BASIC CONCEPTS IN

AUDITING
KUSALA KARUNARATNE
DEFINITION:

Audit is the examination or inspection of various books of accounts by

an auditor followed by physical checking of inventory to make sure that
all departments are following documented system of recording
transactions. It is done to ascertain the accuracy of financial statements
provided by the organization.

When such an examination is conducted with a view to express an

opinion thereon.
RELATIONSHIP BETWEEN AUDITING AND ACCOUNTING

• When accounting process ends, auditing begins, for the purpose of determining the
true and fair picture of books of accounts. It is an activity of record keeping and
preparation & presentation of the financial statement. Accounting is used by the firms for
keeping a track of their monetary transactions. It is the language the business
understands, as it is the tool for reporting financial statement of the business entity.
 KEY DIFFERENCES BETWEEN ACCOUNTING AND
AUDITING

• Accounting is an art of orderly, keeping the records of the monetary transactions and preparation of the
financial statements of the company. Auditing is an analytical task which involves the independent evaluation
of the financial information to express an opinion on true and fair view.
• Accounting is governed by Accounting Standards, whereas Standards on Auditing governs Auditing.
• Accounting is a simplified task, which is performed by the Accountants but Auditing is a complex task, so
Auditors are required for performing it.
• The main purpose of accounting is to reveal the profitability position, financial position and performance of
the organization. Conversely, auditing is to check the correctness of the financial statement.
• Accounting is a continuous activity. Unlike Auditing, which is a periodic activity.
• End of Accounting is the start of Auditing.
 DIFFERENCE BETWEEN AUDITING AND INVESTIGATION

In general, Auditing is conducted to verify the extent of truthfulness and

fairness of the financial records of an entity, but Investigation is performed
to prove a certain fact. The scope of the auditing is based on the Standards
on Auditing, but the scope of the investigation rests on the terms of
engagement. It is quite normal that people get confused between these two
terms easily due to lack of knowledge and proper understanding.
 KEY DIFFERENCES BETWEEN AUDITING AND INVESTIGATION

• The process of inspecting the financial statement of an entity and then giving an independent opinion on it is known as Auditing. A
careful and detailed study of the books of accounts to discover truth is known as Investigation.
• Auditing is a general examination while Investigation is critical in nature.
• The evidence obtained from audit process are persuasive. Conversely, the nature of evidence obtained from Investigation process is
conclusive.
• Auditing is conducted every year, but Investigation is conducted as per the needs of the organization.
• Auditing is performed by the auditor whereas an expert team does the performance of an investigation.
• Auditing is compulsory for every company. On the other hand, the investigation is discretionary.
• Auditing verifies the true and fair view of the financial statement while Investigation is performed to establish a fact.
• the appointment of an auditor is made by the shareholders of the company. As against this, an investigator is appointed by the
owners/management or one-third party.
• The scope of auditing is general, which attempts to give an opinion on the financial statement of the company. On the contrary, the
scope of the investigation is limited as it attempts to answer only those questions that are asked in the engagement letter
WHAT IS INTERNAL AUDIT?

• According to the Institute of Internal Auditors, “the role of internal audit is to provide
independent assurance that an organization’s risk management, governance, and internal
control processes are operating effectively.” Internal audit is conducted objectively and
designed to improve and mature an organization’s business practices.

• Internal auditing provides insight into an organization’s culture, policies, procedures, and
aids board and management oversight by verifying internal controls such as operating
effectiveness, risk mitigation controls, and compliance with any relevant laws or
regulations.
 REASONS WHY INTERNAL AUDIT IS IMPORTANT

Internal audit programs are critical for monitoring and assuring that all of your business assets have
been properly secured and safeguarded from threats. It is also important for verifying that your
business processes reflect your documented policies and procedures. Here are 5 reasons that
Internal Audit is important:
1. Provides Objective Insight
You can’t audit your own work without having a definite conflict of interest.Your internal auditor, or
internal audit team, cannot have any operational responsibility to achieve this objective insight. In
situations where smaller companies don’t have extra resources to devote to this, it’s acceptable to
cross-train employees in different departments to be able to audit another department. By providing
an independent and unbiased view, the internal audit function adds value to your organization.
 REASONS WHY INTERNAL AUDIT IS IMPORTANT

2. Improves Efficiency of Operations

By objectively reviewing your organization’s policies and procedures, you can receive assurance that you are
doing what your policies and procedures say you are doing, and that these processes are adequate in mitigating
your unique risks. By continuously monitoring and reviewing your processes, you can identify control
recommendations to improve the efficiency and effectiveness of these processes. In turn, allowing your
organization to be dependent on process, rather than people.
3. Evaluates Risks and Protects Assets
An internal audit program assists management and stakeholders by identifying and prioritizing risks through a
systematic risk assessment. A risk assessment can help to identify any gaps in the environment and allow for a
remediation plan to take place. Your internal audit program will help you to track and document any changes
that have been made to your environment and ensure the mitigation of any found risks.
REASONS WHY INTERNAL AUDIT IS IMPORTANT

4. Assesses Controls
Internal audit is beneficial because it improves the control environment of the organization
by assessing efficiency and operating effectiveness. Are your controls fulfilling their purpose?
Are they adequate in mitigating risk?
5. Ensure Compliance with Laws and Regulations
By regularly performing an internal audit, you can ensure compliance with any and all
relevant laws and regulations. It can also help provide you with peace of mind that you are
prepared for you next external audit. Gaining client trust and avoiding costly fines
associated with non-compliance makes internal audit an important and worthwhile activity
for your organization.
 WHAT IS EXTERNAL AUDIT?

An external audit, defined as a company audit which is performed by

a party which is not a department or employed by business to be
audited, are very commonly performed. The external audit approach
has 2 main purposes: The company believes an outside party will be
more efficient at the work or because a governmental entity, such as
the IRS, is auditing the business.
IMPORTANCE OF EXTERNAL AUDIT

• AN EXTERNAL AUDIT IMPROVES INTERNAL SYSTEMS AND CONTROLS

Auditors do not just focus on the numbers but will gain an understanding of the businesses
overall systems and controls environment. This will enable them to identify deficiencies in the
accounting systems or controls for which recommendations can be made, making your business
more efficient and less prone to fraud or error.
• AN EXTERNAL AUDIT PROVIDES CREDIBILITY
Having your financial statements verified by an external auditor can lead to more credibility
in the business marketplace than those that have not. Should you be seeking to raise finance
or sell your business in the future, providing audited accounts gives security that your accounts
are free from material error or malpractice, making you more likely to be successful in
achieving your goals.
• AN EXTERNAL AUDIT GIVES SHAREHOLDERS CONFIDENCE
Many business are run by a small board of directors on behalf of the shareholders who can
be remote and have little involvement in the day to day operations. An independent review
of the financial statements can provide transparency to the shareholders that the
company is being run within their best interests and can highlight any issues that have
occurred which may not have been brought to their attention.
AUDIT EVIDANCE

• Audit Evidence refers to any information

obtained by the auditor so that he can draw
conclusions & express opinion on the financial
statement
FEATURES OF AUDIT EVIDENCE:
FACTORS TO DETERMINE SUFFICIENCY & APPROPRIATENESS

Degree of risk of misstatement.

The result of audit procedure i.e., any fraud &error detected by auditor.
Materiality of item.
Type of information available.
Experience gained during previous audit.
Trend shown by accounting ratios etc.
TYPES OF AUDIT EVIDENCE
DIFFERENCE B/W INTERNAL &EXTERNAL EVIDENCE

BASIS INTERNAL EXTERNAL

MEANING Created & retained within Originates outside client’s

client’s organization organization
EXAMPLE Copies of sales invoice, wage Purchase invoice , bank statements
sheet
SOURCE Inside the entity Outside the entity

RELIABILITY Less reliable More reliable

PROCEDURES TO OBTAIN EVIDENCE

• Compliance procedures
• Substantive procedures
 COMPLIANCE PROCEDURES

Compliance procedures are performed to check designing, operating

effectiveness and continuity of I.C. system. Auditor performs compliance
procedures in respect of the following assertions relating to internal control
system:

• EXISTENCE: that the internal control exists.

• OPERATING EFFECTIVENESS: that the I.C. system is operating effectively.
• CONTINUITY: that the internal control has been so operated throughout the
period.
 SUBSTANTIVE PROCEDURE

Substantive procedures are performed to check completeness, accuracy and validity of transactions
and balances. Auditor performs substantive procedures in respect of following assertions relating
to data produced by accounting system:
MEASAUREMENT: that a transaction is recorded in the proper period at proper amount.
PRESENTATION AND DISCLOSURE: an item is disclosed, classified and described as per
recognized accounting policies and relevant statutory requirements, if any.
EXISTENCE: that an asset or liability exists at a given date.
VALUATION: that an asset or liability is recorded at an appropriate carrying value.
METHODS TO OBTAIN EVIDENCE

Methods to
obtain evidence

Inquiry and Analytical

Inspection Observation confirmation Computation review Reperformance
AUDIT RISK

Audit risk is the risk that the financial statements are materially incorrect, even though the
audit opinion states that the financial reports are free of any material misstatements.
Because creditors, investors, and other stakeholders rely on the financial statements, audit
risk may carry legal liability for a CPA firm performing audit work.
THREE TYPE OF AUDIT RISK

 Inherent Risks:
 Control Risk

Detection risk
INHERENT RISKS:

Inherent Risks:
Inherent risk refer to the risk that could not be protected or detected by entity’s internal
control.This risk could happened as the result of complexity of client nature of business or
transactions. Sometime, that nature of business could link to complexity of financial
transactions and require high involvement with judgement.
The risk is normally high if the transaction or even involve highly with human judgement.
For example, the exposure in complex derivative instrument.This kind of risk could also be
effected by external environment; for example, climate change, political problem, or some
other PESTEL effect to the business.
CONTROL RISK

• Control risk or internal control risk is the risk that current internal control could not detect
or fail to protect significant error or misstatement in the financial statements. Basically,
managements are required to set up and assess the effectiveness and efficiency of internal
control over financial reporting to make sure that financial statements are free from material
misstatements. Why is weak internal control lead bring risk to auditor?
• Auditor need to understand and assess client’s internal control over financial reporting
conclude that whether those control could be rely on or not. If the client internal control
seem to be strong, then audit need to confirm if the control is worked by testing internal
control
• Eg ; Not recording transaction or system issues
DETECTION RISK

• Well detection risk is the risk that auditor fail to detect the material misstatement in the
financial statements and then issued incorrect opinion to the audited financial statements
 The common cause of detection risk is improper audit planning, poor engagement
management, wrong audit methodology, low competency and lack of understanding of
audit client. Detection risk is occurred because of auditor part rather than client part.
For example, if audit planning is poor, not all kind of risks are defined and the audit program that
use to detect those risks is deploy incorrectly