In: Accounting
Five years ago, a series of food poisonings in the western part of the country raised serious concern about contamination of the food supply. One state health department reported that there were 1,250 incidents in the state during that year attributable to contaminated food, including incidents related to the purchase of food at markets and restaurants. Although the cause of the problem was traced to food processing plants in several states, the Public had been extremely concerned about further outbreaks. The state enacted a statute, entitled “Food Protection Program,” requiring its Agriculture Department (AgDep) to: “protect the state’s food supply by (a) conducting inspections of food growers, processors, wholesale and retail distributors, and restaurants and (b) taking such other actions (including fines, penalties and prosecution) as deemed necessary.” Four other states enacted similar laws. The laws called for the officials of all five states to cooperate with each other. The state’s law also required its State Auditor to make a performance audit after five years to see if AgDep was “operating effectively and efficiently.” The five years have gone by and the State Auditor assigns you to plan an audit.
Required:
a. Describe a system of internal controls that the auditor might
expect to see in place so as to accomplish the intent of the law.
The control system should include an appropriate monitoring and
reporting system.
b. Develop a performance audit program responsive to the requirement imposed by the law on the State Auditor.
a. Effective internal control over financial reporting provides reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes. If one or more material weaknesses exist, the company's internal control over financial reporting cannot be considered effective.
The auditor's objective in an audit of internal control over financial reporting is to express an opinion on the effectiveness of the company's internal control over financial reporting. Because a company's internal control cannot be considered effective if one or more material weaknesses exist, to form a basis for expressing an opinion, the auditor must plan and perform the audit to obtain appropriate evidence that is sufficient to obtain reasonable assurance about whether material weaknesses exist as of the date specified in management's assessment. A material weakness in internal control over financial reporting may exist even when financial statements are not materially misstated.
The auditor should use the same suitable, recognized control framework to perform his or her audit of internal control over financial reporting as management uses for its annual evaluation of the effectiveness of the company's internal control over financial reporting.
The audit of internal control over financial reporting should be integrated with the audit of the financial statements. The objectives of the audits are not identical, however, and the auditor must plan and perform the work to achieve the objectives of both audits.
When planning and performing the audit of internal control over financial reporting, the auditor should take into account the results of his or her fraud risk assessment. As part of identifying and testing entity level controls and selecting other controls to test, the auditor should evaluate whether the company's controls sufficiently address identified risks of material misstatement due to fraud and controls intended to address the risk of management override of other controls. Controls that might address these risks include -
If the auditor identifies deficiencies in controls designed to prevent or detect fraud during the audit of internal control over financial reporting, the auditor should take into account those deficiencies when developing his or her response to risks of material misstatement during the financial statement audit.
The auditor must test those entity-level controls that are important to the auditor's conclusion about whether the company has effective internal control over financial reporting. The auditor's evaluation of entity-level controls can result in increasing or decreasing the testing that the auditor otherwise would have performed on other controls.
b. Audit programmes generally increase in size and complexity (more detailed procedures, questionnaires and checklists) with increases in the scope of the audit and size of the programmes to be audited.
While developing an audit programme, it will not be possible to anticipate all contingencies. In the early stages of an audit, there is a need to retain flexibility and to review the audit programme for appropriateness. It is preferable to start with a programme outlining the approach to the audit issues and revise and extend it as the audit progresses.
The Accountant General should provide scope for sharing of all significant refinements in the approach and additional tests and findings, concurrently with other audit teams within the managerial control of the same Accountant General or under different management control within the Department, when different persons conduct the audit at different locations. The system of sharing of the significant field audit experience should be documented and reviewed.