Solutions manual
to accompany
Audit and assurance
2nd edition
by
Leung et al.
© John Wiley & Sons Australia, Ltd 2023
, Chapter 9: Analytics in substantive procedures
Chapter 9: Analytics in substantive procedures
Review questions
9.11 Identify two factors that influence the amount of the ‘acceptable variance’ in a
substantive analytical procedure.
The acceptable variance will be strongly influenced by the materiality threshold set for
the client, and the level of detection risk considered appropriate for the account (a low
materiality threshold and low detection risk would require a low acceptable variance).
9.12 Identify three accounts that substantive analytical procedures could potentially be
used to test.
Discuss some issues that would need to be considered to confirm if the substantive
analytical procedures would be appropriate.
Some possible answers include: revenue, sales commission expense, salary and wage
expenses, superannuation, payroll tax, depreciation, amortisation, and finance expenses
(interest).
Some issues that should be considered include whether reliable data is available, and
whether predictable relationships between data exist. The auditor would also consider
the materiality of the account and the quality of evidence needed for the account.
9.13 Identify two analytical techniques that could be used as part of entire population
screening and explain how they could be useful.
Cluster analysis can be used as part of population screening. Clustering is used to
discover groups of similar items within data sets. Unusual items may be uncovered by
clustering because individual items do not belong to a group, or because an entire
subgroup is identified as abnormal. The auditor can consider whether these items are
high-risk and warrant further audit investigation.
Another technique that can be used for population screening is matching. With this
technique, the characteristics of two populations are matched to see if there are any
overlaps. Often the auditor uses this process with an expectation that there should be no
matches. For example, when auditing accounts payable, the auditor might attempt to
match addresses of creditors, or bank account numbers of creditors, with the addresses
of employees or the bank account numbers of employees. The auditor would not expect
a match in these two different populations, but a match might be an indicator of
fraudulent transactions.
© John Wiley and Sons Australia, Ltd 2023 9.2
, Solutions manual to accompany Audit and assurance 2e by Leung et al.
9.14 Provide two examples of items that “Do Not Fit the Auditor’s Expectation” per the
risk analysis decision tree (Figure 9.4). One example should be an acceptable
variation and the other an unacceptable variation.
A data analytics application might uncover two unexpected matches in the address
fields of the employee file and the vendor file. Further investigation might reveal that
the employee address and the vendor address are the same due to the fact that an
employee is married to a small business vendor working out of the home and a
proactive conflict of interest disclosure has already been filed with the company. In this
case, the item could be deemed an acceptable variation from expectations, In the other
case, the employee and vendor might turn out to be the same person, and the vendor
might be a fictitious vendor, which would be evidence of misappropriation of assets and
should be deemed an unacceptable variation.
9.15 Identify and briefly describe the five steps of performing audit data analytics.
The five steps of performing audit data analytics, in order, are:
1. Plan the data analytics – Determine the overall purpose and objectives, including
the assertion(s) to be tested. This step also includes identifying potential data
sources and the most appropriate tool.
2. Access and prepare the data for the data analytics – Access the necessary data from
the client and from external sources, and then prepare it for analysis.
3. Consider the relevance and reliability of the data used – The relevance and
reliability of the data should be evaluated in the context of the assertion(s) being
tested.
4. Perform the data analytics using appropriate tools. If the analysis has identified
items that warrant further investigation, plan and perform additional procedures as
needed.
5. Evaluate the results and draw conclusions – Determine if the purpose and specific
objectives have been achieved. If the objectives have not been achieved, plan and
perform different procedures to achieve those objectives. In the process of
performing a new analysis, the auditor will once again address each of these five
steps.
9.16 Are the quality of internal controls relevant when evaluating the reliability of
data to be used in audit data analytics? Explain why or why not and provide an
example.
The quality of internal controls is particularly relevant when evaluating the
reliability of data. If internal controls are weak, the data set may contain
misstatements and inaccuracies, or be incomplete. If such data were used, results
would be unreliable. In contrast, data that comes from a strong system of internal
controls provides some validation of the reliability of the data. Consider data about
inventory quantities as an example. The auditor should be more comfortable using
this data if they know that inventory on hand is regularly tested against recorded
values in the inventory system. This is just one example as other tests of internal
© John Wiley & Sons Australia, Ltd 2023 9.3
to accompany
Audit and assurance
2nd edition
by
Leung et al.
© John Wiley & Sons Australia, Ltd 2023
, Chapter 9: Analytics in substantive procedures
Chapter 9: Analytics in substantive procedures
Review questions
9.11 Identify two factors that influence the amount of the ‘acceptable variance’ in a
substantive analytical procedure.
The acceptable variance will be strongly influenced by the materiality threshold set for
the client, and the level of detection risk considered appropriate for the account (a low
materiality threshold and low detection risk would require a low acceptable variance).
9.12 Identify three accounts that substantive analytical procedures could potentially be
used to test.
Discuss some issues that would need to be considered to confirm if the substantive
analytical procedures would be appropriate.
Some possible answers include: revenue, sales commission expense, salary and wage
expenses, superannuation, payroll tax, depreciation, amortisation, and finance expenses
(interest).
Some issues that should be considered include whether reliable data is available, and
whether predictable relationships between data exist. The auditor would also consider
the materiality of the account and the quality of evidence needed for the account.
9.13 Identify two analytical techniques that could be used as part of entire population
screening and explain how they could be useful.
Cluster analysis can be used as part of population screening. Clustering is used to
discover groups of similar items within data sets. Unusual items may be uncovered by
clustering because individual items do not belong to a group, or because an entire
subgroup is identified as abnormal. The auditor can consider whether these items are
high-risk and warrant further audit investigation.
Another technique that can be used for population screening is matching. With this
technique, the characteristics of two populations are matched to see if there are any
overlaps. Often the auditor uses this process with an expectation that there should be no
matches. For example, when auditing accounts payable, the auditor might attempt to
match addresses of creditors, or bank account numbers of creditors, with the addresses
of employees or the bank account numbers of employees. The auditor would not expect
a match in these two different populations, but a match might be an indicator of
fraudulent transactions.
© John Wiley and Sons Australia, Ltd 2023 9.2
, Solutions manual to accompany Audit and assurance 2e by Leung et al.
9.14 Provide two examples of items that “Do Not Fit the Auditor’s Expectation” per the
risk analysis decision tree (Figure 9.4). One example should be an acceptable
variation and the other an unacceptable variation.
A data analytics application might uncover two unexpected matches in the address
fields of the employee file and the vendor file. Further investigation might reveal that
the employee address and the vendor address are the same due to the fact that an
employee is married to a small business vendor working out of the home and a
proactive conflict of interest disclosure has already been filed with the company. In this
case, the item could be deemed an acceptable variation from expectations, In the other
case, the employee and vendor might turn out to be the same person, and the vendor
might be a fictitious vendor, which would be evidence of misappropriation of assets and
should be deemed an unacceptable variation.
9.15 Identify and briefly describe the five steps of performing audit data analytics.
The five steps of performing audit data analytics, in order, are:
1. Plan the data analytics – Determine the overall purpose and objectives, including
the assertion(s) to be tested. This step also includes identifying potential data
sources and the most appropriate tool.
2. Access and prepare the data for the data analytics – Access the necessary data from
the client and from external sources, and then prepare it for analysis.
3. Consider the relevance and reliability of the data used – The relevance and
reliability of the data should be evaluated in the context of the assertion(s) being
tested.
4. Perform the data analytics using appropriate tools. If the analysis has identified
items that warrant further investigation, plan and perform additional procedures as
needed.
5. Evaluate the results and draw conclusions – Determine if the purpose and specific
objectives have been achieved. If the objectives have not been achieved, plan and
perform different procedures to achieve those objectives. In the process of
performing a new analysis, the auditor will once again address each of these five
steps.
9.16 Are the quality of internal controls relevant when evaluating the reliability of
data to be used in audit data analytics? Explain why or why not and provide an
example.
The quality of internal controls is particularly relevant when evaluating the
reliability of data. If internal controls are weak, the data set may contain
misstatements and inaccuracies, or be incomplete. If such data were used, results
would be unreliable. In contrast, data that comes from a strong system of internal
controls provides some validation of the reliability of the data. Consider data about
inventory quantities as an example. The auditor should be more comfortable using
this data if they know that inventory on hand is regularly tested against recorded
values in the inventory system. This is just one example as other tests of internal
© John Wiley & Sons Australia, Ltd 2023 9.3
