AUDIT IMPORTANT QUESTION ANSWERS

Chapter 1 : Audit Framework and Regulations

1. Def of assurance engagement letter and its elements.

 A: An assurance engagement is one in which a practitioner expresses a conclusion designed to enhance
the degree of confidence of the intended users other than the responsible party about the outcome of the
evaluation or measurement of a subject matter against criteria. The outcome of the evaluation or
measurement of a subject matter is the information that results from applying the criteria.

Intended users are the person, persons or class of persons for whom the practitioner prepares the
assurance report.

The responsible party can be one of the intended users, but not the only one

 Elements of an assurance engagement

[ANWER IN NOTES - ASSURANCE AGREEMENT ELEMENTS]

2. Ethical requirements under ISA 200

[ANSWER IN NOTES]

3. Audit committee and its functions

A: An audit committee can help a company maintain objectivity with regard to financial reporting and the
audit of financial statements.An audit committee is a sub-committee of the board of directors, usually
containing a number of non- executive directors. The role and function of the audit committee is
described by the Cadbury report, which sets out the following advantages of having an audit committee.

Role and function of audit committees:

i. Improve the quality of financial reporting, by reviewing the financial statements on behalf of the
Board
ii. Create a climate of discipline and control which will reduce the opportunity for fraud
iii. Enable the non-executive directors to contribute an independent judgement and play a positive role
iv. Help the finance director, by providing a forum in which he can raise issues of concern, and which
he can use to get things done which might otherwise be difficult

1
v. Strengthen the position of the external auditor, by providing a channel of communication and
forum for issues of concern
vi. Provide a framework within which the external auditor can assert his independence in the event of
a dispute with management
vii. Strengthen the position of the internal audit function, by providing a greater degree of
independence from management
viii. Increase public confidence in the credibility and objectivity of financial statements
One of the principles of the Combined Code is that the board should establish formal and transparent
arrangements for considering how it should apply the financial reporting and internal control principles for

4. Def of audit and objectives of auditor

A: [DEF IN NOTES]
Objectives:-

5. Threats to independence
A: [ANSWER IN NOTES… FOR 5m explain any 1 threat… if for 7m then explain everything]

6. CG Def and OECD principles on CG.

A: Corporate governance refers to the system of rules, practices and processes by which a company
is directed and controlled. Good corporate governance is important because the owners of a company
and the people who manage the company are not always the same.

The OECD Principles of Corporate Governance set out the rights of shareholders, the importance of
disclosure and transparency and the responsibilities of the board of directors.
OECD Principles of Corporate Governance :-
I. The corporate governance framework should promote transparent and efficient markets, be
consistent with the rule of law and clearly articulate the division of responsibilities among different
supervisory, regulatory and enforcement authorities.
II. The corporate governance framework should protect shareholders' rights.
III. The corporate governance framework should ensure the equitable treatment of all shareholders,
including minority and foreign shareholders. All shareholders should have the opportunity to obtain
effective redress for violation of their rights.
IV. The corporate governance framework should recognise the rights of stakeholders established by
law or through mutual agreements and encourage active co-operation between corporations and

2
 stakeholders in creating wealth, jobs and the sustainability of financially sound enterprises.
V. The corporate governance framework should ensure that timely and accurate disclosure is made
on all material matters regarding the corporation, including the financial situation, performance,
ownership, and governance of the company.
VI. The corporate governance framework should ensure the strategic guidance of the company, the
effective monitoring of management by the board, and the board's accountability to the company
and the shareholders.

7. Rights and duties of auditor

A: RIGHTS
A right of access at all times to the books, accounts and vouchers of
Access to records
the company (in whatever form they are held)
A right to require from the company's officers such information and
Information and explanations explanations as they think necessary for the performance of their
duties as auditors
A right to attend any general meetings of the company and to receive
Attendance at/notices of
all notices of and other communications relating to such meetings
general meetings
which any member of the company is entitled to receive
Attendance at/notices of A right to be heard at general meetings which they attend on any part
general meetings of the business that concerns them as auditors
Rights in relation to written
A right to receive a copy of any written resolution proposed
resolutions

DUTIES
Whether the financial statements have been prepared in accordance with the
Compliance with legislation
relevant legislation
Whether the balance sheet shows a true and fair view of the company's
Truth and fairness of
affairs at the end of the period and the profit and loss account (and cash flow
accounts
statement) show a true and fair view of the results for the period
Adequate accounting records Whether adequate accounting records have been kept and returns adequate
and returns for the audit received from branches not visited by the auditor
Agreement of accounts to Whether the accounts are in agreement with the accounting records and
records returns
Consistency of other Whether the information in the directors' report is consistent with the
information financial statements
Directors' benefits Whether disclosure of directors' benefits has been made in accordance with
3
 the Companies Act 2006

8. Inherent limitations of audit.

A: [ANSWER IN NOTES]

9. Statutory v/s Internal audit

[ SAME AS EXTERNAL AND INTERNAL AUDIT]

10. Eligibility, qualification, disqualification, appointment, removal and resignation of auditor

A: [ANSWER IN NOTES]

11. Pre conditions for audit

A: ISA 210 Agreeing the terms of audit engagements states that the objective of the auditor is to accept or
continue an audit engagement only when the basis on which it is to be carried out has been agreed by
establishing whether the preconditions for an audit are present and confirming that there is a common
understanding between the auditor and management of the terms of the engagement.

The preconditions for an audit are the use by management of an acceptable financial reporting framework in
the preparation of the financial statements and the agreement of management and, where appropriate, those
charged with governance to the premise on which an audit is conducted.

To determine whether the preconditions for an audit are present, the auditor shall do the following:

i. Determine whether the financial reporting framework is acceptable. Factors to consider include
the nature of the entity, the purpose of the financial statements, the nature of the financial
statements, and whether law or regulation prescribes the applicable financial reporting framework.
ii. Obtain management’s agreement that it acknowledges and understands its responsibilities for
the following.
– Preparing the financial statements in accordance with the applicable financial reporting
framework
– Internal control that is necessary to enable the preparation of financial statements which
are free from material misstatement
– Providing the auditor with access to all information of which management is aware that is relevant to
the preparation of the financial statements, with additional information that the auditor may request,
and with unrestricted access to entity staff from whom the auditor determines it necessary to obtain audit
evidence
4
If these preconditions are not present, the auditor shall discuss the matter with management. The auditor
shall not accept the audit engagement if:
a. The auditor has determined that the financial reporting framework to be applied is not acceptable.
b. Management’s agreement referred to above has not been obtained.

12. External v/s internal audit

A:
Internal audit External audit
Designed to add value and improve an An exercise to enable auditors to express
Objective
organization's operations. an opinion on the financial statements.
Reports to the board of directors, or other Reports to the shareholders or members
people charged with governance, such as of a company on the truth and fairness
Reporting the audit committee. Reports are private of the accounts. Audit report is publicly
and for the directors and management of available to the shareholders and other
the company. interested parties.
Work relates to the operations of the Work relates to the financial statements.
Scope
organisation.
Often employees of the organisation, Independent of the company and its
Relationship although sometimes the function is management. Usually appointed by the
outsourced. shareholders.
Strategic long term planning carried out, Planning carried out to achieve objective
to achieve objective of assignments, with regarding truth and fairness of financial
no materiality level being set. statements.

Some audits may be procedural, rather Materiality level set during planning
Planning and than risk-based. (may be amended during course of
collection of audit).
evidence Evidence mainly from interviewing staff
and inspecting documents (ie not External audit work is risk-based.
external).
Evidence collected using a variety of
procedures per ISAs to obtain sufficient
appropriate audit evidence.

Chapter 2 : Planning and Risk Assessment

5
1. Concept of Prof. Scepticism and prof. Judgement
 A: Professional Scepticism: Professional skepticism is an attitude that includes a questioning mind,
being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical
assessment of audit evidence

 Auditors must plan and perform an audit with an attitude of professional skepticism recognizing that
circumstances may exist that cause the financial statements to be materially misstated

 Professional skepticism refers to an attitude that includes a questioning mind, being alert to conditions
which may indicate possible misstatement due to error or fraud, and a critical assessment of audit
evidence.

 The auditor shall plan and perform an audit with professional scepticism recognizing that circumstances
may exist that cause the financial statements to be materially misstated.

This requires the auditor to be alert to:

􀁸 Audit evidence that contradicts other audit evidence obtained
􀁸 Information that brings into question the reliability of documents and responses to inquiries to be used as
audit evidence
􀁸 Conditions that may indicate possible fraud
􀁸 Circumstances that suggest the need for audit procedures in addition to those required by ISAs

Professional Judgement
 ISA 200 also requires the auditor to exercise professional judgement in planning and
performing an audit of financial statements. Professional judgement is required in the following
areas:

􀁸 Materiality and audit risk

􀁸 Nature, timing and extent of audit procedures
􀁸 Evaluation of whether sufficient appropriate audit evidence has been obtained
􀁸 Evaluating management’s judgments in applying the applicable financial reporting framework
􀁸 Drawing conclusions based on the audit evidence obtained

2. Components of overall audit risk

A: Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial

6
 statements are materially misstated. It is a function of the risk of material misstatement (inherent risk and
control risk) and the risk that the auditor will not detect such misstatement (detection risk).

Audit risk = Inherent risk u control risk u detection risk

1) Inherent risk : Inherent risk is the susceptibility of an assertion to a misstatement that could be material
individually or when aggregated with other misstatements, assuming there were no related internal
controls.
a. Inherent risk is the risk that items will be misstated due to the characteristics of those items, such as the
fact they are estimates or that they are important items in the accounts. The auditors must use their
professional judgement and all available knowledge to assess inherent risk. If no such information or
knowledge is available then the inherent risk is high.
b. Inherent risk is affected by the nature of the entity; for example, the industry it is in and the regulations
it falls under, and also the nature of the strategies it adopts.

2) Control risk : Control risk is the risk that a material misstatement that could occur in an assertion and
that could be material, individually or when aggregated with other misstatements, will not be prevented
or detected and corrected on a timely basis by the entity’s internal control.

3) Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an
acceptably low level will not detect a misstatement that exists and that could be material, individually or
when aggregated with other misstatements.
a. The third element of audit risk is detection risk. This is the component of audit risk that the auditors
have a degree of control over, because, if risk is too high to be tolerated, the auditors can carry out more
work to reduce this aspect of audit risk, and therefore audit risk as a whole. Sampling risk and non-
sampling risk are components of detection risk.

3. ISA 300, 315, 320, 330

A: ISA 300, Planning an Audit of Financial Statements
ISA 315 (Revised 2019), Identifying and Assessing the Risks of Material Misstatement
ISA 320, Materiality in Planning and Performing an Audit
ISA 330, The Auditor’s Responses to Assessed Risks

4. Concept of materiality and performance materiality

7
 Materiality for the financial statements as a whole and performance materiality must be calculated at the
planning stages of all audits. The calculation or estimation of materiality should be based on experience
and judgement. Materiality for the financial statements as a whole must be reviewed throughout the
audit and revised if necessary.
 Performance materiality is the amount or amounts set by the auditor at less than materiality for the
financial statements as a whole to reduce to an appropriately low level the probability that the aggregate
of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole.
 Performance materiality also refers to the amount or amounts set by the auditor at less than the
materiality level or levels for particular classes of transactions, account balances or disclosures.
 Determining materiality for the financial statements as a whole involves the exercise of professional
judgement
 Generally, a percentage is applied to a chosen benchmark as a starting point for determining materiality
for the financial statements as a whole.

The following factors may affect the identification of an appropriate benchmark:

􀁸 Elements of the financial statements (e.g. assets, liabilities, equity, revenue, expenses)
􀁸 Whether there are items on which users tend to focus
􀁸 Nature of the entity, industry and economic environment
􀁸 Entity’s ownership structure and financing
􀁸 Relative volatility of the benchmark

5. Steps for understanding entity and its environment… Why, What, how?
A:
– To identify and assess the risks of material misstatement in the financial statements
– To enable the auditor to design and perform further audit procedures
Why?
– To provide a frame of reference for exercising audit judgement, for example, when
setting audit materiality
What? – Industry, regulatory and other external factors, including the applicable financial
reporting framework
– Nature of the entity, including operations, ownership and governance, investments,
structure and financing
– Entity’s selection and application of accounting policies
– Objectives and strategies and related business risks that might cause material
misstatement in the financial statements
– Measurement and review of the entity's financial performance

8
 – Internal control
– Inquiries of management and others within the entity
– Analytical procedures
– Observation and inspection
– Prior period knowledge
How?
– Client acceptance or continuance process
– Discussion by the audit team of the susceptibility of the financial statements to material
misstatement
– Information from other engagements undertaken for the entity

HOW DO WE GAIN AN UNDERSTANDING?

ISA 315 sets out the methods that the auditor shall use to obtain the understanding A combination of these
procedures should be used.

􀁸 Inquiries of management and others within the entity

􀁸 Analytical procedures
􀁸 Observation and inspection
􀁸 ISA 315 also states the auditor shall consider whether information obtained from client acceptance or
continuance processes is relevant.

6. Assessing ROMM
A: When the auditor has obtained an understanding of the entity, he shall assess the risks of material
misstatement in the financial statements, also identifying significant risks.

Assessing ROMM :-
ISA 315 says that the auditor shall identify and assess the risks of material misstatement at the financial
statement level and at the assertion level for classes of transactions, account balances and disclosures.
It requires the auditor to take the following steps:
a. Identify risks throughout the process of obtaining an understanding of the entity and its
environment
b. Assess the identified risks, and evaluate whether they relate more pervasively to the financial
statements as a whole
c. Relate the risks to what can go wrong at the assertion level
d. Consider the likelihood of the risks causing a material misstatement

9
7. Concept of Significance risk.
A: Significant risks are complex or unusual transactions that may indicate fraud, or other special risks.
Significant risks are those that require special audit consideration.
As part of the risk assessment described above, the auditor shall determine whether any of the risks are
significant risks.

The following factors indicate that a risk might be significant:

i. Risk of fraud Its relationship with recent economic, accounting or other developments
ii. The degree of subjectivity in the financial information
iii. It is an unusual transaction
iv. It is a significant transaction with a related party
v. The complexity of the transaction

Routine, non-complex transactions are less likely to give rise to significant risk than unusual transactions
or matters of management judgement. This is because unusual transactions are likely to have more:
a. Management intervention
b. Complex accounting principles or calculations
c. Manual intervention
d. Opportunity for control procedures not to be followed

When the auditor identifies a significant risk, if he has not done so already, he shall obtain an understanding
of the entity’s controls relevant to that risk.

8. Responses to assessed ROMM at ABCD level

A: The ISA says that the auditor shall design and perform further audit procedures whose nature, timing and
extent are based on and are responsive to the assessed risks of material misstatement at the assertion level.
'Nature' refers to the purpose and the type of test that is carried out, which include tests of controls and
substantive tests.

Tests of controls
Tests of controls are audit procedures designed to evaluate the operating effectiveness of controls in
preventing, or detecting and correcting, material misstatements at the assertion level.

 When the auditor's risk assessment includes an expectation that controls are operating effectively, the
auditor shall design and perform tests of controls to obtain sufficient appropriate audit evidence that the

10
 controls were operating.
 The auditor shall also undertake tests of control when it will not be possible to obtain sufficient
appropriate audit evidence simply from substantive procedures. This might be the case if the entity
conducts its business using IT systems which do not produce documentation of transactions.
 In carrying out tests of control, auditors shall use inquiry, but shall also use other procedures. Re-
performance and inspection will often be helpful procedures.
 When considering timing in relation to tests of controls, the purpose of the test will be important. For
example, if the company carries out a year-end inventory count, controls over the inventory count can
only be tested at the year-end. Other controls will operate all year round, and the auditor may need to test
that those controls have been effective throughout the period.
 Some controls may have been tested in prior audits and the auditor may choose to rely on that evidence
of their effectiveness. If this is the case, the auditor shall obtain evidence about any changes since the
controls were last tested and shall test the controls if they have changed. In any case, controls shall be
tested for effectiveness at least once in every three audits.
 If the related risk has been designated a significant risk, the auditor shall not rely on testing done in
prior years, but shall perform testing in the current year.

Substantive procedures
Substantive procedures are audit procedures designed to detect material misstatements at the assertion level.
They consist of tests of details of classes of transactions, account balances and disclosures, and substantive
analytical procedures.

The auditor shall always carry out substantive procedures on material items. The ISA says that irrespective
of the assessed risk of material misstatement, the auditor shall design and perform substantive procedures for
each material class of transactions, account balance and disclosure.

In addition, the auditor shall carry out the following substantive procedures:
i. Agreeing or reconciling the financial statements to the underlying accounting records
ii. Examining material journal entries
iii. Examining other adjustments made in preparing the financial statements

Substantive procedures fall into two categories: analytical procedures and tests of details. The auditor
must determine when it is appropriate to use which type of substantive procedure.

9. Concept of fraud and types at the Financial Statements level

A: Fraud is an intentional act by one or more individuals among management, those charged with

11
 governance, employees or third parties involving the use of deception to obtain an unjust or illegal
advantage. Fraud may be perpetrated by an individual, or colluded in, with people internal or external to
the business.

Specifically, there are two types of fraud causing material misstatement in financial statements:
i. Fraudulent financial reporting : Fraudulent financial reporting involves intentional misstatements,
including omissions of amounts or disclosures in financial statements, to deceive financial statement
users.

This may include:

a. Manipulation, falsification or alteration of accounting records/supporting documents
b. Misrepresentation (or omission) of events or transactions in the financial statements
c. Intentional misapplication of accounting principles

Such fraud may be carried out by overriding controls that would otherwise appear to be operating
effectively, for example, by recording fictitious journal entries or improperly adjusting assumptions or
estimates used in financial reporting.

ii. Misappropriation of assets : Misappropriation of assets involves the theft of an entity's assets and is
often perpetrated by employees in relatively small and immaterial amounts. However, it can also
involve management who are usually more capable of disguising or concealing misappropriations in
ways that are difficult to detect.

This is the theft of the entity's assets (for example, cash, inventory). Employees may be involved in such
fraud in small and immaterial amounts, but it can also be carried out on a larger scale by management who
may then conceal the misappropriation, for example by:

a. Embezzling receipts (for example, diverting them to private bank accounts)

b. Stealing physical assets or intellectual property (inventory, selling data)
c. Causing an entity to pay for goods not received (payments to fictitious vendors)
d. Using assets for personal use

10. ISA 240, 250

12
A: ISA 240 – AUDITOR’S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF
FINANCIAL STATEMENTS

Responsibilities of management and auditors

 The primary responsibility for the prevention and detection of fraud is with those charged with
governance and the management of an entity.
 The auditor is responsible for obtaining reasonable assurance that the financial statements are free from
material misstatement, whether caused by fraud or error.
The risk of not detecting a material misstatement from fraud is higher than from
error because of the following reasons

􀁸 Fraud may involve sophisticated schemes designed to conceal it.

􀁸 Fraud may be perpetrated by individuals in collusion.
􀁸 Management fraud is harder to detect because management is in a position to
manipulate accounting records or override control procedures.

 The auditor is responsible for maintaining professional skepticism throughout the audit, considering the
possibility of management override of controls, and recognizing that audit procedures effective for
detecting errors may not be effective for detecting fraud.

ISA 250 :-
The auditor is also required to consider the issue of law and regulations in the audit. Auditors are given
guidance in ISA 250 Consideration of laws and regulations in an audit of financial statements, the objectives
of the auditor are:

􀁸 To obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws
and regulations that have a direct effect on the determination of material amounts and disclosures in the
financial statements
􀁸 To perform specified audit procedures to help identify non-compliance with other laws and regulations
that may have a material effect on the financial statements
􀁸 To respond appropriately to non-compliance/suspected non-compliance identified during the audit

11. Circumstances that may indicate non-compliance with laws and regulations.DOUBT
A: The following factors may indicate non-compliance with laws and regulations:
i. Investigations by regulatory authorities and government departments

13
ii. Payment of fines or penalties
iii. Payments for unspecified services or loans to consultants, related parties, employees or
government employees
iv. Sales commissions or agents’ fees that appear excessive
v. Purchasing at prices significantly above/below market price
vi. Unusual payments in cash
vii. Unusual transactions with companies registered in tax havens
viii. Payment for goods and services made to a country different to the one in which the goods and
services originated
ix. Payments without proper exchange control documentation
x. Existence of an information system that fails to provide an adequate audit trail or sufficient evidence
xi. Unauthorized transactions or improperly recorded transactions
xii. Adverse media comment

The following table summarises audit procedures to be performed when non-compliance is identified or
suspected.
Non-compliance: audit procedures
Obtain understanding of nature of act and circumstances.
Obtain further information to evaluate possible effect on financial statements.
Discuss with management and those charged with governance.
Consider need to obtain legal advice if sufficient information not provided and matter is material.
Evaluate effect on auditor’s opinion if sufficient information not obtained.
Evaluate implications on risk assessment and reliability of written representations.

12. Concept of audit planning and the structured approach towards the same.
A: The audit plan converts the audit strategy into a more detailed plan and includes the nature, timing and
extent of audit procedures to be performed by engagement team members in order to obtain sufficient
appropriate audit evidence to reduce audit risk to an acceptably low level.

The audit plan shall include the following:

i. A description of the nature, timing and extent of planned risk assessment procedures
ii. A description of the nature, timing and extent of planned further audit procedures at the assertion
level
iii. Other planned audit procedures required to be carried out for the engagement to comply with ISAs

The planning for these procedures occurs over the course of the audit as the audit plan develops.
14
 Examples of items included in the audit plan could be:
a. Timetable of planned audit work
b. Allocation of work to audit team members
c. Audit procedures for each major account area (eg inventory, receivables, cash etc)
d. Materiality for the financial statements as a whole and performance materiality

Any changes made during the audit engagement to the overall audit strategy or audit plan, and the reasons
for such changes, shall be included in the audit documentation.

13. Matters to be considered in overall audit strategy.

A:
THE OVERALL AUDIT STRATEGY: MATTERS TO CONSIDER
i. Financial reporting framework
ii. Industry-specific reporting requirements
iii. Expected audit coverage
Characteristics of the iv. Nature of business segments
engagement v. Availability of internal audit work
vi. Use of service organisations
vii. Effect of information technology on audit procedures
viii. Availability of client personnel and data
a. Entity’s timetable for reporting
Reporting objectives, b. Organisation of meetings with management and those charged with
timing of the audit and governance
nature of communications c. Discussions with management and those charged with governance
d. Expected communications with third parties
i. Determination of materiality
ii. Areas identified with higher risk of material misstatement
iii. Results of previous audits
Significant factors, iv. Need to maintain professional scepticism
Preliminary engagement v. Evidence of management’s commitment to design, implementation and
activities, and knowledge maintenance of sound internal control
gained on other vi. Volume of transactions
engagements vii. Significant business developments
viii. Significant industry developments
ix. Significant changes in financial reporting framework
x. Other significant recent developments
Nature, timing and extent a. Selection of engagement team
15
of resources b. Assignment of work to team members
c. Engagement budgeting

14. ISA 230

A: ISA 230 : Audit documentation states that the auditor shall prepare audit documentation on a timely
basis.

Audit documentation is necessary for the following reasons:

􀁸 It provides evidence of the auditor’s basis for a conclusion about the achievement of the overall
objective.
􀁸 It provides evidence that the audit was planned and performed in accordance with ISAs and other legal
and regulatory requirements.
􀁸 It assists the engagement team to plan and perform the audit.
􀁸 It assists team members responsible for supervision to direct, supervise and review audit work.
􀁸 It enables the team to be accountable for its work.
􀁸 It allows a record of matters of continuing significance to be retained.
􀁸 It enables the conduct of quality control reviews and inspections (both internal and external).

16