CFE Day 2 & 3: Common Testing Scenarios – Audit & Assurance

First Time Audits:

Create an audit planning memo using Risk, Approach, Materiality, Procedures (RAMP) that is specific to the implications of the client situation.


Use risk factors that are case facts and specific to the client. State the “therefore” factor of the risk.

Ex- Risk is increased because there is a new controller “therefore” there is a greater chance of accounting errors and the controller also has a bias to show strong performance.


State each user, and how they will use the financial statements:

Ex: The shareholders will rely on the f/s to assess the company’s performance, they will rely on earnings of the f/s.

There is usually 2-3 users to identify.

Suggest materiality bases that are suitable & conclude on one.

Suggest factors that indicate a low range of materiality and also a higher amount of materiality.

Calculate materiality. (Materiality should be done after all accounting adjustments are made)

Explain and calculate performance materiality (if you have the time, this is not vital and is only marginally beneficial).


The overall goal of approach is to conclude on either a substantive or combined audit approach.

To do this, identify if there are control weaknesses.

Control weaknesses (manual systems, lack of segregation) would suggest that you conclude a substantive approach.

Strong internal controls would suggest you conclude that a combined approach be used.

As this is a first time audit, you also always need to say:

“We need to document the client’s controls to see if we can rely on them.” This will score you additional points in getting to a C.


For audit & review procedures, I find it easiest to make tables in Secure Exam that have 4 columns to make it easy for you, and clear to your marker.

Area Risk Assertion Procedure
PPE Risk PPE is overstated because signs of impairment exist Valuation


Repeat Audits:

They are like first time audits and will generally follow the same RAMP approach but watch out for the following:


Be sure to only identify risk factors pertaining to  what has changed in this fiscal year. Risk factors that were the same in the last audit will not award you points.


Remember to link materiality to users, not risk.

Review Engagement: (tested on September 2017 Day 3 Case 1 CFE):

Go through the normal RAMP approach as discusses above, however there is no approach section in reviews.

For procedures be sure you only state review procedures, as it is very easy to fall into the habit of dumping audit procedures that you have memorized over the course of Capstone 2.

Review procedures are commonly: Analytical procedures, inquiry, and discussion.

Special Engagement Reporting Options:

This is a topic mainly for people who have depth in assurance, it is very unlikely to come on a day 3 exam (although it may) because it is very technical.

  • To score at least an RC here, you need to identify appropriate reporting options and evaluate each report’s pros & cons. They may also ask for procedures that can be performed to test compliance with the report.
  • It is very important to conclude on a report that you recommend for the situation.
    • Points are awarded for concluding (having a conclusion), NOT for having the correct answer in your conclusion. So be sure to always conclude on a report even if you are not confident in your answer.
  • Common Reports on CFE
    • CAS 800
    • Section 9100 – Almost always is a reasonable report option
    • Sect 8600
    • Section 5815
    • Section 5100
    • CAS 805

A more detailed writeup about the specific reports will come later.

Control Weaknesses (Identification, Implication, Recommendation):

The case will almost always ask you to identify any control weaknesses if such assessment opportunity exists. In order to score a C you must ID the control weakness, state the implication, and suggest an improvement each control.  This is known as the WIR method (weakness, implication, recommendation). You can almost guarantee you will see this testing scenario on every CFE because it is a very reasonable topic that allows the CFE to test for depth and breadth.


This was tested on day 2 of the September 2017 CFE. We were asked to identify and explain the various independence factors and suggest ways that we can mitigate the factors. This is an easy AO if you can come up with an acronym for the independence factors:

I used FAISS




Self Interest

Self Review

Assessing Another Auditor’s Work:

You need to assess the internal auditor’s competence and objectivity. In order to do so, it is easiest to become familiar with the handbook section for this topic as it is an easy find once you know where it is.

Examples of factors you need to asses would be: is the auditor part of a professional body? Does the auditor have a professional designation?

Look to the assurance section of the handbook Canadian Auditing Standards-> CAS610

Objectivity factors are listed in paragraph A7 & Competence factors are listed in paragraph A8.

Be sure to discuss some of each component & to conclude!

Remember: Conclusions are almost always a requirement to be awarded a Competent.


3,521 thoughts on “CFE Day 2 & 3: Common Testing Scenarios – Audit & Assurance