazzi.co.za, for the placing of orders. Only South African retail outlets and
magazine subscribers may place orders via the internet at this stage.
Paparazzi reached an agreement with a national courier company to deliver magazines ordered via
the internet.
Paparazzi’s website was developed by GTEC Website Design Co, known to be the best in South
Africa. Clients were able to place orders from the beginning of January 2009. The website has been
well promoted and can easily be found using various search engines.
South African retail outlets and subscribers are required to register as users on the website prior to
placing orders. When the user registers as a retail outlet, the company registration number and VAT
number are required as mandatory fields. This enables Paparazzi to validate the entity. To access the
website the users will have to log on using a username and password and the contact details they
have chosen when registering as users on the website. Different prices are charged to retail outlets
and individual subscribers; as a result, users are charged differently, depending on how they have
registered.
Orders are dispatched from Cape Town, Durban or Johannesburg. Users are required to choose their
nearest location when placing orders. Orders may be placed at any time of the day. Once an order is
accepted as valid, instructions to dispatch the goods are automatically generated by the system.
Delivery is made within 48 hours from the time the order has been placed.
HJB
96
AUE4862/102
ZAU4862/102
NAU4862/102
REQUIRED Marks
(a) Regarding working paper B1 (New company website):
1. Describe the risks to Paparazzi of allowing access to its data and trading of its
magazines via the internet, and the key control measures which should be
implemented to counter these risks. 16
BACKGROUND INFORMATION
You are a first-year trainee accountant at Effortless Auditing Incorporated (EA), a medium-sized audit
firm in Pretoria. The firm aims to be at the cutting edge of information technology and uses advanced
information technology in its audit engagements. EA has recently been appointed as the auditors of
Express Railway Services (ERS) Ltd. Mr DJ Wolf is the partner in charge of the audit engagement.
ERS is at the forefront of transforming South Africa’s railway transport services. ERS has two main
sources of income: daily luxury express train services in the main business centres of the country and
long distance inter-city rail services. Currently, ERS operates only within the borders of South Africa.
ERS has entered into various public-private partnerships with the South African government to
upgrade railway infrastructures across the country. Increases in fuel prices over the last five years
have led to an increased demand for alternative means of transport for the average South African
consumer. ERS’s ability to provide affordable and reliable services has enabled them to show steady
increases in their profits, and the company’s share price has responded positively. The share price of
ERS currently trades at R41,40 per share on the JSE.
Information technology (IT) has been one of ERS’s cornerstones since its inception ten years ago.
Significant investments are being made in developing IT systems. Currently 90% of its ticket sales
take place via the internet.
HJB
97
AUE4862/102
ZAU4862/102
NAU4862/102
Owing to the excellent growth in revenue and passenger numbers over the years, internet traffic and
system load have increased dramatically. ERS is in the process of upgrading its website and plans for
the upgraded system to be operational by the end of April 2014. You have held discussions with the
financial manager of ERS, Mrs Phutago, who is responsible for the systems upgrade. She mentioned
that the company’s board of directors had basically given her an open cheque book and only wanted
to receive feedback once the project has been signed off. She also mentioned that the Chief
Information Officer (CIO), Mr T Kahal, reports directly to her office as the success of the upgrade will
have a direct impact on the integrity of the financial reporting system.
A web page that allows customers to perform a search on the availability and costs of seats on
the trains of their choice.
A customer who identifies an available seat on a train is able to book the seat by providing his or
her name, surname, ID or passport number, cell phone number, e-mail address and method of
payment. Customers should also specify whether or not it is for a one-way or return ticket. A
2,5% discount is applicable to all bookings that are made on a return basis. Weekly and monthly
coupons are offered at a 5% discount to passengers using the luxury express trains.
According to ERS’s policy, unaccompanied passengers of younger than 12 are not allowed to travel
on any of its trains. The fares for passengers of younger than 12, accompanied by an adult, are 50%
less than the normal fare.
Ticket fees are determined monthly by the Fees Committee and forwarded to the IT department on the
last day of each month to ensure that it is effective from the first day of the following month. A railway
levy has to be paid by every passenger and it must therefore be added to the train fare. These levies
are calculated based on the stations of departure and arrival. For example, if the destination is
Durban, the passenger has to pay the Durban station levy.
Once a customer confirms a booking on the website, he/she has 48 hours to pay for the ticket.
Payment may be made either online by way of a credit card transaction (via a secure connection) or
by an electronic funds transfer (EFT) when making the booking; proof of payment must be faxed to the
head office. The customer may also pay directly at a kiosk at the train station, but only if the booking is
done at the kiosk. The payment method at the kiosk is either cash or credit card. The ticket fee is
recognised immediately as revenue at the time when payment is made by a customer. The database
is updated immediately and the seat is reserved. The ticket is issued electronically (via e-mail) to the
customer shortly after payment has been made. At the end of each day, the passenger transaction file
(PTF) is updated to the general ledger
Train tickets for long-distance routes may be cancelled by customers if ERS is notified of the
cancellation in writing, at least two days prior to the departure date. A penalty amounting to 10% of the
ticket fee is payable upon cancellation. The balance of the ticket fee is then refunded to the customer.
All the train stations on ERS routes are equipped with state-of-the-art electronic turnstiles. The system
controlling the operation of the turnstiles is integrated with the IT systems of ERS. A customer may
only board the train once he or she has presented a valid ticket at the turnstile, which then allows
access to a secured platform where the passengers board the train.
HJB
98
AUE4862/102
ZAU4862/102
NAU4862/102
The installation of the turnstiles was one of the public-private projects that ERS entered into with the
Department of Transport. The turnstiles allow ERS to confirm the number of passengers that have
departed from and arrived at the stations which they selected when booking. Five minutes before the
train is scheduled to depart, the turnstile closes and a passenger list is generated by the system. This
list contains the names of the passengers on board the train. The passenger list is transferred
electronically via a secure direct link between ERS and the Department of Transport. The process was
approved by both parties, as it would automatically calculate the station levy that is payable to the
Department of Transport. This calculation is done by matching the passenger list with the PTF. Any
difference should be followed up by management before payment can be processed.
An automatic EFT is generated by the system on a weekly basis. This EFT has to be authorised by
Mrs Phutago after she has agreed the amount on the EFT voucher to the amount displayed on the
system. The payment may only be released from a dedicated terminal and the financial director as
well as the operations director should approve the EFT payment voucher electronically.
REQUIRED Marks
1. Discuss the risks of material misstatement at the overall financial statement level as
well as the risk at the assertion level for ERS for the year ended 28 February 2014. 12
2. Write a memorandum to Mr Wolf, in which you:
(a) Discuss the specific application controls that relate to the accuracy and
completeness of ERS’s internet reservation system. 14
Note: Exclude application controls relevant to the payments and master
file updates from your solution.
(b) Discuss the additional application controls that you would expect to be present
in ERS’s processing of EFT payments to the Department of Transport, to
consider the occurrence and authorisation thereof. 8
Communication skills: Logical flow and layout 2
3. Discuss any weaknesses in the upgrade of the internet-based reservation system. 4
HJB
99
AUE4862/102
ZAU4862/102
NAU4862/102
QUESTION 9 40 marks
BACKGROUND INFORMATION
You are the audit senior assigned to the audit of Dynamic Food Limited (Dynamic) for the year ended
28 February 2015. The audit firm where you work has been the auditor of Dynamic for the past three
years and has been reappointed through a competitive tender process to complete the audit for the
year ended 28 February 2015.
Dynamic will be your first client in the manufacturing industry and you are looking forward to learn
more about the industry. During a meeting you had with Mr Rupert, one of the co-founders and Chief
Executive Officer (CEO) of Dynamic, you made some notes regarding the company, which are
attached as Appendix A.
You also came across the following article in the Pretoria News:
Dynamic Food Limited seeks help from court over excessive fine
Dynamic Food is once again heading to court over the excessive fine imposed on the company.
Mr Rupert, CEO of Dynamic Food, said in an exclusive interview to Pretoria News that they are not
appealing the verdict, which found them guilty, but are appealing the financial penalty of R46 million.
They feel this amount is outrageous.
“If we have to pay this amount we will have no other alternative than to let some of our personnel go.
The court will just have to step in.”
Dynamic Food has been fined earlier this month by the Competition Commission of South Africa after
an investigation into collusion over tender contracts.
Mr Rupert claims that they are not in a position to pay the fine, as an anticipated loss is expected for
the 2015 financial year. This will be the first time in the history of the company that they make a loss.
The main reasons for the expected loss is the downturn in the economy, and a downturn in sales as a
result of a new competitor that is manufacturing a more cost-effective product.
The following appendix and working paper, relating to the audit of Dynamic Food, has been prepared
by you:
Reference number
Summary of the meeting held with Mr Rupert Appendix 1
Proposed changes to the current time recording and payroll application Working Paper P1
After performing your risk assessment procedures, you have decided to follow a combined audit
approach for the audit of inventory.
HJB
100
AUE4862/102
ZAU4862/102
NAU4862/102
APPENDIX A
Dynamic Food is a food manufacturing and distribution company listed on the JSE Ltd. Dynamic Food
specialises in the manufacturing of various instant food products. All manufactured products are
instant products, which means that only water or milk needs to be added.
The manufacturing department has been the cornerstone of the business since its inception 16 years
ago when Mr Rupert and Dr Matsimela (in-house food scientist and operational director) started the
food manufacturing company. The directors of Dynamic Food collectively own 20% of the company’s
shares and performance bonuses are paid based on the financial results of the company.
The company has all the necessary committees as required by King III and the Companies Act.
Mr Rupert is the chairman of the board of directors and Mr Matsimela has recently been appointed as
the chairman of the audit committee.
Dynamic Food specialises in the manufacturing of instant porridges such as instant maize porridges,
instant sorghum porridges and instant high-protein oats porridges. The company also manufactures
powder for energy drinks such as high-protein shakes and powdered cold drinks. During the 2015
financial year, Dynamic Food also introduced its instant desserts range which includes custard powder
and instant yogurts.
Dynamic Food provides food through tender manufacturing, which is predominantly government
related through the National School Nutritional Programme, and through contract manufacturing for
retail or wholesale customers such as Pick n Pay, Checkers and Dis-Chem.
Currently, Dynamic Food manufactures more than 200 various instant food products, some of which
are manufactured exclusively for the Department of Education through the National School Nutritional
Programme and the rest for retail or wholesale customers. Dynamic Food manufactured approximately
15 000 tons of food products for the 2015 financial year.
The manufacturing plant is situated in Centurion, Gauteng, with distribution warehouses in the Eastern
Cape, Mpumalanga and Limpopo. Two more distribution warehouses will be opening in other
provinces in the coming months.
Because the majority of instant food products have an adequate shelf life with expiry dates within
12 months of manufacture, there are a number of large contracts which involve the selling of these
products on consignment. Dynamic Food has a policy to discard and destroy all unsold food products
after the expiry date.
Inventory is the largest balance on the statement of financial position and consists of raw materials,
work in progress and finished goods. Raw materials are purchased from both local and foreign
suppliers. Dynamic Food takes out foreign exchange contracts to protect itself against adverse foreign
currency fluctuations. Inventory from foreign suppliers is purchased free on board. Despite the
favourable discount negotiations with retail and wholesale customers, there has been a reduction in
the inventory turnover during the year and an increase in the number of customer complaints.
During February 2014, Dynamic Food launched its initiative of “going paperless”. Through this
initiative, all functions within the company will be computerised in order to minimise the use of hard-
copy documents.
HJB
101
AUE4862/102
ZAU4862/102
NAU4862/102
On 1 March 2014 Dynamic Food installed a new fully computerised, integrated sales and purchases
application. This has resulted in changes to both the general and the application information
technology (IT) controls throughout the organisation. The internal audit department was involved in the
conversion project and gave positive feedback on the implementation of the new IT controls.
Mr Rupert requested us to also include the testing of the general and the application controls as part
of our audit of inventory, as he would value our feedback.
The next step in the “going paperless” initiative will be the installation of a fully computerised,
integrated time recording and payroll application.
HJB
102
AUE4862/102
ZAU4862/102
NAU4862/102
The human resources department is under the control of Mrs Ontime, the human resources director.
During the current financial year, many personnel problems were experienced in this department and
Mrs Ontime was appointed in January 2015 to get things back on track. Mrs Ontime is responsible for
all staff appointments and resignations. Dynamic Food has a labour force of 50 permanent employees
and 350 hourly paid wage workers. Of the hourly paid wage workers, 250 are stationed at the
Centurion manufacturing plant and 100 at the distribution warehouses. There are five plant
supervisors at the manufacturing plant, each of whom is responsible for a team of wage workers and
who report to the plant manager.
Presently, the time recording function for the 250 wage workers at the manufacturing plant is
performed using properly designed clock cards, which are created for all wage workers in terms of the
employee master file. New clock cards are printed on a Monday morning and are available at the
entrance to the plant. The wage worker has to insert his/her clock card into a timing device to record
times of entry or exit.
The normal and overtime hours worked per wage worker, per week, are manually calculated by the
respective plant supervisors and approved by the plant manager. The payroll is prepared on a weekly
basis and the wage workers receive their weekly wages through an electronic funds transfer (EFT) on
a Friday afternoon.
As part of the “going paperless” initiative to computerise all functions within the company, Dynamic
Food is in the process of buying a new computerised time recording and payroll application. It was
one of Mrs Ontime’s responsibilities to investigate the possibilities of a new system and she came
across the following article:
Iris scanners perform recognition detection of a person’s identity by mathematical analysis of the
random patterns that are visible within the iris of an eye from some distance.
Iris scanning is an ideal way of biometric identification since the iris is an internal organ that is
largely protected from damage and wear by the cornea. This type of identification is more attractive
than fingerprint identification, as fingerprints can be difficult to recognise after several years of
certain types of manual labour.
The Iris Identification Scanner is a time attendance system that tracks employee attendance,
including when they clock in, when they clock out, and if they showed up when they were scheduled
to work.
HJB
103
AUE4862/102
ZAU4862/102
NAU4862/102
Mrs Ontime envisions that the new system will work as follows:
All permanent data, such as employee names, employee numbers and pay rates required for the
preparation of the payroll, will be stored in the employee master file.
An Iris Biometric Identification Scanner will be installed at the entrance to the manufacturing plant.
Upon entering and leaving the plant, the wage worker will have to scan his iris with the biometric iris
scanner.
The system will record the entry and exit times and at the end of the day, will automatically transfer
the hours worked to the payroll application.
When the payroll is processed, the payroll application software automatically calculates the total hours
worked for the week.
These calculated hours and the permanent data in the employee master file will be used by a
dedicated payroll clerk to prepare the payroll.
The payment of the wages will still take place on a Friday afternoon via an EFT.
REQUIRED Marks
1. Describe the risks of material misstatement at the overall financial statement level for
Dynamic Food Limited, which are evident from the information provided. 10
2. Describe the risks at assertion level relating to the existence and valuation of inventory
for Dynamic Food Limited. 8
3. Discuss the reasons why you would have decided on a combined audit approach for 10
the audit of inventory. Also discuss the timing and extent of the planned audit
procedures for inventory.
You are not required to discuss the type of audit procedure in your solution.
Communication skills: Logical argument 1
4. Describe the application controls that you would expect to be present in the new
proposed computerised time recording and payroll application to ensure that the hours
worked, as recorded on the payroll, are complete, accurate and valid. 10
You do not have to address any controls relating to the transfer of data.
Communication skills: Formulation of recommendations 1
HJB
104
AUE4862/102
ZAU4862/102
NAU4862/102
(a) (i) Factors that Motholo & Terblanche should have considered prior to accepting the
reappointment as statutory auditors of Billing4U Limited
1. Independence
1.1 The audit partner (Gareth Lewis) has been the partner in charge of the audit for a
period of more than 10 years, which creates a familiarity threat to independence.
(2)
1.2 Gareth Lewis is in contravention of the Companies Act for having been the audit
partner of Billing4U Ltd for a period of more than five years. (1)
1.3 The safeguard that Motholo & Terblanche can apply is to rotate the audit partner.
(1)
1.4 Billing4U Ltd is the largest client of Motholo & Terblanche in terms of the
revenue generated. This would create a self-interest threat to independence. (2)
1.5 The rest of the audit team members (excluding the audit partner) will be involved
in assisting Billing4U in the preparation of tax returns. (1)
1.6 In terms of the CPC 290.183, the preparation of tax returns does not create a
threat to independence if management take responsibility for the returns,
including any significant judgements made. (1)
4. Engagement letter
4.1 The statutory engagement letter must be signed and it will highlight the following:
the responsibility of the auditor to report a reportable irregularity if it exists as
well as management’s overall responsibility for tax returns. (2)
5. Other matters
5.1 Billing4U might be experiencing going concern problems and may not be able to
settle the audit fee. However, Billing4U has enjoyed long association with
HJB
105
AUE4862/102
ZAU4862/102
NAU4862/102
5.2 Motholo & Terblanche and recoverability of audit fees does not appear to have
been a problem in the past. (2)
5.3 The fact that the auditors have to rely on work performed by other auditors
should be taken into account, as Billing4U acquired 3 companies during the year.(2)
5.4 There is additional reliance by a third party, as Billing4U is going to apply for a
loan based on its financial statements. (2)
5.5 The client’s reputation should be considered because the client is being sued by
the mayor. (1)
Available 24
Maximum 13
(a) (ii) Risk of material misstatement at the overall financial statement level of Billing4U
and at the group level
Risk indicator Description of risk
1. Billing4U Ltd is listed on The AFS may be materially misstated to enable Billing4U to meet
AltX of the JSE Ltd. the AltX listing requirements. (1)
The AFS may be materially misstated in order to meet the
shareholders' expectation. (1)
2. CEO Julius Zille The AFS may be materially misstated, as the control environment
deliberately provided the might be compromised by lack of integrity of the
mayor incorrect information. CEO/management. (1)
3. Directors receive share The AFS may be materially misstated by overstating revenue/
options driven by the profit income and understating expenses as well as manipulation of
for the year and directors profits to increase the directors’ benefits. (1)
have a significant share-
holding in the company.
4. Change in the financial year The AFS may be materially misstated, as the items in the
end. financial statements might not be properly accounted for in the
correct period. (1)
The AFS may be materially misstated, as the change in year end
might not be done in compliance with the Companies Act
requirements. (1)
5. Going concern. The financial statement may be inappropriately presented on the
going concern basis because of the following: (1)
loss of major client, resulting in loss of revenue (City of
Johannesburg); (1)
not having enough cash to settle the lawsuit of R210 million; and
(1)
going concern problems may give management the opportunity to
manipulate the financial statements to show a favourable
position. (1)
Max (4)
6. Loan depends on the The AFS may be materially misstated, as the assets/revenue
audited financial might be overstated and liabilities/expenses understated in order
statements. to obtain the loan (fraudulent financial reporting). (1)
7. Billing4U operates within a The AFS may be materially misstated, as the related
group. party/intergroup relationships and transactions might not be
properly accounted and disclosed in Billing4U’s financial
statements. (1)
The AFS may be materially misstated, as this is the first year
consolidated financial statements will be prepared. (1)
HJB
106
AUE4862/102
ZAU4862/102
NAU4862/102
PART b
1. There is a risk that administrative fee income of the next period might be accounted
for in the current period to inflate profits because management have share options
based on profits and there are going concern issues (occurrence, cut-off). (1)
2. There is a risk that municipalities might be charged incorrect rates, as the rates are
driven by the number of residents billed per month and vary per month, and because
various files are received from different municipalities (occurrence, accuracy,
completeness). (1)
3. There is a risk that all the complaints and resulting penalties are not taken into
account for calculation of the net administration fee (completeness). (1)
4. There is a risk that VAT is subtracted not from the net fee income (excluding the
penalty charged) but from the full fee income (inclusive of the penalty charged)
(accuracy). (1)
5. The administrative fee income could be calculated using the incorrect penalty
percentage (1) / original fee (1) / number of residents (1) (accuracy). Max (3)
6. The provision for the July penalties may be incorrectly calculated due to the many
problems that occurred during the year (accuracy). (1)
7. The provision for the July penalties may not be included in the net fee income (cut-
off). (1)
HJB
107
AUE4862/102
ZAU4862/102
NAU4862/102
8. There is a risk that the net administrative fee accounted for in the general ledger might
be inclusive of VAT and penalties charged (accuracy). (1)
Speedbill 9000
1. There is a risk that the costs may not be properly treated. (1)
1.1 Costs capitalised to the intangible assets are not qualifying costs (e.g. training
costs) (accuracy). (1)
1.2 The costs qualifying to be capitalised (e.g. feasibility study costs) might not be
capitalised (existence, completeness). (1)
2. There is a risk that the foreign invoice with regard to the purchase of Speedbill 9000
might not be translated at the correct exchange rate when the risks and rewards pass
to Billing4U (valuation, accuracy). (1)
3. There is a risk that the translation of the FEC asset or liability might not be properly
calculated (accuracy). (1)
4. There is a risk that FEC gains or losses might be incorrectly accounted for in the cost
of the Speedbill 9000 (valuation, accuracy). (1)
5. There is a risk that the Speedbill 9000 might be amortised over the incorrect useful life
(valuation). (1)
6. There is a risk that the intangible asset is not assessed for impairment as required by
IAS 36, as management did not deem it necessary to do an impairment test, especially in
view of the complaints received, which might be software related (valuation). (1)
Presentation: Language and logic (1)
Available 19
Maximum 11
PART C
Weaknesses in the procedures followed by Billing4U Ltd, which relate to the purchase,
conversion, testing and post-implementation of Speedbill 9000
HJB
108
AUE4862/102
ZAU4862/102
NAU4862/102
HJB
109
AUE4862/102
ZAU4862/102
NAU4862/102
HJB
111
AUE4862/102
ZAU4862/102
NAU4862/102
PART D
The computerised (programmed) application controls you would expect to see to ensure the
following:
(i and ii )The occurrence and authorisation (validity) as well as the completeness of the
capturing of lodged complaints by the temporary clerks
HJB
112
AUE4862/102
ZAU4862/102
NAU4862/102
HJB
113
AUE4862/102
ZAU4862/102
NAU4862/102
MARKERS’ COMMENTS
General
Some students wrote their answers in paragraphs instead of providing the answers
in bullet form. This resulted in them losing presentation marks.
It was evident that many students did not read the "required" section properly in
order to identify what exactly was expected of them.
Some students were in a rush to write their answers down without proper planning.
This resulted in students rambling, wasting time, and losing marks.
Part (a)(i)
Students performed generally very well in this part of the "required" section.
Many students did not apply the theory to the scenario and merely listed generic
considerations without making it relevant to the scenario, despite the fact that the
"required" section clearly requested a discussion.
Some students considered the long association (period of more than 5 years) a
Companies Act contravention by the audit firm. This is incorrect, as the long
association is only a contravention of The Companies Act if the audit partner has
been serving for a period of more than 5 years.
Students would identify that there were threats to independence (such as the large
portion of revenue that the audit firm was receiving from the client), but would fail to
identify the specific threat that was applicable (i.e. self-interest threat). Some
students also listed all the independence threats, which demonstrated that the
student was unsure about the specific applicable threat.
HJB
114
AUE4862/102
ZAU4862/102
NAU4862/102
Students wrongfully identified the fact that the auditors assisted with the completion
of tax returns, as a self-review threat. This is not necessarily a self-review threat in
accordance with the CPC (please refer to paragraph 290.183 of the CPC).
Some students lost easy mark by failing to comment on the fact that an engagement
letter needed to be prepared.
There were students that made the mistake of stating that the auditors should
contact the previous auditors. This is not correct, as this is not a new audit
engagement but a recurring engagement for Motholo & Terblanche.
Part (a)(ii)
Most students included audit risks in their solutions. This was not required. For
instance, if the risk indicator is that the financial statements will be used to apply for a
loan, the risk of the auditor’s third party liability is an audit risk, and not a risk of
material misstatement. The correct risk of material misstatement in this example
would be that management might be inclined to overstate income/assets and
understate expenses/liabilities, in order to show a favourable financial position to the
loan providers.
Some students did not word the risks properly, and tended to write audit objectives
or a list of suggestions. The correct manner is to identify the risk indicator from the
scenario, and then to explain properly why this specific indicator is a risk of material
misstatement by explaining how the financial statements might be misstated due to
this specific indictor.
Most students stated the risk in relation to change of software. This is incorrect, as
this is not a risk at the overall financial statement level. The change of software only
applied to the billing of residents; it was not the software used to process the
financial statements.
Part (b)(i)
Once again, students tended to write audit objectives or a list of suggestions, without
explaining what the risk is. Some students formulated their risks in a very vague
manner by for instance writing that cut-off is a risk, without explaining why it is a risk,
or linking it to the scenario.
Most students did not seem to have understood the scenario very well. Students
listed the risks in relation to meter readings as part of describing the risk for the net
administrative fee. This is incorrect, as the administrative fee is not derived from the
meter reading and electricity charged for residents by Billing4U, but is charged for
the service it provides for municipalities in relation to the number of residents.
The specific account balance (e.g. admin fee income) should be used to describe the
risk. Most candidates resorted to stating generic assertion level risks.
HJB
115
AUE4862/102
ZAU4862/102
NAU4862/102
The assertions level risks relating to the Speedbill 9000 system were generally
answered well.
Part (c)
Students quoted the words from the scenario when identifying a weakness, rather
than interpreting the information at a higher level.
The obvious weaknesses were often identified, but many students failed to identify
the more difficult weaknesses.
Students did not seem to understand the difference between testing a conversion
and testing software developed from scratch.
Part (d)
Many students listed input control terms without applying them to the case study.
The input control terms used and the description thereof often did not match.
Students obtained most of their marks from writing down access controls and not
from recommending controls pertaining specifically to this case study.
Many students recommended controls that were not applicable to the scenario.
Many students did not understand the system whereby information is received
telephonically. Therefore, they reverted to generic manual controls according to the
standard transaction cycles.
Students struggled with the part on master files and the application thereof.
Students did not seem to understand the risks involved in the case study and the
effect thereof on the specific applicable controls.
Many students formulated audit procedures to test the system controls, rather than
writing down the recommended controls.
(a) Concerns about the draft engagement letter prepared by the trainee accountant
1.1 The engagement letter is addressed to the Accountant of Howzit (Pty) Ltd, rather
than to the company’s board of directors (ISA 210.9) (1)
1.1.1 Although ISA 210 allows for the engagement letter to be addressed to an
appropriate member of management or those charged with governance, the
purpose of establishing the terms of the engagement is negated as, for
example, management’s commitment to meeting their responsibilities to the
audit are confirmed. (1)
HJB
116
AUE4862/102
ZAU4862/102
NAU4862/102
1.1.2 Even if the accountant formally accepted the terms of the engagement
letter, it is doubtful that the company would be bound by it, should he not
have been given the authority by the board of directors to contract on behalf
of the company. (1)
1.2 It is a concern that the engagement letter states that an audit of the financial
statements will include the certificate by the company’s directors and that it will be
audited. (1)
1.3 The engagement letter incorrectly states that the objective of an audit is to express
an opinion on the correct presentation of financial statements. (1)
1.4 The engagement letter indicated that the audit is to be conducted in accordance
with the CPC and King III. This is incorrect, as they contain guidelines on ethics
and principles and the audit should be conducted using International Standards on
Auditing. (1)
1.5 The level of assurance to be obtained about the financial statements is not
specified, for instance, reasonable assurance. (1)
1.6 The paragraph outlining the inherent limitation of an audit has been omitted, which
should indicate that there is always a risk that some material misstatements may
remain undiscovered. (1)
1.7 The engagement letter incorrectly states that an opinion on the effectiveness of
internal controls will be expressed as part of the statutory audit. (Note that
significant deficiencies in internal controls should be documented and reported to
management.) (1)
1.9 The engagement letter does not contain a section allowing for client
acceptance/signature. (1)
1.9.1 If the client does not sign the engagement letter, there will be no contractual
relationship between the Storm and Howzit. (1)
1.10 The statement that the engagement letter will be effective for future years, unless
terminated or amended, is a concern. (1)
1.11 The engagement letter does not refer to the accounting framework used to prepare
the financial statements to be audited. (1)
1.12 It is a concern that the provision for non-assurance work (calculation of current and
deferred tax liabilities/assets) is included in a statutory audit engagement letter. (1)
1.13 There is no reference to the form and content of the auditor's report. (1)
1.14 There is no indication that there is unrestricted access to persons within Howzit,
who are determined necessary to obtain audit evidence. (1)
Available 17
Maximum 10
HJB
117
AUE4862/102
ZAU4862/102
NAU4862/102
2. Terms of the Code of Professional Conduct of SAICA and the Auditing Profession
Act, 2005 (APA)
2.1 The sentence highlighting that the financial director’s daughter will be part of the
audit team is a concern. (1)
2.1.1 The inclusion of the financial director’s daughter in the audit team will create
a familiarly threat/intimidation threat. (1)
2.2 The fact that the auditor has agreed to a fixed fee for five years is a concern. (1)
2.2.1 With the fixed fee, any subsequent change to the client’s size or complexity
of the audit is likely to result in the fee being inappropriate, as the fee will
not be a fair reflection of the value of the professional service undertaken. (1)
2.2.2 An increase in the size/complexity of the client may result in pressure to
perform less work than is required to express an audit opinion in
accordance with the professional standards (i.e. the fee may indicate a
limitation of scope). (1)
2.3 Given the fact that Howzit is expanding, quotation of the fee at 15% lower than
what the previous auditors had quoted will result in a self-interest threat. (1)
2.4 Preparation for the calculation of current and deferred tax liabilities (or assets) for
Howzit will result in a self-review threat (CPC 290.184). (1)
2.5 The fee for non-assurance service may be considered a contingent fee, as the fee
is based on 10% of tax refundable (outcome). (1)
2.5.1 Contingent fees may create threats to non-compliance with the fundamental
principles (CPC 240.3). (1)
2.5.2 The charging of a contingent fee to Howzit will result in a self-interest threat
(CPC 290.285), also considering that Howzit is the biggest client of Storm in
terms of revenue. (1)
2.6 A paragraph purporting to limit the registered auditor’s liability for any services
rendered (including a statutory audit) is included in the engagement letter. (1)
2.6.1 The limitation of liability for audit services is specifically prohibited by section
46 of the APA. (1)
2.7 The “locking-in” of an audit client into a five-year contract, whereby the client may
not appoint another registered auditor, is not considered consistent with the
fundamental principles of professional behaviour. (1)
2.7.1 Clients have a right to choose their professional advisers and to change
them should they so desire. (1)
2.8 The slogan, “We offer the best audit service in town”, is not considered to be in
good taste (CPC 250) and as such, it contravenes the CPC. (1)
2.8.1 This slogan appears to belittle the service of others, which is contrary to the
requirements of the CPC. (1)
2.9 The engagement letter did not highlight the duty to report a reportable irregularity to
IRBA as required by the APA. (1)
Available 17
Maximum 10
HJB
118
AUE4862/102
ZAU4862/102
NAU4862/102
(b) Audit risk at the overall financial statement level of Howzit for the year ended
28 February 2011
1.1 There is a risk that opening balances might be materially misstated. (1)
1.2 There is a risk that material misstatements could go undetected, as we are not
familiar with the client. (1)
2.1 The AFS may be materially misstated, as the control environment might not be
effective throughout all centres and regions/data from branches might not be
completely included in the financial records. (1)
3.1 The AFS may be materially misstated, as Howzit might not comply with rules and
regulations of these countries, resulting in hefty penalties that might not be properly
accounted for. (1)
4.1 The AFS may be materially misstated, as management might manipulate the
financial results in order to stand a better chance of obtaining the loan. (1)
5. The Competition Commission subpoenaed two senior executives of Howzit for suspected
price-fixing.
5.2 There is a risk of a reportable irregularity, which will result in modification of our
audit opinion. (1)
6. Two senior managers receive share options based on the profit reported.
6.1 The AFS might be materially misstated, as the senior managers might engage in
fraudulent financial reporting in order to reflect better profits to receive the share
options. (1)
7. Temporary staff filling key positions in the accounting department were not performing at
the optimum level for the first two months.
7.1 The AFS may be materially misstated, as there might be errors in the financial
records due to these staff members lacking the required knowledge. (1)
8. Tight audit deadline: The group auditors require the audited financial statements a week
after year end.
8.1 The AFS might be materially misstated, as management might not have enough
time to complete the financial statements and properly identify and disclose the
subsequent events. (1)
8.2 There is a risk that the auditor might express an inappropriate audit opinion, as very
limited post-reporting date information will be available. (1)
HJB
119
AUE4862/102
ZAU4862/102
NAU4862/102
9.1 The AFS might be materially misstated to reflect the results anticipated by the
investors. (1)
9.2 The AFS might be materially misstated, as the control environment could be
compromised. (1)
Available 13
Maximum 10
(c) Evaluation of audit risk and the effect on the overall audit strategy
1. Based on the above audit risks identified at Howzit, the audit risk is assessed as high. (1)
2. Engage more experienced staff, also considering the fact that Howzit operates in a very
complex industry. (1)
4. Lower the materiality level in order to lower the audit risk to an acceptable level. (1)
7. Perform more substantive procedures with more test of detail and fewer analytical
procedures. (Place less reliance on test of control.) (1)
8. Place less reliance on management’s representation given the fact that their integrity is
questionable. (1)
9. Consider the use of an expert in areas where you don’t possess the required skills as
auditors. (1)
1. Revenue
1.1 There is a risk that revenue from foreign countries might not be properly translated
(converted) into rand in the financial statements of Howzit (accuracy). (1)
1.2 There is risk that revenue on airtime might not be recognised on usage but on
purchase of airtime by subscribers (cut-off). (1)
1.3 There is a risk that revenue on monthly services is recognised up-front instead of
when the service is rendered (cut-off). (1)
1.4 There is a risk that revenue on products such as handsets are recognised prior to
risks and rewards associated with the products are transferred to the customer
(cut-off). (1)
HJB
120
AUE4862/102
ZAU4862/102
NAU4862/102
2. Inventory
2.1 There is risk that merchandise purchased from foreign countries might not be
translated (converted) at the correct rate at year end (valuation). (1)
2.2 There is a risk the profit or loss on the FEC is not properly accounted for, resulting
in misstatement of inventory (valuation). (1)
2.3 There is a risk that the airtime not used at year end might be accounted for as
inventory. (1)
2.4 There is a risk that merchandise in transit purchased FOB might not be included in
the inventory balance at year end (completeness). (1)
2.5 There is a risk that the cost for imports that do not qualify to be capitalised might be
capitalised (valuation). (1)
Available 9
Maximum 6
MARKERS’ COMMENTS
General (a)
Some students discussed concerns relating to (a)(2) in (a)(1) and this resulted
in them losing marks, as they did not deal with what was required.
HJB
121
AUE4862/102
ZAU4862/102
NAU4862/102
Some students did not split sections (a)(1) and (a)(2) (in the "required" part) in
their solutions. This resulted in 2 marks being deducted from the total marks
obtained by students. Correct and detailed numbering of answers is
extremely important when answering questions in tests and examinations, in
order to score maximum marks.
(c) Evaluation of audit risk and the effect on the overall audit strategy
Students who studied the relevant study material, that is, the tutorial letter and
prescribed texts, did very well in this part of the question and obtained
maximum marks.
Some student raised the fact that the engagement letter was not signed by
the engagement partner as a concern. This is not a concern, as the
engagement letter was still in draft format and had not been sent to the client.
General (a)
Some students discussed concerns relating to (a)(2) in (a)(1) and this
resulted in them losing marks as they were not adhering to the "required"
section.
Some students did not split section (a)(1) and (a)(2) of the "required" part in
their solutions. This resulted in 2 marks being deducted from the total marks
obtained by students. Correct and detailed numbering of answers is
extremely important when answering questions in tests and examinations, in
order to score maximum marks.
Some students just wrote the risk indicators down without describing the risks
themselves as they had been required to do.
Some students still confused risk at the overall financial statement level and
risk at the assertion level. Please refer to Tutorial Letter 102.
(f) Evaluation of audit risk and the effect on the overall audit strategy
Students who studied the relevant study material, that is, the tutorial letter and
prescribed texts, did very well in this part of the question and obtained
maximum marks.
There are students who were indecisive when they answered this part of the
question. These students stated that the assessed risk is moderate to high.
This does not earn you any mark. You should decide as to whether the risk is
high, moderate or low.
Most students just explained the definition of the assertion. For instance,
students wrote: Revenue – accuracy, there is a risk that revenue is not
accurate. This is incorrect, because you are not dealing with what was
required of you, using the given scenario.
General
It is clear that many students either did not study their tutorial letters thoroughly, or did not
work through enough questions to prepare for the test.
This test was very fair and you should really put more effort into the preparation for the
remaining three tests. Going forward, you will have to study more complex topics and
therefore you will find the tests more difficult if you don’t work harder.
(a) Audit risk of SANATACO and the SANATACO group at the overall financial statement
level
5. SANATACO gained control over two companies during the current financial year.
The AFS may be materially misstated, as IFRS 3 might not be properly accounted
for. (1)
The AFS may be materially misstated, as related-party transactions and
relationships might not be identified, accounted for and disclosed properly in terms
of IAS 24. (1)
7. Reliance on third parties: Subsidiaries will be audited by their respective audit firms for
the 2012 financial year end.
The AFS may be materially misstated, as the other audit firms might not be com-
petent and/or independent in performing the work required for audit evidence. (1)
Available 13
Maximum 10
(b) Risks of material misstatements relating to revenue on the sale of airline tickets
1. There is a risk that management might recognise fictitious sales in order to meet
shareholders' expectations because of the JSE listing/lack of integrity (occurrence). (1)
2. There is a risk that revenue on tickets sold in the current year to be used by the customer
in the following financial year might be recognised incorrectly in the current year (cut-off
and occurrence). (1)
3. There is a risk that revenue on tickets sold at a discount might be recognised inclusive of
the discount (accuracy). (1)
4. There is a risk that revenue is recognised at incorrect prices should the airline ticket price
master file not be updated with the most recent price list (accuracy). (1)
5. There is a risk that revenue might not be recognised net of VAT, airport taxes, insurance
and the administration fee (accuracy). (1)
6. There is a risk that revenue is not completely recognised, as the sale is captured by the
GoodBuy store cashier initially (completeness). (1)
7. There is a risk that tickets exchanged for vouchers might be recognised incorrectly as
revenue from airline ticket sales (accuracy). (1)
HJB
124
AUE4862/102
ZAU4862/102
NAU4862/102
9. There is a risk that revenue might not be presented correctly in the notes to the financial
statements, that is, service rendered (airline tickets and taxi fares) and sale of goods
(snacks and drinks) (presentation and disclosure). (1)
Available 9
Maximum 4
(c) The effect of the assessment of risks of material misstatements on the audit plan for
revenue
Nature
2. As a result, a combined audit approach will be followed, which will include (1)
2.1 testing of controls to assess the operating effectiveness and performance of
substantive procedures; and (1)
2.2 substantive procedures entailing tests of detail and analytical procedures. (1)
4. SANATACO appears to have controls in place; therefore, the combined audit approach
will be considered appropriate. (1)
6. Consider engaging the IT expert to test the internal controls surrounding the sales and
receipt cycle. (1)
Timing
1. Audit procedures (tests of controls and substantive procedure) will be performed during
interim audit and at and after year end. (1)
2. Early verification tests, such as vouching sales transaction from the accounting records to
invoices (test of detail) will be performed prior to year end and roll forward at year end. (1)
Extent
1. Increase the sample size of the items to be tested from the revenue account as follows:
(1)
a. More tests of controls will be performed with less substantive procedures. (1)
b. Substantive procedures will entail more analytical procedures with fewer tests of
detail. (1)
Presentation (1)
Available 15
Maximum 9
1. Occurrence
1.1 Access to the SANATACO airline ticket sales application should be restricted by
using a valid outlet number (or cashier unique username) and unique password. (1)
HJB
125
AUE4862/102
ZAU4862/102
NAU4862/102
1.2 Password controls: Passwords should not be obvious, be kept secret and changed
monthly, etc. (1)
1.3 Access to the computer must be restricted to the authorised cashier (access
tables). (1)
1.4 After three unsuccessful attempts to log on to the airline ticket sales application, the
computer should deny access. (1)
1.5 All unsuccessful attempts to log in must be logged and followed up by
management. (1)
1.6 At the GoodBuy stores, there should be limited number of PCs with the
function/application to sell tickets. (1)
1.7 Flight bookings by the outlets should be limited to the operating hours of the outlet.
(1)
1.8 An error message must be displayed on the screen where invalid travelling time,
departures or destination venues are provided, for instance. (1)
1.9 All the source documents (logs generated) should be pre-numbered to avoid
duplications. (1)
2. Accuracy
2.1 The following examples of edit checks must be performed:
2.1.1 Reasonableness test, to confirm that bookings are not made that exceeds
the capacity of the aircraft. (1)
2.1.2 Range/limit checks, to confirm that the ticket sales prices are within the
range of prices contained in the price master file. (1)
2.1.3 Sign checks, to confirm that prices not negative. (1)
2.1.4 Limited input fields, where cashiers can capture details and drop-down
menus. (1)
3. Computerised controls should be in place to ensure that the airline ticket sales take into
account VAT, airport taxes and travel insurance when invoicing clients. (1)
4. Changes to the airline tickets price masterfile should be authorised by the financial
director. (1)
5. Reconciliation between a daily schedule of the amount payable by the GoodBuy store
and the daily amount recorded in the general ledger. (1)
Presentation (1)
Maximum 11
Available 16
MARKERS’ COMMENTS
PART (a)
This part of the question required students to describe significant audit risk at the overall
financial statement level.
Most students listed the risk indicator without describing the risk. For instance,
students wrote, "There is a risk relating to the new client". This is inadequate, as the
correct description of the risk is that opening balances might be incorrect because we
were not the auditors in the prior year and management did not adjust the
misstatements, identified by the previous auditors, above materiality.
Some students’ descriptions of the risks were incorrect. For instance, students wrote,
"There is risk with opening balances". The wording of this type of risk description is
not correct, and it should have read as follows: The AFS might be materially
misstated, as there might be errors in the opening balances.
HJB
126
AUE4862/102
ZAU4862/102
NAU4862/102
We have included a table in Tutorial Letter 102 on how to describe risk correctly. We
recommend that you study this table in detail.
Some students seem to have crammed similar questions in the tutorial letter and
performed a “memory dump” of the information in their solutions. For instance,
students identified a tight audit deadline as a risk and described the risk accordingly.
This is incorrect, as the scenario did not make any reference to a tight audit deadline.
PART (b)
This part of the question related to the risk of material misstatement at the assertion level
for revenue.
Most students merely turned the assertion into a risk without applying it to the
scenario. For instance, some students wrote, "There is a risk that revenue did not
occur (occurrence)". This is a generic statement without application. We suggest that
you revisit the suggested solution in this regard to see how risk at the assertion level
should be described.
Most students did not provide enough points for the available marks. It appears that
students were not able to identify all the risks as provided for in the scenario. We
recommend that you do more questions on risk at the assertion level to master the
technique. You will note that for you to provide the risk, you will need the information
we have provided in the scenario.
PART (c)
This part of the question related to the audit plan for the revenue account.
Most students did a “memory dump” in this instance as well, without application to
the scenario given.
Some students appear to not have understood the required. Please revisit this part of
the question and see how you were supposed to answer it.
PART (d)
This part of the question required you to describe the controls to ensure occurrence and
accuracy of revenue relating to tickets sales.
Most students confused this part of the "required" section with tests of controls. Tests
of controls are audit procedures. In this question, you were required to describe the
controls without testing them.
Most students still seem unsure about controls that deal with specific audit objectives.
Sequential numbering of source documents does not confirm occurrence but
completeness. The pre-numbering of documents, however, ensures that there is no
duplication and confirms occurrence. If you battle with this distinction, please contact
us.
For accuracy, students listed the edit checks without giving examples relating to the
scenario. This resulted in students losing easy marks.
Please revisit the suggested solution to see how you could have better answered this
question.
HJB
127
AUE4862/102
ZAU4862/102
NAU4862/102
2.1 The AFS may be materially misstated, as Cottonworth might not comply with stringent
JSE Ltd regulations. (1)
2.2 The AFS may be materially misstated, as Cottonworth operates in other countries, and
non-compliance with the applicable rules and regulations of these countries might result
in a loss of customers/market share, affecting the going concern principle of the
company. (1)
2.3 The AFS may be materially misstated, as the related-party transactions might not be
accounted for at arm’s length. (1)
2.4 The AFS might be materially misstated, as the control environment might not be
consistent and operating effectively in all the regions and countries in which Cottonworth
operates. (1)
2.5 The AFS of FRD might be materially misstated, as we have to rely on the work of other
auditors who might not be independent and/or competent. (1)
2.6 The group AFS may be materially misstated, as the consolidation working might contain
errors due to the following:
2.6.1 intergroup transactions not being eliminated; (1)
2.6.2 FRD financial statements not properly translated; and (1)
2.6.3 group companies applying different accounting policies. (1)
2.7 The group AFS may be materially misstated, as the related-party relationships and
transactions might not be disclosed. (1)
Available 9
Maximum 7
2. Risks of material misstatement at the assertion level for the year ended
28 February 2013
2.1.8 There is a risk that the provision for onerous lease commitments is recognised
incorrectly, as the provision might not meet the requirements of a provision in
terms of IAS 37 (occurrence). (1)
2.2 Inventories
2.2.1 There is a risk that the value of inventory includes merchandise that does not
exist (existence). CPL merchandise is susceptible to theft. (1)
2.2.2 There is a risk that not all the inventory is accounted for, given the high volume of
transactions (completeness) (1)
2.2.3 There is a risk that the inventories purchased from foreign suppliers are not
translated at the correct rate (valuation). (1)
2.2.4 There is a risk that the inventory purchased FOB is still at sea at year end and
might not be included in the year-end balance of the inventory (rights and
obligation, completeness). (1)
2.2.5 There is a risk that the cost of food products is not determined correctly, given
that standard costing is complex to account for (valuation). (1)
2.2.6 There is a risk that the allowance for writing down inventory is calculated
incorrectly, given the different product types (valuation). (1)
2.2.7 There is a risk that not all costs for inventories purchased from foreign suppliers
are included (e.g. import duties, transport and insurance). (1)
2.2.8 There is a risk that the value of raw materials is incorrect, as the determination of
work in progress involves a complex calculation (valuation) (1)
2.2.9 There is a risk that inventory is not valued at the lower of cost or net releasable
value (valuation). (1)
MARKERS’ COMMENTS
General comments
It was evident that some students did not study enough for this test. Studying for
Auditing implies working out questions under examination conditions and spending
time in marking your own work.
Most students failed to interpret the requirement correctly, resulting in a loss of easy
marks.
Some students demonstrated poor time management, as they did not attempt to
answer all parts of the "required" section.
In order to be successful in Auditing at CTA level, you will need to manage your
time well and attempt answering all parts of the "required" section. Time
management is a skill you will acquire gradually when you attempt answering all
the questions included in the tutorial letter under examination conditions.
HJB
129
AUE4862/102
ZAU4862/102
NAU4862/102
Most students wrote generic answers and did not apply the theory to the scenario
given.
At CTA level, you will not be awarded a mark for memory dumping. At CTA level,
you are being assessed on your competence to apply the theory you have learnt
to different situations.
Requirement 1
This part of the "required" section dealt with risks of material misstatement at the
overall financial statement level. Most students did very well in this part of the
requirement and the risks were discussed properly.
However, some students did not understand the difference between risks of material
misstatement at the overall financial statement level and at the assertion level.
The distinction between risks of material misstatement at the overall financial
statement level and at the assertion level is explained in Tutorial Letter 102.
Students who battle with this distinction need to revisit the tutorial letter.
Most students mentioned the risk relating to the integrity of management. There is
nothing in the scenario that suggests that management’s integrity is questionable. In
fact, the integrity of the auditor is questionable and not that of management.
Requirement 2
This part of the "required" section dealt with risk at the assertion level. Most students
battled to generate enough points to earn marks for this part of the requirement.
Some students discussed the risk relating to presentation and disclosure, although the
requirement was specific that students should not discuss this risk.
The majority of students listed the assertion, that is, there is a risk that inventory is not
valued correctly. Students listed this statement without giving the reason. This
resulted in no marks being awarded to them. Students would have earned a mark if
they correctly stated that there is a risk that inventory is not valued correctly due to
foreign exchange rates.
1. Weaknesses and the potential business risks of each weakness relating to the ordering
of goods
HJB
130
AUE4862/102
ZAU4862/102
NAU4862/102
HJB
131
AUE4862/102
ZAU4862/102
NAU4862/102
All the retail stores’ goods receiving departments and warehouses should be physically
secured and access controlled, for example by obtaining/doing the following: (1)
security cameras;
locked warehouses; and
security guards. (Max 2)
Delivery truck drivers should sign an access register (detailing the name of the supplier,
date of delivery, etc.) at the entrance gate upon arriving and leaving. (1)
A goods receiving clerk should always be available to receive goods (possible time
tables). (1)
The goods receiving clerk taking receipt of the delivered goods should
ensure that the quality and nature/description of the goods received correspond
with the information on the supplier’s delivery note; (1)
ensure that the goods delivered are in good condition (e.g. no items are broken); (1)
reject all incorrect deliveries (i.e. should not take receipt of incorrect goods) and
make a note thereof; (1)
take receipt of goods, even though the quantity may be short delivered, but make a
note of the actual quantity received on the delivery note; (1)
ensure that the delivery truck driver signs both copies of the delivery note including
all rejected items, short deliveries, etc.; (1)
sign both copies of the supplier’s delivery notes as acknowledgement of verifying
the quantity, quality and description of the goods received; (1)
prepare a sequentially numbered goods received note and only enter the quantity
and description of the items actually accepted; (1)
sign the goods received note; (1)
reconcile the delivery note/goods received note with the order confirmation
document received from the order clerks (in terms of quantity and description of
goods ordered vs goods actually received); (1)
ensure that two people are present to receive each delivery/check each
other/counter sign delivery notes and goods received notes; and (1)
HJB
132
AUE4862/102
ZAU4862/102
NAU4862/102
on transfer of the goods from the goods receiving area to the warehouse, follow the
following procedure:
the goods receiving clerk should sign the goods out on the goods received
note that accompanies the goods to the warehouse; and (1)
on receipt of the goods at the warehouse, the warehouse foreman should
check the actual quantity of goods to the goods received note and sign it as
proof of receipt. (1)
Available 17
Maximum 10
MARKERS’ COMMENTS
1. Weakness and the potential business risks of each weakness relating to the
ordering of goods
Weaknesses and risks were specifically addressed in Tutorial Letter 102 under
examination technique: internal control related questions. Specifically, the
difference between a weakness and a risk was described with examples of
both. In Tutorial Letter 102, the following was highlighted:
Weakness: Here, you merely state
whether an existing control is being performed incorrectly, and/or
if a key control (relevant to the scenario) is not being performed at all.
Risk: The risk is the potential consequence of the weakness mentioned
above. This is normally what management and we as the auditors
are concerned about, as the risk usually relates to the impact on
the financial statements and/or the financial/reputational impact
on the client’s business.
Students generally struggled with identifying weaknesses:
Some students wrote very long paragraphs on what the weakness is, but
never managed to actually identify the weakness. Be careful of
overemphasising a specific point.
One-word answers are not sufficient for describing the weakness.
Some students wrote things such as “Standard procedures manual” as the
weakness. This is NOT a weakness! You need to specifically say that only
7 of the 15 retail stores are aware of this manual and that there appears to
be a weak control environment due to this (management have a poor
attitude towards internal control).
The weaknesses did not always correspond to the risk described.
Students wrote sentences from the scenario without explaining what the
weakness is. For example: “A predetermined mark-up percentage is added
to the purchase price of an item”. No marks were given for this, as this is
again NOT a weakness. The weakness is that these percentages were last
updated in 2008.
HJB
133
AUE4862/102
ZAU4862/102
NAU4862/102
This part is basically pure theory on the acquisition and payments cycle.
Many students spent too much time of their allocated time for part 1 and
therefore did not have sufficient time left for parts 2 and 3.
PART 1
1. Save-a-Rhino has to comply with the Electronic Communications and Transactions Act
(designed to protect consumers). Should it not comply with this Act, it could face potential
lawsuits and incur liabilities. (1)
3. Personal information and banking details completed by the donor might be invalid, in-
accurate or incomplete, which could result in donor dissatisfaction and possible lost
donations. (1)
4. Potential donors could be lost if Save-a-Rhino does not look like a legitimate business with a
legitimate website. Should potential donors not feel comfortable with the website and have
concerns that their donations will not be used in a legitimate manner, they may not make
donations. (2)
5. Unavailability of the Save-a-Rhino website could lead to lost donations and might damage
Save-a-Rhino’s reputation. (1)
6. There is a possibility of user repudiation (donor denying having made donations) or the donor
claiming to have made donations when he/she did not. Inadequate audit trails could make it
difficult for Save-a-Rhino to defend itself against these claims. (2)
Available 12
Maximum 10
HJB
134
AUE4862/102
ZAU4862/102
NAU4862/102
PART 2
2. Screen dialogue and prompts. For example, there could be a prompt to confirm that the
donor wants to donate that specific amount before the donation is registered (“Are you sure?”).
(1)
3. Mandatory fields and missing data checks. Completion of the donation process will not be
allowed unless all mandatory fields (e.g. donation amount) have been completed. Screen
prompts should be given when certain fields are missing. (1)
4. Alpha-numeric checks. If certain fields are incorrectly completed (e.g. numeric fields such as
the donation amount entered as alphabetic or alpha-numeric fields such as surname entered
as numeric), there should be a prompt on the website making the donor aware of this and that
it should be corrected. This check is in place to either prevent or detect these errors. (1)
5. Limit checks. Donations on the website are restricted to R10 million. Limit checks should
detect donation amounts exceeding this limit. (1)
6. Size checks. Certain fields should contain size checks to detect when the field does not
conform to pre-set size limits (e.g. the surname may have a size limit of 20 characters). (1)
7. Sign checks. Certain fields should only contain either a positive or a negative value (e.g. a
donation may only have a positive rand value.) (1)
8. A help function should be available on the website to guide donors when they encounter
certain problems. (1)
Available 8
Maximum 5
(b) 1. Risks and key controls for trading via the internet
1 mark for table format
Risk Key control measure
Loss of information or modification to user data Data encryption techniques and edit checks should
may occur during transaction processing, be employed. (1)
because messages and information can be Secure socket layer (1)
modified during transmission. (1)
Paparazzi may be liable for damages if its Encryption of data and limited access to information
subscribers suffer losses due to confidential by users should be maintained. (1)
information being made available across the Contracts as well as disclaimers on the website
internet or security being compromised. (1) should state the limitation of liability. (1)
Secure socket layer (1)
By connecting to the internet, Paparazzi Authentication tests for users (including the use of
creates a channel or link which could facilitate digital certification) should be built into the hardware
unauthorised access to the system. (1) and software. (1)
Hackers may impersonate legitimate users and Password policy (1)
create unauthorised transactions. (1)
HJB
135
AUE4862/102
ZAU4862/102
NAU4862/102
1. Validity of orders
For subscriptions
Obtain personal details about the subscribers over the internet, for example,
identity numbers and credit card numbers which can be authenticated. (1)
Provide the subscribers with a PIN/password which they must use when they
log in to the website to identify and authenticate the subscribers. (1)
Supplement the above by a /response procedure or one-time password. (1)
Restrict the method of payment to valid credit card holders only. For example,
the system should, by using accepted algorithms, confirm with the bank that
the account is current and that the credit card is not stolen or fraudulent prior
to any delivery taking place. (2)
2. Completeness of transactions
The inclusion and enabling of transport layer security techniques are essential, for
example secure socket layer or network transmission protocol, which (1)
encrypts sensitive data; (1)
implements checking to ensure data integrity and completeness; (1)
confirms the subscription/order by displaying it back to the subscribers/retailer
from the sales system for final acceptance (which requires a button click); (1)
could also be done by e-mail confirmation; (1)
produces transaction logs and transmission logs; (1)
are kept and reviewed by an appropriate person to ensure all transactions
sent were received; (1)
produces error logs in case of transmission errors, and reviews these by an
appropriate person; (1)
automatically allocates a designated number to the subscription/order in
sequence; (1)
performs sequence checks on subscription/orders and prints exception
reports which are reviewed by management; and (1)
performs missing data checks. (1)
HJB
137
AUE4862/102
ZAU4862/102
NAU4862/102
MARKERS’ COMMENTS
This part of the question dealt with risks and controls for trading over the internet.
As is always the case with students who struggle with risk-type questions, the risks
were poorly worded. Many students also discussed generic risks here (e.g. delivery
note not signed, goods dispatched not invoiced, etc) and not risks only relating to
internet trading.
Some students failed to identify the proper measure to implement. For example,
students wrote that proper security measures should be implemented, but they did not
mention that data should be encrypted.
Students included many of the factors that were asked in part d (2) in this subsection
of the question.
However, some students did fairly well in this part of the question.
This part of the question dealt with application controls on trading over the internet.
General application controls were also mentioned by students without relating them to
the scenario given.
Several factors that were asked in part d (1) of the question were included in the
answers students supplied to this subsection of the question.
Students did not write much in this subsection, even though it accounted for quite a
substantial portion of the marks for part d.
1. Discuss the risks of material misstatement at the overall financial statement level as well
as the risk of the recognition of revenue at the assertion level for ERS for the year ended
28 February 2014.
HJB
138
AUE4862/102
ZAU4862/102
NAU4862/102
The AFS may be materially misstated, as the company might not comply with the JSE
Ltd regulations, resulting in the delisting of the company and affecting the going
concern of the company. (1)
Increased clientele
The going concern risk is decreased because the clientele of ERS has increased due to
the fuel price increases. (1)
The new website and internet sales system hold the risk of
loss of data; (1)
continuity problems if the system does not function effectively; (1)
risk of unauthorised access if firewalls are not effective; (1)
risk of errors if staff are not properly trained; and (1)
changes in technology. (1)
The facts above could increase the risk of the company not being able to operate at full
capacity, which will affect the going concern assumption, which in turn, would lead to the
AFS being materially misstated.
There is a risk that revenue is recognised before commuters travel since revenue is
recognised when payment is made instead of at the journey date.(occurrence). (1)
There is a risk that revenue is recognised in the wrong period because the travel dates
are spread over the year end (e.g. weekly coupon) (cut-off). (1)
There is a risk that sales might not be accurately accounted for as a result of station
levies and discount not properly accounted for as well as paid over to the respective
parties (accuracy). (1)
There is a risk that not all ticket sales or commuters are accounted for due to possible
inefficiencies in the system, for example system down-time (completeness). (1)
HJB
139
AUE4862/102
ZAU4862/102
NAU4862/102
There is a risk that revenue on adults accompanying minors below the age of 12 is
recognised at normal prices instead of at a fee less than 50% of the normal fare
(accuracy). (1)
Available 20
Maximum 12
Memorandum:
To: Mr DJ Wolf
From: You
Date: Date of test
Subject: Specific application controls that should be in place to deal with the accuracy
and completeness of the internet reservation system at ERS
There must be drop-down menus for the following fields to limit data entry errors/limited
keying of information: (1)
Destinations
o One-way/return/weekly/monthly coupons
o Dates (providing a calendar)
o Times Max (1)
Error messages should pop up when the customer has input information incorrectly or
incompletely. This may also be in the form of screen dialogue and prompts. (1)
Prices must be retrieved automatically from the price masterfile and displayed on the
screen with no customer access to the price field, that is, a verification check. (1)
HJB
140
AUE4862/102
ZAU4862/102
NAU4862/102
A summary of the fare details and selections made as well as the full pricing calculation,
including discounts and station levies, should be displayed on the screen as a final
quotation so that the customer may check it for correctness. (1)
All bookings should be allocated a sequence number to identify missing bookings. (1)
Preventive
EFT payment vouchers should be sequenced checked and verified against supporting
documentation, before being authorised. (1)
In this case, a report should be generated by the system of passengers checked in and
out at the different stations, and these rates should be agreed to the rates received from
the Department of Transport. (1)
The financial manager should log on to the bank’s website, and an SMS should be sent
to his or her cell phone, but the password to access the facility to make EFTs should not
be known to him or her. (1)
Another senior employee, for example the financial director, should have a password and
must enter it. (Note: The financial manager’s profile should allow him to do other things
on the site, e.g. download bank statements.) (1)
User IDs, PINs and passwords should be subjected to sound password controls. (1)
The PIN and password should kept be strictly confidential and the financial manager
should not leave his cell phone about. (1)
A limit on the amount, which may be transferred in a single 24-hour period or in a single
EFT payment, should be agreed on with the bank. (1)
The terminal should shut down after three (3) unsuccessful attempts to access the bank
account/EFT facility. (1)
An arrangement may be made with the bank to transfer the money from the company’s
main bank account to another clearing account and then to transfer it to the Department
of Transport. (1)
Detective
Confirmation of all EFT payments sent by the bank should be printed, matched to the
EFT payment voucher, and attached to it. (1)
HJB
141
AUE4862/102
ZAU4862/102
NAU4862/102
The audit trial should be independently reviewed by a senior official and payments
randomly checked against source documentation. (1)
The cash book reconciliation should be carried out regularly, and by someone
independent of the payment process. (1)
Available 16
Maximum 8
Communication skills: Correct memo format (2)
3. Describe any weaknesses in the upgrade of the internet-based reservation system. Limit
your answers to the principles of corporate governance as contained in the King III
report.
Principle 5.1: The board should be responsible for IT governance and principle 5.3:
The board should delegate to management the responsibility for the
implementation of an IT governance framework. (1)
Application
Although the board is allowed to delegate its functions in terms of the governance of IT, it
seems that the financial manager has taken full responsibility for the implementation of
the upgrades to the booking system and not the board of the company. (1)
Principle 5.4: The board should monitor and evaluate significant IT investments
and expenditure. (1)
Application
By giving an open cheque book to the financial manager and only expecting a report after
the implementation of a project, the board will not be able to monitor the significant
expenditure on the upgrade of IT systems. (1)
Principle 5.5: IT should form an integral part of the company’s risk management.(1)
Application
Further to the evidence provided above, risk will not be managed if all authority is given
to a member of management and no monitoring of progress is made on a continuous
basis. (1)
Available 6
Maximum 4
MARKERS’ COMMENTS
Part 1
Students displayed poor examination technique by NOT differentiating between the risk at
the overall financial statement level and the risk at the assertion level.
Students still tended to include risks at assertion level under the risk at the overall financial
statement level. Remember to ask yourself the question of whether the risk you have
identified affects one or a few balances/transactions? If the answer is YES, you are dealing
with a risk at the assertion level.
Students struggle to link the identified risks to the information in the scenario.
HJB
142
AUE4862/102
ZAU4862/102
NAU4862/102
Some students were not able to identify all the risks from the scenario. Some obvious risks
were not identified, for example “new client – risk of opening balances misstated”.
Part 2
The majority of students presented their answers in the format of a memorandum, but
unfortunately, some students lost easy marks by not doing so.
In many cases, students listed the objective of the control: “A control should be in place
that ensures…” but they failed to describe the actual control adequately.
Some obvious controls were not identified, for example the list of edit checks, which
indicates a lack of theoretical knowledge.
Part 3
Poor examination technique: It is always advisable that a candidate indicates the principle
from King III and then the application to the scenario.
Not all issues identified from the open-book text – indicates a lack of preparation
(answering questions under examination conditions).
QUESTION 9
1. Describe the risks of material misstatement at the overall financial statement level for
Dynamic Food Limited evident from the information provided in the scenario.
2. The annual financial statements of Dynamic might be misstated, as the company might
not be in compliance with the JSE Ltd requirements, resulting in possible delisting of the
company, which could affect the going concern. (1)
3. There is non-compliance with KING III regarding the composition of the board and the
audit committee, as Mr Rupert and Mr Matsimela are chairman of the board and the audit
committee, respectively, but they are not independent. Management’s integrity is
questionable, which increases the risk of fraudulent financial reporting at a management
level. (1)
HJB
143
AUE4862/102
ZAU4862/102
NAU4862/102
7. The directors own 20% of the company’s shares. The directors of Dynamic have an
incentive to engage in fraudulent financial reporting in order to overstate the net asset
value and profits. (1)
8. The directors receive bonuses based on financial results. The directors of Dynamic have
an incentive to engage in fraudulent financial reporting in order to overstate the net asset
value and profits. (1)
9. Complex accounting requirements increase the risk that errors may occur in the financial
statements due to, for example, IAS 2 – Inventory, IAS 21 – Foreign exchange and IAS
39 – Hedging. (1)
10. The company’s net profit has decreased and losses are anticipated for the year under
review, which increases the risk of fraudulent financial reporting (a potential
overstatement of assets and understatement of liabilities). (1)
11. The company’s net profit has decreased and losses are anticipated for the year under
review, which indicates that the going concern basis may be inappropriate for the
preparation of the annual financial statements. (1)
2. Describe the risks at assertion level relating to the existence and valuation of inventory
for Dynamic Foods Limited.
(Note to markers: It was not required from the students to present their answer per assertion.)
There is a risk that the inventory included in the annual financial statements might not exist
due to the following:
1. Inventories are distributed from warehouses around the country and it could therefore be
double counted. (1)
HJB
144
AUE4862/102
ZAU4862/102
NAU4862/102
2. Inventories are out on consignment. Inventory could be double counted or sold inventory
could still be included in the balance. (1)
3. Some inventory is imported from overseas and is purchased free on board; this might
result in problems in identifying when ownership has passed (also rights and obligations).
(1)
4. The company discards all unused or unsold food products after their expiry date, and
some of these discarded inventory items might still be included in the inventory balance
at year end. (1)
There is a risk that inventory included in the annual financial statements might be valued
incorrectly due to the following:
5. The importation of raw materials might not be converted at the correct spot rate at year
end. (1)
6. The appropriate accounting for all costs to get inventory into the country also presents a
problem, that is, transport, insurance and import duty costs. (1)
7. As the company is a manufacturer, there are risks relating to misallocating all costs of
manufacture to finished products. (1)
8. The inappropriate treatment of transportation costs between Centurion, where the goods
are manufactured, and the warehousing facilities elsewhere. (1)
9. The company produces food items with 12-month expiry dates; thus, inventory may not
be recorded at the lower of cost and net realisable value. (1)
10. The profit or loss on the forward exchange contract may be incorrectly accounted for,
resulting in an incorrect valuation of inventory. (1)
11. The valuation calculation may possibly be complex due to the extensive (200) product
range. (1)
12. There is a risk that inventory might not be recorded net of VAT and discount. (1)
There is a risk that inventory included in the annual financial statements might not exist or be
valued incorrectly due to the following:
13. The conversion to the new purchases system may result in errors in the inventory
balance. (1)
14. There is an increased risk of food obsolescence because of the reduced inventory
turnover, new competitors, and increase in customer complaints. (1)
Available 14
Maximum 8
HJB
145
AUE4862/102
ZAU4862/102
NAU4862/102
3. Discuss the reasons why you have decided on a combined audit approach for the audit
of inventory. Also, discuss the timing and extent of the planned audit procedures for
inventory.
General
By deciding on a combined approach, I would include the use of tests of controls and
substantive procedures. (1)
Test of controls
I would want to test (necessity) the controls in the new integrated applications because of the
following:
The new system is highly complex; therefore, it is not possible to perform substantive
procedures only (ISA 315, par A141 and ISA 330, par A24). (1)
It is a highly automated system and therefore I would want to test the system to obtain an
understanding thereof (ISA 315, par 30). (1)
Changes in the controls were caused by the replacement of the system at the beginning
of the financial year (ISA 330, par 14(a)). (1)
There is a going-paperless initiative which minimises the use of hard copy documents
(ISA 315, par A141). (1)
We, as external auditors, were not involved in testing the conversion process. (1)
the report from the internal audit department states that the controls can be relied upon.
(1)
Mr Rupert requested us to give feedback on the controls, and therefore, I could provide
Mr Rupert with value-added comments; (1)
If the controls are tested in the current financial year and it is concluded that we can rely
on it, it might decrease our audit work in the following financial year. (1)
Substantive procedures
This is a manufacturing company and inventory is a material amount. The more material,
the larger the extent of testing. (1)
HJB
146
AUE4862/102
ZAU4862/102
NAU4862/102
The extent of testing of computerised controls will not increase because of the
consistency in the performance of the automated controls (ISA 330, par A29). (1)
As the controls can be relied upon, as according to the internal auditor’s report, the
reliance on analytical procedures will be increased. (1)
As controls can be relied upon, as according to the internal audit report, test of details will
be decreased. (1)
Tests of controls will be performed at year end, for example controls over the physical
inventory count, as well as for the whole period under review. (2)
The substantive tests of detail will be performed at year end, for example stock count. (1)
4. Describe the application controls that you would expect to be present in the new
proposed computerised time recording and payroll application to ensure that the hours
worked, as recorded in the payroll, are complete, accurate and valid.
(Note to marker: Please remember that application controls are manual and automated
controls – ISA 315, par A105.)
1. Employees’ iris scan should be removed from the employee master file upon termination
of their employment (validity). (1)
2. The entry and exit point to the manufacturing plant should be limited to preferably one
(validity). (1)
3. The entry and exit point to the manufacturing plant should be supervised by the
supervisor during entry and exit times (validity). (1)
4. Upon scanning of the iris, a validity check should be performed to ensure that the iris
print matches the iris print stored on the employee master file (permanent data). (1)
If not, a red light should be lit and the employee should be required to scan his iris
again/turnstile should not open. (1)
Should the problem persist, the supervisor should investigate and resolve the
problem. (1)
5. Total hours worked should automatically be split between normal and overtime hours
(accuracy). (1)
6. The need to work overtime should be authorised by the supervisor before overtime is
worked (validity). (1)
HJB
147
AUE4862/102
ZAU4862/102
NAU4862/102
8. The weekly log of overtime worked should be authorised by the supervisor before
processing of the payroll. (This log should be inspected for hours in excess of the normal
hours and high overtime hours as well as low normal hours.) (validity) (1)
9. Exception reports should be generated reflecting abnormal items such as (all assertions)
hours more than a set limit for normal and overtime worked (as a
result of a limit check or reasonability check performed by the
program); (1)
staff with hours worked but who did not scan in; (1) (Max 3)
staff who clocked/scanned in but did not scan out, and vice versa; (1)
staff with no hours worked; and (1)
absent employees, late arrivals, or unexplained exits from the workplace. (1)
10. These reports should be distributed to supervisors for investigation, review and approval
before actual processing of the payroll (all assertions). (1)
11. The payroll clerk should gain access to the application by using a valid user ID and
password (occurrence and authorisation). (1)
12. The payroll clerk should not have write access to the permanent data and the hours
worked (should not be able to change this data) (all assertions). (1)
13. Reconciliations should be performed between the hours worked from one week to the
next. The financial (or operations) manager should review these reconciliations on a
weekly basis. (1)
MARKERS’ COMMENTS
Part (a)
Describe the risks of material misstatement at the overall financial statement level for
Dynamic Food Limited, which are evident from the information provided
Students performed well in this part of the question. Some students only identified the
indicator from the scenario and did not relate it to its effect on the financial statements.
Please remember that you have to link the indicator to the risk of material misstatement at
the overall financial statement level. Material misstatement may be due to fraud or error. It
is therefore important that you should link your indicator to either fraudulent financial
reporting or error.
HJB
148
AUE4862/102
ZAU4862/102
NAU4862/102
Part (b)
Describe the risks at assertion level relating to the existence and valuation of inventory for
Dynamic Food Limited.
Students performed well in this part of the question. However, some of the students did not
limit the risks to only the existence and valuation of inventory. This has caused them to
waste valuable time.
Part (c)
Discuss the reasons why you would have decided on a combined audit approach for the
audit of inventory. Also, discuss the timing and extent of the planned audit procedures for
inventory.
Students did not perform well in this part of the question. Most students did not write
enough to obtain the maximum marks. Please work through the solution, especially the
references (as indicated on the memorandum) to ISA 330. Students only focused on
whether the controls are functioning as intended or not. There are, however, more things
that the auditor should consider when deciding on an appropriate audit approach than only
the functioning of the controls.
Students did not receive the maximum marks with regard to the timing and extent of the
audit procedures. Please note that when the auditor is performing a combined approach,
the auditor should consider the timing and extent of test of controls, tests of details and
substantive analytical procedures separately.
Part (d)
Describe the application controls that you would expect to be present in the new, proposed
computerised time recording and payroll application to ensure that the hours worked, as
recorded in the payroll, are complete, accurate and valid.
Students did not perform well in this part of the question. Students only discussed
computerised controls. Please remember that application controls are manual as well as
automated procedures in terms of ISA 315, paragraph A105. Students who did discuss
the manual controls performed well. Please attempt this question again in your preparation
for the examinations.
HJB