ExpertACCA · Question 18 · Audit and Assurance
SECTION B: CONSTRUCTED RESPONSE
SCENARIO: CLOUDSERVE SOLUTIONS
You are the audit manager for CloudServe Solutions, a technology company providing Software as a Service (SaaS) to corporate clients. The financial year ended on 31 March 20X6. The audit fieldwork is complete, and the auditor's report is due to be signed on 15 May 20X6.
On 5 May 20X6, a massive data breach occurred at CloudServe. Hackers bypassed the company's security protocols and stole sensitive data belonging to CloudServe's largest clients.
On 10 May 20X6, the national data protection regulator announced a preliminary fine of $15 million against CloudServe for gross negligence in data security. Furthermore, three major clients immediately cancelled their multi-year contracts, citing breach of trust.
CloudServe's draft financial statements show a profit before tax of $5 million and total cash reserves of $2 million. The company's updated cash flow forecast, prepared on 12 May, shows negative cash balances by September 20X6.
Management has refused to adjust the financial statements for the year ended 31 March 20X6, arguing that the hack occurred in May, which is after the year-end. They are willing to include a brief note in the financial statements mentioning a 'minor cybersecurity incident'.
REQUIREMENTS:
(a) Explain the auditor's responsibility regarding subsequent events occurring between the date of the financial statements and the date of the auditor's report. (4 marks)
(b) Assess whether the data breach and subsequent fine represent an adjusting or non-adjusting event under IAS 10, and explain the required accounting treatment. (6 marks)
(c) Discuss the implications of these events on CloudServe's ability to continue as a going concern, and describe the audit procedures you should perform to assess this. (10 marks)
SECTION B: CONSTRUCTED RESPONSE
SCENARIO: CLOUDSERVE SOLUTIONS
You are the audit manager for CloudServe Solutions, a technology company providing Software as a Service (SaaS) to corporate clients. The financial year ended on 31 March 20X6. The audit fieldwork is complete, and the auditor's report is due to be signed on 15 May 20X6.
On 5 May 20X6, a massive data breach occurred at CloudServe. Hackers bypassed the company's security protocols and stole sensitive data belonging to CloudServe's largest clients.
On 10 May 20X6, the national data protection regulator announced a preliminary fine of $15 million against CloudServe for gross negligence in data security. Furthermore, three major clients immediately cancelled their multi-year contracts, citing breach of trust.
CloudServe's draft financial statements show a profit before tax of $5 million and total cash reserves of $2 million. The company's updated cash flow forecast, prepared on 12 May, shows negative cash balances by September 20X6.
Management has refused to adjust the financial statements for the year ended 31 March 20X6, arguing that the hack occurred in May, which is after the year-end. They are willing to include a brief note in the financial statements mentioning a 'minor cybersecurity incident'.
REQUIREMENTS:
(a) Explain the auditor's responsibility regarding subsequent events occurring between the date of the financial statements and the date of the auditor's report. (4 marks)
(b) Assess whether the data breach and subsequent fine represent an adjusting or non-adjusting event under IAS 10, and explain the required accounting treatment. (6 marks)
(c) Discuss the implications of these events on CloudServe's ability to continue as a going concern, and describe the audit procedures you should perform to assess this. (10 marks)
How to approach this question
Full Answer
Common mistakes
Practice the full ACCA AA — Audit and Assurance Practice Exam 4
18 questions · hints · full answers · grading