ADVANCED EXTERNAL AUDITING [AU2]

PRACTICE EXAMINATION #1
(Updated to the 2015/2016 Module Notes)

AU2
Before starting to write the examination, make sure that it is complete and that there are no
printing defects. This examination consists of 6 pages. There are 6 questions for a total of 100
marks.

READ THE QUESTIONS CAREFULLY AND ANSWER WHAT IS ASKED.

To assist you in answering the examination questions, CGA-Canada includes the following glossary of terms.
Glossary of Assessment Terms
Adapted from David Palmer, Study Guide: Developing Effective Study Methods (Vancouver: CGA-Canada, 1996).
Copyright David Palmer.
Calculate

Compare

Contrast

Criticize

Define

Describe
Design

Determine

Diagram

Discuss

Evaluate

Mathematically determine the amount or

number, showing formulas used and
steps taken. (Also Compute).
Examine qualities or characteristics that
resemble each other. Emphasize
similarities, although differences may be
mentioned.
Compare by observing differences. Stress
the dissimilarities of qualities or
characteristics. (Also Distinguish
between)
Express your own judgment concerning
the topic or viewpoint in question.
Discuss both pros and cons.
Clearly state the meaning of the word or
term. Relate the meaning specifically to
the way it is used in the subject area
under discussion. Perhaps also show how
the item defined differs from items in
other classes.
Provide detail on the relevant
characteristics, qualities, or events.
Create an outcome (e.g., a plan or
program) that incorporates the relevant
issues and information.
Calculate or formulate a response that
considers the relevant qualitative and
quantitative factors.
Give a drawing, chart, plan or graphic
answer. Usually you should label a
diagram. In some cases, add a brief
explanation or description. (Also Draw)
This calls for the most complete and
detailed answer. Examine and analyze
carefully and present both pros and cons.
To discuss briefly requires you to state
in a few sentences the critical factors.
This requires making an informed
judgment. Your judgment must be shown
to be based on knowledge and
information about the subject. (Just
stating your own ideas is not sufficient.)
Cite authorities. Cite advantages and
limitations.

Explain

In explanatory answers you must clarify

the cause(s), or reasons(s). State the
how and why of the subject. Give
reasons for differences of opinions or of
results. To explain briefly requires you to
state the reasons simply, in a few words.
Identify
Distinguish and specify the important
issues, factors, or items, usually based on
an evaluation or analysis of a scenario.
Illustrate
Make clear by giving an example, e.g., a
figure, diagram or concrete example.
Interpret
Translate, give examples of, solve, or
comment on a subject, usually making a
judgment on it.
Justify
Prove or give reasons for decisions or
conclusions.
List
Present an itemized series or tabulation.
Be concise. Point form is often
acceptable.
Outline
This is an organized description. Give a
general overview, stating main and
supporting ideas. Use headings and
sub-headings, usually in point form. Omit
minor details.
Prove
Establish that something is true by citing
evidence or giving clear logical reasons.
Recommend Propose an appropriate solution or course
of action based on an evaluation or
analysis of a scenario.
Relate
Show how things are connected with each
other or how one causes another,
correlates with another, or is like another.
Review
Examine a subject critically, analyzing
and commenting on the important
statements to be made about it.
State
Clearly provide a position based on an
evaluation, e.g., Agree/Disagree,
Correct/Incorrect, Yes/No. (Also
Indicate)
Summarize Give the main points or facts in condensed
form, like the summary of a chapter,
omitting details and illustrations.
Trace
In narrative form, describe progress,
development, or historical events from
some point of origin.

CGA-CANADA
ADVANCED EXTERNAL AUDITING [AU2]
PRACTICE EXAMINATION #1
(Updated to the 2015/2016 Module Notes)
Marks
12

Time: 4 Hours
Question 1
Select the best answer for each of the following unrelated items. Answer each of these items in your
examination booklet by giving the number of your choice. For example, if the best answer for item (a)
is (1), write (a)(1) in your examination booklet. If more than one answer is given for an item, that item will
not be marked. Incorrect answers will be marked as zero. Marks will not be awarded for explanations.
Note:
11/2 marks each

a.

Which of the following statements about the relationship between a clients business risk (BR) and the
appropriate level of audit risk (AR) is most likely to be true?
1) If BR increases, AR increases.
2) If BR decreases, AR increases.
3) If BR increases, AR decreases.
4) There is no relationship between BR and AR.

b. Which of the following is most likely to be of concern when a CGA conducts an audit of the financial
statements of a company that uses an e-commerce application?
1)
2)
3)
4)
c.

The nature of products being traded

The type of software being used in the application
The efficiency of the e-commerce application
The integrity of e-commerce transactions

Which of the following is least likely to affect the auditability of a small business?
1) Inadequate accounting records
2) Inadequate segregation of duties
3) A lack of source documents
4) Questionable management integrity

d. What should the auditor consider when developing an understanding of the client?
1)
2)
3)
4)
e.

Controls over the technology used to process and store data

The auditors independence from the client
The nature, timing, and extent of the audit procedures
A clients compliance with its published policies and guidelines

Which of the following is least likely to be a necessary condition allowing the performance of a
continuous auditing assurance engagement?
1)
2)
3)
4)

A highly reliable client IT system

Soft data requires assumptions and judgment for valuation
Audit evidence provided by highly automated audit procedures
A high degree of auditor proficiency in the use of IT

Continued...
PEAU2 #1

Page 1 of 6

f.

Which of the following situations represents an incentive or pressure (fraud risk factor) that increases
the risk of material misstatement?
1)
2)
3)
4)

The client has complex transactions.

The client engages in earnings management.
The client operates in a highly competitive industry.
The client operates in multiple jurisdictions.

g. What must the external auditor consider about the internal auditor if the decision is made to rely on
the internal auditors work during the financial statement audit?
1)
2)
3)
4)

Competence and objectivity

Efficiency and experience
Independence and review skills
Training and supervisory skills

h. Which of the following elements of the audit risk model is most likely to take the lowest numeric
value for a small business client?
1)
2)
3)
4)
15

Audit risk
Inherent risk
Control risk
Detection risk

Question 2
The following are five independent situations involving possible violations of the CGA-Canada Code of
Ethical Principles and Rules of Conduct (CEPROC) and/or standards for the performance of audits,
reviews, other forms of assurance engagements, and/or related services.
Required
For each situation, state whether or not the CGA has violated CEPROC and/or other standards. Explain
your reasoning.
3

a.

Rajan, a CGA, has compiled the financial statements of his client, Home Management Ltd., for many
years. The company manages a number of local apartment complexes that it jointly owns with several
groups of foreign investors. This year, the president of the company offers Rajan an investment
opportunity in one of the apartment buildings, which the president suggests will likely soon be
acquired by the city at a premium price and converted to social housing. Rajan readily agrees, invests
$200,000 in the building, and three months later realizes a gain of $50,000 on the investment. Later, to
show his appreciation to the client, Rajan compiles the financial statements of the company for the
current year free of charge. Rajan issues standard notices to readers with the compilations.

b. Li Mei, a CGA, is auditing the financial statements of Fantastic Fashions Ltd. Li Mei has been the
auditor of the company for several years, and has rarely found any material misstatements. As a result,
she assesses overall inherent risk for the engagement as low. Also, since Li Mei has found the clients
key internal controls to be very reliable in past audits, she updates her knowledge of the clients
systems, performs several walk-through tests of a few transactions, and assesses overall control risk as
low. Because of the very low assessed risk of material misstatements, Li Mei limits her substantive
testing to verifying the cash account and calculating a variety of financial ratios, all of which are in
line with her expectations. She then issues an unmodified opinion on the clients financial statements.

Continued...

PEAU2 #1

Page 2 of 6

Jen, a CGA, is performing a review of her clients financial statements. In doing so, she has made
inquiries of the clients management and other personnel, calculated a variety of financial statement
ratios and compared them to prior years amounts and to the ratios of other companies in the industry,
and discussed the results with management. Based on these procedures, Jen believes that the financial
statement amounts are plausible. However, in addition to these procedures, the clients president asks
Jen to reconcile the companys bank accounts and confirm bank balances, so as to provide an
independent check on the work of the chief accountant who started two months ago. As a result of
these additional tests, Jen concludes that the chief accountant is likely stealing small amounts of cash
from the company each week. She informs the president of her concerns, and then issues a normal
review engagement report on the financial statements, since she believes that the amounts stolen are
not likely to be material.

c.

d. Dean, a CGA, is informed by his client that he will not be allowed to confirm any accounts receivable
balances this year because several customers have complained to the company about being bothered
by these confirmation requests. Dean agrees to this restriction, and instead examines sales invoice
copies in support of a large percentage of the open customer accounts at year end. Finding no
exceptions, Dean concludes that he has obtained reasonable assurance that the receivables are not
materially misstated.

e.

Ross, a CGA, audits the financial statements of Natural Foods Ltd., a closely held company. Ross also
prepares the companys tax return, as well as the personal tax return of the owner-manager. This year,
the owner asks Ross to assist him in designing a computerized perpetual inventory system to improve
the companys inventory controls. Ross does so, and bills the client for an amount that exceeds 500%
of his usual audit fee. Finally, because the client is very pleased with the quality of Rosss work on the
inventory system, the owner pays, from his personal funds, for a two-week vacation in the South
Pacific for Ross and his spouse, which Ross accepts.

Question 3
The following are four independent statements concerning certain auditing issues.
Required
For each statement, indicate whether you agree or disagree. Explain your reasoning.
2

a.

The fact that internal controls can be circumvented by collusion, management can override controls,
and controls over unusual or non-recurring transactions are normally weak, indicates that these are all
inherent limitations of internal controls and that control risk cannot be assessed at zero.

b. Sequence checks, limit tests, range checks, and completeness checks are all examples of computer edit
routines that are normally verified by an auditor using generalized audit software.

c.

d. Under current auditing standards, a CGA has no responsibility to detect violation of laws and
regulations and resulting illegal acts perpetrated by a client in the conduct of its business (for example,
violating pollution control laws).

When an auditor uses an audit expert (also termed a specialist) to assist in verifying a material part of
a companys financial statements, the auditor must ascertain the specialists expertise, objectivity, and
independence. The specialists findings are usually mentioned in the scope paragraph of the auditors
report containing an unmodified opinion.

Continued...
PEAU2 #1

Page 3 of 6

13

35

Question 4
3

a.

In a small business audit, the relationship between the auditor and the client is likely to be close.
Discuss briefly the audit implications of this situation.

b. An important issue when planning a small business audit is the choice between using a substantive
approach and a combined audit approach. Discuss briefly the considerations that would enter into this
audit planning decision.

c.

d. Describe the general situation in which a group engagement team may have to rely on the work of a
component auditor, and describe the factors the group engagement team must consider when deciding
whether to place reliance on a component auditor.

Packaged software is likely to be used for the accounting for a small business. State the control issues
the auditor should consider with respect to the packaged software used by a small business.

Question 5
You are an audit senior employed by Olsen & Abrams, CGAs. You have been asked by the audit partner
to provide an assessment of control risk for the audit of the financial statements of Acme Tires Ltd. and to
identify any additional audit procedures over the prior year that might be required. For control weaknesses
that are to be reported to management, you have been asked to provide recommendations for
improvement.
Acme is a closely held private company, with its next fiscal year ended September 30, 20X0. Acme
distributes automobile and truck tires from various manufacturers across Canada. Acme has been an audit
client of your firm for several years and has traditionally been profitable, although net income this year has
dropped by about 15%.
Based on your review of the working papers (including various memoranda and review notes prepared by
the audit staff and the engagement partner) and the proposed financial statements and audit opinion, you
have noted the following issues that have arisen during the past year:
1. Acme has five highly automated regional distribution centres that distribute to hundreds of local
sellers of tires. Each regional centre also has warehouse sale days when the warehouse is open to the
public, which can purchase certain tires that Acme is having trouble selling to retailers at discounted
prices. Acme has increased the frequency of the warehouse sale days to three days every two weeks.
Because of staff cutbacks, it is the same two employees that run this sale and manage the inventory for
the sale.
2. A major reason for the low profit this year was that the companys costs of sales were unusually high.
The company had fixed price contracts from foreign suppliers that were not hedged.
3. Acmes head office is in Vancouver. The companys information technology outsourcers, who
maintain the new secure website implemented this year and support Acmes software, are also located
in Vancouver. Acmes secure website has a customer portal that is used by many customers to order
products, determine the status of an order, and to use credit cards to pay for their purchase online.
4. Acme has the same accounting software package suite implemented at four of its five distribution
centres. The fifth centre, Halifax, implemented a different accounting software package suite this year,
using its operating budget, since it wanted to reduce costs in the accounting office. The regional
manager stated that the software approved by head office is too difficult to use.

Continued...
PEAU2 #1

Page 4 of 6

5. Since there have been no major information systems acquisitions for several years, and none are
planned, Acme disbanded its IT steering committee about three years ago. At that time, the committee
had finished some major work approving updates to the companys privacy policies, security policies,
employee information systems practices, disaster recovery plans, and long-term information systems
strategies. Discussion with the CEO indicates that the company believes it will be necessary to reactivate the committee in three to four years.
6. Each region has a local area network that includes two point-of-sale terminals (used for over-thecounter sales and the warehouse sale days) and about 15 other stations.
7. Because of plummeting sales and revenues, the company has modified its service contracts so that
on-site maintenance of computing equipment is done quarterly rather than monthly. Some functions,
such as anti-virus updates are automated. However, there was a problem with the Halifax network,
and the Vancouver senior accountant complained that he has recently received virus-infected
spreadsheets from Halifax.
8. Payroll is handled using a reputable service organization that has thousands of accounts. The senior
accountant in Vancouver is responsible for payroll data entry.
Required
30

Provide an assessment of control risk. Explain the control weaknesses that are to be reported to
management, provide recommendations to management for improvement, and identify the impact on the
audit. Identify any additional audit procedures over the prior year that might be required.
Note:
Limit your memo to about 1,000 words.

5 marks are allocated for clarity, logic and persuasiveness.

Continued...
PEAU2 #1

Page 5 of 6

17

Question 6
You have been assigned to assist your audit team in the audit of the accounts receivable of XYZ Company
using ACL (Audit Command Language), which is generalized audit software.
Control risk has been set at maximum, so the audit senior would like your input into the planning process
of accounts receivable. The audit manager would like to know which audit procedures can be conducted
by ACL using the data files below, and how this would link to the audit assertions that are relevant to
accounts receivable.
Accounts receivable master data file contents:
Customer number
Customer name
Customer contact details
Customer billing address
Customer shipping address
Credit limit
Sales person
Accounts receivable balance
Accounts receivable transaction file (containing unmatched or unpaid transactions):
Customer number
Transaction type (I invoice, C credit note, A adjustment)
Transaction number
Transaction date
Transaction amount
Required
15
2

100

PEAU2 #1

Write the memo for the engagement manager.

2 marks are allocated for professional capabilities, including communication skills, demonstration of
competence, and clear identification of problems and issues.
END OF EXAMINATION

Page 6 of 6

CGA-CANADA
ADVANCED EXTERNAL AUDITING [AU2] PRACTICE EXAMINATION
SUGGESTED SOLUTIONS #1
(Updated to the 2015/2016 Module Notes)

Marks
12

Time: 4 Hours
Question 1
Note:
11/2 marks each
Sources:
a.

3) Topic 2.4 (Level 1)

b. 4) Topic 6.4 (Level 2)

c.

2) Topic 8.7 (Level 1)

d. 1) Topic 3.2 (Level 1)

e.

2) Topic 6.6 (Level 2)

f.

3) Topic 7.1 (Level 1)

g. 1) Topic 4.8 (Level 2)

h. 1) Topic 2.4 (Level 1)
15

Question 2
Source: (a) Topic 9.4 (Level 1); (b) Topics 2.4, 3.4, and 4.1 (Level 1); (c) Topic 9.1 (Level 1);
(d) Topic 2.5 (Level 1); (e) Topic 1.6 (Level 1); and Topic 1.6 (Level 1) and CGA-Canada Code of Ethical
Principles and Rules of Conduct (CEPROC)
3

a.

Violation. Since Rajan only compiles the financial statements of his client, Home Management Ltd.,
he need not be independent. However, the fact that he is not independent must be disclosed in his
notice to reader. In this case, Rajan lost his independence when he invested in the clients business (a
self-interest threat), so this absence of independence must be disclosed. In addition, the fact that Rajan
compiled the financial statements for free suggests an inappropriately close relationship (familiarity
threat) with the client, further harming Rajans independence.

b. Violation. Li Mei has violated Canadian Auditing Standards by failing to perform tests of control
while assessing control risk at a low level. A walk-through test is simply a way in which a CGA can
obtain knowledge concerning the design of control procedures; it is not a test of internal controls.
Also, Li Meis limiting of her substantive testing to financial ratio analysis (plus verifying the cash
account) violates GAAS, as such analysis does not constitute sufficient appropriate evidence to
support the assertions in the financial statements. Ratio analysis is most useful in the planning and
completion stages of an audit as a means of directing the auditors attention to possible problem areas.
It is not an appropriate means of obtaining assurance, since the auditors expectations are not likely to
be sufficiently precise. To comply with GAAS, more substantive testing would be necessary, even if
Li Meis assessment of a very low risk of material misstatement was justifiable (which it is not).

Continued...
PSAU2#1

Page 1 of 8

No Violation. Jens review procedures, consisting of inquiry, analysis, and follow-up discussions with
management, are appropriate in a review engagement, as is her conclusion that the financial statement
amounts are plausible. Performing additional audit procedures at the clients request is also
appropriate, although the CGA must be careful not to blur the distinction between a review and an
audit, which might suggest that more than moderate assurance was being provided. Here the president
specifically requested that certain procedures be performed to help monitor the activities of his staff
so ambiguity does not seem to be a problem. Finally, Jens decision to inform the president of her
suspicions that the chief accountant was stealing an immaterial amount of cash from the company is
appropriate, although it may be prudent for Jen to delay the issuance of her review engagement report
until the fact and amount of the theft of cash is more clearly established.

c.

d. Violation. Dean has violated Canadian Auditing Standards by agreeing to a material client-imposed
scope restriction concerning the confirmation of accounts receivable that has no valid business
purpose. While some customers may be annoyed by confirmations, this does not justify eliminating all
confirmation work. Dean should have discussed specific clients that might be excluded from
confirmation, and performed alternative procedures on those accounts. Also, Deans alternative
procedure of simply examining sales invoice copies does not constitute sufficient appropriate
evidence. Sales invoices are client-prepared documents and constitute very weak audit evidence.
Instead, Dean should have examined evidence supporting subsequent payments of the receivables, as
well as customer orders and shipping documents supporting accounts receivable that remained
uncollected for some time after the end of the clients fiscal year.

e.

8
2

Violation. Ross is not independent from his audit client by virtue of the fact that he accepted a large
gift a two-week paid vacation to the South Pacific from the clients owner. This gift creates a
serious familiarity threat to Rosss independence, both in fact and in appearance. Were it not for the
lack of independence, Ross could otherwise audit the financial statements and also perform tax work
and systems design work for the client, since Natural Foods is a closely held company. The systems
design work would not be appropriate if the client was a listed company. Finally, the fact that the fee
for the systems design consulting service was very large (500%) relative to Rosss audit fee is, in
itself, of no consequence if Ross has a sufficient number of other clients such that the fee does not
result in economic dependency on the client.

Question 3
a. Source: Topics 2.4 and 7.4 (Level 1)
Agree. All of the elements listed are inherent limitations of internal controls. Because of such
limitations, internal control can never provide management or the auditor with absolute assurance that
material misstatements dont exist. This implies that control risk must always be assessed at a value
greater than zero.

b. Source: Topics 5.5 and 5.8 (Level 1)

Disagree. While sequence checks, limit tests, range checks, and completeness checks are all examples
of computer edit routines, an auditor would normally verify that the edit routines were operating as
designed using systems-oriented computer-assisted audit techniques, such as test data, rather than with
generalized audit software, which is data-oriented.

c.

Source: Topic 6.5 (Level 1)

Disagree. While it is true that an auditor who uses the services of an audit expert to verify a material
part of financial statements should ascertain the audit experts expertise, objectivity, and
independence, the auditor would make no mention of the audit expert in the scope paragraph of an
unmodified opinion.

d. Source: Topic 7.2 (Level 1)

Disagree. Under current auditing standards, fraudulent material misstatements and material
misstatements arising from a clients illegal acts are treated similarly: auditors must assess the
inherent risk of material misstatements arising from illegal acts (and fraud) and adjust the nature,
extent, and/or timing of their substantive testing to reduce audit risk to an acceptably low level.
Continued...

PSAU2#1

Page 2 of 8

13
3

Question 4
a. Source: Topic 8.7 (Level 1)
The probable close relationship between an auditor and client in a small business engagement is likely
to result in the auditor performing a variety of services for the client, not just a financial statement
audit. The auditor may provide tax advice, general consulting services, advice on accounting policy
choices and the treatment of specific transactions, and assistance in the accounting function. On the
positive side, the close relationship would assist the auditor in obtaining detailed knowledge of the
clients business, as well as the integrity and operating style of the owner-manager. On the negative
side, the close relationship can impair the auditors independence in fact or in appearance. There is a
threat that the auditor will function as an employee of the business, not as an independent
professional. In addition, a close personal relationship with the owner-manager may result in biases in
judgment and a loss of objectivity.

b. Source: Topic 8.7 (Level 1)

The decision to use a substantive approach or a combined approach in a small business audit critically
depends on the strength of the clients internal controls. If systems are informal and segregation of
duties is lacking, it is difficult to assess control risk at less than the maximum level. As a result, a
purely substantive audit, with no reliance on internal controls, is necessary. However, if some level of
internal controls exists and it is cost-effective for the auditor to rely on such controls, a combined
audit approach may be possible.

c.

Source: Topic 8.7 (Level 1)

When a small business client uses packaged software in performing accounting, the auditor should
assess controls in the following areas:

Access controls. Who has physical access to the hardware and software, and are passwords properly
used and controlled? Effective passwords can help to implement effective segregation of duties.
Program development controls. Who has authority and access to modify the software package?
While the underlying program code is likely inaccessible, packaged programs have settings that can
change processing and that need to be controlled.
Backup. Are appropriate backup files maintained, and are they stored off-site to facilitate
reconstruction of the files in the event of a system failure or other disaster?

d. Source: Topic 9.9 (Level 1)

The general situation when a group engagement team may have to rely on the work of a component
auditor is in an audit of consolidated financial statements where one or more of the subsidiaries are
audited by a secondary audit firm, but the group engagement team reports on the consolidated
financial statements as a whole.
When relying on a component auditor, the group engagement team must obtain evidence to support
such reliance. An important issue to consider is whether the subsidiary(ies) audited by the component
auditor is(are) are material. In general, the group engagement team needs to consider the
qualifications, competence, independence, and integrity of the component auditor. The group
engagement team must ensure that the component auditor understands and will comply with the
ethical requirements that are applicable to the group audit. It must also ascertain whether the
component auditor operates in a regulatory environment that actively oversees auditors. Finally, the
group engagement team must determine whether it will be involved in the work of the component
auditor to ensure that sufficient and appropriate evidence is gathered to render an opinion on the
consolidated financial statements. This involvement could include participating in planning meetings
(such as teleconferences), approving the level of materiality used, approving audit programs prior to
commencement of the audit testing, or reviewing the working papers at various times throughout the
engagement.

Continued...
PSAU2#1

Page 3 of 8

35

Question 5
Source: Topics 2.5, 4.1, 4.2, 4.3, 4.5, 5.1, 5.3, 5.4, 6.3, 6.5, and 10.2 (Level 1)
Note:
Maximum 30 marks for content and 5 marks for communication skills. Candidates will provide different solutions. The major issues to be
addressed and the allocation of marks are shown in this sample memo.

MEMO
Date:
To:
From:
Re:

Current date
Audit Partner
Audit Senior
Preliminary control risk assessment for Acme Tires Ltd. for the year ended September 30,
20X0, and additional audit procedures required

Overall, control risk should be set at high because of a deteriorating control environment in which
management does not seem to be effectively monitoring and mitigating risks. This memo describes my
reasoning for the control risk assessment and indicates some matters that should be communicated to
management in a management letter. My analysis also indicates two new systems (a secure website and an
accounting software suite at one region) that require additional field work. We will need to document the
controls at these systems, and conduct a conversion audit of the new accounting systems at the Halifax
distribution centre. Since the new secure website likely has many automated functions, computer-assisted
testing and reliance on programmed controls is desirable. The client has also discovered a virus, which
may affect data and program quality if it has not been contained.
Note:
Maximum 3 marks. A complete answer will indicate the following: (1) there are serious control deficiencies with respect to the control
environment, (2) conversion audit will be needed for the new accounting systems, and (3) the use of the new secure website requires
changes in audit procedures.

Control risk is assessed as high because of the following control environment issues:
1. Information technology governance is lacking, resulting in poor control over implementation of new
systems.
2. There have been cutbacks in outsourcing services that could result in deteriorating service.
3. Cutbacks (or other causes) seem to have resulted in less segregation of duties.
Further details on these items follow, stating the impact and potential recommendations to management
that we could include in a management letter to the client.
1. Information technology governance
Management has again indicated that it feels it does not require an IT steering committee. The impact may
be that policies (such as privacy policies and security policies) could be out of date. Also, one region has
decided to implement its own software, which could result in incompatibility issues between regions,
increasing the potential for error with data transfers or on consolidation of regional data. We recommend
that management reconsider its position and implement greater oversight of the IT process.
As auditors, we will need to assess the process used to integrate the Halifax operational data into national
results. If there is poor oversight of implementations, there may have been problems in the implementation
of the new website, so we should also evaluate that process.
Note:
Maximum 5 marks. A complete answer will include both the management issues (the difficulties associated with the absence of an IT
steering committee or oversight process) and the impact on the audit of the Halifax and new website implementation.

Continued...
PSAU2#1

Page 4 of 8

2. Cutbacks in outsourcing
Management has reduced its information systems maintenance from monthly to quarterly. This reduction
may not have an immediate operational impact, but could have contributed to the presence of a virus
discovered in Halifax spreadsheets, discussed in the next section.
We should inquire further with respect to the extent of the maintenance done and how it might affect the
accounting records. Also, if management has cut back these functions, we should inquire about any further
activities that may have been cut back.
Note:
Maximum 4 marks. A complete answer will consider the implications of the maintenance cutback and whether this is just one indicator of
other cutbacks at the organization.

3. Cutbacks with poor segregation of duties

The company has increased the number of warehouse sale days, with only two employees using the two
point-of-sale terminals responsible for these sales and management of the inventory. This reduction in
employees means that these employees have access to cash and assets, as well as recording sales, which
could result in theft of cash or assets. We should recommend to management that the two employees have
different duties, with one person handling the sales and another managing the inventory, and that there be
random supervisory review during the sale days.
There is only one person responsible for payroll data entry, and this work does not appear to be checked.
The impact is that the payroll data entry person could make errors in payroll that would not be detected or
add fictitious employees to payroll that would not be detected. We should advise management to have
independent verification of payroll data entry, particularly master file changes.
The audit impact is that we may consider doing more analytical testing of those sales and of inventory to
look for unusual variations that could be indicators of theft or error. We might consider doing computerassisted audit testing of payroll to look for unusual fields or duplicated bank transit numbers.
Note:
Maximum 5 marks. A complete answer will clearly analyze both the segregation problems with respect to the warehouse sales and the
payroll, as well as describe recommendations for improvement and the effect on the audit process.

Continued...
PSAU2#1

Page 5 of 8

Impact on the audit process

Because of the implementation of new automation, there may be a greater likelihood of errors at the client
organization if the employees do not know how to use these systems (an increase in inherent risks). We
may require the use of a specialist and may need to change our audit procedures with respect to sales
handled through the secure website.
Matters that affect our audit process in the coming year are as follows:
1. Implementation of the new accounting software package in Halifax
2. Implementation of the new secure customer portal
3. Virus detected in spreadsheets
Note:
Maximum 3 marks. A complete answer will: (1) explain why there would be a change in audit procedures, and (2) indicate that inherent
risks have increased.

1. New accounting software package in Halifax

The distribution centre in Halifax has implemented new accounting systems. We need to determine the
process used to implement the software and what controls were in place to ensure that the data converted
were accurate, complete, and authorized. We also need to determine whether there have been any changes
(such as general ledger structure) that would affect the comparability of the financial statements. As part of
our audit, we would need to conduct substantive testing of the conversion of the data from one system to
the other for example, tracing the general ledger and inventory balances on a test basis from the old
systems to the new systems to determine accuracy and completeness of the data that were converted.
These additional procedures will increase the cost of the audit.
Note:
Maximum 3 marks. A complete answer will recognize that multiple application cycles are affected by the conversion, provide examples of
required audit procedures, and indicate that there is an increased cost to the audit.

2. New secure customer portal

The company has implemented a new secure website that accepts customer payments by credit card. We
need to determine the reliability of the method used to collect payments and assess the validity of the
credit cards (for example, is a payment service provider used, and what methods are in place to prevent
use of fraudulent credit cards). We also need to determine how the data from the secure website are
transferred to the accounting systems. Finally, we need to determine whether controls are in place to
ensure that data are accurate, complete, and authorized on the website and in the accounting system.
The automated processing of payments is handled by the website programs. We need to look at the quality
of the programs that calculate sales prices and taxes to determine whether we can rely on those programs
and how we can test them. This may be one area (accuracy of calculations) where we may choose to rely
on controls (set control risk as low) and decide to test using test data or other methods. We will need an IT
specialist on the team to help us assess these controls and design effective audit procedures.
Note:
Maximum 5 marks. A complete answer will provide examples of the type of information that needs to be collected, the need to rely on
controls within programs, and the likely need for an IT specialist to audit the controls and transactions with respect to the secure website.

Continued...
PSAU2#1

Page 6 of 8

3. Virus detected in Halifax spreadsheet software

Halifax has been sending virus-infected spreadsheets to Vancouver. It is possible that other data or
programs have become infected. We will need to inquire of the client whether the virus has been
eliminated and what further actions have been taken to prevent further virus infection.
If data and programs have been infected, it will affect the quality of data available to us during the audit,
and we may be unable to rely on data obtained from the client. This would seriously affect our ability to
conduct the audit.
Note:
Maximum 2 marks. A complete answer will recognize that a virus infection can cause serious harm to client records and that the impact of
the virus needs to be further investigated.

Feel free to contact me if you want to discuss any of these issues in more detail. In closing, there are many
serious unresolved matters with respect to our audit of Acme Tires Ltd. The cost of the audit will rise
because of the need for additional audit procedures stemming from the new systems in place at the client
organization.
Note:
A maximum of 30 marks may be awarded for the substance of the memo.

5
17

The final 5 marks are allocated for clarity, logic and persuasiveness.
Question 6
Source: Topics 2.5, 4.6, 5.8, and 7.4 (Level 1)
Note:
Maximum 15 marks for content and 2 marks for communication skills. Candidates will provide different solutions. The major issues to be
addressed and the allocation of marks are shown in this sample memo. Not all of the points below need to be made to receive full marks
(15) for the substantive portion of the question.

Date:
To:
From:
Re:

MEMO
Current date
Engagement manager
CGA
Audit procedures for XYZ Company that could be conducted using ACL

When control risk is high, we can conduct substantive audit tests at low cost that make the audit more
effective. Calculations can be done for all transactions, control totals can be easily calculated, and
investigative tests that are dual purpose can be done to search for warning signs of fraud (such as looking
for customer addresses that are the same as employee addresses). I have listed a selection of tests below
for you to consider. If there are any further tests that you would feel are useful, please let me know.

Continued...
PSAU2#1

Page 7 of 8

Audit test

Audit assertion and purpose of test

Add all transactions in the transaction file and

provide totals by customer; the totals of both files
should match and also agree with the general
ledger.

Completeness, accuracy, and detail tie in: This

test provides assurance that the subsidiary records
reconcile to the master file and to the general
ledger. It also checks the calculation process of
the programs that compile the totals in the master
file.

Perform an aging and prepare a detailed aged

accounts receivable trial balance with subtotals
by customer for comparison to the clients
accounts receivable trial balance, both in total
and for a sample of customers.

Accuracy and valuation: This test provides

information that can be used to assess the
collectability of the accounts receivable. It is also
a recalculation of the aging, so provides
assurance with respect to the quality of
calculations done by the clients accounting
systems.

Stratification of accounts based on materiality

and provision of statistics with respect to number
and dollar value of accounts in particular dollar
ranges.

This type of information is not associated with a

particular audit assertion, but will tell us how
many high dollar accounts are present, as well as
the number of credit transactions in the accounts.

Selection of a random dollar unit sample for

confirmation.

This type of information is not associated with a

particular audit assertion, but can assist the audit
team by providing statistically sound samples for
confirmation.

Look for duplicate customer names and duplicate

customer addresses. These would be followed up
with the client to determine cause.

Existence: Any duplicated customers may be

duplicated transactions that may not be
collectible, or may be other types of errors.

Provide a list of all customer accounts that are

within 10% of the credit limit. Accounts close to
the credit limit may have collection issues.

Valuation: This information can be used to help

assess the collectability of these accounts, in
consultation with client staff and examination of
annual sales for the customer.

Provide a list of any transactions that are outside

of the current fiscal year.

Cut-off: If there are any transactions that are after

the current fiscal period, there could be a cut-off
error. If there are transactions from the prior
fiscal period, these may not be collectible or may
indicate unusual collection terms.

Note:
A maximum of 15 marks may be awarded for the substance of the memo. Other audit procedures are possible. The key is to clearly
explain the purpose of the audit test and how it relates to the overall audit process.

The final 2 marks are awarded for professional capabilities: a clear description of the audit procedures that
also serves an educational function to the audit manager, linking the automated audit procedures to the
audit process.

END OF SOLUTIONS
100

PSAU2#1

Page 8 of 8