Audit Procedure: Audit Of Dudley Health Limited For The Year Ended 30 June 2019
Subject: Audit of Dudley Health Limited for the year ended 30 June 2019 (Risk Assessment and Planning memorandum):
Fraud always has a devastating impact on businesses. Occurrence and deterrence of fraud in any organization could mean that eventually business will suffer.
In case of fraud in Pellegrino Shores, where senior staff member is dismissed on deterrence of fraud made by her. Such fraud will have following impact on business and thus will create significant business risks for the group as a whole:
Loss of business and profitability: Fraud would cause to reduce business and hence there is a risk that revenues may be overstated, or costs may be understated in order to retain same profitability. With respect to audit of Dudley Health Limited (DHL) (the “Group”), we need to be careful in following accounts under related assertions such as Revenue and trade receivables.
Relationship with audit risks, related accounts and assertions:
Risk of fraud in the business directly affects the audit strategy as audit risk model needs to be aligned with business risk model.
In the audit for the year ended 30 June 2019 for DHL, control risk is high as internal controls are weak which and could not prevent occurrence of fraud. Further, after occurrence of fraud it remained undetected and hence detective controls are also weak. As per audit risk model, when control risk is high then detection risk would also go high as it is a risk of failure to detect the occurrence of material misstatements in the financial statements, either due to fraud or error.
Hence, presence of fraud and being remained undetected would cause to work in more detail and thus overall sample size would increase as materiality thresholds would decline.
Following accounts and relevant assertions will be affected due to fraud in Pellegrino Shores:
1. Revenue: Since senior staff member has under-recorded revenue for the services provided.
Assertion affected related to revenue:
- a. Accuracy: Since, value of services has been changed hence for auditor it is difficult to determine the correct values for the services.
Assertion affected related to trade receivables/cash/bank:
- a. Valuation and allocation: Value at which receivables are recorded might be incorrect. This needs to be determined as senior staff member has recorded services at a lower value than actual.
Assertion affected related to inventories:
- a. Completeness: It is difficult to determine completeness of transactions as there is a chance that number of rooms in hand is difficult to determine because of changes made in the details.
- b. Existence: It is difficult to recognize number of rooms in hand exists at the period end.
System changeover always poses higher audit risks for the auditors as new system brings new challenges and hence these need to be addressed with an effective audit strategy.
This risk is less when there is a parallel changeover. “The existing technology and the new technology operate concurrently until there is confidence that the new technology is satisfactory” (Badiru, 1996, p. 34)
Revenue is always assumed to be having significant risk unless it can be rebutted.
Following are the associated audit risks in system changeover in St. Neville’s Revenue Patient System:
- Revenue and receivables population may not be complete or incorrect. Since due to power shortage data related to last two weeks means last week of June 2019 and first week of July 2019 had to be reentered and hence there is a risk that some invoices may have been missed or incorrectly recorded.
- Value of invoices in last 15 days of June 2019 is incorrect as discharged patients had complained about that as mentioned by administration staff. Hence, there is a risk that bug correction has led to incorrect formula calculation for patient bill as formula itself is complex.
- There is a risk that names of customers on invoices are incorrect as there is an error noted in aligning master file of patients with the services provided to them which should have been aligned with a unique identifier instead of surnames as surnames could be common. This risk exists in whole population of receivables starting from 10 March 2019 to 30 June 2019.
- There is a risk of incorrect valuation of revenue and receivables as there is an error in the system in aligning master file of rates with billing system.
Following are pertinent questions to ask from internal audit with respect to changeover:
- Whether the changeover was parallel to the homegrown system or it was a direct changeover without any backup of data for the period from 10 March 2019 to 30 June 2019? If it is direct changeover then how internal audit function ensured that data when went live on 10 March 2019 was complete, accurate and reliable? If it is parallel changeover then how internal audit function ensured changeover was smooth and data migration is done accurately without risking its reliability?
- Have you noticed similar discrepancies as mentioned by administration staff during your cyclical review? And how you resolved that and what were your action points in this regard? Please share any internal audit report that was prepared particularly to this quarter.
Following audit strategy justifies the audit of new patient revenue system which would also, mitigate the associated audit risks:
- Since risk is high, the appropriate strategy will be to perform substantive tests.
- Performance of risk assessment procedures that include a detailed understanding of the processes and related controls in place and objective of each control that is designed. This can happen through the performance of walkthroughs.
- After gaining an understanding of the related processes and controls, testing of controls such as segregation of duties, access/authorization matrix.
Substantive audit strategy would also include:
Substantive Analytical Procedures: We can prepare monthly analysis in order to compare sales month by month in the current year and the corresponding month of the prior year.
Following additional information will be required from Acuity in respect of the following issues:
PART A and PART B:
- Key Account
Existence: the existence of sales is also at risk as there are higher chances that sales recorded are fictitious and hence some sales, in fact, might not exist.
This would mainly occur in commissions as base salaries are low.
In order to mitigate this risk, management would need to consider its internal control environment that would trigger fraud risk factors as per ASA-240 there is a rebuttable presumption that revenue carries significant risk of material misstatement.
- Management needs to put in place policies and procedures to strongly monitor internal controls relating to commissions.
- Existence: There is a risk that some customers might be fake and do not exist.
- Valuation: Valuation of receivables is at risk as there is likelihood that receivables might be overstated in line with revenue.
- Rights and obligations: There is a risk that some receivables might not hold the right to receive money.
Management needs to make its internal control environment strong by putting higher controls on additions/deletions of customer accounts in the system which would reduce the risk of fake customer accounts.
Management would also need to enforce proper authorization matrix with respect to preparation and approval of invoices relating to customer in order to ensure values mentioned in invoices are correct and relate to customers.
Following will additionally be required in order to effectively test for payments received from customers.
- Confirmations from customers should be obtained in order to ensure that same balance exist from sample of customers. Confirmation is a request by the auditor directly from the customer to confirm whether the balance is owed to the Group or not. Confirmation can be positive or negative.
- If no responses have been received for confirmations sent, then alternative procedures will be performed i.e. tested subsequent receipts from bank statements and tracing them to customer account balance in order to ensure correct balances are stated.
- In accordance with the requirements of generally accepted accounting principles (GAAP), trade receivables are recorded by netting off with provision for doubtful debts for those customers that seem uncollectible. Management’s estimate for provision will be assessed based on historical trends and other specific factors and ensured that balances stated are correct. Management’s estimate could change from prior periods hence it is important to note the reasons for such changes and whether such changes are acceptable, if there is any change.
- It also needs to be assessed whether the Group has entered into any factoring arrangement i.e. to sell trade receivables to external financing company, if there is any agreement then we shall verify the terms of the arrangement and whether or not it is recorded accordingly.
- Type of test
- Key assertion
- Reasonableness of conclusion
- Additional audit procedures
1. Selection of 15 suppliers
- Substantive test
- The conclusion reached is not reasonable as we two creditors were overstated.
- Hence, test of control fails so we use substantive test
- Although balances were marginally overstated in 2 suppliers, it cannot be concluded as reasonable and following additional procedures shall need to be undertaken:
- Monthly suppliers’ confirmations/statement of accounts can be requested and matched with the supplier ledger balances to identify difference.
- Vouch to relevant supporting documentation and reasons for difference shall be obtained.
2. Selection of 20 suppliers’ invoices
- Test of control
- Valuation and allocation,
The conclusion reached is acceptable and reasonable.
Three invoices out of twenty refers to deviation of a control and hence in this regard following additional procedures need to be performed:
- Specific reasons for non-authorization of invoices shall be obtained and will be assessed whether these are reasonable.
- Calculation for invoices shall be reviewed and checked where incorrect discount rates have been applied.
- Prices and quantities will be matched to purchase orders and goods received notes respectively.
The key assertion that is at risk is Occurrence. Since fictitious overtime claims can be made as payment may be incorrect as fictitious overtime hours can be put.
Another assertion at risk is Accuracy. Overtime claims may be correct, but rates applied may be incorrect as it seems like there is a customary practice and no designed policy.
Preventive Internal Control:
Authorization of overtime in accordance with designed overtime policy: There should be proper authorization matrix in place to approve overtime based on cadre and eligibility and actual working of overtime hours worked by the staff. This policy should also incorporate the calculation method, application of rates and cadre wise eligibility so that it makes it easy for the approver to authorize.
Detective Internal Control:
“Detective controls are internal controls that are used to identify events or errors if they have occurred” (Gay & Simnet, 2017)
Maintenance of time sheets and regular checks for overtime sheets: There should be effectively maintained overtime sheets for staff working in overtime hours who shall put start and end time for overtime hours worked and one should be supervising it.
On daily basis, before authorization of overtime approver should check the eligibility and actual hours worked in overtime in order to correctly approve the amount without any discrepancy. This can be done through a system in place that can help supervisor to check for the calculations and to return back in case of discrepancies identified.
- Gay, G. E., & Simnett, R. (2017). Auditing and assurance services in Australia. North Ryde, N.S.W. Mcgraw-Hill Education (Australia).
- Badiru, A. B. (1996). Project Management in Manufacturing and High Technology Operations. Hoboken, NJ: John Wiley & Sons.