Auditing 1A STUDY GUIDE

STUDY GUIDE
Auditing 1A
AUA 3751
Bachelor of Accounting (Honours)
Centre for Open, Distance and e-Learning

Materials Development and Instructional Design Department
Auditing 1A
Copyright
Copyright©2017 University of Namibia. All rights reserved. No part of this publication may be
reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic,
mechanical, photocopying, recording or otherwise without the prior permission of the publishers.
Edited and Published by Centre for Open, Distance and e-Learning
University of Namibia, Windhoek
Re-branding Statement
We herewith acknowledge that this material/content was produced by the Centre for External Studies
at the University of Namibia which has been renamed CODeL.
Author: Elize Heyns
Content Editor: Wanda Fourie
Centre for Open, Distance and e-Learning

Materials Development and Instructional Design Department
Private Bag 13245
Pioneers Park
Windhoek
Namibia
Tel: +264 61 206 3676
Fax: +264 61 206 3016
E-mail: codel@unam.na
Website: www.unam.na
Table of Contents
ADMINISTRATION ................................................................................................................................... 4
WORD OF WELCOME ...................................................................................................................... 4
CONTACT PERSONS ......................................................................................................................... 4
MODULE OUTCOMES ...................................................................................................................... 4
PRECONDITIONS.............................................................................................................................. 5
STUDY MATERIAL ............................................................................................................................ 5
STUDY ICONS ................................................................................................................................... 5
ACTION VERBS................................................................................................................................. 6
PROOF OF PARTICIPATION .............................................................................................................. 6
EXAMINATION................................................................................................................................. 6
WARNING AGAINST PLAGIARISM ................................................................................................... 7
RESPONSIBILITIES, FUNCTIONS AND QUALITIES OF THE AUDITOR ........................................................ 8
Part 1 Introduction ........................................................................................................................ 11
Part 2 What is an auditor? ............................................................................................................ 11
Part 3 Why is there a need for auditors? ...................................................................................... 12
Part 4(a) Assurance and non-assurance engagements ................................................................. 13
Part 4(b) Reasonable assurance and absolute assurance ............................................................. 15
Part 5 Auditing Postulates............................................................................................................. 17
REVISION ....................................................................................................................................... 19
THE ACCOUNTING PROFESSION ....................................................................................................... 21
Part 1 The nature of professional status....................................................................................... 22
Part 2 Accounting bodies in South Africa...................................................................................... 22
Part 3 Pronouncements which regulate the profession ............................................................... 23
THE FINANCIAL STATEMENT AUDIT ENGAGEMENT ......................................................................... 24
Part 2 Roles of parties to an assurance engagement ................................................................... 25
Part 3 The role of the Companies Act ........................................................................................... 25
Part 4 The role of the Auditing Profession Act ............................................................................. 26
Part 5 The role of the International Standards on Auditing (ISAs) ............................................... 26
THE PROFESSIONAL CODE OF CONDUCT .............................................................................................. 29
FACULTY OF ECONOMIC AND MANAGEMENT SCIENCES | (CES)

Part 2 The SAICA code of professional conduct (ET)..................................................................... 31
Part A General application of the code ......................................................................................... 31
Part B Chartered Accountants in Public Practice .......................................................................... 34
Part 3 Rules regarding improper conduct (IRBA) .......................................................................... 40
GENERAL PRINCIPLES OF AUDITING ..................................................................................................... 42
Introduction to this Study Unit ..................................................................................................... 45
INTERNAL CONTROL.......................................................................................................................... 47
Part 2 Limitations of Internal control ............................................................................................ 49
Part 3 Definition of Internal control.............................................................................................. 50
Part 4 Components of Internal control ......................................................................................... 50
Part 5 Internal control in smaller entities ..................................................................................... 51
Part 6 The external auditor’s interest in internal control ............................................................. 52
REVISION ....................................................................................................................................... 52
AUDIT EVIDENCE ............................................................................................................................... 54
Part 2 Sufficient appropriate audit evidence ................................................................................ 55
Part 3 Financial statement assertions ........................................................................................... 58
Revision ......................................................................................................................................... 60
THE AUDITOR’S TOOLBOX................................................................................................................. 62
Part 2 Why perform test of controls? ........................................................................................... 64
Part 3 Why perform substantive procedures?.............................................................................. 66
Part 4 Vouching and verifying? ..................................................................................................... 66
AUDIT SAMPLING .............................................................................................................................. 67
Part 1 Principles of sampling ......................................................................................................... 68
Part 2 Definitions .......................................................................................................................... 68
Part 3 Tests of controls and sampling ........................................................................................... 70
Part 4 Substantive procedures and sampling ............................................................................... 70
Part 5 Statistical versus non-statistical approaches...................................................................... 70
Part 6 Steps in the sampling exercise ........................................................................................... 71
Part 7 Conclusion .......................................................................................................................... 73
AN OVERVIEW OF THE AUDIT PROCESS................................................................................................ 74
REQUIREMENTS OF ISQC1 ................................................................................................................ 78

Part 2 The elements of a system of quality control ...................................................................... 79
Part 3 ISA 220: Quality Control for Audits of Historical Financial Information ............................. 83
Part 4 ISA 220: Role of the engagement partner .......................................................................... 83
Part 5 Conclusion .......................................................................................................................... 83
REVISION ....................................................................................................................................... 83
PRELIMINARY ENGAGEMENT ACTIVITIES ......................................................................................... 85
Part 1 Prospective clients .............................................................................................................. 86
Part 2 Continuance with an existing client ................................................................................... 86
Part 3 Compliance with standards ................................................................................................ 86
Part 4 Procedures to gather “preliminary engagement information”.......................................... 87
Part 5 Establishing the terms of the engagement ........................................................................ 87
SUMMARY - STUDY UNIT 6.1 ........................................................................................................ 88
REVISION ....................................................................................................................................... 89
PLANNING ......................................................................................................................................... 91
Part 2 The overall audit strategy ................................................................................................... 94
Part 3 The audit plan itself ............................................................................................................ 95
Part 4 Materiality .......................................................................................................................... 96
Part 5 Planning and conducting risk assessment procedures ....................................................... 96
Part 6 Planning further audit procedures based on the risk assessment ..................................... 98
RESPONDING TO ASSESSED RISK .................................................................................................... 100
Part 1 Overall response at financial statement level .................................................................. 101
Part 2 Audit procedures to respond to the assessed risk of material misstatement at the
assertion level (further procedures) ........................................................................................... 101
Part 3 Other audit procedures carried out to satisfy the requirements of the ISA’s ................. 102
EVALUATING, CONCLUDING AND REPORTING ............................................................................... 103
Part 1 Sufficient, appropriate evidence ...................................................................................... 104
Part 2 Uncorrected misstatements ............................................................................................. 104
Part 3 Applicable financial reporting standards.......................................................................... 105
Part 4 Events occurring after the balance sheet date ................................................................ 105

ADMINISTRATION
WORD OF WELCOME
I hope that you will, upon completion of this module, be familiar with the basic principles of
auditing and that it will inspire you to consider auditing as a career.
CONTACT PERSONS
The name and contact details of your lecturers and facilitators will be provided during the
first contact session.
Title and Surname Building and Telephone numbers and

office number email address
Lecturer
Programme
leader
Secretary
MODULE OUTCOMES
Upon completion of this module you should be able to
On completion of the module the student should be able to:
Understand the functioning of the different operating systems in a business, with specific
reference to:
! with regard to the audit profession in South Africa:

! explain the need for an audit;
! distinguish between the different types of audit and auditors;
! understand the difference between the regulatory and professional associations
that regulate the profession as well of the functions of each;
! discuss the purpose of an audit, general principles that relate to an audit as well
as the measure of assurance that an audit provides to users of financial
statements;
! With regard to the audit process:
! know and discuss the various steps and stages in the audit process;
! know the requirements that each step in the audit process must meet and
discuss these with reference to international audit standards; and
! apply the principles with regard to each step in the audit to a practical case
study.

! With regard to the Professional code of conduct,
! Know and discuss the different threats to independence that can occur
! Be apply to respond systematically to such threats by applying safeguards
! Know and be able to apply the rules regarding chartered accountants in public
practice
! Know the disciplinary rules
! With regard to the auditor’s tool box,
! Differentiate between the different assertions,
! Be able to state the definition and applicability of each assertion
! Differentiate the requirements and rules of ISA 220 and ISQC1
PRECONDITIONS
AUA 3751 requires that you have successfully completed CAFE3691 & 3692. You must
successfully complete AUA 2751 & AUA 3752 to continue with AUA 3870.
STUDY MATERIAL
Prescribed books
Jackson & Stent, Auditing Notes for South African Students, Eighth Edition.
STUDY ICONS
General overview Individual exercise
Study the indicated material in

List of concepts with or without the handbook / article, etc.
explanations
Additional reading Practical example
Introductory remarks Outcomes

Study the next
Approximate study time of unit
section/explanation in detail
ACTION VERBS
Below is a list of key verbs that are typically used in questions and instructions. Study these
action verbs in detail and make sure that you understand the meaning of each.
Calculate Determine a number by using a mathematical process.
Describe Give a detailed description of the nature or characteristics of something.
Define Give an accurate definition of a concept.
Illustrate Illustrate information diagrammatically.
Criticise Indicate whether or not you agree or disagree with a specific statement;
describe exactly what you are agreeing/disgareeing with and provide
reasons for your viewpoints.
List Provide only a list of names/facts that were asked.
Motivate State reasons for your opinion on a particular matter - try to convince the
reader of your point of view.
Name Briefly provide the information without getting into too much detail.
Explain Make clear or interpret a concept in your own words; you must demonstrate
through your explanation that you understand the concept. Where possible,
use examples in your explanation.
Compare Indicate the differences/similarities between two different matters.
PROOF OF PARTICIPATION
As per Faculty regulations, attendance list will be taken during the contact sessions.
EXAMINATION
As per Faculty regulations; will be communicated through Centre for External Studies (CES).

WARNING AGAINST PLAGIARISM
ASSIGNMENTS ARE INDIVIDUAL TASKS AND NOT GROUP ACTIVITIES. (UNLESS

EXPLICITLY INDICATED AS GROUP ACTIVITIES)
Copying of text from other learners or from other sources (for instance the study guide,
prescribed material or directly from the internet) is not allowed – only brief quotations are
allowed and then only if indicated as such.
You should reformulate existing text and use your own words to explain what you have
read. It is not acceptable to retype existing text and just acknowledge the source in a
footnote – you should be able to relate the idea or concept, without repeating the original
author to the letter.
The aim of the assignments is not the reproduction of existing material, but to ascertain
whether you have the ability to integrate existing texts, add your own interpretation and/or
critique of the texts and offer a creative solution to existing problems.
It is also unacceptable to do somebody else’s work, to lend your work to them or to

make your work available to them to copy – be careful and do not make your work
available to anyone!

STUDY RESPONSIBILITIES,
UNIT 1 FUNCTIONS AND QUALITIES
OF THE AUDITOR
This study unit is based on Auditing Notes, Chapter 1 and the relevant audit
standard, namely: ISA 200.
Approximate study time required for this unit: You will need approximately
10 hours to complete this Study Unit.
Content of the Study Units

RESPONSIBILITIES, FUNCTIONS AND QUALITIES OF THE AUDITOR ........................................................ 8
Part 2 What is an auditor? ............................................................................................................ 11
Part 3 Why is there a need for auditors? ...................................................................................... 12
Part 4(a) Assurance and non-assurance engagements ................................................................. 13
Part 4(b) Reasonable assurance and absolute assurance ............................................................. 15
Part 5 Auditing Postulates............................................................................................................. 17
REVISION ....................................................................................................................................... 19
THE ACCOUNTING PROFESSION ....................................................................................................... 21
Part 1 The nature of professional status....................................................................................... 22
Part 2 Accounting bodies in South Africa...................................................................................... 22
Part 3 Pronouncements which regulate the profession ............................................................... 23
THE FINANCIAL STATEMENT AUDIT ENGAGEMENT ......................................................................... 24
Part 2 Roles of parties to an assurance engagement ................................................................... 25
Part 3 The role of the Companies Act ........................................................................................... 25
Part 4 The role of the Auditing Profession Act ............................................................................. 26
Part 5 The role of the International Standards on Auditing (ISAs) ...............................................26
8

Upon completion of this Study Unit you should be able to:
! briefly define the objectives of an audit of financial statements;

! explain the concept of reasonable assurance;
! explain the concept of material misstatement;
! explain the value of an audit opinion to financial statements as well as what it is NOT a
guarantee of;
! name the general principles which an audit should comply with;
! explain the concept of professional scepticism;
! name matters that would determine the scope of the audit;
! indicate who is responsible for preparing and presenting the financial statements;
! define the concept of audit risk;
! obtain an understanding of the theoretical principles on which auditing is based
! briefly explain why an audit increases the credibility of financial statements;
! explain the difference between the Independent Regulatory Board for Auditors and the
! South African Institute of Chartered Accountants;
! describe the activities of the Independent Regulatory Board for Auditors (IRBA);
! describe the activities of the South African Institute of Chartered Accountants (SAICA);
! briefly explain the difference between a statutory and non-statutory audit;
! briefly explain the difference between an audit engagement and other engagements
! with reference to the level of assurance; and
! name and briefly explain the five elements of an assurance engagement.

STUDY THEORY AND
UNIT 1.1 PHILOSOPHY OF
AUDITING
This study unit is based on Auditing Notes, Chapter 1, section 1 and the
relevant auditing standard, namely: ISA 200.
The objectives of this study Unit are laid out below:
! briefly define the objectives of an audit of financial statements;

! explain the concept of reasonable assurance;
! explain the concept of material misstatement;
! explain the value of an audit opinion to financial statements as well as what it is NOT
! name the general principles which an audit should comply with;
! explain the concept of professional scepticism;
! name matters that would determine the scope of the audit;
! indicate who is responsible for preparing and presenting the financial statements;
! briefly explain the difference between a statutory and non-statutory audit.
! briefly explain the difference between an audit and related services with reference to
the level of assurance of each.
! name and briefly explain the five elements of an assurance engagement.
10

Part 1 Introduction
Behind the need of an auditor lie the following questions,
- What is an auditor?
- Why do we need auditors?
- How do they perform their duties/functions in light of the need?
We will be looking at the first two questions in chapter 1.
The last question will be covered over a number of study units that encompass some
aspects as follows:
! The responsibilities of the auditor " to be covered partly in the Code of Conduct,
Chapter 2, Study Unit 2.
! The Auditors’ Toolbox: What tools does the auditor use to perform an audit? " This will
be covered as part of Chapter 5 & 6, Study Unit 3 & 4.
! What is the relevance of Audit Evidence and how does an audit assess the credibility of
financial information based on the evidence gathered. This will be partly covered also in
Chapter 5 & 6, Study Unit 3 & 4
Part 2 What is an auditor?

Annual Financial Statements (AFS) is a set of statements showing financial results
composed of transactions and balances. It represents the financial condition/state of a
company at a certain point of time or period. These are used by the stakeholders to may
decisions of a company.
Stakeholders are those parties who have a stake (interest) in a certain entity, whether it is a
bank, a shareholder, a supplier.
In the case of the bank, they may have provided financing to the entity and thus have an
interest in the entity to see whether they will be able to pay back their Loan, i.e. will the bank
be able to receive interest and the repayment of capital on the Loan they provided?
In the case of the shareholder, these are the owners of the company and thus they may
have an interest in the entity in seeing whether their initial investment in the entity is growing.
Or asking the question whether they should withdraw their investment.
An auditor is appointed to give assurance on this financial information on which the

stakeholders base their decisions. Clearly then, if the information is misstated, i.e. incorrect,
then the decisions taken will be misled.
So what is an Auditor? The auditor provides assurance on the financial information.
What is Assurance? It enhances the degree of confidence of intended users; it enhances

the credibility of information.
‘Audit’ comes from the Latin word: ‘audire’, which means to hear or listen. Before the
profession was developed as it is today, a farm manager would be held responsible to
manage a farm and report to the owner of the farm. As such an account would be given
11

orally of what was done, and the ‘auditor’, a ‘third’ person, would listen and question the
report given.
In the same light, in today’s terms the Board of Directors are held responsible to manage
and report on the operations of a company. The shareholders are the owners of the
company. They would provide their report in the form of Financial Statements, which would
be reviewed and inspected by the auditor. He would in the process of reviewing the financial
information question the company’s staff and gather information.
What types of Auditors do we get?
1. External Auditors – they provide an opinion on the AFS. These are not employees
of the company they provide assurance on.
2. Internal Auditors – test usually the effectiveness of internal controls & procedures.
These can either be contracted or employed by the company they are providing
assurance on.
3. Government auditors – usually the Auditor General, these are usually also
employed by the entity they are providing assurance on.
4. Forensic Auditors – they investigate mismanagement, fraud or related theft. These
are not employed by the company they provide assurance to.
5. Special Purpose Auditors – they deal with a particular field, such as Environmental
Compliance, VAT Audits. These can either be employed or only contracted by the
company they provide assurance to.
All auditors are required to display minimum characteristics inherent in the

profession:
- Integrity
- Objectivity
- Professional Competence & due care
- Confidentiality
- Professional behaviour
These will be dealt in greater detail in Study Unit 2.
Part 3 Why is there a need for auditors?

We need to understand the difference between ownership & management.
Ownership Ownership entails having an interest/investment in a business. It includes havin

a title/right or possession to an asset/venture, business.
Management involves the administrative side of a business/asset or venture.

It includes the organisation, supervision, managing and running the
Management enterprise on behalf of the owners.
12

The need of an auditor was developed by businesses that were owned but where the
owners did not also manage the business. Many owners, who were not involved in
managing their business also did not have the time nor the expertise to determine whether
what they were being told by their managers (appointed by the owners to manage the
business) was a fair presentation. This resulted in the appointment of an independent person
to evaluate the accounts of the business, hence it resulted in the need for external auditors.
As such credibility and reliability of information is enhanced. This assists stakeholders to

make sound decisions.
Appointing an auditor raises accountability, in that the company is held accountable.
Ask yourself the question, what would be the impact of a medium sized company being
audited and that of another company, of similar size & industry, not being audited?
Some considerations that would be the result of the company being audited versus the other
that is not audited:
! More efficient accounting controls

! Timely submission of Tax returns (Income Tax & VAT), which reduces potential for
interest and penalties for late and/or incorrect submissions
! Raised accountability within the company
Part 4(a) Assurance and non-assurance engagements

We get different levels of assurance. Assurance engagements provide more assurance than
non-assurance engagements.
So what is the difference then?
Refer to the next page for a table that indicates the differences between the two.
13

ASSURANCE ENGAGEMENTS NON-ASSURANCE ENGAGEMENTS
DEFINITION: DEFINITION:
Is an engagement in which the professional

accountant expresses a conclusion designed
to enhance the degree of confidence of the
intended user, other than the responsible
party, about the outcome of the evaluation or
measurement of a subject matter against the Any one of the elements of an assurance
criteria. engagement can be missing to make it a ‘non-
assurance’ engagement.
The above definition of Assurance
engagements is made up of the following
different elements:
(1) 3 party relationship
1. Professional Accountant " the

Registered Auditor
2. Responsible party " the Directors

responsible for the AFS
3. Intended users " the shareholders
(2) A subject matter
These are usually over which the objective of

the audit is determined, for an external
auditor this would normally be your financial
statements.
(3) sufficient appropriate evidence
This is evidence that is required to make a

conclusion on the financial statements.
(4) suitable criteria
This would be criteria or a ‘benchmark’ to

which the correctness of the financial
statements are compared to. E.g.
International Financial Reporting Standards
(IFRS)
(5) a written assurance report or conclusion
This is the audit report concluding on whether

the AFS are fairly presented.
14

TYPES OF ENGAGEMENTS TYPES OF ENGAGEMENTS
1. Audit opinion on Financial Statements 1. Professional accountant is engaged to

2. Report on effectiveness of clients’ collect, classify and summarise info for the
internal control system client but required to comment or express
3. Report on compliance requirements, opinion.
e.g. Sarbanes-Oxley Act 2002 E.g. Sometimes a company wants to issue a
prospectus, we then need to review, cross
reference etc. the information and indicate
matters that were picked up. There is
although no formal opinion or conclusion
provided.
Where a tax return is required to be compiled.
In this case there is no opinion, no
conclusion. The information given is used.)
Part 4(b) Reasonable assurance and absolute assurance

So far we have dealt with assurance and what it is.
The next section will look at what is Reasonable Assurance?
Reasonable Assurance versus Absolute Assurance:
Reasonable Assurance – where the auditor does not certify or confirm the absolute
assurance or correctness of the financial statements.
This type of assurance provides an opinion only on the Fair presentation of information.
Fair presentation again means that the AFS are free of material misstatements.
Material Misstatement means that a misstatement, or error, is so significant that it can

affect the decision making of users/stakeholders.
Which concludes that if the auditor provides an opinion that provides only reasonable
assurance, he would be concerned mainly only with material misstatements.
So the opinion is only to certify that there are no significant errors that could influence the
decision making of users. It does not certify that the AFS are in all aspects correct.
Whereas absolute assurance means that the financial statements are in all aspects 100%
correct, it’s almost like a guarantee that there are no misstatements.
This is the complete opposite of what the auditor wishes to achieve. He would give an
opinion to ensure that the biggest mistakes are addressed and therefore the AFS as a whole
seem reasonable.
15

Let’s make it practical.
Imagine a bank. How would they generate their main income?

This would be interest earned on their Loans given out, or overdrafts allowed.
Consider if there would be another type of income generated, e.g. income from monthly
newsletters.
If you would compare the two types of income, the interest earned would be significant to the
income earned from newsletters as the Bank’s primary income generator is the interest, not
the newsletters. Thus you would well imagine that the most significant account, i.e. larger of
the two is the interest income.
Let’s say now there is a misstatement on both of these accounts, each misstatement makes
up 10% of the total account. So if interest income is material in relation to the newsletter
income, which of the misstatements would most likely also be material?
The misstatement of the interest income account would be more material than the other
account. Thus which misstatement could have an impact on the economic decision of users?
That which is materially misstated.
So why can’t the Auditor give absolute Assurance?
Some factors limit the auditors ability to give absolute assurance, these are:
(1) Use of testing – the auditor uses a technique called sampling, where only a selected
no. of transactions are tested out of an entire population. This primarily relates to the
lack of time. As time equates to money in the profession, the more time the auditor
would spend, the more costly it would be.
(2) Inherent limitations of accounting and internal control systems – the computer
environment and controls environment can fail to detect or prevent Fraud or Errors.
(3) Audit evidence is persuasive rather than conclusive – there would be a
document in place providing evidence of a transaction, but when the transaction
occurred we did not necessarily witness it. In other words, the document persuades
us that the transaction occurred, but it is not conclusive as we did not witness it
ourselves.
(4) Subjectivity in AFS & auditors approach – Judgement is applied when assessing
impairment, or when assessing the provision for bad debts. The Extent (how much)
and Timing (when) of the tests can differ between auditors.
Part 4(c) Statutory- vs Non-statutory Engagements

Statutory Engagement refers to a required audit by Act (Statute). This is required under the
Companies Act.
Non-statutory engagement refers to other required audits that form part of an agreement.
E.g. Part of a Merger, the auditors need to audit the valuation of the Company being
merged, or part of a finance agreement, the auditors can verify the financial condition of the
16

company receiving the financing, or part of a founding document.
Part 5 Auditing Postulates
Read & study carefully this section, as only the basic concepts are noted, and not
discussed in detail.
Auditing Postulates are hypothesises or claims that suggest the basis for thinking/reasoning
of the auditing profession.
These postulates are derived from Mautz & Sharaf from their book: “The philosophy of
Auditing”. The terms were coined 50 years ago.
(1) Both the auditor and the client have the same objective (common desire) in regard
to fair presentation.
This postulate says that in order for the auditor to do what he is required to do, he must
be able to rely on Managements’ integrity, that they will not want to manipulate the AFS.
In light of past few years’ developments, the profession has places more emphasis in
applying professional scepticism during the audit than ever before.
(2) The Auditor is to act exclusively as auditor, to be able to give an independent,

objective opinion.
The opinion given by the auditor can only be relied upon if that opinion is free of bias, i.e.
independent. He/she has to be seen as independent and ‘be’ independent.
(3) Professional status (the knowledge, capabilities, and qualities) of the auditor brings
with it the responsibilities.
To provide service before personal interest, to act with due care, to serve efficiently and
with competence.
(4) It is possible to verify financial data
Verify means to determine whether something is true of false.
This means that the information provided to test, that it is possible to verify that
information, i.e. that there is enough evidence to support the transactions, that there is an
audit trail.
(5) Internal controls reduce the possibility of errors or irregularities.
E.g. a payment by cheque normally requires the approval of 2 staff members of senior
management. This would reduce the likelihood fraudulent payments.
17

Auditing Standards require that even should one not rely on the control environment, that
the effectiveness of internal controls should still be assessed.
(6) Application of GAAP results in fair presentation.
GAAP is generally accepted accounting practices. It is a generally accepted framework

applied for accounting. For Namibia that would be IFRS, International Framework of
Reporting Standards.
This postulate means that where a generally accepted framework is applied it would result
in fair presentation. This would then not be those personal preferences.
This further would allow consistency in practice and makes a company comparable.
(7) That what is held true in the past will hold true in the Future
In assessing judgements about the future, historical evidence is used for this purpose.
So in order to assess the reasonableness of future judgements, we need to be able to

deduct that what held true in the past will hold true in the future, otherwise we cannot
base it for our assessment.
(8) AFS for audit are free of collusive and other irregularities
Collusion: Is where two or more staff members secretly agree/consent to do something,

e.g. to override controls to steal money.
Irregularity: Is an illegal act of Theft/Fraud
The objective of an auditor is to form an opinion on the AFS not to search for Fraud.
The approaches of the two objectives are also different.
How do we remember the postulates?
We can remember the postulates by using a technique called: Acronyms.
It is shortening the content into one phrase or sentence and allows you to recall the
information by using the phrase in an exam or test situation.
The Acronym needs to be something catchy and something that you would remember, that
would make more sense to you, as you need to recall it.
Now let’s see to apply it:
(1) Same objective (O) (5) Internal controls (‘C)
(2) Independent (I) (6) Framework (F)
(3) Responsibility (‘R) (7) Past/Future/Historical (H)
(4) Verify Data (D) (8) Fraud (F)
18

..This needs some creativity...Think of a few phrases in which you can combine the letters as
underlined above:
I thought of the following:
- RIFF DOCH
- FFOR CHID
- CROH FFID (Like Crawford)
Remember you can use this in any other subject for whatever combination. The technique
remains the same.
So when you come to the test, exam, during the test when needed, scribble down as you
plan your answer, to make sure you cover all the requirements (when so requested).
REVISION
1. Revise your understanding of what you learned against the following
concepts/quizzes:
a) Objectives of an audit of financial statements
b) General principles of an audit
c) Scope of the audit
d) Responsibility for the drafting and presentation of the financial statements
e) Risk and materiality
f) Reasonable assurance
g) Material misstatement
h) Financial reporting framework
g) Statutory- vs non-statutory engagements
2. What is the need for an audit?
An audit provides credibility to a set of financial statements.
Complete your understanding thereof according to the two questions below:
WHY?
19

TO WHOM?
3. Complete the diagram below by marking those financial assertions that will be addressed
during an audit of Property, Plant and Equipment as opposed to a review engagement and
indicate the level of assurance provided.
Property, Plant and

AUDIT REVIEW
Equipment
Existence
Valuation
Allocation
Completeness
Rights and obligations
Level of assurance
ANSWER:
Property, Plant and

AUDIT REVIEW
Equipment
Existence Yes No
Valuation Yes No
Allocation Yes Yes
Completeness Yes No
Rights and obligations Yes No
Level of assurance HIGH LOW
4. Name the five elements of an assurance engagement?
20

STUDY THE ACCOUNTING
UNIT 1.2 PROFESSION
! briefly explain why an audit increases the credibility of financial statements;

! explain the difference between the Independent Regulatory Board for Auditors and the
! South African Institute for Chartered Accountants;
! describe the activities of the Regulatory Board for Auditors
! describe the activities of the South African Institute of Chartered Accountants (SAICA).
21

Part 1 The nature of professional status
There is public acceptance that a body of practitioners is worthy of recognition as a
profession.
Common attributes of groups to have a professional standing are:
a) highly specialised skills and services (Received appropriate education & training in
the field)
b) to protect the profession & public against incompetence or unethical behaviour, thus
regulations were established to ensure:
! Admission is strict and regulated
! Organisation was created to improve services
! A code of ethical conduct is adopted
c) Intellectual & ethical commitment
! Service motive should be priority and not purely financial gain
! Peer evaluation is important (It maintains high standard of quality and
consistency)
Examples of such groups of professional standing are SAICA (South African Institute of
Chartered Accountants and ICAN (Institute of Chartered Accountants Namibia).
Part 2 Accounting bodies in South Africa

Some accounting bodies in South Africa are:
- South African Institute of Chartered Accountants (SAICA)

- The Association of Chartered Certified Accountants (ACCA)
- Chartered Institute of Management Accountants (CIMA)
- Independent Regulatory Board for Auditors (IRBA)
SAICA is registered with International Federation of Accountants (IFAC), they look after the
interest of professional accountants.
So what are the requirements to be admitted to SAICA?
! Must have a recognised qualification from an accredited university.

! Need to have passed the Part 1 and Part 2 of the Qualifying examinations.
! Completed a training contract, either TOPP (Training outside of Public
Practice – another entity e.g. Namibia Breweries) or TIPP (Training in Public
Practice – an accredited audit firm)
Once all the requirements are met, one can be registered and use the designation CA (SA).
Out of the above exposure in the training contract, TIPP allows more auditing exposure,
whereas TOPP allows more Cost accounting, Financial Management exposure.
Thus based on these services, if one is in the auditing service, one needs to be registered
with IRBA.
22

IRBA deals with:
- Training, registration, education, accrediting professional bodies, prescribing standards

of competence & ethics and applying disciplinary measures.
- The official designation if having registered with IRBA is ‘registered Auditor’.
Part 3 Pronouncements which regulate the profession

High standards of ethics, conduct and skill are required to be maintained in the profession.
For ethics and conduct to be maintained, the auditor needs to adhere to:
- IFAC code of Ethics for Professional accountants

- Conducting audit in accordance with ISAs (International Standards on
Auditing)
For skill to be maintained, amongst other by proving (once registered) a minimum number of
CPD (Continuous Professional Development) hours are spent on Training and research,
thus keeping up to date with changes in the accounting environment.
Important legislation, regulations & standards need to be known and applied by the
Auditor. The auditor must understand why it is important to understand the legislation and
know when and where they apply. Otherwise, the objective of providing professional
services at a level of skill and competence expected from the profession is not adhered to.
Read therefore page 1/12 through.
23

STUDY THE FINANCIAL
UNIT 1.3 STATEMENT AUDIT
ENGAGEMENT
! Identify the parties to an assurance engagement

! Explain the objectives of an audit
! Indicate the roles of the companies’ Act and the Auditing Professions Act to the
functions and purposes of an auditor
! Identify the assertions per statements and be able to state each of their meaning
! Understand the role of the International Standards on Auditing
! Understand the difference between managements’ assertions and those of auditors’
assertions.
24

Part 1 Introduction
Our syllabus mainly deals with engagements of external audits on Financial Statements,
providing assurance, Assurance engagements.
ISA 200 states the overall objectives of an auditor.
! Objective of an audit: to enable the auditor to express an opinion on a

specified date, based on predetermined criteria that the subject matter is free
from material misstatements (revise the definition of an assurance
engagement)
o Thus we can see that to provide an opinion is not to give assurance
on the future viability of a company (The auditors only look at going
concern of an entity, which is over its next 12 months). Neither do
auditors look at efficiency, i.e. how well were resources used.
o The objective is neither to discover or prevent Fraud, only if it affects
fair presentation (revise this concept)
Part 2 Roles of parties to an assurance engagement

As mentioned in the definition of an assurance engagement there should be three parties to
the engagement. These are normally the shareholders, the Directors and the Auditors.
Each have a role to play in the engagement and each have responsibilities as part of their
function which they fulfil.
Shareholders: Provide Finance, appoint directors to manage company, appoint auditors to

express an opinion on the AFS and receive AFS
Auditors: Responsibilities: To gather evidence, issue an opinion on whether the reports

(AFS) issued fairly represent the position of the company
Board of Directors: Auditors: Responsibilities: To gather evidence, issue an opinion on

whether the reports (AFS) issued fairly represent the position of the company.
Revise page 1/17.
Part 3 The role of the Companies Act

Why was the Act created?
In order to protect investors and the economic system, rules and regulations were laid down,
which resulted in formulating the Companies’ Act.
Some concepts explained:

Widely held companies = Public Companies
Limited interest companies = Private companies
25

The Companies’ Act states:
! That all companies must be audited

! It places duty on the Shareholders to appoint an auditor
! It places duty on the Shareholders to appoint an director
! It regulates who as auditor/director may be appointed
! It also regulates “How”, “When”, they may be dismissed or resign
! It provides requirements of form and content of reports to be made by director
to Shareholder
! It requires audit committee appointment (enhances the audit function)
! It give auditor’s access rights to Company records
! It allocates the duty to report to the shareholders
! The opinions need to clearly state whether the report by directors to
shareholders is fairly presented.
Part 4 The role of the Auditing Profession Act

The AP act prohibits anyone who is not a registered auditor from performing the audit.
This individual who is responsible for the audit is name the “designated auditor”.
Refer to references to Section 44 & 45 in the book on page 1/19.
Part 5 The role of the International Standards on Auditing

(ISAs)
ISAs provide guidance on the minimum requirements that must be met when conducting an
audit. Provided the ISAs are complied with, and audit of appropriate quality is achieved.
The ISAs provide guidance from the start of an audit, which relates to considerations of
accepting a client up to completion and reporting when the opinion is drafted and concluded.
Part 6 The role of the Assertions

The financial statements are the means through which the Directors report the financial
results to the Shareholders (the FORM). Thus these entail transactions and balances.
These transactions and balances where drawn up during the year by reference to the
Companies Act and the IFRS (the CONTENT).
Management have certain representations that they make to the shareholders about the
Assets, equity, liabilities, income and expenses (transactions and events), which we refer to
Managements’ Assertions.
The Auditors’ Assertions are developed from Managements’ Assertions.
26

The following sets out the Assertions per type of statement:
Balance Sheet or SOFP Income Statement or SoCI
Completeness (‘C) Completeness (‘C)
All A/L which should have been recorded All Trans./Events which should have been
have been recorded. recorded have been recorded.
Existence (E) Occurrence (O)
A/L, Equity Balances presented do Trans/events that were recorded actually

actually exist. took place. (Is it a true/valid transaction?)
Valuation (V) Accuracy (A)
A/L, Equity Balances shown at correct Amounts or Data relating to recorded

value, valued correctly. transactions have been correctly recorded,
at the correct price/quantity.
Rights & Obligations (R&O) -
Entity holds/controls rights to Asset, -

obligations are that of the entity and the
obligations are that of the entity.
E.g. Ownership (right) = title deed,

licence
Cut-off (CO) Cut-off (CO)
A/L, Trans./events relate to period of Trans./events recorded in correct period -

report, date of opinion period of report, date of opinion
E.g. Financial position as at 31/12/2014 – E.g. Financial year end is: 31/12/14
it is a snapshot of one particular date.
Period of year: 01/01/14 – 31/12/14 (entire
12 months)
Presentation/Disclosure (P/D) Classification (C)
To ensure that the disclosure made is: Trans./events recorded in proper accounts.
- Complete – that all disclosure is

made
- Accurate – disclosed fairly and at
correct amounts
- Occurred – those that have occurred
pertain to the entity
- Classification - Appropriately
presented, described clearly
expressed
27

Abbreviations:
A/L – Refers to Assets and Liabilities
Trans./Events – refers to transactions and events
The above will be dealt in greater detail in Chapter 5, Study Unit 3.
Work through as self-study, page 1/20, section 7.2 of Auditing Notes as an

application to the above assertions.
28

STUDY THE PROFESSIONAL CODE
UNIT 2 OF CONDUCT
This study unit is based on Auditing Notes, Chapter 2, and the relevant code
of professional conduct.
Content of Study section

THE PROFESSIONAL CODE OF CONDUCT ......................................................... 29
Part 1 Introduction ............................................................................................. 30
Part 2 The SAICA code of professional conduct (ET) ........................................ 31
Part A General application of the code .............................................................. 31
Part B Chartered Accountants in Public Practice ............................................... 34
Part 3 Rules regarding improper conduct (IRBA) ............................................... 40
! Know and discuss the different threats to independence that can occur
! Be able to respond systematically to such threats by applying safeguards
! Know and be able to apply the rules regarding chartered accountants in public practice
! Know the disciplinary rules
29

Part 1 Introduction
There are two codes that provide ethical guidance to professional accountants and auditors
in South Africa.
The SAICA Code of professional conduct " this is applicable to chartered accountants.
The IRBA code of Professional conduct " this is applicable to registered auditors.
Why would there be two codes? Most chartered accountants are not registered auditors
(with IRBA), as they do not conduct audits, and did not specialise in auditing, by following
training in the TIPP route. See comments under Unit 1.
The codes are consistent in all material aspects with the International Federation of
Accountants’ (IFAC) code, except that the SAICA code has an additional section, Section C,
Chartered accountants in business. This section will not be dealt with in detail in the manual.
Refer to Chapter 2, part C, of Auditing Notes.
Have you ever wondered what ‘Ethics’ actually is?

It is defined as a set of principles or morals (what is wrong or right), that refer to rules of
conduct.
Why would this be important to the profession?
! to ensure the profession has a high reputation & integrity

! The weight of an opinion issued as an auditor would increase, i.e. the
confidence in financial information would be increased " this is directly
linked to the value/weight of the profession.
To apply one set of rules of moral value is not always possible due to differences in race,
religion or culture.
One needs to consider the facts on a case by case basis, which is what is called a
conceptual framework approach.
The principles one needs to ask for the above consideration is:
o Is it honest & truthful

o In doing this, will I be acting how I want others to treat me?
o Will my actions or decisions be good for the greater good of others?
o Would I be comfortable explaining my decision to others?
30

Part 2 The SAICA code of professional conduct (ET)
For each principle and threat, read through Part A of Auditing notes, Chapter 2.
Part A General application of the code

The code lays down 5 fundamental principles with which Chartered accountants (CAs) must
comply with, these are:
1. Integrity
2. Objectivity
3. Professional competence & due care
4. Confidentiality
5. Professional Behaviour
The code then provides an approach which chartered accountants should adopt to ensure
that they comply with the fundamental principles.
Due to the reasons mentioned above, the conceptual framework approach requires to
approach each situation as follows:
1. Identify the threat to compliance to fundamental principles (with that, be able to

identify the principle that is threatened)
2. Evaluate the significance of the threat " for this one needs to apply professional
judgement.
3. Apply the correct safeguards to reduce the threat to an acceptable level " the
means in which the threat or risk is addressed (These are given in the code).
FUNDAMENTAL PRINCIPLES
1. Integrity
What is it? It is being straightforward, honest, truthful, fair in business and professional
relationships
Code requires that chartered accountants should not be associated to information that is
believed to be false, misleading or provided to them recklessly.
2. Objectivity
What is it? It is being free of bias, free of conflict of interest, free of undue influence in
professional judgement. (Even where judgement would be seen to or perceived to be seen
as clouded)
3. Professional competence & due care
What is it? There are two components that make up this principle:
31

(1) Competent " Having the professional knowledge or skill. This is obtained and
maintained by obtaining the appropriate education, where knowledge is obtained,
and practical experience where the skill is sharpened.
(2) Due care " to act carefully and thoroughly; providing training and supervision to
trainees/staff to ensure errors are prevented.
4. Confidentiality
What is it? Should not disclose confidential client information, UNLESS:
! Specific authority was obtained from the client or employer, or

! We have the legal or professional obligation to do so
We may not use confidential information for own advantage or for the advantage of a third
party.
CAs must maintain confidentiality in social circles " Sometimes people want to show off
knowledge but this is very dangerous as it can lead to a breach of this principle.
Duty of confidentiality in light of the business relationship remains applicable even after such
professional relationship ends.
Disclosure is only permitted when it is required by Law, or one has a professional duty to do
so.
Refer to Chapter 2 of Auditing notes for further examples.
5. Professional Behaviour
The duty to
! comply to laws & regulations

! not to bring the profession into disrepute (i.e. not to taint or damage the professional
reputation of the profession)
! marketing or promotion must be done in a honest & truthful manner
THREATS TO FUNDAMENTAL PRINCIPLES
There are 5 types of threats. Each of these depend on the matter at hand as to what the
cause of the threat is. We will look at what these threats are and when to identify them.
(1) Self-interest threat " Deals with when the CA (or someone closely related) has a
financial interest or other interest involved that could influence his ability to comply to the
fundamental principles of the code. (E.g. the A owns significant amount of shares in his/her
client)
(2) Self-review threat "this threat relates to the evaluation of ones’ own work. (E.g. if the
CA draws up the financial accounts of the client as well as performs an audit on those
financial accounts of the same client)
32

(3) Advocacy threat " Is the promotion of a clients’ opinion or position where to a point
where his own objectivity is compromised. (E.g. where the CA negotiates a merger for a
client, where he may have also performed the valuation of the business)
(4) Familiarity threat " a threat that may arise where, due to a close relationship, a CA
becomes too sympathetic to the interest of other (the client). (E.g. the CA fails to report a
fraud at a client as the perpetrator is a close friend of the CA. This threatens objectivity &
integrity)
(5) Intimidation threat " Threats that may occur where the CA is prevented from acting
objectively, by receiving actual or perceived threats. (E.g. where the client threatens the CA
with resignation)
For the threats discussed above, refer to Auditing notes for more examples.
SAFEGUARDS TO TREATS IDENTIFIED
Unless the treats identified is clearly insignificant, a CA must apply safeguards to eliminate
or reduce such threats to an acceptable level.
Safeguards are precautions, a ‘safety net’, or measures put in place so as to ensure

something that possible could go wrong does not go wrong.
There are 2 categories of safeguards:
1. Created by the profession or legislation " this refers to those imposed on

Companies, firms (a body of people) etc., e.g. external review, rotation
requirements on an audit engagement
2. Created in the work environment " those that are company or firm
specific, i.e. specific to particular circumstances, e.g. documentary evidence
on the engagement file for any ethical threats that were identified and
responded to, appropriate senior supervision or rotation on an engagement
team.
In some exceptional cases there may be no suitable safeguard, where the only option left
remaining for the CA is to withdraw from the engagement or relationship.
Refer to Auditing notes chapter 2, page 2/13 – 2/15 for practical examples.
Note, this is important as it will assist you to understand the application of being
able to:
1. Identify the threat to compliance to fundamental principles (with that, be able

to identify the principle that is threatened)
2. Evaluate the significance of the threat " for this one needs to apply
professional judgement.
3. Apply the correct safeguards to reduce the threat to an acceptable level "
the means in which the threat or risk is addressed (These are given in the
code).
33

Part B Chartered Accountants in Public Practice
Part B will look at specific situations that may be relevant in practice and more likely to
occur.
Section 210 of the code: Professional appointment

1. CLIENT ACCEPTANCE
(A) Responsibility / Question
Would acceptance of a new client threaten compliance with Fundamental principles?

E.g. adult movie producer " threatens professional behaviour (as it threatens the reputation
of the profession).
E.g. company being audited by the CA is owned by his wife " Threatens objectivity
(B) Threatens what fundamental principle?
Integrity, Professional Behaviour and Objectivity

The principles threatened are determined by the situation at hand.
(C) Safeguards
What safeguards could be implemented?
1. Screen clients before acceptance " Do a background check, perform client

questionnaires, hold discussions with the client etc.
2. Apply the requirements of ISA 220R Quality control
a. " hold discussions with Management, the CFO, CEO,
b. " contact the previous auditors to review their working papers
(remember authorisation form the client is required to be able to do
this – otherwise you risk confidentiality)
c. " hold discussions with third parties of the prospective client, e.g.
Bankers
d. " Search the internet for information on the client, such as Media
publications, published AFS etc.)
2. ENGAGEMENT ACCEPTANCE
Consider our competence to perform the engagement to the required standard?
Professional competence & due care; Professional behaviour.

To accept an engagement without having the competence to perform it, amounts to Self-
interest threat.
34

(C) Safeguards
1. Apply Quality control policies & procedures adopted by the firm" ISA 220
requires that there be procedures in place to evaluate whether the firm has
the capabilities, competence, time and resources to undertake the new
engagement.
2. Amongst other, safeguards may include:
a. Engaging experts or other auditors (after suitable screening)
b. Setting realistic time frames
c. Ensuring the engagement team consists of the correct mix of skills
and experience necessary
d. Thoroughly investigating the client’s business and its complexities.
3. REPLACING ANOTHER AUDITOR
What are the reasons for the change in the professional appointment, i.e. replacing
another CA?
One must consider, whether there are any confidentiality considerations, and what are the
responsibilities to other professional accountants. E.g. where a previous accountant is
replaced by another, he/she may be angry at the newly appointed accountant, but this still
means that he/she must co-operate with and not criticise the new accountant.
Professional competence & due care; Professional behaviour; Integrity
(C) Safeguards
1. Needs clients’ permission to discuss the clients’ affairs with the previous
accountant
2. Ask the previous accountant of circumstances we may need to be made
aware of.
3. The previous accountant has the duty to provide the correct information
4. Of both accountants a senior, experienced partner needs to be put in charge
of the transition of the engagement so as to avoid conflict situations and
ensure the transition is smooth and professional.
35

Section 220 of the code: Conflicts of Interest
Consider where the interest of the Audit Firm may conflict with interest of a client?
Where the CA is competing in the same industry or market, threats to objectivity,

confidentiality and professional behaviour may be created, e.g. where the audit firm installs
and markets accounting software and where the client of the firm also installs and markets
another brand of accounting software.
Where the audit firm may audit two clients that are in direct competition to one another, it
may create threats to objectivity and confidentiality.
(C) Safeguards
1. Notify the parties of the potential conflict of such business interest, in order to
get consent to continue offering such services.
2. Use separate engagement teams (especially where the clients we audit are in
direct competition to one another)
3. Confidentiality agreements to be signed by the employees and partners of the
firm.
4. Set clear guidelines regarding confidentiality and professional behaviour
Section 230 of the code: Second opinions

A CA may be asked to give a second opinion on some aspect of work which has been
carried out for an entity which is not an existing client.
Where the CA is not supplied with the same set of facts and evidence as to the existing
accountant he may be at threat to professional competence and due care. E.g. the matter
which a second opinion is sought is how a complex merger which is subject to various
conditions should be treated in the financial statements. The proposed accountant gives his
opinion without being aware of the full extent of the various conditions. His opinion is then
discredited, and he appears incompetent.
(C) Safeguards
1. Obtaining from the client and precise written explanation as to why the
second opinion is needed
36

2. Obtaining the clients’ permission to contact the provider of the first opinion to
discuss the matter.
3. Having all correspondence and communication in writing and having another
second party within the firm reviewing it.
4. Having the entire matter handled by senior personnel only.
Section 240 of the code: Fees and other types of Remuneration

1. NORMAL FEES
As a CA, you are entitled to a fair remuneration – but this needs to be appropriate
Where the Fees are too low " we are unable to perform the engagement in accordance with
the standards. This threatens our ability to apply professional competence and due care and
to remain objective considering the audit is under pressure of limited funds. This also
threatens our integrity.
Where the fees are fixed fees for which the time spent could vary significantly " the same
threats as above would apply.
(C) Safeguards
1. Providing a basis on which fees will be charged, such as

a. Knowledge & skill required
b. Level of training & experience required
c. Time spent on the engagement
d. The Degree of responsibility required
e. Investment in technology required
2. Alerting client of possible changes to fees
3. Determine in advance the Terms of engagement " so that expectations are
laid out
4. Assign appropriate Time and staffing " what appropriate time is allowed and
the suitable qualified staff needed
2. CONTINGENCY FEES
It is relevant where the fee is calculated on a predetermined basis relating to an

outcome of work done. These create a self-interest threat to objectivity.
Contingent fees are not allowed for assurance engagements.
37

Gives rise to self-interest threat to objectivity as the CA could be more concerned in the fee
earned, than quality of services offered. It may also be a threat to integrity, professional
behaviour if the CA does anything illegal to maximise his/her contingent fee.
(C) Safeguards
Contingency fees are not permitted for assurance engagement. Thus the safeguards will not
be addressed.
3. REFERRAL FEES
A CA may receive or pay a fair referral fee or commission but must ensure that such
fees do not compromise the fundamental principles.
Objectivity, Professional Competence & due care and integrity
E.g. J&J Audit Firm:
- Do not offer IT services

- Any requests for IT services are referred by them to other firms
- They receive a referral fee
"The threat that will result: J&J will refer the client to firms that pay the highest fee,
but may not be the most suitable.
Section 250 of the code: Marketing Professional Services

A CA may attempt to obtain additional work through marketing, but must do so in a

manner that does not discredit the profession (is not in bad taste).
Dishonest, exaggerated, obnoxious, critical (towards other audit firms) claims are threats to
integrity and professional behaviour. E.g. an audit firm places an advertisement in the
financial press which claims they audit “numerous listed companies” (When in actual fact the
audit firm only has one client that is a listed company), has the best audit approach and
employees are the “most highly skilled qualified” staff for the job.
This clearly is exaggeration and does not reflect a truthful and professional manner of
marketing.
38

(C) Safeguards
1. Apply the requirements of ISA 220R Quality control " All proposed
advertising is reviewed & authorised by a suitable committee
2. Creating written communication as to what is acceptable and what is not
acceptable.
Section 270 of the code: Custody of clients Assets

A CA may not take custody of a clients’ assets (money or otherwise) unless it’s
permitted to do so by law. The chartered accountant must ensure that the assets do
not come from an illegal source, and are not used for purposes other than agreed to.
These must be kept separately identifiable.
The custody of clients’ assets may result in the misuse of the clients’ assets, or the client
may be trying to launder illegal money through the firm. This can result in threating the
fundamental principles of integrity, professional behaviour and objectivity.
(C) Safeguards
If one where to accept the custody of a clients’ assets, the following safeguards could be
implemented:
1. Clients’ assets must be kept separate from the firms’ assets

2. The custody must be confirmed in writing, as to also the purpose of using the
Asset
3. The firm must record all movements of the assets’ account, this must be
available for inspection
4. Prior to accepting the assets for custody, the firm should confirm whether the
source of the assets is legal
5. Ensuring there are adequate safeguards for the assets.
Section 280 & 290 of the code: Objectivity & Independence

Any threat to the fundamental principles needs to be identified. In providing a service,

a CA needs to be independent in mind and appearance to be able to express a
conclusion that is fee of bias, free of conflict of interest and free of undue influence.
Independent in mind means that one must be free of bias, or undue influence in ones’ own
judgement. Independent in appearance means that one must also be perceived to be free
39

of bias and undue influence. E.g. if you were to be the auditor on a client, and your uncle is
the CFO of that same client, the question remains are you objective? It could be that you
have absolutely no contact or relationship to your uncle, yet for the perceived public or an
outsider, this would seem like a situation where your judgement could be influenced.
Independence is evaluated to the extent of public interest.
Determining whether the threat is clearly insignificant, one can ask the following questions:
! Is the overriding requirement to ensure that independence in mind and

appearance is maintained under threat?
! Has the extent of public interest been considered (e.g. a pension fund, a
listed company etc.)
! What would a reasonable and informed third party, having knowledge of all
relevant information, conclude on the significance of the threat?
! Can the threat be regarded as trivial and inconsequential? (Clearly
insignificant)
Refer to Auditing notes chapter 2, page 2/24 – 2/35 for comprehensive illustrative
examples.
Note, this is important as it will assist you to understand the application of being
able to:
1. Identify the threat to compliance to fundamental principles (with that, be able

to identify the principle that is threatened)
2. Evaluate the significance of the threat " for this one needs to apply
professional judgement.
3. Apply the correct safeguards to reduce the threat to an acceptable level "
the means in which the threat or risk is addressed (These are given in the
code).
Part 3 Rules regarding improper conduct (IRBA)

The opposite of “Professional Conduct” is “Improper Conduct’’.
Improper Conduct is defined as one of the following:
! Is the contravention of the ‘Auditing Profession Act’ and any other Act,
! Dishonesty, as a registered member, including:
o Theft, Fraud, perjury, bribery, corruption
o If the above has been committed during the time of carrying out work and
duties.
o In relation to any office of trust
! Failure to perform work with reasonable care and skill
! Evasion of any tax etc.
! Failing to account separately clients possessions
! Divulging confidential information
40

! Accepting contingent fees (remember it is permitted under certain circumstances)
! Accepting reward from a 3rd Party
! Vouching for the accuracy of forecasts
The following is also regarded as Improper Conduct:
! In regard to Trainee accountants’ contracts ,when performing the following

contraventions:
o Imposing restraints on the trainees after traineeship
o Requiring compensation from the trainees for cancellation of training contract
! Failing to comply to the responsibilities required to IRBA / other persons
! Contraventions committed in respect of relinquishing engagements
! Soliciting, advertising or canvassing for work
! Committing any contraventions of the IRBA Code
! Registered members’ conduct is in such way as to bring Profession into disrepute,
that is,
o Improper
o Discreditable
o Unprofessional
o Dishonourable
A Registered auditor found guilty of Improper Conduct may be sentenced to
# A caution or reprimand
# A fine not exceeding N$100 000
# A suspension of the right to practice for a specific period, or
# Cancellation or registration and removal of practitioner’s name from register
The sentence will depend on the severity of the crime, i.e. improper conduct.
41

STUDY GENERAL PRINCIPLES
UNIT 3 OF AUDITING
This study unit is based on Auditing Notes, Chapter 5, and the relevant ISA
standards, ISA 315, ISA 530 and ISA 500.
Content of the Study Units

GENERAL PRINCIPLES OF AUDITING ..................................................................................................... 42
Introduction to this Study Unit ..................................................................................................... 45
INTERNAL CONTROL.......................................................................................................................... 47
Part 2 Limitations of Internal control ............................................................................................ 49
Part 3 Definition of Internal control.............................................................................................. 50
Part 4 Components of Internal control ......................................................................................... 50
Part 5 Internal control in smaller entities ..................................................................................... 51
Part 6 The external auditor’s interest in internal control ............................................................. 52
REVISION ....................................................................................................................................... 52
AUDIT EVIDENCE ............................................................................................................................... 54
Part 2 Sufficient appropriate audit evidence ................................................................................ 55
Part 3 Financial statement assertions ........................................................................................... 58
Revision ......................................................................................................................................... 60
THE AUDITOR’S TOOLBOX................................................................................................................. 62
Part 2 Why perform test of controls? ........................................................................................... 64
Part 3 Why perform substantive procedures?.............................................................................. 66
Part 4 Vouching and verifying? ..................................................................................................... 66
AUDIT SAMPLING .............................................................................................................................. 67
Part 1 Principles of sampling ......................................................................................................... 68
Part 2 Definitions .......................................................................................................................... 68
Part 3 Tests of controls and sampling ........................................................................................... 70
42

Part 4 Substantive procedures and sampling ............................................................................... 70
Part 5 Statistical versus non-statistical approaches...................................................................... 70
Part 6 Steps in the sampling exercise ........................................................................................... 71
Part 7 Conclusion .......................................................................................................................... 73
AN OVERVIEW OF THE AUDIT PROCESS................................................................................................ 74
REQUIREMENTS OF ISQC1 ................................................................................................................ 78
Part 2 The elements of a system of quality control ...................................................................... 79
Part 3 ISA 220: Quality Control for Audits of Historical Financial Information ............................. 83
Part 4 ISA 220: Role of the engagement partner .......................................................................... 83
Part 5 Conclusion .......................................................................................................................... 83
REVISION ....................................................................................................................................... 83
PRELIMINARY ENGAGEMENT ACTIVITIES ......................................................................................... 85
Part 1 Prospective clients .............................................................................................................. 86
Part 2 Continuance with an existing client ................................................................................... 86
Part 3 Compliance with standards ................................................................................................ 86
Part 4 Procedures to gather “preliminary engagement information”.......................................... 87
Part 5 Establishing the terms of the engagement ........................................................................ 87
SUMMARY - STUDY UNIT 6.1 ........................................................................................................ 88
REVISION ....................................................................................................................................... 89
PLANNING ......................................................................................................................................... 91
Part 2 The overall audit strategy ................................................................................................... 94
Part 3 The audit plan itself ............................................................................................................ 95
Part 4 Materiality .......................................................................................................................... 96
Part 5 Planning and conducting risk assessment procedures ....................................................... 96
Part 6 Planning further audit procedures based on the risk assessment ..................................... 98
RESPONDING TO ASSESSED RISK .................................................................................................... 100
Part 1 Overall response at financial statement level .................................................................. 101
Part 2 Audit procedures to respond to the assessed risk of material misstatement at the
assertion level (further procedures) ........................................................................................... 101
Part 3 Other audit procedures carried out to satisfy the requirements of the ISA’s ................. 102
EVALUATING, CONCLUDING AND REPORTING ............................................................................... 103
Part 1 Sufficient, appropriate evidence ...................................................................................... 104
43

Part 2 Uncorrected misstatements ............................................................................................. 104
Part 3 Applicable financial reporting standards.......................................................................... 105
Part 4 Events occurring after the balance sheet date ................................................................ 105
44

Introduction to this Study Unit
This study unit is aimed at establishing general principles of auditing and the main functions
of each stage of the auditing process.
The stages of the audit process are illustrated in the table below:
STAGES ACTIVITIES PER STAGE

PRE-ENGAGE-
MENT Acceptance of the engagement
ACTIVITIES
(ISA’s 220, 300 (R), 210, ISQC 1, SAAPS1)
PLANNING Obtain knowledge of the Obtain an understanding of the

entity and its environment accounting information and internal
(ISA 315(R)) control system
Study Internal Decide not to rely on

controls internal controls
Evaluate inherent risk

Evaluate control risk
(ISA 200 & ISA 315 (R))
Lower than maximum Maximum
Determine Materiality Set Detection risk
ISA 200, 320, 330R, BD6 (ISA 200, ISA 315R
Determine nature, timing and Determine nature,

No tests
extent of substantive timing and extent
of
procedures of tests of controls
controls
ISA 200, 315R, 300R, 330R ISA 200, 315R
AUDIT
PROCEDURES ISA’s
Perform Perform tests of controls
500,501,505,510,520
substantive (combined approach)
,530,540,545,550,58
procedures ISA 315R, 330R, 500
0,600,610,620,IAP’s
10005,1010,1012,
1013, SAAPS Evaluate results Evaluate results
4&SAAPS 1100
COMPLETION Conclude (ISA 330R, 560, 570, SAAPS4), formulate an audit opinion (ISA
700,701) and report (ISA 710, 720, 800, ISRE 2400, ISRSs 4400, 4410, SAAPS 2,
SAAPS 3)
45

The role of the ISAs (International Standards on Auditing
Namibia follows the example and guideline of South Africa. South Africa has adopted the
IFAC auditing standards. As you can see above there are many activities that form part of
the auditing process. These activities are guided by the ISAs as to how the audit process is
to be conducted. These statements do not contain detailed list of procedures but rather
objectives and comments as to how that can be achieved.
Study and review the background on each stage in detail in Chapter 6, the
introductory section.
46

STUDY
UNIT 3.1 INTERNAL CONTROL
! Briefly explain what is internal control and to whom is it relevant

! Understand the purpose of Internal control
! give the definition of internal control;
! name the inherent limitation of controls/internal controls;
! explain when a control is relevant to an audit as well as the auditor’s reaction with
regard to relevant controls;
! name the sources of information to obtain knowledge of accounting systems and
controls;
! name the components of an internal control system;
! name the matters that will affects the control environment.
47

Part 1 Introduction
Before we delve into internal controls, we need to understand the following:
o Why do we need internal controls?

o What do they achieve?
o What is their purpose?
We are all exposed to certain ‘internal controls’ every day of our lives. E.g. when you draw
money from the ATM, the machine asks you for a PIN. Or when you enter a train, you are
required to present a valid ticket in order to enter the train.
These controls are to address and limit potential risks.
The Bank is protecting the customer and themselves against the risk of theft.
The risks relating to issuing train tickets may not be that obvious. There are two components
to this matter. Firstly, a ticket or receipt is a “proof of purchase” which provides the customer
with a means of protecting himself from the risk of being wrongly accused of taking a free
ride. Secondly, the issuing of a ticket or receipt will be one of a number of controls which the
business selling the ticket or issuing the receipt, implements to address the risk that its
employee makes a sale for which there is no record of and seals the “proceeds”.
The purpose of internal control is to address the risk of something undesirable, unintended
or illegal from occurring.
Internal control from a business perspective
Risks in a business would have to be identified in order to formulate the most appropriate set
of internal controls. These would include addressing the risks associated with such matters
as:
! Safeguarding the assets of the company, e.g. inventory, from theft or damage
! Preventing fraud
! Complying with the laws and regulations applicable to the entity
! Producing reliable financial information necessary to run the business and satisfy the
financial reporting requirements, e.g. the AFS
! Operating the business efficiently and effectively
Now whose responsibility is internal control?

If you think back to Study Unit 1, you need to understand the difference between ownership
and management. The shareholders (the owners) normally appoint a Board of Directors,
who we call ‘those charged with governance’, these are the managers of the business.
If responsibility of managing a business lies with the Board of Directors, they are then also
seen primarily responsible for the effective functioning of internal controls. Ultimately all
employees are responsible but the primary responsibility lies with those charged with
governance.
! The Board of Directors will have overall responsibility and accountability, especially
for identifying the risk of the business which need to be addressed.
48

! Management at all levels will also be involved in the process of identifying risk and
will be primarily responsible for designing and implementing (putting in place) the
necessary books, records, documents, policies and procedures. They are also
responsible to ensure that these policies and procedures are carried out properly and
timeously and that they remain effective.
! Most of the time the ordinary employees are responsible for executing the internal
control procedures, e.g. signing a document, issuing a receipt, reconciling an account
and the success of the procedure will depend on them. In addition, ordinary
employees often have a far better understanding of their functions and may be well
placed to participate in the risk assessment process.
Internal controls have limitations that would reduce the effectiveness thereof, thus they are
best applied in combination with other controls.
TO SUMMARISE:
Internal controls:
! Is a process
! Effected by people
! Are not the sole responsibility of management
! Are not static
! Are not fool proof
! It’s not a case of a single control addressing a single risk.
Part 2 Limitations of Internal control

Due to the summary as listed above, internal controls may be well designed and seem to be
effective theoretically, but when it comes to the practical application, it will not be effective
due to certain limitations. These are listed below:
$ The cost of applying the control should not exceed the expected benefits to be
derived (cost/benefit)
$ The tendency for internal control to be directed at routine transactions rather than
non-routing transactions
$ The potential for human error due to carelessness, distraction, mistakes of
judgement and the misunderstanding of instructions
$ The possibility of circumvention of internal controls through the collusion of a
member of management, or an employee, with parties outside or inside the company
$ The possibility that a person responsible for exercising an internal control could
abuse that responsibility, for example, a member of management overriding an
internal control
$ The possibility that procedures may become inadequate due to changes in
conditions and therefore, compliance with procedures may deteriorate.
49

Part 3 Definition of Internal control
If you refer back to the introduction to internal control, internal control can be defined as the
process affected by Board of Directors, Management and staff and designed to provide
reasonable assurance regarding the achievement of certain objectives in 3 categories:
1. Economy, efficiency and effectiveness of operations

2. Internal financial control
3. Compliance with laws and regulations
Part 4 Components of Internal control

Internal controls are drawn up on a framework that suggests that such controls consist of
five components.
The five components are briefly addressed below:
COMPONENTS MEANING EXAMPLES
! Integrity and ethical values

It involves those controls ! Commitment to competence
that allow an ! Managements’ philosophy &
Control
1 environment that operating style
environment
promotes good internal ! Organisational structure
controls. ! Assigning authority & responsibility
! Human resource policies & practices
The activities that involve

proper risk assessment
! Define the objectives of the entity
Risk so that the controls can
2 ! Identify and assess risks
Assessment be designed
! Responding to those risks
appropriately so as to
reduce potential risks.
This is the system in ! Valid, accurate and complete

which the controls will be ! Procedures to deal with transactions
Information
3 exercised, and what (e.g. initiation, recording, processing
system
stages of a transaction it etc.)
entails, e.g. recording ! Journal entries
! Actions, procedures supported by

Relates to those
policies (e.g. approval, authorisation,
activities that ensure
Control segregation of duties, access
4 proper supervision and
Activities control, comparison/reconciliation
monitoring of effective
! Preventive-, detective controls
controls.
! General- and application controls
Monitoring of ! Assessment over time

5
Controls
! Are objectives being met?
50

! Assessment at all levels (e.g.
directors, management, department
heads)
! Independent assessment (e.g.
internal audit, external bodies,
customers)
! Remedial action
For each component, study the detail and background in Chapter 5, for
subsection 4.
Out of the above it is evident that the general characteristics of a good internal control
environment can be summarised as follows:
! Document design (D)

! Isolation of responsibilities (I)
! Segregation of duties (S)
! Control environment (C)
! Competent and trustworthy staff (C)
! Custody/access controls
! Comparison and reconciliation (C)
! Using the technique of acronyms we can create a phrase such as DISCCC. This
will allow you to remember the general characteristics of a good internal control
environment.
Part 5 Internal control in smaller entities

There are three main reasons why the controls as described above will suit a larger
company better than a smaller one, these are:
1. The control environment

This is largely driven by the tone at the top as management in smaller entities
normally work closely with the employees, thus they may be easily influenced and
exposed to the attitude towards controls of those of management.
Segregating duties becomes more challenging due to a smaller workforce. Thus
there may be controls that cannot be performed or risk being overridden due to this
fact.
2. Risk assessment process
Normally in a smaller entity there is no formal committee assigned with this
responsibility. The Managers and staff also normally do not have the time nor
resources to do such an assessment.
3. The information system
51

There are usually less control activities in place to reduce the risk of unauthorised
transactions, inaccurate or incomplete recording, normally due to lack of staff and/or
resources.
4. Control activities
Due to lack of segregation of duties, refer above, control activities become
incompatible.
5. Monitoring
As directors are normally involved in the day-to-day running of the business, they
normally have little time left to monitor facts, figures and performance.
Part 6 The external auditor’s interest in internal control

The financial statements are a product of the business’ information system. The information
system includes the accounting system. Therefore, the auditor believes that the better the
internal control process, the more likely the financial statement are to fairly present.
ISA 315 - “identifying and assessing the risks of material misstatement through
understanding the entity and it’s environment” states that the auditor needs to identify and
assess the risks of material misstatement. Thus the auditor may be interested in the entity’s
risk assessment process as this will enable the auditor in obtaining further knowledge of the
entity. ISA 315 also requires the auditor to obtain an understanding of the entities’ internal
control environment by evaluating the entity according to the 5 components of internal
control.
REVISION
1. Briefly discuss the elements of the control environment that may be relevant when
obtaining an understanding of the control environment.
2. Explain when a control would be relevant to the audit as well as the auditor’s reaction with
regard to the relevant controls.
52

ANSWER
Part A:
1. Communication and enforcement of ethical values
2. Commitment to skill and competence
3. Control – awareness of management
4. Management’s philosophy and management style
5. Organisational structure of the entity
6. Assignment of authority and responsibility
7. Human resources policy and practice of entity
Part B:
1. A control is relevant to the audit if it addresses the risk of material misstatement of
transaction level
2. Extent of understanding of relevant controls that should be obtained:
a. Evaluate design – is control able to prevent, identify and correct material
misstatement?
b. Determine implementation – do controls exist and are they used by the
entity?
c. Perform risk assessment procedures to obtain an understanding of controls
COMPONENTS OF A CONTROL SYSTEM
CONTROL ENVIRONMENT (F/S INTERNAL CONTROL

Level) (Transaction level)
Communication ethical principles Comparing recorded assets to
Physical assets
Commitment to competence Approval/authorisation of transactions
Control awareness of management Comparing internal with external data
Management philosophy and style Budget control
Organisational structure Reconciliation/control account
Assignment of authority Segregation of duties
Personnel policy and practice
RISK ASSESSMENT PROCESS OF INFORMATION SYSTEM FOR FINANCIAL

ENTITY REPORTING
How management identifies business Process by which financial information is
risks is collected and processed collected and processed
How management addresses business Actions by management with business risks
risks
MONITORING OF CONTROLS
Supervision over daily activities by
senior personnel
Checking of work by independent
personnel
53

STUDY
UNIT 3.2
AUDIT EVIDENCE
! briefly explain what entails sufficient, appropriate evidence

! explain the meaning of each assertion
! describe the hierarchy of reliability of information
! State the factors that can influence whether evidence is sufficient, appropriate
54

Part 1 Introduction
Gathering audit evidence is fundamental to an audit opinion. The auditor has a duty to
gather evidence to support his or her opinion on whether the assertions of the directors,
embodied in the annual financial statements are fairly presented. If you refer back to study
unit 1, you will know that the directors are technically employed to look after the interests of
the shareholders in the business. Thus annually, the directors report back to the
shareholders on the progress and state of the business in the form of annual financial
statements. This is what the auditors test, whether what the directors present is fairly
presented.
ISA 500 – ‘Audit Evidence’, states that “the auditor should obtain sufficient, appropriate audit
evidence to be able to draw reasonable conclusions on which to base the audit opinion.” The
key term here is “sufficient appropriate audit evidence”.
So what does this mean?
Part 2 Sufficient appropriate audit evidence

2.1 Sufficient evidence
Sufficiency of evidence translates to ‘quantity of audit evidence. Thus, the auditor must
consider whether he/she obtained enough audit evidence to support the audit opinion.
Some factors can cause complications to the quantity of evidence, such as:
- Procedures are conducted on samples of a population, i.e. only a percentage

of an entire account balance. (We will look at this a bit later)
- evidence about an assertion is not gathered on one single procedure
- The risk assessment of an entity can influence the amount of testing required.
Thus at the end of the day an auditor needs to apply professional judgement as to what
entails ‘sufficient’ audit evidence to support their opinion. This would translate to the “extent”
of testing as determined in an audit plan. This will be dealt with in more detail when we come
to audit planning.
2.2 Appropriate evidence
The appropriateness of audit evidence relates to the quality of audit evidence. This can be
broken down further into two components:
1. Reliability of evidence, i.e. looking at the source from which the evidence is obtained
and its nature (what type of evidence is it).
2. Relevance of the evidence – relevance to the assertion that is being audited
(a) Reliability
The more the evidence is obtained from external parties (external to the entity that is being
audited) the more reliable it is, obviously the primary consideration is always to consider
whether the company/person from which the evidence is obtained is competent, reliable and
trustworthy.
55

There is a hierarchy that allows explaining the reliability of evidence from most reliable to
least reliable, it is summarised as follows:
MOST
SOURCE EXPLANATION
RELIABLE
Evidence developed by
E.g. the auditor would personally inspect
1 the auditor is most
a document/asset.
reliable
Evidence provided by As this was not passed through the client

3rd parties (external and provided the conditions below are
2
parties) as opposed to met*, the client may not be in a position
the client. to influence or manipulate information.
Evidence provided by Client may have had the opportunity to

3 the 3rd party but passed manipulate or tamper with the information
through the client before providing it to the auditor.
If the system is not reliable the

information it generates is not reliable.
Evidence generated Thus the same will apply if the system is
4
through the system. reliable and the related internal controls
applied are effective the information will
be more reliable.
It lacks independence as the persons

LEAST Evidence provided by
5 responsible for the assertions are also
RELIABLE the client
providing the evidence.
*Note – in all of the cases one needs to consider whether the parties providing the
information (this includes the client, point 5) are independent, reputable and competent,
otherwise it will diminish the reliability of that information obtained.
Some additional pointers to remember in regard to the reliability of evidence:
- Written evidence (whether electronic or in paper form) is more reliable than

oral evidence as oral evidence is easily misinterpreted or easily denied
- Original documents are deemed more reliable than photocopies or facsimiles
as it is argued that photocopies/faxes can be manipulated.
(b) Relevance
The relevance of audit evidence is important to consider what assertion the auditor is trying
to address with the audit procedure. Audit Assertions will be dealt with in more detail in the
next subsection. Maybe spend 5 minutes to have a look at the table of the assertions per
item on page 55.
56

If we can make it practical, let’s imagine you are the store manager of the student cafeteria
on campus. If you want to verify what goods you have left in the kitchen, i.e. stock items, will
you inspect the stock in the storeroom/pantry or will you count the cash in the teller?
As you can see your ‘procedure’, or activity, is driven by your objective. The objective is
finding out how much groceries/stock is left in the kitchen. The activity is then linked to the
objective, i.e. meaning you will then have to do something that meets that objective.
In the same way in auditing, the ‘objective’ of a procedure is the ‘assertion’ you would want
to address. And the ‘activity’ is what we call the audit procedure to meet that objective.
Thus if we come back to executing procedures that are relevant, will it be relevant to your
objective if you count your petty cash in the teller?
No -> as this will address a totally different procedure or assertion. Therefore you would
probably have to go and do a stock count, or inspection in the kitchen’s pantry/storeroom to
determine what you have left and what food items have expired.
Lastly, what you have to remember is that a single procedure will not necessarily be relevant
to only one assertion, but again the procedure may provide evidence relevant to a number of
assertions.
2.3 Factors that can influence whether evidence is sufficient, appropriate
Although these factors are not the end and be all, one needs to apply professional
judgement in determining whether evidence is sufficient and appropriate. The following
factors would indicate matters that can influence this decision:
1. The assessment of inherent and controls risk of the entity -> The higher the risk
assessed (to be covered under ‘Planning’), the more evidence from more reliable
sources is required
2. The materiality of the item being examined-> the materiality equates to the
significance and ‘size’ of the account, thus it is presumed that it will more likely
contain material misstatements. Thus the auditor will be more concerned in obtained
sufficient, appropriate audit evidence.
3. Experience gained during previous audits -> as the auditor gains an understanding
and of the client and the business, he/she will be able to identify potential problem
areas and allow better focused attention on the audit.
4. Results of audit procedures already conducted -> E.g. testing the existence of
debtors proved highly successful, the auditor may consider limiting further tests on
the same account and assertion. The opposite also applies.
5. Source and reliability of information available -> The auditor’s first choice is to
obtain the best reliable evidence possible, yet if this is not possible, he/she may need
to obtain additional ‘less reliable’ evidence to be in a position to form an opinion.
6. The persuasiveness of the audit evidence -> E.g. evidence gathered in one
section of the audit which is supported or corroborated by evidence from another
section of the audit will be more persuasive than had the evidence contradicted itself.
57

2.4 Audit procedures for obtaining audit evidence
Audit evidence is obtained by performing certain of what we call ‘audit procedures’. These
procedures are made up of the following:
! Risk assessment procedures (this is usually conducted during the planning and
completion stages of the audit)
! Further audit procedures, the majority makes up the centre stage of the audit, these
are combined in one of 2 options:
1. Combined Approach =>Where a combination of tests of controls (these test
the internal controls implemented in the system of the client) and substantive
procedures (the form of procedures are slightly different than tests of controls)
2. Substantive Approach => Where primarily only substantive procedures are
performed to obtain audit evidence
[Note: You can never perform only tests of controls; you need to perform at
least some substantive procedures as required by ISA. We will look at the
reason for this a bit later]
When we refer to ‘substantive procedures’ it includes two forms thereof: Tests of detail and
substantive analytical procedures.
Part 3 Financial statement assertions

The financial statements presented to the shareholders (owners) embody the assertions of
the directors (management) concerning the financial position and results of operations of the
company.
ISA 315 – “Identifying and assessing the risks of material misstatements through
understanding the entity and its environment”, states what assertions are relevant to what
part of the financial statements.
Study the categories, assertions and meaning thereof under ISA 315 in
Chapter 5.
Note, when you summarise the assertion, you can also rephrase each to
state a question, as the assertions essentially translate into the objectives of
the auditor.
When it is referred to as transactions & events it refers to the ‘Income Statement’ or the
statement of comprehensive Income, as this indicates the results and transactions that have
been generated over a 12 month period (representing the 12 months of the financial year of
the client). Thus the assertions are different to that of Assets, Liabilities, as these only
represent balances as at a certain point in time. It is like a ‘snapshot’ of the year-end at that
date what the balances of the business are. As a business generates its profits from how
much income it earned and what expenses have been deducted, it is important for the
shareholders to know,
58

! Has all the income that should have been recorded, i.e. that was generated by the
business, actually been recorded? (Assertion: Completeness of Income)
! Has this income been recorded correctly? (Assertion: Accuracy of Income)
And so we can continue with each assertion to each line item that makes up the
Income Statement.
In the same way we can ask the relevant questions on the Balances. Now what makes up
the Balances? Think back to financial accounting, this would be your Assets, liabilities,
equity interest. Are the assertions the same for the balances as for the income statement?
No, not necessarily, the objective is different in each case, so some of the assertions may be
applied to both, yet you would phrase the objective differently.
NB: IT IS IMPERATIVE THAT YOU SUMMARISE THE MEANING OF THE ASSERTIONS

PER CATGORY OF THE FINANCIAL STATEMENTS!
(Refer to Chapter 5 of the book or ISA 315)
If we can summarise the relevance of each assertion per category, the following table would
apply:
Presentation &
Assertion Transactions/events Balances
disclosure
Occurrence ! !
Completeness ! ! !
Accuracy ! !
Cut-off !
Classification ! !
Existence !
Rights & Obligations ! !
Valuation & Allocation ! !
Study the examples 1 &2 given under this subsection, Financial Statements
assertions, and ensure you understand the application thereof.
Note, that If you rephrase the assertion to be as a question it will assist you
with the application thereof to each line item.
You must first understand the meaning of an assertion before you can apply
it to the line-item.
59

Revision
Answer the following questions:
What are the limitations if Internal Control?
State the characteristics of a good internal controls environment using the technique given:
DISCCC
What is sufficient evidence? __________________________________________________
What is appropriate evidence, and provide the two components?
_________________________________________________________________________
State the reliability of evidence according to its Hierarchy of most reliable to least reliable
_________________________________________________________________________
60

Complete the tables below:
ASSERTIONS RELATING TO TRANSACTIONS AND EVENTS
ASSERTION MEANING OF ASSERTION
1 Occurrence
2 Completeness
3 Accuracy
4 Cut-off
5 Classification
ASSERTIONS RELATING TO ACCOUNT BALANCES
ASSERTION MEANING OF ASSERTION
1 Existence
2 Rights & Obligations
3 Completeness
Valuations &
4
Allocation
Answers are obtained from the Study book and its material.
61

STUDY THE AUDITOR’S TOOLBOX
UNIT 3.3
! State what are the procedures the auditor uses to gain audit evidence
! briefly explain why the auditor performs test of controls
! explain what is “risk of material misstatement”.
! State the procedures to be carried out for each form of audit procedure separately
! understand why we still need to perform substantive procedure, and what influences
this decision
! state the difference between vouching and verifying
62

Part 1 Introduction
In order to express an opinion on the fair presentation of the financial statements, the auditor
has to gather enough evidence to support that opinion. The auditor performs risk
assessment procedures in order to determine the areas of focus required for the audit. E.g.
let’s assume you are the auditor of the campus cafeteria. What, based on the nature of the
business, would be an increased risk of material misstatement? Think about it….
What is “risk of material misstatement”?
Risk of material misstatement is a risk of a ‘significant error’, i.e. what is the risk of
something being wrong in the financial statements that is significant, not just correctness but
validity, or in other words all the assertions as listed in unit 3.2.
Remember the auditor issues an opinion to say that the financial statements are fairly
presented, i.e. that they are reasonable within the conditions set out for the audit. This is
what we call reasonable assurance. The conditions are determined by something like a
materiality level, what is material and what is not material for the purposes of the audit. Refer
to page 14.
Now, back with the example of the cafeteria, there are many cash transactions happening as
sales are being made, right? So what is the risk on Sales? Incomplete sales, i.e. that not all
sales that have taken place have been recorded as cash may have been misappropriated
(stolen). Thus risk assessment indicates to us where we need to focus our resources and
attention to.
So by performing audit procedures and gathering evidence about a certain risk, we are
minimising that risk to an acceptable level. This is done until the risk determined during
planning is reduced to such an extent that we can issue an opinion
As previously mentioned there are certain audit procedures to gather audit evidence by
performing:
1. Risk assessment procedures

2. Further audit procedures
a. Tests of controls
b. Substantive tests
The procedures for carrying out the above are laid out in a table below:
Risk Assessment Substantive procedures Tests of Controls
Enquiry Re-performance Re-performance
Inspection Inspection Inspection
Observation Recalculation Enquiry
Analytical procedures Observation
Enquiry and confirmation
63

As you can see the procedures will be categorised in terms of what the auditor is trying to
achieve. Thus you can have one procedure in each category, like enquiry.
Remember, audit procedures MUST include HOW, WHAT, WHY
% HOW: Requires use of verb (action) - which should describe action. Avoid use of
“ensure” or “check”!!!
% WHAT: A reference to the source document is required here.
% WHY: Sets out the reason for the audit procedure with regards to audit objective.
EXAMPLE:
Inspect minutes of director’s meetings to confirm that the purchase of motor vehicles was
authorized.
(1) “Inspect” – is the verb (HOW), the activity
(2) “minutes of Directors’ Meetings” – source document (WHAT)
(3) “confirm, that transaction was authorized” – reason for audit objective (WHY)
Part 2 Why perform test of controls?

Your output depends in what you put in. E.g. when you want to bake a cake, your
ingredients (your input) would have to be relevant to cake backing for you to be able to bake
a cake. If you put in eggs, sugar, a spanner and three screws, what will you get? Definitely
not a cake! In the same way when you expect to have reliable information on a set of Annual
Financial Statements the input and how you process that information must be relevant and
reliable.
64

If we can illustrate it by means of a flowchart:
Accounting System
• Credit Sales & Controls
• Increase Debtor
Transaction Balance
• Perform customer
credit check • Increase Sales
• Check Credit Limit
• Manager to
Authorize
Transactions Balances & Total
A transaction is generated by a sale that took place on credit. Just as if you were to walk into
Mr Price and buy clothes on your account. Mr Price has generated a credit sale to you, but
on your account. That would entail checking whether you are still within your credit limit, and
where it is exceeded the manager usually needs to authorise such credit.
This transaction was in other words subjected to certain controls put in place relating to
credit sales. These controls occur usually in and around the accounting system.
The ultimate entry would be to Increase Mr Price’s Sales Account, and increase their
Debtors;you.
As you can see if these controls are not functioning properly, you could get incorrect or
invalid information that forms part of your ‘output’, the financial statements. Thus the auditor
is interested in seeing how effective the controls are and are they suitably designed to
prevent or detect errors.
The auditor will thus want to test the accounting system and related controls to identify
whether they produce reliable balances and totals. These tests are what we call tests of
Controls.
So the question remains, where do substantive tests fit in?
If the auditor has determined that the control environment is strong (partly determined after
our risk assessment) he/she may want to decide to rely on the controls and perform tests of
controls. Thus as deemed that the controls are strong, the auditor is more confident that the
balances and totals are fair and hence will need to spend less time on verifying
(substantiating) the balances and totals.
As mentioned the auditor is required to perform at least a minimum amount of substantive

procedures, regardless of the level of reliance placed on controls. This is because,
65

! All internal control systems have inherent limitations, refer to subsection 3.1,
which make them less effective
! The control system may have been effective at the time the auditor performed
his test but bot at other times of the year.
! Testing controls only reduces the control risk; you may still be left with
inherent risk. (Dealt with further in Chapter 6, 7)
Tests of controls are performed to obtain evidence of whether:
! Controls are suitably designed to prevent or detect and correct material

misstatements, and
! These controls operated effectively throughout the period being audited
Successful tests of controls will reduce the extent, and possibly, change the nature of
substantive tests, but cannot eliminate the need to perform substantive tests.
Part 3 Why perform substantive procedures?

The auditors’ objective is to express an opinion on whether fair presentation has been
achieved in the annual financial statements. Tests of controls alone, do not provide
sufficient, appropriate evidence on balances, transactions and disclosures, thus the auditor
would have to also perform substantive procedures. Further, substantive procedures
provides a means on trying to detect any fraudulent activities, whereas tests of controls do
not as these only test whether a control was functioning, but will not pick up whether there
was any e.g. collusion or unauthorised activity within an account.
As mentioned, substantive procedures can be clearly distinguished between two types, test
of detail or analytical procedures.
Part 4 Vouching and verifying?

Both of these terms relate to acquiring evidence by means of a combination of procedures.
Vouching " relates to the audit of transactions. This could include obtaining evidence about
a line item of its primary assertions, e.g. on a sales transaction, this would include inspecting
documentation, enquiring of certain discounts allowed, test the arithmetical accuracy of an
invoice by re-computation.
Verify " relates to the audit of balances. This e.g. would include verifying the debtors
balance by means of written debtors’ confirmation, make enquiries as to how the allowance
of Bad debts was calculated, and re-preforming the aging of debtors.
66

STUDY
UNIT 3.4 AUDIT SAMPLING
! briefly explain what is sampling

! explain the concept of extrapolation
! state the definitions of ISA 530
! describe the steps to be following in a sampling exercise
! state the difference between statistical- and non-statistical sampling
67

Part 1 Principles of sampling
As an auditor walks into a business, he/she may be subject to certain constraints of time and
resources. Thus it will not be possible to audit every single transaction. Thus sampling aims
at determining a way in which a population is subject to selection, every transaction has an
equal chance of being selected, yet allowing the auditor to ultimately only test out of that
population a percentage. This is what we call sampling.
We the auditor applies sampling, the evidence gathered is not the only evidence gathered,
we may perform analytical procedures to corroborate our findings.
Once the test has been performed and a conclusion was reached on the sample, we still
need to extrapolate the results of the sample over the entire population. This is because the
sample only is a representation of the population. If our opinion is formed over the
population, we must make sure our conclusion relates to the population. Remember we
talked about reasonable assurance (revisit Unit 1). Reasonable assurance refers to that
there are no material misstatements, i.e. no material/significant errors. We do not give an
opinion on absolute assurance. The reason for this is that we do not test the entire
population but we draw a sample out of it.
Now, Extrapolation means “to infer or estimate by extending or projecting known

information”. (www.thefreedictionary.com/extrapolation) This means you are taking the data
that you have determined and estimate it or project it over the population.
We must remember that some items, due to the nature of the account/population the entire
population may need to be tested. These are things e.g. like Directors’ Loans, or Minutes of
Meetings, as these are subject to Corporate Governance - and Company’s Act requirements
that are relevant regardless how large or small the matter may be. E.g. if an unauthorised
Loan was granted to a Director that does not meet the requirements of the Companies’ Act,
yet it may only be N$1000, it still becomes a reportable matter. This is what we call the
nature of a misstatement.
Part 2 Definitions
ISA 530 – “Audit Sampling” provides the following definitions:
WORD MEANING
Audit Sampling “applying audit procedures to less than 100% of the items within a
population, such that all units have a chance of selection”
Anomaly “A misstatement or deviation that is demonstrably not representative of

misstatements or deviations in the population”
Population “Means the entire set of data from which a sample is selected and
about which the auditor wishes to draw conclusions. E.g., all items
included in an account balance or a class of transactions are
populations. A population may be divided into strata, or sub-
populations, with each stratum being examined separately.
68

Sampling risk The risk that the auditor would reach a different conclusion had he
tested the entire population instead of only the sample.
There are two types of sampling risk:
Overestimating the audit – test of controls are less effective than they
actually are, or a material error exists when in fact it does not. This
would affect audit effectiveness and usually lead to additional work
being carried out.
Underestimating the audit – tests of controls are more effective than

they actually are, a material error does not exist when in fact it does
Non-sampling The risk that the auditor arrives at a wrong conclusion for a reason not
risk related to sampling risk. E.g. He has applied the sampling plan
incorrectly, misunderstood the results of the sampling exercise.
Sampling unit Means the individual items constituting a population, e.g. cheques
listed on deposit slips, credit entries on Bank statements, sales
invoices.
Statistical Means following any approach that has the following characteristics:
sampling
! random selection of a sample, and
! use of probability theory to evaluate sample results, including
measurement of sampling risk
If a sample does not have the above characteristics it’s what we call a
non-statistical sampling method.
Stratification “is the process of dividing a population into sub-populations, each of

which is a group of sampling units which have similar characteristics
(often monetary value) e.g. debtors balance in excess of N$15,000.
Tolerable rate of “A number or percentage set by the auditor in respect of which the
deviation auditor seeks to obtain an appropriate level of assurance that the
number/percentage set by the auditor is not exceeded by actual
deviations in the population.
E.g. the tolerable rate of deviation is set at 10%, if we have determined

with testing the sample that the errors (deviations) as a percentage of
the total is 12%, then the tolerable rate was exceeded. In other words,
the 10% tolerable rate of deviation is the rate of errors the auditor is
willing to accept (tolerate).
Tolerable A monetary (financial) amount set by the auditor in respect of which

misstatement the auditor seeks to obtain an appropriate level of assurance that the
monetary amount set by the auditor is not exceeded by the actual
misstatement in the population.
69

E.g. imagine the tolerable misstatement is set at N$ 20,000. If you as
auditor identify errors in the population that exceed this amount,
E.g. N$ 24,580, this error would then exceed the tolerable

misstatement of N$ 10,000 as you are only able to tolerate total errors
to the maximum of N$ 10,000.
Part 3 Tests of controls and sampling

So far you have learned what do test of controls, internal control environment and sampling
mean. But how do they fit together?
The internal control environment is what represents the controls implemented by the client
that you are auditing. The test of controls are the tests you as the auditor are performing on
the controls implemented at the client to determine whether they function properly, i.e.
whether they were effective in their objective.
Let’s say the client has implemented a control where payments are being authorised. The
objective of the control is to ensure a payment request is supported by an invoice (and proof
of delivery – goods received note) so as to ensure all payments that are made are valid, i.e.
a service was rendered and no unauthorised payments are made. The control is
‘authorisation’ of the Financial Manager. The population would be all the expenses noted or
then all the payments made on the Bank Statement. Out of this population we would then go
and select certain payments on certain criteria, whether by nature or amount. Our audit
procedure would be a test of control (as we are testing the control), of inspecting every
cheque (cheque requisition) or EFT proof of payment for the Financial Managers’
authorisation.
Thus you can see a sample is used for when we want to perform audit procedures on a
certain population, whether we would perform test of controls or substantive procedures.
Part 4 Substantive procedures and sampling

As you can see form above, we would still apply sampling over a population regardless of
what type of audit procedures we would perform.
Part 5 Statistical versus non-statistical approaches

Non-statistical and statistical sampling are not mutually exclusive, in other words, certain
aspects of statistical sampling may be used when performing a non-statistical sample E.g.
the sample size may be decided upon on a judgemental basis (non-statistical) but the items
to be selected may be chosen using computer generated random numbers (statistical
approach). But for it to be a pure statistical sampling approach, it has to meet all the
characteristics as described in the definition.
70

Part 6 Steps in the sampling exercise
The steps to be taken on a sampling exercise remain the same regardless of whether you
choose to use the statistical- or non-statistical sampling method. The decision will be based
on professional judgement and will be based on the level of assurance required and the skill,
time available. These are laid out as follows:
1) Determine the objective of the procedure

Every purchase has a signed goods received note (GRN)
(You can link this in with the relevant assertion that you wish to test)
2) Determine the procedure to be performed
Specify error (deviation/misstatement) – e.g. absence of GRN
Purchase Journal"Purchase invoice"GRN
3) Confirm Population is Appropriate and Complete
All purchase units must be available for selection
4) Define units of the population
E.g. the number of entries in the Purchase Journal
5) Determine sample size
Note the Sample risk – risk that a different conclusion reached if whole population
is tested, professional judgment is needed.
Confidence level – as % how often a sample will correctly represent the
population. (Auditor to decide how confident you want to be on your conclusion –
the more confident, the larger the sample) – E.g. 90% on Sample of 100 Units, 90
reliable.
Tolerable Error – Extent of error the Auditor is willing to accept
3% on Sample of 100 Units, 97 should be reliable
6) Select the Sample
Random – Every unit has equal chance of selection
Systematic - Start at random point and select every 30th Unit
(See also haphazard & block)
7) Perform Audit Procedures
As determined in 2
8) Analyse the nature and cause of error
Auditor to analyse sample results to provide insight into errors as to reassess
associated risk
Management override may indicate possible fraudulent activity that is taking place.
If it’s an isolated/unique event: E.g. Errors committed of a Temp staff (who stood
in for permanent staff).
9) Project sample results over population
Calculate error rate (%) to arrive at computed error rate for population
10) Evaluation and Conclusion
Compare Computed population error rate to Tolerable error rate and conclude on
sample in terms of confidence level and precision set.
Imagine you have a population of 20 transactions, of which you need to select all with the
value of N$10,000 or more, with the given set of errors found:
71

Item/trans- Amount of Selected for Errors found
action no. Item/transaction sample in sample
1 10,000 10,000 1,000

2 35,000 35,000 -
3 5,500
4 7,500
5 78,900 78,900 500
6 8,900
7 35,000 35,000 1,500
8 3,000
9 25,000 25,000 -
10 2,500
11 100,000 100,000 10,000
12 250,000 250,000 -
13 570,000 570,000 -
14 5,500
15 35,000 35,000 500
16 65,000 65,000 500
17 2,500
18 8,500
19 1,000
20 7,500
1,256,300 1,203,900 14,000
The units in the population are 20 items. The random selection based on predetermined
criteria amounts to 10 items in the sample. The error rate is determined at 1.16%
(14,000/1,203,900).
So, N$14,000 errors were found in this sample. Of which the sample totalled, N$ 1,203,900.
This makes up 1.16% of total errors (misstatement) of the sample. If we were to extrapolate
that to the population, this would equate to 1.16% of 1,256,300, totalling a misstatement over
the population of N$ 14,609. This would then have to be assessed whether as auditors we
can tolerate (i.e. accept) this error rate or not.
Revisit the above section carefully and ensure you understand each concept/term and are
able to apply it.
Study the steps carefully in the book in Chapter 5, subsection 4.
72

Part 7 Conclusion
Evidence obtained from sampling is in itself not complete, but rather persuasive rather than
conclusive.
73

STUDY AN OVERVIEW OF THE AUDIT
UNIT 4 PROCESS
This study unit is based on Auditing Notes, Chapter 6, and the relevant ISA
standard, ISA 315, ISA 530 and ISA 500.
Content of Study section

REQUIREMENTS OF ISQC1……………………………………………………………………………………………………………….72
PRELIMINARY ENGAGEMENT ACTIVITIES
Part 1 Prospective clients………….……………………………………………….……………………………………………………81
Part 2 Continuance with an existing client………...................................................................................81
Part 3 Compliance with standards……………..………………………………….....................................................81
Part 4 Procedures to gather “preliminary engagement” information….………......................................82
Part 5 Establishing an understanding of the terms of the engagement….……......................................82
PLANNING
Part 1 Introduction……………………….…………………..…………………………………………………………………………….88
Part 2 The overall audit strategy...………...............................................................................................89
Part 3 The audit plan itself………….…………..…………………………………….....................................................90
Part 4 Materiality………….…………..………………………………………………........................................................91
Part 5 Planning and conducting risk assessment procedures…….………………………………………...............91
Part 6 Planning further audit procedures based on the risk assessment……….....................................93
RESPONDING TO ASESSED RISK
Part 1 Overall response at financial statement level……………..…………………………………………….…………..96
74

Part 2 Audit procedures to respond to the assessed risk of material misstatement at the assertion
level (further procedures)….……………...................................................................................................96
Part 3 Other audit procedures carried out to satisfy the requirements of the ISA’s …………………………97
EVALUATING, CONCLUDING AND REPORTING
Part 1 Sufficient, appropriate evidence……………………………………………………………………………………………99
Part 2 Uncorrected misstatements…………….........................................................................................99
Part 3 Applicable financial reporting standards……………………………………...........................................100
Part 4 Events occurring after the balance sheet date……………………………..........................................100
! Discuss the objectives of quality control policies and procedures to achieve these, both
at the level of the firm and at the engagement level:
a) Leadership responsibilities for quality within the firm;
b) Ethical requirements;
c) Acceptance and continuance of client relationships and specific engagements;
d) Human resources;
e) Engagement performance; and
f) Monitoring.
! Name and briefly discuss the issues that should be addressed as part of quality control
at the level of individual audits; and
! Discuss in detail the elements that relate to engagement performance at the level of
individual audits.
! define audit risk;
! discuss in detail the components of audit risk;
! discuss in detail the interaction between the different components of audit risk and the
effect on audit procedures; and
! in a case study, distinguish between matters that will affect inherent vs. control risk.
! briefly state the reasons why an auditor would perform engagement activities
! name the method of obtaining the engagement activity information as well as the
sources from which it will be obtained
75

! State the necessity and the minimum steps of establishing a letter of engagement
! State the preconditions of an audit
! Name at least five circumstances that will lead to the issuance of a new engagement
letter of a recurring audit
! Discuss in detail the steps required for setting the terms of the engagement
! State some of the procedures to gather “preliminary engagement” information
! Briefly explain the considerations you would have to apply when complying to ISA 220
and ISQC1, when it comes to considering the appointment of a new or existing client
! State what are some of the considerations you would have to evaluate whether you
would accept a new business client or continue a business relationship with an existing
client
! indicate the purpose and result of audit planning;
! indicate the advantages of audit planning;
! briefly discuss the matters that are discussed in the overall audit strategy;
! in a case study, identify the aspects that will affect the scope, timing and focus of the
audit respectively, with reasons for your choices;
! name the matters that will form part of the audit plan;
! discuss the purpose of obtaining knowledge of the business;
! name the aspects on which knowledge must be obtained;
! briefly discuss the procedures (risk assessment procedures) that the auditor will
perform to obtain knowledge of the business;
controls;
! name the matters that will affects the control environment;
! briefly discuss what an entity’s risk assessment procedures entail;
! name examples of internal control procedures;
! briefly explain what business risk is;
76

effect on audit procedures;
! in a case study, distinguish between matters that will affect inherent vs control risk;
! briefly describe the considerations of the auditor when assessing the risk of material
misstatement;
! name examples of matters that will affect the risk of material misstatement of financial
statement level;
! name examples of matters that will affect the risk of material misstatement at assertion
level;
! explain what is meant by a significant risk as well as the minimum matters that an
auditor will consider to determine whether or not a risk is material;
! define materiality;
! explain the relationship between materiality and audit risk;
! briefly describe the difference between quantitative vs qualitative materiality;
! State what are the types of audit procedures used to respond to the risk of material
misstatement
! Identify some of the overall responses at financial statement level
! State what are some of the additional audit procedures required to respond to
assessed risk
77

REQUIREMENTS OF ISQC1
Part 1 Introduction
Before we continue on the requirements of ISQC1, you need to understand that ISQC 1 is
relevant to the audit firm, therefore you need to have an understanding of how an audit firm
is naturally structure. To illustrate this, refer to the table below:
Structure of an audit practice/firm
Managing Partner and executive Committee
Audit Section Specialist Section
Audit Partners Tax Information Management Etc.

Technology Consulting
Audit Managers Services
- Seniors
- Juniors
Professional
Staff
- Seniors
- Juniors
The purpose of this section is to establish standards and provide guidance on quality control.
This standard is not necessarily applicable to a specific audit, but rather applicable to the
audit firm/auditor that is performing the audit. It entails the manner and environment in which
the audit is being conducted.
It is important that auditors perform high quality audits for a number of reasons. Reputation
for high quality work is likely to attract additional clients and therefore help the practice to
grow and develop. In addition, if the audit work performed is of a high quality, this will give a
lower chance of the auditors falling into a trap of negligence claims by third parties, which
could be costly and can cause serious damage to the reputation of the organization.
Quality control and review procedures are important in the subject of modern auditing.
Quality control policies and procedures should be implemented at both the level of the audit
firm and on individual audits.
78

The audit firm should implement quality control policies and procedures designed to ensure
that all audits are conducted in accordance to Auditing Standards. The nature, timing and
extent of an audit firm's quality control policies and procedures depend on a number of
factors such as the size and nature of its practice, its geographic dispersion, its organization
and appropriate cost/benefit considerations. Accordingly, the policies and procedures
adopted by individual audit firms will vary, as will the extent of their documentation.
There are two documents on quality control that you should be aware of:
! International Standard on Quality Control 1 (ISQC1): This is an overarching

standard requiring that the firm should establish a system of quality control to ensure
that the firm and its personnel comply with professional standards (e.g. the ethical
requirements that are relevant) and regulatory and legal requirements.
! ISA 220 Quality Control for Audits of Historical Financial Information: This
document has a narrower scope, giving guidance to audit firm personnel regarding
quality control procedures to be followed during the course of an audit engagement.
One partner in the firm should be primarily responsible for each audit (the
engagement partner) and they are responsible for the overall quality of the
engagement.
Thus ISQC 1 is concerned with quality at the firm level, while ISA 220 is concerned with
quality at the engagement level.
Part 2 The elements of a system of quality control

The firm's system of quality control should include policies and procedures addressing each
of the following elements:
1. Leadership responsibilities for quality within the firm.

2. Ethical requirements.
3. Acceptance and continuance of client relationships and specific engagements.
4. Human resources.
5. Engagement performance.
6. Monitoring.
1. Leadership responsibilities for quality within the firm
The firm should establish policies and procedures designed to promote an internal culture
based on the recognition that quality is essential in performing engagements.
This is achieved through the following:
1. The firm assigns its management responsibilities so that commercial considerations

do not override the quality of work performed.
2. The firm’s policies and procedures addressing performance evaluation,
compensation and promotion are designed to demonstrate the firm’s overriding
commitment to quality.
3. The firm devotes sufficient resources for the development, documentation and
support of its quality control policies and procedures.
79

2. Ethical requirements
The firm should establish policies and procedures designed to provide it with reasonable
assurance that the firm and its personnel comply with relevant ethical requirements.
The firm's policies and procedures should emphasize the fundamental principles of the IFAC
Code of Ethics and reinforce them through:
! The leadership of the firm.

! Education and training.
! Monitoring.
! A process for dealing with non-compliance.
3. Independence
assurance that the firm, its personnel and, where applicable, others subject to independence
requirements (including experts contracted by the firm and network firm personnel), maintain
independence where required by the IFAC Code and national ethical requirements.
At least annually, the firm should obtain written confirmation of compliance with its policies
and procedures on independence from all firm personnel required to be independent by the
IFAC Code and national ethical requirements.
4. Acceptance and continuance of client relationships and specific engagements
The firm should establish policies and procedures for the acceptance and continuance of
client relationships and specific engagements, designed to provide it with reasonable
assurance that it will only undertake or continue relationships and engagements where it:
! has considered the integrity of the client and does not have information that would
lead it to conclude that the client lacks integrity;
! is competent to perform the engagement and has the capabilities, time and
resources to do so; and
! can comply with ethical requirements.
5. Human resources
assurance that it has sufficient personnel with the capabilities, competence, and commitment
to ethical principles necessary to perform its engagements in accordance with professional
standards and regulatory and legal requirements and to enable the firm or engagement
partners to issue reports that are appropriate in the circumstances.
Such policies and procedures address the following personnel issues:
! Recruitment; ! Performance evaluation;
! Capabilities; ! Competence;
80

! Career development; ! Promotion;
! Compensation ! The estimation of personnel needs.
a) Assignment of personnel to engagements
Audit work is to be assigned to personnel who have the degree of technical training
and proficiency required in the circumstances.
b) Engagement performance
The firm should establish policies and procedures designed to provide it with
reasonable assurance that engagements are performed in accordance with
professional standards and regulatory and legal requirements, and that the firm or
the engagement partner issue reports that are appropriate in the circumstances.
Matters to be addressed in the firm's guidance materials include the following:
! How engagement teams are briefed on the engagement to obtain an

understanding of the objectives of their work.
! Processes for complying with applicable engagement standards.
! Processes of engagement supervision, staff training and coaching.
! Methods of reviewing the work performed, the significant judgments made
and the form of report being issued.
! Appropriate documentation of the work performed and of the timing and
extent of the review.
The engagement process should include both:
a) supervision of the work as it is undertaken; and

b) review that it has been performed in accordance with professional
and legal requirements and that the evidence obtained is sufficient
and appropriate to support the conclusions drawn.
c) Consultation
The firm should establish policies and procedures designed to provide it with
reasonable assurance that:
! Appropriate consultation takes place on difficult or contentious matters;

! Sufficient resources are available to enable appropriate consultation to take
place;
! The nature and scope of such consultations are documented; and
! Conclusions resulting from consultations are documented and implemented.
Consultation includes discussion, at the appropriate professional level, with

individuals within or outside the firm who have specialized expertise, to resolve a
difficult or contentious matter.
81

Effective consultation with other professionals requires that those consulted be given
all the relevant facts that will enable them to provide informed advice on technical,
ethical or other matters.
d) Engagement quality control reviews
An engagement quality control review is an objective evaluation of the significant

judgments made by the engagement team and the conclusions reached in
formulating the report.
Engagement quality control reviews are required for:
! all audits of financial statements of listed entities; and

! other audits, assurance and related services engagements meeting
appropriate criteria set by the firm, e.g. nature, unusual circumstances or
risks, laws and regulations requiring a review.
This review is performed prior to signing the opinion and is often referred to as a 'hot'
review.
6. Monitoring
assurance that the policies and procedures relating to the system of quality control are
relevant, adequate, operating effectively and complied with in practice. Such policies and
procedures should include an ongoing consideration and evaluation of the firm’s system of
quality control, including a periodic inspection of a selection of completed engagements.
The purpose of monitoring compliance with quality control policies and procedures is to
provide an evaluation of:
! Adherence to professional standards and regulatory and legal requirements;

! Whether the quality control system has been appropriately designed and
effectively implemented; and
! Whether the firm’s quality control policies and procedures have been
appropriately applied, so that reports that are issued by the firm or
engagement partners are appropriate in the circumstances.
The firm entrusts responsibility for the monitoring process to a partner or partners or other
persons with sufficient and appropriate experience and authority in the firm to assume that
responsibility.
The monitoring process is focused on completed engagements where the audit report has
already been signed and is often referred to as a 'cold' review.
82

Part 3 ISA 220: Quality Control for Audits of Historical
Financial Information
ISA 220 applies the firm-wide quality control principles in ISQC 1 specifically to individual
audits of historical financial information.
Part 4 ISA 220: Role of the engagement partner

Under the standard the engagement partner is responsible for:
1. Overall quality control of the audit engagement.

2. Evaluation of compliance with ethical requirements and independence.
3. Acceptance and continuance of client relationships and specific audit engagement.
4. Assignment of an engagement team with the appropriate capabilities, competence
and time.
5. Direction, supervision and performance of the audit engagement in compliance with
professional standards and regulatory and legal requirements.
6. Ensuring appropriate consultation is undertaken on difficult or contentious matters;
and
7. Ensuring that an engagement quality control review is undertaken for audits of
financial statements of listed entities and resulting issues discussed before the
auditor's report is issued.
Part 5 Conclusion
$ Quality control is a fundamental issue for all audit firms.
$ The main source of guidance for firms in relation to quality control comes from ISQC
1 which details the specific elements of a system of quality control.
$ ISA 220 provides additional guidance by applying ISQC 1 to specific engagements.
REVISION
(a) Audit firm as a whole (ISQC1)
Quality Control levels
(b) Level of individual audits (ISA 220)
Answer the following questions:
Indicate the objective of the quality control policy:
83

Briefly discuss the typical issues that form part of the audit firm’s quality control policy
84

STUDY PRELIMINARY ENGAGEMENT
UNIT 4.1 ACTIVITIES
relevant auditing standard, namely: ISA 210, 220 and ISQC1.
! briefly state the reasons why an auditor would perform engagement activities
! name the method of obtaining the engagement activity information as well as the
sources from which it will be obtained
! State the necessity and the minimum steps of establishing a letter of engagement
! State the preconditions of an audit
! Name at least five circumstances that will lead to the issuance of a new engagement
letter of a recurring audit
! Discuss in detail the steps required for setting the terms of the engagement
! State some of the procedures to gather “preliminary engagement” information
! Briefly explain the considerations you would have to apply when complying to ISA 220
and ISQC1, when it comes to considering the appointment of a new or existing client
! State what are some of the considerations you would have to evaluate whether you
would accept a new business client or continue a business relationship with an existing
client
85

Preliminary engagement activities are relevant whether it be for prospective clients (new
clients), or considering the continuation of existing clients. In both cases the auditor has to
ensure that compliance with ISA 220 – “Quality control for an audit of financial statements” is
met. This includes ensuring that appropriate procedures have been conducted regarding the
acceptance and continuance of client relationships in order to ensure that the decision
made, whether to continue/enter with the client relationship or terminate the relationship, is
appropriate.
Remember that the audit firm is like a business. If that business belongs to you, you would
most likely not want to enter into a business relationship that could result in non-payment of
your services, or worse a law suit. Thus in the same light you would consider as an audit firm
whether you would want to enter into (or continue with an existing client) a business
relationship.
Part 1 Prospective clients

These clients are ‘new’ clients and the audit firm would have to gather enough background
information to determine whether they would want to enter the relationship. So what are
some of the reasons we would wish NOT TO ENTER into a business relationship?
% Clients’ management may appear to lack integrity, be unethical

% The audit firm would not want to be associated with the ‘industry’ or nature of
business, e.g. pornographic industry etc.
% The Client may have a reputation that they result in lawsuits with the auditors,
whether disagreements or other
% Matters relating to the audit fee, where the client may not want to pay the fee
as quoted (not a wise business decision)
% The firm may not have the competence and resources necessary to service
the client
% The client does not apply an appropriate generally accepted accounting
framework (e.g. as IFRS)
Part 2 Continuance with an existing client

The same principles as indicated above need to be considered when we evaluate the
existing relationship with a client.
Part 3 Compliance with standards

So what does ISA 220 and ISQC1 require of the audit firm? Remember that this is applicable
to audit firms that perform audits and reviews the financial statements, etc. The minimum
requirements are the following:
1. As an audit firm, we must consider the integrity of the clients’ main owners, key
management and those charged with governance. We would look at client matters
such as:
1.1. Their business reputation of those noted above
1.2. Their business practices
1.3. The clients’ attitude toward paying audit fees
86

1.4. The identity and business reputation of related parties
2. As an audit firm we need to ask ourselves are we competent enough and do we

have the necessary resources to perform the engagement, consider matters such as:
2.1. Do we have knowledge of the clients’ industry and the necessary experience of
the related and relevant regulatory and reporting requirements?
2.2. Do we have the necessary technical skills & competence (or access to such
skills/competence?)
2.3. Do we have the necessary resources (e.g. staffing, hardware, software)
3. Can we as the audit firm comply with ethical requirements? We would evaluate
matters such as:
3.1. Any (potential) conflicts of interest between the firm and the client.
3.2. Are there any threats to independence of the firm, the engagement partner,
engagement team and the client? Have adequate safeguards been put in place?
3.3. Are there any other situations that may lead to the contravention of the Code of
Professional conduct?
The last point indicates matter that are of a concern under Study Unit 2, the code of
Professional Conduct.
Part 4 Procedures to gather “preliminary engagement

information”
So what are some of the activities we need to conduct to gather information during the
preliminary engagement stage of the audit?
& In order to be in compliance with the Code of Conduct, we need to communicate with
the previous auditor.
& We need to hold discussions with staff and key management of the client, i.e. senior
financial personnel, audit committee etc.
& Hold enquiries with the clients’ bankers, lawyers on any matters we may need to be
made aware of. (Remember in this case it is important to seek permission from the
client beforehand before these are contacted)
& Conduct background searches on the clients
& Review any other documentation that is available by the prospective client, whether
made public or provided by them
& Enquire & analyse whether the firm (and its staff) and the client is independent (see
above)
Part 5 Establishing the terms of the engagement

Why would we have to establish the terms of the engagement? It formalises the terms of the
engagement. It provides a written form of communication of expectations and deliveries
required under the contract so as to avoid misunderstanding and disgruntled relationships.
Sometimes the client may misunderstand the nature of the engagement, and this letter
serves to avoid such misunderstandings.
87

The engagement letter, as it is called, should detail the following:
! The objective of the engagement " should be explicitly stated

! Responsibilities of both parties
! Scope of the audit
! Inherent limitations of the audit
! Confirm Auditor’s independence
! Management’s responsibility to prevent Reportable Irregularity (Fraudulent Activities)
! Significant weakness in internal control will be brought to the attention of
management
! Where appropriate other parties will be involved, e.g. experts
! Any other services rendered, e.g. Tax compliance services
! The name of the designated auditor
! Pre-determined arrangements regarding meetings to be held, stock counts etc.
! Audit deadline
! Basis of fee computation and invoicing arrangements
This letter, once signed by the client, provides confirmation of agreeing to the terms and
conditions of the agreement.
The relevant ISA is ISA 210 – Agreeing the terms of audit engagements, states that “the
auditor shall agree the terms of the audit engagement with management or those charged
with governance”. This translates that it is the right of the auditor to determine how the audit
will be conducted.
Study the sections and steps carefully in the book in Chapter 6, subsection 1.
With each requirement test your understanding by adding an example.
SUMMARY - STUDY UNIT 6.1

Engagement activities:
Reasons Obtaining information Sources of information
"Limit risk unacceptable ! Risk assessment activities ! Previous auditor

clients ! Evidence of ! Client management and
"Complying with quality enquiry/analytical review staff
control policy ! Third parties
"Complying with ! Media
regulatory/ethical requirements ! www./ Internet
Steps to the engagement activities:
Step (1) Client Investigation " Refer to self-assessment question below
88

! Personnel resources and availability
! Knowledge and experience of staff
! Industry of client
Step (2) Requirements for skill & competence " ! Reporting requirements
! Use of experts
! Use of other auditors
! Use CAATs
Step (3) Issuing of engagement letter (ISA 210)
REVISION
You are a partner in the auditing firm MKP Incorporated. The directors of NW Build
approached you to perform their audit in future. The company is a wholesaler in building
material.
During a meeting with the directors of the company, they informed you that they are not
satisfied with the existing auditors, as they failed to identify an error in the creditors during
the previous audit. You explained to them that an audit can only provide reasonable
assurance that financial statements are free of material misstatement.
You have already, as part of your procedures with regard to engagement activities,
determined that MKP Incorporated possesses the necessary knowledge and skill to perform
NW Build’s audit.
Name the additional procedures that you will perform as part of your engagement activities
to determine whether or not you should accept the audit of NW Build
89

ANSWER:
1. Consider the independence of the auditor.

2. Consider the integrity of the client.
2.1. integrity and business reputation of client’s shareholders/key management
2.2. nature of client’s operations
2.3. attitude of management with regard to controls
2.4. client’s financial position
3. Communication of predecessor auditor for new client
3.1. Enquire whether existing auditor has been informed of change
3.2. Enquire whether existing auditor has obtained permission of client to discuss
matters with new auditor
3.3. Contact existing auditor with client’s permission – professional objections to
engagement
4. Financial responsibility of client
5. Legal procedures in respect of the engagement compliance with Companies Act
6. Determine the terms of engagement and issue an engagement letter.
90

STUDY
UNIT 4.3
PLANNING
! indicate the purpose and result of audit planning;

! indicate the advantages of audit planning;
! briefly discuss the matters that are discussed in the overall audit strategy;
! in a case study, identify the aspects that will affect the scope, timing and focus of the
audit respectively, with reasons for your choices;
! name the matters that will form part of the audit plan;
! discuss the purpose of obtaining knowledge of the business;
! name the aspects on which knowledge must be obtained;
! briefly discuss the procedures (risk assessment procedures) that the auditor will
perform to obtain knowledge of the business;
controls;
! name the matters that will affects the control environment;
! briefly discuss what an entity’s risk assessment procedures entail;
! name examples of internal control procedures;
91

! briefly explain what business risk is;
effect on audit procedures;
! in a case study, distinguish between matters that will affect inherent vs control risk;
! briefly describe the considerations of the auditor when assessing the risk of material
misstatement;
! name examples of matters that will affect the risk of material misstatement of financial
statement level;
! name examples of matters that will affect the risk of material misstatement at assertion
level;
! explain what is meant by a significant risk as well as the minimum matters that an
auditor will consider to determine whether or not a risk is material;
! define materiality;
! explain the relationship between materiality and audit risk;
! describe the stages of the audit process when determining materiality and its purpose;
! distinguish between factual-, judgemental- and projected misstatement
! state some of the procedures required to be performed on the Financial Statements
! state the purpose of ISA 330
! state the duty of the auditor of events occurring after the Balance sheet date
92

Part 1 Introduction
ISA 300 – “Planning an audit of financial statements”, states that it needs to be the objective
of the auditor to “plan the audit so that it will be performed in an effective manner”.
So if we think what planning means, it means to organise, strategize, propose, design. In

other words, planning means you must spend time thinking about how the audit will be
performed, on what will you spend your time, who will do the job, who will review their work,
when will you meet with what key leaders in the business etc. The more effective planning is
done, the more likely the audit will be effective and efficient. Thus it is the requirements of
ISA 300 that the engagement partner and other key members of the audit team must be
involved in the planning process as their experience and insight will provide valuable input in
the planning process.
The document in which this is formulated is called an audit strategy and audit plan, of which
we will look at more detail later. These documents are not fixed, in other words as the
circumstances change on an audit, the plan/strategy can be amended as it becomes
necessary.
You can imagine that before we create an audit strategy or plan, we need a great deal of
information about the client before we can formulate our approach. We have to obtain an
understanding of the client and its business before we can formulate a response to the risks
assessed for the audit.
So as part of our planning process we need to gather information, assess that information as
to say is it risky, not risky, are we willing to accept the risk, or do we have to do something
about it. If you think what risk means, it means hazard, threat or danger, it does not mean
something DID actually go wrong, it just means something CAN POTENTIALLY go wrong.
So in the context of auditing, that entails financial and control risks. Our responses to those
risks assessed are our audit procedures. Using our terminology, that would mean assessing
the risk of material misstatement at assertions level and overall Financial Statement level
and creating a document in which our response to that risk is laid out. The audit strategy
encompasses responses primarily to the risk of material misstatement at overall Financial
Statement level. The audit plan primarily encompasses responses to the risk of material
misstatement at the assertion level.
93

Overview of the planning process
Information-gathering stage
Stage 1, Understanding the entity and its environment
Information-analysis stage
Stage 2, Assess the risk of material misstatement in the financial statements
Stage 3, Determine materiality
Documentation stage
Stage 4, Establish the overall audit strategy
! Characteristics engagement; scope of audit

! Reporting objectives – timing of audit
! Significant matters – focus of audit
! Consider results of engagement
! activities
! Identify resources needed for audit
Stage 5, Develop an audit plan
Material accounts
- Identify & assess risk of material misstatement
- Detailed audit approach for separate accounts
- Organisational aspects
Non-material accounts
- Analytical substantive procedures
Part 2 The overall audit strategy

The overall audit strategy sets the scope, timing and direction of the audit. It guides firstly the
development of the audit plan. The audit strategy must take place before we can start
considering the audit plan. It is like the strategic plan of the audit before laying out the detail
of execution.
94

Refer to a structured representation of the Overall audit strategy and its considerations:
Overall audit strategy

1. Characteristics of engagement (defines its scope)
! Financial reporting framework

! Industry aspects/components (e.g. characteristics of the client, are they listed
on the JSE/NSX?, What are the listing requirements and the King 3 reporting
requirements)
! Other auditors
! Specialised knowledge
! Work of internal auditors
! - Effect IT
2. Reporting objectives (defines its timing)
! Deadline for completion

! Communication with other auditors/experts
! Availability of data for CAATs
! extent & complexity of computerisation
3. Significant factors (defines its direction)
! Materiality
! Risk assessment on Financial Statement level (F/S Level), presence of
significant risks
! Impact of the assessed risk of Material misstatement on our direction,
supervision and review , e.g. high risk at F/S Level may require more
experienced staff assigned
! Management’s attitude towards controls
! Volume of transactions
! Significant developments in business
4. Consider results of pre-engagement activities (Information is gathered during the pre-

engagement activities therefore we need to consider whether there would be anything that
would influence our strategy/plan.)
5. Determine nature, timing & extent of resources necessary to perform engagement
(This is when we evaluate and form our audit plan)
Part 3 The audit plan itself

The difference between the overall audit strategy and the audit plan is that the audit plan is
similar to the audit strategy but is in more detail setting out the audit procedures per account.
95

As the audit plan lays out the audit procedures, these make up tests of control and
substantive procedures, yet professional judgment and experience play a pivotal role as it
lays out the detailed response to our initial risk assessment.
The audit plan encompasses the nature, timing and extent of our audit.
ISA 300 requires that the audit plan must contain at least the following:
# A description of the nature, timing & extent of the planned risk assessment
procedures.
# A description of the nature, timing and extent of planned further audit procedures
at the assertion level for each material class of transactions, account balance and
disclosure
# Any other audit procedures which may be required to comply with the ISAs
# A plan regarding the nature, timing & extent of the direction, supervision and
review of the audit team.
Audit Plan
Material Accounts
! Identify and assess risk of material misstatement on assertion level (inherent

risk and control risk)
! Detailed audit approach for separate accounts
! Combined/substantive approach
! Nature, scope and time of audit procedures
! Organisational issues
Non-Material Accounts
! Analytical substantive procedures
Part 4 Materiality
In order to determine what is material or immaterial (non-material), we have to ask the
question: “What is material?” This is done during stage 2 of the audit, see above.
Part 5 Planning and conducting risk assessment

procedures
ISA 315 requires that the risk of material misstatement be identified and assessed at F/S
level and at assertion level
So far the auditor has gathered information on various aspects of the client. Now he will
consider whether what he knows about the client will lead him to believe that there is a risk
of material misstatement of the AFS, i.e. the auditor will evaluate the effect that any identified
weaknesses will have on the Financial Statement assertions.
96

You need to understand first what audit risk is, in other words what is a relevant risk;
relevant to the audit. Audit risk is defined as the risk that an inappropriate opinion on the
financial statements are issued. (This can either be an unmodified opinion, whereas the
financial statements are indeed materially misstated, or vice versa)
There are three components that make up audit risk:
1. Inherent risk " This is a ‘built-in’ risk in the financial statements. Implemented
controls have no impact on this.
2. Control Risk " These are risks that relate to the function and design of the internal
control environment, refer to unit 3.1.
3. Detection Risk " This risk is the risk that the auditor may not detect a material
misstatement resulting in issuing an inappropriate opinion
The auditor assesses the risk by performing risk assessment procedures to form an
understanding of the level of risk involved on the client. This is called risk of material
misstatement. This is the risk that something, due to certain factors, can be materially
misstated. Our response thereto is to conduct audit procedures.
There is an inverse relationship between Inherent Risk, Control Risk and Detection Risk. If
Inherent Risk (IR) and Control Risk (CR) are high, the detection risk MUST be set at low.
This is affected by means of ensuring we perform a quality audit, in other words effectively
planning the audit so as to reduce the risk of material misstatement (IR & CR) to an
acceptable level. (Thus the risk that something material remains undetected is reduced).
The Risk of material misstatement, under the auditor’s control, consists only of the Inherent
risk and the Control risk. The detection risk is not under his/her control.
E.g. an account balance was arrived at using complex calculations. The internal controls
implemented around that account don’t address the problem of the complex calculations.
What is the verdict? The risk of material misstatement is high due to the ‘complex
calculations’ – thus there is an increased likelihood of a misstatement (error) as the
calculations are complex (difficult). The auditor is aware of the matter because of good
planning, thus he/she is able to design audit procedures to address the matter. It is in his/her
control.
Audit risk is assessed at 2 levels:
1. At the overall financial statement level

a. I.e. risk relates to financial statements pervasively. These risks affect
the financial statements as a whole which filters down to the account
balances and totals that make up the financial statements. (E.g. If
management lack integrity, they may attempt to manipulate the account
balances and totals to suit their own purposes)
i. Integrity, experience, knowledge of management
ii. Unusual pressures on management, e.g. bonuses, going concern
iii. Nature of the entities business, e.g. significant related parties that may
influence the financial reporting
iv. Possibility of many misstatements
97

v. Potentially affects many different assertions
b. Auditor’s response will be general in nature
i. Assigning staff with appropriate levels of experience and skills
ii. Providing more supervision to audit staff
iii. Elements of unpredictability (surprise) into the audit
iv. Changes to the way the audit is conducted
c. Impacts on the overall audit strategy
2. At the assertion level
a. Auditor is concerned with the material misstatement of the financial
statements → assertion level (Each account, e.g. Expenses, Sales has a
set of Assertions that are applicable, so this risk is the risk that occurs at this
assertion level, at the most basic level of the financial information)
i. Susceptibility to misstatement – high estimation
ii. Geographic extent of a business
iii. Foreign exchange contracts, i.e. foreign purchases/sales
iv. Degree of judgment or complexity of transactions
v. Etc.
b. Auditor develops procedures to respond to assessed levels of risk
i. The audit plan is the first stage in the development of audit procedures
ii. I.e. Audit risk at the assertion level impacts on the audit plan i.e.
nature, timing and extent of procedures
More detailed examples on risk indicators are available in Chapter 7 of the Auditing Notes
Book.
Study the information carefully in the book in Chapter 6, subsection 3.
Part 6 Planning further audit procedures based on the risk

assessment
Some general observations relating to NATURE, TIMING AND EXTENT apply:
1. The nature of an audit procedure relates to its purpose (Test of Control or

Substantive Procedure?) AND its type (i.e. inspection, observation, inquiry
etc.)
2. Test of controls can only be carried out where the system is ‘worthy’ of being
tested, i.e. there is an expectation that controls are operating effectively
3. A single test of control is virtually never sufficient
4. If the auditor wants to conclude over the effective functioning of controls over
a period of time, the tests will have to be conducted at various times during
the period.
5. As mentioned before, tests of controls alone are not sufficient. Substantive
procedures need to be used in conjunction where the transaction, balances,
disclosures are material to provide sufficient appropriate evidence.
98

6. When significant risks are identified, substantive procedures must be
designed to specifically address the significant risks. (These must include test
of detail, not merely analytical procedures)
7. Closing procedures of the auditor must include,
a. Reconciling the annual financial statements (AFS) to the underlying
accounting records (that were audited).
b. Examining material journal entries and other adjustments made during
the period the AFS were prepared.
8. The timing of a test is predetermined by key dates of the audit
9. Generally speaking, the greater the risk of material misstatement, the more
extensive the testing will be.
Study this section and its background carefully in Chapter 6, subsection 3.
Also refer to and study the chart on page 6/14.
99

STUDY RESPONDING TO
UNIT 4.4 ASSESSED RISK
relevant auditing standard, namely: ISA 330, 315,500.
! State what are the types of audit procedures used to respond to the risk of material
misstatement
! Identify some of the overall responses at financial statement level
! State what are some of the additional audit procedures required to respond to
assessed risk
100

Part 1 Overall response at financial statement level
ISA 330 – “The auditors’ responses to assessed risk”, requires that the auditor design and
implement overall responses to the assessed risk of material misstatement at the financial
statement level, and needs to design further audit procedures to respond to the risk at
assertion level.
This means that the responses are primarily focused on addressing the pervasive impact of
risks at the overall F/S level, and then it is further directed at risk at assertion level. Thus the
overall responses are not really procedures but rather general actions to deal with the risk at
financial statement level.
Overall responses may be summarised as follows:
! Emphasises professional scepticism

! Assign more experienced staff with special skills or use experts
! Provide more supervision
! Incorporate elements of unpredictability into the audit procedures adopted (do things
in a manner which the client may not expect), e.g. surprise visits
! Make general changes to the nature, timing and extent of audit procedures
conducted in the past.
Part 2 Audit procedures to respond to the assessed risk of

material misstatement at the assertion level (further
procedures)
The procedures used to respond to the assessed risk of material misstatement at assertion
level form the major part of any audit. Remember, that assertions are the representations
applicable to the various account headings and classes of transactions that underlie the
financial statements. Thus our audit is structured to respond specifically to the risks relating
to the assertions, so as to reduce it to an acceptable level.
To achieve the above, he/she will make use of the tools in his/her toolbox, these are
recapped as follows:
! Inspection ! Recalculation
! Observation ! Analytical procedures
! Inquiry ! Re-performance
! External confirmation
101

Make sure you have remembered and studied the meaning of each of these
procedures.
ISA 500 – “Audit Evidence”, describes the types of procedures available.

There are various statements available in the ISAs that provide specific
guidance on a certain matter, yet the objective remains the same: To gather
sufficient, appropriate audit evidence.
Part 3 Other audit procedures carried out to satisfy the

requirements of the ISA’s
We must consider the requirements of the ISAs and what additional procedures are required
for purpose of planning, conducting and completing an audit. E.g. the risk assessment
procedures may reflect that there is no risk surrounding the going concern ability for the
company. This does not necessarily mean that the auditor can ignore the requirements of
ISA 570 – “Going Concern”. He/she must still gather sufficient, appropriate evidence to
support management’s decision to use the going concern assumption on the financial
statements. The same principle applies to other standards, such as ISA 260 & 265 –
“Communicating with those charged with governance and communicating deficiencies in
internal control”.
102

STUDY EVALUATING,
UNIT 4.5 CONCLUDING AND
REPORTING
relevant auditing standard, namely: ISA 330, 450, 700.
! distinguish between factual-, judgemental- and projected misstatement

! state some of the procedures required to be performed on the Financial Statements
! state the purpose of ISA 330
! state the duty of the auditor of events occurring after the Balance sheet date
103

ISA 700 – “Forming an opinion and reporting on financial statements, states that the auditor
should form an opinion on the financial statements based on an evaluation of the conclusion
drawn from the audit evidence gathered. This is determined at the completion stage of the
audit, this stage.
Part 1 Sufficient, appropriate evidence

ISA 330 – requires that the auditor needs to conclude on whether sufficient appropriate audit
evidence has been obtained to reduce the audit risk to an acceptable level.
If evidence was obtained that contradicts one another, the auditor needs to seek further
evidence in order to make an appropriate conclusion. If the auditor is unable to obtain
sufficient appropriate audit evidence, a qualified opinion or a disclaimer of opinion will have
to be issued.
Part 2 Uncorrected misstatements

Once the auditor has identified misstatements (errors), this is recorded as a ‘difference’. This
difference is that portion which differs between what the client ACTUALLY recorded and
what they SHOULD HAVE recorded. In other words, what has been reported and what
should have been reported (the corrected version) is the difference.
Remember a difference, or misstatement can occur for an amount (transaction), balance,

presentation or disclosure. This misstatement is often determined whether or not the
assertions as discussed earlier have been applied correctly.
There are 3 types of misstatements:
1. Factual misstatement " Those misstatements that have been specifically identified
and about which there is no doubt, whether subjective or objective
2. Judgemental misstatement" Are those misstatements where estimation is
involved. Its where the matter, whether estimate or policy is open for interpretation.
The professional judgment of the auditor and the judgment of the client differ. E.g.
creating an allowance for bad debts would require 20% of the total debtors plus a full
provision of those older than 90 days. The client may apply his judgement in this, yet
the auditor may believe that recoverability becomes questionable already at 60 days
overdue and may want to include all the debtors already at 60 days overdue. In other
words, the client’s assessment of the provision is lower than that of the auditor. But
each has exercised their judgement. (Yet if the accounting policy applied is applied
incorrectly, regardless of interpretation, it is a factual misstatement)
3. Projected misstatement" This is the auditor’s best estimate of an amount of
misstatement found in a sample taken from that population. (Refer to sampling
above, where the extrapolated amount would exceed our tolerable misstatement)
It is important to distinguish between the different types of misstatements as it will determine

how the auditor will react to each.
1. The factual misstatement" will allow more leverage with the client to ensure that
the client adjusts the AFS, where this is material. If it is not adjusted, it could modify
the audit report.
104

2. Judgemental misstatement" Less likely to request the client to adjust the AFS as
the misstatement was due to an element of interpretation/judgement.
3. Projected misstatement" " Due to the level of subjectivity involved in sampling it
reduces the capability of the auditor to argue adjustment to the AFS.
Remember requesting the client to adjust the AFS, will depend on the materiality levels
determined by the auditor.
Part 3 Applicable financial reporting standards

The auditor needs to evaluate whether the AFS have been prepared in all material respects
in accordance with the applicable financial reporting standards. The auditor needs to
evaluate whether,
! The AFS adequately disclose significant accounting policies selected & applied by
the client
! The Accounting estimates applied are reasonable (considering the auditors’
background knowledge of the client, its industry and business)
! The information presented, is it relevant, reliable, understandable and comparable?
! Are adequate disclosures provided " so that users can understand what happened
during the year
! Is the correct and appropriate terminology applied in the AFS
! Has compliance been met in terms of statutory requirements and regulation, e.g.
listing requirements?
! Do the AFS achieve fair presentation?
Part 4 Events occurring after the balance sheet date

All material events occurring after the balance sheet date and up to the date of the audit
report which may indicate the need for adjustment to, or disclosure in, the financial
information on which the auditor is reporting have been identified and dealt with.
The evaluations described above would usually be conducted by a senior member of the
audit team. The engagement partner would then consider, based on the audit evidence
gathered, what type of an audit opinion should be issued.
105

Auditing 1A STUDY GUIDE

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Auditing 1A STUDY GUIDE

Uploaded by

Copyright:

Available Formats

STUDY GUIDE

Centre for Open, Distance and e-Learning

Edited and Published by Centre for Open, Distance and e-Learning

University of Namibia, Windhoek

Author: Elize Heyns

Content Editor: Wanda Fourie

Centre for Open, Distance and e-Learning

FACULTY OF ECONOMIC AND MANAGEMENT SCIENCES | (CES)

FACULTY OF ECONOMIC AND MANAGEMENT SCIENCES | (CES)

FACULTY OF ECONOMIC AND MANAGEMENT SCIENCES | (CES)

Title and Surname Building and Telephone numbers and

! with regard to the audit profession in South Africa:

FACULTY OF ECONOMIC AND MANAGEMENT SCIENCES | (CES)

General overview Individual exercise

Study the indicated material in

Additional reading Practical example

Introductory remarks Outcomes

FACULTY OF ECONOMIC AND MANAGEMENT SCIENCES | (CES)

Calculate Determine a number by using a mathematical process.

Describe Give a detailed description of the nature or characteristics of something.

Define Give an accurate definition of a concept.

Illustrate Illustrate information diagrammatically.

List Provide only a list of names/facts that were asked.

Compare Indicate the differences/similarities between two different matters.

FACULTY OF ECONOMIC AND MANAGEMENT SCIENCES | (CES)

ASSIGNMENTS ARE INDIVIDUAL TASKS AND NOT GROUP ACTIVITIES. (UNLESS

It is also unacceptable to do somebody else’s work, to lend your work to them or to

FACULTY OF ECONOMIC AND MANAGEMENT SCIENCES | (CES)

Content of the Study Units

FACULTY OF ECONOMIC AND MANAGEMENT SCIENCES | (CES)

! briefly define the objectives of an audit of financial statements;

FACULTY OF ECONOMIC AND MANAGEMENT SCIENCES | (CES)

The objectives of this study Unit are laid out below:

Upon completion of this Study Unit you should be able to:

! briefly define the objectives of an audit of financial statements;

FACULTY OF ECONOMIC AND MANAGEMENT SCIENCES | (CES)

We will be looking at the first two questions in chapter 1.

Part 2 What is an auditor?

An auditor is appointed to give assurance on this financial information on which the

So what is an Auditor? The auditor provides assurance on the financial information.

What is Assurance? It enhances the degree of confidence of intended users; it enhances

FACULTY OF ECONOMIC AND MANAGEMENT SCIENCES | (CES)

What types of Auditors do we get?

All auditors are required to display minimum characteristics inherent in the

These will be dealt in greater detail in Study Unit 2.

Part 3 Why is there a need for auditors?

Ownership Ownership entails having an interest/investment in a business. It includes havin

Management involves the administrative side of a business/asset or venture.

FACULTY OF ECONOMIC AND MANAGEMENT SCIENCES | (CES)

As such credibility and reliability of information is enhanced. This assists stakeholders to

Appointing an auditor raises accountability, in that the company is held accountable.

! More efficient accounting controls

Part 4(a) Assurance and non-assurance engagements

So what is the difference then?

FACULTY OF ECONOMIC AND MANAGEMENT SCIENCES | (CES)

Is an engagement in which the professional

(1) 3 party relationship

1. Professional Accountant " the

2. Responsible party " the Directors

3. Intended users " the shareholders

(2) A subject matter

These are usually over which the objective of

(3) sufficient appropriate evidence

This is evidence that is required to make a