Evaluation of quality control issues, implications for audit completion and further actions
(i) Controls testing on payables
The absence of evidence of authorisation by the procurement manager in relation to the three purchase orders represents an exception to the effective operation of an internal control on which the auditor intends to place reliance. The review of the supporting documentation and the conclusion that the items were legitimate business expenditure do not resolve the exception in the effective operation of the control. There is a risk that other exceptions and further unauthorised purchases may have occurred which may not have been for legitimate business purposes. The audit procedures therefore appear to have been inadequate. The audit assistant should have reported the matter to the manager and partner for them to decide if further work or risk analysis was required and who it should be reported to, i.e. those charged with governance, etc. This should have also been picked up during the review of the working papers.
Prior to finalising the audit, the audit team needs to assess the extent and significance of the internal control deficiency and should consider increasing the original sample size and extending the audit testing. If the extended testing identifies further exceptions in the effective operation of the control, the auditor should review whether a controls based approach is appropriate and consider whether more substantive testing on the payables component is required. The auditor should also consider including the matter in the report to management.
In line with ISA 260 Communication with Those Charged with Governance, the auditor is required to communicate significant findings from the audit to those charged with governance. These include significant difficulties encountered during the audit and any extensive unexpected effort required to obtain sufficient appropriate audit evidence. The absence of authorisation by the procurement manager in relation to the three purchase orders requires extended audit testing and represents a potentially significant deficiency in the operation of internal controls. It therefore represents a potentially significant audit finding which should be communicated to those charged with governance.
(ii) Petty cash fraud
The personal taxi fares represent a fraudulent transaction by the petty cashier and should be reviewed in the light of the auditor’s and management’s respective responsibilities in relation to the prevention and detection of fraud. ISA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements states that the primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management. The existence of the fraud may also be further indication of a weak control environment. The auditor is responsible for obtaining reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error. The amount of $175 is clearly immaterial to the financial statements and therefore does not represent a potential source of material error caused by fraud. The auditor should review the petty cash records for evidence of any further irregularities and discuss the matters identified with management. However, if the auditor concludes that the matter increases the overall assessment of fraud and control risk, management should be informed.
In spite of the immateriality of the amounts involved, however, the relationship of the audit assistant to the petty cashier represents a familiarity threat. The failure of the audit assistant to highlight the matter prior to the discussion with the engagement quality control reviewer may indicate a lack of professional integrity on the part of the audit assistant. In line with ISA 220 Quality Control for an Audit of Financial Statements, the auditor, primarily the audit engagement partner, has responsibility to monitor ethical requirements throughout the audit process. The firm’s procedures for assigning staff to audit teams and for reporting personal relationships with client staff should be reviewed in light of this responsibility.
If the auditor concludes that the petty cash fraud and any additional issues identified on review of the petty cash records increases the overall assessment of fraud and control risk, the matter should be reported to management with a recommendation that all petty cash transactions should be adequately reviewed and authorised.
(iii) Cut-off testing on revenue
IFRS 15 Revenue from Contracts with Customers requires that an entity recognises revenue when or as the entity satisfies a performance obligation by transferring a promised good or service (i.e. an asset) to a customer. An asset is transferred when or as the customer obtains control of that asset. On this basis therefore, revenue has been recognised too early and as a result revenues, receivables and profits are overstated.
The error identified is in isolation immaterial to the financial statements at 0·2% of revenue (17,880/8·7 million). The error should be extrapolated based on the incidence of errors identified and the level of sales to this particular customer in order to assess the potential for a material misstatement. Based on this assessment, the auditor should extend cut-off testing in order to assess further the potential for a material error. The auditor should also confirm with management that the invoicing procedure is isolated to this particular customer and consider extending their assessment and testing to any other customers as necessary. The auditor should also review last year’s cut-off procedures in order to investigate whether there were any compensating errors in the prior year.
All misstatements identified should be communicated to management and the auditor should request that they are corrected. ISA 260 requires the auditor to communicate to those charged with governance his or her views about significant qualitative aspects of the entity’s accounting practices including accounting policies. The non-compliance with the recognition criteria of IFRS 15 represents a significant finding from the audit and should be communicated to those charged with governance according to ISA 260
(iv) Tax advice
As already noted in (ii) above, the auditor has responsibility to monitor ethical requirements throughout the audit process. The provision of assistance in calculating the company’s income tax payable for the year represents a self-review threat as the tax calculation forms the basis of the tax payable in the statement of financial position and the tax charge in the statement of profit or loss for the year. This risk is increased by the listed status of Davis Co and according to the IESBA Code of Ethics for Professional Accountants (the Code), the auditor should not prepare tax calculations for listed clients. Davis Co is a listed client and therefore, as auditors, the firm should not undertake any tax services as the threats to the auditor’s objectivity and independence which would be created are too high to allow the audit firm to undertake an engagement to prepare calculations of current or deferred tax liabilities (or assets) for the purpose of preparing accounting entries which are material to the relevant financial statements, together with associated disclosure notes.
According to ISA 260, the significant audit findings which the auditor is required to communicate to those charged with governance include matters which, in the auditor’s professional judgement, are significant to the oversight of the financial reporting process. The auditor should therefore report the lack of skill and up to date knowledge of the finance director and the implications of this for the recruitment and training procedures at the client. The auditor should also report the independence issues identified above in relation to the finance director’s request for the auditor to calculate the tax payable.