Hooplah, Inc.
R1. (a) It is acceptable to use the same set of samples when testing both controls, as each “transaction” should pass through all of the controls in a business process. It becomes more efficient to test the same set, because the audit team could request a comprehensive documents package from the client.
The sample size table in Appendix A indicates that a sample size of 58 is acceptable for the first control, but the higher estimated population deviation rate for the second control suggests that a larger sample size of 77 is necessary in order to gather sufficient evidence and obtain reasonable assurance over the control. The larger of the possible sample sizes should be selected for testing, because the results based on
…show more content…
Assessing the control solely based on examination might not justify a low control risk assessment, as human error is always a possibility in manual control processes. Although Brian Thompson initialed all of the credit memos, he might not have thoroughly examined the supporting documentation (i.e. customer return report and inventory receipt) each and every time to ensure proper authorization has occurred. As a result, the conclusion reached in R3(b) is more supportable.
R4 Conclusion: First control: Operating effectively Second control: Not enough samples were tested Third control: Not operating effectively
Given that Darrell did not test enough transactions to provide sufficient assurance regarding the second control, he would have to select more samples before a conclusion can be reached. As 2 deviations have already been discovered, a third one could suggest that the control cannot be relied upon, as per the firm’s standards. From the evidence gathered thus far, it appears that the third control is not working effectively.
The controls for the revenue process should not be relied on completely, as there is not sufficient evidence to conclude that all three controls are operating according to design. The firm’s policy indicates that to place high reliance on controls, the test must be performed at a high level of assurance, i.e. 95 percent confidence. More substantive testing would have to be done in order to provide assurance for the audit. When
2. Prepare a list of the controls described in the case. What control problems are they designed to address? Are the managers interviewed for the case justified in being proud of their company’s control system? Why or why not?
The sample size consisted of 16 students (8 experimental and 8 controls (Gliner, Harmon, & Morgan, 2000).
Control risk associated with the audit also appears to be moderate based on the findings from interim audit procedures conducted in July and August 2007. The controls in place were found to be effective.
The design and implementation and objectives of company controls are not adequate to meet the control objectives. The control environment control objective is ineffective. This control objective lacks a written policy on ethical conduct, is lacking oversight from the board of directors and audit committee, lacks a consistent style and philosophy from management, and lacks a strong commitment to competence. The risk assessment control objective is effective but lacks any antifraud program and controls. The information and communication control is ineffective. A virus has been detected and is affecting the files of the company. This control is lacking a strong IT department. The general controls financial reporting control objective is effective but is weak in detecting or preventing material misstatement. The monitoring control objective is ineffective; this control has need of an internal auditor.
1. Total Forms Control (TFC) fit well into Western’s strategy when it was initially implemented. It allowed Western to offer these “value-added” services to their customers that most of their competitors did not. Total Forms Control should have increased Western’s margins and helped them to increase the loyalty and number of customers. TFC was not performing up to expectations. It had become an increasingly time consuming process and profits from TFC had been consistently declining over the past several years, projected to drop a total of 14% in only two years.
Auditors also evaluate the client’s recording of transactions by verifying the monetary amounts of transactions, a process called substantive tests of transactions. For example, the auditor might compare the unit selling price on a duplicate sales invoice with the approved price list as a test of the accuracy objective for sales transactions. Like the test of control in the preceding paragraph, this test satisfies the accuracy transaction-related audit objective for sales. For the sake of efficiency, auditors often perform tests of controls and substantive tests of transactions at the same time.
Stage 2: Test of internal controls - By testing the effectiveness of the internal controls the auditor can determine the control risk that lies within the company. The audit team can perform tests of controls by making inquiries of appropriate client personnel, examining documents, records, and reports maintained by Smackey, observing control-related activities such as the one done for the inventory procedures for returned Best Boy Gourmet dog food, and re-perform the client procedures.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate (Louwers & Reynolds, 2007). We believe that the audit evidence obtained is sufficient and appropriate to provide a reasonable basis for our opinions.
Auditors should always evaluate the design and test the operating effectiveness of a company’s internal control. The key procedures of the evaluation of design are fulfilled by inquires, observations, and inspections. The same procedures can be used to test the operating effectiveness as well.
Potential for misstatement & fraud: Compliance with the established procedures and controls were found to be ineffective. The fraud reporting process, technically put in place does not serve its intended purpose. The ineffective control environment has created an attitude and tone across the company where errors and inappropriate behavior may be seen as acceptable, thus creating opportunity for concealing fraud and potential misstatements.
Performing internal tests of controls is intended to assess the operating effectiveness of those internal controls. Here the staff would select an area of control to test, perhaps inventory management and return policy. They would then look at the procedures that help prevent fraud or error, talk to management, and observe activities. They would notice there is very little control in place for this area. There is no management oversight or dock security measures, no direct recording of sales receipts, shipping labels, or matching to accounts receivable. This would be noted as an area of additional concern. The next stage is to perform substantive testing procedures, where the purpose is to collect audit evidence that the management assertions made in the financial statements are reliable and in accordance with GAAP. Since my staff is good, they would have noticed the company’s sales projections are weak in control and are overstated by around 11%. They would perform a substantive test of detail in this area by selecting a sample of items from the account balances and finding bank statements, invoices, and test of details of balances. They would likely see specifically where the over-projections are being made. Lastly, in finalization, they would compile a report to management detailing any important matters, evaluating the audit evidence, and considering the type of audit opinion that should be reported. Specifically here, they would
This paper contains the summary of the details and results of the audit tests on
List the four factors auditors should consider when evaluating the results of confirmation procedures. Also, what are three of the characteristics of a reliable confirmation? (For this and other questions, you may which to refer relevant auditing standards).
e. “The auditor considers the level of assurance, if any, he wants from substantive testing for a particular audit objective and decides, among other things, which procedure, or combination of procedures, can provide that level of assurance. For some assertions, analytical
The final responsibility for the integrity of an SEC registrant’s internal controls lies on the management team. U.S. companies need to refer to a comprehensive framework of internal control when assessing the quality of financial reporting to determine that financial statements are being presented under General Accepted Accounting Principles, GAAP. The widely used framework is referred as COSO, Committee of Sponsoring Organizations of the Treadway Commission, sponsored by the following organizations American Accounting Association, the American Institute of CPA’s, Financial Executives International, the Institute of Internal Auditors, and the Institute of Management Accountants. COSO’s defines internal control as: