Based on the below financial statements ( which include Income Statement, Balance Sheet, Cash flows, and Ratios) and AS 2110 Auditing Standards excerpts, please answer the questions below.

NEXT STEPS TAB

1. Describe the next steps in the audit based on the risk assessment. Consider the following:
   1. How do the internal and external risk factors inform the audit to be performed?

AUDIT TESTS NEEDED TAB

1. Determine the audit tests needed through financial data analysis. Include the following:
   1. What tests are needed?
   2. What issues were found warranting the need for selected tests?

ERRORS TAB

1. Analyze audit evidence for errors from financial data. Include the following:
   1. Found errors
   2. Impact of errors on the external audit
   3. Explanation of possible errors from financial data

AUDIT STRATEGIES TAB

1. Describe how these audit strategies support the client profile and risk areas.

EVIDENCE NEEDED TAB

1. Determine evidence needed for substantive testing and risk assessment based on audit findings. Consider the following:
   1. What other sample reports or materials need to be requested to fulfil this audit?

Revenues Costs and expenses: Cost of sales Selling and administrative Interest expense Other (income)/expense, net Total costs and expenses Income before income taxes Income taxes MNet income Keystone Consolidated Statement of Income For the year ended December 31, 2025 5 364,953,846 222,496,154 104850000 | 1,257,692 1,311,539 For the year ended - 345,965,385 310,611,539 35,353,846 13,080,769 22,273,077 2 o = o 2 = o = Lt o = Consolidated Balance Sheet ASSETS December 31, 2025 December 31, 2024 Current assets: Cash and cash equivalents 11,692,308 9,780,769 Accounts receivable, less allowance for doubtful accounts of $2,773,077 and $2,515,385 62,361,538 60,361,539 Trading securities (Inventory) 54,773,077 65,615,385 Investments (Derivatives) 14,460,577 14,852,885 Deferred income taxes 3,357,692 3,288,461 Prepaid expenses and other current assets 5,250,000 7,276,923 Total current assets 151,895,192 151,175,962 Property and equipment, net 62,261,539 60,900,000 Identifiable intangible assets and goodwill, net 3,820,192 3,950,961 Deferred income taxes and other assets 5,853,846 9,238,462 Total assets 3,830,76 225,265,385 LIABILITIES AND SHAREHOLDERS' EQUITY Current liabilities: Current portion of long-term debt 207,692 1,926,923 Notes payable 28,896,154 35,546,154 Accounts payable 20,615,385 20,915,385 Accrued liabilities 18,157,692 23,336,581 Income taxes payable 842,308 582,650 Total current liabilities 68,719,231 82,307,693 Long-term debt 16,765,384 18,088,462 Deferred income taxes and other liabilities 3,942,308 4,253,846 Shareholders' equity Common stock at par value 107,692 107,692 Capital in excess of par value 17,669,231 ,192,308 Unearned stock compensation (380,769) (450,000) Accumulated other comprehensive income (5,850,000 (4,273,077) Retaining earnings 122,857,692 111,038,461 Total shareholders equity 134,403,846 120,615,384 Total liabilities and shareholders' equity $ 223,830,769 $ 225,265,385Condensed Cash Flow Statement Cash provided by operations Cash used by investing activities Cash used by financing activities Effect of exchange rate changes on cash Met increase in cash and cash equivalents Cash and cash equivalents, beginning of year Cash and cash equivalents, end of year I *Includes dividends paid of 54,388,462 in 2025 and _ $5,119,231 in 2024 ] Liguidity Ratios Current ratio = CA/CL Acid-test {quick) ratio = Liquid assets/CL Inventory turnover in days Receivables turnover in days Payables turnover in days Gross operating cycle MNet operating cycle Solvency ratios Debt to equity Times interest earned Profitability ratios Gross profit margin Profit margin Return on assets Return on stockholders' equity 2025 2024 . . ( ( , 89,426,923 = 66.5% 104,650,001 = 86.7% 134,403,846 120,615,384 35,438,461 +1,257,682 =29.2 35,353,846 +1,730,769 =214 1,257,692 1,730,769 345,965,385-207,838,462 = 39.9% 364,953,346 345,965,385 22,680,769 = 6.2% 22,273,077 = 6.4% 364,953,346 345,965,385 22,680,769 =10.1% 22,273,077 =9.9% (223,830,769+225,265,385)/2 225,265,385 22,680,769 =17.7% 22,273,077 =18.5% 134,403,846+120,615,384) /2 120,615,384 364,953,846-222,496,154 = 39.0% Identifying and Assessing Risks of Material Misstatement This standard establishes requirements regarding the process of identifying and assessing risks of material misstatement of financial statements. Risks of material misstatement can arise from a variety of sources, including external factors, such as conditions in the company's industry and environment, and company-specific factors, such as the nature of the company, its activities, and internal control over financial reporting. For example, external or company-specific factors can affect the judgments involved in determining accounting estimates or create pressures to manipulate the financial statements to achieve certain financial targets. Also, risks of material misstatement may relate to personnel who lack the necessary financial reporting competencies, information systems that fail to accurately capture business transactions, or financial reporting processes that are not adequately aligned with the requirements in the applicable financial reporting framewaork. Thus, the audit procedures that are necessary to identify and appropriately assess the risks of material misstatement include consideration of both external factors and company-specific factors. This standard discusses the following risk assessment procedures: 06 In an integrated audit, the risks of material misstatement of the financial statements are the same for both the audit of internal control over financial reporting and the audit of financial statements. The auditor's risk assessment procedures should apply to both the audit of internal control over financial reporting and the audit of financial statements. Obtaining an Understanding of the Company and Its Environment .07 The auditor should obtain an understanding of the company and its environment ("understanding of the company\") to understand the events, conditions, and company activities that might reasonably be expected to have a significant effect on the risks of material misstatement. Obtaining an understanding of the company includes understanding: a. Relevant industry, regulatory, and other external factors. b. The nature of the company. c. The company's selection and application of accounting principles, including related disclosures. d. The company's objectives and strategies and those related business risks that might reasonably be expected to result in risks of material misstatement; and e. The company's measurement and analysis of its financial performance. Industry, Regulatory, and Other External Factors .09 Obtaining an understanding of the relevant industry, regulatory, and other external factors encompass industry factors, including the competitive environment and technological developments; the regulatory environment, including the applicable financial reporting framework and the legal and political environment; and external factors, including general economic conditions. Mature of the Company 10 Obtaining an understanding of the nature of the company includes understanding: * The company's organizational structure and management personnel. * The sources of funding for the company's operations and investment activities, including the company's capital structure, noncapital funding (e.g., subordinated debt or dependencies on supplier financing), and other debt instruments. * The company's significant investments, including equity method investments, joint ventures, and variable interest entities. * The company's operating characteristics, including its size and complexity. * MNote: The size and complexity of a company might affect the risks of misstatement and how the company addresses those risks. * The sources of the company's earnings, including the relative profitability of key products and services; and * Key supplier and customer relationships. Company Objectives, Strategies, and Related Business Risks Mote: Some relevant business risks might be identified through other risk assessment procedures, such as obtaining an understanding of the nature of the company and understanding industry, regulatory, and other external factors. A5 The following are examples of situations in which business risks might result in a material misstatement of the financial statements: s Industry developments (a potential related business risk might be, e.g., that the company does not have the personnel or expertise to deal with the changes in the industry.) * MNew products and services (a potential related business risk might be, e.g., that the new product or service will not be successful.) * Use of information technology (\"IT") (a potential related business risk might be, e.g., that systems and processes are incompatible.) MNew accounting requirements (a potential related business risk might be, e.g., incomplete, or improper implementation of a new accounting requirement.) * Expansion of the business (a potential related business risk might be, e.g., that the demand for the company's products or services has not been accurately estimated.) s The effects of implementing a strategy, particularly any effects that will lead to new accounting requirements (a potential related business risk might be, e.g., incomplete, or improper implementation of the strategy.) Obtaining an Understanding of Internal Control Over Financial Reporting .18 The auditor should obtain a sufficient understanding of each component of internal control over financial reporting (\""understanding of internal control\") to (a) identify the types of potential misstatements, (b) assess the factors that affect the risks of material misstatement, and (c) design further audit procedures. 19 The nature, timing, and extent of procedures that are necessary to obtain an understanding of internal control depend on the size and complexity of the company; the auditor's existing knowledge of the company's internal control over financial reporting; the nature of the company's controls, including the company's use of IT; the nature and extent of changes in systems and operations; and the nature of the company's documentation of its internal control over financial reporting. Procedures the auditor performs to obtain evidence about design effectiveness include inguiry of appropriate personnel, observation of the company's operations, and inspection of relevant documentation. Walkthroughs, as described in paragraphs .37-.38, that include these procedures ordinarily are sufficient to evaluate design effectiveness. Mote: Determining whether a control has been implemented means determining whether the control exists and whether the company is using it. The procedures to determine whether a control has been implemented may be performed in connection with the evaluation of its design. Procedures performed to determine whether a control has been implemented include inquiry of appropriate personnel, in combination with observation of the application of controls or inspection of documentation. Control Environment 23 The auditor should obtain an understanding of the company's control environment, including the policies and actions of management, the board, and the audit committee concerning the company's control environment. .24 Obtaining an understanding of the control environment includes assessing: * Whether management's philosophy and operating style promote effective internal control over financial reporting. s Whether sound integrity and ethical values, particularly of top management, are developed and understood; and * Whether the board or audit committee understands and exercises oversight responsibility over financial reporting and internal control. The Company's Risk Assessment Process Obtaining an understanding of the company's risk assessment process includes obtaining an understanding of the risks of material misstatement identified and assessed by management and the actions taken to address those risks. Information and Communication 28 Information System Relevant to Financial Reporting. The auditor should obtain an understanding of the information system, including the related business processes, relevant to financial reporting, including: f. The classes of transactions in the company's operations are significant to the financial statements. g. The procedures, within both automated and manual systems, by which those transactions are initiated, authorized, processed, recorded, and reported. h. The related accounting records, supporting information, and specific accounts in the financial statements that are used to initiate, authorize, process, and record transactions. i. How the information system captures events and conditions, other than transactions, that are significant to financial statements. J. Whether the related accounts involve accounting estimates and if so, the processes used to develop accounting estimates, including: o The methods used may include models. o The data and assumptions used, including the source from which they are derived; and o The extent to which the company uses third parties (other than specialists), including the nature of the service provided and the extent to which the third parties use company data and assumptions; and k. The periocd-end financial reporting process. The auditor also should obtain an understanding of how IT affects the company's flow of transactions. The identification of risks and controls within IT is not a separate evaluation. Instead, it is an integral part of the approach used to identify significant accounts and disclosures and their relevant assertions and, when applicable, to select the controls to test, as well as to assess risk and allocate audit effort. Control Activities The auditor should obtain an understanding of control activities that is sufficient to assess the factors that affect the risks of material misstatement and to design further audit procedures, as described in paragraph .18 of this standard. As the auditor obtains an understanding of the other components of internal control over financial reporting, he or she is also likely to obtain knowledge about some control activities. The auditor should use his or her knowledge about the presence or absence of control activities obtained from the understanding of the other components of internal control over financial reporting in determining the extent to which it is necessary to devote additional attention to obtaining an understanding of control activities to assess the factors that affect the risks of material misstatement and to design further audit procedures. Mote: A broader understanding of control activities is needed for relevant assertions for which the auditor plans to rely on controls. Also, in the audit of internal control over financial reporting, the auditor''s understanding of control activities encompasses a broader range of accounts and disclosures than what is normally obtained in a financial statement audit. Monitoring of Controls The auditor should obtain an understanding of the major types of activities that the company uses to monitor the effectiveness of its internal control over financial reporting and how the company initiates corrective actions related to its controls. An understanding of the company's monitoring activities includes understanding the source of the information used in the monitoring activities. Performing Walkthroughs As discussed in paragraph .20, the auditor may perform walkthroughs as part of obtaining an understanding of internal control over financial reporting. For example, the auditor may perform walkthroughs in connection with understanding the flow of transactions in the information system relevant to financial reporting, evaluating the design of controls relevant to the audit, and determining whether those controls have been implemented. In performing a walkthrough, the auditor follows a transaction from origination through the company's processes, including information systems, until it is reflected in the company's financial records, using the same documents and IT that company personnel use. Walkthrough procedures usually include a combination of inguiry, observation, an inspection of relevant documentation, and re-performance of controls. Relationship of Understanding of Internal Control to Tests of Controls 35 The objective of obtaining an understanding of internal control, as discussed in paragraph .18 of this standard, is different from testing controls for the purpose of assessing control risk or for the purpose of expressing an opinion on internal control over financial reporting in the audit of internal control over financial reporting. The auditor may obtain an understanding of internal control concurrently with performing tests of controls if he or she obtains sufficient appropriate evidence to achieve the objectives of both procedures. Also, the auditor should consider the evidence obtained from understanding internal control when assessing control risk and, in the audit of internal control over financial reporting, forming an opinion about the effectiveness of internal control over financial reporting