SUGGESTED ANSWERS MODEL PAPER

RISK MANAGEMENT AND AUDIT SEMESTER-5

Q.1 (a)

Risk Associated with Revenue and General Operations: (Any six @ 1 mark each)

1 of 7
MARKS
06

(i)

The system may get hang and the payment made might not reflect in
Milestonedotcom Account.

(ii)

The banks system may not be able to reconcile the total transactions against the
revenue generated by Milestonedotcom.

(iii)

The collection staff may not claim on timely basis the funds from the relevant Bank.

(iv)

The revenue earned by Milestonedotcom could be from the credit card hacked by the
User.

(v)

Available inventory for sale may not be updated on timely basis.

(vi)

The web-link may remain down without timely intimation/knowledge of the

management.

(vii)

Item bought on the net, may not be delivered timely on customers given address.

(viii) I.T protocols for the operation may not be adhered, hence resulting in any sort of
virus/hacking of the System.
Measures to Manage the Risk of Revenue and General Operations: (Any six @ 1 mark
each):

06

Revenue:
(i)

An automated alert system should be installed in the system which confirms the
receipt of funds from credit card.

(ii)

Daily reconciliation with the Bank should be obtained & monitored.

(iii)

All funds receipt should be checked against on-line sales on daily basis.

(iv)

CNIC &/or PIN based verification of customer system should be installed in the
System.

(v)

Inventory should be updated on line against the placed orders on real time basis.

(vi)

A real time system needs to be installed which should automatically triggers any alert
relating to system downtime.

(vii)

On daily basis the customers receipt note should be cross matched/checked against
the deliveries made.

(viii) A recommended anti virus should be installed that could have features to safe guard
the system.
(b)

Risk Conditions: (1 mark each)

Means of identifying conditions leading to risks (potential sources of loss) include:
(a) Physical inspection, which will show up risks such as poor housekeeping (for example
rubbish left on floors, for people to slip on and to sustain fires)
(b) Enquiries, from which the frequency and extent of product quality controls and checks
on new employees reference, for example, can be ascertained.
(c) Checking a copy of every letter and memo issued in the organization for early
indications of major changes and new projects.
(d) Brainstorming with representatives of different departments.
(e) Checklists ensuring risk areas are not missed.
(f) Benchmarking against other sections within the organization or external experiences.
(g) Human reliability analysis, reviewing decision points within operational processes.

DISCLAIMER: The suggested answers provided on and made available through the Institutes website may only be referred, relied upon or treated as a guide and substitute
for professional advice. The Institute does not take any responsibility about the accuracy, completeness or currency of the information provided in the
suggested answers. Therefore, the Institute is not liable to attend or receive any comments, observations or critics related to the suggested answers.

07

SUGGESTED ANSWERS MODEL PAPER

RISK MANAGEMENT AND AUDIT SEMESTER-5

2 of 7
MARKS

Q.2

(a) (i)

Fraud:
An intentional act by one or more individuals among management, those charged with
governance, employees, or third parties, involving the use of deception to obtain an
unjust or illegal advantage.

02

There are two types of fraud relevant to auditors consideration: i) Misappropriation of

assets and ii) fraudulent financial reporting.
Misappropriation of assets:
Misappropriation of assets involves the theft of an entity's assets and is often
perpetrated by employees in relatively small and immaterial amounts. However, it can
also involve management who are usually more able to disguise or conceal
misappropriations in ways that are difficult to detect. Misappropriation of assets can
be accomplished in a variety of ways including:
a) Embezzling receipts (for example, misappropriating collections on accounts
receivable or diverting receipts in respect of written-off accounts to personal
bank accounts).
b) Stealing physical assets or intellectual property (for example, stealing inventory
for personal use or for sale, stealing scrap for resale, colluding with a competitor
by disclosing technological data in return for payment).
c) Causing an entity to pay for goods and services not received (for example,
payments to fictitious vendors, kickbacks paid by vendors to the entity's
purchasing agents in return for inflating prices, payments to fictitious
employees).
d) Using an entity's assets for personal use (for example, using the entity's assets
as collateral for a personal loan or a loan to a related party).
Misappropriation of assets is often accompanied by false or misleading records or
documents in order to conceal the fact that the assets are missing or have been
pledged without proper authorization.

04

Fraudulent financial reporting:

Fraudulent financial reporting involves intentional misstatements including omissions
of amounts or disclosures in financial statements to deceive financial statement users.
It can be caused by the efforts of management to manage earnings in order to deceive
financial statement users by influencing their perceptions as to the entity's
performance and profitability. Such earnings management may start out with small
actions or inappropriate adjustment of assumptions and changes in judgments by
management. Pressures and incentives may lead these actions to increase to the
extent that they result in fraudulent financial reporting. Such a situation could occur
when, due to pressures to meet market expectations or a desire to maximize
compensation based on performance, management intentionally takes positions that
lead to fraudulent financial reporting by materially misstating the financial statements.
In some entities, management may be motivated to reduce earnings by a material
amount to minimize tax or to inflate earnings to secure bank financing.
Fraudulent financial reporting may be accomplished by the following:
a) Manipulation, falsification (including forgery), or alteration of accounting records
or supporting documentation from which the financial statements are prepared.
b) Misrepresentation in, or intentional omission from, the financial statements of
events, transactions or other significant information.
c) Intentional misapplication of accounting principles relating to amounts,
classification, manner of presentation, or disclosure.

DISCLAIMER: The suggested answers provided on and made available through the Institutes website may only be referred, relied upon or treated as a guide and substitute
for professional advice. The Institute does not take any responsibility about the accuracy, completeness or currency of the information provided in the
suggested answers. Therefore, the Institute is not liable to attend or receive any comments, observations or critics related to the suggested answers.

04

SUGGESTED ANSWERS MODEL PAPER

RISK MANAGEMENT AND AUDIT SEMESTER-5

3 of 7

MARKS
Fraudulent financial reporting often involves management override of controls that
otherwise may appear to be operating effectively.
(ii)

The risk factor related to fraudulent financial reporting and misappropriation of assets are
classified based on the three conditions that are generally present when fraud exists:

(b)

Q.3

(a)

An incentive or pressure to commit fraud

01

A perceived opportunity to commit fraud and

01

An ability to rationalize the fraudulent action.

01

Assertions used by the auditor to consider the different types of potential misstatements
that may occur fall into the following three categories and may take the following forms:
(a) Assertions about classes of transactions and events for the period under audit:
a. Occurrence: transactions and events that have been recorded have occurred and
pertain to the entity.

01

b. Completeness: all transactions and events that should have been recorded have
been recorded.

01

c. Accuracy: amounts and other data relating to recorded transactions and events have
been recorded appropriately.

01

d. Cutoff: transactions and events have been recorded in the correct accounting period.

01

e. Classification: transactions and events have been recorded in the proper accounts.

01

Importance of Auditing Standards:

A variety of stakeholders might read a companys financial statements. Some of these
readers will not just be reading a single companys financial statements, but will also be
looking at those of a large number of companies and making comparisons, and making
comparisons between them.

05

It is important that the audit profession is regulated and that auditors follow the same
standards because many of these readers want assurance that when making
comparisons, the reliability of the financial statements does not vary from company to
company.
The assurance will be obtained not just from knowing that each set of financial statements
has been audited, but from knowing that this has been done in accordance with common
standards.

(b)

(i) Tests of Controls Cash Payments: (Any six @ 1 mark each)

1. Compare payments with paid cheques.
2. Verify that cheques signatories are authorized.
3. Check payments with suppliers invoices and other supporting.
4. Test sequence of cheque numbers.
5. On a test basis, reper form reconciliation.
6. Verify that reconciliations are prepared and reviewed independently, throughout
the period.
7. Inspect reconciliations for long outstanding items.
8. Check petty cash payment with supporting documents.

DISCLAIMER: The suggested answers provided on and made available through the Institutes website may only be referred, relied upon or treated as a guide and substitute
for professional advice. The Institute does not take any responsibility about the accuracy, completeness or currency of the information provided in the
suggested answers. Therefore, the Institute is not liable to attend or receive any comments, observations or critics related to the suggested answers.

06

SUGGESTED ANSWERS MODEL PAPER

RISK MANAGEMENT AND AUDIT SEMESTER-5

4 of 7
MARKS

9. Check that supporting documents have been marked paid to avoid misuse.
10. Observe security arrangements for cheque books.
(ii)Tests of Controls-Payroll: (Any six @ 1 mark each)

06

1. Check that payroll summary is approved.

2. Check that controls over payments to joiners and leavers are independently
applied.
3. Test accuracy of computation of wages and salaries.
4. Check authorization of rates of pay.
5. Check hours with production records, time sheets and other evidence for hours
worked.
6. Observe pay out of wages to ensure that control procedures are being followed.
7. Examine receipt given by the employee.
8. Check reconciliation of payroll with previous months records, clock cards, time
sheets and job cards.
9. Check additions of the payroll summary.
10. Check that payments to tax authorities are accurate.
Q.4

(a)

Designing and Performing Audit Procedures to Identify Litigation and Claims:

04

The auditor shall design and perform audit procedures in order to identify litigation and
claims involving the entity when such matters give rise to a risk of material misstatement.
This exercise is carried out by:
(i) Inquiry of management and, where applicable, others within the entity, including inhouse legal counsel;
(ii) Reviewing minutes of meetings of those charged with governance
correspondence between the entity and its external legal counsel; and

and

(iii) Reviewing legal expense accounts.

(b)

Direct Communication with the Entitys External Legal Counsel:

If the auditor assesses a risk of material misstatement regarding litigation or claims that
have been identified, or when audit procedures performed indicate that other material
litigation or claims may exist, the auditor shall, in addition to the procedures required by
other International Standards on Auditing, seek direct communication with the entitys
external legal counsel.
The auditor shall do so through a letter of enquiry, prepared by management and sent by
the auditor, requesting the entitys external legal counsel to communicate directly with the
auditor. If law, regulation or the respective legal professional body prohibits the entitys
external legal counsel from communicating directly with the auditor, the auditor shall
perform alternative audit procedures.
The matters which should be discussed in a letter to the legal counsel should include.
1-

Legal cases in progress.

2-

Current status of each significant legal case.

3-

The legal counsel assessment of the possible outcome of each legal case.

4-

Incase of a possibility of a company loosing a case, the potential financial impact.

5-

Any penalty / fines/ damages imposed on the company which the legal counsel is
aware of.

DISCLAIMER: The suggested answers provided on and made available through the Institutes website may only be referred, relied upon or treated as a guide and substitute
for professional advice. The Institute does not take any responsibility about the accuracy, completeness or currency of the information provided in the
suggested answers. Therefore, the Institute is not liable to attend or receive any comments, observations or critics related to the suggested answers.

09

SUGGESTED ANSWERS MODEL PAPER

RISK MANAGEMENT AND AUDIT SEMESTER-5
(c)

5 of 7

MARKS
Modification of the Opinion in the Auditors Report Regarding Litigation and 05
Claims:
The auditor shall modify the opinion in the auditors report in accordance with ISA 705
when:
(i) The management of the entity refuses to give the auditor permission to communicate
or meet with the entitys external legal counsel, or the entitys external legal counsel
refuses to respond appropriately to the letter of enquiry, or is prohibited from
responding; and
(ii) The auditor is unable to obtain sufficient appropriate audit evidence by performing
alternative audit procedures.

Q.5

(a)

Information that External Auditors Seek from the Internal Auditors in order to
Determine the Extent of their Reliance: (any six points)

06

Records detailing the qualifications and experience of internal audit staff:

Procedure manuals setting out the organizations quality control standards for internal
audit and evidence that this is monitored and reviewed.
For the periodic audit of the operation of internal controls working papers showing:
That the work is adequately planned, executed and reviewed
The results of tests of controls particularly in respect of financial and information
systems.
For the restructuring of the information services function:
Documentation showing the way in which the restructure was planned and the
basis on which decisions were made.
The results of the post-implementation review.
Any documents relating to this function prior to the changes (as part of the year
would have been based on the old system).
For the review of the structure of internal controls the most recent report produced to
determine how up-to-date the information is.
For the annual review of risk management measures working papers showing:
Planning of this work
Results of key tests performed (controls, substantive)
Key conclusions
Management responses.
(b)

Circumstances and major areas where it is necessary for the external auditor to
perform his own work in addition to relying on the work performed by internal
auditor:
It will be necessary for the external auditor to perform his own work in the following
circumstances:
Where balances are material to the financial statements: This is because the external
auditor cannot delegate responsibility for the audit opinion. The external auditor needs
sufficient appropriate evidence on which to form his opinion and auditor generated
evidence is the most reliable.

DISCLAIMER: The suggested answers provided on and made available through the Institutes website may only be referred, relied upon or treated as a guide and substitute
for professional advice. The Institute does not take any responsibility about the accuracy, completeness or currency of the information provided in the
suggested answers. Therefore, the Institute is not liable to attend or receive any comments, observations or critics related to the suggested answers.

07

SUGGESTED ANSWERS MODEL PAPER

RISK MANAGEMENT AND AUDIT SEMESTER-5

6 of 7

MARKS
In areas of increased risks: this will include areas where complex accounting
treatments are involved or where judgment is required. In this instance inventory
valuation is likely to be a risk area, as well as being material. Leasing transactions may
also be complex and will therefore require independent appraisal by the external
auditor.
Where the objectives of the internal audit work differ from those of the external auditor:
The roles of the internal and external auditor are very different. In some instances
while the internal auditor may have done some work on a particular area the approach
taken may not be adequate for the purposes of expressing an opinion on truth and
fairness. This particularly the case where the internal audit department concentrates
on operational aspects rather than matters which affect the financial statement.
As regards particular areas where the External Auditor may perform his own work rather
than solely rely on the Internal Auditor, this would vary from entity to entity. Below are
some examples that highlight when an External Auditor may perform his own work in
addition to considering the tasks performed by the Internal Auditor.:
In a manufacturing concern, inventory is likely to always be an area of high risk of
material misstatement. In such an instance, whilst the external auditor may rely to
some extent on the stock count exercise attended by the internal auditor as regards
Existence Assertion, they may still want to review the Valuation Assertion of the
inventory themselves by obtaining and critically analyzing the aged stock movement.
Further, in case of an audit of financial institutions, the external auditor may rely on the
internal auditors work regarding Existence Assertion of loans and advances, they
would nevertheless want to evaluate the recoverability of each significant/ material
loan advanced to major customers to assess whether it has been valued appropriately
in the statement of financial position.
In service sector organizations, the percentage completion method is sometimes
used to determine Revenue. The external auditor is almost always going to consider
risk of improper revenue recognition on the higher side and therefore it is likely that he
would perform cut-off procedures on revenue himself rather than rely on the work
performed by the Internal Auditor.
Q.6

(a)

Key Aspects for a Cost Auditor for Employing Personnel: (2 marks each)
(i) Qualification:
Cost audit work is to be assigned to personnel who have the degree of technical
training and proficiency required in the circumstances. The personnel needs should
be planned, keeping in view the staffing and timing requirements of specific cost
audit.
Qualifications of personnel as to experience, position, background and special
expertise should be evaluated. Care should be exercised not to assign any staff who
may have any disqualifying relationship. The following aspects of personnel are also
to be considered:
(ii) Experience:
Experience and training of cost audit personnel should be considered, particularly
keeping the relevant industry in view, as the cost and management accounting
procedures and techniques considerably differ on the basis of the nature and type of
industry. Earlier cost audit or other practical experience of the industry helps in
carrying out cost audit of a unit of that industry.

DISCLAIMER: The suggested answers provided on and made available through the Institutes website may only be referred, relied upon or treated as a guide and substitute
for professional advice. The Institute does not take any responsibility about the accuracy, completeness or currency of the information provided in the
suggested answers. Therefore, the Institute is not liable to attend or receive any comments, observations or critics related to the suggested answers.

08

SUGGESTED ANSWERS MODEL PAPER

RISK MANAGEMENT AND AUDIT SEMESTER-5

7 of 7
MARKS

(iii) Directions:
Assistants to whom work is to be delegated need appropriate direction and supervision.
Direction involves informing assistants of their responsibilities and the objective of the
procedures they are to perform.
It includes informing them about the nature of the industry, possible cost accounting
and auditing problems that may affect the cost audit routine and the procedures that
they are to perform. The cost audit program, in providing the time budget and the
overall audit plan, should also prove helpful in providing necessary audit directions.
(iv) Supervision:
Supervision involves both direction and review of audit work. Personnel carrying out
supervisory responsibilities generally perform functions like monitoring the progress
during the cost audit, assessing the level of competence and skill of the audit
personnel, execution of cost audit in accordance with the overall cost audit plan.
(b)

Criteria for Ineligibility of Cost Auditor:

The persons ineligible for appointment as Cost Auditor have been specified in sub-rule 4 of
Rule 3 of the Companies (Audit of Cost Accounts) Rules, 1998. Following persons are
ineligible for appointment as cost auditor:
(i) The same accountant or accounting firm, who has been appointed as an auditor of the
Company, under Section 252 of the Companies Ordinance 1984 shall not be appointed
as a cost auditor. A financial or corporate auditor of a company, therefore, shall not be
appointed as a cost auditor of the same company at the same time. Accountants who
are already acting as auditors of financial statements of a company shall not be
appointed as cost auditors of the same company.
(ii) A person who is, or has been at any time during the preceding three years, a director,
officer or employee of the company shall not be appointed as cost auditor.
(iii) A person who is a partner of a director, officer or employee of the company; or an
employee of a director, officer or employee of the company shall not be appointed as a
cost auditor. The cost auditor cannot be a partner or an employee of any director,
officer or employee of the company.
(iv) A spouse of a director of the company shall not be appointed as a cost auditor of that
company.
(v) A person who is indebted to the company for any amount at the relevant time.
(vi) A corporate body shall not be appointed as a cost auditor. A cost auditor, therefore, has
to be an individual or a firm, and not a corporate body.

THE END

DISCLAIMER: The suggested answers provided on and made available through the Institutes website may only be referred, relied upon or treated as a guide and substitute
for professional advice. The Institute does not take any responsibility about the accuracy, completeness or currency of the information provided in the
suggested answers. Therefore, the Institute is not liable to attend or receive any comments, observations or critics related to the suggested answers.

07