Question

Shane Whitebone is getting to know his new client, Clarrie Potters, a large discount electrical retailer. Ben Brothers has been the engagement partner on the Clarrie Potters’ audit for the past five years, but the audit partner rotation rules have meant that the engagement partner has had to change this year. Shane discovers that toward the end of last year, Clarrie Potters installed a new IT system for inventory control. The system was not operating prior to the end of the last financial year, so its testing was not included in the previous audit. The new system was built for Clarrie Potters by a Montreal-based software company, which modified another system it had designed for a furniture manufacturer and retailer. Which of the following audit risks are associated with the installation of the new inventory IT system at Clarrie Potters?

A. Whether the new system accurately processes transactions

B. Whether staff are changing passwords regularly

C. Whether there is limited access to posting journal entries

D. Whether the system can be overridden or bypassed by management or staff

E. Whether there is adequate backup

F. Whether there are sufficient controls over program changes

G. Whether there was the appropriate transfer of information from the old IT system to the new system

H. Whether the new system produces sufficient management reports (e.g., exception reports) to show that the client is monitoring its performance

Answer 1

Answer: Options (A), (G) and (H) are correct.

Explanation:

Audit risk refers to the possibility of an auditor expressing an inappropriate audit opinion on true and fair view of financial statements.

Audit risk comprises of 3 components namely, inherent risk, control risk and detection risk.

Inherent risk refers to that audit risk which is inherent part of an audit and which cannot be avoided.

Control risk refers to the risk w.r.t inefficient and inadequate internal control system implemented by the client. The risk relates to inefficiency of internal controls in detecting fraud and error.

Detection risk is the possibility that the audit procedures adopted by an auditor would fail to detect material misstatements, errors and frauds.

With respect to the given case, following points are noteworthy:

• The client namely Clarrie Porter installed a new information technology(IT) system for inventory control.
• The abovementioned system’s testing did not form part of the last conducted audit.

Whenever a client installs a new IT system, the audit risks involved are usually of the following kinds:

• The risk that the new system may not be compatible as per client’s processing requirements.
• There is a risk of data loss while transferring data from the previously installed system to the newer one.
• The risk whether the new system adequately processes data.

Hence considering the abovementioned points, it can be concluded that following audit risks would be relevant with the installation of new inventory IT system at Clarrie Potters:

1. Whether the new system accurately processes transactions.

G. Whether there was the appropriate transfer of information from the old IT system to the new system.

H. Whether the new system produces sufficient management reports (e.g exception reports) to show that the client is monitoring it’s performance.

Hence, options (A), (G) and (H) are correct.