It is VERY IMPORTANT that you recognise this module has five(5) weeks work allocated to it … this is two weeks longer than Modules 1 and 2, so make sure you plan well and do not leave yourself too short in time to work through the prescribed activities. These will reinforce many of the principles you have learned so far and certainly give you a lot of practice at applying that knowledge … remember, it is this application you will be examined on!

This third module focuses on documenting the application of the different types of audit procedures and the resulting evidence (or lack thereof) that arises from carrying out the risk assessment. You will learn why different types of procedures are required depending on the results of applying the audit risk model and materiality judgements during risk assessment and the cumulative results of risk assessment procedures you learned about during Module 2. Hence the “Risk Response” title for the Module. The impact of your evaluation of the design of internal controls on the types of audit procedures chosen will be learned. The application of procedures to test the operation of internal controls, transactions and account balances will be distinguished. This will also extend and apply some of the sampling principles learned in Module 2. The impact of the evaluation of the evidence gathered, and gaps in that evidence to be followed-up, on the type of audit opinion issued is covered in the final Module.

This Module covers the nature timing and extent of substantive procedures, with which you will be less familiar. Since you will cover these from the perspective of the Balance Sheet and Income Statement, and these tests depend on the results of your risk assessment procedures and test of controls, you should expect that the material on substantive procedures will take up most of the time you devote to this Module.

While you have five weeks as the suggested time to work through Module 3, how YOU use that five weeks remains your responsibility. Ultimately it depends on what you need individually. Just remember, there is the Module 3 DF on which to seek assistance … never be afraid to ask for clarification about what you feel you are struggling to understand … this is how you will learn best.

This Module is much more about you applying your knowledge than learning “new knowledge”. You will also find that this Module will challenge the pre-requisite accounting knowledge you have brought into the unit. There are many activities that presume, based on your completion of pre-requisite units, you understand business and accounting principles and the processing of transactions. You should not underestimate the importance of this pre-requisite knowledge – if you need to revise, it is incumbent on YOU to do so!

Diagrammatic View of the Unit

You will find a copy of this diagram at the beginning of each chapter of your text. The relevant section of the diagram being covered in that chapter will be shown. You might find it a useful study aide to continue to annotate the diagram with the relevant modules, readings, ASAs and Lakeside cases that are applicable. This should provide a fairly complete roadmap for you of the material you need to cover to put you in the best position to attempt the activities designed to develop your application of the knowledge – it is this ability to apply what you have learned that be the focus of your final examination. This will only be used and highlighted for each Module.

See Figure 1.1 from Module 1.

Getting Started by reflecting and reviewing

Background readings

Bibliographic detail for each reading is provided below. Remember that making the effort to read each reference will improve your ability to understand and apply the principles and activities that follow.

While both these readings are offered as “background” to Module 3, they provide an excellent opportunity to reflect on what you learned about the risk of material misstatement and evidence and even the importance of legal liability – a nice bridge between Modules 1 and 2.

Reading 3.1 (Nearon, 2002) reminds you how important it is to check the unusual – of course, in order to be aware of what to look for, you need a sound appreciation of what is “usual” or “normal” … and so you are reminded again of the importance of your pre-requisite accounting knowledge!

Reading 3.2 (Vanasco, et.al., 2000) should take you back to the way what you have been learning about audit evidence has its origins in legal precedent (legal cases) that you learned back in Module 1 – NOTE that the US cases mentioned in this article supplement the non-US cases covered in your text in Module 1. Once again, the point is to reinforce the need for you to see how at this stage you are “applying” principles you are already aware of.

(*) Remember from earlier lessons and guidance there are a range of ways to access these “Not Supplied” readings so you continue to develop your research skills and find it yourself.

Help from a question on the Module 2 DF (2014)

Marie-Claire Lawler agreed to allow me to use her Module 2 DF question about inherent risk for this part of the study guide – thank you.

So the relevant extract from the question Marie-Claire asked (4/4/14) is:

At the risk of stating the obvious, I just want to confirm something to make sure I am on the right track … We conduct a risk assessment for a client based on the entity, the industry and the economy. Using this information, we then develop our idea of the client's inherent risk? That is, we identify the inherent risk factors based on specifics from what/how/when etc the client operates? … then we can go on and see what controls are in place to address the discovered inherent risks, and assess the control risk?

“Very good … the only bit I would add is as follows (just for that clarification hopefully). “… then we can go on and see what controls are in place to address the discovered inherent risks, and assess the control risk?” … yes … the bit requiring a little clarification is highlighted above … the “see” bit needs to have context … this is the link through to Chapter 6 (Lakeside Case 4, Module 3 …) which is about this design of internal controls. Your context (experience) is that what you “see” – what you are looking for – will hopefully accord with what you expect to see for accounting internal controls in a business of this type, in the industry in which they operate. So when you “see” what you expect, you feel more comfortable that the design is sound and then you would adjust your strategy to test those controls are operating as designed (test of controls – Chapter 8, Lakeside Case 5, Module 3) … tests of controls.

And, adding a little more now I have thought about my response above … what happens when you do not “see” the controls you expected? Well, we do not waste our limited audit time testing controls we “know” are poor or inappropriate for this client, rather we skip testing controls and put that time and effort into more stringent substantive testing of transactions and balances (this is remainder of Module 3 and several more Lakeside cases). Once this is done you should have your sufficient and appropriate audit evidence (or you will “know” that you do not have it) on which to base your audit opinion and sign-off on the quality assurance standards that the audit has been conducted with due skill and care minimising your desired audit risk (and legal liability) – and that would be Module 4: the end (and taking you back to where you exploration of auditing began :).

I think things MAY be falling into place :).”

How might this help?

I hope this will enable you to improve your appreciation of how inter-related all the testing (or risk response) is, especially with risk assessment but also to quality assurance and ultimately the expression of your audit opinion.

Bear in mind you have several weeks to digest the content and work through the activities to help you understand how all the principles come together. Subsequent lessons for this Module will take you through specific chapters more carefully and integrate examples and illustrations from your text and the Lakeside Company case study.

I commend the following Figures from your text to you as a guide through these inter-relationships. I suggest taking some time to review and reflect on these Figures (of course, simply looking at them or reproducing them will NOT mean you “know” what they mean; this will develop once you work through specific parts of the Module!) will offer a snapshot of the way the mix of procedures used by the auditor will vary and needs to consider the nature, timing and extent of what is required as a result of your professional judgements about risk assessment and risk response. Do NOT be concerned at this point if they do not make total sense … use them to provide guide posts for what is ahead in this Module … at the END of the Module they should be much clearer.

• Figure 8.4 Impact of controls testing on level of substantive testing
• Figure 9.2 Linkage between inherent, control and detection risks

Two points to offer in relation to Figure 8.4: first, the Table in the top half will most likely make MORE sense at this stage of your learning if you compare it with Figure 9.2 below … notice how Figure 9.2 “explains” or shows what the headings across the top of Figure 8.4 mean and are derived from – control risk assessment. In other words, Figure 9.2 expands on the Table in Figure 8.4.

Second, the graph in the bottom half of Figure 8.4 is a visualisation of the Table in the top half. What is significant to realise at this point is recognising the way your assurance is accumulated from a MIX of procedures (tests of controls and substantive tests) that is driven by your risk assessment (risk of material misstatement) and results from procedures as they are conducted (for example, do I need to do more, or am I happy with the conclusions reached). There is no set formula or mix – it varies from client to client, even from year to year with the same client.

NOTE: once again, be patient and realise you will come to better appreciate these as you progress through Module 3 and especially as you attempt the various activities prescribed.

Final suggestions to get you underway …

A further gentle reminder that you may find it beneficial to read through each of the CLOUD 9 case boxes in the relevant chapters for this Module (6, 8, 9, 10, 11) BEFORE you read through the text chapter in detail as set out in subsequent lessons … this will expose you to these issues for another audit client that are explored and presented in your Text (to compare and contrast with Lakeside).

As you read these chapters to get underway, you will see the principles underpinning risk assessment to collect evidence being responded to (put into action) and you will be able to identify the applicable professional standards that underpin the process you have seen in action by reading the Lakeside Cases. As you read each chapter from your text you will be invited to complete a series of activities (questions) from both your text and Lakeside to reinforce your ability to apply the material you have been learning. Just remember again NOT to be daunted by the apparent number of these activities that seem to be listed … this Module is designed around five (5) weeks work! The idea continues to be encouraging you to see how the various resources (readings, case, text and standards) you are being asked to use are inter-related and not a series of discrete items to be learned individually.

As for Modules 1 and 2, this is a VERY brief overview which in no way intends to be a substitute for making your own summary/notes. My recommendation is reiterated that you makes notes for each chapter objective, compare yours to those at the end of each chapter, including key terms you should be making notes of – this is the technical language “in use” that you will now be using – you should actually be using much of what you have compiled in your own glossary so that your own (glossary) and the one in your text and your Auditing and Assurance Handbook will carry more meaning and far fewer new terms.

Module 3 Discussion Forum

As you set out into Module 3 in earnest, it is recommended you make some time to pause and reflect on your progress … If there are any suggested answers, or even material you have been reading, that do not make sense or require clarification please use the Module 3 Discussion Forum (DF) to ask for help.

Remember to try and be as specific as possible about what is not clear to you so that replies can be most immediately helpful; and You are encouraged to help each other and not rely solely on staff responding.

Chapter 6: Gaining an Understanding of Internal Controls

Text reading

Here is a VERY brief overview which in no way intends to be a substitute for making your own summary/notes. As you should be familiar with by now, it is my recommendation that you make notes for each chapter objective, compare yours to those at the end of each chapter, including key terms that you should be making notes about and any standards that are referred to. This is the technical auditing language you need to develop an understanding of auditing. You are encouraged to develop and use your own glossary to compare with the one in the text and your Auditing and Assurance Handbook.

Here is an example of what I mean by annotating the summary at the end of the chapter; in this instance I am illustrating Objective 3 from Chapter 6 (2^nd Ed … in the 3^rd Ed “Differentiate” has been changed to “Discriminate between”; also, one or two of the paragraph references may be out by a digit or two … but the image below is for illustration … YOU need to make sure yours is accurate with the standards you are using because the ASAs are regularly updated – so NOT updating that image is deliberate to make that point to you). Note: you might also have annotations relating to other ASAs or Lakeside (for example Case 4) or even a reading that you believe has been relevant to your understanding … whatever is relevant to YOUR learning as you go; add more things as you make connections.

Reading your way through Chapter 6 shows you the way to evaluate the design of internal controls for the type of business and industry your client operates within. Not only will you learn to describe the elements of internal control, but you will develop some skill at identifying strengths and weaknesses in the way a client applies those elements.

You will find internal control is defined. While you can always rely on the Glossary to find a definition, it is generally best if you can find the definition in a relevant and applicable ASA so that the context is clearer (of course, the Glossary will generally point you to that ASA!).

You will also find set out what your text calls “seven generally accepted objectives of internal control activities”. I want to mention these because you WILL NOT find these explicitly mentioned in ASA315 (or any other ASA). What you WILL notice is that your text relates each of the seven objectives they identify to the Assertions you learned about in Chapter 5 (Module 2). While it is not necessary to commit these to memory, a suggestion is to start thinking about how these might “lead you” to some of the audit procedures you learned about in Chapter 5 (Module 2). For example, go back and have a look at Figures 5.1, 5.2 and 5.3 in your text and see if you could combine those and then add another column for the IC objectives to see how all this “fits together” … again, the intention is NOT to have you memorise this, rather to help you see how the principles inter-relate. Do not spend a LOT of time on the task.

Once you have had a go at this yourself, the following activity offers a view that hopefully aligns with your effort.

The next important things covered will be exploring the five elements (or components) of internal control at the entity level. Again, the distinction your text makes between internal controls at the entity and transaction levels is not one that you will find explicitly mentioned in your handbook (ASA315) … so DO NOT be worried by this … think about it as being like those at the entity level as being the overall process of internal control; while at the transaction level you are drilling down to specific parts within the accounting system/cycle (most important if your end up testing the operation of controls – Chapter 8, Lakeside Case 5).

However, the five elements are well covered in your text and even more extensively in ASA315. The example provided at the beginning of this lesson indicates the range of paragraphs and the Appendix in ASA315 where this happens – clearly there is a good deal of guidance available! Do you need to “know” it all? No. But it is wise to know where it is and the sorts of things included, so do take the time to read through it. That effort will be rewarded when you have to apply these principles when you attempt the activities.

Here is a short review activity to reassure you after your reading about the five elements of internal control.

As you learned (he says with optimism) in Chapter 5 (Module 2) and as set out in ASA315.6 enquiries (might also be spelled inquiries) are the procedure the auditor uses to collect oral evidence. Since this is also the least reliable form of evidence (ASA500.7 and A31) it is important to document it in writing, in our working papers as it is collected (as the discussions/enquiries are made). You will see some examples of this set out in Section 6.5. The variety of examples should reinforce that audit working papers are seldom “standard”. These examples will be reinforced when you cover Lakeside Cases 4 ∓ 5.

The reason for documenting your understanding of the design of internal controls is to assess if they are fit for purpose – useful to the client operating in their industry to minimise the risk of material misstatements finding their way into the financial reports. This is where your fundamental accounting knowledge will be tested … being able to identify strengths and weaknesses in internal controls. Where controls are considered well designed you will have noted strengths, and conversely, where controls are considered not so well designed you will have noted weaknesses. This has important implications for your audit strategy (subsequent audit testing). You may find a review of Figure 4.5 (text) helpful at this point.

The consequences of identifying weaknesses also impact on the need to communicate this information to those charged with governance. As you digest Section 6.7 you should be making connections back to legal liability (Module 1) and the cases that led to the development of the applicable ASAs providing guidance for this communication. Not only “what” is important, but also “when”.

Questions and Activities (Text Chapter 6)

Remember, if you wish to review your comprehension of the content you should feel free to attempt the:

• Multiple Choice Questions, and
• Review Questions presented for each Chapter.

You will find suggested answers to Multiple Choice Questions at the very end of each Chapter. You will NOT find suggested answers to the Review Questions provided BECAUSE I expect that you are capable of locating the relevant material in the Chapter … the questions are in the same sequence as the objectives and sections of the Chapter.

You should NOT expect Multiple Choice or Review style questions in your Final Examination – the style of questions will be based on those set out below that are designed to develop your skills at applying the content you have been learning.

You are provided with suggested feedback for each of these questions. Remember it is very important that you attempt to develop an answer for yourself BEFORE you check the suggestion – otherwise you will NOT learn to apply your knowledge. A direct link is provided for the suggested answers. A new window will open for your use; alternatively, there is a word version of all feedback for each Module.

Text Chapter 6: PAQ 6.30

Text Chapter 6: PAQ 6.36

Text Chapter 6: PAQ 6.37

Module 3 Discussion Forum

If there are any suggested answers, or even material you have been reading, that do not make sense or require clarification please use the Module 3 Discussion Forum (DF) to ask for help!

Remember to try and be as specific as possible about what is not clear to you so that replies can be most immediately helpful; and You are encouraged to help each other and not rely solely on staff responding.

The Lakeside Company case

Just a quick reminder that the objective of you reading any Lakeside cases prescribed is to develop a sense of how a public accounting firm positions itself, professionally and ethically, to ensure it conducts an audit engagement with due skill and care for each audit client.

As you continue learning about your new audit client be mindful that you are building on what you have already found out (learned) about Lakeside … you are accumulating your sufficient and appropriate audit evidence and continuing to see how that is documented in your audit working paper files. These terms: sufficient, appropriate, evidence, documentation, working papers will mean a lot more as you study Module 3 and explore exhibits in other Lakeside cases you will be directed to.

Case 4: Assessing Control Risk (2 pages)

In this Case you will get to know how A&C went about building on and using increasing access of client information to undertake the preliminary assessment of control risk. Remember, Lakeside is now accepted as a new client. Try to think about how you are now using the greater access you have been given to client records and premises to corroborate what you have been told by various parties in earlier cases, and are even accessing information from the previous (predecessor) auditor. Accordingly, do not be afraid to review any of the earlier Cases, especially 1 & 2 & 3. Also think about how some of the issues raised in your Background Readings are being illustrated by the case as well.

You will again see a range of Exhibits (4.1–4.6) provided to support your risk assessment. Remember you are being exposed to some of the ways an auditor documents their work, this time for a different part of the audit process – think back to Chapter 5 of your text as well as Chapter 6. Another way to think about this is the way an auditor records the different ways they go about gathering their audit evidence. The Exhibits and activities (below) illustrate evaluating internal controls at the entity and transaction levels … this is useful to get a sense that the classifications (as is often the case) overlap.

As you read through the 2 page narrative for this Case, I hope that you can make connections back to quality assurance standards, ethical standards and the applicable ASA & APES relating to communicating with the predecessor auditor, discussions within the audit engagement team, the role of the engagement partner, the application of your control risk assessment to your audit strategy (testing procedures) and the way the engagement partner's questions “connect” you to the internal control elements you studied in Chapter 6 and ASA315. Perhaps you have annotated your Case Study with notes about this?

Questions and Activities (Lakeside)

It is recommended that you follow the sequence of questions presented. You are being encouraged to explore how the various resources (readings, case, text and standards) you are being asked to use are interrelated and not a series of discrete items to be learned individually.

Lakeside Case 4: DQ 2

Lakeside Case 4: DQ 3

Lakeside Case 4: Ex 2a

Lakeside Case 4: Ex 2b

Module 3 Discussion Forum

You should be improving your knowledge of how A&C operates as well as what information is needed for them to make more of their risk assessment judgements. Before moving on, it is recommended you make some time to pause and reflect on your progress … If there are any suggested answers, or even material you have been reading, that do not make sense or require clarification please use the Module 3 Discussion Forum (DF) to ask for help!

You are encouraged to help each other and not rely solely on staff responding.