Question

You are the auditor in-charge of the annual audit of Muscat Insurance Company (or MIC) for the year ended December 31, 2019. MIC is the leading insurance company in Oman and enjoys a good reputation in the business community. As this is the first time your audit firm will be auditing the company, you communicated with the previous auditor as part of understanding the business. Your communication with previous auditors revealed something that you didn’t expect to discover. The previous auditors revealed that the company has an unpaid tax amounting to OMR 3 million. Though it was disclosed in the books as tax in arrears, there is no indication that the company has attempted to pay it. You have also found out in your initial review that MIC has recently purchased a new software that will enable the customers to access their insurance accounts through the internet. Because the directors are eager to use the software to attract more customers, the software has been rolled out already for use by the customers even though it was not tested by the company’s information technology (IT) department yet for security purposes. As surprise discoveries seem not to stop, you have also heard from your friends, who were customers of MIC, that there were insurance claims from customers which have not been paid by the company. Some of the claims were as old as five years ago. The management expects to receive a report on the weaknesses on the design and implementation of internal controls and some business consultative advice on top of the usual audit of financial statements. Required: Discuss matters that you would consider in developing the audit strategy for Muscat Insurance Company.

Answer 1

An audit strategy sets the direction, timing, and scope of an audit. The strategy is then used as a guideline when developing an audit plan. The strategy document usually includes a statement of the key decisions needed to properly plan the audit. The audit strategy is based on the following considerations:

• The characteristics of the engagement

• Reporting objectives

• Timing of the audit

• Nature of communications

• Significant factors in directing engagement team efforts

• The results of preliminary engagement activities

• The knowledge gained on other engagements

• The nature, timing, and extent of resources available for the engagement

--------------------------------------------------------------------------------------------------------------------------------------------

A review and analysis of each of the items of the tax information disclosed by the financial statements provides the reviewer with a fair insight of the tax position of the target concerned. Needless to state, the review and analysis, coupled with intelligent discussion with the management of the targets, would go a long way in obtaining a better perspective in this regard.

The items of tax information available in the financial statements are as follows:

a) Review of contingent liabilities
b) Review of tax provision and tax paid in the balance sheet
c) Analysis of deferred tax
d) Analysis of effective tax rate

---------------------------------------------------------------------------------------------------------------------------------------------

How to perform Audit for a Software Testing Process?

Audit is just the inspection process, used to verify and validate something. Therefore, there are multiple ways, to perform the audit operation, over the software testing process. Below given, are some of them:

• Examining the testing processes, being carried out, against the planned & defined procedures and guidelines, which was documented in the form of a testing or a quality manual, prior to the testing phase, for the purpose of directing the testing phase.
• Reviewing and analyzing, each and every documented artifacts or deliverables, used or produced, at each phase of the testing lifecycle, which may include the following items:
  • Test Suite.
  • Test Cases.
  • Test Logs.
  • Defect Report.
  • Status.
  • Test Coverage.
  • Traceability Matrix.
• Interviewing the various testing professionals, engaged at each different level of the testing phase, so as to gain access to each one's prevailing thoughts with respect to the testing process.

----------------------------------------------------------------------------------------------------------------------------------

The qualitative claim audit will attempt to verify any performance standards that may exist by contract or generally accepted practice. Are claim files open too long? Is litigation being adequately controlled? Is the ratio between new claims and closed claims per month realistic? These qualitative issues can help ascertain whether a client’s money is being efficiently spent on the best possible claim services.

Claim audits should also verify that reserves have been adequately set and are being monitored adequately and adjusted in a timely fashion.

These goals and objectives encompass both quantitative functions (e.g., verification of reserve levels) and qualitative functions (e.g., review of performance standards). These two types of claim audits are best analyzed separately, although both typically play a part in the audit process.

-------------------------------------------------------------------------------------------------------------------------------------------

A control weakness is a failure in the implementation or effectiveness of internal controls.

An assessment of internal control effectiveness has to evaluate the required separation of duties. A controlled task having several elements must be executed by several different employees

Internal controls are strong if management receives reports from different areas of activity and can compare key variables

A consistent structure of authorizations is an element of strong controls. When responsible employees sign off on each stage of a procedure, you can track problems to find out where the problem originated.

Access controls, both physical and digital, form an important part of your internal company controls. An assessment has to identify which areas of your facilities, such as data centers and warehouses, must have restricted physical access.

-----------------------------------------------------------------------------------------------------------------------------------