Risk Assessment and Internal Control – CA Inter Audit Questions bank

Risk Assessment and Internal Control – CA Inter Audit Questions bank is designed strictly as per the latest syllabus and exam pattern.

Risk Assessment and Internal Control – CA Inter Audit Question Bank

Question 1.
State with reasons (in short) whether the following statement is True or False:
There is direct relatonship between detection risk and combined level of inherent and control risk. (Nov 2007, 2 marks)
Answer:
False:
There is an inverse relationship between detection risk and combined level of inherent risk and control risk, because If inherent and control risk decreases detection risk increases.

Question 2.
State with reasons (In short) whether the following statement is True or False:
When the Auditor uses more Professional Judgement, the Degree of inherent risk is lower. (Nov 2008, 2 marks)
Answer:
True:
While developing the overall audit plan, the auditor, should assess inherent risk at the level of finance statements. To assess inherent risk, the auditor would use professional judgment, evaluate various factors having regard to his experience of the entity from previous audit engagements of the entity.

any controls established by management to compensate for a high level of inherent risk and his knowledge of any significant changes which might have taken place since his last assessment. Therefore, when the auditor uses more professional judgement, the degree of inherent risk is lower. Hence, the above statement is true.

Question 3.
Write short note on the Inherent risk. (Nov 2012, 4 marks)
Answer:
Assessment of Inherent Risk: Assessment of inherent risk should be done by the auditor:
1. At the level of financial statements; and
2. At the level of assertions made in the financial statements.

• The assessment of inherent risk at the level of financial statements should be done In developing the overall audit plan.
• The inherent risk at the level of materia] account balances and classes of transactions should be related to the assessment of inherent risk at the level of financial statements in developing the audit programme.

Factors to be considered while assessIng Inherent risk at th. level of financial statements:

• Managements integrity.
• Managements experience and knowledge.
• Changes in management during the period.
• Unusual pressures for example, the entity is in dire need of a loan.
• The nature of entity’s business technological obsolescence of products, significance of related parties, number of locations, geographical spread of its facilities.
• Factors affecting entitys industry for example, changes in technology, consumer demand and accounting practices prevalent.
• Factors to be considered while assessing Inherent risk at the level of account balance or class of transaction:
  Quality of the accounting system.
• Accounts which required adjustment In the prior period.
• Accounts which involve a high degree of estimation,
• Complexity of underlying transactions or other events requiring the use of expert’s work.
• The degree of judgement involved in determining account balance.
• Susceptibility to misappropriation-For example highly desirable and movable assets such as cash.
• Unusual or complex transactions, especially at the period end.
• Transactions not subjected to ordinary proceeding-(e.g. non-standard journal entries).

Question 4.
State with reason (in short) whether the following statement Is correct Or Incorrect.
Inherent and control risk, and detection risk have same meaning. (Nov 2013, 2 marks)
Answer:
Incorrect:
There are three types of risks, which is interrelated as IR∝CR∝\(\frac{1}{DR} \) Inherent risk (IR) is the susceptibility of an account balance or class of transactions to a material misstatement.

Control risk (CR) is the risk that material misstatement will not be prevented or detected and corrected on a timely basis by the Internal control system. Detection risk (DR) is the risk that an auditor substantive procedures will not detect a material misstatement.

Question 5
Discuss in brief the types of audit risk and inter-relationship of components of audit risk. (Nov 2014, 6 marks)
Answer:
Audit Risk Is the probability or chance that an Auditor may give an inappropriate opinion on financial information that is materially misstated.

There are three type of audit risk:

• Inherent risk
• Control’ risk
• Detection risk

The Inter-relationship between them
Audit risk is a function of the risks of material misstatement and detection risk. The inherent and control risks are functions of the entitys business and its environment and the nature of the account balances or classes of transactions, regardless of whether an audit is conducted. Even though Inherent and control risks cannot be controlled by the auditor, the auditor can assess them and design his substantive procedures to produce on acceptable level of detection risk, thereby reducing audit risk to an acceptably low level.

For a given level of audit risk, the acceptable level ol detection risk bears an inverse relationship to the assessed risks of material misstatement at the assertion level. For example, the greater the risks of material misstatement the auditor believes exists, the less the detection risk that can be accepted and accordingly, the more persuasive the audit evidence required by the auditor Thus,

• If inherent risk is higher then detection risk is also higher.
• If inherent risk is lower then detection risk is also lower.
• If control risk is higher then the detection risk is lower and if control risk is lower then detection risk is higher.

Detection risk is based on the control risk and Inherent risk. So inherent risk and control risk is based on client’s point of view and detection risk is based on auditor’s point of view.

Question 6.
State with reason (in short) whether the following statement Is correct or incorrects. The use of computer facilities by a small enterprise may increase the control risk. (May 2017, 2 marks)
Answer:
Correct:
The use of computer facilities by a small enterprise decreases the control risk. However, many controls which would be relevant to large entities are not practical in the small business.

Question 7.
Write short note on the Audit risk at the account balance level and at the class of transactions level. (Nov 2009, 5 marks)
OR
Write short note on the Assertion about balance at the end of the reporting period. (May 2013, 4 marks)
OR
Discuss the following:
The assertions used by auditor to consider potential misstatements about account balances at the period end. (Nov 2015, 5 marks)
Answer:
Evaluating Risk at the account balance and class of transaction level:
As per SA 315 “Identifying and Assessing the Risk of Material Misstatement through Understanding the Entity and its Environment”, risk of material misstatement at the assertion Level for classes of transactions, account balances and disclosures need to be considered because such consideration directly assists in determining the nature, timing, and extent of further audit procedures at the assertion level necessary to obtain sufficient appropriate audit evidence.

In representing that the financial statements are in accordance with the applicable financial reporting framework, management implicitly or explicitly makes assertions regarding the recognition, measurement, presentation and disclosure of the various elements of financial statements and related disclosures. Assertions at different levels are discussed below:

1. Assertions about classes of transactions and events for the period under audit:

• Occurrence: Transactions and events that have been recorded have occurred and pertain to the entity.
• Completeness: All transactions and events that should have been recorded have been recorded.
• Accuracy: Amounts and other data relating to recorded transactions and events have been recorded appropriately.
• Cut-off transactions and events have been recorded in the correct accounting period.
• Classification: Transactions and events have been recorded In the proper accounts.

2. Assertions about account balances at the period end:

• Existence: Assets. liabilities and equity interests exist.
• Rights and obligations: The entity holds or controls the rights to assets and liabilities are the obligations of the entity,
• Completeness: All assets, liabilities, and equity interests that should have been recorded have been recorded.
• Valuation and allocation: Assets, liabilities, and equity interests are included in the financial statements at appropriate amounts, and any resulting valuation or allocation adjustments are appropriately recorded.

When making assertions about the financial statements of certain entities, especially, for example, where the Government is a major stakeholder, in addition to those assertions mentioned before, management may often assert that transactions and events have been carried out In accordance with legislation or proper authority. Such assertions may fall within the scope of the financial statement audit.

To assess inherent risk, the auditor would use professional judgement to evaluate numerous factors, having regard to his experience of the entity from previous audit engagements of the entity, any controls established by management to compensate for a high level of inherent risk and his knowledge of any significant changes which might have taken place since his last assessment.

Inherent audit risk at the level of Account Balance and Class of Transactions is:

1. Quality of the accounting system.
2. Financial statements are likely to be susceptible to misstatement, for example, accounts which required adjustment in the prior period or which involve a high degree of estimation.
3. The complexity of underlying transactions and other events which might require using the work of an expert.
4. The degree of judgment involved in determining account balances.
5. Susceptibility of assets to loss or misappropriation, for example, assets which are highly desirable and movable sud as cash.
6. The completion of unusual and complex transactions, particularly at or near period end.
7. Transactions not subjected to ordinary processing.

Question 8.
Examine with reasons whether the following statement is correct or incorrect.
(h) For an auditor the Risk assessment procedure provides sufficient appropriate audit evidence to base the audit opinion. (Nov 2019, 2 marks)
Answer:
Incorrect:
The auditor shall perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels. Risk assessment procedures by themselves, however, do not provide sufficient appropriate audit evidence on which to base the audit opinion.

Question 9.
Examine with reasons whether the following statements are correct or incorrect. Risks of material misstatement may be greater for significant judgmental matters that require the development of accounting estimates. (Nov 2020, 2 marks)

Question 10.
What factors are to be considered by an auditor while making control risk assessments? (Nov 2020, 3 marks)
explain whether the following statements are correct or incorrect, with reasons/explanations examples:
The Auditor is expected to, reduce audit risk to zero and can therefore obtain absolute assurance that the financial statements are tree from material misstatement due to fraud or error. (Jan 2021, 2 marks)
OR
“P India Ltd. is a manufacturer of various sports products. The company is having several cases of Litigation pending in courts. The auditor wanted to identify litigation and dams, which may give rise to risk of material misstatements. Suggest the audit procedures in the given case. (May 2019, 4 marks)
Answer:
As per SA 501, Audit Evidence – specific considerations for Selected Items, the auditor shall design and perform audit procedures In order to identify litigation and claims involving the entity which may give rise to a ris of material misstatement. Including,

1. Inquiry, of management and where applicable, others within the entity, including in-house legal Counsel:
2. Reviewing minutes of meetings of those charged with governance and correspondence between the entity and its external legal counsel: and
3. Reviewing legal expenses accounts.

It the auditor assesses a risk of material misstatement regarding litigations or claims that have been identified, or when audit procedures performed indicate that other material litigation or claims may exist, the auditor shall, in addition to the procedures required by other SAs, seek direct communication with the entity’s external legal counsel. The auditor shall do so through a letter of inquiry, prepared by management and send by the auditor.

requesting the entity’s external legal counsel to communicate directly with the auditor. It law, regulation or the respective legal professional body prohibits the entity’s external legal counsel from communicating directly with the auditor, the auditor shall perform alternative audit procedures.

Question 11.
What are the inherent limitations of internal control? (Nov 2007,7 marks)
OR
Explain Inherent limitations of internal control system. (Nov 2013, 8 marks)
OR
Explain the inherent limitations of Internal Control. (May 2015, 6 marks)
OR
Briefly discuss the limitations of Internal Control. (May 2018, 6 marks)
Answer:

Question 12.
State with reasons (in short) whether the following statement Is True or False:
The environment in which Internal control operates has no relationship with the effectiveness of the Specific control procedure. (Nov 2008, 2 marks)
Answer:
False:
The environment of the internal control to a great extent plays an important role in determining the effectiveness ol Specific control procedure. The environment in which Internal control operates has an impact on the effectiveness of the specific control procedures. The control environment means the overall attitude, awareness, and actions of directors and management regarding the internal control system and its importance In the entity.

Do you know:
The Internal Control Environment may be affected by
1. Organisational Structure: The organizational structure of an entity serves as a framework as practicable, to preclude an individual from overriding the control system and should provide for the segregation of incompatible functions.

2. Management Supervision: Management is responsible for devising and maintaining the system of internal control.

3. Personnel: The proper functioning o? any system depends on the competence and honesty of those operating it.

Question 13.
Write short note on the Letter of Weakness (May 2009, May 2013, 5 marks each)
Answer.
Letter of Weakness:
The Auditor may become aware of weaknesses in Internal Control System as a result of obtaining an understanding of accounting and Internal control system and tests of control.

The Auditor should communicate In writing to the management, at an appropriate level of responsibility, material weaknesses in the design or operation of internal control system observed during conducting audit.

1. When the auditor comes across any weakness in the control points, he issues letter of weakness.
2. The auditor does compliance procedure to ascertain that the internal control system exists In the entity; it works effectively; it work continuously in the entity during review period.
3. Lapses in operation of internal control too are reported in the communication of weakness.
4. Letter of weakness is a report issued by auditor stating the weakness in internal control mechanism. It also suggests measures by which the weakness in the system be corrected and the control system be made better protected.
5. The communication of weakness is reporting to management of such weakness in design and operation of internal control as have come to notice of auditor during his auditing and It should not be taken to be review and comment on adequacy of the control mechanism for management purpose.

Question 14.
Write Short Note on the Internal control In Small Business (May 2011, 4 marks)
Answer:
The auditor needs the same degree of assurance to give an unqualified opinion on the financial statements of both small and large entities. Many control which would be relevant to large entities may not be practical for small business.

In small business, accounting work may be performed by only a few persons having both operating and custodial responsibilities and segregation of functions may be missing or several limited. However, this may be offset by personal supervision of owner manager which may be possible due to low volume of transactions.

So, if the auditor finds that segregation of duties is limited or evidence of supervisory controls is lacking, he would have to perform extensive substantive procedures to obtain evidence to express his opinion on the financial statements.

Question 15.
What are the general considerations in framing a system of internal check? (May 2012,8 marks)
Answer:
Internal Check:
The term Internal check is defined as the checks on day-to-day transactions which operates continuously as part of the routine system whereby the work of one person is proved independently or is complementary to the work of another, the object being the prevention or early detection of frauds and errors.

Steps involved In framing a system of Internal check: The special consideration in framing a system of internal check are:

1. Different Hands	No single person should have an Independent control over any important aspect of the business. All dealing and acts of every employee should in the ordinary course, come under the review of another.
2. Job Rotation	The duties of staff member should be changed from time to time without any previous notice. The same officer or subordinate should not, without a break, perform the same function for a considerable period of time.
3. Leave	Every member of the staff should be encouraged to go on leave at least once In a year: Frauds successfully concealed by employees are often unearthed when they are on leave.
4. Assets-Book Differentiation	Persons having physical custody of assets should not be permitted to have access to the books of accounts.
5. Assets Verification	There should be an accounting control in respect of each important class of assets. They should be periodically inspected so as to establish their physical existence.
6. Mechanical Devices	Mechanical devices such as automatic cash register may be employed to prevent loss or misappropriation of cash.
7. Stock-Taking	During year-end stock-taking trading activities should preferably, be suspended. Stock-taking and evaluation should not be done exclusively by stores staff. Staff from all departments and sections should be employed for this task.

Question 16.
Comment on the following:
Internal check is part of internal control system. (May 2013, 2 marks)
Answer:
Internal check consists of set of rules or procedures that are part of accounting system introduced to ensure that accounts of business are correctly maintained and errors and frauds eliminated. It is actually a part of The overall internal control system and operates as a built-in device as far as the stall organization and job allocation aspects of the control system are concerned.

Question 17.
State with reasons (in short) whether the following statement is correct or incorrect. Maintenance ot internai control system is responsibility of Auditor. (May 2014,2 marks)
Answer:
Incorrect:
Maintenance of Internal control system Is responsibility of management and those charged with governance (TCWG).

Question 18.
State with reasons (in short) whether the following statements are correct or incorrect:
Letter of weakness is issued by the Management. (May 2015, 2 marks)
Answer:
Incorrect:
Letter of weakness is a report issued by auditor stating the weakness In internal control mechanism. It also suggests measures by which the weakness in the system to be corrected and the control system be made better protected.

Question 19.
Examine with reasons (in short) whether the following statement Is correct or incorrect:
(d) Inquiry alone is sufficient to test the operating effectiveness of controls. (May 2018, 2 marks)
Answer:
Incorrect:
Inquiry alone is not suffident to test the operating effectiveness of controls. In addition to inquiry. inspection, observation, confirmation, recalculation, report ordnance arid analytical procedures are the audit procedures to test the operating effectiveness of controls.

Question 20.
“Inadequate internal control over assets may Increase the susceptibility of misappropriation of those assets”. State any three examples of such occurrences of misappropriation of sudi assets. (Nov 2019, 3 marks)
Answer:
Inadequate internal control over the assets may Increase the susceptibility of misappropriation of those assets.

Misappropriation of assets may occur because there of following:

1. Inadequate segregation of duties or independent checks.
2. Inadequate oversight of senior management expenditures, Such as travel and other reimbursements.
3. Inadequate management oversight of employees responsible for assets, for example, inadequate supervision or monitoring of remote locations.
4. Inadequate Job applicant screening of employees with access to assets.
5. Inadequate record keeping with respect to assets.
6. Inadequate system of authorization and approval of transactions (for example, in purchasing).
7. Inadequate physical safeguards over cash, investments, inventory or fixed assets.
8. Lack of complete and timely reconciliations of assets.
9. Lack of timely and appropriate documentation of transactions for example, credits for merchandise returns.
10. Lack of mandatory vacations br employees performing key control functions.

Question 21.
As an auditor how would you react to the following situation/comment Director (Finance) of KK Ltd. Informed their newly appointed statutory auditor that they have sound Internal control system implemented by a renowned professional firm and he is satisfied with its effectiveness and functioning and therefore, the statutory auditor should concentrate on verifying only the routine books and financial statements. (May 2008,8 marks)
Answer:
As per the requirement of SA-200, Overall objectives of the Independent auditor and the conduct of an audit in accordance with standards on auditing, auditor should study and evaluate the internal control system and accounting system and should decide how mud degree of reliance could be placed on internal control by applying his compliance procedure to ultimately decide the nature, timing and extent of his substantive procedure.

Further SA-315 Identifying and assessing the Risk of Material Misstatement through understanding the entity and Its environment, emphasises that Auditor should assess the inherent risk and control risk at high unless he has convincing evidence in its support to assess these risks at less than high. Further all the reasons why the risk is assessed at less
than high should be documented.

On the other hand if auditor assumes that the inherent and control risks are high he should extend his audit procedure to that extent from where he can assess his detection risk at lowest. As in the given case director finance of the client is of opinion that auditor must not study and evaluate the internal control system as it is designed by the most renowned firm and he is satisfied with such controls.

Present Case: It is quite clear that more implementing an internal control does not suffice it’s existence effectiveness and continuity shall be verified by the auditor by applying compliance procedures as defined in SA – 500 ‘Audit Evidences’. Hence we can conclude that the view of director finance is not in support with the requirements of the SAS.

Question 22.
Mention any six points to be considered for good internal control for collection of tuition fees from students of college. (May 2009, 6 marks)
Answer:
Internal control points for collection of tuition fees:
1. College must have a clear-cut tuition fee structure which is approved by the college council.

2. The challan or paying in slip should contain necessary fields for Identifying the roll number of the student, class, and period for which fees is paid etc. The slips should have such number of counter tolls to cross-check the remittance.

3. The paying In slip when tilled by the students, should be checked for its correctness as to applicable amount etc by one clerk and the amount should be entered in a scroll. He must sign the slip which authorises the cashier to accept the tees as per slip.

4. The cashier scroll and the authorizing officer/s scroll should be checked by an officer daily,

5. All remittance should be banked each day. No amount should be allowed to be spared for meeting any type of expense.

6. Alternatively, the fees may be directly remitted into bank and banker’s daily remittance slip should be scrutinized by college officers. Arrears list should be periodically prepared from the students rolls. Any concession or remission of tuition fees should have approval of competent authority.

Delayed remittance should carry fines or compensating charges for delay. When students are readmitted after removal for non-payment of fees, the admission should carry the permission of competent authority.

Question 23.
A trader is worried that Inspite of substantial Increase in sales compared to earlier year. there is considerable fall in Gross Profit after satisfying himself that sales and expenses are correctly recorded and that the valuation of inventories is on consistent basis, he wants to ensure that purchases have been truthfully recorded. How will you proceed with this assignment? (May 2010, 10 marks)
Answer:
In order to ensure that purchases have been truthfully recorded, auditor follows the following three steps:

1. Study and evaluation of internal control system
2. Vouching of purchase transaction
3. Analytical procaduies

1. Study and evaluation of Internal control system: It includes the following steps:
(i) Internal check: It should consist of the segregation of duties at the following points:
(a) Requisitioning the goods: Specified employees from the stores department or from the production department’s store unit should prepare and approve a purchase requisition for raw materials or goods used in production. The purchase requisition is sent to the purchase department.

(b) Ordering the goods requisitioned: It should prepare a serially numbered purchase order. The purchase department is responsible for negotiating the best prices, fixing delivery dates with suppliers and ensuring that appropriate quality goods are obtained.

(c) Receiving the goods ordered: Goods ordered should be inspected and counted by the receiving department. if satisfied, it prepares serially numbered receiving report or goods received note and forwards its notification copies to the stores. purchase department and finance department.

(d) Preparing the payment voucher: The accounts payable department or accounts payable unit of finance department will receive the invoices and process for its payment and accounting.

(ii) Physical controls: It includes
(a) Physical controls over inventory include locked warehouses and store-rooms and Limiting access to them to authorized personnel and
(b) Printed forms with numbers should be used for purchase requisitions, purchase orders, receiving reports and vouchers.

(iii) Authorised procedures:
(a) Authorisation procedures should be designed for all the four control points- requesting the goods. ordering the goods requisitioned, receiving the goods ordered, and preparing the payment voucher.

(b) Re-order points should be ascertained for various Inventory items that may trigger a manual request.

(iv) Internal review:
(a) Internal review should ensure that there Is adequate separation of duties and proper authorization procedures with regard to processing and recording of purchase transactions.

(b) Paid invoices should be reviewed to ascertain the accuracy of the recording of these invoices and if possible, these invoices should be traced back to purchase requisition through receiving reports or goods received notes and purchase orders.

2. Vouching of purchases transactions:
Auditor should vouch credit purchases in the following ways:
(i) Examine purchase book: The author should examine the transactions recorded in the purchase book with reference to related purchase invoice.
(ii) Examine purchase invoices:
(a) The auditor should select a small sample of vendors invoices at random and should conduct in-depth audit on them i.e., trace the transaction from placing the order to the entries in inventory goods for actual receipt and payment made to the suppliers.
(b) In respect of imports, documents such as bill of lading, customs clearance, etc. should be examined. The auditor should ensure that subsidies, rebates, duty drawbacks or other similar items have been property accounted for.

(iii) Examine the numerical sequence of source documents: The auditor should ensure the numerical sequence of source documents such as purchase requisitions, purchase orders, receiving reports and vouchers have been maintained and missing numbers have been duly accounted for.

(iv) Examine cut-off points:
(a) The auditor should examine cut-off points on pre-numbered purchase requisitions, purchase orders and goods received notes.
(b) The auditor should, then, trace the goods received notes pertaining to a few days before the end of the period under audit to the related purchase invoices.

Such a comparison would ensure that purchases represented by such invoices have been recorded as the purchases of the period under audit.

(v) Examine transition with related parties: The auditor should examine all related parties, transactions specifically.

3. Analytical procedures: The auditor should compare Item-wise and location-wise both quantity arid value of purchases for the current period with the corresponding figures for the previous period and ensure that major variations are explained and justified. For which, various analytical ratios, should also be calculated and compared.

 

Question 24.
Explain briefly the technique of the ‘internal Control Questionnaire’ to facilitate the accumulation of information necessary for proper evaluation of internal control. (Nov 2010, 4 marks)
OR
Write short notes on the Internal Control Questionnaire. (May 2013, 4 marks)
Answer:

Question 25.
Write short note on the following:
Use of flow charts in evaluation of internal control. (Nov 2013, 4 marks)
OR
Write short note on the use of flowcharts in evaluation of internal control. (May 2016, 4 marks)
Answer:

Flowchart
Meaning	Flow Chart is a graphic presentation of the plan of documents through system or subsystem with Installed check or control recorded on the lines of lines: Flow charts are important toot in the evaluation of Internal Control System.
Need	1. It is the most concise way of recording the auditors review of the system. 2. It helps in minimising the amount of narrative explanation and thereby achieves a consideration or presentation not possible In any other form. 3. It gives birds eye view of the system and the flow of transactions and integration & documentation can be easily spotted and improvements can be suggested.
Use of flowchart In evaluation of Internal control	The evaluation of Internal control system with the help of flow chart can be done In following manner: 1. Reviewing the flow charts themselves working for in appropriate divisions of duties or lack of automatic checks etc. 2. Reviewing the flow chart by preparing an internal control checklist. Further, an attempt to chart the activities of the whole organisation in one flow chart may be avoided since it would become a cumbersome document to read, understand and follow the trial.

Question 26.
State wh reasons (In short) whether the following statement Is correct or incorrect:
A flow chart is a graphic presentation of each point of the company’s system of internal control. (Nov 2016, 2 marks)
Answer:
Correct:
Flowcharts are a great tool to use to visualise complex systems involved in an organisation. it makes It easier for an auditor to see the redundancies and an organisation’s system of internal control.

Question 27.
State with reasons (in short) whether the following statement s correct or incorrect.
Intenal control questionnaires are a good source of identifying weakness in internal control system. (May 2016, 2 marks)
Answer:
Correct:
Weaknesses in Internal Control Systems can be known by examining answers to the question of Internal Control Questionnaire.

Question 28.
What is the difference between Narrative records and Checklist? (Nov 2016, 4 marks)
Answer:
Difference between Narrative Records and Check List:
Narrative Record:
This is a complete and exhaustive description of the system as found in operation by the auditor. Actual testing and observation are necessary before such a record can be developed. It is recommended in case no formal control system is in operation and would be more suited to small business.

Check List:
This is a series of questions which an auditing staff must follow.
It is an on-job requirement arid questions are framed having regard to the desirable elements of control. The complete checklist by the senior auditor to ascertain existence of internal control and evaluate its efficiency and implementation.

Question 29.
Discuss the following: A satisfactory Internal control environment may help reduce the risk of fraud but is not an absolute deterrent for fraud. Explain. (May 2017, 5 marks)
Answer:
A satisfactory internal control environment may help reduce the risk of fraud but is not an absolute deterrent for fraud. The reasons being:

Question 30.
Write short note on the Important requirements which should be kept mind to establish a system of internal control for application process at a service bureau. (May 2017, 4 marks)
Answer:
Requirement to be kept in mind In establishing or evaluating a system of internal Control for applications processed at a Service Organisation are:

1. Co-ordination	The relationship between the organisation and the user should be dearly defined by a separate Liaison Officer from the User Entity’s stall, who will be responsible for total co-ordination.
2. System Testing	The system of data generation and transmission should be analysed. If required, clerical procedures at the User Entity should be simplified and regulated.
3. Data Movement Controls	There should be control over the physical movement of data i.e. vouchers sent for data input and returned after processg etc. A copy or microfilm of documents sent to the Service Organisation may be kept as backup.
4. Processing	There should be adequate Inconversion checking procedures by the User Entity. The processing time for various activities should be laid down.
5. Master Data Controls	There should be a high degree of control over the maintenance of data on master flies. This is necessary because the User Entity has no physical control over the files.
6. Output Distribution or Reports	The type, number and frequency of reports generated by the Service Organisation should be specified.
7. Rejection Procedures	In case of junk or erroneous data, the Service Organisation must provide sufficient reports for error identification. The User Entity must ensure prompt correction and re-submission of rejections to meet the Service organisations processing schedules.
8. Review of Data Processed	There should be clerical controls at the User Entity to verify the accuracy of computer pocessing (e.g. test checking of details on output).
9. Overall Review of Software	If there are significant program checks, the User Entity may review Reports to ensure that software check is functioning regularly.

Question 31.
XYZ & Associates, Chartered Accountants, wh;le evaluating the operating effectiveness of internal controls, detects deviation from controls. in such a situation, state the specific inquiries to be made by an auditor to understand those matters ad their potential consequences. (May 2018, 5 marks)
Answer:
In case of deviation from controls, the specific inquires to be made by the auditor to understand these matters and their potential consequences are:
Enquiries directed towards those charged with governance may help the auditor understand the environment in which the financial statements are prepared.

Enquiries directed toward internal audit personnel may provide information about internal control procedures performed during the year relating to the design and effectiveness of the entity’s internal control and whether management has satisfactory responded to findings from those procedures.

Enquiries of employees involved In initiating, processing or recording complex or unusual transactions may help the auditor to evaluate the appropriateness of the sectkrn and application of certain accounting policies.

Enquiries directed towards in house legal counsel may provide information about such matters as litigation, compliance with laws and regulations, knowledge of fraud or suspected fraud affecting the entity, warranties, post saLes obligations, arrangements (such as joint ventures) with business partners and the meaning of contract terms.

Enquiries directed towards marketing.g or sales personnel may provide information about changes in the entity’s marketing strategies, sales trends, or contractual arrangements with its customers.

Enquiries directed to the risk management function (or those performing such roles) may provide information about operational and regulatory risks that may affect financial reporting.

Enquiries directed to information systems personnel may provide information about system changes, system or control failures or other Information system-related risks.

Question 32.
Answer the following:
“The Auditor should examine the efficacy of various internal controls over advances, to determine the nature, timing and extent of his substantive procedures.” Discuss briefly. (Nov 2018, 5 marks)
Answer:
The auditor should examine the following for the efficacy of various internal controls over advances, to determine the nature, timing and extent of his substantive procedures.
1. As tar as possible, the system should specify the following.

• Total amount upto which loans may be made;
• The purposes for which loans may be made;
• Maximum amount of loans which may be made for each such purpose in individual cases;
• The terms on which such loans may be made;
• The persons who are authorized to make loans;
• Procedure for ensuring compliance with relevant legal requirements.

2. AIl variations In the terms of loans and advances should be duly approved in writing by the competent authority. .

3. Where security is taken against the loans, the form and adequacy of security should be reviewed by a responsible official.

4. The loan and security documents should be kept in safe custody of a responsible official. A record of all such documents should be maintained and the documents should be periodically verified with reference to such records.

5. The system should provide for identification of cases where principal and/or interest have become overdue or where any other terms are not being complied with.

6. Confirmation of balances should be obtained at periodic intervals in the same manner as in the case of debtors.

Question 33.
Write short note on Examination in depth. (Nov 2007, 5 marks)
OR
Write short note on the following:
Examination in depth. (Nov 2012, 4 marks)
Answer:
Examination In Depth:
Examination in Depth means an examination of a few selected transactions from the beginning to the end through the entire flow of transactions. This examination includes studying, the recording of transactions at each stage and judging, whether the person who has exercised the authority In relation to the transaction is lit to do so, The selection must be correct and proper.

A sample size may be small but it should be a true representative of the universe of transactions. In fact, the size depends upon the auditor’s level of confidence’, there Is a inverse relationship between them.

For example: A purchase of goods may commence when the company reaches its re-order level. The probable steps of purchase are as follows:

1. Requisition: pre-printed, pre-numbered, authorised.
2. Formal purchase order: sequentially pre-numbered and authorised placed with the approved supplier only.
3. Receipt of suppliers invoice.
4. Receipt of supplier’s statement.
5. Entries made in purchase day book.
6. Posting to purchase ledger and purchase ledger control AIG. and
7. Cheque issued in settlement.
8. 8. Entry on bank statement and returned paid’ cheque if requested.
9. 9. Entry in cash book.
10. 10. Posting from cash book to ledger and it’s Ledger control (taking Into account the discounts, if any).
11. Receipt of goods, along wfth delivery or advice note.
12. Issuance of goods received note and inspection certificate containing Initials or rubber stamp to show that goods are verified and inspected.
13. Admission of goods to store.
14. Entras of goods to Store.

It should be kept in mind that the above list is not a fixed list and its sequence can be changed. So we can see that as soon as the company reaches the re-order level, it has to follow a chain of events, also leaving an audit trail. Thus, examination In-depth is necessary, as if it is conducted properly, then it will reveal both the functioning or malfunctioning of the client’s system.

Question 34.
State with reason (in short) whether the following statement is correct or incorrect. ‘Examination m depth Implies that the auditor vouches almost all transactions in a manner that the chances of not checking any transaction are left at minimum. (2013 – Nov 2 marks)
Answer:
Incorrect:
Examination in Depth means an examination of a few selected transactions from the beginning to the end through the entire flow of transaction. This examination includes studying, the recording of transactions at each stage and judging, whether the person who has exercised the authority in relation to the transaction is fit to do so. The selection must be correct and proper.

A sample size may be small but it should be a true representative of the universe of transactions. Intact, the size depends upon the auditor’s ‘level of confidence’, there is a inverse relationship between them.

 

Question 35.
Why Tests of Control are performed? Also explain what does they include. (Nov 2015, 4 marks)
Answer
Test of controls are performed to obtain audit evidence about the effectiveness of the:

1. design of the accounting and internal control system, that is whether they are suitably designed to prevent or detect and correct material misstatements and
2. operation of the internal controls throughout the period.

Test control may Include test of elements of control environment where strengths in the control environment are used by auditors to reduce control risk.
Test of control further include the following:
1. Inspection of documents supporting transactions and other events to gain audit evidences that internal controls have operated properly for e.g. verifying that the transaction has been authorised.

2. Inquires about and observation of internal controls which leave no audit trails for e.g. Determining who actually performs each function and not merely who is supposed to perform it.

3. Re-performance of internal controls, for e.g. reconciliation of bank accounts, to ensure they were correctly performed by the entity.

4. Testing of internal control operating on specific computerized applications or over the overall Information technology function, for e.g. access or program change controls.

Question 36.
How would you assess the reliability of Internal control system in computerised information system? (May 2008, 6 marks)
Answer:
For the purpose of assessing the reliability of internal control system in computerised information system (C.l.S.). the auditor has to review the internal controls:

Review of General CIS Controls
The auditor should consider how general GIS controls affect the GIS applications significant to the audit. General GIS controls that relate to sorne or all applications are typically interdependent controls in their operation are often essential to the effectiveness of CIS application controls. Accordingly, it may be more efficient to review the design of the general control before reviewing the application controls.

Review of CIS Application Controls:
Controls over input processing, data files and output may be carried out by CIS personnel, by users of the system, by a separate control group or may be programmed into application software. GIS application controls which the auditor may wish to test include the following:

1. Manual control exercised by the user: If manual controls exercised by the user of the application system are capable of providing reasonable assurance that the system’s output is complete. accurate and authorised, the auditor may decide to limit tests of control to these manual controls.

2. Control over system output: It, in addition to manual controls exercised by the user, the controls to be tested use information produced by the computer or are contained withw computer programs. It may be possible to test such controls by examining the system’s output using either manual or computer-assisted audit techniques (CAATs). Alternatively, where the reconciliation is performed by computer, the auditor may wish to test the reconciliation by re-performing the control with the use of CAATs.

3. Programmed control procedures: In case of certain computer systems, the auditor may find that it is not possible or, in some cases, not practical to test controls by examining only users controls or the systems’ output. The auditor may consider performing tests of control by using CAATs, such as test data, reprocessing transactions data or, in unusual situations, examining the coding of the application program.

4. Evaluation: The general CIS controls may have a pervasive effect on the processing of transactions in application systems. If these controls are not effective, there may be a risk that misstatements might occur and go undetected in the application systems. Thus, weaknesses in general CIS controls may preclude testing certain CIS application controls; however manual
procedures exercised by users may provide effective control at the application level.

Question 37.
In a CIS environment, what are the different Design and Procedural aspects, which are different from those found in Manual systems? (Nov 2008, 4 marks)
Answer:
The use of computers changes the processing, storage, retrieval, and communication of financial information arid may affect the accounting and Internal Control systems employed by the entity.

CIS environment may affect the following audit areas
1. The procedures followed by the auditor in obtaining a sufficient understanding of the accounting and Internal Control System.

2. The evaluation of inherent risk and control risk through which the auditor assesses the audit risk.

3. The auditor’s design and performance of tests of control and substantive procedures appropriate to meet the audit objective. The different designs and procedural aspects, which are different from those found In manual systems are as follows:
1. Consistency of performance
The CIS system performs more consistently than the manual system, This is because computer performs exactly in the manner as it is programmed. In a CIS system certain Internal control procedures can be incorporated into computer programs. Some program control procedures in CIS system may be such that they are not visible but there may be others which can be reviewed through manual procedures. Thus, a program can incorporate automatic check which indemnified transaction exceeding certain limits. Password control can be used for protection of the data against unauthorized action.

2. Single transaction update of multiple computer file:
A single transaction fed into a CIS system may automatically update all records associated with the transaction. This insures that all relevant records are kept upto date. On the other hands this also applies that it one erroneous input is given, it may contaminate many records and files.

3. System-generated transactions:
The CIS system can be so programmed that certain transactions can be automatically generated.

4. Vulnerability
Vulnerability of data and programme storage media so that large volume of data may be stored on magnetic disc and tape.

Question 38.
The management of ABC Ltd. wants to design a detective control mechanism for achieving security policy objective in a computerised environment. As an auditor explain, how audit trails can be used to support security objectives. (May 2010, 10 marks)
Answer:
Audit trails can be used to support security objectives in three ways:
1. Detecting unauthorized access to the system,
2. Facilitating the reconstruction of events, and
3. Promoting personal accountability.

Each of these is described below:
Detecting Unauthorized Access
Detecting unauthorized access can occur in real time or after the fact.
The primary objective of real-time detection protect the system from outsiders who attempting to breach system controls.

Question 39.
Discuss Internal Controls in a CIS Environment. (May 2010, 5 marks)
Answer:
Internal Controls In CIS Environment: The internal controls over computer processing, which help to achieve the overall objectives of Internal control, include both manual procedures and procedures designed into computer programmes. Such manual and computer controls affect the CIS environment (general CIS controls) and the specific controls over the accounting applications (CIS application controls).

(A) General GIS Controls: The use of general GIS controls is to establish a framework of overall control over the CIS activities and to provide a reasonable level of assurance that the overall objectives of internal control are achieved. These controls may include:

Organisation and management controls are designed to establish an organizational framework over CIS activities, including:

• Policies and procedures relating to control functions.
• Appropriate segregation of incompatible functions.

Application systems development and maintenance controls are designed to establish control over.

• Testing, conversion, implementation and documentation of new or revised systems.
• Changes to application systems.
• Access to systems documentation.
• Acquisition of application systems from third parties.

Computer operation controls are designed to control the Operation of the systems and to provide reasonable assurance that:

• The systems are used for authorised purposes only.
• Access to computer operations is restricted to authorised personnel.
• Only authorised programs are used.
• Processing errors are detected and corrected.

Systems software controls Include:

• Restriction of access to systems software and documentation to authorised personnel.
• Authorisation, approval, testing, Implementation and documentation of new systems software and systems software modifications.

Data entry and program controls are designed to provide reasonable assurance that:

• An authorisation structure Is established over transactions being entered into the system.
• Access to data and programs is restricted to authorised personnel.
• Offsite back-up of data and computer programmes.
• Recovery procedures for use in the event of theft, loss or international or accidental
• Provision for offsite processing in the event of disaster;

(B) CIS AppPatIon Controls : The use of GIS application controls is to establish secitic control procedures over the accounting applications to provide reasonable assurance, so that all transactions are authorised and recorded, and are processed completely, accurately and on a timely basis. These cover:

Controls over input are designed to provide reasonable assurance that:

• Transactions are properly authorised before being processed by the computer.
• Transactions are accurately converted into machine readable
• form and recorded in the computer data files.
• Transactions are not lost, added, duplicated or improperly changed.
• Incorrect transactions are rejected, corrected and If necessary, resubmitted on a timely basis.

Controle over processing and computer data files are designed to provide reasonable assurance that:

• Transactions, including system generated transactions, are properly processed by the computer.
• Transactions are not lost, added, duplicated or improperly changed.
• Processing errors are identified and corrected on a timely basis.

Controls over output are designed to provide reasonable assurance that:

• Results of processing are accurate.
• Access to output is restricted to authorised personnel.
• Output is provided to appropriate authorised personnel on a timely basis.

Question 40.
Doing the audit in EDP environment is simpler since Trial Balance always tallies.’ Analyse the statement critically. (May 2010, 5 marks)
Answer:
The Audit In EDP environment as simpler since Thai Balance always tallies.

• But the same cannot imply that the job of an auditor becomes simpler.
• There can still be some accounting errors like omission of certain entries, compensating errors, duplication of entries, errors of commission in the form of wrong head of accounts etc.
• Possibility of ‘Window Dressings and/or Creation of Secret Reserves can be possible ¡ri EDP environment also in spite of tallied trial balance.
• At present, due to complex business environment the importance of trial balance cannot be judged only upto the arithmetical accuracy but the nature of transactions recorded and their classification in the books should be focused.
• The emergence of new forms of financial instruments like options and futures, derivatives, off balance sheet financing etc. have given rise to further complexities In recording and disclosure of transactions.
• In an audit, besides the tallying of a trial balance, there are other issues also like estimation of provision for depreciation, estimation of tax liability, valuation of inventories, obtaining audit evidence, ensuring compliance with various laws, regulations and standards, verification of existence and valuation of assets and liabilities, reporting requirement as per statute etc. which still requires judgement to be exercised by the auditor.
• The EDP processing and recording has its own complexities and requires lot of controls, safeguards arid application which requires specialised knowledge and skill for proper implementation.
• Responsibility of expressing an audit opinion and objectives of an audit are not changed in the audit in EDP environment. Compliance with various laws and standards are still to be verified, ensured and reported.
• Hence, it can be said that simply because of EDP environment and tallying of the trial balance, the audit can’t be said to have become simpler.

Question 41.
State clearly the circumstances where Auditing through the computer’ approach must be used. (Nov 2010, 6 marks)
Answer:
Auditing Through the Computer:
1. The auditor takes the computer as a target of audit. It is treated as a live and dynamic device, which has added value to the process of auditing.

2. He can use the computer to test:
(a) the program log ics and program controls existing within the system. and
(b) the records produced by them.

3. Methods: There are three methods of auditing through the computer i.e. testing the systems, can be done In three ways.

• Test data: This is a special set of Input data, prepared specifically to test a programme or set programs of the entity under audit.
• Controlled processIng : This means that a processing run is under-taken using a already tested programme under the control of the auditor.
• Computer audit programme : The auditor uses computer programmes for (i) testing and evaluating the system it Internal control and (ii) validity of transactions processed by an electronic data processing system.

Once, the auditor is satisfied with the computer system & its controls, he need not have to spend much time on detailed verification.

4. SituatIons where It must be used: It is used II:

• The computer processes a large volume of output and resultantly produces a large volume of output (because in that situation, it is difficult to make extensive direct examination of the validity of the input and output).
• The significant parts of the internal control system are embodied in the computer system itself, (e.g. on line banking,)
• The logic of the system Is complex.
• Because of cost – benefit considerations, there are substantial gaps in the visible audit trail.

Question 42.
To pepare an audit plan in CIS environment an auditor should gamer information. Mention any four such important information which he has to collect. (May 2013, 4 marks)
Answer:
Information to be gathered to prepare an Audit Plan in CIS Environment: The auditor should gather information about the CIS environment that is relevant to the audit plan, including information as to:
1. How the CIS function is organized and the extent of concentration or distribution of computer processing throughout the entity.
2. The computer hardware and software used by the entity.
3. Each significant application processed by the computer, the nature of the processing (e.g. batch, on-line) and data retention policies.
4. Planned implementation of new applications or revisions to existing applications.
5. When considering his overall plan the auditor should consider matters, such as:
(i) Determining the degree of reliance, if any, he expects to be able to place on the CIS controls In his overall evaluation of internal control.
(ii) Planning how, where and when the CIS function will be reviewed including scheduling the works of CIS experts as applicable.
(iii) Planning auditing procedures using computer-assisted audit techniques.

Question 43.
Discuss the following:
What are the specific risks related to Internal control in an IT environment? (May 2016, 5 marks)
OR
Which are specific risks to the companys internal control having IT environment? (May 2019,4 marks)
Answer:
As per SA-315, “Identification and Assessing the Risks of Material Misstatements Through Understanding the Entity and its Environment”, the spedi ic risk related to internal control in an IT environment are as follows:
1. Reliance on systems or programs that are inaccurately processing data. processing Inaccurate data or both.
2. Unauthorised assess to data that may result in destruction of data or improper changes to data, including the recording of unauthorised or non-existent transactions, or inaccurate recording of transactions. Particular risks may arise where multiple users access a common database.

3. The Possibility of IT personnel gaining access beyond those necessary to perform their assigned duties.

4. There by breaking down segregation of duties.

5. Unauthorised changes to data in master hies.

6. Unauthorised changes to systems or programs.

7. Failure to make necessary changes to systems or programs.

8. Inappropriate manual intervention.

9. Potential loss of data or inability to access data as required.

Question 44.
Discuss the following:
Auditors job becomes simpler in CIS environment, where trial balance always tally. (Nov 2016, 5 marks)
Answer:
The Audft In EDP environment is simpler since Trial Balance always tallies.
But the same cannot imply that the job of an auditor becomes simpler. There can still be some accounting errors like omission of certain entries, compensating errors, duplication of entries, errors of commission in the form of wrong head of accounts etc.

Possibility of Window Dressing and/or “Creation of Secret Reserves can be possible in EDP environment also in spite of tallied trial balance.

At present, due to complex business environment the importance of trial balance cannot be judged only upto the arithmetical accuracy but the nature of transactions recorded and their classification in the books should be focused.

The emergence of new forms of financial instruments like options and futures, derivatives, off balance sheet financing etc. have given rise to further complexities in recording and disclosure of transactions.

In an audit, besides the tallying of a trial balance, there are other issues also like estimation of provision for depreciation, estimation of tax liability, valuation of Inventories, obtaining audit evidence, ensuring compliance with various laws, regulations and tandards, verification of existence and valuation of assets and liabilities, reporting requirment as per statute etc. which still requires judgemerit to be exercised by the auditor.

The EDP processing and recording has its own complexities and requires lot of controls, safeguards and application which requires specialised knowledge and skill for proper implementation.

Responsibility of expressing an audit opinion and objectives of an audit are not changed in the audit in EDP environment. Compliance with various laws and standards are still to be verified, ensured and reported.

Hence, it can be said that simply because of EDP environment and tallying of the trial balance, the audit can’t be said to have become simpler.

Question 45.
Write, short note on Materiality and audit risk (Nov 2014, 4 marks)
Answer:
As per SA-320, Materiality in planning and performing an Audit the auditor should consider materiality and its relatioship with audit risk while conducting an audit.

Question 46.
State with reasons (in short) whether the following statement is True or False:
internal auditor of the company cannot also be its cost auditor. (Nov 2007, 2 marks)
Answer:
True:
Internal auditor cannot be appointed as cost auditor. As per rule 14 of the Companies (Audit and Auditors) Rules, 2014, in case of companies which are required to constitute an audit committee the Board shall appoint a cost auditor who is a cost accountant or a firm of cost accountants In practice on recommendation of audit committee.

Question 47.
As an auditor how would you react to the following situation/comment? PP Ltd., a garment exporter, asked their Internal auditor, a practicing chartered accountant, to conduct physical verificat,on of the year end inventory and the report of such verification was handed over to the statutory auditor for their vew and use. Can Statutory auditor rely on such report? (May 2008, 6 marks)
Answer:
When the Principal auditor uses the work of another auditor, then the principal auditor should determine how the work of other auditor will affect the audit. The auditor should consider whether his own participation is needed toi’ giving his opinion. When planning to use the wotic of another auditor, the principal auditor should consider the professional competence of the other auditor In the context of specific assignment.

The principal auditor should apply reasonable care and skill and should pert omi procedures so as to obtain sufficient appropriate audit evidence, that the work of other auditor is adequate for the principal auditors perposes, in the context of the specific assignment.

Present Cese:
Thus, in the above case of PP Ltd, statutory auditor can rely upon the report of Internal auditor regarding verification of stock, but he has to apply reasonable care and skill in assessing the verification of stock and reports presented by the internal auditors.

Question 48.
As an Auditor how would you react to the following situations! comments? A company has ₹60 lakhs of paid up Capital and ₹ 3 crore of average Annual Turnover of past three years preceding the Financial year under Audit. The Company does not have any Internal Audit system because the Management does not think It necessary. (Nov 2008, 6 marks)
Answer:
Applicability of Provisions of Internal Audit:
As per Sec. 138 of the Companies Act, 2013 the following class of companies (prescribed in Rule 13 of Companies (Accounts) Rules, 2014), shall be required to appoint an internal auditor or a firm of internal auditors, namely:
(a) every listed company;

(b) every unlisted public company having

• paid up share capital of fifty crore rupees or more during the preceding financial year; or
• turnover of two hundred crore rupees or more during the preceding financial year: or
• outstanding loans o borrowings from banks or public financial institutions exceeding one hundred crore rupees or more at any point of time during the preceding financial year; or
• outstanding deposits of twenty five crore rupees or more at any point of time during the preceding financial year.

(c) every pnvate company having –

• turnover of two hundred crore rupees or more during the preceding financial year: or
• outstanding loans or borrowing from banks or public financial institutions exceeding one hundred crore rupees or more at any point of time during the preceding financial year.

Thus, any of the conditions is required to be satisfied for the applicability of the provision. The internal auditor to be appointed shall either be a chartered accountant whether engaged In practice or not or a cost accountant, or such other professional as may be decided by the Board to conduct internal audit of the functions and activities of the company. Auditor may or may not be an employee of the company.

Present Case:
The company is having paid up capital less than fifty crore rupees and turnover less than two hundred crore rupees. Further, maximum outstanding loan or borrowing from public financial institution has not been given.

Therefore, assuming that outstanding loans or borrowings from banks or public financial institutions are also not exceeding hundred crore rupees during the previous financial year. Therefore, any of the conditions in respect of paid up capital, turnover or outstanding loans is not satisfied. So, the company is not liable for internal audit as per Sec. 138 of the Companies Act, 2013.

Question 49.
Explain the objectives of Internal audit. (Nov 2011, 8 marks)
Answer:
The objects of Internal audit can be stated as follows:

1. To verity the accuracy and authenticity of the financial accounting and statistical records presented to the management.
2. To ascertain that the standard accounting pract,ces, as have been decided to be followed by the organisation are being adhered to.
3. To establish that there is a proper authority for every acquisition, retirement and disposal of assets.
4. To confirm that liabilities have been Incurred only for the legitimate activities of the organisation.

5. To analyse and improve the system of internal cheek in particular to see

• that it is working;
• that it is sound ; and
• that it is economical.

6. To facilitate the prevention and detection of frauds.
7. To examine the protection afforded to assets and the uses to which they are put.
8. To make special investigations for management.
9. To provide a channel whereby new ideas can be brought to the attention of management.
10. To review the operation of the overall internal control system and to bring material departures and non-compliance to the appropriate level of management. The review also generally aims at locating unnecessary and weak controls for making the entire control system effective and economical.

As per SA-610, the scope and objectives of internal audit vary widely and are dependent upon the size and structure of the entity and the requirements of its management.

Question 50.
State with reasons (in short) whether the following statement is correct or incorrect:
As per Section 138 of the Companies Act, 2013 private companies are not required to appoint internal auditor. (May 2015, 2 marks)
Answer:
Incorrect:
The private company are required to appoint internal auditor as per Sec. 138 of the Companies Act. 2013.

Question 51.
State with reasons (in short) whether the following statement is correct or incorrect.
The scope of work of an internal auditor may extend even beyond the financial accounting. (May 2016, 2 marks)
Answer:
Correct:
The scope of work of an internal auditor is examination of financial transaction as well as review of operation and records and detection of fraud or misstatements.

Question 52.
Write short note on the following:
Provisions for applicability of internal audit as per Companies Act, 2013. (May 2018, 4 marks)
Answer:
Applicability of Provisions of Internal Audit:
As per Sec. 138 of the Companies Act, 2013 the following dass of companies (prescribed in Rule 13 of Companies (Accounts) Rules, 2014), shall be required to appoint an internal auditor or a firm of internal auditors, namely:
(a) every listed company;

(b) every unlisted public company having

• paid up share capital of fifty crore rupees or more during the preceding finandal year; or
• turnover of two hundred crore rupees or more during the preceding financial year; or
• outstanding loans or borrowings from banks or public financial institutions exceeding one hundred crore rupees or more at any point of time during the preceding financial year; or
• outstanding deposits of twenty five crore rupees or more at any point of time during the preceding financial year.

(c) every private company having

• turnover of two hundred crore rupees or more during the preceding financial year; or
• outstanding loans or borrowing from banks or public financial institutions exceeding one hundred crore rupees or more at any point of time during the preceding financial year.

Thus, any of the conditions is required to be satisfied for the applicability of the provision. The internal auditor to be appointed shall either be a chartered accountant whether engaged in practice cx not or a cost accountant, or such other professional as may be decided by the Board to conduct internal audit of the functions and activities of the company. Auditor may or may not be an employee of the company.

Question 53.
Discuss the following:
Relationship between statutory auditor and internal auditor. (Nov 2016, 5 marks)
Answer:
As per SA – 610, Using the Work of Internal Auditors, the following points, explain the inter-relationship between the statutory and internal auditor.
1. Review by Internal Auditor: The areas covered by an witemal auditor are:

• review of accounting system and internal control,
• examination of financial and operating information for the benefit of management.
• examination of the economy, efficiency and effectiveness of operations,
• reviews of controls including non-financial controls of tangible assets of the company.

2. Scope of internal Audit: The scope of internal audit is determined by the management. Its primary objective differs from that of the external auditor who is appointed to report independently on financial information.

But, the means of achieving their respective objectives are similar and thus much of the work of the Internal auditor may be useful to the external auditor in determining the nature, timing and extent of the procedures.

3. RevIew of Internal Audit by Statutory Auditor
The function of an internal auditor being an integral part of the system of internal control. It is statutory requirement too as per Sec. 138 of the Companies Act, 2013 where the Audit Committee of the company or the Board shall, in consultation with the Internal Auditor. formulate the scope, functioning, periodicity and methodology for conducting the internal audit.

However, it is obligatory for a statutory auditor to examine the scope and effectiveness of the work carried out by the internal auditor. For this he should examine the Internal Audit Department of the organisation, the strength of the internal audit staff, their qualification and their powers. Afterwards the procedures should be studied: also the scope of the audit examination carried out should be ascertained on referring to audit programmes, reports submitted, points raised in audit and how these had been dealt with subsequently.

The extent of independence exhibited by the internal auditor in the discharge of his duties and his status in the organisation are important factors for determining the effectiveness of his audit. In a large business, it has been increasingly recognised that, it their functions and those of statutory auditors could be integrated, It might not be necessary for the statutory auditors to go over the same facts and figure as have been previously examined by a competent and trustworthy internal audit staff. But so far, the practice of audit being conducted jointly by the internal auditors is of great assistance to statutory auditors.

If the statutory auditor is satisfied on an examination of the work of the internal auditor, that the internal audit has been efficient and effective, he often decides to curtail his audit programme by dispensing with some of the detailed checking already carried out by the Internal Audit Department after or without testing the work already done. He, at times, also decides to entrust certain items of work to the internal auditor.

Given below are items of audit work in regard to which the statutory auditor accepts the checking that has already been carried out by the internal auditor;

• Verification of the system of internal control;
• Verification of assets, e.g., inventory in trade, fixed assets (PPE), book debts, etc; and
• Verification of amounts provided for expenses as well as amounts adjusted as prepaid expenses.

It must however be mentioned that the area of co-operation between the statutory and the internal auditor is limited by the fact that the statutory auditor and the internal auditor owe their allegiance to separate authorities, the shareholders in one case and the management in the other. Therefore, the former is not protected against the liability for negligence which may arise in such a case.

Question 54.
Examine with reasons (in short) whether the following statement is correct or incorrect:
(a) Few members of the Board of Directors oppose the appointment of Mr. N, an employee of the company, as an Internal Auditor, stating that Mr. N is not a chartered accountant and further he is an employee of the company. (May 2018, 2 marks)
Answer;
Incorrect
As per Sec. 138 of the Companies Act, 2013, the internal auditor shall either be a Chartered Accountant or a Cost Accountant (whether engaged In practce or not) or such other professional as may be decided by the Board to conduct internal audit. The internal auditor may or may not be an employee of the company. So any person who is not a Chartered Accountant and is an employee of the company can be appointed as internal auditor.

Question 55.
“MMJ Ltd., an unlisted public company, did not appoint any Internal auditor for the financial year ending on 31st March, 2019. The company had paid up capital of ₹ 20 crores and reserves of ₹ 25 crores. Its turnover for the preceding 3 Years were ₹ 75 crores for the year ended 31st March, 2018, ₹ 150 crores fof March, 2017 and ₹ 190 crores for March, 2016. The company has availed term loan from the bank of ₹ 130 crores. The outstanding balance of the term loan as on 31st March, 2018 is ₹ 90 crores.’ (Nov 2018, 5 marks)
Answer:
As per Sec. 138 of the Companies Act. 2013, following class of companies (Prescribed in Rule 13 of Companies Accounts Rules, 2014) shall be required to appoint an internal auditor or a firm of mternal auditors, namely:
(A) Every listed company.
(B) Every unlisted public company having.

1. Paid up share capital 01 fifty crore rupees or more during the preceding financial year; or
2. Turnover of two hundred crore rupees or more during the preceding financial year: or
3. Outstanding loans or borrowings from banks or public financial institution exceeding one hundred crore rupees or more at any point of time during the preceding financial year; or
4. Outstanding deposits of twenty live crore rupees or more at any point of time during the preceding finanaal year. and

(C) Every Private Company-

1. Turnover of two hundred crore rupees or more during the preceding financial year:
2. Outstanding loans or borrowings from banks or public financial institutions exceeding one hundred crore rupees or more at any point of time during the preceding fInancial year.

Present Case:
In this case, MMJ Ltd. is an unlisted public company. It has taken term loan of ₹ 130 crore. The outstanding balance of the term loan as on 31st March 2018 is ₹ 90 crore. If during at point it sud term loan outstanding balance exceeds or equal to ₹ 100 crore, during the preceding financial year. the company shall require to appoint Internal auditor. So. the company is required to appoint internal auditor as per Sec. 138 of the Companies Act, 2013.

Question 56.
Board of Directors of MN Ltd. wants to appoint CA B, a practicing Chartered Accountant, as an internal auditor of the company as they believe that they could not appoint any other person as an internal auditor other than practicing chartered accountant. Examine the correctness of the statement of Board of Directors of MN Ltd. with respect to provision of Companies Act, 2013. (Nov 2019, 3 marks)
Answer:
As per Sec. 138, of the Companies Act, 2013, the Internal auditor for the company shalt be either be a Chartered Accountant oc a Cost Accountant (whether engaged or practice or not), or such other professional as may be decided by the Board to conduct Internal audit
of the functions and activities of the companies. The internal auditor may or may not be an employee of the company.

Present Case:
In this case, Board of Directors of MN Ltd. wants to appoint CA. B, a practicing Chartered Accountant as an internal auditor as they are of the belief that they could not appoint any other person as an Internal auditor other than practicing Chartered Accountant.

In light of the above provisIon, Board of directors belief Is not correct as they can appoint any other professional and any other employee as an internal auditor of the company.

Question 57.
Explain whether the following statements are correct or incorrect, with reasons/explanations? examples:
The objectives and scope of internal audit functions are restricted to activities relating to evaluation of internal control only. (Jan 2021, 2 marks)

Question 58.
Discuss the objectives and scope of internal audit functions with respect to activities relating to internal control. (Jan 2021, 3 marks)

Question 59.
Examine with reasons whether the following statement Is correct or incorrect.
(a) The auditor’s reporting on internai financial control will be applicable with respect to interim financial statements. (Nov 2019, 2 marks)
Answer:
Incorrect:
The auditor’s reporting on internal financial controls will not be applicable with respect to interim financial statements, such as quarterly or half yearly financial statements, unless such reporting is required under any other law or regulation.

Question 60.
The auditor shall obtain an understanding of majo activities that the entity uses to monitor internal control over financial reporting. Discuss Monitoring of contror as a component of Internal control. (Nov 2020, 4 marks)

Question 61.
Auditor’s reporting on internal financial controls is a requirement specified in the Act and, therefore, will apply only In case of reporting on financial statements prepared under the Act and reported under Section 143. Explain stating clearly the auditor’s responsibility for reporting on internal financial controls over financial reporting.
Answer:
Auditors’ Responsibility for Reporting on Internal Financial Controls over Financial Reporting in India Sec.143(3)(1) of the Act requires the auditors’ report to state whether the company has adequate Internal financial controls system In place and the
operating effectiveness of such controls.

It may be noted that auditor’s reporting on internal financial controls is a requirement specified In the Act and, therefore, will apply only In case of reporting on financial statements prepared under the Act and reported under Sec. 143.

Accordingly, reporting on internal financial controls will not be applicable with respect to interim financial statements, such as quarterly or half-yearly financial statements, unless such reporting Is required under any other Law or regulation.

Objectives of an auditor in an audit of internal financial controls over financial reporting: The auditors objective in an audit of intertaI financial controls over financsal reporting Is, “to express an opinion on the effectiveness of the companys internal financial controls over financial reporting.” It is carried Oui along with an audit of the financial statements.

Reporting under Sec. 143(3)(i) is dependent on the underlying criteria for internal financial controls over financial reporting adopted by the management. However, any system of internal controls provides only a reasonable assurance on achievement of the objectives for which it has been established. Also, the auditor shall use the concept of materiality in
determining the extent of testing such controls.

Rule 8(5)(viii) of the Companies (Accounts) Rules, 2014 requires the board report of ail companies to state the details in respect of adequacy of internal financial controls with reference to the financial statements.

The inclusion of the matters relating to internal financial controls in the directors responsibility statement is in addition to the requirement of the directors stating that they have taken proper and sufficient care for the maintenance of adequate accounting records in accordance with the provisions of the 2013 Act for safeguarding the assets of the company and for preventing and detecting fraud and other irregularities.

Question 62.
Explain how Internal Financial Control and Internal controls over financial reporting differ? (Jan 2021, 4 marks)

Question 63.
The auditor may exercise his judgement to identify which risks are significant risks. Explain the above ¡n context of SA-315. (May 2015, 6 marks)
Answer:
Judgement to identity which risks ere significant risks: As per SA-315:
1. SignifIcant Risk:
As part of the risk assessment as descnbed in Para 25. the auditor shall determine whether any of the risk identified are in the auditor’s judgement, a significant risk. In exercising this judgement, the auditor shall exclude the effects of identified controls related to the risk.

2. Factors:
In exercising judgement as to which risks are significant risks, the auditor shall consider atleast the following:
(a) Whether the risk is a risk of fraud.
(b) Whether the risk is related to recent significant economic, accounting or other developments like changes in regulatory transactions etc. and therefore requires specific attention.
(c) The complexity of transactions.
(d) Whether the risk involves significant transactions with related parties.
(e) The degree of subjectivity in the measurement of financial information related to the risk, especially those measurements involving a wide range of measurement uncertainty.
(f) Whether the risk involves significant transactions that are outside the normal course of business for the entity or that otherwise appear to be unusual.

3. Controls:
When the auditor has determined that a significant risk exists, the auditor shaH obtain an understanding of the entity’s controls, including control activities, relevant to that risk.

Multiple Choice Question

Question 1.
The risk that the audito may fail to express an appropriate opinion is an audit assignment. in known as
(a) Audit Risk
(b) Assessment Risk
(c) Inherent Risk
(d) Control Risk
Answer:
(a) Audit Risk

Question 2.
Risk of material misstatement may be defined an the risk that the financial statements are material misstated prior to audit this consists
(a) Inherent Risk
(b) Control Risk
(c) (a) or (b)
(d) (a) and (b)
Answer:
(d) (a) and (b)

Question 3.
The assessment of risks is based on audit procedures to obtain information necessary for that purpose and evidence obtained
(a) At the time of audit report
(b) At the time protection judgement
(c) Throughout the investigation
(d) Throughout the audit
Answer:
(d) Throughout the audit

Question 4.
Audit risk ……………………… the risk that the auditor might express an opinion that the financial statements are materially misstated when they may not this risk is ordinarily insignificant
(a) should include
(b) will be include
(c) not include
(d) must include
Answer:
(c) not include

Question 5.
The risk of material misstatement may exist at two level, one is at the assertion level for classe of transaction, account balance and disclosures another is at
(a) The auditing level
(b) The investigation level
(c) The overall financial statement level
(d) The discussion level with TCWG
Answer:
(c) The overall financial statement level

Question 6.
The risk of material misstatement at the assertion level consist of
(a) Inherent Risk
(b) Control Risk
(c) Defection Risk
(d) (a) and (b)
Answer:
(d) (a) and (b)

Question 7.
Inherent risk and control risk are the entity’s risks, they exist ……………….. of the audit of the financial statement.
(a) dependently
(b) independently
(c) inter dependently
(d) intra dependently
Answer:
(b) independently

Question 8.
inherent risk factors are considered wt,ile designing test of controls and
(a) compliance procedures
(b) substain line procedures
(c) audit procedures
(d) investigation procedures
Answer:
(b) substain line procedures

Question 9.
………………… Is a function of the effectiveness of the design, Implementation and maintenance of internal control by management
(a) Audit Risk
(b) Inherent Risk
(c) Control Risk
(d) Assertion Risk
Answer:
(c) Control Risk

Question 10.
Internal control can ………………. risks of materia, misstatement in the financial statements because of it’s Inherent limitations
(a) can not reduce
(b) can reduce
(c) eliminate
(d) can only reduce but not eliminate
Answer:
(d) can only reduce but not eliminate

Question 11.
Auditor assesses control risk as ………………. on control
(a) rely
(b) not rely
(c) partiallyely
(d) rely or not rely
Answer:
(d) rely or not rely

Question 12.
Audit Risk = Risk of Material misstatement x …………………. .
(a) Inherent risk
(b) Control risk
(c) Detection risk
(d) None
Answer:
(c) Detection risk

Question 13.
Risk of material misstatement = …………………….. x control risk
(a) Inherent risk
(b) Control risk
(c) Detection risk
(d) None
Answer:
(a) Inherent risk

Question 14.
Audit Risk is a
(a) Inherent risk x Control risk
(b) Control risk x Detection risk
(c) Inherent risk x Detection risk
(d) Inherent risk x Control risk x Detection risk
Answer:
(d) Inherent risk x Control risk x Detection risk

Question 15.
“identifying and assessing the risk of material misstatement through understanding the entity and ils environmenr define under
(a) SA-300
(b) SA-310
(c) SA-315
(d) SA-318
Answer:
(c) SA-315

Question 16.
Information obtained by performing risk assessment procedures useds as …………………. .
(a) Audit evidence
(b) Assertion
(c) Conclusion
(d) Supporting documents
Answer:
(a) Audit evidence

Question 17.
The risk assessment procedures shall include
(a) Analytical procedures
(b) Observation and nspection
(c) Inquiries of management and other within the entity
(d) All of them.
Answer:
(d) All of them.

Question 18.
……………….. may support inquires of management and others, and may also provide information about the entity and its environment
(a) Observation
(b) Inspection
(c) Analytical procedures
(d) Observation and inspection
Answer:
(d) Observation and inspection

Question 19.
The term control” refers 01 any aspects of one or moro of the components of ………………. .
(a) Control
(b) Internal control
(c) External control
(d) Overall control
Answer:
(b) Internal control

Question 20.
Internal control assIsts the auditor in
(a) identifying types of potential misstatements.
(b) tder.tifying factors that affect the risk of material misstatement.
(c) designing the nature, timing, and extent of further audit procedures.
(d) all of them.
Answer:
(d) all of them.

Question 21.
Control can be …………………….. related to an assertion.
(a) directly
(b) indirectly
(c) directly or indirectly
(d) none
Answer:
(c) directly or indirectly

Question 22.
Internal control facilitates in entity’s objectives like
(a) The reliability of entity’s financial reporting
(b) The effectiveness and efficiency of its operations and safe guarding of assets
(c) Its compliance with applicable laws and regulations
(d) All of them
Answer:
(d) All of them

Question 23.
The way In which internal control is designed, implemented and maintained varies with
(a) an entity’s size
(b) entity’s complexity
(c) entity’s structure
(d) an entity’s size and complexity
Answer:
(d) an entity’s size and complexity

Question 24.
There is a …………………. relationship between an entity’s objectives and the controls it implements to provide reasonable assurance about their achievement.
(a) direct
(b) indirect
(c) partially direct
(d) none
Answer:
(a) direct

Question 25.
The division of internal control into ……………….. components provides a useful framework for auditors to consider how different aspects of an entity’s internal control may effect the audit.
(a) Two
(b) There
(c) Four
(d) Five
Answer:
(d) Five

Question 26.
Which is not a component useful for a internal control.
(a) The control environment
(b) The economic environment of the state
(c) The entity’s risk assessment process
(d) Control activities and monitoring of control
Answer:
(b) The economic environment of the state

Question 27.
Control environment excludes
(a) The governance and management functions
(b) The attitudes awareness, and actions ot TCWG and management
(c) The social welfare of the economy
(d) Control environment sets the tone of an organization, Influencing the control consciousness of its people.
Answer:
(c) The social welfare of the economy

Question 28.
The auditor shall obtain an ijnderstandiflg of how the entity communicates financial reporting roles and responsibilities includes
(a) Communications between management and TCWG
(b) External communications, such as those with regulatory authonties.
(c) Either (a) or (b)
(d) Both (a) and (b)
Answer:
(d) Both (a) and (b)

Question 29.
The objectives of an internal audit function not vary in spite of its size and structure of the entity statements is.
(a) True
(b) False
(c) Partially True
(d) None
Answer:
(b) False

Question 30.
Internal control helps the external auditor for evaluation, the statement
(a) True
(b) False
(c) Partially True
(d) None
Answer:
(a) True

Question 31.
Formulation of audit programme by an audits after the satisfactory understanding of the internal control system and their actual operation the statement is.
(a) True
(b) False
(c) Partially True
(d) None
Answer:
(a) True

Question 32.
A review of the internet control can be done by a process of study, examination and evaluation of control system installed by the ………………. .
(a) Internal Auditor
(b) Statutory Auditor
(c) Internal Control System
(d) Management
Answer:
(d) Management

Question 33.
Evaluation of internal control with help of
(a) Narrative Record
(b) Check List
(c) Questionnaire
(d) Any of them
Answer:
(d) Any of them

Question 34.
…………………… is a complete and exhaustive description of the system as found in operation by the auditor.
(a) Narrative Record
(b) Check List
(c) Questionnaire
(d) Flow Chati
Answer:
(a) Narrative Record

Question 35.
The basic disadvantages of narrative records are except
(a) To comprehend the system in operation is quite difficult.
(b) Its suitable foc small business specially where take of format control system.
(c) To identify weakness or gaps in the system
(d) To incorporate changes arising on account of reshuffling of manpower etc.
Answer:
(b) Its suitable foc small business especially where take of format control system.

Question 36.
A series of instructions and/or questions which a member of the auditing staff must follow and/or answer is known as
(a) Narrative Record
(b) CheckList
(c) Questionnaire
(d) Flow Chart
Answer:
(b) CheckList

Question 37.
…………… is the must widely used f rom for collecting information about the existence, operation and efficiency of internal control is an organization.
(a) Narrative Record
(b) CheckList
(c) Questionnaire
(d) Flow Chart
Answer:
(c) Questionnaire

Question 38.
An important ……………….. of the questionnaire approvals is that oversight or omission of significant internal control review procedures is less likely to occur with this method.
(a) Advantage
(b) Disadvantage
(c) Usage
(d) None
Answer:
(a) Advantage

Question 39.
Test of controls include tests of elements of the control environment where strengths in the control environment are used by auditors to reduce …………………. .
(a) audit risk
(b) inherent risk
(c) detection risk
(d) control risk
Answer:
(d) control risk

Question 40.
Testing of internal control is done on the ……………….. basis.
(a) Comprehensive
(b) Continuous
(c) Selective
(d) None.
Answer:
(c) Selective

Question 41.
Benefits of IT in an entity’s internal control include
(a) Effective segregation of duties through security control
(b) Enhance the timeliness, availability, and accuracy of infomiation
(c) Enhance the additional analysis of information
(d) All of them.
Answer:
(d) All of them.

Question 42.
IT poses specific risks to an entity’s internal control eg.
(a) Reliance on system
(b) Programs that are inaccurately processing date, piocessing in accurate data
(c) (a)or(b)
(d) (a) or (b) I both (a) & (b)
Answer:
(d) (a) or (b) I both (a) & (b)

Question 43.
Controls in IT systems consist of a combination of manual controls and ………………… .
(a) audit controls
(b) IT controls
(c) automated controls
(d) internal controls
Answer:
(c) automated controls

Question 44.
The concept of materiality ¡s applied by the auditor both in planning and , ………………. the audit
(a) evaluating
(b) performing
(c) concluding
(d) none
Answer:
(b) performing

Question 45.
…………………. Is the risk that the auditor expresses an in appropriate audit opinion when the financial statements are materially misstated.
(a) Inherent Risk
(b) Detection Risk
(c) Control Risk .
(d) Audit Risk
Answer:
(d) Audit Risk

Question 46.
Audit risk is a function of the risks of material and ……………….. .
(a) Inherent Risk
(b) Detection Risk
(c) Control Risk
(d) Audit Risk
Answer:
(b) Detection Risk

Question 47.
Materiality and audit risk are considered throughout the audit in particular, when
(a) Determining the nature, timing and extent of further audit procedures
(b) Identifying and assessing the risk of material misstatement
(c) Evaluating the effect of uncorrected misstatements, if any
(d) In all of the above cases
Answer:
(d) In all of the above cases

Question 48.
Every listed company shall appoint an internal auditor under the companies Act 2013, under
…………………….. .
(a) Section 130
(b) Section 132
(c) Section 135
(d) Section 138
Answer:
(d) Section 138

Question 49.
The internal auditor …………………… be an employee of the company
(a) Shall
(b) May
(c) Shall not
(d) May or may not
Answer:
(d) May or may not

Question 50.
As per the section 138 of the Companies Act, 2013, an internal auditor shall be
(a) Chartered accountant
(b) Cost accountant
(c) Other professional as may be decided
(d) All of them.
Answer:
(d) All of them.

Question 51.
using the work of an Internal auditor, describes under
(a) SA -570
(b) SA -603
(c) SA -610
(d) SA -705
Answer:
(c) SA -610

Question 52.
The objective and scope of internal audit functions typicafly include assurance arid consulting actives designed to evaluate and improve the effectiveness of the entity’s ……………… .
(a) governance process
(b) risk management
(c) internal control
(d) all of them
Answer:
(d) all of them

Question 53.
Activities relating to internal control except
(a) Evaluation of internal control
(b) Activities relating to governance
(c) none
(d) all of them.
Answer:
(b) Activities relating to governance