ACCA F8 Audit & Assurance: Exam-Ready Cheat Sheet
AUDIT RISK = IR × CR × DR
- Inherent Risk = Susceptible by nature (e.g. cash, estimates)
- Control Risk = Risk controls won't catch it
- Detection Risk = Risk auditor misses it
- -> Higher risk? Do more substantive procedures
CONTROL DEFICIENCIES (ISA 265)
- - No review of payroll/overtime -> Add independent review & sign-off
- - Verbal changes (tax/pay) -> Require written & authorised instruction
- - No segregation of duties -> Separate authorising, recording, custody
- - Manual entry errors -> Use automated validation + reviews
- - Shared passwords -> Restrict access + use logs
- - No reconciliations -> Reconcile monthly, with review
- - Missing audit trail -> Use pre-numbered documents
TESTS OF CONTROL - Examples
- - Authorisation: Inspect sample for signed approval
- - Payroll hours: Match clock-in to payroll report
- - Sequential docs: Perform sequence check
- - Observe physical inventory count
- - Review user access logs
SUBSTANTIVE PROCEDURES (by assertion)
- Inventory - Existence: Attend count, inspect stock
- Inventory - Valuation: Compare cost to NRV, check for obsolete
- Payroll - Accuracy: Recalculate gross/net pay
- Receivables - Occurrence: Match GDN to invoice
- Payables - Completeness: Review unmatched GRNs
- Revenue - Cut-off: Check invoice vs dispatch date
ANALYTICAL PROCEDURES
- - Compare this year vs. last year
- - Ratios: payroll / staff, GP%, expenses / revenue
- - Budget vs actual
TEST OF CONTROL VS SUBSTANTIVE
- Test of Control = Check if control works
- Substantive = Check actual numbers
- -> Use both if high risk
INTERNAL AUDIT RELIANCE
- Check for: Competence, Objectivity, Work quality
SIGNIFICANT DEFICIENCIES?
- - High risk of misstatement
- - Related to fraud/systemic issue
- - No compensating control -> Must report (ISA 265)
MNEMONICS
- COVERPE = Assertions: Completeness, Occurrence, Valuation, Existence, Rights, Presentation, Exactness
- SPOT = Audit Risk: Systemic, Predictable, Overlooked, Total Risk = IR × CR × DR