Auditing and Assurance-Pdf-1

CPA
CERTIFIED PUBLIC ACCOUNTANTS
PART II
SECTION 4
AUDITING AND ASSURANCE
STUDY TEXT
CONTENT
10.1 Assurance engagements

- Definition and objectives
- Elements of an assurance engagement
- Types of assurance engagements
- Levels of assurance and reports
- Non-assurance engagements
10.2 Nature and purpose of an audit

- Nature and objectives
- Audit as an assurance engagement
- Development of audit (early audit and modern audit)
- Types of audit and limitations
10.3 Legal framework and regulation

- Regulatory framework within which external audits take place
- Statutory regulations; auditors' liability, appointment, removal, remuneration,
resignation, rights and duties of auditors
- International standards on auditing and other regulations
- Professional ethics/code of ethics for professional accountants
- Fundamental principles, threats and safeguards, other professional guidelines on
audit fees, conflict of interest, advertising and opinion shopping
10.4 Planning and risk assessment

- Obtaining clients acceptance and retention
- Understanding the entity and its environment
- Audit planning, audit programmes and documentation
- Assessing audit risks
- Errors, fraud and other irregularities
10.5 Overview of forensic accounting

- Nature, purpose and scope of forensic accounting
- Types of forensic investigations: Corruption, asset misappropriation, financial
statement fraud, others
- Fraud prevention and deterrence
10.6 Internal control systems

- Internal controls theory and practice
- Evaluation of internal control system and test of control
- Communication on internal control system (management letter)
- Information technology threats and control
www.masomomsingi.co.ke Contact: 0728 776 317 Page 2

10.7 Audit evidence

- Financial statement assertions and audit evidence
- Audit evidence procedures/techniques
- Audit sampling and other means of testing
- The audit of specific items (income/expenses/assets/liabilities)
- Using the work of others (internal audit and experts)
- Computer assisted audit techniques
10.8 Overall audit review

- Subsequent events review
- Going concern review
- Contingencies and commitments
- Management representations
- Quality control and review
- Role of auditors in receiverships and liquidation
10.9 Audit reports

th
- 7 Schedule provisions on audit reports
- Basic elements
- Types of opinions
- Emphasis of master paragraph
- Features of audit reports
10.10 Auditing in the Public Sector

- Introduction to auditing in the Public Sector; regulatory provisions
- Establishment, mandate and functions of public sector auditors; Kenya National Audit
Office (KENAO) and similar national audit bodies
- Role of internal audit function in public entities
- Relationship between external and internal auditors in the public sector
- International Standards on Supreme Auditing Institutions
10.11 Emerging issues and trends

CONTENT
TOPIC PAGE
1. Assurance engagements………………………………………………………………..5
2. Nature and purpose of an audit………………………………………………………12
3. Legal framework and regulation………………………………………………….….31
4. Planning and risk assessment…………………………………………………………66
5. Overview of forensic accounting…………………………………………………….113
6. Internal control systems…………………………………………………….…….…..125
7. Audit evidence……………………………………………………………….….……..139
8. Overall audit review……………………………………………………….………….193
9. Audit reports…………………………………………………………….….…………211
10. Auditing in the Public Sector………………………………………………...….…..224
Revised on: November 2019

TOPIC 1
ASSURANCE ENGAGEMENTS
DEFINITION AND OBJECTIVES

The term assurance refers to the expression of a conclusion that is intended to increase the
confidence that users can place in a given subject matter or information. For example, an
auditor‘s report is a conclusion that increases the confidence that users can place in a
company‘s financial statements.
Audit engagement refers to audit performed by an auditor. It is the very first stage of an audit
procedure where the client is notified by the auditor that the work pertaining to audit has been
accepted by him/her and also provides clarifications with regard to the scope and purpose of
audit. To be more specific, audit engagement can be referred to the written letter that the auditor
uses to notify the client that he/she would be engaging in auditing services. Thus, the audit
engagement procedure is basically a negotiation based on professional terms that takes place
between prospective customer and a public accounting entity. This procedure is used for finding
new customers and offer accounting related services to different businesses.
The auditor uses the term ‗audit engagement‘ when the entity has to undergo the auditing
procedure. This could imply varied things and therefore it is necessary that the auditor clarifies
what she/he exactly means by the term. Irrespective of the definition followed by the auditor,
he/she makes it a point to follow certain specific guidelines and procedure for offering the
services.
Full Engagement
Audit engagement consists of several steps that basically revolve around planning,
substantiation, control testing and finalization. The very first step involves providing a letter to
the client reminding him about the audit. Once the client has been contacts, both the auditor and
client meet with each other to determine how, why and when the auditing would take place. In
addition to this, the client also needs to provide the auditor with relevant resources for
conducting the procedure smoothly. Following this, the auditor carries out surveys to find out
more about the organization and its controls. This is followed by testing of controls and
garnering of as much detail and information as is possible. On the basis of the results and
information, the auditor prepares a temporary draft and shares the same with client. Once the
client has gone through the draft report, he responds to the recommendations and findings made
in it. After this, the auditor prepares a final audit report and may also request the client to fill a
survey form to better understand his/her performance. The audit is completed after a follow up
meeting with client, which usually happens within 6 months.

Objectives of the Practitioner

A practitioner is an the individual(s) conducting the engagement (usually the engagement
partner or other members of the engagement team, or, as applicable, the firm) by applying
assurance skills and techniques to obtain reasonable assurance or limited assurance, as
appropriate, about whether the subject matter information is free from material misstatement
In conducting an assurance engagement, the objectives of the practitioner are:
a) To obtain either reasonable assurance or limited assurance, as appropriate, about
whether the subject matter information (that is, the reported outcome of the
measurement or evaluation of the underlying subject matter) is free from material
misstatement;
b) To express a conclusion regarding the outcome of the measurement or evaluation of the
underlying subject matter through a written report that clearly conveys either reasonable
or limited assurance and describes the basis for the conclusion; and
c) To communicate further as required by relevant ISAEs.
In all cases when .reasonable assurance or limited assurance, as appropriate, cannot be

obtained and a qualified conclusion in the practitioner's assurance report is insufficient in the
circumstances for purposes of reporting to the intended users, the ISAEs require that the
practitioner disclaim a conclusion or withdraw (or resign) from the engagement, where
withdrawal is possible under applicable laws or regulations.
NON-ASSURANCE ENGAGEMENTS
Non-assurance Engagements
If an engagement lacks the five elements of assurance engagements, it is considered non-

assurance (residual definition). Examples of non-assurance engagement are the following:
1. Agreed-upon procedures
2. Compilations engagements
3. Preparation of Income tax returns where no conclusion conveying assurance is
expressed
4. Management advisory services and Consulting
5. Engagement that includes rendering of professional opinions not intended to be an
assurance report
Elements of Assurance Engagements
There are five elements that must all be present in order to qualify the engagement as an
assurance engagement.
1. A three-party relationship involving a practitioner, a responsible party, and intended

users;
2. An appropriate subject matter;
3. Sufficient appropriate evidence;
4. Suitable Criteria;
5. A written assurance report in the form appropriate to a reasonable assurance

engagement or a limited assurance engagement.
Appropriate Subject Matter
The subject matter and the subject matter information of an assurance engagement can take
many forms, such as:
Financial performance or conditions

Non-financial performance or conditions
Physical characteristics
Systems and Processes
Behavior
An appropriate subject matter is
Identifiable and capable of consistent evaluation or measurement against the identified

criteria
Capable of being subjected to procedures for gathering sufficient appropriate evidence
to support a reasonable assurance or limited assurance conclusion, as appropriate
Sufficient Appropriate Evidence
Sufficiency is the measure of the quantity of evidence

o The quantity of evidence needed is affected by the risk of the subject matter
being materially misstated.
Appropriateness is the measure of the quality of evidence, that is, its relevance and
reliability
o The reliability of evidence is influenced by its source and by its nature, and is
dependent on the individual circumstances under which it is obtained.
o Generalization about the reliability of evidence – evidence is more reliable if:
  Obtain from independent source outside the entity

 Generated internally when the related controls are effective

 Obtained directly by the practitioner than indirect or by inference

 Exist in documentary form

 Provided by original documents

Merely obtaining more evidence may not compensate for its poor quality
The auditor should consider the cost of obtaining the usefulness of the evidence.
Suitable Criteria
The following are the characteristics of a criteria to be considered suitable:

Relevance – contribute to conclusions that assist decision-making by the intended
users.
Completeness – the relevant factors that could affect the conclusions are not omitted.
Includes benchmarks for presentation and disclosure
Reliability – allows reasonably consistent evaluation or measurement of the subject

matter including where relevant, presentation and disclosure, when used in similar
circumstances by similarly qualified practitioners
Neutrality – free from bias
Understandability – contribute to conclusions that are clear, comprehensive, and not
subject to significantly different interpretations
TYPES OF ASSURANCE ENGAGEMENTS
1. As to level of assurance:
i. Reasonable Assurance – the objective is a reduction in assurance engagement
risk to an acceptably low level as the basis for a positive form of expression of a
practitioner‘s conclusion. (e.g., audit of historical financial statements)
ii. Limited Assurance – the objective is a reduction in assurance engagement risk
to a level that is acceptable in the circumstances of the engagement, but where
the risk is greater that for a reasonable assurance engagement, as the basis for a
negative form of expression of the practitioner‘s conclusion. (e.g., review of
historical financial statements
2. As to structure of engagement:
i. Assertion-based – the evaluation or measurement of the subject matter is
performed by the responsible party, and the subject matter information is in the
form of assertion to the intended users.
ii. Direct Reporting – the practitioner either directly performs the evaluation or
measurement of the subject matter, or obtains a representation from the
responsible party that has performed the evaluation or measurement that is not
available to intended users. The subject matter information is provided to the
intended users in the assurance report.
Importance of Assurance Engagements
1. Potential bias in providing information

2. Remoteness between a user and the organization
3. Complexity of the transactions, information, or processing systems
4. Investors need to manage their risk and thereby minimize financial surprises as
consequences to investors, and others, of relying on inaccurate information can be quite
significant.
Limitations of Assurance Engagements
1. Use of selective testing (sampling)

2. Use of judgment
3. Inherent Limitations of internal control
4. Persuasive evidence rather than conclusive evidence
5. Characteristics of the subject matter
LEVELS OF ASSURANCE` AND REPORTS

There are broad ranges of assurance engagement and each has distinct differences depending
on the assurance requirements as follows:
Review engagement: The auditor provides a moderate level of assurance that the information
subject to review is free from material misstatement. This is expressed in the form of negative
assurance. Agreed-upon procedures: The auditor simply provides report of the actual findings,
so no assurance is expressed. Users of the report must instead judge for themselves the auditors'
procedures and findings and draw their own conclusions from the auditors work. Compilation
engagement: Users of compiled information gain some benefit from the accountant's (as
opposed to the auditor's) involvement, but no assurance is expressed in the report.
REPORTS
The practitioner forms a conclusion on the basis of the evidence obtained, and provides a
written report containing a clear expression of that conclusion that conveys the assurance
obtained about the subject matter information.
Assurance Standards establish basic elements for assurance reports.
In an attestation engagement, the practitioner's conclusion can be worded either:
a. in terms of a statement made by the measurer or evaluator, that is, the party responsible
for measuring or evaluating the underlying subject matter (for example: — In our
opinion the responsible party's statement that internal control is effective, in all material
respects, based on XYZ criteria, is fairly statedil); or
b. In terms of the underlying subject matter and the criteria (for example: —In our
opinion internal control is effective, in all material respects, based on XYZ criteriall).
In a direct engagement, the practitioner's conclusion is worded as for (b) above, that is
in terms of the underlying subject matter and the criteria.
Can the practitioner’s conclusion be worded in terms of:

The underlying subject A statement made by the
matter and the criteria? measurer or evaluator who
is not the practitioner?
Attestation yes yes
engagement
Direct engagement yes No
(the practitioner is the
measurer or evaluator in a
direct engagement, so there
is no statement made by
another party)

 In a reasonable assurance engagement, the practitioner's conclusion is expressed in the

form that conveys the practitioner's opinion on the outcome of the measurement or
evaluation of the underlying subject matter, for example: —In our opinion internal
control is effective, in all material respects, based on XYZ criteria. This form of
expression conveys —reasonable assurance. Having performed procedures of a nature,
timing and extent that were reasonable given the characteristics of the underlying
subject matter and other relevant engagement circumstances described in the assurance
report, the practitioner has obtained sufficient appropriate evidence to reduce
 engagement risk to an acceptably low level.
 In a limited assurance engagement, the practitioner's conclusion is expressed in a form
that conveys that, based on the procedures performed, nothing has come to the
practitioner's attention to cause the practitioner to believe the subject matter
information: is materially misstated, for example, —Based on our work described in
this report, nothing has come to our attention that causes us to believe that internal
control is not effective, in all material respects, based on XYZ criteria. This form of
expression conveys a level of —limited assurance that is commensurate with the level
of the practitioner's procedures given the characteristics of the underlying subject
 matter and other engagement circumstances described in the assurance report.
 The practitioner may choose a —short form or —long form style of reporting to
facilitate effective communication to the intended users. —Short-form reports
ordinarily include only the basic elements. —Long-form reports include other
information and explanations that are not intended to affect the practitioner's
conclusion. As well as the basic elements, long-form reports may describe in detail the
terms of the engagement, the criteria being used, findings relating to particular aspects
of the engagement, details of the qualifications and experience of the practitioner and
others involved with the engagement, disclosure of materiality levels, and, in some
cases, recommendations. Whether to include any such information depends on its
 significance to the information needs of the intended users.
 The practitioner's conclusion on the subject matter information is clearly separated
from any emphasis of matter, -findings, recommendations or similar information
included in the assurance report, and the wording used makes it clear that findings,
recommendations or similar information is not intended to detract from the
 practitioner's conclusion.
 The practitioner's conclusion is modified when the following circumstances exist and,
in the practitioner's professional judgment, the effect of the matter is or may be
 material: .
a. There is a limitation on the scope of the practitioner's work. The practitioner
expresses The practitioner is unable to obtain sufficient appropriate evidence in
the context of the engagement, in which case a scope limitation exists and a
qualified conclusion or a disclaimer of conclusion is expressed depending on-
how the materiality or pervasiveness of the limitation is. In some cases the
practitioner considers withdrawing from the engagement.
b. When:

i. The practitioner's conclusion is worded in terms of a statement made by the

measurer or evaluator, and that statement is incorrect, in a material respects;
or
ii. The practitioner's conclusion is worded in terms of the underlying subject
matter and the criteria, and the subject matter information is not free from
material misstatement.
In such cases, a qualified or adverse conclusion is expressed, depending on the materiality and
pervasiveness of the matter
A qualified conclusion is expressed as being —except for the effects, or possible effects. of the
matter to which the qualification relates.
In those cases where the practitioner's unqualified conclusion, would be worded in terms of a
statement made by the measurer or evaluator, and that statement has identified and properly
described that the subject matter information is materially misstated:
a. A qualified or adverse conclusion worded in terms of the underlying subject matter and
the criteria is expressed; or
b. If specifically required by the terms of the engagement to word the conclusion in terms
of statement made by the measurer or evaluator, an unqualified conclusion is expressed
but emphasizes the matter by specifically referring to it in the assurance report.
If it is discovered after the engagement has been accepted, that the criteria are unsuitable or the
underlying subject matter is not appropriate for an assurance engagement.
a. A qualified conclusion or adverse conclusion is expressed depending on how material
or pervasive the matter is, when the unsuitable criteria or inappropriate underlying
subject matter is likely to mislead the intended users; or
b. A qualified conclusion or a disclaimer of conclusion is expressed depending on how
material or pervasive the matter is, in other cases.
In some cases the practitioner considers withdrawing from the engagement.
A qualified conclusion is expressed when the effects, or possible effects, of a matter are not so
material or pervasive as to require an adverse conclusion or a disclaimer of conclusion. A
qualified conclusion is expressed as being —except for the effects, or possible effects, of the
matter to which the qualification relates.

TOPIC 2
NATURE AND PURPOSE OF AN AUDIT
NATURE AND OBJECTIVES
Definition of an Audit:
An audit is the independent examination of an expression of an opinion on the financial
statements of an economic entity by appointed auditor in pursuance of that appointment and in
compliance with any relevant statutory obligation
The objective of an audit is to enable the auditor express an opinion whether financial
statements show a true and fair view of the company state of affairs in accordance with an
identified financial reporting framework.
The purpose of an audit is not to provide additional information but rather it is intended to
provide the users of the accounts with assurance that the information provided to then by
directors is reliable. However, the users should not assume the auditor‘s opinion is one to
efficiency with which management has conducted the affairs of the entity.
Financial statement: According to the Companies Act, the company accounts refers to the
balance sheet and the profit and loss account but due to development in business practice and
shareholders information needs, these are inadequate as to the information regarding financial
position and performance of the company. Since most balance sheets and profit and loss
accounts are summarized statements amplified by notes to the statements, the business
community and the accountancy profession require that a cash flow statement as well as a
statement of changes in equity be prepared. The terms company accounts and financial
statements have the same meaning.
Financial Reporting framework: According to International Auditing Standards (ISA 200, the
framework of international standards of auditing), financial statements are usually prepared
and presented annually and are directed at common informational needs of a wide range of
users.
Many of the users rely on the financial statements as their major source of additional
information to meet their specific information needs. Therefore financial statements need to be
prepared in accordance with one or combination of:
International Financial Reporting Standards (IFRS)or IASs
National accounting standards
Any other authoritative and comprehensive financial reporting framework designed for
use in financial reporting and is identified in the financial statements. In Kenya the
financial reporting framework adopted is as prescribed by IFRS.

Scope of-the Audit
 The auditor's opinion on the financial statements deals with whether the financial
statements are prepared, in all material respects, in accordance with the applicable
financial reporting framework: Such an opinion is common to all audits of financial
 statements.
 The auditor's opinion therefore does not assure, for example, the future viability of the
entity nor the efficiency or effectiveness with which management has conducted the
affairs of the entity. In some jurisdictions, however, applicable law or regulation may
require auditors to provide opinions on other-specific matters, such as the effectiveness of
internal control, or the consistency of a separate management report with the financial
 statements.
 While the ISAs include requirements and guidance_ in relation to such matters to the
extent that they are relevant to forming an opinion on the financial statements, the
auditor would be required to undertake further work if the auditor had additional
responsibilities to provide such opinions.
STAGES OF AN AUDIT
The suggested audit approach is designed to gather sufficient and reliable evidence to support
the audit opinion in the most efficient and effective way and to enable the engagement team to
fully understand the client's business. There is no difference between an audit of a large and a
small entity except that the procedures adopted may differ depending on the particular
circumstances of each audit
i. Preliminary Engagement Activities
ii. Planning
iii. Execution
iv. Review and Completion
i) Preliminary Engagement Activities

At the Pre-planning stage, the engagement partner ensures that:
- The client acceptance and continuation procedures have been carried out;
- The terms of engagement have been agreed in writing;
- The quality control aspects for the assignment have been reviewed including review of
the competency of the team to carry out the assignment, review of compliance with the
ethical requirements, including review of the independence requirements.
Planning
Planning is an essential component in focusing the audit efforts. The key components of
Identifying the scope of the assignment
Developing an audit strategy taking into consideration the scope of the engagement; the
business and the regulatory environment in which the entity operates; entity specific issues
including reliance on the work of internal audit; reporting objectives, timing of the audit and
the nature of communication required; matters affecting the direction of the audit including
preliminary setting of materiality levels, preliminary review of risk including fraud risk,
preliminary review of internal control including the control environment, the process adopted
by the entity to identify, measure, monitor and control risks.
- Developing, based on the above, the overall audit plan detailing the nature, timing and
extent of the audit procedures to be performed in order to reduce the audit risk to an
acceptably low level; the nature of tests to be adopted; procedures to be adopted at the
assertion level; and tailoring the audit programmes.
- Ascertaining the nature and the extent of the resources required to perform the audit.
iii) Execution
- The key components of the execution stage are:
- Carrying out the test of controls and substantive tests on transactions and balances
including substantive analytical procedures to obtain sufficient and appropriate audit
evidence to enable the engagement team to draw reasonable conclusions on which to
base the audit opinion.
- Evaluating significant assumptions used in fair value measurement to determine the
reasonableness of the basis used and the disclosures.
- Identification of related parties and obtaining sufficient and appropriate audit evidence
in respect of measurement and disclosure of related party transactions.
- Documenting the nature, timing and extent of the audit procedures performed and the
results and conclusions drawn from the audit evidence obtained
While pre-printed forms and programmes are available in the Manual, the extent and the
timing of the tests should be tailored to the specific assignment. Different tests and different
levels will be appropriate for each assignment. The control of the audit at this stage must be
maintained by a senior team member with the appropriate experience and expertise.
iv) Review and Completion

The review and completion procedures focus on ensuring that sufficient and appropriate
evidence has been obtained to support the audit opinion. This involves ensuring that:
- All outstanding matters have been cleared.
- Consultations on difficult or contentious matters have been documented and adequately
resolved and conclusions therefrom implemented.
- Analytical procedures have been performed to form a conclusion on whether the
financial statements taken as a whole are consistent with the firm's knowledge of the
business.
- Where other appropriate audit evidence cannot be reasonably obtained, written
management representations have been obtained on areas material to the financial
statements.
- Review has been carried out of any material uncertainty relating to events or conditions
that n g may exist which alone or in aggregate cast a significant doubt on the
entity's ability to continue as a going concern.
- There is evidence that the engagement team has considered and confirmed that the
financial reporting framework adopted by the entity is suitable, and that the financial
statements comply with the framework as to both recognition and measurement and
presentation and disclosure. In the context of Kenya, this in most cases will be the
IFRS's.
- The engagement partner has reviewed the audit file and is satisfied that sufficient and
appropriate evidence has been obtained to support the conclusions derived and the audit
opinion to be issued. As much of the audit evidence obtained is persuasive rather than
conclusive, absolute certainty is rarely obtainable and .therefore the engagement partner
should ensure that the audit risk is reduced to the lowest level possible.
- Where applicable, sufficient and appropriate procedures have been performed to identify
subsequent events tip to the date of the audit report and ensure that all items that require
adjustment or disclosure in the financial statements have been appropriately dealt with:
- Where appropriate, an engagement quality .control review has been undertaken and all
the issues arising from the review have been fully dealt with and cleared with the
reviewer.
- At the end of each audit, the engagement team is de-briefed, the audit objectives set out
for the assignment have been achieved and that the engagement team has gained
experience from the assignment which will enhance their personal development.
Though not covered by the terms of audit engagement, the engagement team may, as part of the
audit process carry out a business review of the key issues facing the entity and take a strategic
look at the business and at areas where the firm can add value to the entity. In providing other
value added services, the firm and in particular the engagement partner should be conscious of
the independence requirements of the code of ethics
AUDIT AS AN ASSURANCE ENGAGEMENT
It is often not possible to check things for yourself, whether quality, accuracy, performance or
existence.
You might not have the skills or the time, or you might be in the wrong location. Therefore
you must rely on someone else to give you assurance. This means you have to decide:
- What standards should be applied?
- What represents 'good', 'acceptable' or 'unacceptable?
- How much checking should be done? All checking and assurance has an associated cost
Audit is one form of assurance

An audit is defined as: the independent examination of and expression of opinion on the
financial statements of an entity by a duly appointed auditor in pursuit of that appointment.
The important words here are 'independent' and 'opinion'. Independence is essential and
underlies the value of auditing.
Opinion really means that one auditor could look at a set of financial statements and disagree
with the opinion of another auditor.
Judgment is essential to all auditing, there are no certainties and there are no certifications of
correctness or accuracy.

DEVELOPMENT OF AUDIT (EARLY AUDIT AND MODERN AUDIT)

A review of the historical development of auditing has shown that the objective of auditing and
the role of auditors are constantly changing as they are highly influenced by contextual factors
such as the critical historical events (e.g. the collapsed of big corporations), the verdict of the
courts, and technological developments (e.g. advancement of computing systems and CAATs).
It can be observed that any major changes in these contextual factors are likely to cause a
change in the audit function and the role of auditors. As a result, auditing is seen to be evolving
at all times.
However, it is important to note that the change in society's expectation and the response of the
auditing profession towards these changes are not always at the same pace. Hence there is a
natural time gap between the changing expectation of the users and the response by the
profession and due to this time gap there arises what has been stated as the expectation gap or
audit expectation gap. Even though the existence of such a natural time gap is inevitable,
auditors should be sensitive to the changing expectation of the relevant groups while at the
same time containing these expectations within the constraints of what is possible. There are
inevitably economic and practical limitations on what an audit can do, and this is something
which those who wish the benefit must understand.
The evolution of auditing practices
Prior to 1840
Generally, the early historical development of auditing is not well documented (Lee, 1994).
Auditing in the form of ancient checking activities was found in the ancient civilizations of
China, Egypt and Greece. The ancient checking activities found in Greece (around 350 B.C.)
appear to be closest to the present-day auditing.
Similar kinds of checking activities were also found in the ancient Exchequer of England.
When the Exchequer was established in England during the reign of Henry 1(1100-1135),
special audit officers were appointed to make sure that the state revenue and expenditure
transactions were properly accounted for. The person who was responsible for the
examinations of accounts was known as the "auditor". The aim of such examination was to
prevent fraudulent actions.
1840s-1920s
The practice of auditing did not become firmly established until the advent of the industrial
revolution during the period 1840s-1920s in the UK. According to Brown (1962), the large-
scale operations that resulted from the industrial revolutions drove the corporate form of
enterprise to the foreground. Large factories and machine-based production were established.
As a result, a vast amount of capital was needed to facilitate this huge amount of capital
expenditure. The emergence of a "middle class" during the industrial revolution period provided
the funds for the establishment of large industrial and commercial undertakings. However, the
share market during this period was unregulated and highly speculative. As a consequence, the
rate of financial failure was high and liability was not limited. Innocent investors were liable for
the debts of the business. In view of this environment, it was apparent
that the growing number of small investors was in dire need of protection (Porter, et al, 2005).
Hence, the time was ripe for the profession of auditing to emerge (Brown, 1962). In response
to the socio-developments in the UK during this period, the Joint Stock Companies Act Was
passed in 1844. The Joint Stock Companies Act stipulated that "Directors shall cause the
Books of the Company to be balanced and a full and fair Balance Sheet to be made up". In
addition the Act provided the appointment of auditors to check the accounts of the company.
However, the annual presentation of the balance sheet to the shareholders and the
requirement of a statutory audit were only made compulsory in .1900 under the Companies
Act 1862 (UK).
According to Porter, et al (2005) the accountant particularly in the early years of this period, was
normally the company manager and his duties were to ensure proper use of the funds entrusted
to him. The auditors during this period were merely shareholders chosen by their fellow
members. The auditors during this period were required to perform complete checking of
transactions and the preparation of correct accounts and financial statements. Little attention was
paid to internal control of the company.
1920s-1960s
The growth of the US economy in the 1920s-1960s had caused a shift of auditing developthent
from the UK to the USA. In the years of recovery following the 1929 Wall Street Crash and
ensuing depression, investment in business entities grew rapidly. Meanwhile, the advancement
of the securities markets and credit-granting institutions had also facilitated the development of
the capital market in this period. As companies grew in size, the separation of the ownership and
management functions became more evident. Hence to ensure that funds continued to flow from
investors to companies, and the financial markets function smoothly, there was a need to
convince the participants in the financial markets that the company's financial statement
provided a true and fair portrayal of the relevant company's financial position and performance.
In view of the economic condition, the audit function was mainly to provide credibility to the
financial statements prepared by company managers for their shareholders. Consensus were
generally achieved that the primary objective of an audit function is adding credibility to the
financial statement rather than on the detection of fraud and errors.
The concept of materiality and sampling techniques were used in auditing during this period.
The development of material Concept and sampling technique was due to the voluminous
transactions involved in the conduct of business by. large corporations operating in.
widespread locations., It is no longer practical for auditors to verify all the transactions.
Consequently, sampling and the development of judgment of materiality were essential. The
major characteristics of the audit approach during this period included:
i. Reliance on internal control of the company and sampling techniques were used;
ii. Audit evidence was gathered through both internal and external source;
iii. Emphasis on the truth and fairness of financial statements;
iv. Gradually shifted to the audit of Profit and Loss Statement but Balance Sheet
remained important; and
v. Physical observation of external and other evidence outside the "book of account"

1960s to 1990s
The world economy continued to grow in the 1960s-1990s. This period marked an important
development in technological advancement and the size and complexity of the companies.
Auditors in the 1970s played an important role in enhancing the credibility of financial
information and furthering -the operations of an effective capital market. The duties of
auditors. among others, were to affirm the truthfulness of financial statements and to ensure
that financial statements were fairly presented.
Hence, the role of auditors with regard to the audit of financial statement generally remained
the same as per the previous period.
Despite the overall audit objectives remaining similar, auditing had undergone some critical
developments in this period. In the earlier part of this period, a change in audit approach can be
observed from "verifying transaction in the books" to "relying on system". Such a change was
due to the increase in the number of transactions which resulted from the continued growth in
size and complexity companies where it is unlike for auditors to play the role of verifying
transactions. As a result, auditors in this period had placed much higher reliance on companies'
internal control in their audit procedures. Furthermore, auditors were required to ascertain and
document the accounting system with particular consideration to information flows and
identification of internal controls. When internal control of the company was effective, auditors
reduced the level of detailed substance testing. In the early 1980 there was a readjustment in
auditors' approaches where the assessment of internal control systems was found to be an
expensive process and so auditors began to cut back their systems work and make greater use of
analytical procedures. An extension of this was the development during the mid-1980s of risk-
based auditing. Risk-based auditing is an audit approach where an auditor will focus on those
areas which are more likely to contain errors. To adopt the use of risk-based auditing, auditors
are required to gain a thorough understanding of their audit clients in term of the organization,
key personnel, policies, and their industries. Hence, the use of risk-based auditing had placed
strong emphasis on examining audit evidence derived from a wide variety of sources, i.e. both
internal and external information for the audit client. Most of the companies in this period had
introduced computer systems to process their financial and other data, and to perform, monitor
and control many of their operational and administrative processes. Similarly, auditors placed
heavy reliance on the advanced computing auditing tool to facilitate their audit procedures. In
addition to the auditing of financial statement, auditors at the same time were providing advisory
services to the audit clients.
1990s-present
The auditing profession witnessed substantial and rapid change since 1990s as a result of the
accelerating growth at the world economies. It can be observed that auditing in the present day
has expanded beyond the basic financial statement attest function. Present-day auditing has
developed into new processes that build on a business risk perspective of their clients. The
business risk approach rests on the notion that a broad range of the client's business risks are
relevant to the audit. Advocates of the business risk approach opined that many business risks,
if not controlled, will eventually affect the financial statement. Furthermore by understanding
the full range of risks in businesses, the auditor will be in a better position to identify matters of
significance and relevance to the audit profession on a timely basis. Since the early 1990s, the
audit profession began to take increased responsibility to detect and report fraud and to
assess, and report more explicitly, doubts about an auditee's ability to continue in conformance
with society's and regulators' increasing concern about corporate governance matters. Adoption
of the business risk approach in turn enhances auditor's ability to fulfill these responsibilities.
Presently, the ultimate objective of auditing is to lend credibility to financial and non-financial
information provided by management in annual reports; however, audit firms have been largely
providing consultancy services to businesses
Although the overall audit objectives in the present period remained the same, i.e. lending
credibility to the financial statement, critical changes have been made to the audit practice as a
result of the extensive 'reform in various countries. Such reform has implicated the auditing
profession in the following ways:.
i. The role of auditors is expected to Converge: refocusing on the public interest,
redefining -audit relationship, ensuring integrity of financial reports, separation of non-
audit function and other advisory services;
ii. The audit methods revert to basics i.e. risk attention, fraud awareness, objectivity and
independence, and.
iii. Increase attention on the needs of financial statement users"
TYPES OF AUDITS AND LIMITATIONS
• Audits can be classified into two broadways.

• According to terms of engagement i.e. nature of work done.
• According to the approach to the work to be done/ timing.
According to nature of work done, audits may be either statutory of private.
Statutory audits
These are carried out as per the requirements of various statutes e.g. Companies Act Cap 486
requires that all public limited companies to have their financial statements subjected to an
independent audit. The objective of the audit is to enable the auditor express an opinion
whether the financial statements have a true and fair view of the company‘s state of affairs.
The rights and duties of the auditor are laid down in the relevant statute. The powers of
appointment of the auditors are vested on the shoulders.
Private audits
These are not governed by statutes. They are performed by independent auditors because the
owners, members or interested parties require them carried out. Private audits are carried out for
organizations such as non governmental organizations, partnerships and clubs and among
others. Appointment of auditors is carried out as a private contract between the auditor and the
relevant shareholder. The scope and objective of the work as well as rights and duties of the
auditor are determined by the agreed terms between the auditor and the client. The auditor is not
liable to third parties.
According to approach of the work to be done, audits can be continuous, interim or final.
Continuous audits
This is an approach whereby an audit is carried out throughout the financial period usually at
predetermined intervals. This approach is ideal for large organizations with tight reporting
deadlines e.g. multinational banks. The approach ensures accounts are kept up to date, errors
and frauds are discovered in early stages and better audit reports are developed since more
time is taken.
However, this approach is expensive considering amount of time taken, has frequent
interruptions of client work and auditors‟ independence may be affected by their continuous
presence at clients premises.
Interim audits
This is an audit carried out halfway through the financial period. It usually precedes the final
audit and is a preparation for the final audit. It is ideal for dynamic businesses, cheaper
compared to continuous audits and enhances keeping of up to date records.
Final audits
These are usually done at the end of the year as either a continuation of the interim audit for
large and medium size companies or as a single audit for small companies at end of financial
period.
Other types of audits
Procedural audits - These require examination of procedures or records for reliability and
accuracy. They usually relate to company‘s internal control systems, laid down guidelines and
procedures and records of the company.
Management audits -These involve investigation of the company‘s entire management to

ascertain whether the directors are running the company in the most optimal way for the
benefit of the shareholders. It improves quality and efficiency of management in addition to
checking the budgetary system.
Balance sheet audits - This tests the strength of internal control system by working
backwards to get the initial transactions using assertion methodology.

Internal Audit
Management upon realizing the advantages of an audit have established within the company
„an independent activity to examine and evaluate the organizations risk management process
and systems of control and to make recommendations for the achievement of the company‘s
objective‟ . This activity is called internal auditing. The duties of internal audit personnel are:
• Reviewing the economic efficiency and effectiveness of the company‘s operations.

• Reviewing the company‘s compliance with external laws and regulations and
internal policies and procedures.
• Reviewing and advising the management on development of key organizational
systems and implementation of major changes.
The focus of internal auditing is adding value to an organization through improvement in risk
control.
In 1999, the institute of internal auditors (IIA) defined internal auditing as „an independent
objective assurance and consulting activity designed to add value and improve an
organization‘s operations, help it achieve its objective and improve the effectiveness of risk
management, control and governance process.
Aspect Internal Auditing External Auditing

Objectives The main objective is to advice management The objective is to provide an
on whether organization has sound internal opinion as to whether or not
control systems to protect it against loss. the financial statements show
a true and fair view
Of the company‘s state affairs.
Legal basis Internal auditing is not a legal requirement It is a legal requirement for
but corporate governance advises and limited liability companies and
recommends that a company should have an public bodies to have their
internal audit department. accounts audited.
Scope It covers all areas of organization i.e. It has a purely financial focus.
operational as well as financial.
Approach It is increasingly risk based. The approach is Its increasingly risk based as it
to assess risks, evaluate systems of control only tests underlying
and test operation of the systems and finally transactions that form having
make recommendations for improvement. of financial statements.
Responsibility The responsibility is to advise and make The Responsibility is to form

recommendations on an opinion on whether
internal controls and corporate governance financial statements show a
true and fair view.

Scope & Objectives of Internal audit function
This depends on the size and structure of the entity and the responsibility assigned to it by
management. Ordinarily these would include:
Review of accounting internal control systems. The management is responsible for
establishing internal control system. The system requires proper attention and
continuous review, a function usually assigned to internal audit. Internal Audit function
designs a plan on areas and control procedures that will be reviewed during the financial
year.
Carrying out examination of financial and operational information. This may include
detailed testing of transactions and operation procedures.
Review of the economic efficiency and effectiveness of operations including non
financial controls of the entity.
Review of company‘s compliance with external laws and regulation. The internal audit
functions checks whether procedure are in place to ensure that all relevant laws and
regulations are adhered to.
Review of entity‘s compliance with management policies and other internal
requirements.
Carrying out independent investigations into company affairs as required by
management e.g. investigation areas of suspected fraud or misuse of company‘s
resources.
Similarities between internal audit and external audit

Both auditors are concerned about the strength and proper functioning of the internal
control system. The internal auditor is concerned it is his or her responsibility while the
external auditor is concerned as he or she relies on the strength of internal control system
to carry out systems based audits.
Both auditors have as part of their duties to ensure that the company adheres to all
relevant laws and regulations.
Both auditors interested in ensuring that the company keeps proper books of records.
The internal auditor uses the company accounts to appraise the functioning of the
internal control system while external auditor uses them to collect audit evidence to
corroborate his audit opinion.
Both auditors are concerned about prevention and detection of errors and frauds. The
internal auditor ensures errors or frauds are prevented and detected by having strong
internal control system while the external auditor has the incidental duty of detecting
and preventing material errors and frauds which would otherwise distort the true and
fair view of the financial statements.
Both auditors have interest in safeguarding company assets. The internal auditor
through strong internal control system ensures safety of company‘s assets while
external auditor must ensure that company assets are safeguarded against theft and
misuse so that the true of fair view of financial statements is maintained.

External auditor’s reliance on work of internal auditor
Before deciding on whether to rely on work of internal audit function with the intention of
reducing audit procedures, the external auditor should evaluate the internal audit function to
determine the scope of the function its independence and the extent to which its work can be
relied on. In evaluating internal audit function, the external auditor considers the following
factors:
Organization status. Since internal audit function is part of the entity, it cannot be totally
independent. To aid in its independence, the internal audit function should report to the
highest level of management. The internal auditor should also be free from duties such as
accounting functions which may bring about conflict of interest. The internal auditor
should not have any restrictions upon him or her from management which could impair
effectiveness of doing his or her work.
Scope of the function. The external auditor should ascertain the nature and depth of
coverage of internal audit assignments. Also to be considered are the management
actions on the recommendations of internal auditor. In case the management does not
follow up on the recommendations, the external auditor must reduce his reliance on
work of internal audit function as this means it is weak.
Technical competence. The external auditor should assess the competence experience,
qualifications, technical training and proficiency of the staff members in the internal
audit function.
Due professional care. The external auditor should ascertain whether due professional
care has been observed in doing the work of the internal audit function e.g. whether
there were work plans, supervision and documentation of audit evidence in executing
internal audit functions.
Availability of resources. The external auditor should consider whether the internal
audit function has adequate resources to enable it carry out its functions as expected
e.g. adequate staff and time.
Advantages of Internal Audit function

It reinforces application of internal controls thus enables the company to operate in an
orderly and efficient way.
It prevents and detects errors and frauds through periodic comparison of budgets,
routine and surprise checks.
Assists management in implementation of company policies through reporting on
adherence or non adherence to laid down policies of the company.
Assists external auditor in highlighting areas of weaknesses in internal control system.
This reduces audit time for the external auditor and thus there is a saving on audit fees.
Assists the company in achieving its objective by ensuring that all laid down rules,
procedures and policies are followed e.g. adherence to budgets and forecasts assists in
decision making.
The internal audit function guards company‘s resources against theft and misuse
through proper functioning of the internal control system and periodic verification of
assets.
Limitations of an Internal Audit

The cost of installing and maintaining an internal audit function is high and in particular
for large companies as they may require highly qualified staff while for small companies
the department may not be justifiable.
If management ignores the recommendations of internal audit function, members of
internal audit function may be frustrated as errors and frauds may continue being
undetected.
Management may deny the internal audit function its due independence by assigning it
accounting duties or even management responsibilities.
If company operations are few or has complex technical aspects may limit the proper
functioning of the internal audit function.
The internal audit department may fail e.g. if it points out problems without giving
solutions or ignoring some departments within the company.
The internal audit may lack the necessary support from top level management if top
management views the function as not important.
Factors necessitating growth in Internal Audit

• Increase in business size. As business grow, it becomes more and more necessary to
have a function that checks all the increasing levels of internal control and operation.
• Dynamic technology– the frequent changes in technology has made some

companies to have their controls updated on a continuous basis. This calls for
constant feedback on controls requiring updating through use of expert advice for
internal audit function.
• Legislation and regulatory requirements. As the concept of corporate governance
becomes necessary in business management, the need of internal audit has
increased. Companies are now required by regulations to have audit committees to
oversee operation of controls within the company and to which the internal audit
function reports.
• Competition. High competition in business calls for efficient operations by
companies so as to survive. This can be achieved through strong controls and cost
effectiveness which is enhanced by internal audit.
Risk and Materiality (ISA 320 Materiality)
ISA 320 discusses the concepts of risk and materiality. An audit risk is the risk that an auditor
may give an inappropriate opinion i.e. an opinion that contradicts the true nature of the financial
situation of the company. Materiality plays a role in each of the following two stages.
a. Planning stage. (in planning what audit work should be done)

b. Reporting stage (in deciding what opinion to give.)
The international auditing and assurance standards board (IAASB) in its framework for
preparation and presentation of financial statement defines materiality as follows;
„information is material if its omission or misstatement could influence the decision of users
taken on basis of the financial statements.‟ Therefore materiality provides a threshold or cut
off point rather than being a primary qualitative characteristic which information must have if
it is to be useful.
ISA 320 further states a number of audit principles as follows:

• The auditor should consider materiality and its relationship to audit risk when
conducting an audit. If the auditor assesses the risk associated with an account balance
or internal control system to be high, it will be reflected in a lower level of materially
thus additional testing will be required.
• The objective of an audit is to enable the auditor express an opinion whether financial
statements are prepared in all material respects and in accordance with the identified
financial reporting framework. The auditor needs to establish an appropriate
materiality level so that quantitatively, material misstatements which are likely to
destroy the true and fair view of financial statements are identified.
• Materiality at planning stage is usually set at lower level than necessary in order to
reduce risk of undiscovered misstatements and to deal with the problem of having to
adjust materially at later date in light of evidence obtained.
• Materiality should be considered by the auditor when;
  Determining nature, timing and extent of audit procedures
 Evaluating effect of misstatements
The auditor should plan sufficient audit procedures so that he or she has reasonable
expectation of detecting material misstatements in financial statements. Any immaterial item
will not affect the truth and fair view of the financial statement and thus can be ignored.
Materiality and judgment
Auditors consider the following before appropriately testing whether an item is material or
not.
1. Qualitative aspects: these may include inadequate or inaccurate descriptions of an
accounting policy.
2. Cumulative effect of small amounts: small errors at a month end procedure could
individually be immaterial but continuous errors of this kind throughout the financial
year could be material.
3. Relatively of materiality. A figure of Kshs. 100,000 may be absolutely immaterial for a
large company but absolutely material for a small company. An amount must be
considered in relation to:
  Items on the overall financial statements level.

  Items at individual account balance or transaction level
 Legal and other disclosure requirements which may require disclosure regardless
 of the monetary value e.g. director‘s fees.
 The corresponding amount in the previous year
4. The degree of latitude allowable in deciding on the amount attributable to a particular

item. While some items such as director‘s fees are capable of an exact definition, others
such as depreciation and allowance for doubtful debts are at best an intelligent estimate.
In some countries e.g. US, the security exchange commission estimate materiality as
follows;
• Errors greater than 10% are material
• Errors between 5% and 10% may be material
• Errors below 5% are not material
5. In evaluating the true and fair presentation of financial statement, the auditor should
assess whether the aggregate of uncorrected misstatements that have been identified in
the audit is material. The auditor should reconsider all uncorrected misstatements and
check whether this total is material.
True and fair view

The true and fair view is a concept of the Companies Act. However, the Companies Act does
not define or even describe what is true and fair view. The companies Act requires that all
limited liability companies to appoint an auditor whose task is to express an independent
opinion as to whether financial statement show true and fair view of the financial performance
and position of the company. True and fair view implies that the financial statements are not
prejudicial to any user of the financial statements. Financial statements will present a true and
fair view if:
• They contain in all material respects with the disclosure requirement of the Company
Act and other relevant regulations.
• They contain material matter and not full of needless details.
• They are complete in every respect within the constraints of materiality and the
inevitable estimation of some items.
• The values attributed to the items in the financial statements are reasonable amounts
within a range in which if a major decision was taken on their basis the user would not
make a material error.
• The information contained therein is presented and disclosed without bias and all
relevant information for evaluation and decision making is available.
Assertion Methodology
In preparing financial statements which show true and fair view of the company‘s financial
position and performance, the management explicitly or implicitly makes certain assertions.
These assertions are categorized as:
i. Existence
ii. Completeness
iii. Occurrence
iv. Rights & obligation
v. Measurement
vi. Valuation, presentation and disclosure.
vii. Classification
viii. Cut-off
ix. Accuracy
x. Allocation
Existence
This is the assertion that an asset or liability exists at a given date. It is either true or not true
that an asset or liability reflected in the balance sheet was in existence at the balance sheet
date.
Rights and obligation

This is the assertion that an asset or liability in financial statements pertains to the entity at a
given date i.e. an asset is a right of the entity and a liability a genuine obligation of the entity.
Occurrence
This is the assertion that a transaction or event took place which pertains to the entity during
the financial period or that a recorded event or transaction actually took place as recorded and
it is a valid transaction pertaining the entity. It is either the transaction took place as recorded
or not.
Completeness
This is the assertion that there are no unrecorded assets, liabilities, transactions or undisclosed
items. It would suggest 100% completion and accuracy however, this is impossible under
accrual basis of accounting. The users of the financial statements do not expect 100%
completeness in financial statements but completeness within a certain range such that they can
still make justifiable decisions. This assertion is therefore assessed for reasonableness as some
transactions may be excluded if they are not material.
Valuation
This is the assertion that an asset or liability is recorded at an appropriate carrying value. It is
the most crucial assertion of all the assertions. In arriving at appropriate carrying value of an
asset or liability, the management considers.
1. Overall valuation basis. The management must consider the entity as a whole and make
an assessment whether it is appropriate to apply the going concern assumption in
preparing the financial statements. The basis of preparing financial statement when
entity is going concern is radically different from preparing financial statement on basis
that the entity is not a going concern.
2. Suitable accounting policies. In determining carrying amount of an asset or liability
appropriate accounting policies must be followed. The accounting policies must be in
line with the generally accepted accounting principles (GAAPs), appropriate to the
circumstances of the entity, applied consistently, be in conformity with entity‘s industry
practices and be adequately disclosed.
3. Desirable qualitative characteristics. The suitable accounting policy adopted must be
applied after taking into consideration the qualitative characteristics of materiality,
prudence and substance over form. Since it may subjective whether an entity is a going
concern or not, the accounting policy adopted can be subsequently subjective thus the
assertion of valuation can only be assessed for reasonableness.
Measurement
This is the assertion that a transaction or an event is recorded and proper amounts of revenue
and expense are allocated to the proper period for proper reporting purposes. Whether a
transaction brings into being an asset or liability, revenue or expense depends largely on the
capitalization policy of an entity i.e. the guidance as to what items are revenue items and
capital items.
The period in which a transaction took place may be influenced by management‘s desire to
reflect a given financial position. However, where revenue or expense of an item is spread
over more than one accounting period is called allocation rather than measurement and is a
component of valuation.
Presentation and disclosure

This is the assertion that an item is disclosed, classified and described in accordance with the
applicable financial reporting framework. The information in financial statements should be
presented without bias, be relevant to the needs of the users and meet qualitative
characteristics of understandability, relevance, reliability and comparability. This assertion is
not assessed for truth but rather adequacy or reasonableness.
In conclusion, truth and fairness of financial statements can be assessed on these seven
assertions i.e. the financial statements will reflect a true and fair view of company‘s financial
position and performance if the seven assertions are used as guidelines in preparing the
financial statements.
Classification
Are transactions recorded in appropriate accounts?
Cut-off
Are transactions recorded in appropriate period?
Accuracy
Are the amounts disclosed in the financial statements appropriate?
Allocation
Are account balances included in appropriate accounts?

THE USERS OF AUDITED FINANCIAL STATEMENTS AND AUDITOR REPORTS
The annual accounts and report are primarily prepared by the directors to the shareholders.
However, the following parties need financial statements.
1. Those parties with vested interests in a business.

- Employees.
- Creditors or suppliers
- Lenders and debenture holders
- The management
- The shareholders to whom the financial statements are addressed.
- Credit rating agencies.
2. Those with potential interests
- Potential shareholders
- Trustees
- Suppliers Customers
3. Those with representative interests

- Lawyers
- The government
- The general public.
4. Others
- Competitors
- Stock brokers
- Statisticians
- Financial journalists
- Trade unions.
Present and potential investors. These risk capital providers and their advisors are
concerned with the risk that is inherent in their investment. They need information to
help them determine whether they should buy more shares, hold on to the shares they
have or sell the shares they have.
Employees. These and their representative groups such as trade unions are interested
in information about the stability and profitability of their employers. They are also
interested in information which enable them assess the ability of the company to
provide adequate remuneration, retirement benefits and employment opportunities.
Lenders. These are interested in information that enables them determine whether their
loans and interests arising from the loans will be paid back when due.
Suppliers and other trade creditors. These users are interested in information that
enables them determine whether the amounts owing to them will be paid when due.
Their interest in the company is of shorter period than lenders while they are dependent
upon the continuation of the company as a major customer.

Customers. These have interest in information about the continuance of the company
especially when they have long term involvement and or are dependent as the company.
Government. The main interest of the government is allocation of resources. It also
requires information in order to regulate the activities of the enterprise, determine
taxation policies and obtain national income statistics.
Public. A company affects public in a variety of ways. A company may make
substantial contribution to the local economy by employing people and obtaining
supplies locally.
Financial statements assist the public in information on trends and recent developments
of the company in the economy.

TOPIC 3
LEGAL FRAMEWORK AND REGULATIONS
STATUTORY REGULATIONS
Auditor’s liability
Auditors are potentially liable for both criminal and civil offences. The former occur when
individuals or organizations breach a government imposed law; in other words criminal law
governs relationships between entities and the state. Civil law, in contrast, deals with disputes
between individuals and/or organizations.
Civil liability
Companies Act Section 206 of the provides that officers of the company and for these purposes
auditors are considered as officers may be liable for financial damages in respect of the civil
offences of misfeasance and breach of trust. This section which is only relevant to winding up
refers to a situation where officers have misused their position of authority for the purposes of -
personal gain e.g. if the auditor uses information acquired in course of an engagement for his
financial gain or for benefit of another party.
Criminal liability
Companies Act Section 46 of the states that an auditor shall be criminally liable if he 'willfully
makes a materially false statement in any report, certificate, financial statement with an
intention to deceive or mislead etc. Willfully implies fraudulently and can be difficult to prove.
Whereby, it is held that where an officer of a body corporate with intent to deceive members or
creditors, publishes or concurs in publishing a written statement of account which to his
knowledge is or may be misleading, false or deceptive in a material particular he shall on
conviction be liable to imprisonment for a term not exceeding 7 years.
Auditors may uncover criminal offences committed by a client or an employee of the client.
This puts them in a difficult position, but the auditor should act carefully and correctly and if-
necessary„ take legal advice. The auditor must not commit a criminal offence himself. It is felt
that he would have committed a criminal offence if:
a) He advises his client to commit a criminal offence;
b) Aids the client in devising or examining a crime;
c) If he agrees with a client to conceal or destroy evidence or mislead the police with 'false
statements;
d) If he knows that his client has committed an arrest able offence and tries to impede his
arrest and prosecution. Impede does not include refusing to answer questions or
refusing to produce documents without the client's consent;
e) If he knows that his client has committed an offence. and agreed to accept consideration
to withhold information;
f) If he knows that the client has committed treason and fails to report the offence to the
proper authority.
Case history
The application of the law of tort in the auditing profession, and the way in which auditors
seek to limit their exposure to the ensuing liabilities, has been shaped by a number of recent
landmark cases. The most notable of these are Caparo Industries Plc (Caparo) v Dickman
(1990) and Royal Bank of Scotland (RBS) vs Bannerman Johnstone MacLay (Bannerman)
(2002).
In the first case Caparo pursued the firm Touche Ross (who later merged to form Deloitte &
Touche) following a series of share purchases of a company called Fidelity plc. Caparo alleges
that the purchase decisions were based upon inaccurate accounts that overvalued the company.
They also claimed that, as auditors of Fidelity, Touche Ross owed potential investors a duty of
care. The claim was unsuccessful; the House of Lords concluded that the accounts were
prepared for the existing shareholders as a class for the purposes of exercising their class rights
and that the auditor had no reasonable knowledge of the purpose that the accounts would be put
to by Caparo.
It was this case that provided the current guidance for when duty of care between an auditor
and a third party exists. Under the ruling this occurs when:
the loss suffered is a reasonably foreseeable consequence of the defendant‘s conduct

there is sufficient ‗proximity‘ of relationship between the defendant and the pursuer,
and
it is 'fair, just and reasonable' to impose a liability on the defendant.
In the second case RBS alleged to have lost over £13m in unpaid overdraft facilities to insolvent
client APC Ltd. They claimed that Bannerman had been negligent in failing to detect a
fraudulent and material misstatement in the accounts of APC. The banking facility was provided
on the basis of receiving audited financial statements each year.
In contrast to Touche Ross, who had no knowledge of Caparo‘s intention to rely upon the
audited financial statements, Bannerman, through their audit of the banking facility letter of
APC, would have been aware of RBS‘s intention to use the audited accounts as a basis for
lending decisions. For this reason it was upheld that they owed RBS a duty of care. The judge
in the Bannerman case also, and crucially, concluded that the absence of any disclaimer of
liability to third parties was a significant contributing factor to the duty of care owed to them.
Decided legal cases have not been consistent on the issue of auditor's liability. Discussed
below are few, of the decided cases on auditors liability
V Crane Christmas & Co.

Majority (Lord Denning dissenting) decided that there could be no liability in the absence of a
contractual relationship. The decision was reached despite Candler having been induced to
invest money in the company on the strength of the accounts which were negligently prepared
by the company's auditors.
Hedley Bryne & Co Ltd V Heller 4 Partners Ltd

The judges took differed with the above Judgment. They were of the view that the case had
been wrongfully decided. They held that a certificate issued in the ordinary course of a bank's
business would be relied upon by the party to whom it is issued and the absence of a contract
did not constitute a valid defence in negligence claim against the bank.
The Counsel of the Institute of Chartered accountants in England and Wales (ICAEW) on their
part maintained that no third party liability would attach auditors if the financial statements they
have audited under the Companies Act are used without their knowledge or consent by
outsider's ill the investment context.
However it is importance to note that any loss traceable: to negligence of auditors would not
be easy to defend.
- Jeb Fasteners Ltd V Marks Bloom & Co in this case it was held that;
A duty of care was owed by defendant auditors (Marks Bloom & Co.) to the plaintiff.
The plaintiff in realizing the takeover decision had relied on the financial statements
and unqualified report of the auditors.
The accounts did not show a true and fair view of the company and were negligently
prepared.
Judgment would be given for the defendant auditors, but by reason only of the fact that
on the evidence before the court the plaintiff would have acted no differently and would
still have gone ahead to take over the company.
AUDITOR'S PROFESSIONAL LIABILITY UNDER ETHICAL STANDARDS
A member of ICPA K is guilty of professional misconduct if:

He allows any person to practice in his name as an accountant unless such a person is a
holder of a practicing certificate and lie is in partnership with him or employed by him.
He enters, for the purpose of or in the course of practicing as an accountant into
partnership with a person who does not hold a practicing certificate or secures any
professional business through the services of such a person.
He discloses information acquired in the course of professional engagement to any
person other than the client without the consent of the client or otherwise as required by
law.
He certifies or submits in his name or in the name of his firm, a report f an examination
of financial statements and the examination of such statements and related records have
not been made by him, a partner or any employee of his firm:
He fails to observe and apply professional, technical, ethical or any other standards
prescribed by ICPA K as guidelines for practice by members of the institute.
He permits his name or that of his firm to be used in connection with an estimate of
earnings contingent' upon future transaction in a manner which may lead to the belief
that vouches or guarantees for the accuracy of the forecast.
He expresses his opinion as financial statements of any business in which he, his
immediate family, his firm or any partner in his firm has an interest unless he discloses
that interest when expressing his opinion.
He fails to disclose in financial statements or otherwise, a material fact known to him

the disclosure of which is necessary to ensure that the financial statements are not
misleading.
He fails to report a material misstatement known to him and therefore causes it to
appear in financial statements with which he is concerned in a professional capacity.
He is found to engage in fraudulent acts or acts which result into loss.
He expresses an opinion on any matter with which he is concerned in professional
capacity without obtaining sufficient information on which to base his opinion.
He includes in any statement, return or form to be submitted to ICPA K knowing it to
be false in any particular matter.
is found to engage in any other fraudulent acts or fails to do any other act which may be
prescribed
QUALIFICATIONS, APPOINTMENT, DUTIES, RIGHTS AND DISMISSAL OF

AUDITORS APPOINTMENT OF AUDI TORS
Every company shall at each annual general meeting appoint an auditor or auditors to hold
office from the conclusion of that, until the conclusion of the next, annual general meeting.
At any annual general meeting a retiring auditor, however appointed, shall be deemed to be
reappointed without any resolution being passed unless —
a) he is not qualified for reappointment; or
b) a resolution has been passed at that meeting appointing somebody instead of him or
providing expressly that he shall not be reappointed; or
c) he has given the company notice in writing of his unwillingness to be reappointed:
Provided that where notice is given of an intended resolution to appoint some person or persons
in place of a retiring auditor, and by reason of the death, incapacity or disqualification of that
person or of all those persons, as the case may be, the resolution cannot be proceeded with, the
retiring auditor shall not be deemed to be automatically reappointed by virtue of this
subsection.
Where at an annual general meeting no auditors are appointed or are deemed to be
reappointed, the registrar may appoint a person to fill the vacancy.
The company shall, within seven days of the registrar's power becoming exercisable, give him
notice of that fact, and, if a company fails to give notice as required by this subsection, the
company and every officer of the company who is in default shall be liable to a default fine.
Subject as hereinafter provided, the first auditors of a company may be appointed by the
directors at any time before the first annual general meeting, and auditors so appointed shall
hold office until the conclusion of that meeting: Provided that—
i. the company may at a general meeting remove any such auditors and appoint in their
place any other persons who have been nominated for appointment by any member of
the company and of whose nomination notice has been given to the members of the
company not less than fourteen days before the date of the meeting; and
ii. If the directors fail to exercise their powers under this subsection, the company in
general meeting may appoint the first auditors, and thereupon the said powers of the
directors shall cease.
The directors may fill any casual vacancy in the office of auditor, but while any such vacancy
continues the surviving or continuing auditor or auditors, if any, may act.
Remuneration
The remuneration of the auditors of a company-

i. In the case of an auditor appointed by the directors or by the registrar remuneration may
be fixed by the directors or by the registrar as the case may be;
ii. Subject to note (i) above, shall be fixed by the company in general meeting or in such
manner as the company in general meeting may determine.
Any sums paid by the company in respect of the auditors' expenses shall be deemed to be
included in the expression "remuneration".
Provisions as to resolution relating to appointment and removal of auditors

Special notice shall be required for a resolution at a company's annual general meeting
appointing as auditor a person other than a retiring auditor or providing expressly that a
retiring auditor shall not be reappointed.
 On receipt of notice of such an intended resolution as aforesaid, the company shall
 forthwith send a copy thereof to the retiring auditor (if any).
 Where notice is given of such an intended resolution as aforesaid and the retiring auditor
makes with respect to the intended resolution representations in writing to the company
(not exceeding a reasonable length) and requests their notification to members of the
company, the company shall, unless the representations are received by it too late for it to
 do so
 and if a copy of the representations is not sent as aforesaid because received too late or
because of the company's default, the auditor may (without prejudice to his right to be
heard orally) require that the representations shall be read out at the meeting:
 Provided that copies of the representations need not be sent out and the representations
need not be read out at the meeting if, on the application either of the company or of any
other person who claims to be aggrieved, the court is satisfied that the rights conferred
by this section are being abused to secure needless publicity for defamatory matter; and
the court may order the company's costs on an application under this section to be paid
in whole or in part by the auditor, notwithstanding that he is not a party to the
application.
Disqualifications for appointment as auditor
- A person or firm shall not be qualified for appointment as auditor of a company unless
he, or in the case of a firm, every partner in the firm is the holder of a practising
certificate issued pursuant to section 21 of the Accountants Act.
- None of the following persons shall be qualified for appointment as auditor of a
company—
i. an officer or servant of the company;

ii. a person who is a partner of or in the employment of an officer or servant of the
company;
iii. a body corporate:
Provided that note (ii) above shall not apply in the case of a private company.
- References in this subsection to an officer or servant shall be construed_ as not
including references to an auditor.
- A person shall also not be qualified for appointment as auditor of a company if he is,
disqualified for appointment as auditor of any other body corporate which is that
company's subsidiary or-holding company-or a subsidiary of that company's_ holding
company, or would be so disqualified if the body corporate were a company.
- If any person who is not 'qualified so to act is appointed as auditor of a company such
person and the company and every officer in default shall each be liable to a fine not
exceeding four thousand shillings.
Auditors' report and right of access to books and to attend and be heard at general
meetings
- The auditors shall make a report to the members on the accounts examined by them,
and on every balance sheet, every profit and loss account and all group accounts laid
before the company in general meeting during their tenure of office.
- The auditors' report shall be read before the company in general meeting and shall be
open to inspection by any member.
- Every auditor of a company shall have a right of access at all times to the books and
accounts and vouchers of the company, and shall be entitled to require from the officers
of the company such information and explanation as he thinks necessary for the
performance of the duties of the auditors.
- The auditors of a company shall be entitled to attend any general meeting of the
company and to receive all notices of and other communications relating to any general
meeting which any member of the company is entitled to receive and to be heard at any
general meeting which they attend on any part of the business. of the meeting which
concerns them ,as auditors.
INTERNATIONAL STANDARDS ON AUDITING (ISAs)
International Standards on Auditing (ISAs) and International Ethics Standards
International Standards on Auditing (ISAs)
International Standards on Auditing (ISAs) are to be applied in the audit of historical financial
information.

ISAs are written in the context of an audit of financial statements by an independent auditor.
They are to be adapted as necessary in the circumstances when applied to audits of other
historical financial information.
Auditors must include in their report their opinion on whether the financial statements they
report on give a true and fair view. It is generally felt that in order for accounts to show a true
and fair view there must be compliance with the IAS. The auditor therefore must know and
understand the IAS / IFRS in detail.
Auditing students are also expected to know the IAS in detail because invariably, there will be
an examination question that requires this knowledge and students are advised to quote from the
IAS and state which of the IAS is relevant to their answer.
IASs are intended to be applied to all financial statements which show a true and fair view.
They set out the main assumptions underlying statements and they prescribe which accounting
policy should be used when more than one is possible.
They also specify disclosure requirements in many areas including the disclosure of
accounting policies. Again they are not intended to be a comprehensive code of rigid rules. It
is -recognized that such a code sufficiently elaborate to cater for all business situation and
circumstances and for every exceptional and marginal case is impossible.
International Ethics Standards

A uniform set of auditor independence standards would clearly provide a consistent
understanding among- investors, public authorities and others of the independence of auditors.
In principle, this should increase confidence in auditors' reports, at least as regards the
independence aspects. This is an important element of confidence in financial reporting, which
in turn is a vital element of capital markets and public confidence generally. Differing
independence standards may result in:
• Somewhat reduced choice in the audit market arising from the application of multiple
independence rules, including extraterritorial reach;
• Potential confusion among investors and other users of audit reports as to what exactly
it means to be independent;
• Higher costs for companies, audit committee, regulators and the profession;
• Greater risk of violations occurring as a result of having to apply different standards to
clients throughout a network, thus potentially undermining the credibility of the
profession; and
• The potential for the loss of confidence in assurance reports because of the "noise"
associated with technical violations that do not fundamentally impact independence.
A uniform set of auditor independence standards would bring consistency in practice through
more effective training and reduced complexity concerning the varying and differing impacts of
the existing range of standards improved compliance. It should also be more efficient for all
parties. Monitoring, quality control and inspection should be more effective and more cost
effective.
The International Ethics Standards Board for Accountants (IESBA) is an independent
standard-setting body that serves the public interest by setting high-quality ethical standards
for professional accountants and by facilitating the convergence of international and national

ethical standards, including auditor independence requirements, through the development of a

robust, internationally appropriate code of ethics
The International Ethics Standards Board for Accountants (IESBA) develops ethical standards
and guidance for use by professional accountants.
The International Ethics Standards Board for Accountants develops and issues in the public
interest high-quality ethical standards and other pronouncements for professional accountants
for use around the world. The IESBA. Code of Ethics for Professional Accountants and
Interpretations apply to all professional accountants, whether in public practice, in business,
education, and the public sector.
Fundamental Principles
The IESBA Code of Ethics requires accountants to adhere to five fundamental principles
1. Integrity -- a professional accountant should be straight forward and holiest in
performing professional -services.
2. Objectivity— a professional accountant should not allow bias, conflict of interest or
undue influence of others to override professional or business judgments.
3. Professional Competence andllue Care—a professional accountant has a continuing
duty to maintain professional knowledge and skill at the level required to ensure that a
client or employer receives competent professional service based on current
developments. A professional accountant should act diligently and in accordance with
applicable technical and professional standards when providing professional services.
4. Confidentiality—A professional accountant should respect the confidentiality of
information acquired as a result of professional and business relationships and should not
disclose any such information to third parties without proper and specific authority unless
there is a legal or professional right or duty to disclose. Confidential information
acquired as a result of professional and business relationships should not be used for the
personal advantage of the professional accountant or third parties.
5. Professional Behavior—a professional accountant should comply with relevant laws
and regulations and should avoid any action that discredits the profession.
The IESBA Code serves as the foundation for codes of ethics developed and enforced by
member bodies. No member body of IFAC or firm issuing reports in accordance with
International Auditing and Assurance Standards is allowed to apply less stringent standards
than those stated in the IESBA Code
Accountant's pronouncements
• Research and consultation —A project task force is ordinarily established with the
responsibility to develop a draft standard or interpretation. The task force develops its
positions based on appropriate research and consultation.
• Transparent debate —A proposed standard or interpretation is presented as an agenda
paper for discussion and debate at an International Ethics Standards Board for
Accountants meeting, which is open to the public.

• Exposure for public comment—Exposure drafts are placed on the International Ethics
Standards Board for Accountants' website and are widely distributed for public
comment. The exposure period is ordinarily' no shorter than 90 days.
• Consideration of comments received on exposure—the comments and suggestions
received as a result of exposure are considered at an International Ethics Standards
Board for Accountants meeting, which is open to the public, and the exposure draft is
revised as appropriate. If the changes made after exposure are viewed by the
International Ethics Standards Board for Accountants to be so substantive as to require
re-exposure, the document is reissued for further comment.
• Affirmative approval—Approval of exposure drafts, .re-exposure drafts, standards
and interpretations is made by the affirmative vote of at least two-thirds . of the
members Public Interest Oversight
• The Public Interest Oversight Board (PIOB) oversees the public interest activities
of IFAC. The objective of the PIOB is to increase confidence of investors and others
that such activities, including the setting of standards by the International Ethics
Standards Board for Accountants, are properly responsive to the public interest. PIOB
members are nominated by international institutions and regulatory bodies.
International Ethics Standards Board for Accountants Members

The International Ethics Standards Board for Accountants consists of a chairman and 17
volunteer members from around the world comprising representatives from IFAC member
bodies, practitioners in public practice and other individuals with an interest in the work of
the IESBA.
Members are appointed by the IFAC Board based on recommendations from the IFAC
Nominating Committee and are approved by the PIOB. A complete list of International Ethics
Standards Board for Accountants members along with their biographies is available on the
International Ethics Standards Board for Accountants'.
Relevance of international Accounting Standards and International Financial Reporting
Standards are:
Auditors must include in their report their opinion on whether the financial statements they
report on give a true and fair view. It is generally felt that in order for accounts to show a true
and fair view there must be compliance with the LAS / IFRS. There may be situations where
compliance with LAS / IFRS may result in a true and fair view not being given but this is rare.
S6 effectively, the auditor is being asked to give an opinion on- whether all IAS / IFRS have
been complied with in the preparation of the accounts he is auditing. The auditor therefore must
know and understand the IAS / IFRS in detail. Auditing students are also expected to know the
IAS / IFRS in detail because invariably, there will be an examination question that requires this
knowledge and students are advised to quote from the IAS / IFRS and state which of the IAS /
IFRS is relevant to their answer.
International Financial Reporting Standards are intended to be applied to all financial statements
which show a true and fair view. They set out the main assumptions underlying statements and
they prescribe which accounting policy should be used when more than one are possible.

They also specify disclosure requirements in many areas including the disclosure of
accounting policies. Again they are not intended to be a comprehensive code of rigid rules. It
is recognized that such a code sufficiently elaborate to cater for all business situation and
circumstances and for every exceptional and marginal case is impossible.
THE ROLE OF ICPAK AS A REGULATOR
Institute of Certified Public Accountants of Kenya (ICPAK)

ICPAK serves as the umbrella body that oversees the activities of qualified and registered
Certified Public Accountants (CPAs).
It is the statutory body mandated to develop and regulate the accountancy profession in Kenya
Its mandate includes:
 'Setting and enforcing standards of professional practice including accounting, auditing
 and ethical standards.
  Enforcing a programme of quality assurance for the audit profession..
 Monitoring ethical behavior and adjudicating- over eases involving indiscipline through
 the Statutory Disciplinary Committee.
 Providing for the Maintenance of competence by 'Updating members' knowledge
through publications of books, periodicals, journals and articles in connection therewith
 and the conduct of Continuing Professional Education.
  Providing solutions through which training of accountants can be improved. .
 To advise the Minister on matters relating to financial accountability in all sectors of
 the economy
  To promote the international recognition of the Institute.
 To advise the Examination Board on matters relating to examinations standards and
policies
ICPAK also acts as the profession's mouthpiece in Kenya and in this respect holds
membership in international accountancy organizations including:
  International Federation of Accountants (IFAC)
 Eastern, Central and Southern African Federation of Accountants (ECSAFA)
ICPAK is run through a Council of I 1 members, of who 10 are elected and 1 appointed by the
Ministry of Finance. ICPAK also plays active roles in national life by contributing in the
following ways:
 Public Finance Management- making recommendations to the Treasury on public
finance matters including taxation measures and improvement in expenditure
management.
 Regulatory linkages working closely with regulators in various sectors to promote good
corporate governance with particular reference to the integrity of the audit process. As
part of this, ICPAK is represented in decision-making organs of various regulatory
institutions including the Capital Markets Authority.
 Financial reporting and disclosure - ensuring that financial disclosure standards in Kenya
meet internationally recognized benchmarks. Among other things, ICPAK established the
Financial Reporting (FiRe) Award for excellence, an annual competition
that showcases best practice disclosures among Kenyan companies. The FiRe Award
competition is presently promoted jointly with the Capital Markets Authority and the
Nairobi Stock Exchange. It is now the leading competition in Kenya in this regard.
PROFESSIONAL ETHICS FOR AUDITORS
Introduction and Fundamental Principles

A member of a profession owes duty to the public including the employer, the profession itself
and to other members of the profession.
Professional ethics are rules of conduct that govern the behavior of an accountant. In Kenya,
they are issued by institute of Certified Public Accountants of Kenya (ICPA K) in form of
statements and explanatory notes. A professional accountant should act in a manner consisted
with the good reputation of the occupation and refrain from any conduct which might bring
discredit to the profession. The following are fundamental principles stated by ICPAK to
ensure auditors are credible people before they give credibility to financial statements.
A distinguishing mark of the accountancy profession is its acceptance of the responsibility to
act in the public interest. Therefore, a professional accountant's responsibility is not exclusively
to satisfy the needs of an individual client or employer. In acting in the public interest a
professional accountant should observe and comply with the ethical requirements of this Code.
A registered student is also expected to observe the ethical requirements of the Institute and
has the same right to consult the Institute as a member. He or she should still observe the
ethical requirements of the Institute during the period between successful completion of the
examinations and his or her admission to membership. This applies whether the student is an
associate or not.
Conceptual Framework Approach

The circumstances in which professional accountants operate may give rise to specific threats
to compliance with the fundamental principles. It is impossible to define every situation that
creates such threats and specify the appropriate mitigating action. In addition, the nature of
engagements and work assignments may differ and consequently different threats may exist,
requiring the application of different safeguards.
Conceptual frameworks that requires a professional accountant to identify, evaluate and address
threats to compliance with the fundamental principles, rather than merely comply with a set of
specific rules which may be arbitrary is, therefore, in the public interest. This Code provides a
framework to assist a professional accountant to identify, evaluate and respond to threats to
compliance with the fundamental principles. If identified threats are other than clearly
insignificant, a professional accountant should, where appropriate, apply safeguards to eliminate
the threats or reduce them to an acceptable level, such that compliance with the fundamental
principles is not compromised
A professional accountant has an obligation to evaluate any threats to compliance with the
fundamental principles when the professional accountant knows, or could reasonably be

expected to know, of circumstances or relationships that may compromise compliance with

the fundamental principles.
A professional accountant should take qualitative as well as quantitative factors into account
when considering the significance of a threat. If a professional accountant cannot implement
appropriate safeguards, the professional accountant should decline or discontinue the specific
professional service involved, or where necessary resign from the client (in the case of a
professional accountant in public practice) or the employing organization (in the case of a
professional accountant in business).
A professional accountant may inadvertently violate a provision of this Code. Such an
inadvertent violation, depending on the nature and significance of the matter, may not
compromise compliance with the fundamental principles provided, once the violation is
discovered, the violation is corrected promptly and any necessary safeguards are applied.
Threats and Safeguards

Compliance with the fundamental principles may potentially be threatened by a broad range of
circumstances. Many threats fall into the following categories:
a) Self-interest threats, which may occur as a result of the financial or other interests of a
professional accountant or of an immediate or close family" member;
b) Self-review threats, which may occur when a previous judgment needs to be re-
evaluated by the professional accountant responsible for that judgment;
c) Advocacy threats, which may occur when a professional accountant promotes a
position or opinion to the point that subsequent objectivity may be compromised;
d) Familiarity threats, which may occur when, because of a close relationship, a
professional accountant becomes too sympathetic to the interests of others; and
e) Intimidation threats, which may occur when a professional accountant may be deterred
from acting objectively by threats, actual or perceived.
Safeguards that may eliminate or reduce such threats to an acceptable level fall into two broad
categories:
a) Safeguards created by the profession, legislation or regulation; and
b) Safeguards in the work environment.
Safeguards created by the profession, legislation or regulation include, but are not restricted
to:.
• Educational, training and experience requirements for entry into the profession.
• Continuing professional development requirements.
• Corporate governance regulations.
• Professional standards.
• Professional or regulatory monitoring and disciplinary procedures.
• Externally review by a legally empowered third party of the reports, returns,
communications or information ptodU6ed by a professional accountant.
Certain safeguards may increase the likelihood of identifying or deterring unethical behavior.
Such safeguards, which may be created by the accounting profession, legislation, regulation or
an employing organization, include, but are not restricted to:
• Effective, well publicized complaints systems operated by the employing organization,

the profession or a regulator, which enable colleagues, employers and members of the
public to draw attention to unprofessional or unethical behaviour
• An explicitly stated duty to report breaches of ethical requirements.
The nature of the safeguards to be applied will vary depending on the circumstances. In
exercising professional judgment, a professional accountant should consider what a reasonable
and informed third party, having knowledge of all relevant information, including the
significance of the threat and the safeguards applied, would conclude to be unacceptable.
Ethical Conflict Resolution

In evaluating compliance with the fundamental principles, a professional accountant may be
required to resolve a conflict in the application of fundamental principles.
When initiating either a formal or informal conflict resolution process, a professional accountant
should consider the following, either individually or together with others, as part of the
resolution process:
a) Relevant facts;
b) Ethical issues involved;
c) Fundamental principles related to the matter in question;
d) Established internal procedures; and
e) Alternative courses of action.
Having considered these issues, a professional accountant should determine the appropriate
course of action that is consistent with the fundamental principles identified. The professional
accountant should also weigh the consequences of each possible course of action. If the matter
remains unresolved, the professional accountant should consult with other appropriate persons
within the firm" or employing organization for help in obtaining resolution.
Where a matter involves a conflict with, or within, an organization, a professional accountant
should also consider consulting with those charged with governance of the organization, such
as the board of directors or the audit committee.
It may be in the best interests of the professional accountant to document the substance of the
issue and details of any discussions held or decisions taken, concerning that issue.
If a significant conflict cannot be resolved, a professional accountant may wish to obtain
professional advice from the relevant professional body or legal advisors, and thereby obtain
guidance on ethical issues without breaching confidentiality. For example, a professional:
accountant may have encountered a fraud, the reporting of which could breach the professional
accountant's responsibility to respect confidentiality. The professional accountant should
consider obtaining legal advice to determine whether there is a requirement to report. lf, after
exhausting all relevant possibilities, the ethical conflict remains unresolved, a professional
accountant should, where possible, refuse to remain associated with the matter creating the
conflict: The professional accountant may determine that, in the circumstances, it is appropriate
to withdraw from the engagement team" or specific assignment, or to resign altogether from the
engagement, the firm or the employing organization.

FUNDAMENTAL PRINCIPLES
A professional accountant is required to comply with the following fundamental principles;-
Integrity
The principle of integrity imposes an obligation on all professional accountants to be
straightforward and honest in professional and business relationships. A member must be aware
of his role in the society and maintain high standards of conduct should not satisfy what he
knows as untrue as true and should take caution not to mislead intentionally or unintentionally.
Integrity also implies fair dealing and truthfulness.
A professional accountant should not be associated with reports, returns, communications or
other information where they believe that the information:
i. Contains a materially false or misleading statement;
ii. Contains statements or information furnished recklessly; or
iii. Omits or obscures information required to be included where such omission or
obscurity would be misleading.
A professional accountant will not be considered to be in breach of matters associated with
reports, returns, communications or other information if the professional accountant provides a
modified report in respect of such matters.
Objectivity
A professional accountant should not allow bias, conflict of interest or undue influence of
others to override professional or business judgments.
A professional accountant • may be exposed to situations that may impair objectivity. It is
impracticable to define and prescribe all such situations. Relationships that bias or unduly
influence the professional judgment of the professional accountant should be avoided.
Confidentiality
The guide to professional ethics states that information acquired in the course of professional
work should not be disclosed except where consent has been acquired from the client, where
there's public duty to disclose or where there is legal or professional duty to disclose such
information. A member acquiring information in the course of professional work, should neither
use nor appear to use that information in his personal or third party advantages e g. if a member
is auditing a limited company and he realizes that the company has made a substantial increase
in profits, it would be unethical to advise a friend to buy the shares of this company in
anticipation of the expected increase in the share prices as a result of increase in profitability.
The principle of confidentiality imposes an obligation on professional accountants to refrain
from:
- Disclosing outside the firm or employing organization confidential information acquired
as a result of professional and business relationships without proper and specific
authority or unless there is a legal or professional right or duty to disclose; and
- Using confidential information acquired as a result of professional and business
relationships to their personal advantage or the advantage of third Parties.
A professional accountant should maintain confidentiality even in a social environment. The

professional accountant should be alert to the possibility of inadvertent disclosure, particularly
in circumstances involving long association with a business associate or a close or immediate
family member.
A professional accountant should also consider the need to maintain confidentiality of
information within the firm or employing organization.
A professional accountant should take all reasonable steps to ensure that staff under the
professional accountant's control and persons from whom advice and assistance is obtained
respect the professional accountant's duty of confidentiality.
The need to comply with the principle of confidentiality continues even after the end of
relationships between a professional accountant and a client or employer.
When a professional accountant changes employment or acquires a new client, the professional
accountant is entitled to use prior experience. The professional accountant should not, however,
use or disclose any confidential information either acquired or received as a result of a
professional or business relationship.
A professional accountant should also maintain confidentiality of information disclosed by a
prospective client or employer.
A professional accountant should respect the confidentiality of information acquired as a result
of professional and business relationships and should not disclose any such information to third
parties without proper and specific authority unless there is a legal or professional right or duty
to disclose.
The following are circumstances where professional accountants are or may be required to
disclose confidential information or when such disclosure may be appropriate:
a) Disclosure is permitted by law and is authorized by the client or the employer;
b) Disclosure is required by law, for example:
i. Production of documents or other provision of evidence in the course of legal
proceedings; or
ii. Disclosure to the appropriate public authorities of infringements of the law that
come to light; and
c) There is a professional duty or right to disclose, when not prohibited by law:
i. To comply with the quality review of a member body or professional body;
ii. To respond to an inquiry or investigation by a member body or regulatory body;
iii. To protect the professional interests of a professional accountant in legal
proceedings; or
iv. To comply with technical standards and ethics requirements.
In deciding whether to disclose confidential information, professional accountants should

consider the following points:
a) Whether the interests of all parties, including third parties whose interests may be
affected, could be harmed if the client or employer consents to the disclosure of
information by the. Professional accountant;
b) Whether all the relevant information is known and substantiated, to the extent it is
practicable; when the situation involves unsubstantiated facts, incomplete information
or unsubstantiated Conclusions, professional judgment should be used in determining
the type of disclosure to be made, if any; and
The type of communication that is expected and to whom it is addressed; in particular,

professional accountants should be satisfied that the parties to whom the communication is
addressed are appropriate recipients.
Professional competence
Auditing is a structured process that:
a) Involves the application of analytical skills, professional Judgment and
professional skepticism: .
b) Is usually performed by a team of professionals directed with managerial skills:
c) Uses appropriate forms of technology and adheres to a methodology:
d) Complies with all relevant technical standards, such as International Standards on
Auditing (IAS), International Standards on Quality Control (ISQCs), International
Financial Reporting standards (IFRS), International Public Sector Accounting
Standards (IPSAS), and any applicable international or local equivalents: and
e) Complies with required standards of professional ethics.
Auditing is also an integral part of the evolving systems of accountability and responsibilities
within organizations and society worldwide. Although audits of historical financial information
may be mandated by regulation and laws, they may be required as a condition of borrowing, a
matter of contract or for other reasons. In addition organizations may voluntarily undertake
audits to evaluate the fairness of financial representations and assertions, or to provide a
credible report of the financial stewardship of their resources to their stakeholders. Entities
subject to audit operate with diverse organizational structures in public private and not-for-
profit sectors have to adapt to complex and changing environments. Within an audit assignment
many actor must be understood and evaluated appropriately including:
a) The entity and its environment:
b) The industry and regulatory and other external factors: and
c) The applicable financial reporting framework.
Globalization of business has dramatically increased the need for consistent and high-quality
financial reporting within countries and across borders. This directly affects both accounting
and auditing. Many stakeholders in today's global business environment expect compliance
with recognized international standards in accounting and auditing. Establishing
internationally accepted benchmarks for the competence of audit professionals; will help to
promote internationally accepted standards accounting and auditing
Capabilities: The professional knowledge; professional skills: and professional values, ethics
and attitudes required to demonstrate competence.
Capabilities are the attributes held by individuals that enable them to perform their roles,
whereas competence refers to the actual demonstration of performance. The possession of
capabilities gives an indication that an individual has the ability to perform competently in the
workplace. Capabilities include content knowledge: technical and functional skills: behavioral
skills: intellectual abilities (including professional judgment): and professional values, ethics
and attitudes. They are sometimes referred to, in other literature as competencies capacities,
abilities key skills, core skills, fundamental skills, and values, attitudes, distinguishing
characteristics, pervasive qualities and individual attributes competence: Being able to perform a
work role to a defined standard, with reference to real working environments.
Explanation: Competence refers to the demonstrated ability to perform relevant roles or tasks
to the required standard. Whereas capability, refers to the attribute held by individuals that give
them the potential to perform. Competence may be assessed by a variety, of means including
workplace performance workplace simulation written and oral tests of various types and self-
assessment
Engagement partner is the partner or other person in the audit organization who is responsible
for the engagement and its performance and for the audit report that is issued on behalf of the
firm, and who, where required, has the appropriate authority from a professional, legal or
regulatory body,
Audit professional is a professional accountant who has responsibility or has been delegated
responsibility for significant judgments in all audit of historical financial information.
The engagement partner retains overall responsibility for the audit. The definition of audit
professional does not apply to experts undertake specific tasks within an audit (e.g., taxation,
information technology or valuation experts).
Professional Accountants and Audit Professionals

Although some professional accountants deliver a wide range of accounting and business
related-services others will choose to specialize in one more areas, one professional accountant
can master all areas of accountancy.
Specialization is necessary to ensure services can be provided by professional accountants
having sufficient depth of knowledge and expertise.
One area of specialization is in audit of historical financial information. Competence in this area
requires a higher level of education and training audit and related areas than is required of other
professional accountants.
Audit professionals involved in audits of historical financial information in specific industries
may be more specialized. The nature of the industry and applicable laws and accounting
treatment, may require levels of knowledge and skills beyond those reqUired for other audit
professionals.
Audit engagements vary in complexity and size, requiring different experience and
competence levels, Au audit team could include the engagement partner other audit
professionals other professional accountants, individuals working towards qualification as
professional accountants, and other support staff who do not intend to qualify as professional
accountants. The engagement partner is responsible for ensuring that the work of all
individuals assigned to an audit engagement is appropriately reviewed by other members of
the engagement team to provide reasonable assurance that the work meets appropriate
standards of quality.

Developing and maintaining Capabilities and Competence

All professional accountants should take steps to ensure that they and those working under
their authority in it professional capacity, have appropriate training and supervision and are
competent to undertake the work they perform.
To acquire the capabilities and competence required of audit professionals individuals may
need further education and development beyond that needed to qualify as professional
accountant.
These additional education and development requirements can be met during the education
and development program for qualifying as a professional accountant or after.
Education and development for acquiring and maintaining the capabilities of audit
professional; can include:
a) Advanced professional education pursued at academic institutions or through the
programs of professional bodies
b) On-the-job training and experience programs
c) Off-the-job training
d) Continuing professional development (CPO) course, and activities.
IFAC recognizes that each member body needs, to determine not only how best to comply
with this IES but also hat emphasis to place on the various parts of the education and
development process
In addition to acquiring the necessary knowledge e and skill, professional accountants will have
to be assessed to demonstrate the capabilities and competence needed to take on responsibility
for significant judgment in an audit of historical financial information. The IAESB recognizes
that when assessing capabilities measuring output is likely to be superior to measuring inputs.
Output-based approaches concentrate on me assuming the development and maintenance of
competence actually achieved through learning rather than measuring the various learning
activities.
Audit professionals will need further development to progress through supervisory and
managerial roles to acting as-the engagement partner.
All professional accountants are obliged to engage ill lifelong learning to keep up-to-date on
developments influencing the profession and the quality of the services they provide.
Knowledge Content
The appropriate level of education and learning of the intellectual and personal skills
necessary to become an audit-professional is generally found ill it combination of
undergraduate degree and professional education programs.
Where a member body does not require an undergraduate degree, the member body needs to
be able to demonstrate that the intellectual and personal skill; have been developed to the
required level in other ways.
The knowledge content within the education and development program for audit professionals
should include the following subject areas:
a) audit of historical financial information at an advanced level
b) financial accounting and reporting at an advanced level
c) information technology
Audit professionals are expected to have sufficient knowledge of cut-rent developments in the
field of audit of historical financial information to respond to issues in the business
environment. It is important therefore, that education and continuing development programs for
audit professionals include coverage of relevant current issues and developments.
The knowledge content of the audit of historical financial information subject area should
include the following at an advanced level:
a) best practices in the audits of historical financial information including relevant current
issues and developments: and
b) International Standards on Auditing (ISAs) and International Auditing Practice
Statements (IAPSs): and/or
c) Any other applicable standards or laws.
In addition to the knowledge listed above, audit professionals may also require. knowledge of
international Standards Quality Control (ISQCs), International Standards on Review
Engagements (ISRE,) International Standard, on Assurance Engagements (ISREs).
International Standards on Related Services (ISRSs), or local equivalents of these.
The knowledge content of the financial accounting and reporting subject area should include
the following:
a. Financial accounting and reporting processes and practices, including relevant
current issues and developments: and
b. International Financial Reporting Standard s (IFRSs): and/or
c. Any other applicable standards or laws
If an audit client is required to prepare financial reports in accordance with standards specific
to the public sector, statements will include International Public Sector Accounting Standards
(IPSAS) and any applicable international national and or local equivalents of these.
The knowledge content of the information technology subject area should include the
following:
a) Information technology systems for financial accounting and reporting including
relevant current issues and developments: and
b) Frameworks for evaluating controls, and assessing risks in accounting and reporting
system as - appropriate for the audit of historical financial information.
Professional skills
The skill requirement within the education and development program for audit professionals
should include:
a) Applying the following g professional skills in all audit environments:
a) identifying and solving problems:
b) undertaking appropriate technical research:
c) working in teams effectively:
d) gathering and evaluating evidence:
e) Presenting discussing and defending views effectively through formal, informal
written and spoken communication': and
b) Developing the following professional skills at an advanced in an audit environment:
i. applying relevant audit standards and guidance:
ii. evaluating applications of relevant financial reporting standards;

iii. demonstrating capacity for inquiry, abstract logical thought and critical analysts
iv. demonstrating professional skepticism:
v. applying professional judgment: and
vi. withstanding and resolving conflict
Professional Values, Ethics and Attitudes

Individuals should be able to apply the required professional values, ethics and attitudes in an
audit environment before taking on the role of an audit professional
- Professional accountants need a thorough understanding of the potential ethical
implications of professional and managerial decisions. They need to be aware that
decision-makers can be under tremendous pressure when it comes to upholding ethical
principles.
- Audit professionals like all professional accountants are expected to apply the
professional values, ethics and attitudes throughout their professional careers. During
their period of practical experience they should receive guidance on the:
a. Professional approach to ethics:
b. Practical application of the fundamental principles:
c. Consequence, of unethical behavior: and
d. Resolution of ethical dilemmas.
- Learning about professional ethics need, to continue after qualification. Audit
professionals need to see this as a career long process.
- The fundamental ethical principles; that apply to' ali prOfessional accountants have an
added dimension in the audit domain, because of the heavy public reliance on and
public interest in this aspect of the professional worldwide
- Fundamental principle are essential to the development of the professional and society
as a whole, these fundamental principle are-;
a. Integrity
b. Objectivity:
c. Professional competence and due care
d. Confidentiality: and
e. ProfeSsional behavior.
- In addition the IESBA Code require all members of assurance teams and organizations to
be independent of assura•e clients members of assurance teams and organizations are
required to apply the independence conceptual framework outlined therein.
- It is important that audit professionals are
a. Aware of potential new ethical dimensions and conflicts in their work: and
b. Keep current on the expectations of their professional accounting bodies and the
public in terms of professional ethics.
Practical Experience
Professional accountants should complete a period of relevant practical experience before
taking on the role of an audit professional. This period should be long enough and intensive
enough to permit them to demonstrate that they have acquired the necessary professional
knowledge: professional skills: and professional values, ethics and attitudes. A substantial
proportion of the period of practical experience should be in the area of audit of historical
financial information.
Practical Experience Requirements sets out the practical experience requirements for all
professional accountants, Professional accountant assuming the role of an audit professional
are also required to demonstrate application of the knowledge and skills specifically required
by this section of IES S, and in an audit environment in accordance with the professional
values, ethics and attitudes
Practical experience that contributes to the competence of an audit professional need: to be
relevant to the type and size of audit assignments audit professionals are, or are likely to be,
involved in the period of experience should permit them to:
a) apply, in a properly supervised environment, the requisite knowledge e and skills: and
b) develop and demonstrate the competence required
The period of practical experience relevant to an audit professional may come during or after
qualification as a professional accountant.
A period of practical experience relevant to an audit professional would normally be not less
than three years, of which at least two year should normally be spent in the area of audit of
historical financial information under the guidance of an engagement partner. Where a
member body does not require the completion of this minimum period of experience the
member body need to be able to demonstrate that the application of the knowledge and skill,
required has been achieved in an audit environment and has resulted in candidate, developing
the necessary competence and capability to apply professional judgment in the audit
assignment.
The required audit experience should be obtained with an organization that can provide
suitable audit experience under the guidance of engagement partner.
Continuing Professional Development

Professional capabilities and competence should be assessed before individuals take on the
role of audit Professionals.
Assessment should be comprehensive enough to permit demonstration of the professional
knowledge: professional skills; and professional values ethics and attitudes required to
competently perform the work of audit professionals.
The assessment of the capabilities and competence or audit professionals may be carried out
by:
a) The ICPAK member body of which all individual is a member • (including through the
member body's peer review process):
b) a third party (e.g. education or training organization government or regulatory
authority, or workplace assessor under the authority of the member body);
c) an audit organization (including through the organization's, quality control systems): or
d) a combination of these

Competence requirements for an engagement Partner

To assume the greater responsibilities of the engagement partner will require the development
of additional professional knowledge; professional skills and professional values, ethics and
attitudes. An engagement partner would be expected to demonstrate a comprehensive
understanding of the audit process and an ability to communicate a wide range of matters to a
broad range of parties
As audit professional progress into .positions such as engagement partners. the will need to
demonstrate competence in the following areas:
a. Leadership responsibility for the quality of audits:
b. Formation of conclusions on compliance with applicable independence
requirements:
c. Acceptance and continuation of client relationships and specific audit
engagements
d. Assignment of engagement teams, ensuring the collective capabilities and
competence to perform the engagement and issue an audit report:
e. Direction, supervision and performance of the audit engagement in compliance
with professional standards and regulatory and legal requirements:
f. Consultation, review and discussion of work performed: and
g. Development of the audit report that is appropriate and supported by sufficient
appropriate audit evidence
PROFESSIONAL DUE CARE
Due Care: diligence which a person would exercise under a given set of circumstances.
Due Professional Care: diligence which a person, who possesses a special skill, would
exercise under a given set of circumstances. The standard of "due care" is that level of
diligence which a prudent and competent person would exercise under a given set of
circumstances.
"Due professional care" applies to an individual who professes to exercise a special skill such
as information systems auditing. Due professional care requires the individual to exercise that
skill to a level commonly possessed by practitioners of that speciality.
Due professional care applies to the exercise of professional judgment in the conduct of work
performed. Due professional care implies that the professional approaches matters requiring
professional judgment with proper diligence. Despite the exercise of due professional care and
professional judgment, situations may nonetheless arise where an incorrect conclusion may be
drawn from a diligent review of the available facts and circumstances.
Therefore, the subsequent discovery of incorrect conclusions does not, in and of itself, indicate
inadequate professional judgment or lack of diligence on the part of the Auditor.
'Due professional care should extend to every aspect of the audit, including the evaluation of
audit risk, the formulation of audit objectives, the establishment of the audit scope,
the.selection of audit tests, and the evaluation of test results. In doing this, the Auditor should
determine or evaluate:
- The type and level of audit resources required to meet the audit objectives
- The significance of identified risks and the potential effect of such risks on the audit
- The audit evidence gathered
- The competence, integrity, and conclusions of others upon whose work the Auditor
places reliance
The intended recipients of the audit reports have an appropriate expectation that the Auditor has
exercised due professional care throughout the course of the audit. The Auditor should not
accept an assignment unless adequate skills, knowledge, and other resources are available to
complete the work in a manner expected of a professional.
The Auditor should conduct the audit with diligence while adhering to professional standards.
The Auditor should disclose the circumstances of any non-compliance with professional
standards in a manner consistent with the communication of the audit results.
INDEPENDENCE OF OPINION
Independence is something that is both a matter of fact and a matter of appearance. It is

important to be independent but it is also important to appear to be independent.
Independence Comprises:
a. Independence of mind—the state of mind that permits the provision of an opinion
without being affected by influences that compromise professional judgment, allowing
an individual to act with integrity, and exercise objectivity and professional skepticism.
b. Independence in appearance—the avoidance of facts and circumstances that are so

significant a reasonable and informed third party, having knowledge of all relevant
information, including any safeguards applied, would reasonably conclude a firm's, or a
member of the assurance team's, integrity, objectivity or professional skepticism had
been compromised.
The auditor's independence from the entity safeguards the auditor's ability to form an audit
opinion without being affected by influences that might compromise that opinion.
Independence enhances the auditor's ability to act with integrity, to be objective and to
maintain an attitude of professional skepticism-
Principles of independence:
• An auditor may not have a mutual or conflicting interest with the client
• An auditor may not audit his own firm's work
• An auditor may not function as management or as an employee of the audit client
• An auditor may not act as an advocate for the audit client
To ensure both independence and the appearance of independence, rules have been set out in
the professional bodies' ethical codes.
Included in the codes are the following matters which impair independence.
• Undue dependence on an audit client as a proportion of fee income
• Actual or threatened litigation

• Family or other personal relationship
• Beneficial interest in shares and other investments
• Beneficial interest in trusts
• Loans to or from client
• The provision of goods and services or hospitality
• The provision of other services
OBJECTIVITY AND INTEGRITY
Integrity, Objectivity and Independence
Integrity
The principle of integrity imposes an obligation on all professional accountants to be
straightforward and honest in professional and business relationships. Integrity also implies
fair dealing and truthfulness.
A professional accountant should not be associated with reports, returns, communications or
other information where they believe that the information: Contains a materially false or
misleading statement;
a) Contains statements or information furnished recklessly; or
b) Omits or obscures information required to be included where such omission or
obscurity would be misleading.
A professional accountant will not be considered to be in breath of matters associated with
reports, returns, communications or other information if the professional accountant provides a
modified report in respect of a matter such matters.
Objectivity
Objectivity is essential for any professional person exercising professional judgement. It is as
essential for members in business as for practising members. Objectivity is the state of mind
which has regard to all considerations relevant to the task in hand but no other. It is sometimes
described as 'independence of mind'.
The need for objectivity is particularly evident in the case of a practising accountant carrying,
out an audit or some other reporting role where his professional opinion is likely to affect
rights between parties and the decisions they take.
Threats to objectivity
Threats to objectivity might include the following:
1. The self-interest threat

A threat to the auditor's objectivity stemming from a financial or other self-interest
conflict. This could arise, for example, from a direct or indirect interest in a client or
from a fear of losing a client.
2. The self-review threat

The apparent difficulty of maintaining objectivity and conducting what is effectively a
self-review, if any product or judgement of a previous audit assignment or a non-audit
assignment needs to be challenged or re-evaluated in reaching audit conclusions.
3. The advocacy threat

There is an apparent threat to the auditor's objectivity, if he becomes an advocate for
(or against) his client's position in any adversarial proceedings or situations. Whenever
the auditor takes a strongly proactive stance on the client's behalf, this may appear to
be incompatible with the special objectivity that audit requires.
4. The familiarity or trust threat

A threat that the auditor may become over-influenced by the personality and qualities
of the directors and management, and consequently too sympathetic to their interest.
Alternatively the auditor may become too trusting of management representations so
as to be inadequately rigorous in his testing of them - because he knows the client too
well or the issue too well or for some similar reason.
5. The intimidation threat

The possibility that the auditor may become intimidated by threat, by dominating
personality, or by other pressures, actual or feared, by a director or manager of the
client or by some other party
Each of the above threats may arise either in relation to the auditor's own person or in
relation to a connected person such as a member of his family or a partner or a person
who is close to him for some other reason, such as past or present association or
obligation or indebtedness.
The safeguards which are available to offset the threats

Auditors should always consider the use of safeguards and procedures which may negate or
reduce threats. They should be prepared to demonstrate that in relation to each identified
threat, they have 'considered the availability and effectiveness of the safeguards and
procedures and are satisfied that their objectivity in carrying out the assignment will be
properly preserved.

Safeguards and Procedures
The safeguards and procedures might include:

Factors in the environment of the practice which will operate so as to offset any threat to
objectivity
An exhaustive list of these countervailing factors is not possible, but auditors should expect
where possible to have developed the following characteristics in their firms. Where they have
been developed they will provide safeguards.
i. Chartered accountants are taught from the outset of their training contracts to behave with
integrity in all their professional and business relationships and to strive for objectivity in
all professional and business judgements. These factors rank highly in the qualities that
chartered accountants have to demonstrate prior to admission. They should therefore be
well used to setting personal views and inclinations aside.
ii. Engagement partners should have sufficient regard for their own careers and reputations
to be encouraged towards objectivity and to effective use of safeguards.
iii. Within every firm there should be strong peer pressure towards integrity, Reliance on
one another's integrity should be the essential force which permits partners to entrust
their public reputation and personal liability to each other.
iv. Firms should set great store on their reputation for impartiality and objectivity. It is the
foundation for their ability to practise and to gain work over the medium and long term,
and they should not permit a member of the firm to risk it for short term benefit or gain.
v. Firms of all sizes should have established strong internal procedures and controls over the
work of individual principals, so that difficult and sensitive judgments are reinforced by
the collective views of other principals, thereby also reducing the possibility of litigation.
Safeguards and sanctions built into the structure of the profession itself
These might include:
i. The long-standing ethical code of the profession, of which this guidance forms part.
Where appropriate, this code imposes specific prohibitions where the threat to the
auditor's objectivity is so significant, or is generally perceived to be so, that no other
appropriate safeguards would be effective.
ii. The ethical support provided by the Institute, including the Ethics Advisory Services
helpline, published advice on ethics such as Help Sheets and the Support Member
Scheme involving District Societies.
iii. The reinforcement given to the above safeguards by a policing system which reacts
to complaints, whether by members of the public or members of the profession,
investigates the background to the complaints, and where necessary commences
disciplinary proceedings against an offending Member. Together with monitoring
(below), the system ensures that a firm's past conduct and current procedures are
likely to come under close independent professional scrutiny if the conduct of
practising members gives rise to challenge over their exercise of these guidelines:
iv. The active monitoring procedures conducted by the profession for reserved activities
such as auditing. On behalf of the Institute Committees concerned, the Quality
Assurance Directorate visits firms which are registered to conduct audits. It

examines firms' compliance with the Audit Regulations and reports to those
Committees. The Regulations embrace in their requirements the whole of this
guidance.
Steps taken by firms to ensure that threats to objectivity are recognized, documented
and mitigated
These might not be disclosed to outsiders unless disciplinary or regulatory follow4fp requires
it. Examples of internal procedures within firms which may contribute to reassurance that the
required audit objectivity has been preserved include:
i. Arrangements to ensure that staffs are adequately trained and empowered to
communicate any issue of objectivity that concerns them to a separate principal.
ii. The involvement of an additional principal (in the case of a sole-practitioner, a
qualified colleague) to carry out a review' or otherwise advise.
iii. Rotation of engagement partners and staff.
iv. The evaluation of a potential client when a firm is approached to act, to assess such
facts as the integrity of the client's management, company profile, accountancy
competence, etc.
v. Formal-Consideration and review of the continuance of all engagements before the
firm's name is allowed to go forward for reappointment as auditor.
vi. An overall control environment, starting with a professional approach towards matters
of quality and ethics, and taking in staff training, development and performance
appraisal, and the assurance provided by a regularly monitored and evidenced control
system.
The involvement of a third party such as a client audit committee, or a regulatory body
or another firm
Refusal to act where no other course can abate the perceived problem
Some exclusions and prohibitions are the subject of statute or regulation outside the control of
the profession. In addition, there are some situations in which the threat to an auditor's
objectivity is so significant, or generally perceived to be so, that an auditor should, having
regard to preservation of the public image of his profession, decline to accept appointment,
even if he believes that the circumstances are such that available safeguards and procedures
could, in his particular case, enable him to maintain proper objectivity. In this eventuality, he
should decline or resign appointment.
It follows from the preceding paragraphs that the perception of the publicjor any section of it)
that an auditor's objectivity may be threatened is not, of itself, a reason. why an appointment
should be refused. The countervailing pressures and safeguards described above may often
override a threat. Members and firms are encouraged to make clients and others outside the
profession aware of the extensive and sophisticated compliance procedures that they employ.

The self-interest threat

All work that creates a financial relationship between the auditor and the audit client may appear
to create a self-interest threat - as does payment for the audit itself. The nature of the threat
sometimes perceived is that the auditor's objectivity might be impaired by a need to remain on
good terms with the directors of the audited company in order to preserve a working
relationship. The perceived threat grows with the size of the fees and is thus increased by work
or services additional to the audit. But the most significant dimension of any threat, real or
perceived, is likely to reside in the size of the total fees earned from a client in relation to the
whole fees of the firm.
The self-review threat
- Audit work itself gives rise to self-review. The auditor reviews matters that he has
previously judged in prior-year audits, matters that were judged at planning stage, his
recommendations (or lack of them) to management at previous audits, etc. In auditing,
perhaps more than in any other activity, there is a need for a readiness to recognise and
avoid past mistakes.
- The auditor must adopt the objectivity and independence of mind to be able to
acknowledge past errors or mistakes of judgement and report fairly and afresh.
- The provision of other services may give rise to further needs for self-review. If, for
example, the firm has designed or recommended any part of the systems or controls on
which the audit relies, the audit team will need to take particular care to ensure that the
audit judgments are objective, perhaps in the case of larger firms by arranging that there
is little or no common membership between the systems work and the audit team.
- If, as is common for smaller companies, the auditor has prepared any of the data
contained in the financial statements or drafted material for the notes, or assisted in the
preparation of the accounting records, a degree of self-review arises.
- There is a spectrum of involvement by the auditor in the preparation of accounting
records. It ranges from the situation prevailing in small companies where the auditor may
prepare much of the accounting records and the financial statements as well as auditing
them, to the other end of the spectrum where in the case of a major listed company the
auditor does not participate in any part of the preparation process. Even in the latter case,
the auditor who detects omissions in the company's proposed disclosures will normally
suggest and draft the amendments required, so that in the end it is uncommon for a set of
financial statements to appear where the auditor has had no hand whatsoever in the
presentation or drafting.
- These processes of assistance, entailing self-review as they do, are not intrinsically
damaging to audit objectivity, but pose a threat to it. Safeguards are necessary.
- At the smaller company end of the spectrum the safeguards reside in a considered analysis
by the auditor of the work done in preparation of records and statements and careful
consideration as to what separate audit procedures and scope are thus required. At the
other end of the spectrum, in the case of a listed company or other public interest company
audit client, an audit practice should not participate in the preparation of the company's
accounts and accounting records save in relation to assistance of a routine clerical nature
or in emergency. Such assistance might include, for example, work on the finalisation of
statutory accounts, including consolidations and tax provisions. The scale and nature of
such work should be regularly reviewed.
Expert services as an example of the self-review threat

The provision for an audit client of expert services, by an audit firm or an associated firm or
organisation in the same country or overseas, which directly affect amounts and disclosures in
the financial statements of an audit client gives rise to a self-review threat to objectivity,
These...services may include reports, opinions, valuations or statements by an expert.
In these circumstances, the auditor should carefully consider whether the threat is so great that
the firm should either not audit the financial statement concerned or advise the client to seek an
alternative source for the particular expert services; ill cases. where. the firm decides to accept
such an engagement, the auditor should determine what appropriate safeguards should be added
to address the threat. To ensure that careful consideration has been given to the key aspects of
the threat firms should record the basis of their decisions and document the safeguards.
A major issue attesting the self-review threat, which should be carefully considered by the
auditor, is the materiality of the amounts involved in relation to the financial statements. In
addition to the amounts involved, the issue of materiality is likely to be influenced, to a
considerable extent, by the degree of subjectivity inherent in the items concerned.
In evaluating the extent of the threat the auditor should also consider the following matters in
relation to the amounts included in the financial statements:
• The extent of the directors‘ knowledge and experience and ability to evaluate the
issues. Concerned and the extent of their involvement in determining and approving
significant matters of judgement;
• the degree to which established methodologies and professional guidelines are utilised
in the type of expert services;
• the reliability and extent of the underlying base data;
• the degree of dependence on future events of a nature which could create significant
volatility inherent in the amounts involved;
• The extent and clarity of related disclosures in the financial statements including
disclosure of the underlying assumptions, and the identity of the provider of the expert
services.
Safeguards
Where a firm has identified a threat it should consider the matters set out in above in relation
to the audit team and take any necessary steps to safeguard its objectivity. Such steps will
often include the use of different partners and separate teams each having separate reporting
lines and additional review procedures sufficient to ensure that objectivity is preserved. Firms
should ensure that their work complies with the International Standards on Auditing (ISA
620), 'Using the Work of an Auditor's Expert', particularly the elements identified in the
section: 'Assessing the Work of an Expert'.

The advocacy threat

Advocacy arises where a practitioner becomes an advocate for a client's position in any
adversarial proceeding or situation. There is nothing improper about a position of advocacy
and many types of professional services and support to a client may require it.
Advocacy in a simple sense is always present where a firm supports its clients' interests. At the
same time a professional person is always required to strive for objectivity in all professional
work.
But advocacy can take a sharpened form, a more committed and protagonist form, where the
firm supports its client in an adversarial situation.
An auditor's client is in principle the company and its shareholders. But his duty to that
particular client must be set in the context of the wider public interest which requires him
(through. Companies Acts requirements and the Auditing Practices Board pronouncements) to
provide an opinion as to whether a set of financial statements gives a true and fair view. That
true and fair view must be an objective one, not tailored to or influenced by the needs of the
client_
Hence advocacy in any sharpened form is likely to appear to the beholder to be incompatible
with the particular objectivity required by the audit reporting role. And in fact, particular
advocate roles, though adopted with objective judgement, may tend subsequently to form a
degree of commitment in the professional's mind which may make it difficult to return to the
objectivity required for reporting.
The following examples are provided to illustrate the classes of professional services or other
activity which may give rise to these sharper forms of advocacy:
a. The recommendation, or promotion, of shares requires the adoption of a posture of
advocacy in relation to the company concerned which cannot be compatible with
objectivity in reporting. To recommend or promote shares usually requires a mental
commitment to views or assertions about the strengths and qualities of the company.
These views or assertions may have been reached by objective consideration, but once
adopted the mental commitment does not readily permit a return to either the
appearance or the reality of dispassionate and objective judgement.
b. By extension, leading a corporate finance team which takes the responsibility for
recommending or promoting shares will be incompatible with objectivity in reporting.
For this reason Corporate Finance Advice contains what amounts to a prohibition on
the provision of such services to a company on which the firm reports.
c. The adoption of an extreme position on any issue of accounting principles, taxation or
other matter of professional judgement will always raise the risk of putting the
practitioner into a position of sharpened advocacy. This will be heightened if it
becomes necessary for the firm to support the extreme position in adversarial
proceedings such as litigation, Takeover Panel proceedings, or negotiations with
government revenue departments. Such a position may both raise doubts in the
minds of observers and make it genuinely difficult for a firm to preserve its own audit
objectivity on the topics at issue.
The central issue for auditors in illustration (c) is the identification of what is or may become
an extreme position.

Members should endeavor to foresee such difficulties arising, and either avoid the extreme
position or suggest to the company that it may seek alternate advisers to perform any roles
requiring adversarial advocacy. It should be re-emphasised that there is nothing inherently
unethical in advocating an extreme position on a client's behalf, if it can be supported by
objective evidence. But it may be improper to perform such advocacy while at the same time
asserting that the objectivity. of the audit role has been maintained. In some situations
separation of roles between different partners may provide a degree of internal safeguards, but
practitioners should recognise the risk of bringing themselves and the profession into disrepute
by entering into a -situation Where a position of advocacy appears to indicate a position of
commitment or a bias in state of mind which is not consistent with the objective state of mind
required for a reporting role.
FEES AND OTHER TYPES OF REMUNERATION
Fees should not be charged on a percentage or similar basis except where it is authorized by
the law or is generally% accepted practice for certain specialist work e.g. construction work.
Also, no instructions should be accepted on a contingency basis e.g. bonus of 3% on profits.
This is because auditor's judgment should not be impaired by hope of a financial gain. If fees
were computed as a percentage of the net profit, the auditor would be hesitant to propose to the
management audit adjustment that would result to reduction of the audit fees derived from the
assignment.
• In practice the most common mode of determination of audit fees is to compute them
on the following considerations:
• The skill and knowledge required for the type of work involved. If the work required an
expert, the fees would be higher
• The seniority of the person engaged in the work i.e. audit partners, managers, seniors
and assistants.
• The time necessarily engaged on each person on the work.
• The nature of responsibility which the work entails.
When entering into negotiations regarding professional services, a professional accountant in

public practice may quote whatever fee deemed to be appropriate. The fact that one
professional accountant in public practice may quote a fee lower than another is not in itself
unethical. Nevertheless, there may be threats to compliance with the fundamental principles
arising from the level of fees quoted. For example, a self-interest threat to professional
competence and due care is created if the fee quoted is so low that it may be difficult to
performing the engagement in accordance With applicable- technical and professional
standards for that price.
The significance of such threats will depend on factors such as the level of fee quoted and the
services to which it applies. In view of these potential threats, safeguards should be considered
and applied as necessary to eliminate them or reduce them to an acceptable level. Safeguards
which may be adopted include:
• Making the client aware of the terms of the engagement and, in particular, the basis on
which fees are charged and which services are covered by the quoted fee.
• Assigning appropriate time and qualified staff to the task.
Contingent fee
A fee calculated on a predetermined basis relating to the outcome or result of a transaction or
the result of the work performed. A fee that is established by a court or other public authority
is not a contingent fee.
Contingent fees arc widely used for certain types of non-assurance engagements
They may, however, give rise to threats to compliance with the fundament principles in
certain circumstances. They may give rise to a self-interest threat to objectivity. The
significance of such threats will depend on factors including:
• The nature of the engagement.
• The range of possible fee amounts.
• The basis for determining the fee.
• Whether the outcome or result of the transaction is to be reviewed by an independent
third party.
The significance of such threats should be evaluated and, if they are other than clearly
insignificant, safeguards should be considered and applied as necessary to eliminate or reduce
them to an acceptable level. Such safeguards may include:
a) An advance written agreement with the client as to the basis of remuneration.
b) Disclosure to intended users of the work performed by the professional accountant in
public practice and the basis of remuneration.
c) Quality control policies and procedures.
d) Review by an objective third party of the work performed by the professional
accountant in public practice.
In certain circumstances, a professional accountant in public practice may receive a referral
fee or commission relating to a client. For example, where the professional accountant in
public practice does not provide the specific service required, a fee may be received for
referring a continuing client to another professional accountant in public practice or other
expert. A professional accountant in public practice may receive a commission from a third
party (e.g., a software vendor) in connection with the sale of goods or services to a client.
Accepting such a referral fee or commission may give rise to self-interest threats objectivity
and professional competence and due care.
A professional accountant in public practice may also pay a referral fee to obtain a client, for
example, where the client continues as a client of another professional accountant in public
practice but requires specialist services not offered by the existing accountant. The payment of
such a referral fee may also create a self- interest threat to objectivity and professional
competence and due care.
A professional accountant in public practice should not pay or receive a referral fee or
commission, unless the professional accountant in public practice has established safeguards
to eliminate the threats or reduce them to an acceptable level. Such safeguards may include:
a) Disclosing to the client any arrangements to pay a referral fee to another professional
accountant for the work referred.
b) Disclosing to the client any arrangements to receive a referral fee for referring the
client to another professional accountant in public practice.
c) Obtaining advance agreement from the client for commission arrangements in
connection with the sale by a third party of goods or services to the client.
A professional accountant in public practice may purchase all or part of another firm on the
basis that payments will be made to individuals formerly owning the firm or to their heirs or
estates. Such payments are not regarded as commissions or referral fees.
MARKETING PROFESSIONAL SERVICES
When a professional accountant in public practice solicits new work through advertising or
other forms of marketing, there may be potential threats to compliance with the fundamental
principles. For example, a self-interest threat to compliance with the principle of professional
behaviour is created if services, achievements or products are marketed in a way that is
inconsistent with that principle.
A professional accountant in public practice should not bring the profession into disrepute
when marketing professional services. The professional accountant in public practice should
be honest and truthful and should not:
a) Make exaggerated claims for services offers, qualifications possessed or experience
gained; or
b) Make disparaging references to unsubstantiated comparisons to the work of another.
If the professional accountant in public practice is in doubt whether a proposed form
of advertising or marketing is appropriate, the professional accountant in public
practice should consult with the relevant professional body.
ADVERTISING AND PUBLICITY
Advertising
The communication to the public of information as to the services or skills provided by
professional accountants in public practice with a view to procuring professional business.
A member should not advertise professional services or skills in such a way as to show
himself to be more qualified than other practicing accountants.
A member may place an advertisement under the following circumstances:
• When acting on behalf of the client.
• When acting in fiduciary or similar capacity.
• When seeking staff or salary employment.
A member may have paid announcements in the press for opening a new office, changing the
name, address or membership of his firm or for member's appointment. Publicity given to
member's activity both professional and otherwise is acceptable as it is publicity for the
professional activity of a firm. From the ethical guidance, it is unethical for an accountant to
seek professional work by advertising his services. One cannot therefore place an
advertisement in the media claiming he is a superior service provider than other accountants.
Advertisements should not contain comparisons with other members or firms, contain
testimonies or endorsements or bring the firm, members or the accountancy profession
discredit or dispute.
Although advertisements may refer to the basis on which fees are calculated and where they
contain any statements concerning the hourly rate charged by the firm, care should be taken to
,avoid giving the impression that lower quality performance is provided than that expected
from professional persons.
Obtaining professional work

A member should not in any circumstances obtain or seek professional work for himself or for
another party in unprofessional manner e.g. bargaining.
A practicing member should not give any commission, fee or reward to a third party in return
for introduction to a client. However, a partner who brings in business can be paid commission
by his own practice.
No member in practice shall comply with any request from a firm or company who is not a
client of that firm to submit a quotation for audit fees unless the existing auditors are aware
that such a request has been made by their client.
The Accountants Act

1. . The Accountants Act, as it stands presently, prohibits soliciting of clients and
professional work either directly or indirectly by circular, advertisement, personal
communication or interview or by any other means. It also prohibits advertisement of
attainment or services.
2. A member should not advertise his professional services or skills.
3. A member may place an advertisement when:
i. Seeking staff, a partnership or salaried employment; or, in the
professional press only, seeking sub-contract work;
ii. Acting on behalf of a client;
iii. Acting in fiduciary or similar capacity.
4. Paid announcements in the press are permitted for;
a) The opening of a new office, changes in the membership of a firm and
changes in the name or address of a firm;
b) Members' appointments.
5. Publicity given to members' activities, both professional and otherwise, is acceptable,
as is publicity for the professional activities of a firm.
6. Explanatory notes to the guide to professional ethics
Advertising and Publicity; Use of a member's name by a client

If a company or other client wishes to make use of the name and description of their auditor in
any business document or literature, other than their financial statements for which the. auditor
accepts responsibility, the member should make it clear that his approval must be obtained.
It is only rarely that such permission can be justified. In those cases, the member should
ensure that his name is not given undue prominence in the document. In the same way,

member's name and description, either as auditor or in some other professional capacity,
should not be permitted to appear on a client's note paper.
Audit reports on headed notepaper in facsimile form should not be included in published
accounts.
The above applies only where the member is acting in some professional capacity. It does not
apply to a member who is appointed chairman, director, treasurer, secretary or other officer of a
company or as an employee, in which case his name and designatory letters may appear in any
document issued by the organisation.
A member making for publication a report on, for example, net sales or newspaper circulation
figures, should be careful to ensure that his report deals only with ascertained facts. If this
report is quoted in any literature by the organisation or in the press, it should not be presented
in such a way, either as to size or presentation, as to be capable of being regarded as an
advertisement for the member and should not include his practicing address. Such a, report on
headed notepaper should not be reproduced in a facsimile form.
Opinion shopping
The term 'opinion shopping' is generally understood to involve the search for an auditor
willing to support a proposed aecounting.treatment designed to help a company achieve its
reporting objectives even though that treatment might frustrate reliable reporting.
An auditor can be defined as lacking independence if he/she adopts a viewpoint that is biased in
favour of management. A lad< of auditor independence might be manifest in the design of the
audit programme, the volume and quality of audit evidence collected, and the audit opinion
issued. The threat of audit firm dismissal and the consequent loss of audit income relates closely
to the issue of auditor independence. An independent audit firm would not change its opinion in
response to a client's dismissal threat, whereas a firm that lacks independence might bend to its
client's wishes. Dismissal threats need not be explicitly stated in order for them to be effective.
If an audit firm is concerned that an unfavourable opinion would lead to the loss of a client, it
may be deterred from issuing an unfavourable opinion without explicit threats from client
management. Instead, there might be an implicit recognition by the client's management and the
audit firm that their economic interests are mutually dependent

TOPIC 4
PLANNING AND RISK ASSESMENT
OBTAINING CLIENTS ACCEPTANCE AND RETENTION
In the current business environment, it not only makes good business sense to consider client
due diligence, but certain client acceptance and continuance procedures are required by the
auditing and assurance standards.
ISA 210 Agreeing the terms of the audit engagement establishes the preconditions for
accepting an audit, which are:
An acceptable financial reporting framework has been used in the preparation of the
financial statements
Those charged with governance agree that they acknowledge and understand their
responsibilities.
If the preconditions for an audit are not present, the auditor must discuss the matter with those
charged with governance. Unless required by law or regulation to do so, the auditor must not
accept the engagement.
ISA 220 Quality control for an audit of financial statements deals with those aspects of
engagement acceptance that are within the control of the auditor. The engagement partner
must be satisfied that appropriate procedures regarding the acceptance and continuance of
client relationships and audit engagements have been followed, and must determine that
conclusions reached in this regard are appropriate.
Information such as the following assists the engagement partner in determining whether the
conclusions reached regarding the acceptance and continuance of audit engagements is
appropriate:
the integrity of the principal owners, key management and those charged with
governance of the entity
whether the engagement team is competent to perform the audit engagement and has
the necessary capabilities, including time and resources
whether the firm and the engagement team can comply with relevant ethical
requirements
Significant matters that have arisen during the current or previous audit engagement
and their implications for continuing the relationship.

Ethical requirements
Audit firms should expect the same commitment to quality and integrity on the part of their
clients as they do of themselves. As a result, many have developed and implemented improved
processes for approving new clients as well as reviewing relationships with existing clients.
An important part of the client acceptance process is for the prospective auditor to
communicate with the existing auditor in writing. A professional clearance letter enquires
whether there are any professional or other reasons why the engagement should not be
accepted. For example, one such reason may be a disagreement with some particular
accounting treatment the client wishes to adopt. However, before the existing auditor can pass
on any information to the prospective auditor, they must have the client‘s authority to discuss
its affairs. If the client refuses permission then all the existing auditor can do is advise the
prospective auditor that there are matters they would like to discuss but the client has refused
permission for this, and this should speak volumes.
Adequate resources
Prior to acceptance or continuance of an audit engagement, the engagement partner must

determine that the audit team has the necessary technical expertise and sufficient resources
such as time and access to experts. The increasing complexity and regulation of audit requires a
significant investment of practice resources to maintain audit competence. Internal and external
reviews are an important mechanism to help practitioners decide whether they are competent
and adequately equipped to perform audits.
Key message
Typically the process of handling audit client acceptance and continuance varies with the size of
the firm, and such directives should be included in a firm's quality control manual. The process
should provide the audit firm with information to judge whether the entity meets or exceeds the
necessary standards of integrity and whether the firm has the capacity to perform a quality audit.
if these standards are not clearly met, the engagement should not be accepted. If a client no
longer meets the firm's standards, or when the firm cannot commit sufficient resources to
deliver a quality audit to the client, the auditor should not accept the engagement. As with any
auditing procedure, the process should be documented and all correspondence retained as audit
evidence.
The cost of client due diligence is a small fraction of the value of the engagement, and if the
outcome is acceptance this cost should be passed onto the client as part of the audit fee. If the
prospective client is not accepted, then clearly this is time and money well spent. The key
message is that audit firms can turn work down, a firm does not have to accept an audit
engagement, it can say ―no‖ to clients that do not fit the risk profile of the firm and capital will
go where it is deserved. This will contribute towards developing a healthy and profitable
business.
At a glance – red flag examples
1. Frequent changes of auditors – can mean an organisation is opinion shopping.

2. Poor financial history – prior failed business or bankruptcy could indicate a person who
takes unjustifiable risks.
3. Work/business history – is there unstable address, employment or professional history
4. Overly litigious as a plaintiff or defendant – signals a party who is not afraid to sue,
presents a risk of non-payment or who may not honour their agreements.
5. High turnover in upper management – can indicate a lack of internal stability.
6. Short operating history – where were the management team before they were at the
current organisation?
7. Foreign operations/plants – complex business structures may be concealing something.
8. Reluctance to provide references – if they are reluctant to disclose information now,
how will they be once they are a client?
9. Pressure to start work quickly – can be a sign that they do not want you looking into
their background.
10. Regulatory actions – can indicate poor internal controls or a management team ignoring
internal controls.
Engagement letters
The engagement letter will be sent before the audit. It specifies the nature of the contract
between the audit firm and the client and minimises the risk of any misunderstanding of the
auditor's role.
It should be reviewed every year to ensure that it is up to date but does not need to be reissued
every year unless there are changes to the terms of the engagement. The auditor must issue a
new engagement letter if the scope or context of the assignment changes after initial
appointment.
ISA 210 requires the auditor to consider whether there is a need to remind the entity of the
existing terms of the audit engagement for recurring audits and many firms choose to send a
new letter every year, to emphasise its importance to clients.
The contents of the engagement letter

The contents of a letter of engagement for audit services are listed in ISA 210 Agreeing the
Terms of Audit Engagements. They should include the following:
The objective and scope of the audit;
The responsibilities of the auditor;
The responsibilities of management;
The identification of an applicable financial reporting framework; and
Reference to the expected form and content of any reports to be issued_
In addition to the above the engagement letter may also make reference to:
The unavoidable risk that some material misstatements may go undetected due to the
inherent limitations in an audit;
Arrangements regarding the planning and performance of the audit;
The expectation that management will provide written representations;

The agreement of management to make available to the auditor draft financial
statements and other information in time to complete the audit in accordance with the
proposed timetable;
The agreement of management to inform the auditor of facts that may affect the
financial statements;
The basis on which fees are computed and billing arrangements;
A request for management to acknowledge receipt of the engagement letter and to agree
the terms outlined;
Agreements concerning the involvement of auditors experts and internal auditors; and
Restrictions to the auditor's liability.
Recurring Audits
On recurring audits, the auditor should consider whether circumstances require the terms of
the engagement to be revised and whether there is a need to remind the client of the existing
terms of the engagement.
The auditor may decide not to send a new engagement letter each period. However, the
following factors may make it appropriate to send a new letter:
Any indication that the client misunderstands the objective and scope of the audit. Any
revised or special terms of the engagement.
A recent change of senior management or those charged with governance.
A significant change in ownership.
A significant change in nature or size of the client's business.
Legal or regulatory requirements.
Acceptance of a Change in Engagement

An auditor who, before the completion of the engagement, is requested to change the
engagement to one which provides a lower level of assurance, should consider the
A request from the client for the auditor to change the engagement may result from a change
in circumstances affecting the need for the service, a misunderstanding as to the nature of an
audit or related service originally requested or a restriction on the scope of the engagement,
whether imposed by management or caused by circumstances. The auditor would consider
carefully the reason given for the request, particularly the implications of a restriction on the
scope of the engagement.
A change in circumstances that affects the entity's requirements or a misunderstanding
concerning the nature of service originally requested would ordinarily be considered a
reasonable basis for requesting a change in the engagement. In contrast a change would not be
considered reasonable .if it appeared that the change relates to information that is incorrect,
incomplete or otherwise unsatisfactory.
Before agreeing to change an audit engagement to a related service, an auditor. who was
engaged to perform an audit in accordance with ISAs would consider, in addition to the above
matters, any legal or contractual implications of the change.
If the auditor concludes that there is reasonable justification to change the engagement and if
the audit work performed complies with the ISAs applicable to the changed engagement,. the
report issued would be that appropriate for the revised terms of engagement. In order to avoid
confusing the reader, the report would not include reference to:
a) The original engagement; or
b) Any procedures that may have been performed in the original engagement, except where
the engagement is changed to an engagement to undertake agreed-upon procedures and
thus reference to the procedures performed is a normal part of the report
Where the terms of the engagement are changed, the auditor and the client should agree on the
new terms.
The auditor should not agree to a change of engagement where there is no reasonable
justification for doing so. An example might be an audit engagement where the auditor is unable
to obtain sufficient appropriate audit evidence regarding receivables and the client asks for the
engagement to be changed to a review engagement to avoid a qualified audit opinion or a
disclaimer of opinion.
If the auditor is unable to agree to a change of the engagement and is not permitted to continue
the original engagement, the auditor should withdraw and consider whether there is any
obligation, either contractual or otherwise, to report to other parties, such as those charged with
governance or shareholders, the circumstances necessitating the withdrawal.
UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT
The objective of the auditor is to identify and assess the risks of material misstatement,
whether due to fraud or error, at the financial statement and assertion levels, through
understanding the entity and its environment, including the entity's internal control, thereby
providing a basis for designing and implementing responses to the assessed risks of material
misstatement.
Risk assessment procedures are performed at the planning stage of an audit to obtain an
understanding of the entity being audited and to identify any areas of concern which could
result in material misstatements in the financial statements. They allow the auditor to assess
the nature, timing and extent of audit procedures to be performed.
ISA 315 Risk Assessments and Internal Controls states that the auditor should obtain an
understanding of the accounting and internal control systems sufficiently to plan the audit and
develop an effective audit approach. The auditor should use professional judgment to assess
audit risk and to design audit procedures to ensure it is reduced to an acceptably low level.

Sources of audit evidence that can be used as part of risk assessment procedures.
Inquiries of management
Prior year financial statement
Current year management accounts and budgets
Analytical procedures
Observation and inspection
Definitions
For purposes of the ISAs, the following terms have the meanings attributed below:
a) Assertions — Representations by management, explicit or otherwise, that are
embodied in the financial statements, as used by the auditor to consider the different
types of potential misstatements that may occur.
b) Business risk - A risk resulting from significant conditions, events, circumstances,
actions or inactions that could adversely affect an entity's ability to achieve its
objectives and execute its strategies, or from the setting of inappropriate objectives and
strategies.
c) Internal control — The process designed, implemented and maintained by those
charged with governance, management and other personnel to provide reasonable
assurance about the achievement of an entity's objectives with regard to reliability of
financial reporting, effectiveness and efficiency of operations, and compliance with
applicable laws and regulations. The term "controls" refers to any aspects of one or
more of the components of internal control.
d) Risk assessment procedures: - The audit procedures performed to obtain an
.understanding of the entity and its environment, including the entity's internal control,
to identify and assess the risks of material misstatement, whether due to fraud or error,
at the financial statement and assertion levels.
e) Significant risk -- An identified and assessed risk of material misstatement that, in the
auditor's judgment, requires special audit consideration.
RISK ASSESSMENT PROCEDURES AND RELATED ACTIVITIES
 The auditor shall perform risk assessment procedures to provide a basis for the
identification and assessment of risks of material misstatement at the financial statement
and assertion levels. Risk assessment procedures by themselves, however, do not provide
 sufficient appropriate audit evidence on which to baSe the audit opinion.
 The risk assessment procedures shall include the following:

a) Inquiries of management, of appropriate individuals within the internal audit function
(if the function exists), and of others within the entity who in the auditor's judgment
may have information that is likely to assist in identifying risks of material
misstatement due to fraud or error.
b) Analytical procedures.
c) Observation and inspection.
 The auditor shall consider whether information obtained from the auditor's client acceptance
or continuance process is relevant to identifying risks of material misstatement.
 If the engagement partner has performed other engagements for the entity, the engagement
partner shall consider whether information obtained is relevant to identifying risks of
 material misstatement.
 Where the auditor intends to use information obtained from the auditor's previous
experience with the entity and from audit procedures performed in previous audits, the
auditor shall determine whether changes have occurred since the previous audit that may
affect its relevance to the current audit.
 The engagement partner and other key engagement team members shall discuss the
susceptibility of the entity's financial statements to material misstatement, and the
application of the applicable financial reporting framework to the entity's facts and
circumstances. The engagement partner shall determine which matters are to be
communicated to engagement team members not involved in the discussion.
The Required Understanding of the Entity and Its Environment, Including the Entity's
Internal Control
The Entity and Its Environment

The auditor shall obtain an understanding of the following:
a) Relevant industry, regulatory, and other external factors including the applicable
financial reporting framework.
b) The nature of the entity, including:
i. its operations;
ii. 0 its ownership and governance structures;
iii. the types of investments that the entity is making and plans to make,
including investments in special-purpose entities; and
iv. The way that the entity is structured and how it is financed, to enable the
auditor to understand the classes of transactions, account balances, and
disclosures to be expected in the financial statements.
c) The entity's selection and application of accounting policies, including the reasons for
changes thereto. The auditor shall evaluate whether the entity's accounting policies are
appropriate for its business and consistent with the applicable financial reporting
framework and accounting policies used in the-relevant industry.
d) The entity's objectives and strategies, and those related business risks that may result in
risks of material misstatement.
e) The measurement and review of the entity's financial performance.
The Entity's Internal Control

The auditor shall obtain an understanding of internal control relevant to the audit. Although
most controls relevant to the audit are likely to relate to financial reporting, not all controls
that relate to financial reporting are relevant to the audit. It is a matter of the auditor's
professional judgment whether a control, individually or in combination with others, is
relevant to the audit.
Nature and Extent of the Understanding of Relevant Controls

When obtaining an understanding of controls that are relevant to the audit, the auditor shall
evaluate the design of those controls and determine whether they have been implemented, by
performing procedures. in addition to inquiry of the entity's. personnel.
Components of Internal Control

Control environment
The auditor shall obtain an understanding of the control environment. As part of obtaining this
understanding, the auditor shall evaluate whether:
a. Management, with the oversight of those charged with governance, has created and
maintained a culture of honesty and ethical behavior; and
b. The strengths in the control environment elements collectively provide an appropriate
foundation for the other components of internal control, and whether those other
components are not undermined by deficiencies in the control environment.
The entity's risk assessment process
The auditor shall obtain an understanding of whether the entity has a process for:
a) Identifying business risks relevant to financial reporting objectives;
b) Estimating the significance of the risks;
c) Assessing the likelihood of their occurrence; and
d) Deciding about actions to address those risks
If the entity has established such a process (referred to hereafter as the "entity's risk assessment
process"), the auditor shall obtain an understanding of it, and the results thereof. If the auditor
identifies risks of material misstatement that management failed to identify, the auditor shall
evaluate whether there was an underlying risk of a kind that the auditor expects would have
been identified by the entity's risk assessment process. If there is such a risk, the auditor shall
obtain an understanding of why that process failed to identify it, and evaluate whether the
process is .appropriate to its circumstances or determine if there is a significant deficiency in
internal control with regard to the entity's risk assessment process... ..„
If the entity has not established such a process or has an ad hoc process, the auditor shall
discuss with management whether business risks relevant to financial. reporting objectives
have been • identified and how they have been addressed. The auditor shall evaluate whether
the absence of a documented risk assessment process is appropriate in the circumstances, or
determine whether it represents a significant deficiency in internal control.
AUDITING
The information system, including the related business processes, relevant to financial
reporting, and communication
The auditor shall obtain an understanding of the information system, including the related
business processes, relevant to financial reporting, including the following areas:
a. The classes of transactions in the entity's operations that are significant to the financial
• statements;
b. The procedures, within both information technology (IT) and manual systems, by
which those transactions are initiated, recorded, processed, corrected as necessary,
transferred to the general ledger and reported in the financial statements;
c. The related accounting records, supporting information and specific accounts in the
financial statements that are used to initiate, record, process and report transactions; this
includes the correction of incorrect information and how information is transferred to
the general ledger. The records may be in either manual or electronic form;
d. How the information system captures events and conditions, other than transactions,
that are significant to the financial statements;
e. The financial reporting process used to prepare the entity's financial statements,
including significant accounting estimates and disclosures; and
f. Controls surrounding journal entries, including non-standard journal entries used to
record non-recurring, unusual transactions or adjustments.
 The auditor shall obtain an understanding of how the entity communicates financial
reporting roles and responsibilities and significant matters relating to financial reporting,
including:
a) Communications between management and those charged with governance; and
b) External communications, such as those with regulatory authorities.
Control activities relevant to the audit

- The auditor shall obtain an understanding of control activities relevant to the audit,
being those the auditor judges it necessary to understand in order to assess the risks of
material misstatement at the assertion level and design further audit procedures
responsive to assessed risks. An audit does not require an understanding of all the
control activities related to each significant class of transactions, account balance, and
disclosure in the financial statements or to every assertion relevant to them.
- In understanding the entity's control activities, the auditor shall obtain an
understanding of how the entity has responded to risks arising from IT.
Monitoring of controls
- The auditor shall obtain an understanding of the major activities that the entity uses to
monitor internal control relevant to financial reporting, including those related to those
control activities relevant to the audit, and how the entity initiates remedial actions to
deficiencies in its controls.
- If the entity has an internal audit function the auditor shall obtain an understanding of
the nature of the internal audit function's responsibilities, its organizational status, and
the activities performed, or to be performed.
- The auditor shall obtain an understanding of the sources of the information used in the
entity's monitoring activities, and the basis upon which management considers the
information to be sufficiently reliable for the purpose.

Identifying and Assessing the Risks of Material Misstatement
- The auditor shall identify and assess the risks of material misstatement at:
a. the financial statement level; and
b. the assertion level for classes of transactions, account balances, and disclosures,
to provide a basis for designing and performing further audit procedures.
- For this purpose, the auditor shall:
a. Identify risks throughout the process of obtaining an understanding of the entity and
its environment, including relevant controls that relate to the risks, and by
considering the classes of transactions, account balances, and disclosures in the
financial statements;
b. Assess the identified risks, and evaluate whether they relate more pervasively to the
financial statements as a whole and potentially affect many assertions;
c. Relate the identified risks to what can go wrong at the assertion level, taking account
of relevant controls that the auditor intends to test; and
d. Consider the likelihood of misstatement, including the possibility of multiple
misstatements, and whether the potential misstatement is of a magnitude that could
result in a material misstatement.
Risk's that Require Special Audit Consideration

As part of the risk assessment, the auditor shall determine whether any of the risks identified
are, in the auditor's judgment, a significant risk. In exercising this judgment, the auditor shall
exclude the effects of identified controls related to the risk.
In exercising judgment as to -which risks are significant risks, the auditor shall consider at
leak the following:
a. Whether the risk is a risk of fraud;
b. Whether the risk is related to recent significant economic, accounting or other
developments and, therefore, requires specific attention;
c. The complexity of transactions;
d. Whether the risk involves significant transactions with related parties;
e. The degree of subjectivity in the measurement of financial information related to
the risk, especially those measurements involving a wide range of measurement
uncertainty; and
f. Whether the risk involves significant transactions that are outside the normal
course of business for the entity, or that otherwise appear to be unusual.
If the auditor has determined that a significant risk exists, the auditor shall obtain an
understanding of the entity's controls, including control activities, relevant to that risk.
Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate
Audit Evidence
In respect of some risks the auditor may judge that it is not possible or practicable to obtain,
sufficient appropriate audit evidence only from substantive procedures. Such risks may relate
to the inaccurate or incomplete recording of routine and significant classes of transactions or
account balances, the characteristics of which often permit highly automated processing with
little or no manual intervention. In such cases, the entity's controls over such risks are relevant
to the audit and the auditor shall obtain an understanding of them.
Revision of Risk Assessment

The auditor's assessment of the risks of material misstatement at the assertion .level may
change during the course of the audit as additional audit evidence is obtained. In
circumstances where the auditor obtains audit evidence from performing further audit
procedures, or if new information is obtained, either of which is inconsistent with the audit
evidence on which the auditor originally based the assessment, the auditor shall revise the
assessment and modify the further planned audit procedures accordingly.
Documentation
The auditor shall include in the audit documentation:
a) The discussion among the engagement team and the significant decisions reached:
b) Key elements of the understanding obtained regarding each of .the aspects of the
entity and its environment specified in and of each of the internal control
components; the sources of information from which the understanding was
obtained; and the risk assessment procedures performed;
c) The identified and assessed risks of material misstatement at the financial statement
level and at the assertion level and
d) The risks identified, and related controls about which the auditor has obtained an
understanding
Risk Assessment Procedures and Related Activities

Obtaining an understanding of the entity and its environment, including the entity's internal
control (referred to hereafter as an "understanding of the entity"), is a continuous, dynamic
process of gathering, updating and analyzing information throughout the audit. The
understanding establishes a frame of reference within which the auditor plans the audit and
exercises professional judgment throughout the audit, for example, when:
  Assessing risks of material misstatement of the financial statements;
  Determining materiality in accordance with ISA 320;
 Considering the appropriateness of the selection and application of accounting
 policies, and the adequacy of financial statement disclosures;
 Identifying areas where special audit consideration may be necessary, for example,
related party transactions, the appropriateness of management's use of the going
 concern assumption, or considering the business purpoSe of transactions;
  Developing expectations for use when performing analytical procedures;
 Responding to the assessed risks of material misstatement, including designing and
performing further audit procedures to obtain sufficient appropriate audit evidence;
and
 Evaluating the sufficiency. and appropriateness of audit evidence obtained, such as the
appropriateness of assumptions and of management's oral and written representations.
Information obtained by performing risk assessment procedures and related activities may be
used by the auditor as audit evidence to support assessments of the risks of material
misstatement. In addition, the auditor may obtain audit evidence about classes of transactions,
account balances, or disclosures, and related assertions, and about the operating effectiveness
of controls, even though such procedures were not specifically planned as substantive
procedures or as tests of controls. The auditor also may choose to perform substantive
procedures or tests of controls concurrently with risk assessment procedures because it is
efficient to do so.
The auditor uses professional judgment to determine the extent of the understanding required.
The auditor's primary consideration is whether the understanding that has been obtained is
sufficient to meet the objective stated in this ISA. The depth of the overall understanding that is
required by the auditor is less than that possessed by management in managing the entity. The
risks to be assessed include both those due to error and those due to fraud, and both are covered
by this ISA.. However, the significance of fraud is such that further requirements and guidance
are included in ISA 240 in relation to risk assessment procedures and related activities to obtain
information that is used to identify the risks of material misstatement due to fraud.
Although the auditor is required to perform all the risk assessment procedures above in the
course of obtaining the required understanding of the entity, the auditor is not required to
perform all of them for each aspect of that understanding. Other procedures may be performed
where the information to be obtained therefrom may be helpful in identifying risks of material
misstatement.
Examples of such procedures include:

 Reviewing information obtained from external sources such as trade and economic
journals; reports_ by analysts, banks, or rating agencies; or regulatory or financial
 publications.
 Making inquiries of the entity's external legal counsel or of valuation experts that the
entity has used.
Inquiries of Management, the Internal Audit Function and Others within the Entity
Much of the information obtained by the auditor's inquiries is obtained from management and
those responsible for financial reporting. Information may also be obtained by the auditor
through inquiries with the internal audit function,- f the entity has such a function and others
within the entity.
The auditor may also obtain information, or a different perspective in .identifying risks of
material misstatement, through inquiries of others within the entity and other employee's with
different levels of authority.
For example:
 Inquiries directed towards those charged with governance may help the auditor
understand the environment in which the financial statements are prepared. ISA 260
identifies the importance of effective two-way communication in assisting the auditor
to obtain information from those charged with governance in this regard.

 Inquiries of employees involved in initiating, processing or recording complex or

unusual transactions may help the auditor to evaluate the appropriateness of the
 selection and application of certain accounting policies.
 Inquiries directed toward in-house legal counsel may provide information about such
matters as litigation, compliance with laws and regulations, knowledge of fraud or
suspected fraud affecting the entity, warranties, post-sales obligations, arrangements
(such as joint ventures) with business partners and the meaning of contract terms.
 Inquiries, directed towards marketing or sales personnel may provide information about
changes in the entity's marketing strategies, sales trends; or contractual arrangements
with its customers.
Inquiries directed to the risk management function (or those performing such roles)
may provide information about operational and regulatory risks that may affect
financial reporting.
Inquiries directed to information systems personnel may provide information about
system changes, system or control failures, or other information system-related risks.
As obtaining an understanding of the entity and its environment is a continual, dynamic
process, the auditor's inquiries may occur throughout the audit engagement.
Inquiries of the Internal Audit Function

If an entity has an internal audit function, inquiries of the appropriate individuals within the
function may provide information that is useful to the auditor in obtaining an understanding of
the entity and its environment, and in identifying and assessing risks of material misstatement at
the financial statement and assertion levels. In performing its work, the internal audit function is
likely to have obtained insight into the entity's operations and business risks, and may have
findings based on its work, such as identified control deficiencies or risks, that may provide
valuable input into the auditor's understanding of the entity, the auditor's risk assessments or
other aspects of the audit. The auditor's inquiries are therefore made whether or not the auditor
expects to use the work of the internal audit function to modify the nature or timing, or reduce
the extent, of audit procedures to be performed.
Inquiries of particular relevance may be about matters the internal audit function has raised
with those charged with governance and the outcomes of the function's own risk assessment
process. if, based on responses to the auditor's inquiries, it appears that there are findings that
may be relevant to the entity's financial reporting and the audit, the auditor may consider it
appropriate to read related reports of the internal audit function. Examples of reports of the
internal audit function that may be relevant include the function's strategy and planning
documents and reports that have been prepared for management or those charged with
governance describing the findings of the internal audit function's examinations.
In addition, in accordance with ISA 240, if the internal audit function provides information to
the auditor regarding any actual, suspected or alleged fraud, the auditor-takes this into account
in the auditor's identification of risk of material misstatement due to fraud.
Appropriate individuals within the internal audit function with whom inquiries are made are
those who, in the auditor's judgment, have the appropriate knowledge, experience and
authority, such as the chief internal audit executive or, depending on the circumstances, other
personnel within the function. The auditor may also consider it appropriate to have periodic
meetings with these individuals.
Analytical Procedures
Analytical procedures performed as risk assessment procedures may identify aspects of the
entity of which the auditor was unaware and may assist in assessing the risks of material
misstatement in order to provide a basis for designing and implementing responses to the
assessed risks. Analytical procedures performed as risk assessment procedures may include
both financial and non-financial information, for example, the relationship between sales and
square footage of selling space or volume of goods sold.
Analytical procedures may help identify the existence of unusual transactions or events, and
amounts, ratios, and trends that might indicate matters that have audit implications. Unusual or
unexpected relationships that are identified may assist the auditor in identifying risks of material
misstatement, especially risks of material misstatement due to fraud.
However, when such analytical procedures use data aggregated at a high level (which may be
the situation with analytical procedures performed as risk assessment procedures), the results of
those analytical procedures only provide a broad initial indication about whether a material
misstatement may exist. Accordingly, in such cases, consideration of other information that has
been gathered when identifying the risks of material misstatement together with the results of
such analytical procedures may assist the auditor in understanding and evaluating the results of
the analytical procedures.
Observation and Inspection

Observation and inspection may support inquiries of management and others, and may also
provide information about the entity and its environment. Examples of such audit procedures
include observation or inspection of the following:
• The entity's operations.
• Documents (such as business plans and strategies), records, and internal control
manuals.
• Reports prepared by management (such as quarterly management reports and interim
financial statements) and those charged with governance (such as minutes of board of
directors' meetings).
• The entity's premises and plant facilities.
Information Obtained in Prior Periods

The auditor's previous experience with the entity and audit procedures performed in preViOus
audits may provide the auditor with information about such matters as:
  Past-misstatements and whether they were corrected on a timely basis.
 The nature of the entity and its environment, and the entity's internal control (including
 deficiencies in internal control)..
 - Significant changes that the entity or its operations may have undergone since the prior
financial period, which may assist the auditor in gaining a sufficient understanding of the
entity to identify and assess risks of material misstatement.

The auditor is required to determine whether information obtained in prior periods remains
relevant, if the auditor intends to use that information for the purposes of the current audit. This
is because changes in the control environment, for example, may affect the relevance of
information obtained in the prior year. To determine whether changes have occurred that may
affect the relevance of such information; the auditor may make inquiries and perform other
appropriate audit procedures, such as walk-troughs of relevant systems.
Industry; Regulatory and Other External Factors
Industry Factors
Relevant industry factors include industry conditions such as the competitive environment,
supplier and customer relationships, and technological developments. Examples of matters the
auditor may consider include:
  The market and competition, including demand, capacity, and price competition.
  Cyclical or seasonal activity.
  Product technology relating to the entity's products.
 Energy supply and cost.
The industry in which the entity operates may give rise to specific risks of material
misstatement arising from the nature of the business or the degree of regulation. For example,
long-term contracts may involve significant estimates of revenues and expenses that give rise
to risks of material misstatement. in such cases, it is important-that the engagement team
include members with sufficient relevant knowledge and experience.
Regulatory Factors
Relevant regulatory factors include the regulatory environment. The regulatory environment
encompasses, among other matters, the applicable financial reporting framework and the legal
and political environment.
Examples of matters the auditor may consider include:

Accounting principles and industry-specific practices. a Regulatory framework for a
regulated industry.
 Legislation and regulation that significantly affect the entity's operations, including direct
 supervisory activities.
  Taxation (corporate and other).
 Government policies currently affecting the conduct of the entity's business, such as
monetary, including foreign exchange controls, fiscal, financial incentives (for example,
government aid programs), and tariffs or trade restrictions policies.

ENGAGEMENT RISK
Engagement risk—This is the risk that the practitioner expresses an inappropriate conclusion
when the subject matter information is materially misstated.
- Engagement risk does not refer to or include the practitioner's business risks such as
loss from litigation, adverse publicity, or other events arising in connection with a subject
matter information reported on.
In general, engagement risk can be represented by the following components, although not all
of these components will necessarily be present or significant for all assurance engagements:
(a) Risks that the practitioner does not directly influence, which may consist of:
i. The susceptibility of the subject matter information to a material misstatement
before consideration of any related controls (inherent risk); and
ii. The risk that a material misstatement that occurs in the subject matter
information will not be prevented, or detected and corrected, on a timely basis
by the appropriate party(ies)'s internal control (control risk); and
(b) Risks that the practitioner does directly influence, which may consist of:
i. The risk that the procedures performed by the practitioner will not detect a
material misstatement (detection risk); and
ii. in the case of a direct engagement, the risks associated with the practitioner's
measurement or evaluation of the underlying subject matter against the
applicable criteria.
The degree to which each of these components is relevant to the engagement is affected by the
engagement circumstances;, in particular:
i. The nature of the underlying subject matter and the subject matter information. For
example, the concept of control risk may be more useful when the underlying
subject matter relates to the preparation of information about an entity's
performance than when it relates to information about the effectiveness of a
controls or the existence of a physical condition.
ii. Whether a reasonable assurance or a limited assurance engagement is being
performed. For example, in limited assurance attestation engagements the
practitioner may often decide to obtain evidence by means other than tests of
controls, in which case consideration of control risk may be less relevant than in a
reasonable assurance attestation engagement on the same subject matter
information.
iii. Whether it is a direct engagement or an attestation engagement. While the concept
of control risk is relevant to attestation engagements, the broader concept of
measurement or evaluation risk is relevant to direct engagements.
iv. The consideration of risks is a matter of professional judgment, rather than a
matter capable of precise measurement.
Reducing engagement risk to zero is very rarely attainable or cost beneficial and, therefore,
reasonable assurance is less than absolute assurance, as a result of factors such as the
following:
• The use of selective testing.
• The inherent limitations of internal control.

• The fact that much of the evidence available to the practitioner is persuasive rather
than conclusive.
• The use of professional judgment in gathering and evaluating evidence and forming
conclusions based on that evidence.
• in some cases, the characteristics of the underlying subject matter when evaluated b
measured against the applicable criteria.
Significant Risks
Identifying Significant Risks

 Significant risks often relate to significant non-routine transactions or judgmental
matters. Non-routine transactions are transactions that are unusual, due to either size or
 nature, and that therefore occur infrequently.
 Judgmental matters may include the development of accounting estimates for which
there is significant measurement uncertainty. Routine, noncomplex transactions that are
subject to systematic processing are less likely to give rise to significant risks.
 Risks of material misstatement may be greater for significant non-routine transactions
 arising from matters such as the following:
  Greater management intervention to specify the accounting treatment.
  Greater manual intervention for data collection and processing.
  Complex calculations or accounting principles.
 The nature of nonroutine transactions, which may make it difficult for the
 entity to implement effective controls over the risks.
 Risks of material misstatement may be greater for significant judgmental matters that
require the development of accounting estimates, arising from matters such as the
following:
 Accounting principles for accounting estimates or revenue recognition
 may be subject to differing interpretation.
 Required judgment may be subjective or complex, or require assumptions
 about the effects of future events, for example, judgment about fair value.
 ISA 330 describes the consequences for further audit procedures of identifying a risk as
 significant.
  Significant risks relating to the risks of material misstatement due to fraud
 ISA 240 provides further requirements and guidance in relation to the identification and
assessment of the risks of material misstatement due to fraud.
Understanding Controls Related to Significant Risks

Although risks relating to significant non-routine or judgmental matters are often less likely to
be subject to routine controls,' management may have. other responses intended to deal with-
such risks. Accordingly, the auditor's understanding of whether the entity has designed and
implemented controls for significant risks arising from non-routine or judgmental matters
includes whether and how management responds to the risks. Such responses might inchide:
Control activities such as a review of assumptions by senior management or experts.
Documented processes for estimations.

Approval by those charged with governance.
For example, where there are one-off events such as the receipt of notice of a significant
lawsuit, consideration of the entity's response may include such matters as whether it has been
referred to appropriate experts (such as internal or external legal counsel), whether an
assessment has been made of the potential effect, and how it is proposed that the circumstances
are to be disclosed in the financial statements.
In some cases, management may not have appropriately responded to significant risks of
material misstatement by implementing controls over these significant risks. Failure by
Management to implement such controls is an indicator of a significant deficiency in internal
control.
Audit Evidence
Risks of material misstatement may relate directly to the recording of routine classes of
transactions or account balances, and the preparation of reliable financial statements_ Such
risks may include risks of inaccurate or incomplete processing for routine and significant
classes of transactions such as an entity's revenue, purchases, and cash receipts or cash
payments.
Where such routine business transactions are subject to highly automated processing with little
or no manual intervention, it may not be possible to perform only substantive procedures in
relation to the risk. For example, the auditor may consider this to be the case in circumstances
where a significant amount of an entity's information is initiated, recorded, processed, or
reported only in electronic form such as in an integrated system. In such cases:
 Audit evidence may be available only in electronic form, and its sufficiency and
appropriateness usually depend on the effectiveness of controls over its accuracy and
completeness.
 The potential for improper initiation or alteration of information to occur and not be
detected may be greater if appropriate controls are not operating effectively.

During the audit, information may come to the auditor's attention that differs significantly
from the information on which the risk assessment was based. For example, the risk
assessment may be based on an expectation that certain controls are operating effectively. In
performing tests of those controls, the auditor may obtain audit evidence that they were not
operating effectively at relevant times during the audit.
Similarly, in performing substantive procedures the auditor may detect misstatements in
amounts or frequency greater than is consistent with the auditor's risk assessments. In such
circumstances, the risk assessment may not appropriately reflect the true circumstances of the
entity and the further planned audit procedures may not be effective in detecting material
misstatements.

Documentation
The manner in which the requirements are documented is for the auditor to determine using
professional judgment. For example, in audits of small entities the documentation may be
incorporated in the auditor's documentation of the overall strategy and audit plan. Similarly,
for example, the results of the risk assessment may be documented separately, or may be
documented as part of the auditor's documentation of further procedures.
For example, where there are one-off events such as the receipt of notice of a significant
lawsuit, consideration of the entity's response may include such matters as whether it has been
referred to appropriate experts (such as internal or external legal counsel), whether an
assessment has been made of the potential effect, and how it is proposed that the circumstances
are to be disclosed in the financial statements.
In some cases, management may not have appropriately responded to significant risks of
material misstatement by implementing controls over these significant risks. Failure by
Management to implement such controls is an indicator of a significant deficiency in internal
control.
Audit Evidence
Risks of material misstatement may relate directly to the recording of routine classes of
transactions or account balances, and the preparation of reliable financial statements. Such
risks may include risks of inaccurate or incomplete processing for routine and significant
classes of transactions such as an entity's revenue, purchases, and cash receipts or cash
payments.
Where such routine business transactions are subject to highly automated processing with little
or no manual intervention, it may not be possible to perform only substantive procedures in
relation to the risk. For example, the auditor may consider this to be the case in circumstances
where a significant amount of an entity's information is initiated, recorded, processed, or
reported only in electronic form such as in an integrated system. In such cases:
 Audit evidence may be available only in electronic form, and its sufficiency and
appropriateness usually depend on the effectiveness of controls over its accuracy and
 completeness.
 The potential for improper initiation or alteration of information to occur and not be
detected may be greater if appropriate controls are not operating effectively.
During the audit, information may come to the auditor's attention that differs significantly
from the information on which the risk assessment was based. For example, the risk
assessment may be based on an expectation that certain controls are operating effectively. In
performing tests of those controls, the auditor may obtain audit evidence that they were not
operating effectively at relevant times during the audit.
Similarly, in performing substantive procedures the auditor may detect misstatements in
amounts or frequency greater than is consistent with the auditor's risk assessments. In such
circumstances, the risk assessment may not appropriately reflect the true circumstances of the
entity and the further planned audit procedures may not be effective in detecting material
misstatements.
Documentation
The manner in which the requirements are documented is for the auditor to determine using
professional judgment. For example, in audits of small entities the documentation may be
incorporated in the auditor's documentation of the overall strategy and audit plan. Similarly,
for example, the results of the risk assessment may be documented separately, or may be
documented as part of the auditor's documentation of further procedures.
The form and extent of the documentation is influenced by the nature, size and complexity of
the entity and its internal control, availability of information from the entity and the audit
methodology and technology used in the course of the audit.
For entities that have uncomplicated businesses and processes relevant to financial reporting,
the documentation may be simple in form and relatively brief. It is not necessary to document
the entirety 01 the auditor's understanding of the entity and matters related to it. Key elements
of understanding documented by the auditor include those on which the auditor based the
assessment of the risks of material misstatement.
The extent of documentation may also reflect the experience and capabilities of the members
of the audit engagement team. Provided the requirements of ISA 230 are always met, an audit
undertaken by an .engagement team comprising less experienced individuals may require more
detailed documentation to assist them to obtain an appropriate understanding of the entity than
one that includes experienced individuals.
For recurring audits, certain documentation may be carried forward,- updated as necessary to
reflect changes in the entity's business or processes.
Control Environment
The control environment encompasses the following elements:

(a) Communication and enforcement of integrity and ethical values.
The effectiveness of controls cannot rise above the integrity and ethical values of the people
who create, administer, and monitor them.
Integrity and ethical behaviors are the product of the entity's ethical and behavioral standards,
how they are communicated, and how they are reinforced in practice.
The enforcement of integrity and ethical values -includes, for example, management actions to
eliminate or mitigate incentives or temptations that might prompt personnel to engage in
dishonest, illegal, or unethical acts. The communication of entity policies on -integrity and
ethical values may include the communication of behavioral standards to personnel through
policy statements and codes of conduct and by example. .
(b) Commitment to competence. Competence is the knowledge-- and skills necessary. to
accomplish tasks that define the individual's job.
(c) Participation by those charged with governance. An entity's control consciousness is
influenced significantly by those charged with governance. The importance of the
responsibilities of those charged with governance is recognized in codes of practice and other
laws and regulations or guidance produced for the benefit of those charged with governance.
Other responsibilities of those charged with governance include oversight of the design and
effective operation of whistle blower procedures and the process for reviewing the
effectiveness of the entity's internal control.
(d) Management's philosophy and operating style. Management's philosophy and

operating style encompass a broad range of characteristics. For example, management's
attitudes and actions toward financial reporting may manifest themselves through conservative
or aggressive selection from available alternative accounting principles, or conscientiousness
and conservatism with which accounting estimates are developed.
(e) Organizational structure. Establishing a relevant organizational structure includes
considering key areas of authority and responsibility and appropriate lines of reporting. The
appropriateness of an entity's organizational structure depends, in part, on its size and the
nature of its activities.
(f) Assignment of authority and responsibility. The assignment of authority and
responsibility may include policies relating to appropriate .business practices, knowledge and
experience of key personnel, and resources provided for carrying out duties. In addition, it may
include policies and communications directed at ensuring that all personnel understand the
entity's objectives, know how their individual actions interrelate and contribute to those
objectives, and recognize how and for what they will be held accountable.
(g) Human resource policies and practices. Human resource policies and practices often
demonstrate important matters in relation to the control consciousness of an entity. For
example, standards for recruiting the most qualified individuals — with emphasis on
educational background, prior work experience, past accomplishments, and evidence of
integrity and ethical behavior — demonstrate an entity's commitment to competent and
trustworthy people. Training policies that communicate prospective roles and responsibilities
and include practices such as training schools and seminars illustrate expected levels of
performance and behavior.
Promotions driven by periodic performance appraisals demonstrate the entity's commitment to
the advancement of qualified personnel to higher levels of responsibility.
Entity's Risk Assessment Process

For financial reporting purposes, the entity's risk assessment process includes how
management identifies business risks relevant to the preparation of financial statements in
accordance with the entity's applicable financial reporting framework, estimates their
significance, assesses the likelihood of their occurrence, and decides upon actions to respond
to and manage them and the results thereof. For example, the entity's risk assessment process
may address how the entity considers the possibility of unrecorded transactions or identifies
and analyzes significant estimates recorded in the financial statements.
Risks relevant to reliable financial reporting include external and internal events, transactions or
circumstances that may occur and adversely affect an entity's ability to initiate, record, process,
and report financial data consistent with the assertions of management in the financial
statements.
Management may initiate plans, programs, or actions to address specific risks or it may decide
to accept a risk because of cost or other considerations. Risks can arise or change due to
circumstances such as the following:
 Changes in operating environment. Changes in the regulatory or operating
environment can result in changes in competitive pressures and significantly different
risks.
 New personnel. New personnel may have a different focus on or understanding of

internal control.
 New or revamped information systems. Significant and rapid changes in information
 systems can change the risk relating to internal control.
 Rapid growth. Significant and rapid expansion of operations can strain controls and
increase the risk of a breakdown in controls.
New technology. Incorporating new technologies into production processes or
information systems may change the risk associated with internal control.
 New business models, products, or activities. Entering into business areas or
transactions with which an entity has little experience may introduce new risks
 associated with internal control.
 Corporate restructurings. Restructurings may be accompanied by staff reductions
and changes in supervision and segregation of duties that may change the risk
associated with internal control.
 Expanded foreign operations. The expansion or acquisition of foreign operations
carries new and often unique risks that may affect internal control, for example,
 additional or changed risks .from .foreign currency transactions.
 New accounting pronouncements. Adoption of new accounting 'principles or
changing accounting ,principles may affect risks in preparing financial statements.
Information System, Including the Related Business Processes, Relevant to Financial

Reporting, and Communication
An information system consists of infrastructure (physical and hardware components),
software, people, procedures, and' data. Many information systems make extensive use of
information technology (IT).
The information system relevant to financial reporting objectives, which includes the financial
reporting system, encompasses methods and records that:
  Identify and record all valid transactions.-:
 Describe on a timely basis the transactions in sufficient detail to permit proper
 classification of transactions for financial reporting.
 Measure the value of transactions in a manner that permits recording their proper
 monetary value in the financial statements.
 Determine the time period in which transactions occurred to permit recording of
 transactions in the proper- accounting period.
 Present properly the transactions and related disclosures in the financial statements.
The quality of system-generated information affects management's ability to make appropriate

decisions in managing and controlling the entity's activities and to prepare reliable financial
reports_
Communication, which involves providing an understanding of individual roles and
responsibilities pertaining to internal control over final-Ida] reporting, play take such forms 'as
policy manuals, accounting and financial reporting manuals, and memoranda. Communication
also can be made electronically, orally, and through the actions of management.

Control Activities
Generally, control activities that may be relevant to an audit may be categorized as policies
and procedures that pertain to the following:
 Performance reviews. These control activities include reviews and analyses of actual
performance versus budgets, forecasts, and prior period performance; relating different
sets of data — operating or financial — to one another, together with analyses of the
relationships and investigative --and corrective actions; comparing internal data with
external sources of information; and review of functional or activity performance.
 Information processing. The two broad groupings of information systems control
activities are application controls, which apply to the processing of individual
applications, and general IT controls, which are policies and procedures that relate to
many applications and support the effective functioning of application controls by
 helping to ensure the continued proper operation of information systems.
 Examples of application controls include checking the arithmetical - accuracy of,
records, maintaining and reviewing accounts and trial balances, automated controls such
as edit checks of input data and numerical sequence checks, and manual follow-up of
exception reports. Examples of general IT controls are program change controls, controls
that restrict access to programs or data, controls over the implementation of new releases
of packaged software applications, and controls over system software that restrict access
to or monitor the use of system utilities that could change financial data or records
 without leaving an audit trail.
  Physical controls. Controls that encompass:
- The physical security of assets, including adequate safeguards such as secured
facilities over access to assets and records.
- The authorization for access to computer programs and data files.
- The periodic counting and comparison with amounts shown on control records (for
example, comparing the results of cash, security and inventory counts with
accounting records). The extent to which physical controls intended to prevent
theft of assets are relevant to the reliability of financial statement preparation, and
therefore the audit, depends on circumstances such as when assets are highly
susceptible to misappropriation.
 Segregation of duties. Assigning different people the responsibilities of authorizing
transactions, recording transactions, and maintaining custody of assets. Segregation of
duties is intended to reduce the opportunities to allow any person to be in a position to
both perpetrate and conceal errors or fraud in the normal course of the person's duties.
- Certain control activities may depend on the existence of appropriate higher level
policies established by management or those charged with governance.
- For example, authorization controls may be delegated under established guidelines, such
as investment criteria set by those charged with governance; alternatively, non-routine
transactions such as major acquisitions or divestments may require specific high level
approval, including in some cases that of shareholders.

Monitoring of Controls
An important management responsibility is to establish and maintain internal control on . an
ongoing basis. .Management's monitoring of controls includes considering whether they are
operating as intended and that they are modified as appropriate for changes in conditions.
Monitoring of controls may include activities such as management's review of whether bank
reconciliations are being prepared on a timely basis, internal auditors' evaluation of sales
personnel's compliance with the entity's policies on terms of sales contracts, and a legal
department's oversight of compliance with the entity's ethical or business practice policies.
Monitoring is done also to ensure that controls continue to operate effectively over time. For
example, if the timeliness and accuracy of bank reconciliations are not monitored, personnel
are likely to stop preparing them.
Internal auditors or personnel performing similar functions may contribute to the monitoring
of an entity's controls through separate evaluations.
Ordinarily, they regularly provide information about the functioning of internal control,
focusing considerable attention on evaluating the effectiveness of internal control, and
communicate information about strengths and deficiencies in internal control and
recommendations for improving internal control.
Monitoring activities may include using information from communications from external
parties that may indicate problems or highlight areas in need of improvement. Customers
implicitly corroborate billing data by paying their invoices or complaining about their charges.
In addition, regulators may communicate with the entity concerning matters that affect the
functioning of internal. Control for example, communications concerning examinations by bank
regulatory agencies. Also, management may consider communications relating to internal
control from external auditors in performing monitoring activities.
PLANNING AN AUDIT
International Standard on Auditing (ISA) 300, Planning an Audit of Financial

Statements Introduction
ISA 300 requires the auditor to plan the audit so that the engagement is performed in an
effective manner. Planning also helps the firm perform the engagement efficiently. Planning
involves establishing and documenting the overall audit strategy for the engagement and
developing and documenting an audit plan, in order to reduce audit risk to an acceptably low
level.
Effective audit planning ensures:
- That appropriate attention is devoted to key audit areas and significant risks.
- That potential problem are identified and resolved on a timely basis.
- That the engagement is properly organised and managed in order to be performed in an
effective and efficient manner.
- Proper assignment of work to the engagement team and also makes the engagement
team aware of their responsibilities.
- Proper direction and supervision of the engagement team and review of their work, and
assists, where applicable, in the coordination of work done by the auditors of
components and experts.
Planning is not a discrete .phase of an audit, but a continual process that often begins shortly
after the completion of the previous audit and continues until the completion of the current
audit engagement. Planning should in any case start before then accounting year-end to take -
into account year end procedures which need to be carried out e.g. attendance at the annual
inventory count or circularisation of receivables. The nature and extent of planning will vary'
according to the size and complexity of the entity, previous experience with the entity and
changes in circumstances that occur during the engagement.
Initial engagements
In case of initial engagements, while the planning elements remain the same as for recurring
engagements, the auditor may need to expand the planning activities as the auditor does not
necessarily have the previous experience with the entity that is considered when planning
recurring engagements.
Additional matters that may be considered in planning initial engagements include:
- Where possible and where not prohibited by law, consider arrangements with the
previous auditor to review the working papers.
- Review any major issues, including the application of accounting principles or auditing
and reporting, standards, discussed with management or those charged with governance
in connection with the initial selection_ as auditors, and how these affect the audit
strategy and audit plan.
- Obtaining sufficient appropriate audit evidence regarding opening balances.
- Involvement of another partner or a senior individual to review the overall audit
strategy prior to commencing significant audit procedures or to review reports prior to
their issuance.
Once the overall audit strategy has been established the auditor can commence the development
of a more detailed audit plan to address the various matters identified in the strategy. Although
the auditor establishes the overall audit strategy before developing the audit plan, the two
activities are not necessarily sequential processes but closely inter-related since changes in one
may result in changes to the other.
In case of audits of smaller entities where the audit is conducted by a very small audit team, the
development of an audit strategy need not be a complex process and a brief memorandum
prepared at the completion of the previous audit, based on a review of the working papers and
highlighting the issues identified, updated and changed in the current period based on
discussions with the management, can serve as the basis for planning the current audit
engagement.
The Role and Timing of Planning

Planning an audit involves establishing the overall audit strategy for the engagement and
developing an audit plan. Adequate planning benefits the audit of financial statements in
several ways, including the following:
  Helping the auditor to devote appropriate attention to important areas of the audit.
  Helping the auditor identify and resolve potential problems on a timely basis.
 Helping the auditor properly organize and manage the audit engagement so that it is
performed in an effective and efficient manner.
 Assisting in the selection of engagement team members with appropriate levels of

capabilities and competence to respond to anticipated risks, and the proper assignment
 of work to them.
 Facilitating the direction and supervision of engagement team members and the review
 of their work.
 Assisting, where applicable, in coordination of work done by auditors of components and
experts the objective of the auditor is to plan the audit so that it will be performed in an
effective manner.
Time Budgeting
Time budgets are an essential tool for monitoring the progress of an engagement, in
determining actual performance against the budget and to assist in future planning of audits.
The aim of preparing budgets is:
- To aid in planning, so that the engagement team may use their time efficiently.
- To monitor the actual costs of the engagement.
- To estimate and negotiate the fees.
When preparing budgets, the following factors should be considered:

- The level of detail i.e. whether the budget is to be broken down into individual audit
areas or prepared for the assignment as a whole.
- The time to be spent in planning, review and completion procedures.
- Any additions in the scope of the engagement.
- Contingency factors such as future staff salary increases.
- A. comparison of last years' time spent with this year's budget. Any significant
differences should be explained.
When conducting the audit, the engagement team should aim to keep within the budget in so far
as is possible, but should never compromise the standard of his audit work, to keep within
budget. If it appears that there will be significant discrepancies between the budgeted time and
the actual time, the senior / manager should inform the manager/ partner as soon as possible,
particularly where additional time arises due to the client's shortcomings.
Time summaries should be prepared for all engagements and the total time spent should be
compared with the budgeted time and reasons given for significant variances. A record should
be kept of work which the engagement team have had to complete as a result of client
shortcomings,. as a basis for additional charges if necessary.
Requirements
Involvement of Key Engagement Team Members

- The engagement partner and other key members of the engagement team shall be
involved in planning the audit, including planning and participating in the discussion
among engagement team members.
- The involvement of the engagement partner and other key members of the engagement
team in planning the audit draws on their experience and insight, thereby enhancing the
effectiveness and efficiency of the planning process
Preliminary Engagement Activities,

The auditor shall undertake the following activities at the beginning of the current audit
engagement:
a. Performing procedures required by ISA 220 regarding the continuance of the client
relationship and the specific audit engagement;
b. - Evaluating compliance with relevant ethical requirements, including independence, its -
accordance with ISA 220; and
c. Establishing an understanding of the terms of the engagement, as required by ISA 210.
- Performing the preliminary engagement activities at the beginning of the current
audit engagement assists the auditor in identifying and evaluating events or
circumstances that may adversely affect the auditor's ability to plan and perform the
audit engagement.
- Performing these preliminary engagement activities enables the auditor to plan an
audit engagement for which, for example:
 The auditor maintains the necessary independence and ability to perform the
 engagement.
 There are no issues with management integrity that may affect the auditor's
 willingness to continue the engagement.
 There is no misunderstanding with the client as.to the terms of the engagement.
The auditor's consideration of client continuance and relevant ethical requirements, including
independence, occurs throughout the audit engagement as conditions and changes in
circumstances occur. Performing initial procedures on both client continuance and evaluation
of relevant ethical requirements (including independence) at the beginning of the current audit
engagement means that they are completed prior to the performance of other significant
activities for the current audit engagement. For continuing audit engagements, such initial
procedures often occur shortly after (or, in connection with) the completion of the previous
audit.
Review of last year's file

The last year's audit file should be reviewed for:
- Points brought forward to be considered during the engagement..
- Any areas where time or cost savings could be made, any unnecessary audit work and
any other ways in which the effectiveness of the audit could be improved.
- Any previously unidentified areas of audit risk.
Planning - Audit Plan

The audit plan includes the nature, timing and extent of the audit procedures to be performed
by the engagement team in order to obtain sufficient appropriate audit evidence to reduce the
audit risk to an acceptably low level. Audit planning is evidenced in two ways by the:
i. Audit plan
ii. Audit programme.

i) The Audit Plan

The audit plan documents the assessment of risk and the response to assessed risk by setting
out the nature, timing and extent of the overall audit procedures to be performed by the
engagement team in order to obtain sufficient appropriate audit evidence to reduce the audit
risk to an acceptably low level. The plan also reflects the auditor's decision on whether to test
the operating effectiveness of controls and the extent of planned substantive procedures.
The audit plan will often be prepared by the manager, although preparation of parts or all of it
may be delegated to the senior. In case of high risk audits the partner may also be involved in
preparing the plan, particularly in the areas of materiality, risk assessment and approach to
assessed risk and sample sizes. The plan together with the tailored audit programmes setting
out the nature, timing and extent of the audit procedures to be adopted during the engagement
should be completed and approved by the partner prior to commencement of the engagement.
In case of a sole proprietorships or small audit firms, the partner may be actively involved in
developing the audit plan and programmes.
ii) Audit Programme

The audit programme documents the nature, timing and extent of audit procedures to be
performed at the assertion level for each material class of transactions, account balance and
disclosure. The programme sets out the nature, timing and extent of the audit procedures
required to implement the overall plan and serves as a set of instructions to the engagement
team and as a means to control and record the proper execution of the audit.
The audit programme will often be drafted by the senior and reviewed by the manager and
approved by the engagement partner. However, the extent of the manager's role will depend on
the senior's previous experience and knowledge of the entity. in preparing the audit programme,
consideration should be given to the specific assessment of risk and the level of assurance to be
provided by substantive procedures.
The use of unedited programmes does not constitute adequate planning as it could expose the
auditor to risks not covered in detail by the programme or result in the auditor carrying out
unnecessary tests thereby resulting, in inefficiencies.
Planning Activities
The auditor shall establish an overall audit strategy that sets the scope, timing and direction of
the audit, and that guides the development of the audit plan. In establishing the overall audit
strategy, the auditor shall:
a) Identify the characteristics of the engagement that define its scope;
b) h) Ascertain the reporting objectives of the engagement to plan the timing of the audit-
and the nature of the communications required;
c) Consider the factors that, in the auditor's professional judgment, are significant in
directing the engagement team's efforts;
d) Consider the results of preliminary engagement activities and, where applicable,
Whether knowledge gained on other engagements performed by the engagement
partner for the entity is relevant; and
e) Ascertain the nature, timing and extent of resources necessary to perform the
engagement.
THE OVERALL AUDIT STRATEGY
The process of establishing the overall audit strategy assists the auditor to determine, subject
to the completion of the auditor's risk assessment procedures, such matters as:
 The resources to deploy for specific audit areas, such as the use of appropriately
experienced team members for high risk areas or the involvement of experts on complex
 matters;
 The amount of resources to allocate to specific audit areas, such as the number of team
members assigned to observe the inventory count at material locations, the extent of
review of other auditors' work in the case of group audits, or the audit budget in hours to
 allocate to high risk areas;
 When these resources are to be deployed, such as whether at an interim audit stage O at
 key cutoff dates; and
 How such resources are managed, directed and supervised, such as when team briefing
and debriefing meetings are expected to be held, how engagement partner and manager
reviews are expected to take place (for example, on-site or off-site), and whether to
complete engagement quality control reviews.
The development and documentation of the overall audit strategy sets the scope, timing and
direction of the audit, and guides the development of the more detailed audit plan. It also helps
to ascertain the nature, timing and extent of the 'resources necessary to perform the engagement.
In developing the audit strategy, the engagement team may consider the experience gained on
other engagements performed for the entity. The key components of an audit strategy include:
- Review and updating the client background information.

- Location of the components of the entity.
- Financial reporting framework used and industry specific reporting requirements.
- The timing of the audit and reporting deadlines.
- Key dates for communicating with the management and those charges with governance.
Materiality.
- Identification of areas where there may be higher risk of material misstatement.
- Preliminary identification of material components and account balances.
- Preliminary indication of whether the auditor may plan to obtain evidence regarding the
effectiveness of internal controls.
- Identification of recent significant entity-specific, industry, financial . reporting or other
developments.
- Initial assessment of the overall resource requirements including the use of experts on
complex matters.
- Initial assessment of resource allocation to specific audit areas, e.g. the allocation of
team members to observe inventory count at material locations, extent of review of the
other auditor's work in the case of group audits.

Discussion with client

Discussions with the client will be an essential aid to developing the audit strategy. The
discussions would usually take place before the accounting year-end. It would be preferable to
have a, pre-audit meeting but in some cases a telephone conversation may be adequate. One of
the primary aims of such discussions is to enable the auditor to update his knowledge of the
client's business. An auditor should have sufficient knowledge of the business to enable him to
identify and understand the events and activities that may have a significant effect on the
Discussions should also aim to:
- Obtain the latest financial information to help in setting materiality levels and in
performing preliminary analytical review work.
- Agree a timetable (including inventory counts and visits) and any specific deadlines.
- Agree schedules requirements and on any other accounting work to be produced by the
client.
- Find out the actions taken on the points raised in last year's management letter.. Agree
settlement of any outstanding fees.
- Identify any specific areas of concern to the client and their impact on the audit scope.
Once the overall audit strategy has been established, an audit plan can be developed to address
the various matters identified in the overall-audit strategy, taking into account the need to
achieve the audit objectives through the efficient use of the auditor's resources.
The establishment of the overall audit strategy and the detailed audit plan are not necessarily
discrete or sequential processes, but are closely inter-related since changes in one may result in
consequential changes to the other.
Changes to Planning Decisions during the Course of the Audit

As a result of unexpected events, changes in conditions, or the audit evidence obtained from the
results of audit procedures, the auditor may need to modify the overall audit strategy and audit
plan and thereby the resulting planned nature, timing and extent of further audit procedures,
based on the revised consideration of assessed risks. This may be the case when information
comes to the auditor's attention that differs significantly from the information available when
the auditor planned the audit procedures. For example, audit evidence obtained through the
performance of substantive procedures may contradict the audit evidence obtained through tests
of controls.
The auditor shall plan the nature, timing and extent of direction and supervision of
engagement team members and the review of their work.
Direction, Supervision and Review

The nature, timing-aid extent of the direction and supervision of engagement team members
and review of their work vary depending on many factors, including:
• The size and complexity of the entity.
• The area of the audit.
• The assessed risks of material misstatement (for example, an increase in the assessed
risk of material misstatement for a given area of the audit ordinarily requires a

corresponding increase in the extent and timeliness of direction and supervision of

engagement team members, and a more detailed review of their work).
• The capabilities and competence of the individual team members performing the audit
work.
DOCUMENTATION
The auditor shall include in the audit documentation:

a. The overall audit strategy;
b. The audit plan; and
c. Any significant changes made during the audit engagement to the overall audit
strategy or the audit plan, and the reasons for such changes.
The documentation of the overall audit strategy is a record of the key decisions considered
necessary to properly plan the audit and to communicate significant matters to the engagement
team. For example, the auditor may summarize the overall audit strategy in the form of a
memorandum that contains key decisions regarding the overall scope, timing and conduct of the
audit.
The documentation of the audit -plan is a record of the planned nature, timing and extent of risk
assessment procedures and further audit procedures at the assertion level in response to the
assessed risks. It also serves as a record of the proper planning of the audit procedures that can
be reviewed and approved prior-to their performance. The auditor may use standard audit
programs or audit completion checklists, tailored as needed to reflect the particular engagement
circumstances.
A record of the significant changes to the overall audit strategy and the audit plan, and
resulting changes to the planned nature, timing and extent of audit procedures, explains why
the significant changes were made, and the overall strategy and audit plan finally adopted for
the audit. It also reflects the appropriate response to the significant changes occurring during
the audit.
The auditor must record or document all the information gathered as audit evidence in forming
an opinion on the financial statements. The evidence is recorded in the form of working papers
which are prepared by the auditor or obtained during the audit. The working papers are retained
by the auditors in connection with the performance of an audit. Audit working papers should
always be sufficiently complete and detailed to enable an inexperienced auditor having no
previous connection to the audit to ascertain work that was performed to support the conclusion
reached.
The auditor should record all relevant information known to him at the time, the conclusion
reached based on that information and the views of management.
The need for good working papers

- The reporting partner needs to satisfy himself that the work delegated by him has been
properly performed. This is only possible by reviewing detailed working papers
prepared by the audit staff that performs the work. This also aids in supervision and
review of work done by audit assistants. Working papers provide details of problems
encountered together with evidence of work performed and conclusion reached. They
can also serve as a good reference point for future audit.
- Preparation of working papers enables to auditor to adopt a methodical approach to his
work.
- Working papers assist in planning and performance of audit in future financial periods.
- If sued for negligence, the auditor can use the working papers as evidence for work
done.
- Working papers can be used for training of audit staff. They contain audit programme
and specimen schedules which audit assistants can refer to when conducting the audit.
Auditing guidelines do not define precisely, the form of working papers but it indicates what
might typically be contained therein.
- Information of continuing importance to the audit such as letter of engagement and
memorandum of association.
- Planned audit approach as contained in the planning memorandum.
- Auditor's assessment of client's accounting system, his review and evaluation of
internal controls. Details of work carried out, not as of errors or exceptions noted and
action taken together with conclusion drawn by audit staff.
- Evidence that the work of staff has been properly reviewed.
- Record of relevant balances and other financial info that is subject to the audit
- Analysis of significant ration and trends
- Copies of communications with other auditors, expects and other third parties.
- Letters of representation received form management.
- Working papers are divided into the current audit file (CAF) and the permanent audit
file (PAF)
The permanent audit file

This contains documents and matters of continuing importance which are required for more
than one financial period.
It contains:
- Statutory material governing the conduct of the audit e.g. for companies, the companies
Act Cap 486 and for quoted companies in Nairobi Stock Exchange, the NSE booklet of
regulation are required.
- Rules and regulations of the entity e.g. articles of association or a partnership deed.
- Copies of documents of continuing importance and relation to the auditors e.g. minutes
of meetings that recorded the appointment of the auditor, guarantees and indemnities
entered into. Address of registered office and all other premises with a short description
of the work carried at each of those premises.
- Organizational chart showing the principal departments and subdivision thereof and
names of officials and their responsibilities showing clearly the lines of authority.
- A list of directors, their shareholding and service contracts.
- A list of company‘s advisors, bankers, lawyers, stock brokers and valuers,
- An outline of history of the organization reserves and share capital.
- Accounting policies used on material areas such as stock and depreciation.
The current audit file

This file contains matters pertinent to the current year's audit and contains:
- A copy of the accounts being audited which must be signed by the directors.
- A file index showing contents of the file.
- A detailed description of internal control system in form of flow charts, questionnaires
or any other form of suitable documentation.
- Audit programme showing the audit objective and planned audit procedures for each of
the areas to be audited.
- A schedule of each item in the balance sheet showing the balance at beginning of the
year, changes during the year and balance at the end of the year. The schedule also
shows details of work performed on each balance, the result and conclusion made.
- A schedule_ of the items in the profit and loss account. It will show the details of work
performed on each balance the result and conclusion reached.
- A check list for compliance with statutory disclosure requirements and accounting
standards. A record of questions raised during the audit and those raised in the previous
audit.
- A schedule of important statistics such as net profit margin, liquidity ratios and
composition of sales
- A record or an abstract form minutes of all director's meetings and of any internal
committee whose deliberations are important to the auditor.
- The management letter setting out weakness of the internal control system.
- Letters of representation obtained from client's management.
Standardized working papers

This refers to a predetermined format of presenting and documenting audit findings formulated
by individual audit firms e.g. check lists and specimen letters which are filled with standard
wording and .gaps_ left to fill in the relevant details of the client.
Advantages of standardized Working Papers

- This improves the efficiency with which working papers are prepared because they will
be used for many clients.
- They act on guidelines for instructions to audit staff and facilitate delegation of work.
- They provide a means to control the quality of audit work by ensuring that minimum
quality standards are maintained.
- Ensures that all relevant issues in the audit are addressed.
Disadvantages
- It is not appropriate to follow mechanically, a standardized approach to the conduct and_
documentation of audit work as the auditor in some cases will need to exercise his own
judgment.
- The initiative of auditor staff may be restricted because the need to exercise judgment
in preparing working papers is eliminated.
- The client staff may become familiar with the method and perpetuate fraud in areas not
covered by the standard working papers.
- The audit work becomes very mechanical with use of standardized working papers.
ASSESSING AUDIT RISK
Audit risks (ISA 320)

Audit risk refers to the risk that the auditors will express an inappropriate audit opinion when
the financial statements are materially misstated.
Audit risk therefore could be defined as the chance of damage to the audit firm as a result of
giving an opinion that is wrong in some particular. Or put another way, it could be explained
as the possibility that financial statements contain material mis-statements which had escaped
detection by both an internal control on which the auditor has relied and on the auditor's own
substantive tests and other work.
It could be looked at also as: the possibility that the auditor may be required to pay damages to
the client or other persons as a consequence of:
1. The financial statements containing a mis-statement;
2. The complaining party suffering a loss as a direct consequence of relying on the
financial statement and
3. Negligence by the auditor in not detecting any reporting on the mis-statement which
can be demonstrated.
Damage to the audit firm or the auditor may be in the form of monetary damages paid to the
complainant as compensation or simply damage to their reputation with a client or the
business community.
All audits involve an element of risk such that however strong the audit evidence and however
careful the auditor, there is always a possibility of an error or a fraud going undetected. It is
generally known that the auditor who organises his office and staff in a competent manner an
follows auditing standards and guidelines is unlikely to be found negligent and to pay damages
as a consequence of fraud or error not being discovered by him.
Audit risks facing the auditor when material assets are stated at fair values instead of historical
costs include:
 Inherent risk is the susceptibility of an assertion to a misstatement that could be
material, either individually or when aggregated with other misstatements, assuming
 that there are no related controls.
 Control risk is the risk that a misstatement that could occur in an assertion and that
could be material either individually or when aggregated with other misstatements, will
not be prevented or detected and corrected on a timely basis by the entity's internal
control. Control risk is a function of the effectiveness of the design and operation of
internal control in achieving the entity's objectives relevant to the preparation of the
entity's financial statements.
 Detection risk is the risk that the auditor will not detect a material misstatement that
exists in an assertion that could be material either individually or when aggregated with
other misstatements. Detection risk is a function of the effectiveness of an audit
procedure and its application by the auditor.

Key audit risks may include

1. The management should install an internal control system to detect material errors and
correct them. In this case management should implement controls around receivables,
work in progress and inventory to ensure that any materials errors are detected before
they make it to the financial statements.
2. Some material errors may fail to be detected by the controls and others may completely
by-pass the controls. The value of inventory depends on the valuation by the chief
engineer of the firm, who despite all the controls may under or overstate the value of
inventory to suit the management intentions.
3. The auditor is expected to carry out audit procedures to provide reasonable assurance that
material errors will be detected and removed from the financial statements. Despite the
audit. Procedures and the controls, there will be the-possibility that some misstatements
will be undetected. The management makes provisions for warranties based on estimates
of the costs incurred in repairing the machines.
Audit risk can be either normal or higher than normal.
Normal audit risk

Indications that an audit is a normal risk audit are:
a) The client having management and staff who are competent and have integrity;
b) Where the client has an accounting system that is well designed, works and is subject
c) to strong internal controls;
d) Where the client has no special financial problems;
e) The auditor's past experience;
f) Where the client is old, well established and the business of the entity is not subject to
g) rapid change;
h) If the client's board of directors are actively engaged in the company and they provide
i) control and leadership of a good quality;
j) If the board of directors has competent non-executive directors:
k) If the organization has an audit committee....
When the auditor is faced with the normal audit risk, the audit approach adopted is usually one
of reliance on key controls supported by substantive tests, compliance tests and analytical
review.
Higher than normal risk

Several audit assignments involve high audit risk and usually in any client there will always be
at least one high risk area. Indications that an audit has an element of higher than normal audit
risk include:
a. Poor management with lack of control and poor book-keeping;
b. Liquidity problems and high gearing;
c. The opposite of all the factors mentioned in the normal risk above;
d. Recent changes in ownership, control or key staff;
e. Changes in accounting policies or procedures;
f. Future plans to seek quotation on the Nairobi Stock Exchange;

g. Over-reliance on a few products, customers, suppliers and investments in new
ventures or products;
h. Problems inherent in the nature of the business for example difficulties in stock
counting or valuation, difficulties in determining the extent of claims and
i. The existence of put upon enquiry situations, dominance by the single person
and lack of involvement of directors or proprietors. In such a situation, the
auditor approaches his audit in a manner that is:
  Collection of audit evidence in each area from a wide range of sources
  Taking extreme care in the preparation of audit working papers
  Investigating thoroughly high risk and problematic areas
 Exercising extreme care in drafting the audit report
In addition to normal risk and higher than normal risk discussed above, the auditor can also be
exposed by sub-standard work such as:
His failure to recognise put upon enquiry situation
His failure to draw correct inferences from audit evidence and the analytical
review
His use of wrong procedures in a particular situation
His failure to perform necessary audit work because of time and cost
consideration
His failure to detect errors or fraud because of poor sampling methods or the
selection
of inadequate sample sizes
It is essential that an audit firm should organize itself in such a way that it can minimise the
risk of suffering any damage. We can look at these measures from two points of view. Broad
measures taken by the profession as a whole and measures to be taken by the individual
auditor in minimising this audit risk.
This approach requires the auditor to determine what are the very important business risks
which the client faces. This line of approach both helps the client and also enables the auditor
to appreciate and understand his clients business and appreciate all aspects of the business
activities. It is then for the auditor to determine where the risks are likely or unlikely and
whether the risks are likely to produce serious consequences. This enable the audit to be
focussed on those matters where there is a possibility of misstatement. This is the basis of
revised auditing standards.
The big firms have largely adopted this approach within their audit methodology.
The history of auditing shows a gradual change over time as detailed testing of transactions
moved to system audits. The next development was the audit risk model which focuses the
audit and the extent of audit procedures on to the areas of an audit where the auditor was most
at risk of giving an inappropriate opinion.
ISA 220, Quality Control for an Audit of Financial Statements,
 Environmental requirements affecting the industry and the entity's business.
 ISA 250 includes some specific requirements related to the legal and regulatory
framework applicable to the entity and the industry or sector in which the entity
operates.
Other External Factors
Examples of other external factors affecting the entity that the auditor may consider include
the general economic conditions, interest rates and availability of financing, and inflation or
currency revaluation.
Nature of the Entity
An understanding of the nature of an entity enables the auditor to understand such matters as:
 Whether the entity has a complex structure, for example, with subsidiaries or other
components in multiple locations. Complex structures often introduce issues that may
give rise to risks of material misstatement. Such issues may include whether goodwill,
 joint ventures, investments, or special-purpose entities are accounted for appropriately.
 The ownership, and relations between owners and other people or entities. This
understanding assists in determining whether related party transactions have been
 identified and accounted for appropriately:
 ISA 550 establishes requirements and provides guidance on the auditor's considerations
relevant to related parties.
Examples of matters that the auditor may consider when obtaining an understanding of the
nature of the entity include:
  Business operations such as:
- Nature of revenue sources, products or services, and markets, including
involvement in electronic commerce such as Internet sales and marketing
activities.
- Conduct of operations (for example, stages and methods of production, or
activities exposed to environmental risks).
- Alliances, joint ventures, and outsourcing activities.
- Geographic dispersion and industry segmentation.
- Location of production facilities, warehouses, and offices, and location and
quantities of inventories.
- Key customers and important suppliers of goods and services, employment
arrangements (including the existence of union contracts, pension and other post-
employment benefits, stock option or incentive bonus arrangements, and
government regulation related to employment matters).
- Research and development activities and expenditures.
- Transactions with related parties.
  Investments and investment activities such as:
- Planned or recently executed acquisitions or divestitures:
- o. Investments and dispositions of securities and loans
- Capital investment activities
- Investments in non-consolidated entities, including partnerships, joint ventures
and special-purpose entities
 Financing and financing activities such as:
- Major subsidiaries and associated entities, including consolidated and non-

consolidated structures.
- Debt structure and related terms, including off-balance-sheet financing
arrangements and leasing arrangements.
- Beneficial owners (local, foreign, business reputation and experience) and related
parties.
- Use of derivative financial instruments.
  Financial reporting such as:
- Accounting principles and industry-specific practices, including industry-specific
significant categories (for example, loans and investments for banks, or research
and development for pharmaceuticals).
- Revenue recognition practices.
- Accounting for fair values.
- Foreign currency assets, liabilities and transactions.
- Accounting for unusual or complex transactions including those in controversial
or emerging areas (for example, accounting for stock-based compensation).
Significant changes in the entity from prior periods may give rise to, or change, risks of
material misstatement.
Nature of Special-Purpose Entities

A special-purpose entity (sometimes referred to as a special-purpose vehicle) is an entity that is
generally established for a narrow and well defined purpose, such as to effect a lease or a
securitization of financial assets, or to carry out research and development activities. It may
take the form of a corporation, trust, partnership or unincorporated entity. The entity on behalf
of which the special-purpose entity has been created may often transfer assets to the latter (for
example, as part of a de-recognition transaction involving financial assets), obtain the right to
use the latter's assets, or perform services for the latter, while other parties may provide the
funding to the latter. As ISA 550 indicates, in some circumstances, a special purpose entity may
be a related party of the entity.
Financial reporting frameworks often specify detailed conditions that are deemed to amount to
control, or circumstances under which the special purpose entity should be considered for
consolidation. The interpretation of the requirements of such frameworks often demands a
detailed knowledge of the relevant agreements involving the special-purpose entity.
The Entity's Selection and Application of Accounting Policies

An understanding of the entity's selection and application of accounting policies may
encompass such matters as:
The methods the entity uses-to account for significant and unusual transactions..
The effect of significant accounting policies in controversial or emerging areas for
which there is a lack of authoritative guidance or consensus.
Changes in the entity's accounting policies.
Financial reporting standards and laws and regulations that are new to the entity and
when and how the entity will adopt such requirements.
The Business Risk Approach to Auditing

Business risk is the threat that an event or action will adversely affect a business's ability to
achieve its ongoing objective. It can be split between external and internal factors.
TAXATION OF INCOMES OF PERSONS

The business risk approach to auditing involves examining the business in it's entirely and
evaluating the various risks to which it is exposed. The business risks are factors which affect
the company's ability to meet its goals. The risks may be controllable (to some extent) or
uncontrollable (for example, external factors). It may be possible to trade-off some risks (e.g.
insurance). The auditor is concerned about those risks which may impact upon the financial
statements and therefore needs a full understanding of the business and its risks in order to do
this. The auditor will then plan the audit strategy with these business risks clearly focused in
mind.
The Effects of the Business Risk Approach

There are some general points which can be made about the business risk approach and the
effect it has had on the auditing process.
i. This 'top down' approach to the audit, beginning with business risk and ending with the
financial statements
ii. There is still a lack of clarity in the relationship between business risk and audit risk
iii. The ideas of inherent risk and control risk have tended to merge into the larger concept
of business risk.
iv. The ideas of inherent risk and control risk can be called residual risk which has to be
minimized by audit action. An audit action carries with it detection risk.
v. The approach is very much a high level approach and should include consideration of
all .matters which are critical to the business. For example, 'could the client lose the
vi. XYZ franchise and what would be the possible consequences for the company and its
financial statements?'
vii. Because of the high level of understanding required of a client's business it is possible to
use analytical procedures more frequently as a procedure for verification of financial
statement assertions
viii. It is an aid to the firm's acceptance and continuation procedures for clients (do we want
this client?)
ix. Business failure risk is an important aspect of overall business risk. The assessment of
business failure risk will assist the auditor when considering the going concern status of
the clients business.
x. The audit needs to be tailor made and a generalized approach to audits is neither
productive nor economical
xi. Auditors need more understanding of business and to that end the larger firms set up
larger databases of information about the economy and the business world
xii. The concept implies a continuing relationship with the client rather than a one off view
with each year being separate. .

As should be evident from this summary the business risk approach is a more holistic.
approach to the audit. The business risk approach starts at a stage back from the traditional
audit risk model and offers more benefit to auditors and clients alike.
Business Risk results from significant conditions, events, circumstances or actions that could
adversely affect the entity's ability to achieve its objectives and execute its strategies. Even
though such risks are likely to eventually have an impact on an entity's financial statements,
not every business risk will translate directly in a risk of a material misstatement in the
financial statements, which is often referred to as audit risks. There are 3 categories of business
risk.
Financial risk- this is the risk that the firm will not be able to meet its short term
maturing obligations as a when they fall due.
 Operational risk- these are risks arising with regard to operations for instance, the
risk that a major supplier will lay longer be able to supply the company with the key
raw materials.
 Compliance risk- Risk that arises from non-compliance with laws and regulations
under which the business operates for example, environmental issues.
Objectives and Strategies and Related Business Risks

The entity conducts its business in the context of industry, regulatory and other internal and
external factors. To respond to these factors, the entity's management or those charged with
governance define objectives, which are the overall plans for the entity. Strategies are the
approaches by which management intends to achieve its objectives. The entity's objectives and
strategies may change over time.
Business risk is broader than the risk of material misstatement of the financial statements,
though it includes the latter. Business risk may arise from change or complexity. A failure to
recognize the need for change may also give rise to business risk. Business risk may arise, for
example, from
  The development of new products or services that may fail;
 A market which, even if successfully developed, is inadequate to support a
 product or service; Or
 Flaws in a product or service that may result in liabilities and reputational risk.
An understanding of the business risks facing the entity increases the likelihood of identifying
risks of material misstatement, since most business risks will eventually have financial
consequences and, therefore, an effect on the financial statements. However, the auditor does
not have a responsibility to identify or assess all business risks because not all business risks
give rise to risks of material misstatement.
Examples of matters that the auditor may consider when obtaining an understanding of the
entity's objectives, strategies and related business risks that may result in a risk of material
misstatement of the financial statements include:
• Industry developments (a potential related business risk might be, for example, that the
entity does not have the personnel or expertise to deal with the changes in the industry).
• New products and services (a potential related business risk might be, for example, that
there is increased product liability).
• Expansion of the business (a potential related business risk might be, for example, that
the demand has not been accurately estimated).
• New accounting requirements (a potential related business risk might be, for example,
incomplete or improper implementation, or increased costs).
• Regulatory requirements (a potential related business risk might be, for example, that
there is increased legal exposure).
• Current and prospective financing requirements (a potential related business risk might
be, for example, the loss of financing due to the entity's inability to meet requirements).
• Use of IT (a potential related business risk might be, for example, that systems and
processes are incompatible).
• The effects of implementing a strategy, particularly any effects that will lead to new
accounting requirements (a potential related business risk might be, for example,
incomplete or improper implementation).
A business risk may have an immediate consequence for the risk of material misstatement for
classes of transactions, account balances, and disclosures at the assertion level or the financial
statement level. For example, the business risk arising from a contracting customer base may
increase the risk of material misstatement associated with the valuation of receivables.
However, the same risk, particularly in combination with a contracting economy, may also have
a longer-term consequence, which the auditor considers when assessing the appropriateness of
the going concern assumption. Whether a business risk may result in -a risk of material
misstatement is, therefore, considered in light of the entity's circumstances. Usually,
management identifies business risks and develops approaches to address them. Such a risk
assessment process is part of internal control...
ERRORS, FRAUD AND OTHER IRREGULARITIES

Error
An error is an unintentional mistake in presenting the financial information which can occur at
anytime during processing and recording of transactions. These include
• Mathematical or clerical mistakes
• Overnight or misrepresentation of facts
• Misapplication of accounting policies
Types of errors
i. Errors of commission. These are errors that do not show in the trial balance because it
still balances. This is where the correct amount for a transaction is recorded but in the
wrong person‘s account e.g. for debtors the correct class of accounts may be used but
the wrong personal entries entered.
ii. Errors of omissions. This is where transactions are completely omitted from books of
accounts.
iii. Errors of principle. This is where an item is entered in the wrong class of account e.g. a
fixed asset is debited to the expense account.
iv. Compensating errors. This is where errors cancel each other out. The errors occur
usually on opposite sides of the accounts i.e. on credit and debits sides with equal
amounts and are totally independent from each other.
v. Errors of original entry. These occur when the original figure is incorrect and the
double entry system is still observed.
vi. Complete reversal entries. These occurs where correct accounts are used but each items
shown on wrong side of the account e.g. crediting sales in debtors account and debiting
sales account.
Fraud
A fraud is an intentional misrepresentation of financial information by one or more individual

among management, employees and third parties involving use of deception to obtain unjust or
illegal advantage. The main difference between a fraud and error is that a fraud is intentional
and aimed at either misleading people or misappropriating company assets. There are two
types of intentional misstatements i.e. misstatements resulting from fraudulent financial
reporting and misstatements resulting from misappropriation of company assets. Fraudulent
financial reporting involves management‘s override of controls that otherwise appear to
operating efficiently.
Common types of fraud include:

• Manipulating, forgery, alteration or falsification of accounting records or supporting
documents from which financial statements are prepared
• Misappropriation of company assets e.g. using a company vehicle for private
undertakings, stealing physical assets and embezzling receipts.
• Misapplication of accounting policies e.g. classifying a capital expenditure and revenue
expenditure.
• Inappropriate adjusting assumptions and changing judgments used to estimate account
balances. E.g. the management may insist on providing a 5% provision for bad and
doubtful debts even where past debt collection history shows that the actual default rate
is about 15%.
• Suppression or omission of effects of a transaction on accounting record e.g. placing a
genuine debtor well known bad debts in the balance sheet thus misrepresenting the
financial position of the company.
Fraudulent financial reporting may be committed because management is under pressure from
outside or inside the entity to report unrealistic profit levels. A perceived opportunity for
fraudulent financial reporting or misappropriation of company assets may exist when an
individual believes that an internal control can be overridden. This could be because an
individual is in a position of trust or has knowledge of specific weaknesses in the internal
control system.
The distinction between fraud and error is of little importance so far as audit procedure are
concerned. This is because the audit procedure used to detect errors is the same used to detect
fraud. The only difference may arise where the auditor may be required by law to disclose
certain illegal acts to the regulatory authority.
Responsibility for detection of fraud and error
The primary responsibility for the detection and prevention of fraud and error rests with the
management of the company. This responsibility is fulfilled through the implementation and
continuous operation of adequate system of internal controls. Such system reduces but does
not eliminate the possibility of fraud and error. The auditor on his part seeks reasonable
assurance that fraud and error which may be material to the financial statements has not
occurred or if it has occurred, the effect is properly reflected in the financial statements. At
this point, the auditor should plan his work so that he has reasonable expectation of detecting
material misstatements in the financial information resulting from fraud and error. It is
important to emphasis that the auditor cannot be held responsible for failing to detect errors
and frauds. However, he is expected to carry out his work in a manner that he is in a position
to detect material errors and frauds. Failure to detect such material errors implies that the
financial statements are materially misstated.
Expectations gap
This is the gap that exists between external auditor‘s understanding of their role and duty and
the expectations of various users of the financial statements and the general public regarding
the process and the outcome of the external audit. I.e. the expectation by users of financial
statements that auditor should detect and prevent error and fraud as a duty, while actually it is
not his duty but of the directors.
The public may conceive the auditor‘s role as including;

• Protecting the company against fraud and irregularities
• Providing early warning of future insolvency i.e. certifying the company as a going
concern.
• Providing useful general assurance of the financial wellbeing of the company and its
continued profitability.
Most users of financial statements believe that the auditor has prepared the statements and
should therefore be in a position to explain the performance results of the company. Some
other users of the financial statements do not understand the audit opinion issue.
Possible means of reducing the expectations gap include:

Expanding the audit report to include more information explaining what auditors actually do.
ISA 700 (Audit reports on financial statements) now requires auditors to include a paragraph
explaining the nature and scope of the audit conducted and also explaining the respective
responsibility of management and auditor in relation to preparation of the financial statements.

It has also been suggested that the role of the auditor should be broadened especially in areas
of fraud. ISA 240(fraud and error), requires that the auditor should report to the users of the
financial statements if there is material misstatements as a result of fraud and any other
irregularities.
There should be attempts to improve the knowledge and understanding of auditor‟ s role and
responsibility through public education.
Risk of fraud and error
In addition to weaknesses in the accounting and internal control system, events which also
increase risk of fraud and error are:
• Questions regarding the integrity and competence of management. Where management
is not honest and could misappropriate company assets, the risk of fraud and error
increases.
• Unusual pressure within the company e.g. pressure on organization to attain a certain
level or profitability. This could tempt the managers to manipulate the financial
statement so as to achieve the set profit level.
• Unusual transactions. Such could be carried out with intention of manipulating the
financial performance of the company e.g. a very large purchase of stock at the year
end to increase level of closing stock and subsequently increase profits.
Difficulties in obtaining sufficient, appropriate audit evidence especially where management is

reluctant to provide the necessary information to the auditor.
If circumstances indicate possible existence of fraud and error, the auditor should consider the
potential effect of financial statements. If the effect is material, the auditor should perform
additional procedures to dispel the suspicion. Where fraud or error is confirmed, the auditor
should satisfy himself that the effect of fraud or error is properly reflected in the financial
statements or the error corrected. The auditor should communicate his findings to management
on timely basis if:
• He believes fraud may exist even if the potential effect would be immaterial.
• Fraud or error is actually found to exist.
Inherent limitations of an audit
An audit is subject to the avoidable risk that some material misstatements will not be detected,
even though the audit is properly planned and performed in accordance with ISAs. The risk of
not detecting misstatements resulting from fraud is higher than the risk of not detecting material
misstatements resulting from errors. This is because fraud involves acts designed to conceal it
such as forgery and deliberate failure to record transactions. When the audit reveals evidence to
the contrary, the auditor is entitled to accept representations from management as truthful and
documents as genuine. However, the auditor should plan and perform his work with
professional skepticism, recognizing that conditions or events may be found that indicate that
fraud or error may exist. Existence of a strong internal control system reduces the
probability of misstatements in the financial reporting occurring due to fraud or error but there
is always a risk that the system may fail to operate as designed.
The following procedures could be applied as general leads to where fraud or error may have
occurred.
• Comparison of the company‘s current balance sheet with those of previous years.
• Calculation of profitability, leverage, activity and performance ratios for the current and
previous years.
• Using search inquiry to pose questions to management and accounting staff.
• Auditing in depth to establish the audit trail. This facilitates checking a transactions
recording process from initial to final stage.
• Using surprise checks and visits.
• Comparing budgeted and actual results of the company and investigating any variances
noted.
Errors and frauds in specific areas in business

This is the method by which the deficiencies of cash are concealed for sometime. When cash is
received from some debtor, it is not recorded in the cash books and is misappropriate. Later on,
when cash is received from any other debtor, his account is not credited but the account of the
first debtor is credited and cash is debited, again later on, when cash is received from their
debtor, his account is not credited but that of the second debtor in credited and cash is debited.
This process goes or the fraud is discovered. This method of fraud is known as short banking
or delayed accounting of money received or lapping. This is method by which the past
defalcations are covered up by the present receipt. If remittances are received by means of
cheques, then cheques will have to be split up. This proves is known as splitting cheques.
Because by encashing the cheques, less amount is credited to the debtor and rest amount is
misappropriated.
We can detect such frauds with the help of auditors. The auditor should find out what is the
internal check system regarding cash. If there is any weak point, he must probe into the matter.
The cashier should not have access to ledger. Auditor should check the counterfoils of the
receipts with the cash book paying particular attentions to the dates.
(a) Sales & debtors Potentials errors

• Goods dispatched without being invoiced, services rendered without being invoiced,
goods in transit or a consignment not recognized in books.
• Goods being sold to bad credit risk customer.
• Overdue accounts without follow up.
• Sales invoiced but not recorded in the books.
• Cash sales not being recorded.
• Improper crediting of debtor account..

Implications
• Understated sales, wrong management accounts, loss of assets of the company and
accounts without true and fair view.
• Bad debts
• Misappropriation of cash, exposure to theft and loss of interest due to delayed banking.
• Unreliable records and disputes between the company and customers.
(b) Purchases and Creditor.
Potential errors
• Liabilities being set up for goods not received or not authorized
• Liabilities being incurred but not recorded.
• Making payments without proper documents and authorization.
• Misallocation of funds to the wrong general ledger accounts
• Goods being returned without being recorded.
Implications
• Loss of company resources because of paying for goods never received
• Understanding of liabilities hence disputes with suppliers.
• Paying for services and goods not received
• Overstatement of expenses and creditors.
• Misstatement of various expense accounts hence unreliable records.
• Overstatement of purchases
(c) Wages
Potential errors
• Dummy workers in the payroll or fraudulent double payment of workers, payment for
work not done and unclaimed wages being misappropriated.
• Occurrence of payroll errors.
• Improper deductions being made or being misappropriated
• Inflation of the payroll in other ways.
Implications
• Overvaluation of stocks because using wrong labour costs.
• Overstatement of stocks
• Misstatement of various expense accounts
• Unreliable records.
How is internal control system helps prevent and detect fraud and error
• Supervision. This serves to prevent fraud or error by boosting the awareness of senior
employees who will refrain from committing fraud and error by virtue of constant
review of operations.
• Physical controls. These limit access to the assets of the company thus preventing them
from damage, misuse or theft.
• Segregation of duties. This boosts automatic checks, accountability and supervision at
all stages of processing transactions, minimizing chances of error and fraud.
• Arithmetic and accounting controls. Proper recording of transactions according to the
principles of ISAs will prevent errors and frauds such an manipulation of accounts.
• Personnel. Engaging qualified, competent and efficient personnel will reduce chances
of errors. The company‘s staff should be motivated and properly remunerated to
prevent temptations of fraud.
• Routine and automatic checks. These minimize fraud by boosting awareness that work
will be continuously checked, accountability will be increased and importance of being
honest will be emphasized.

TOPIC 5
OVERVIEW OF FORENSIC ACCOUNTING
NATURE PURPOSE AND SCOPE OF FORENSIC ACCOUNTING
Definition
Forensic accounting is the use of accounting skills to investigate fraud or embezzlement and to
analyze financial information for use in legal proceedings
Forensic accounting in its present state can be broadly classified into two categories
encompassing litigation support and investigative accounting.
1. Litigation support - is the provision of assistance of an accounting nature in a matter
involving existing or pending litigation. It is primarily focused on issues relating to the
quantification of economic damages, which means a typical litigation support
assignment would involve calculating the economic loss or damage resulting from a
breach of contract. However, it also extends to other areas involving valuations, tracing
assets, revenue recovery, accounting reconstruction and financial analysis. Litigation
support also works closely with lawyers in matters involving, but not limited to, contract
disputes, insolvency litigation, insurance claims, royalty audits, shareholders disputes
and intellectual property claims
2. Investigative accounting - in contrast, investigative accounting is concerned with

investigations of a criminal nature. A typical investigative accounting assignment could
be one involving employee fraud, securities fraud, insurance fraud, kickbacks and
advance fee frauds. No doubt in many assignments, both litigation support and
investigative accounting services are required.
Nature of forensic accounting

Forensic accounting is the specialty area of the accountancy profession which describes
engagements that result from actual or anticipated disputes or litigation. „Forensic" means
suitable for use in a court of law" and it is to that standard and potential outcome that forensic
accountants generally have to work. It is often said „Accountants look at the numbers but
Forensic accountants look behind the numbers. Forensic accountants are trained to look beyond
the numbers and deal with the business realities of the situation. Analysis, interpretation,
summarization and presentation of complex financial and business related issues are prominent
features of the profession Bhasin 2007.
The services provided by Forensic Accountants are as follows

1. Business valuations
2. Divorce proceedings and matrimonial disputes
3. Personal injury and fatal accident claims
4. Professional negligence
5. Insurance claims evaluations
6. Arbitration
7. Partnership and corporation disputes
8. Shareholder disputes (minority shareholders claiming
9. Civil and criminal actions concerning fraud and financial irregularities - cross
examination, formulate questions
10. Fraud and white-collar crime investigations
Principal Duties of a Forensic Accountant

A forensic accountant's primary duty is to analyze, interpret, summarize and present complex
financial- and business-related issues in a manner that is both understandable by the layman
and properly supported by the evidence.
Forensic accountants are engaged by both government and private agencies cutting across
industries ranging from insurance companies, banks, police forces, regulatory agencies and
other financial and business organizations.
The services rendered by forensic accountants cover a wide spectrum of which the following
are commonly provided:
1. Investigation and analysis of financial evidence;
2. Development of computerized applications to assist in the analysis and presentation of
financial evidence;
3. Communication of findings in the form of reports, exhibits and collections of
documents;
4. Assistance in legal proceedings, including testifying in court as expert witness and
preparing visual aids to support trial evidence.
To properly carry out these functions, the forensic accountant must also be familiar with legal
concepts and procedures, including the ability to differentiate between substance and form
when struggling with any issue.
Specific Assistance in Investigative Accounting and Litigation Support

The forensic accountant can provide more specific assistance in the following ways.
Investigative accounting
1. Reviewing the factual situation and providing suggestions on alternative course of
action.
2. Assisting in the preservation, protection and recovery of assets.
3. Co-ordinating with other experts, including private investigators, expert document
examiners, consulting engineers and other industry specialists;
4. Assisting in the tracing and recovery of assets through civil, criminal and other
administrative or statutory proceedings.
Litigation support
1. Assisting in securing documentation necessary to support or rebut a claim.

2. Reviewing relevant documentation to provide a preliminary assessment of the case and
identify potential areas of loss and recovery.
3. Assisting in the examination and discovery process, including the formulation of

relevant questions regarding financial evidence.
4. Attending to the examination and discovery process to review the testimony, assisting
with understanding the financial issues and formulating additional questions for
counsel.
5. Reviewing the opposing expert's reports on damages and the strengths and weaknesses
of the positions taken.
6. Assisting in settlement meetings and negotiations.
7. Attending the trial to hear testimony of opposing experts and assisting in the cross-
examination process.
Why Engage a Forensic Accountant?

A logical question to pose is why bring in a forensic accountant and his team when the
organisation's internal auditor and management team can handle the situation which can range
from a simple employee fraud to a more complex situation involving management itself? The
answer would be ' obvious when management itself is involved and the fallout to the discovery
of the fraud leads to low employee morale, adverse public opinion and perception of the
company's image and organisational disorganization generally. Engaging an external party can
have distinct advantages from conducting an internal investigation.
Key Benefits of Using Forensic Accountants

1. Objectivity and credibility - there is little doubt that an external party would be far more
independent and objective than an internal auditor or company accountant who ultimately
reports to management on his findings. An established firm of forensic accountants and
its team would also have credibility stemming from the firm's reputation, network and
track record.
2. Accounting expertise and industry knowledge - an external forensic accountant would
add to the organisation's investigation team with breadth and depth of experience and
deep industry expertise in handling frauds of the nature encountered by the
organisation.
3. Provision of valuable manpower resources - an organisation in the midst of
reorganisation and restructuring following a major fraud would hardly have the full-time
resources to handle a broad-based exhaustive investigation. The forensic accountant and
his team of assistants would provide the much needed experienced resources, thereby
freeing the organisation's staff for other more immediate management demands. This is
all the more critical when the nature of the fraud calls for management to move quickly
to contain the problem and when resources cannot be mobilised in time.
4. Enhanced effectiveness and efficiency - this arises from the additional dimension and
depth which experienced individuals in fraud investigation bring with them to focus on
the issues at hand. Such individuals are specialists in rooting out fraud and would
recognise transactions normally passed over by the organisation's accountants or
auditors.

Different roles of a forensic accountant

(i) Criminal Investigations
Practicing forensic accountants could be called upon by the police to assist them in
criminal investigations which could either relate to individuals or corporate bodies.
The forensic accountant would use his/her investigative accounting skills to examine
the documentary and other available evidence to give his/her expert opinion on the
matter. Their services could also be required by Government departments, the
Revenue Commissioners, the Fire Brigade, etc for investigative purposes.
(ii) Personal Injury Claims

Where losses arise as a result of personal injury, insurance companies sometimes
seek expert opinion from a forensic accountant before deciding whether the claim is
valid and how much to pay.
(iii) Fraud Investigations

Forensic accountants might be called upon to assist in business investigations which
could involve funds tracing, asset identification and recovery, forensic intelligence
gathering and due diligence review. In cases involving fraud perpetrated by an
employee, the forensic accountant will be required to give his/her expert opinion
about the nature and extent of fraud and the likely individual or group of individuals
who have committed the crime. The forensic expert undertakes a detailed review of
the available documentary evidence and forms his/her opinion based on the
information gleaned during the course of that review.
(iv) Professional Negligence

The forensic accountant might be approached in a professional negligence matter to
investigate whether professional negligence has taken place and to quantify the loss
which has resulted from the negligence. A matter such as this could arise between
any professional and their client. The professional might be an accountant, a lawyer,
an engineer etc. The forensic expert uses his/her investigative skills to provide the
services required for this assignment
(v) Expert Witness Cases

Forensic accountants Often attend court to testify in eh/il and criminal court
hearings, as expert witnesses. In such Cases, they attend to present investigative
evidence to the court so as to assist the presiding judge in deciding the outcome of
the case.
(vi) Meditation and Arbitration

Some forensic accountants because of their Specialist training they would have
received in legal mediation and arbitration, have extended their forensic accounting
practices to include providing Alternative Dispute Resolution (ADR) services to
clients. This service involves the forensic accountant resolving both mediation and
arbitration disputes which otherwise would have been expensive and time consuming
for individuals or businesses involved in commercial disputes with a third party.
(vii) Litigation Consultancy

Working with lawyers and their clients engaged in litigation and assisting with
evidence, strategy and case preparation
What characteristics/skills should forensic accountant posses?

A forensic accountant is expected to be a specialist in accounting and financial systems. yet,
as companies continue to grow in size and complexity, uncovering fraud requires a forensic
accountant to become proficient in an ever-increasing number of professional skills and
competencies.
The major skills can be divided in to two:
I. Core skills (specialized skills and knowledge).
II. Non-core skills (personal skills).
I. Core skills:
1. Ability to critically analyze financial statements. These skills help Forensic

Accountants to uncover abnormal patterns in accounting information and recognize
their source.
2. Ability to grasp internal control systems of the client and to set up a system that
achieves management objectives informs employees of their control responsibility
and monitors the quality of program and changes made to them. ‗
3. Proficiency in Information technology and computer network systems. These skills
assist accountants to conduct investigations in the "E-Areas" (E-banking, Ecommerce
etc) and computerized accounting systems.
4. Knowledge of psychology in order to understand the thinking and motive behind
criminal behavior and to set up prevention programmes that motivate and encourage
employees.
5. An in-depth understating of the fraud schemes such as misappropriations, money
laundering, bribery and corruption.
6. Thorough insight and knowledge into company's governance policies and laws that
regulate these policies.
7. Interpersonal and communication skills, which aid in acquiring information about the
companies ethical policies and assist forensic accountants to conduct interviews and
obtain crucially, needed information,
8. Command of criminal and civil laws, legal system and court procedures.
II. Non-core skills: includes, but are not limited to

1. Sound professional judgment.
2. Look beyond numbers and grasp substance of situation.
3. A "sixth" sense that can be used to reconstruct details of past accounting transactions
is also beneficial.
4. A photographic memory that helps when trying to visualize and reconstruct these past
events.
5. Curiosity, persistence and creativity.
6. Pay attention to smallest of detail, observe and listen carefully
7. Ability to maintain his composure when detailing these events on the witness stand.
Who retains a forensic accountant:

Forensic Accountants are often retained by the following groups:
1. Lawyers;
2. Police Forces;
3. Insurance Companies;
4. Government Regulatory Bodies and Agencies;
5. Banks;
6. Courts; and
7. Business Community.
Emergence of computer forensics

The proliferation of e-commerce has led to an increase in e-fraud in recent times, which in
turn has meant an increasing demand for forensic IT services aimed at identifying
unauthorised or unethical IT activities. Computer forensics is simply the application of
computer science to the investigative process. As investigative accounting is an important
aspect of forensic accounting, computer forensics and its sub-disciplines are important tools
for the forensic accountant in his task of retrieving and analysing evidence for the purposes
of uncovering a fraud or challenging any financial information critical to the outcome of any
dispute. Sub-disciplines of computer forensics, like computer media analyses, imagery
enhancement, video and audio enhancements and database visualisation, are tools,
techniques and skills are becoming more critical in the field of forensic accounting in general
and investigative accounting in particular. Fraud detection services and the techniques of
data matching and data mining would be impossible without the application of computer
forensics.
Advantages of .Forensic Accounting
1) Fraud Identification and Prevention:*
Fraud is quite common in big organizations where the number of daily financial transactions
is huge. In such an environment, an employee can easily undertake fraudulent activities
without being caught. Forensic accounting helps in analyzing whether the company's
accounting policies are followed or not, and whether all the transactions are clearly stated in
the books of accounts. Any deviation observed in the books of accounts can help in
identifying fraud, and necessary measures can be taken to prevent it in the future.
2) Making Sound Investment Decisions:-
As forensic accounting helps in analyzing the financial standing and weaknesses of a

business, it provides a path for investors to make thoughtful investment decisions. A
Company dealing with fraud is definitely not a good option for investment. Therefore, the
reports of forensic accountants act as a guide for potential investors of a company. Many
organizations also apply for loans from various financial institutions. By performing an
analysis, such institutions can come to a decision on whether they would like to fund a
company or not.
3) Formulation of Economic Policies:-

Various cases of fraud that becomes evident after forensic analysis act as a reference for the
government to formulate improved economic policies that would be able to curb such
fraudulent activities in the future. By doing so, the government can strengthen the economy
and prevent such illegal activities in the country.
Rewarding Career Opportunity
As a career, forensic accounting is extremely rewarding, as it not only involves regular
accounting activities, but also involves identification, analysis, and reporting of the findings
during an audit. The acceptance of reports generated by a forensic accountant by the court of
law, gives them an upper hand as compared to other accountants.
Disadvantages of Forensic Accounting
1) Confidentiality Issue
Since the scrutiny of a company's financial records is done by an external forensic

accountant, the chances of leakage of confidential matter are always there. It is true that
their code of ethics clearly mentions that forensic accountants and other members involved
in the scrutiny must not engage in disclosing confidential data to outsiders, but the
possibility of disclosure cannot be nullified.
2) Increased Chances of Threats and Negative Publicity
If the analysis of a company's financial statements points out the involvement of a particular
person in fraudulent activities, there is a significant chance that the person will try to threaten
the company to safeguard himself from the trial, Also, any trial that confirms a fraud
happening in the company comes under public eye and gains negative publicity, which
directly affects the reputation and investor relations of the company,
3) Costs a Lot of Money
Forensic accounting can be an expensive affair because the procedures which accountants use
involve high-end accounting software. If study results have to be presented in a trial, the
overall expenditure goes up even further, because the fees of forensic accountants are quite
high. This can be a matter of concern for the organization .
4) Losing Employee Trust
It is quite obvious for employees to feel offended when they come to know that their job is
under scrutiny by a third person. If no fraud is identified, employees are left with the feeling
that the employer does not have faith in them. Lost trust can be difficult to regain in such
cases.

5) Limited Use of Services

Federal regulations limit the use of services from a single accounting firm. Suppose a
company has tied up with one firm for auditing, it cannot ask the firm to provide other
services to it. Therefore, a company has to reach out to several firms for carrying out its
accounting tasks.
Despite the disadvantages associated with forensic accounting, it is, and will continue to be
an important part in the world of business. This is because it helps organizations and
individuals to figure out whether their financial accounts are accurate or fabricated to hide
illegal activities going on within the organization.
TYPES OF FORENSIC INVESTIGATIONS
The forensic accountant could be asked to investigate many different types of fraud. It is
useful to categorize these types into three groups to provide an overview of the wide range
of investigations that could be carried out. The three categories of frauds are corruption,
asset misappropriation and financial statement fraud
Corruption
There are three types of corruption fraud: conflicts of interest, bribery, and extortion.
Research shows that corruption is involved in around one third of all frauds.
In a conflict of interest fraud, the fraudster exerts their influence to achieve a personal
gain which detrimentally affects the company. The fraudster may not benefit
financially, but rather receives an undisclosed personal benefit as a result of the
situation. For example, a manager may approve the expenses of an employee who is
also a personal friend in order to maintain that friendship, even if the expenses are
inaccurate.
Bribery is when money (or something else of value) is offered in order to influence a
situation.
Extortion is the opposite of bribery, and happens when money is demanded (rather
than offered) in order to secure a particular outcome.
Asset misappropriation
By far the most common frauds are those involving asset misappropriation, and
there are many different types of fraud which fall into this category: The common
feature is the theft of cash or other assets from the company, for example:
Cash theft - the stealing of physical cash, for example petty cash, from the premises
of a company.
Fraudulent disbursements - company funds being used to make fraudulent payments.
Common examples include billing schemes, where payments are made to a fictitious
supplier, and payroll schemes, where payments are made to fictitious employees
(often known as 'ghost employees').
Inventory frauds ^ the theft of inventory from the company,
Misuse of assets - employees using company assets for their own personal interest.
Financial statement fraud
This is also known as fraudulent financial reporting, and is a type of fraud that causes a
material misstatement in the financial statements. It can include deliberate falsification of
accounting records; omission of transactions, balances or disclosures from the financial
statements; or the misapplication of financial reporting standards. This is often carried out
with the intention of presenting the financial statements with a particular bias, for example
concealing liabilities in order to improve any analysis of liquidity and gearing.
CONDUCTING AN INVESTIGATION
The process of conducting a forensic investigation is, in many ways, similar to the process
of conducting an audit, but with some additional considerations. The various stages are
briefly described below.
Accepting the investigation

The forensic accountant must initially consider whether their firm has the necessary skills
and experience to accept the work. Forensic investigations are specialist in nature, and the
work requires detailed knowledge of fraud investigation techniques and the legal
framework. Investigators must also have received training in interview and interrogation
techniques, and in how to maintain the safe custody of evidence gathered.
Additional considerations include whether or not the investigation is being requested by an
audit client. If it is, this poses extra ethical questions, as the investigating firm would be
potentially exposed to selfreview, advocacy and management threats to objectivity. Unless
robust safeguards are put in place, the firm should not provide audit and forensic
investigation services to the same client. Commercial considerations are also important, and a
high fee level should be negotiated to compensate for the specialist nature of the work, and
the likely involvement of senior and experienced members of the firm in the investigation.
Planning the investigation

The investigating team must carefully consider what they have been asked to achieve and plan
their work accordingly. The objectives of the investigation will include:
identifying the type of fraud that has been operating, how long it has been operating
for, and how the fraud has been concealed
identifying the fraudster(s) involved
quantifying the financial loss suffered by the client
gathering evidence to be used in court proceedings
Providing advice to prevent the reoccurrence of the fraud.
The investigators should also consider the best way to gather evidence - the use of computer
assisted audit techniques, for example, is very common in fraud investigations.

Gathering evidence
In order to gather detailed evidence, the investigator must understand the specific type of
fraud that has been carried out, and how the fraud has been committed. The evidence should
be sufficient to ultimately prove the identity of the fraudster(s), the mechanics of the fraud
scheme, and the amount of financial loss suffered. It is important that the investigating team
is skilled in collecting evidence that can be used in a court case, and in keeping a clear chain
of custody until the evidence is presented in court.
If any evidence is inconclusive or there are gaps in the chain of custody, then the evidence
may be challenged in court, or even become inadmissible. Investigators must be alert to
documents being falsified, damaged or destroyed by the suspect(s). Evidence can be
gathered using various techniques, such as:
testing controls to gather evidence which identifies the weaknesses, which allowed
the fraud to be perpetrated
using analytical procedures to compare trends over time or to provide comparatives
between different segments of the business
applying computer assisted audit techniques, for example to identify the timing and
location of relevant details being altered in the computer system
discussions and interviews with employees
Substantive techniques such as reconciliations, cash counts and reviews of
documentation.
The ultimate goal of the forensic investigation team is to obtain a confession by the fraudster,
if a fraud did actually occur. For this reason, the investigators are likely to avoid deliberately
confronting the alleged fraudster(s) until they have gathered sufficient evidence to extract a
confession. The interview with the suspect is a crucial part of evidence gathered during the
investigation.
Reporting
The client will expect a report containing the findings of the investigation, including a
summary of evidence and a conclusion as to the amount of loss suffered as a result of the
fraud. The report will also discuss how the fraudster set up the fraud scheme, and which
controls, if any, were circumvented. It is also likely that the investigative team will
recommend improvements to controls within the organisation to prevent any similar frauds
occurring in the future.
Opportunities to Commit Financial Reporting Fraud?
1. The absence of a segregation of duties Or unclear job descriptions resulting in a lack of
clarity of ownership allowing an individual to manipulate data to achieve a desired
result.
2. The absence of effective supervision allowing an individual (s) to manipulate data to
present a desired result or avoid detection of an improper activity (e.g. remote
locations; specialized or complex businesses; recently acquired entities or outsourced
activities).
3. The ability to create transactions to achieve a desired result (e.g. inter-company
transactions; fictitious receivables; improper reserves; or manipulation of cut-off
procedures).
4. Existence of manual processes that are susceptible to manipulation.

5. The absence of sufficient resources allowing one or more individuals to circumvent
established processes.
6. Failure to perform sufficient background checks resulting in an individual(s) with the
propensity or motivation to commit fraud assuming positions within the Company that
allow them to manipulate data for their personal benefit.
FRAUD PREVENTION AND DETERRENCE
1. Implement internal controls to reduce fraud risk: Many businesses depend on one person
to process payments and invoices, make bank deposits, handle petty cash, and reconcile
bank statements. This is asking for trouble. Your business should implement a system
that spreads and, if possible, rotates the financial duties of the business among two or
more employees. Insist that all employees, especially those with financial
responsibilities, take a mandatory vacation of at least one week of consecutive days.
2. Tone at the Top: An effective way to prevent fraud in your business is to create a
positive work culture. It is important that the business owner and senior management
serve as role models of honesty and integrity. Set clear standards example zero
tolerance policy for fraud.
3. The directors should lead by Example by
Behaving ethically and openly communicate expectations to employees

Treat all employees equally
4. Management should create a positive workplace environment by:
Focus on employee morale
Empower employees
Communicate to employees
Conduct background investigations before hiring or promoting

Cheek candidate's education, employment history, references
Continuous and objective evaluation of compliance with entity values
Violations addressed immediately
The Code of Conduct should;

Formalized and founded on integrity
Defines acceptable employee behavior
Communicated to all employees
All employees are held accountable for compliance

Discipline in the organization should

Send a strong message throughout the entity
Should be appropriate and consistent
Consequences of committing fraud clearly communicated throughout the entity
Whistle blower: Every company should establish a system that makes it easy for
employees, vendors and customers to anonymously report suspected fraud activities.
Work with Professionals: Consider hiring a professional to conduct both regularly
scheduled and surprise audits. Audits can serve as a deterrent because when
employees are aware that there will be checks of their areas, they are more likely to
stay honest.
Common Accounting Fraud Areas

Usually in any typical fraud investigation, the forensic accountant and his team would
encounter similar factual scenarios or frauds, which are not peculiar to any organisation.
The more common types are illustrated in the following table:
Accounting items Possible Fraud Scenarios
Revenue Recognition a) Premature recognition of sales

(b) Phantom sales- ghost sales )
(c) Improperly valued transactions
Reserves (a) Bad faith estimates

(b) One time charges
Inventory (a) Over-valuation
(b) Non-existent inventory
Expenses (a) Delayed expense recognition

(b) Improper capitalisation of expenses
Others (a) Related party transactions

(b) Acquisition accounting

TOPIC 6
INTERNAL CONTROL SYSTEMS
Introduction
When carrying out the audit, the auditor first needs to carry out an evaluation of the internal
control systems and evaluate its operating effectiveness and its efficiency. This will help the
auditor to ascertain the degree of reliance he or she is going to place on the controls and hence
the level of the level of tests the needs to be carried on the final balances. To ascertain the
effectiveness of these controls, the auditor carries out tests of control. The tests of control will
also help the auditor have a better understanding of the entity. Internal control is covered by the
International Standard on Auditing (ISA) 315 on Understanding the entity and its environment
and assessing the risk of material misstatement.
Internal audit is normally set up by the management to help in the risk assessment process and
to ensure the company adheres to good corporate governance. This function can either be
carried out in-house whereby the employees of the company employed as the internal auditors
or it can be outsourced. Internal auditing is covered by the International Standard of Auditing
(ISA) 610 on considering the work of internal auditing.
ISA 400 defines an accounting system as the series of tasks and procedures by which
transaction are procedures as a means of maintaining proper financial records. The accounting
system identifies, assembles, analyses, defines, records and summarizes transactions of an
entity the mgt requires complete and accurate accounting and other records to assist in
executing their responsibilities which are:
Safeguarding the company assets and preventing fraud and error
Selecting suitable accounting policies and applying them consistently
Ensuring that the company keeps proper accounting records as per the Companies Act.
Delivering to the government agency, court or stock exchange a copy of the company‘s
auditor financial statements within the specified period after year-end.
Stating whether applicable accounting standards have been followed subject to any
material departure disclosed and explained in the financial statements.
Prepare the financial statements on a going concern basis unless it is appropriate to
presume that the company will continue operations.
Setting up an internal control system to enable all the above responsibilities to be
carried out as required.
ISA 400 defines internal control system as all the policies and procedures adopted by
management to in achieving objectives as far as practicable. The objectives of an internal
control system are: -
Orderly and efficient conduct of business.
Adherence to management policies.
Safeguarding of company assets
Prevention and detection of fraud and error.

Accuracy and completeness of accounting records.
Timely preparation of reliable financial information.
Component of accounting and internal control system

These are:-
1. Risk assessment
2. Control environment
3. Control procedures
1. Risk assessment
Audit risk means the risk that the auditor may give an inappropriate audit opinion i.e. the
auditor may report that the financial statements show a true and fair view while in reality they
are materially misstated.
Audit risk is composed of:
a) Inherent risk
b) Control risk
c) Detection risk
d) Inherent risk
a) Inherent risk
This is the risk that the account balances are transactions could be materially misstated
assuming that there were no internal control system. Inherent risk could increase a result of an
adverse attitude of managers on the internal control system i.e. if they view internal control
system as unimportant.
b) Control risk
This is the risk that a material misstatement could occur in an account balance or clan of
transactions which will not be prevented or detected in a timely manner by the entity‟ s
accounting and internal control system.
c) Detection risk
This is the risk that the auditor‟ s tests of balances and transactions will not detect a material
misstatement that exists in an accounts balance or class of transactions. This implies that
detection risk is the only component of audit risk under the auditor‟ s control.
Risk based audit

This audit uses a model called audit risk model. If inherent risk and control risk are assessed to
be high, then to remain within an overall acceptable audit risk, the level of acceptable detection
risk must be low meaning that the level of tests of balances and transactions must be relatively
high. If inherent and control risks are assessed to be low, then the level of acceptable detection
risk may be higher leading to relatively lower level of tests of balances and transactions.
Therefore the assessment of inherent and control risk is an essential part in deciding the overall
approach to an audit.
For the audit model, audit risk equals inherent risk multiplied by the control risk and detection
risk.
Advantages of audit risk model

Helps eliminate over or under auditing because the nature, extent and timing of audit
procedures performed is determined by the risk assessment carried out.
The results appear more rational and defensible than if the model was not used. i.e.
incase the auditor is called upon to support his decisions in a court of law, he can justify
the level of reliance on the internal control system and the amount of substantive tests
carried out
Helps allow work to be delegated to junior members of audit staff who will be able to
carry on without having to rely too much on their own judgment.
The increased use of computer in business has made the calculations of audit risk easier
leading to more efficient and effective audit.
Disadvantages
The model gives an impression of accuracy which is unrealistic as in practice its
difficult to put a quantitative value on inherent risk.
For the model to be useful, the number of items being tested need to be sufficiently
large to allow for valid statistical conclusions to be made. This rule out the use of the
model in many small audits.
The model has a danger of adapting an overly mechanistic approach and that the
auditor may lose his „feel‟ for the audit assignment.
It requires proper knowledge of the burden to be able to assess the audit risk.
A wrong assessment of inherent and control risk will lead to over or under auditing.
2. Control Environment
ISA 400 refers control environment as being the overall attitude, awareness and actions of
directors and management regarding the internal control system and its importance to the
entity.
The control environment has an effect on the effectiveness of the specific control procedures.
A strong control environment i.e. one with tight budgetary control and an effective internal
audit function can significantly complement specific control procedures. Thus the control
environment sets the tone of the entity by influencing the control consciousness of people. It
may be viewed as the foundation of other components of internal control.

Factors influencing the control of environment
The function of the board of directors or the audit committee. The control environment
is significantly influenced by the effectiveness of the board of directors or the audit
committee. This effectiveness is determined by the extent of its independence from
management, experience and status of members and the extent to which it raises and
pursues difficult matters with management and also its relationship with internal and
external auditors.
Management philosophy, style and ease with which managers could override controls.
Management philosophy refers to whether the management likes taking risk in business
or has a conservative approach. This has an impact on the overall reliability of financial
statements. If they are risk takers, losses are likely and may want to hide them. If they
are conservative to risk, there may be no business hence low profits and this may lead to
falsification of financial statements.
The implementation of organizational structure and methods of assigning authority and
responsibility. This determines how well employees understand the limits placed upon
their powers and responsibilities. The objective is to separate responsibility for
authorizing a transaction, keeping records for the transaction and custody of assets
acquired from the transaction.
Personnel policies and procedures. Employees should be recruited on basis of skills and
knowledge essential for the performance of their jobs and if necessary, be trained
3. Control procedures
These are the policies and procedures in addition to the control environment, which the
management has established to achieve the entity‟ s specific objectives. The mix of types of
controls implemented by mgt will depend on the control objectives and the size of the entity.
a) Organizational plan chart
Companies should have proper organization plans. An organized plan shows clearly the
various departments within the company, their functions and persons charged with ensuring
that such functions are fulfilled. They seek to ensure that the entity is properly
departmentalized preventing duplication of duties across departments and boosting
accountability within the entity. Delegation and limits of authority should be well and clearly
defined.
b) Segregation of duties.
This refers to separation of various duties and responsibilities such that one person cannot
process and record a complete transaction from beginning to the end without being checked by
another person. E.g. in purchase of fixed assets, an individual should not authorize the purchase,
place the order, receive the assets, record the transaction and keep custody of the assets. To
minimize risk of error and or intention the following should be performed by different
individuals and departments as much as practicable.
Initiation of transaction. This is where if an item is found to be out of stock and a
requisition is made.
Authorization Different levels of management should be given limits as to what they
can authorize or to what extent they can commit company resources.
Execution. Person‘s independent from those who authorize the transactions should
execute them.
Recording. Segregation of duties also includes an internal check which refers to the
activities of one person being complementary to those of another person.
c) Physical controls
These are security measures concerned with the custody of company‟ s assets by limiting
access to authorized people only. Direct physical controls include keeping assets under lock
and key, employment of security guards, building fences and use of closed circuit cameras.
Indirect physical controls include use of a fixed asset movement registers and use of
computers to record utilization of company vehicles.
d) Authorization and approval.
Transactions that commit the organizations resources should be subject to authorization and
approval by a responsible official. The limits for authorization should also be specified.
e) Arithmetic and accounting control.
These are controls within the accounting function which check that transactions are authorized
and accurately recorded. These are aimed at ensuring completeness and accuracy of the
accounting records. The key features are;
Use of pre numbered documents in processing transactions.
Issuing of documents in sequence when processing transactions.
Monitoring movement of documents by use of a register in which all the people in
possession of specific documents have signed that they are possession of those
documents.
Production of exception reports e.g. where a local purchase order (LPO) has been raised
and the order has not been fulfilled by the supplier.
Reconciliation of different accounts and the related control accounts e.g. bank
reconciliation. Reconciliations would only be effective if prepared by independent
persons and non reconciling items resolved in a timely manner.
f) Personnel.
The proper functioning of any system is dependent on the competence and integrity of those
operating it. The company must therefore recruit competent staff with integrity and
intelligence. Staff should be assigned responsibilities that match their capability and undergo
training where necessary.
g) Supervision.
Transactions and their recording should be subjected to supervision by competent and
responsible officials. Supervision is necessary because it gives the chance of correcting errors
and also because lower level employees generally tend to be indiscipline if not closely
supervised.

h) Management controls.
These are controls exercised by management in addition to daily routines of the system. They
include comparison of actual performance with budgets review of management accounts e.g.
budgets and internal audit function.
i) Rotation of duties.
Duties should be rotated between personnel at the same organizational level e.g. payroll staff
and credit control staff. Staff should be encouraged to take annual leave to provide an
opportunity for their work to be checked by an independent person.
j) Routine and automatic checks.

These are conducted on routine duties and operations to ensure that they are operating
efficiently.
Such checks are conducted on surprise basis to minimize errors and frauds. Examples may
include surprise cash counts and physical inspection of fixed assets.
k) Internal audit
This is a control function set up by management to review the accounting and internal control
system. Internal audit carries out continuous evaluation of operating effectiveness of the
internal control policies and procedures. The findings and recommendations are then reported
to management.
l) Limitations of internal control system

No internal control system however elaborate can by itself guarantee efficient administration
and completion and accuracy of the recorded nor can it be proof against fraud. This is due to
the following inherent limitations of accounting and internal control systems;
a. Cost-benefit analysis. Management has to ensure that the benefits expected from an
internal control system outweigh the cost of installing and maintaining the internal
control system. As a result certain important controls may not be put in place due to the
costs involved e.g. a small company may not have the resources to employ efficient staff
to ensure segregation of duties.
b. Limited coverage. Most internal controls tend to be directed towards routine transactions
rather than non routine transactions leaving room for fraud and error as the non routine
transactions will not be subjected to the appropriate controls e.g. if stock is damaged by
fire and needs to be replaced immediately, there will be no controls available for such an
emergency.
c. Human error. Human beings are prone to carelessness, distraction, mistakes of
judgment and misunderstanding instructions. This undermines the effectiveness of the
internal control system because the most important component of internal control
system is people.
d. Abuse of responsibility. Senior managers could override controls thereby creating
negative perception of the internal control system to the lower level employees.
e. Corruption. A member of management or employee could circumvent controls through
collusion with persons within or without the company e.g. where an internal control on
purchasing requires a quotation to be submitted, an employee can leak the prices in the
quotations to his preferred supplier in exchange for a kick back.
f. The possibility that procedures may become inadequate due to changes in conditions of
the burden e.g. expansion of business without corresponding increase in number of staff
may require some staff member to perform more tasks than previously. This dilutes the
extent of segregation of duties.
An example of internal control system over sales and debtors

When designing internal controls, it is important to identify the various stages followed in
processing the transaction and controls that address the issues that arise in each of the stages.
a. Customers should be approved before a credit facility is granted. The credit limit
granted should be formally authorized after seeking references on the customer‟ s
ability to pay. Such references are normally provided by banks suppliers and credit
reference bureaus.
b. Customers should be approved for sales only when the customer‟ s credit limit has not
been exceeded. The sales personnel should ensure that they have up to date records of
customers‟ outstanding balances.
c. Goods only be dispatched against a valid and an authorized sales order.
d. All dispatches of goods and return inwards should be accurately recorded
e. All dispatches should be involved. This can be achieved by checking copies of the sales
order to the dispatch records the use of sequentially numbered documents would ensure
that all sales are invoiced.
f. Invoices and credit notes should be accurately prepared from approved price list and all
discounts or price deduction should be properly approved. Price list and all trade
discounts and price deduction should be properly authorized.
g. Creditors‟ notes and other adjustments should only be prepared against authorized
return inwards or other appropriate documents. To prevent fraud, there should be
proper segregation of duties such that the person who authorizes a sale is not able to
authorize the issue of a credit note or other adjustments.
h. All bad debts written off should be properly authorized and recorded. Persons involved
with original authorization of sales and granting credit to customers should not be
involved in the authorization of bad debts write offs.
i. Stock‘s records should be accurately updated with all sales and sales returns
j. All transactions should be accurately posted to the ledger
k. Sales ledger balances should be regularly reconciled to sales ledger control balances to
ensure completeness and accuracy of the ledger.
l. Sales ledger balances should be periodically aged and reviewed by the credit control
staff. Overdue accounts should be identified and followed up for collection. The aged
list of debtors would assist management and the auditor in assessing adequacy of bad
debt provisions.

Key objectives in sales and debtors internal control system

Credit should be extended to credit worthy customers.
Goods should not be dispatched without an invoice being raised.
Overdue accounts should be promptly followed up.
Receipt from cash sales should be properly controlled.
No unauthorized credit entries should be made to debtors account balances.
There should be sufficient segregation of duties between sales function and credit
control function in the entity
Ascertaining, Evaluating, recording and confirming internal control system

The auditor will need to ascertain, evaluate, record and confirm the internal control system to
be able to determine the effectiveness of its component controls and to decide on the extent of
his reliance thereon.
Ascertaining
This refers to the auditors attempt to identify and understand the internal controls that
management has put in place. This is carried out in the following ways:-
Utilizing clients accounting and control manuals which describe the accounting and
internal control system.
Obtaining and relying on system records and description prepared by internal audit for
organizations with inter audit functions.
Interviewing procedures being performed e.g. stock taking in order to clearly
understand the nature of the controls involved.
Relying on prior year‘s system notes which can be obtained from the previous auditor‘s
working papers.
The auditor‘s objective in evaluating the internal control system is to determine the degree of
reliance which he may place on the information contained in the accounting records. If he
obtains reasonable assurance by means of compliance tests that the internal controls are
effective in ensuring the completeness and accuracy of accounting records and the validity of
entries therein, he may limit the extent of substantive testing. Because of the inherent
limitation of even the most effective internal control system, it will be impossible for the
auditor to rely solely on its operation as a basis of his opinion on the financial statements.
Recording
Having identified the controls that management has put in place, it is important to create
documented records of the internal control system. This will enhance the auditor‟ s
understanding of the system and provide documentary evidence of work done. The following
are methods used in recording the system.
Flow Charts: These are diagrammatic representations of the company‟ s procedures

and processes and are designed to show the movement of documents and information
through the accounting system from initiation of transactions to final recording in the
books of accounts. Standardized symbols are used to represent the flow of documents
and information through the system. This use of visual description eliminates use of
lengthy narratives in explaining the system.
Questionnaires. These comprise a list of questions designed to determine whether the

internal control system has desirable controls that cover each of the major transaction
cycles. The questions are structured such that the client will be required to respond by
giving either a yes or no answer. There are two types of questionnaires:
i. Internal control questionnaires (ICQ). These are lists of questions that are
designed to establish whether the company has put in place desirable controls to ensure
that the affairs of the company are carried out in an orderly and efficient manner.
ii. Internal control evaluating questionnaires (ICEQ). These are lists of
questions that seek to establish whether specific errors or fraud could occur rather than
establishing whether certain desirable controls are present. E.g. is there reasonable
assurance that sales are properly authorized? Yes / No.
Narratives. These refer to recording of the internal control system in narrative form or
explanatory notes. They are preferable for simple systems where all the transactions
and documentation are handled by one person only. They require little formal training
of staff and are best suited to small and simple system description or to explain
peripheral aspects of a larger system not dealt with by other techniques. Narratives are
too easy to record but difficult to change.
Confirming
Having recorded the system, the auditor then needs to confirm whether the system recorded
exists, is operational and that the auditor has correct understanding of the system. This is done
by use of walk through tests. A walk through test refers to the process where the auditor selects
the particular transaction and traces it through the accounting information system from the time
it was first captured and input as data to its final recording in the financial statements. The
purpose of walk through tests may be either for auditor to identify specific control procedures or
to confirm an existing understanding of internal control procedure in the internal control system.
Evaluating
Having recorded and confirmed the internal control system, the auditor will commence his
evaluation. The auditor evaluates the client‘s internal control system in order to decide whether
the system is suitably designed and constitutes a reliable basis for preparation of financial
statements. Evaluation is normally carried out simultaneously with recording. Evaluation will
be assisted by the use of documentation designed to help identify the internal controls on which
the auditor may wish to place reliance. The auditor uses internal control evaluation
questionnaires (ICEQ) in evaluating the system based on key control questions. Examples of
key control questions that could be applied in evaluating internal control system for sales and
debtors are:

Can goods be dispatched without being involved?

Can goods be sold to a bad credit risk?
Can sales be invoiced but not recorded?
For wages and salaries

Can employees be paid for work not done?
Can bonuses or commissions be wrongly paid?
Can pay as you earn (PAYE) and other statutory deductions be inflated by inclusion of
ghost workers?
Can wages and salaries be paid at the wrong rates?
TESTS OF CONTROL
After the system has been evaluated as being suitably designed the auditor then plans to carry
out tests of control which are also called compliance tests. Compliance tests are procedures
performed to obtain audit evidence about the effectiveness of the:
Design of the accounting and internal control system i.e. whether it is suitably designed
to prevent and correct material misstatements.
Operation of the internal controls consistently throughout the financial period.
The Auditor carries out tests of control to determine whether these controls have worked
effectively throughout the financial period and can be relied upon to ensure complete, accurate
and reliable accounting records.
Some of the procedures performed to obtain an understanding of the accounting and internal
control system may not have been specifically planned as tests of control but may provide
audit evidence about the effectiveness of the design and operation of the internal controls
relevant to certain assertions and consequently serve as tests of control.
Tests of control include:
Inspection: Documents supporting transactions and other events are inspected to gain
assurance that internal controls have operated properly.
Inquiry: Inquiries about internal controls which have no audit trail need to be done e.g.
inquiring whether appropriate security measures are undertaken during payment of
wages.
Re-performance of internal controls. E.g. reconciliation of the bank accounts to ensure
clients bank accounts to ensure clients bank reconciliation statements is accurately
prepared.
Observation. This entails observing control procedures being performed e.g. physical
counting of stock will enable the auditor confirm that the exercise is being conducted
properly. Such observation will provide evidence that a control is operating effectively
as designed. When obtaining audit evidence about the effectiveness of internal controls,
the auditors considers how they were applied and the consistency with which they were
applied. The concept of effective operational controls recognizes that some deviation
from prescribed control may occur. This may be due to changes in key personnel,
human error and significant fluctuation in the volume of transactions.
Actions taken when internal control system is identified as weak

The auditor should bring to the attention of the management all the weaknesses he has
identified and discuss with them the possible remedies and corrective measures
immediately.
The auditor should consider changing his audit approach by increasing the level of
detailed substantive testing. This is because the weaknesses imply that the system is not
operating as designed and therefore cannot be relied upon.
The auditor should increase the sample size i.e. test as many entries as is considered
necessary to avoid any error or fraud undetected.
The auditor should record significant weakness in the management letter and give his
recommendations to management on how the weaknesses can be corrected.
If the internal control system is extremely weak such that he cannot depend upon it to
apply any test, then he should qualify his report or at best give a disclaimer opinion.
The extent of reliance on internal control system by the auditor will depend on factors as: -
His past experience with the company‘s internal control system. Any fluctuation in
volume of business transactions
Changes in line managers or top management officials.
Changes in accounting policies and practices.
Changes in size of the company.
COMMUNICATION ON INTERNAL CONTROL (MANAGEMENT LETTER)
Although the statutory reporting requirements of the Companies Act only calls for the auditor
to make a report to the members as to whether the financial statements show a true and fair
view. In addition to this, auditors provide management with a summary of their findings
concerning strengths and weaknesses of accounting and internal control system as well as
material issues arising from review of the financial statements. This summary is called the
management letter.
Purposes of management Letter

Enables the auditor to give his comments on the accounting records that he has
examined during the course of the audit. Areas of weakness in internal control system
which my result to material errors will be highlighted and brought to management‘s
attention together with advice as to their improvement.
Provides management with other constructive advice regarding areas where efficiency
may be improved.

Communicates matters arising during the audit so that there is a written record of all
such matters. In case of litigation, the auditor may rely on the management letter for
defense.
Ensures auditor‘s comments on the accounting on the internal control system reach
those responsible members of management who have powers to act on the findings.
A report to management will normally be a natural way of adding value to the client and the
auditor should incorporate the need to report in the planning of the audit. Before documenting
the weaknesses in management letter, the auditor should discuss these with the appropriate
officials. This eliminates the possibility that the auditor may have misunderstood. The
operation of the system and will also enable the company make quick corrective actions. The
management letter should be addressed to the board of directors or the audit committee.
The timing of the management letter will vary. It will often be useful to complete the
compliance tests before its submission, so that weaknesses in internal control system may be
included. However, serious weaknesses discovered should be reported immediately. This may
make it necessary to submit more than one management letter.
The management letter acts as effective feedback that assists management in running the
company more efficiently and thus promotes constructive relationship between the auditor and
management which may be useful in future audits. The management letter should be both
objective and constructive. The auditor should request for comments from management as to all
the matters rose indicating what actions management intends to take regarding the matters
raised.
INFORMATION TECHNOLOGY THREATS AND CONTROL
An entity's mix of manual and automated elements in internal control varies with the nature
and complexity of the entity's use of IT.
The use of IT affects the way that control activities are implemented. From the auditor's'
perspective, controls over IT systems are effective when they maintain the integrity of
information and the security of the data such systems process, and include effective general IT
controls and application controls. General IT controls are policies and procedures that relate to
many applications and support the effective functioning of application controls.
They apply to mainframe, miniframe, and end-user environments. General IT controls that
maintain the integrity of information and security of data commonly include controls over the
following:
Data center and network operations.
System software acquisition, change and maintenance.
Program change.
Access security.
Application system acquisition, development, and maintenance.

Generally, IT benefits an entity's internal control by enabling an entity to:

• Consistently apply predefined business rules and perform complex calculations in
processing large volumes of transactions or data;
• Enhance the timeliness, availability, and accuracy of information;
• Facilitate the additional analysis of information;
• Enhance the ability to monitor the performance of the entity's activities and its policies
and procedures;
• Reduce the risk that controls will be circumvented; and
• Enhance the ability to achieve effective segregation of duties by implementing security
controls in applications, databases, and operating systems.
IT also poses specific risks to an entity's internal control, including, for example:
• Reliance on systems or programs that are inaccurately processing data, processing
inaccurate data, or both.
• Unauthorized access to data that may result in destruction of data or improper changes
to data, including the recording of unauthorized or non-existent transactions, or
inaccurate recording of transactions.
• Particular risks may arise where multiple users access a common database.
• The possibility of IT personnel gaining access privileges beyond those necessary to
perform their assigned duties thereby breaking down segregation of duties.
• Unauthorized changes to data in master files.
• Unauthorized changes to systems or programs.
• Failure to make necessary changes to systems or programs.
• Inappropriate manual intervention.
• Potential loss of data or inability to access data as required.
Manual elements in internal control may be more suitable where judgment and discretion are
required such as for the following circumstances:
• Large, unusual or non-recurring transactions.
• Circumstances where errors are difficult to define anticipate or predict.
• In changing circumstances that require a control response outside the scope of an
existing automated control.
• In monitoring the effectiveness of automated controls
Manual elements in internal control may be less reliable than automated elements because they
can be more easily bypassed, ignored, or overridden and they are also more prone to simple
errors and mistakes. Consistency of application of a manual control element cannot therefore be
assumed. Manual control elements may be less suitable for the following circumstances:
• High volume or recurring transactions, or in situations where errors that can be
anticipated or predicted can be prevented, or detected and corrected, by control
parameters that are automated
• Control activities where the specific ways to perform the control can be adequately
designed and automated

The extent and nature of the risks to internal control vary depending on the nature and
characteristics of the entity's information system. The entity responds to the risks arising from
the use of IT or from use of manual elements in internal control by establishing effective
controls in light of the characteristics of the entity's information system

TOPIC 7
AUDIT EVIDENCE
FINANCIAL STATEMENT ASSERTIONS AND AUDIT EVIDENCE
Financial Statement Assertions are the implicit or explicit claims and representations made
by the management responsible for the preparation of financial statements regarding the
appropriateness of the various elements of financial statements and disclosures.
Financial Statement Assertions are also known as Management Assertions and Audit
Assertions.
In preparing financial statements, management is making implicit or explicit claims (i.e.

assertions) regarding the recognition, measurement and presentation of assets, liabilities, equity,
income, expenses and disclosures in accordance with the applicable financial reporting
framework (e.g. IFRS).
For example, if a balance sheet of an entity shows buildings with carrying amount of sh.10
million, the auditor shall assume that the management has claimed that:
The buildings recognized in the balance sheet exist at the period end;
The entity owns or controls those buildings;
The buildings are valued accurately in accordance with the measurement basis;
All buildings owned and controlled by the entity are included within the carrying
amount of sh.10 million.
Types & Examples
Assertions may be classified into the following types:
Assertions relating to classes of transactions

Assertions Explanation Examples: Salaries & Wages Cost
Salaries & wages expense has been incurred during the

Transactions recognized in the
period in respect of the personnel employed by the
Occurrence financial statements have
entity. Salaries and wages expense does not include the
occurred and relate to the entity.
payroll cost of any unauthorized personnel.
All transactions that were

Salaries and wages cost in respect of all
Completeness supposed to be recorded have been
recognized in the financial personnel have been fully accounted for.
statements.
Salaries and wages cost has been calculated
Transactions have been
accurately. Any adjustments such as tax deduction
Accuracy recorded accurately at their
at source have been correctly reconciled and
appropriate amounts.
accounted for.
Salaries and wages cost recognized during the

period relates to the current accounting period. Any
Cut-off recognized in the correct
accrued and prepaid expenses have been accounted
accounting periods.
for correctly in the financial statements.
Salaries and wages cost has been fairly allocated

between:
n classified and presented fairly in -Operating expenses incurred in production activities; -

General and administrative expenses; and
the financial statements.
-Cost of personnel relating to any self-constructed
assets other than inventory.
Assertions relating to assets, liabilities and equity balances at the period end
Assertions Explanation Examples: Inventory balance
Assets, liabilities and equity Inventory recognized in the balance sheet exists at the
Existence
balances exist at the period end. period end.
All assets, liabilities and equity
All inventory units that should have been recorded
balances that were supposed to
have been recognized in the financial statements. Any
Completeness be recorded have been
inventory held by a third party on behalf of the audit
recognized in the financial
entity has been included in the inventory balance.
statements.
Entity has the right to
Audit entity owns or controls the inventory
ownership or use of the
recognized in the financial statements. Any inventory
Rights & recognized assets, and the
held by the audit entity on account of another entity
Obligations liabilities recognized in the
has not been recognized as part of inventory of the
financial statements represent
audit entity.
the obligations of the entity.
Inventory has been recognized at the lower of cost
and net realizable value in accordance with IAS 2
Inventories. Any costs that could not be reasonably
Assets, liabilities and equity allocated to the cost of production (e.g. general and
Valuation balances have been valued administrative costs) and any abnormal wastage has
appropriately. been excluded from the cost of inventory. An
acceptable valuation basis has been used to value
inventory cost at the period end (e.g. FIFO, AVCO,
etc.)

Assertions relating to presentation and disclosures

Examples: Related Party
Assertions Explanation
Disclosures
Transactions with related parties
Transactions and events disclosed
disclosed in the notes of financial
Occurrence in the financial statements have
statements have occurred during the
occurred and relate to the entity.
period and relate to the audit entity.
All related parties, related party
All transactions, balances, events
transactions and balances that should
and other matters that should have
Completeness have been disclosed have been
been disclosed have been disclosed
disclosed in the notes of financial
in the financial statements.
statements.
The nature of related party
Disclosed events, transactions,
transactions, balances and events has
balances and other financial
been clearly disclosed in the notes of
matters have been classified
financial statements. Users of the
Classification & appropriately and presented clearly
financial statements can clearly
Understandability in a manner that promotes the
determine the financial statement
understandability of information
captions affected by the related party
contained in the financial
transactions and balances and can
statements.
easily ascertain their financial effect.
Transactions, events, balances and Related party transactions, balances
Accuracy & other financial matters have been and events have been disclosed
Valuation disclosed accurately at their accurately at their appropriate
appropriate amounts. amounts.
AUDIT EVIDENCE
Audit evidence refers to the information obtained by the auditor in arriving at the conclusions
on which audit opinion on the financial statements is based. Audit evidence comprises of
source documents and accounting records underlying the financial statements. The accounting
records generally include:
Records of initial entries and supporting records

Records of electronic fund transfers, invoices, contracts and cheques.
General and subsidiary ledgers, journal entries and other adjustments to the financial
statements not reflected in the journal entries
Records such as work sheets and spread sheets supporting cost allocations,
computations and reconciliations.

Other information the auditor can use as audit evidence are:

Minutes of meetings
Confirmations form third parties
Analysis reports
Comparable data about competitors.
Control annuals.
Information obtained by auditor from audit procedure such as observation and
enquiries.
The sources and amount of evidence needed to achieve the required level of assurance is
determined by the auditor‘s judgment. The auditor‘s judgment will be influenced by the
materiality of item being examined, the relevance and reliability of evidence available from
each source and cost involved in obtaining it. Audit evidence is obtained through an
appropriate mix of tests of controls and substantive procedures where internal control system
is considered weak; evidence may be obtained entirely from substantive procedures.
Substantive tests are procedures carried out to test the accuracy and validity of accounting
records. They are of two types i.e. analytical review procedure and test of detail.
Qualities of audit evidence
ISA 500 requires that „the auditor should obtain sufficient audit evidence to be able to draw
reasonable conclusions on which to base the audit opinion.‟
What do we mean by:

a) Sufficiency
b) Appropriate
Sufficient means that there needs to be enough evidence. What is enough is a matter of
professional judgment.
Appropriate break down into:
a) Relevance.
Relevance of audit evidence should be considered in relation to the overall audit objective of
forming an opinion and reporting on financial statements. It therefore refers to the ability of
the evidence to assist the auditor in testing management assertions.
b) Reliability
Reliability of audit evidence refers to the credibility of that evidence the credibility is
influenced by its source and its nature

Use of assertions in generating audit evidence
When preparing financial statements the management makes certain implicit or explicit
assertions about the financial affairs of the company.
Consequently, when the auditor is obtaining evidence from a substantive procedure, he is

concerned about testing or substantiating the truth of these assertions. The assertions are
categorized as follows;
1. Assertions about hinting of transactions and events for the period under audit i.e.
Occurrence transaction and events that have been recorded have occurred and pertain to
the entity.
Completeness
Cut off. Transactions and events have been recorded in the appropriate accounting
period
Accuracy Amounts and other data relating to the recorded transactions have been
recorded appropriately.
Classification. Transactions and events have been recorded in the correct period
2. Assertions about account balances at the year end.
Existence. Assets or liabilities exist at a given date

Rights and obligations
completeness
valuation and allocation
3. Assertions about presentation and disclosure.
Occurrence and rights and obligation. Disclosed events and transactions and other
matters have occurred and pertained to the entity
Completeness All disclosures that should have been included e.g. compositions of
director‘s fees.
Measurement and valuation. Financial and other information are disclosed fairly and at
appropriate amounts
Classification and understandability. Financial information is appropriately presented
and described, and disclosures are clearly expressed
The auditor may use the assertions described above or may express them differently provided
all aspects described above have been covered.

Methods of obtaining audit evidence
The auditor may rely on sufficient appropriate evidence obtained by substantive testing to form
his opinion. Alternatively he may be able to obtain assurance from presence of a reliable
internal contrast system and therefore reduce the extent of substantive testing the auditor
obtains evidence in performing compliance and substantive procedures using the following
methods.
a) Inspection.
This consists of examining records, documents or tangible assets. The reliability of the
evidence obtained from inspection depends on nature, source and effectiveness of the internal
control system. Inspection of tangible assets provides evidence with the respect to the
existence but not to their value and ownership.
b) Observation
This involves looking at procedures being performed by others e.g. stock counting by client
personnel.
c) Inquiry and confirmation.
Inquiry consists of seeking information from knowledgeable persons inside and outside the
company. It ranges from formal written inquires addressed to the third parties to oral inquiries
addressed to persons within the entity. The information may be new to the auditor or may
corroborate evidence from other sources. Confirmation is the response to inquiry to corroborate
information contained in financial statements e.g. debtors circularization.
d) Recalculation and re-performance
This involves checking the arithmetic accuracy of source documents and accounting records or
performing independent computations e.g. re-computing amount of provision for depreciation
and comparing this against that computed by client.
e) Analytical procedures.
This is the analysis of relationships such as between items of financial data to identify
consistency and predicted patterns or significant fluctuations, unexpected relationships and
results of investigations thereof.

AUDIT EVIDENCE PROCEDURES/TECHNIQUES
Analytical procedures
Nature and purpose of analytical procedures
They are mainly used at 3 stages of the audit:

As part of the planning process
At the final review stage
As substantive procedures
Analytical procedures are involved in evaluation of financial statements information by a study

of relationships among financial and non financial information. A basic premise underlying the
application of analytical procedures is that logical or plausible relationship among data may be
expected to exist and continue in the absence of conditions to the contrary. Therefore the auditor
can use these relationships to obtain evidence of the financial statements amounts. A simple
analytical procedure is to compare revenue and expenses amounts for the current year to those
of prior periods noting any significant differences. Essentially, the process of performing
analytical procedures consists of four steps.
Develop an expectation of account balance or ratio

To determine the amount of difference from expectation that can be accepted without
investigation
Comparison of company‘s account balances or ratios with the expected.
Investigate and evaluate significant ratio differences from the expectation
1. Developing an expectation.
A variety of types of information are available to the auditor to develop an expectation for
analytical procedures including;
Financial information for comparable priority periods.

Anticipated results such as budgets and forecasts.
Relationships among elements of financial information within a period e.g. level of
debtors and credit sales.
Information derived from similar firms in the same industry e.g. industry wage average.
Relationships between financial and non financial data e.g. wage expenses and a
number of employees. In establishing these relationships, the auditor may use shillings
amount, physical quantities ratios or percentages.
To increase the precision of the analytical procedures, separate relationships may be computed
for each department or product line. Industrial average‘s provide a potentially rich source of
information in developing expectation for analytical procedures, since industry statistics may
alert auditors to classification error, improper application of accounting principles or other
misstatements in specific items in client‘s financial statements. However there may be

problems of lack of comparability among companies and inability to obtain current industry
data.
Methods of developing expectation on account balances and ratios
a) Trend analysis. This includes review of changes in an account balance over time e.g.
review of clients sales for the past six years may reveal a growth rate of 5%. This
information could assist auditor in developing an expectation of sales for the current
year.
b) Ratio analysis. This involves comparison of relationships between two or more
financial statement account balances or comparisons of an account balance to non
financial data e.g. revenue per sale order. The typical financial ratios are liquidity,
profitability, leverage and activity ratios.
Because ratio analysis involves examination relationships between two or more variables and
may involve industrial data, it is often a richer analysis than trend analysis. There are two basic
approaches to ratio analysis;
Horizontal analysis. This involves review of client‘s ratios and trends over time
Cross sectional analysis. This involves comparisons of ratios of similar firms at a given
point in time.
2. The amount of acceptable difference.
The amount of acceptable difference between the expectation and the financial statements
balance that can be accepted without investigation is determined primarily by the amount that is
considered to be a material misstatement However; this amount must be consistent with the
degree of assurance from the procedure. When trend or ratio analysis is used, the auditor
typically uses professional judgment to specify an absolute amount of difference or percentage
difference that will result into investigation.
3. Comparison of the account balance or ratio with the expected balance or ratio.
Once the auditor has determined the expectation and amount of acceptable difference, he
makes the actual comparison to determine where significant difference lies.
4. Investigation and evaluation of significant differences.

The auditor must investigate any significant differences and his expectation and the client‘s
financial statements balance or ratio to determine whether they represent misstatements. This
involves reconsidering the methods and factors used in developing the expectation. Inquiry to
management can be useful in this regard. Management explanations however must be ordinary
be supported with other audit evidence. If the explanations are not tallying with other audit
evidence, the editor will often be required to expand his tests of related financial amounts to
determine whether or not they are materially misstated.
Timing of analytical procedures
ISAs require the application of analytical procedures at the planning and overall review stages
of the audit. The auditor may also decide to use them during the audit on substantive tests to
provide evidence as to the reasonableness of specific account balances. Analytical procedures
performed in planning the audit are used to determine the nature, timing and extent of audit
procedures that will be used to obtain evidence about specific accounts. They are also used in
understanding the client‘s business at the planning stage.
Analytical procedures must be used as part of the overall review stage of an audit to assist the
auditor in assessing the adequacy of the evidence gathered and the validity of conclusions
reached. At the final review stage of an audit, the analytical procedures generally include
reviewing the financial statements and re-computing ratios if necessary to identify any unusual
or unexpected balance or that have not been previously identified and explained.
Where the auditors are not required to use analytical procedure as substantive tests, they are
usually most efficient tests of certain assertions .e.g. performing analytical procedures is the
most efficient way to evaluate competence of various revenue and expense accounts.
Extent of analytical procedures
Auditors must consider cost and likely effectiveness of analytical procedures in determining
how much they may be used for a particular audit A primary measure of the effectiveness of
analytical procedures is its precision. Precision depends on a number of factors including the
predictability of the relationship, the techniques used to develop the expectation and the
reliability of the underlying data used. Monthly data is more precise than yearly data.
Management representations ISA580
a) Oral representations.
Throughout an audit the auditors ask many questions to the officials and employees of Client
Company. Oral inquires are made on an endless range of topics from the location of records
and document, reasons for unusual account procedures and probability of collecting overdue
accounts receivable. In making inquires, the auditor should consider the knowledge,
objectivity, experience, responsibility and qualifications of individuals being questioned and
use carefully structured questions to address relevant issues. Client replies should be carefully
evaluated as appropriate and followed up with additional questions.
Generally, oral client representations are not sufficient themselves but they may be useful in
disclosing situations that require investigation or in corroborating other forms of evidence e.g.
after making careful analysis of all accounts receivable, the auditor normally discusses with the
credit manager, the prospects of collecting specific accounts.
b) Written representations.
The auditor must also obtain written representations from the client in accordance with
provisions of ISA 580. At conclusion of the audit, the auditor obtains from the client a written
representation letter. This letter summarizes the most important oral representations made by
management during the audit. Many specific items are included in this representation letter e.g.
management represents that all liabilities known to exist are reflected the financial statements.
The representations generally fall into the following broad categories;
All accounting records, financial data and minutes of director‘s meetings have been
made available to the auditor.
The financial statements are complete and were prepared in conformity with generally
accepted accounting principles.
Management believes that adjusting entries brought to the attention by the auditor and
not recorded are not material individually or collectively.
All items requiring disclosures such as contingencies, illegal acts and related parties
transactions have been properly disclosed.
ISA 580 requires the auditor to obtain representations letter on every engagement and provide
suggestions as to its form, content and guidance on how it is to be used as audit evidence and
actions to be taken if client refuses to provide representations. These letters are dated as of the
date of the auditor‘s report ordinarily the last day of field work and are usually signed by both
the client chief executive officer and the chief accountant. A client representations letter should
never be used as a substitute for performing other audit procedures. The financial statements
already constitute written representations by the client hence representation letter does little
more than assert that the original representations were correct.
Purposes of representations letter
To remind the client‘s directors of their primary responsibilities for the financial
statements.
Documents in the audit working papers, client responses to the significant questions
asked by the auditor during the engagement.
At times a representation letter may be the only evidence available in respect to
management future intentions e.g. whether a maturing debt is classified as a current or
long term liability will depend on whether management has both the ability and intent
to refinance the debt.
Management may be unwilling to sign letters of representation or pass minutes required by the
auditor. If management declines, the auditor should inform the management that he will himself
prepare a statement in writing setting out his understanding of any representations that they
have been made during the course of the audit and send this statements to management with a
request for confirmation that the auditor‘s understanding of the representations is correct.

If management disagrees with the auditor‘s statement of representations, discussions should be

held to clarify the matters in doubt and if necessary a revised statement prepared and agreed.
Should management fail to reply, the auditor should follow up the matter to ensure the position
as set out in his statement is correct
In rare circumstances, the auditor may be completely unable to obtain written representations
which he requires e.g. because of the refusal by management to cooperate or because
management declines to give proper representations required on the ground of its own
uncertainty regarding that particular issue. In such circumstances, the auditor may have to
conclude that he has not received all information and explanations required and consequently
may need to consider qualification his audit report an ground of limitation in scope of the
audit.
AUDIT SAMPLING AND OTHER MEANS OF TEXTING

This International Standard on Auditing (ISA 530) applies when the auditor has decided to use
audit sampling in performing audit procedures. It deals with the auditor‘s use of statistical and
non-statistical sampling when designing and selecting the audit sample, performing tests of
controls and tests of details, and evaluating the results from the sample.
Objective
The objective of the auditor, when using audit sampling, is to provide a reasonable basis for
the auditor to draw conclusions about the population from which the sample is selected.
Definitions
For purposes of the ISAs, the following terms have the meanings attributed below:
a) Audit sampling (sampling) – The application of audit procedures to less than 100% of
items within a population of audit relevance such that all sampling units have a chance of
selection in order to provide the auditor with a reasonable basis on which to draw
conclusions about the entire population.
b) Population – The entire set of data from which a sample is selected and about which the
auditor wishes to draw conclusions.
c) Sampling risk – The risk that the auditor‘s conclusion based on a sample may be
different from the conclusion if the entire population were subjected to the same audit
procedure. Sampling risk can lead to two types of erroneous conclusions:
i. In the case of a test of controls, that controls are more effective than they actually
are, or in the case of a test of details, that a material misstatement does not exist
when in fact it does. The auditor is primarily concerned with this type of erroneous
conclusion because it affects audit effectiveness and is more likely to lead to an
inappropriate audit opinion.
ii. In the case of a test of controls, that controls are less effective than they actually
are, or in the case of a test of details, that a material misstatement ISA 500, ―Audit
Evidence.‖ exists when in fact it does not. This type of erroneous conclusion affects
audit efficiency as it would usually lead to additional work to establish that initial
conclusions were incorrect.
d) Non-sampling risk – The risk that the auditor reaches an erroneous conclusion for any
reason not related to sampling risk.
e) Anomaly – A misstatement or deviation that is demonstrably not representative of

misstatements or deviations in a population.
f) Sampling unit – The individual items constituting a population.
g) Statistical sampling – An approach to sampling that has the following characteristics:

i. Random selection of the sample items; and
ii. The use of probability theory to evaluate sample results, including measurement
of sampling risk.
A sampling approach that does not have characteristics (i) and (ii) is considered non-
statistical sampling
h) Stratification – The process of dividing a population into sub-populations, each of which

is a group of sampling units which have similar characteristics (often monetary value).
i) Tolerable misstatement – A monetary amount set by the auditor in respect of which the
auditor seeks to obtain an appropriate level of assurance that the monetary amount set by
the auditor is not exceeded by the actual misstatement in the population.
j) Tolerable rate of deviation – A rate of deviation from prescribed internal control

procedures set by the auditor in respect of which the auditor seeks to obtain an appropriate
level of assurance that the rate of deviation set by the auditor is not exceeded by the actual
rate of deviation in the population.
Reasons for sampling
i. A complete check for all transactions and balances a business is no longer possible
owing to the numerous numbers of transactions.
ii. Time factor. Examining all the transactions will take a lot of time. The cost of doing this
will be prohibitive because audit fees are largely based on amount of time spent on
assignment. Also a complete check will take so long that the accounts will be ancient
history before users saw them.
iii. The objective of an audit is to express an opinion as to whether the financial statements
show a true and a fair view. It is possible for the auditor to obtain the assurance without
examining all transactions. The use of sampling with properly set out objectives and
properly constructed tests allows more valid conclusions to be reached than when many
transactions as possible are tested. This is because detailed testing is done on a sample.
iv. A complete check would bore the audit staff so much that their work would become
ineffective and errors would remain unidentified.
Cases where sampling is inappropriate
i. When population is small, statistical sampling will create an unacceptable margin of

error. If the population is not sufficiently large, then statistical methods are invalid.
Instances where transactions or balances are small in number but material in relation to
financial statements e.g. directors fees should never be sampled and any transactions
involving a large capital expenditures.
ii. Any situation where the auditor is put on high alert a result of earlier tests or
information is received indicating material fraud in a certain accounting areas.
iii. For statutory disclosure items such as director‟ s salaries, a full audit check is desirable
because materiality consideration does not apply in this case.
iv. Where population is not homogenous and requires stratification, it is not possible to
select a representative sample.
v. When the population has not been maintained in a manner suitable for audit sampling
e.g. if sales invoices are filed according to customer name as opposed to a numerical
order.
Stages in audit sampling
a) Planning the sample
When planning how to carry out sampling, the auditor considers the following:
i. Objectives of tests and combinations of audit procedures which are likely to achieve the
objectives e.g. objective to verify compliance of the debtors balances.
ii. The population and sampling units should be appropriate to the objectives of sampling
e.g. if auditors objective is to test overstatement of debtors, an appropriate population
would be a list of total debtors.
iii. Definition of errors is substantive testing and deviation in compliance testing. Before
performing testing on a chosen sample, the auditor should define clearly test results and
conditions that will be considered errors or deviations by reference to audit objective.
For substantive testing, the auditor should project errors found in the sample to
population and consider the effect of projected errors on a particular test objective.

b) Determination of sample size.
The auditor needs to determine the appropriate size of the sample on which audit procedures
will be applied. Sample size is determined by;
i. The tolerable error. The larger the tolerable error, the smaller the sample size
required for a given test.
ii. Auditor‘s assessment of the inherent risk. The higher the assessment of inherent
risk, the larger the sample size is required. Higher inherent risk implies that there is
a greater risk of an account balance being misstated and this may be reduced by
testing a larger sample.
iii. Auditor‘s assessment of control risk. A higher control risk implies that little reliance
can be placed on effectiveness of operations of internal controls and the sample size
needs to be increased.
iv. Auditor‘s required confidence level. The greater the degree of confidence level the
auditor requires, the larger the sample size needs to be so that the results of the
sample are in fact representative of the actual amount of error in the population.
c) Selecting items to be tested.

The sample selected should be a true representative of the population so that the auditor can
draw conclusions about the entire population. All sampling units should have an equal chance
of being selected. Common sampling methods are;
i. Random sampling. This is done by use of random number tables or use computers to
select sampling units
ii. Systematic selection. In this type of sampling, units in the population are divided by the
sample size to give sampling intervals e.g. if the population to be sample has 600 items
and sample size is 50, the sampling interval will be 12. One of the first 12 items will be
selected as the starting point and thereafter, every twelfth item will be selected i.e. if the
first item selected is third item, every 15th, 27 th, 39 th and so on items will be picked.
However, the auditor needs to determine that sampling units within the population are
not structured in a way that sampling intervals corresponds to a particular pattern in the
population.
iii. Haphazard selection. The auditor selects a sample without following structured
techniques. The auditor should avoid conscious bias and predictability in selecting
items in attempt to ensure that all items in the population have a chance of being
selected. This technique is not suitable for statistical sampling.
iv. Block selection. This involves selecting a group of continuous items within the
population e.g. all sales transactions for August. Block sampling cannot be ordinarily
used in audit sampling because most populations are structured such that items in a
sequence can be expected to have similar characteristics therefore the sample selected
may not be representative of the population.

d) Testing.
After selecting the sample items the auditor should carry out the predetermined test on each
item.
e) Evaluating results of the test.
The following procedures should be followed.

i. The auditor should estimate the expected error or deviation rate in the whole population
by projecting the results of the sample to the population. This is then compared with the
tolerable error.
ii. The auditor should assess the risk of an incorrect conclusion. In general, expected error
is rarely a precise measure of the actual error in the population. Actual error may be
greater or smaller than projected error. The auditor most therefore consider on the basis
of his sample results and relevant evidence from other sources, the possible levels which
actual error or deviation might take.
Main approaches to audit sampling
a) Judgmental sampling
This is also called non-statistical sampling. It involves using experience and knowledge of
client‘s business and circumstances to select and taste a sample without using any
mathematical of or statistical tools. The auditor does not rely on probability theory and uses
judgment in making sampling decisions.
Advantages of judgmental sampling

i. It is well understood and refined by experience
ii. Opportunity to use expertise and knowledge in selecting sample units i.e. no special
knowledge and statistics is required. The auditor simply uses his judgment in making
sampling deacons
iii. No time is wasted on the mechanics of statistical tools. The time which could have been
spent on constructing sample and computing mathematical implications of results
obtained is spent on auditing sample units.
Disadvantages of judgmental sampling
i. Unscientific. The approach does not form a strong basis of defense. It is difficult to
justify why the auditor selected some items and left out others.
ii. Wasteful as large simples need to be selected. This is because in effort to reduce the
sampling risk, the auditor attempts to select as many items as possible as opposed to
statistical sampling where sample size is determined using probability theory.
iii. Samples may not be representative of the population and thus results cannot be
projected to the population.
iv. There is danger of personal bias in selecting samples.
b) Statistical sampling.
This involves two steps;
i. Use of random selection to pick a sample.
ii. Use of probability theory to determine the sample size, evaluate quantitatively the
sample results and measure sampling risk. Statistical sampling differs from non
statistical sampling in that the auditor uses probability theory to measure the
sampling risk and evaluate the sample results.
Advantages of statistical sampling

i. It is scientific and defensible. The auditor can justify the items selected because
these are selected randomly.
ii. Elimination of personal bias. The sample selected is unbiased which increases
reliability of audit evidence.
iii. Small samples are selected which improve the efficiency of the exercise. This is
because probability theory helps determine a precise sample size.
Disadvantages of statistical sampling
i. It is difficult to extract samples especially if documents are not sequentially

numbered.
ii. The need to follow a predetermined statistical report may reduce initiative and the
need to apply judgment by the auditor.
iii. The result may be misunderstood if audit staff are not properly trained on use of the
techniques.
iv. It may not be suitable for all applications. Probability theory works best for large
populations and therefore cannot be applied for small populations.
v. It is expensive because extensive staff training is required and the use of
information technology.
Factors considered before adopting statistical sampling
i. The number of clients to whom a technique as appropriate. This is because the set
up and training costs are high.
ii. Whether large population exists. Statistics is the science of large numbers. Where
organizations are small with few transactions, a statistical approach is inappropriate.
iii. Adequate controls must exist where they are no controls it is impossible to use
statistical techniques because of increased statistical errors
iv. The population being tested must be homogenous.
v. Sampling units must be separately identifiable and therefore sequential numbering
is essential.
vi. The expectation of the error must be low i.e. the internal control system of
organization must be reliable.
vii. The risk factors. The level of risk allowable and the degree of risk attached to an
item being tested must be considered.
Qualities of a good sample

i. It should be representative of the population. The sample should be representative of
the differing items in the whole population.
ii. The size of the sample should be appropriate given the various risk considerations
i.e. where the expected error is high, a large sample is chosen.
iii. Unpredictable. The client should not be able to know in advance which items will
be examined.
Sampling methods
1. Estimation sampling for variables.
2. Estimation sampling for attributes.
3. Acceptance sampling.
4. Discovery sampling
1. Estimation sampling for variables
This method seeks the estimate the total value of some population e.g. total value of debtors,
stock or loose tools. The procedure is to extrapolate estimate or form an opinion using the
facts that are valid for one situation (sample) supposing that they will be valid in the new
situation. This estimate can be compared with the book value and if any difference is within
the materiality limits pre-established, the auditor has evidence for the book value of the item.
2. Estimation sampling for attributes
This method seeks to estimate the proportion of a population having particular characteristic
e.g. overdue debts or damaged inventory.
3. Acceptance sampling
This method seeks to discover the error rate in a population to determine a maximum error
rate.
Its uses include;
i. Whether a control can be relied upon. If non compliance is greater than the
acceptable rate, the control will not be relied upon and other audit tests will have to
be applied.
ii. Used to test whether stock calculation can be relied upon. If the error rate is greater
than some acceptable proportion, the auditor will have to request the client to redo
the calculations.
4. Discovery sampling
This method extends acceptance sampling to an acceptance level of zero. E.g. a system with
controls exists in an investment trust company to ensure that all bonus issues are recorded.
Even if one bonus has not been recorded, the auditor will be unable to accept the controls and
will have to seek other evidence. This method requires a large sample. A form of discovery
sampling is monetary unit sampling.
Monetary unit sampling
Monetary unit sampling is appropriate for use with large variance population e.g. debtors or
stock where individual units have widely different sizes or values. This method is suited to a
population where errors are not expected and it implicitly takes into account the auditor‟ s
concept of materiality.
Procedure of monetary unit sampling

i. Determine the sample size taking into account the size of the population and the
minimum acceptable error rate.
ii. List the items of population e.g. list of debtors could be as
Debtor Amount (Sh) Cumulative

amount
TMK& Co. 500 500
AQ & Sons 20 520
T Ltd 1,450 1,970
W Co. 4,420 6,390
: :
240,000
Total 240,000
iii. Assume that the total numbers of debtors is 1500. If sample size chosen is 100 items,
then a random start of say Shs 1000 can be chosen and every Shs 2100th item
thereafter i.e. using systematic sampling with random start. The idea is that the
population of debtors is not 1500 but Shs 240000 with single units of Shs 1.
Therefore, we chose to sample to be picked from the cumulative shillings amount.
iv. At the end of the process, evaluate the result which might be a conclusion that the
auditor is 95% confident that the debtors are overstated by more than Shs. X where
X is the materiality factor chosen.
v. If the conclusion is that the auditor finds that the debtors are overstated by more
than Shs X, then he may take a large sample or investigate the debtors fully.

Disadvantages of monetary unit sampling
i. Does not cope easily with errors of understatement. A debtors balance which is
understated will have a smaller chance of being selected than if it was correctly
valued hence there is a reduced chance of selecting that balance and discovering the
error.
ii. It can be difficult to select samples where a computer cannot be used e.g. where the
accounting system of an organization is manual. Manual selection will involve
adding items cumulatively through the entire population which is very tiring.
iii. It is not possible to extend a sample if the error rate turns out to be higher than the
expected error. In such cases an entirely new sample must be selected and
evaluated.
iv. Monetary unit sampling is useful especially in testing for overstatements where
significant understatements are not expected i.e. when dealing with debtors, fixed
assets and stock it is clearly not suitable for testing creditors where understatement
is the primary characteristic to be tested.
AUDIT TESTING
Types of Audit Tests

1. Risk Assessment Procedures
2. Test of Controls
3. Substantive Tests of Transactions
4. Analytical Procedures
5. Tests of Details of Balances
Risk Assessment Procedures
Collectively, procedures performed to obtain an understanding of the entity and its

environment, including internal controls, represent the auditor's risk assessment procedures;
Performed to assess the risk of material misstatement in the financial statements; A major part
of the auditor's risk assessment procedures are done to obtain an understanding of internal
control
Tests of Controls
The auditor's understanding of internal controls is used to assess control risk for each
transaction-related audit objective;
Two Types of Evidence for Tests of Controls
a. Inquiries of appropriate client personnel

b. Examining documents, records, and reports

Substantive Tests of Transactions
Substantive Tests are procedures designed to test for dollar misstatements that directly affect the
correctness of financial statement balances; Substantive tests of transactions are used to
determine whether all six transaction related audit objectives have been satisfied for each class
of transactions
Two types of Evidence for Substantive Tests of Transactions

a. Verifying the recording and summarizing of sales and cash receipts transactions
b. Making sure recorded sales transactions exist and existing sales are recorded
Comparisons of recorded amounts to expectations developed by the auditor; must be done

during planning and completing the audit; two most important purposes of analytical
procedures in the audit of account balances are to indicate possible misstatements and provide
substantive evidence.
Two types of Evidence for Analytical Procedures

a. Calculating the gross margin in the completing and planning phases
b. Predicting the ending balance and comparing the recorded balance to the prediction
Tests of Details of Balances
Focus on the ending general ledger balances for both balance sheet and income statement
accounts; emphasis is mostly on the balance sheet; help establish the monetary correctness of
the accounts they relate to and therefore are substantive test; the extent of these tests depends
on the results of tests of controls, substantive tests of transactions, and substantive analytical
procedures
Two Types of Evidence for Tests of Details of Balances

a. Confirmation of customer balances for accounts receivable
b. Physical examination of inventory

AUDIT OF SPECIFIC ITEMS
AUDIT PROCEDURES FOR TANGIBLE NON-CURRENT ASSETS
Tangible non-current assets, is a key area of the statement of financial position. Key areas
when testing tangible non-current assets are:
i. Confirmation of ownership
ii. Inspection of non-current assets
iii. - Valuation by third parties
iv. Adequacy of depreciation rates
Assertion: Completeness
  Obtain or prepare a summary of tangible non-current assets showing how:

  Gross book value
  Accumulated depreciation
  Net book value reconcile with the opening position.
 Compare non-current assets in the general ledger with the non-current assets register
 and obtain explanations for differences.
 For a sample of assets which physically exist agree that they are recorded in the non-
 current asset register.
 If a non-current asset register is not kept, obtain a schedule showing the original costs
 and present depreciated value of major non-current assets.
 Reconcile the schedule of non-current assets with the general ledger.
Existence
 Confirm that the company physically inspects all items in the non-current asset register
 each year.
  Inspect assets, concentrating on high value items and additions in-year.
  Confirm that items inspected:
Exist
Are in use
Are good condition
Have correct serial numbers
  Review records of income-yielding assets.
 Reconcile opening and closing vehicles by numbers as well as amounts.

Valuation
  Verify valuation to valuation certificate.

  Consider reasonableness of valuation, reviewing:
Experience of valuer
Scope of work
Methods and assumptions used
Valuation bases are in line with accounting standards
  Reperform calculation of revaluation surplus.
 Confirm whether valuations of all assets that have been revalued have been updated
regularly (lull valuation every five years and an interim valuation in year three
generally) by inquiries of Finance Director and inspection of previous financial
 statements.
 Inspect draft accounts to check that client has recognised in the statement of
comprehensive income revaluation losses unless there is a credit balance in respect of
that asset in equity, in which case it should be debited to equity to cancel the credit. All
revaluation gains should be credited to equity.
  Review depreciation rates applied in relation to:
Asset lives
Residual values
Replacement policy
Past experience of gains and losses on disposal
Consistency with prior years and accounting policy
Possible obsolescence
 Review non-current assets register to ensure that depreciation has been charged on all
 assets with a limited useful life.
 For revalued assets, ensure that the charge for depreciation is based on the revalued
 amount by recalculating it for a sample of revalued assets.
  Reperform calculation of depreciation rates to ensure it is correct.
  "Compare ratios of depreciation to non-current assets (by category) with:
Previous years
Depreciation policy rates
 Scrutinise draft accounts to ensure that depreciation policies and rates are disclosed in
 the accounts.
 Review insurance policies in force for all categories of tangible non-current assets and
consider the adequacy of their insured values and check expiry dates.

- Verify title to land and buildings by inspection of:
• Title deeds
• Land registry certificates
• Leases
- Obtain a certificate from solicitors/bankers:
• Stating purpose for which the deeds are being held (custody only)
• Stating deeds are free from mortgage or lien.

- Inspect registration documents for vehicles held, confirming that they are in client's
name.
- Confirm all vehicles are used for the client's business.
- Examine documents of title for other assets (including purchase invoices, architects'
certificates, contracts, hire purchase or lease agreements).
- Review for evidence of charges in statutory books and by company search.
- Review leases of leasehold properties to ensure that company has fulfilled covenants
therein.
- Examine invoices, received after year-end, orders and minutes for evidence of capital
commitments
Additions
These tests are to confirm rights and obligations, valuation and completeness.
- Verify additions by inspection of architects' certificates, solicitors' completion
statements, suppliers' invoices etc.
- Review capitalisation of expenditure by examining for non-current assets additions and
items in relevant expense categories (repairs, motor expenses, sundry expenses) to
ensure that:
- Capital/revenue distinction is correctly drawn
- Capitalisation is in line with consistently applied company policy
- Inspect non-current asset accounts for a sample of purchases to ensure they have been
properly allocated.
- Check purchases have been authorised by directors/senior management by reviewing
board minutes.
- Ensure that appropriate claims have been made for grants, and grants received and
receivable have been received, by inspecting claims documentations and bank
statements.
- Check additions have been recorded by scrutinising the non-current asset register and
general ledger.
Self constructed assets
These tests are to confirm valuation and completeness.

- Verify material and labour costs and overheads to invoices, wage records etc.
- Ensure expenditure has been analysed correctly and properly charged to capital.
- Expenditure should be capitalised if it:
• Enhances the economic benefits of the asset in excess of its previously assessed
standard of performance
• Replaces or restores a component of the asset that has been treated separately for
depreciation purposes, and depreciated over its useful economic life

• Relates to a major inspection or overhaul that restores the economic benefits of

the asset that have been consumed by the entity, and have already been reflected
in depreciation
- Review costs to ensure that no profit element has been included.

- Review accounts to ensure that finance costs have been capitalised or not capitalised on
a consistent basis, and costs capitalised in period do not exceed total finance costs for
period.
Disposal
These tests are to confirni rights and Obligations, completeness, occurrence and accuracy.
- Verify disposals with supporting documentation,, checking transfer of title, sales
price and dates of completion and payment.
- Recalculate profit or loss on disposal.
- Check that disposals have been authorised by reviewing boards minutes.
- Consider whether proceeds are reasonable.
- If the asset was used as security, ensure release from security has been correctly
made.
Classification and understandability
- Review non-current asset disclosures in-the financial statements to ensure they meet
lAS 16 criteria.
- For a sample of fully depreciated assets, inspect the register to ensure no further
depreciation is Charged.
- Inspect draft accounts to ensure that depreciation policies and rates are correctly
disclosed
AUDIT PROCEDURE FOR INTANGIBLE NON-CURRENT ASSETS
Key assertions for intangible non-current assets are existence and valuation.
The key assertions relating to intangible are existence (not so much 'do they exist`?', hut, are
they genuinely assets?) and valuation.
AUDIT PLAN
Goodwill
- Agree the consideration to sales agreement by inspection.
- Consider whether asset valuation is reasonable.
- Agree that the calculation is correct by recalculation.
- Review the impairment review and discuss with management.
- Ensure valuation of goodwill is reasonable/there has been no impairment not adjusted

through discussion with management.
Research and development costs

- Confirm that capitalised development costs conform to lAS 38 criteria by inspecting
details of projects and discussions with technical managers.
- Confirm feasibility and viability by inspection of budgets.
- Recalculate amortisation calculation, to ensure it commences with production/is
reasonable. Inspect invoices to verify expenditure incurred on R&D projects:
Other intangible assets

- Agree purchased intangibles to purchase documentation agreement by inspection.
- Inspect specialist valuation of intangibles and ensure it is reasonable.
- Review amortisation calculations and ensure they are correct by recalculation.
AUDIT OF RECEIVABLES
Receivables are usually audited using a combination of tests of detail and analytical
procedures.
The audit of receivables is important as this is likely to be a material area: A combination of
analytical procedures and tests of detail are used, with sales also being tested in conjunction
with trade receivables.
The following assertions apply:
Assertions about classes of transactions
- Occurrence: All sales transactions recorded have occurred and relate to the entity
- Completeness: All sales transactions that should have been recorded have been
recorded
- Accuracy: Amounts relating to transactions have been recorded appropriately
- Cut-off: All transactions have been recorded in the correct period
- Classification: All transactions are recorded properly
Assertions about account balances at the period-end
- Existence: Recorded receivables exist

- Rights and obligations: The entity controls the rights to receivables and related
accounts
- Completeness: All receivables that should have been recorded have been recorded
- Valuation and allocation: Receivables are included in the accounts at the correct
amounts
Assertions about presentation and disclosure
- Occurrence, rights and obligations: All disclosed events and transactions relating to
receivables have occurred and pertain to the entity
- Completeness: All disclosures required have been included
- classification and understandability: Financial information is appropriately presented
and described and I disclosures clearly expressed
- Accuracy and valuation: Financial and other information is disclosed fairly and at
appropriate amounts
Audit procedures for receivables
Existence, completeness and valuation are key assertions relating to the audit of receivables.
Audit procedures for receivables are set out in the table below. This covers the audit of sales
and prepayments as well as trade receivables. Receivables are often tested in conjunction with
sales. The key assertions for sales are occurrence, completeness and accuracy.
Completeness
- Agree the balance from the individual sales ledger accounts to the aged receivables'
listing and vice versa.
- Match the total of the aged receivables' listing to the sales ledger control account.
- Cast and cross cast the aged trial balance before selecting any samples to test.
- Trace a sample of shipping documentation to sales invoices and into the sales and
receivables' ledger.
- Complete the disclosure checklist to ensure that all the disclosures relevant to
receivables have been made
- Compare the gross profit percent by product line with the previous year and industry
data.
- Compare the level of prepayments to the previous year to ensure the figure is materially
correct and complete.
Existence
- Perform a receivables' circularisation on a sample of year-end trade receivables

- Follow up all balance disagreements and non-replies to the receivables' confirmation,
- Perform alternative procedures for any exceptions and non-replies to the receivables
confirmation, such as:
- Review after-date cash receipts by inspecting bank statements and cash receipts
documentation.
- Examine. the customer's account and .customer correspondence to assess whether the
balance outstanding represents specific invoices and confirm their validity.
- Examine the underlying documentation (purchase order, dispatch documentation,
duplicate sales invoice etc).
- Inquire from management explanations for invoices remaining unpaid after subsequent
ones have been paid.
- Observe whether the balance on the account is growing and if so, find out why by
discussing with management.
- Review bank confirmation for any liens on receivables.

- Make inquiries of management, review loan agreements and review board minutes for
any evidence of receivables being sold (e.g. to factors).
Valuation and allocation

- Compare receivables' turnover and receivables' days to the previous year and/or to
industry data.
- Compare the aged analysis of receivables from the aged trial balance
- Review the adequacy of the allowance for uncollectable accounts through discussion
with management.
- Compare the bad debt expense as a percent of sales to the previously and/or to industry
data
- Compare the allowance for uncollecta.ble accounts as a percent of receivables or credit
sales to the previous year and/or to industry
- Examine large customer accounts individually and compare to the previous year's
balances.
- For a sample of old debts on the aged trial balance, obtain further information regarding
their recoverability by discussions with management and review of customer
correspondence.
- For a sample of prepayments from the prepayments' listing, recalculate the amount
prepaid to ensure that it has been accrual calculated.
Cut off
- For a sample of sales invoices around the year-end, inspect the dates and compare with-
the dates of dispatch and the dates recorded in ledger for application of correct cut-off.
- For sales returns, select a sample of returns documentation around the year-end and
trace to the related credit entries.
- Perform analytical procedures on sales returns, comparing the ratio of sales returns to
sales. Review material after-date invoices, credit notes and adjustments' ensure that
they are recorded correctly in the relevant financial period
Classification
Take a sample of sales invokes and examine for proper classification into revenue accounts
Accuracy
- For a sample of sales invoices, compare the prices and terms to the authorised price list
and terms of trade documentation
- Test whether discounts have been properly applied by recalculating them for a sample
of invoices
- Test the correct calculation of tax on a sample of invoices
Occurrence
For a sample of sales transactions recorded in the ledger, vouch the sales invoice back to
customer orders and dispatch documentation.
Occurrence and rights and obligations

Determine, through discussion with management, whether any receivables have been pledged,
assigned or discounted and whether such items require disclosure in the financial statements.

- Review the aged analysis of receivables for any large credits, non trade receivables and
long-term receivables and consider whether such items require separate disclosure.
- Read the disclosure notes relevant to receivables in the draft finance' statements and
review for understandability
Accuracy and valuation

Read the disclosure notes to ensure the information is accurate and properly presented at the
THE RECEIVABLES CONFIRMATION
A confirmation of receivables is a major procedure, usually achieved by direct contact with

customers.
Receivables are usually audited using a combination of tests of detail and analytical
procedures. Existence, completeness and valuation are key assertions relating to the audit of
receivables.
A confirmation of receivables is a major procedure, usually achieved by direct contact with
customer. There are two methods of confirmation: positive and negative.
Objectives of confirmation
Part of ISA 505 External Confirmation states that, when it is reasonable to expect customers to
respond, the auditors should ordinarily plan to obtain direct confirmation of receivables to
individual entries in an account balance.
The verification of trade receivables by direct confirmation is therefore the normal means of
providing audit evidence to -satisfy the objective of checking whether customers exist and
owe bona fide amounts to the company (existence and rights and obligations).
Confirmation will produce for the current audit file a written statement from each respondent
that the amount owed at the date of the confirmation is correct. This is, prima facie, reliable
audit evidence, being from an independent source and in documentary form. The confirmation
of receivables on a test basis should not be regarded as replacing other normal audit tests, such
as the testing in-depth of sales transactions, but the results may influence the scope of such
tests.
Timing of confirmation
Ideally the confirmation should take place immediately after the year-end and hence cover the
year-end balances to be included in the balance sheet. However, time constraints may make it
impossible to achieve this ideal.
In these circumstances it may be acceptable to carry out the confirmation prior to the year-end
provided that confirmation is no more than three months before, the year-end and internal
controls are strong.
Client's mandate
Confirmation is essentially an act of the client, who alone can authorise third parties to divulge
information to the auditors.
The ISA outlines what the auditors' response should be when management refuses permission
for the auditors to contact third parties for evidence. Note that this applies to all such external
confirmations, not just trade receivables' circularisations.
If management asks the auditor not to seek the confirmation, the auditor should consider if
there are valid grounds for the request and obtain evidence to support this. If the auditor-
agrees not to seek external confirmations, other procedures should be carried out to obtain
'sufficient appropriate audit evidence. If the auditor does not accept the validity of
management's request and is prevented from undertaking the confirmations, this may impact
on the auditor's report.
Positive v negative confirmation

When confirmation is undertaken the method of requesting information from the customer
may be either positive or negative.
Under the positive method the customer is requested to confirm the accuracy of the balance
shown or state in., what respect he is in disagreement..
Under the negative method the customer is requested to reply only if the amount stated is
disputed.
The positive method is generally preferable as it is designed to encourage definite replies from
those contacted.
The negative method may be used if the client has good internal controls, with a large number
of small accounts. In some circumstances, say where there are a small number of large
accounts and a large number of small accounts, a combination of both methods may be
appropriate.
The statements will normally be prepared by the client's staff, from which point the auditors,
as a safeguard against the possibility of fraudulent manipulation, must maintain strict control
over the preparation and dispatch of the statements.
Sample Selection
Auditors will normally only contact a sample of accounts receivable. If this sample is to yield a
meaningful result, it must be based upon a complete list of all accounts receivable. In addition,
when constructing the sample, the following classes of account should receive special
attention:
- Old unpaid accounts
- Accounts written off during the period under review
- Accounts with credit balances
- Accounts settled by -round sum payments
- Accounts with nil balances
- Accounts which have been paid by the date of the examination
Follow-up procedures
Auditors will have to carry out further work in relation to those receivable who:
- Positive and negative confirmation - Disagree with the balance stated
- Negative confirmation — Do not respond
In the case of disagreements, the customer response should have identified specific amounts
which are disputed
Reasons for disagreement

There is a dispute between the client and the customer. The reasons for the dispute would have
to be identified, and provision made if appropriate against the debt.
- Cut-off problems exist, because the client records the following year's sales in the
current year or because goods returned by the customer in the current year are not
recorded in the current year. Cut-off testing may have to be extended.
- The customer may have sent the monies before the year-end, but the monies were not
recorded by the client as receipts until after the year-end. Detailed cut-off work maybe
required on_ receipts.
- Monies received may have been posted to the wrong account or a cash-in-transit
account.
- Auditors should check if there is evidence of other mis-posting. If the monies have been
posted to a cash-in-transit account, auditors should ensure this account has been cleared
promptly.
- Customers who-are also suppliers may net-off balances owed and owing. Auditors
should check that this is allowed.
- Teeming and lading, stealing monies and incorrectly posting other receipts so that no
particular customer is seriously in debt is a fraud that can arise in this area. If auditors
suspect teeming and lading has occurred, detailed testing will be required on cash
receipts, particularly on prompt posting of cash receipts.
When the positive confirmation method is used the auditors must follow up by all practicable
means those receivables who fail to respond. Second requests should be sent out in the event of
no reply being received within two or three weeks and if necessary this may be followed by
telephoning the customer, with the client's permission.
After two, or even three, attempts to obtain confirmation, a list of the outstanding items will
normally be passed to a responsible company official, preferably independent of the sales
accounting department, who will arrange for them to be investigated
The receivables' confirmation provides good audit evidence of the existence of receivables,
but not necessarily of their valuation. Therefore, in a question on the audit of receivables,
remember to include other audit procedures such as analytical procedures.
AUDIT OF CASH AND BANK
'Cash' in the financial statements represents cash in-hand and cash on deposit in bank accounts.
Most accounting transactions pass through the cash account so cash is affected by all of the
entity's business processes, and is particularly impacted by the sales and purchases processes.
We consider the substantive audit testing applied to the year-end cash figure.
Audit objectives for cash

The following table demonstrates the audit objectives for cash balances and how these are
related to the financial statement assertions relevant to this account area. The audit procedures
described in the remainder of this chapter are undertaken to provide audit evidence to support
these financial statement assertions.
Financial statement assertion and the Audit objective

- Existence: Recorded cash balances exist at the period-end
- Completeness: Recorded cash balances include the effects of all transactions that have
occurred
- Rights and obligations: The entity has legal title to all cash balances shown at the
period-end
- Valuation: Recorded cash balances are realisable at the amounts stated
Assertions relating to presentation and disclosure (classification and understandability,

occurrence and rights and obligations, accuracy and valuation, completeness) -
Disclosures relating to cash are adequate and in accordance with accounting standards
and legislation

BANK
Bank balances are usually confirmed directly with the bank in question.
Bank confirmation procedures

The audit of bank balances will need to cover completeness, existence, rights and obligations
and valuation. All of these assertions can be audited directly by obtaining third party
confirmations from the client's banks and reconciling these with the accounting records,
having regard to cut-off.
The audit objectives linking these assertions are as follows:

- existence: Recorded cash balances exist at the year-end completeness: Recorded cash
balances include the effects of all transactions that occurred
- cut-off: Year-end transfers are recorded in the correct period
- valuation and allocation: Recorded balances are realisable at the amounts stated
- rights and obligations: The entity has legal title to all cash balance shown at the year-
end
This type of audit evidence is valuable because it comes directly from an independent source
and; therefore, provides greater assurance of reliability than that obtained solely from the
client's own records.
The-bank letter is mentioned as a source of external third party evidence in ISA 505 .External
Confirmations and guidance to auditors is provided in ZAPS 1000 Inter-bank confirmation
procedures.
Confirmation requests
The bank confirmation letter can be used to ask a variety of questions, including queries about
outstanding interests, contingent liabilities and guarantees.
The auditors should decide from which bank or banks to request confirmation, having regard
to such matters as size of balance, volume of activity, degree of reliance on internal control,
and materiality within the context of the financial statements.
The auditors should determine which of the following approaches is the most appropriate in
seeking confirmation of balances or other information from the bank:
- Listing balances and other information, and requesting confirmation of their accuracy
and completeness, or
- Requesting details of balances and other information, which can then be compared with
the requesting client's records
In determining which of the above approaches is the most appropriate, the auditors should
weigh the quality of audit evidence they require in the particular circumstances against the
practicality of obtaining a reply from the confirming bank.
Difficulty may be encountered in obtaining a satisfactory response even where the client
company submits information for confirmation to the confirming bank. It is important that a
response is sought for all confirmation requests. Auditors should not usually request a
response only if the information submitted is incorrect or incomplete.
Preparation and dispatch of requests and receipt of replies

Control over the content and dispatch of confirmation requests is the responsibility of the
auditors. However, it will be necessary for the request to be authorised by the client entity.
Replies should be returned directly to the auditors and to facilitate such a reply, a pre-
addressed envelope should be enclosed with the request.
Content of confirmation requests

The form and content of a confirmation request letter will depend on the purpose for which it
is required and on local practices.
The most commonly requested information is in respect of balances due to or from the client
entity on current, deposit, loan and other accounts. The request letter should provide the
account description number and the type of currency for the account.
It may also be advisable to request information about nil balances on accounts, and accounts
which were closed in the 12 months prior to the chosen confirmation date. The client entity
may ask for confirmation not only of the balances on accounts but also, where it may be
helpful, other information, such as the maturity and interest terms on loans and overdrafts,
unused facilities, lines of credit/standby facilities, any offset or other rights or encumbrances,
and details of any collateral given or received.
The client entity and its auditors are likely to request confirmation of contingent liabilities,
such as those arising on guarantees, comfort letter, bills and so on.
Banks often hold securities and other items in safe custody on behalf of customers. A request
letter may thus ask for confirmation of such items held by the bank. The procedure is simple
but important, and outlined below.
a. The banks will require explicit written authority from their client to disclose the
information requested.
b. The auditors' request must refer to the client's letter of authority and the date thereof.
c. Alternatively it may be countersigned by the client or it may be accompanied by a
specific letter of authority.
d. In the case of joint accounts, letters to authority signed by all parties will be necessary.
e. Such letters of authority may either give permission to the bank to disclose
information for a .specific request or grant permission for an indeterminate length of
time.
f. The request should reach the branch manager at least one month in advance of the
client's year
g. The auditors should themselves check that the bank response covers all the
information in the standard and other responses.

Cut-off
Care must be taken to ensure that there is no window dressing, by auditing cut-off carefully.
Window dressing in this context is usually manifested as an attempt to overstate the liquidity
of the company by:
a. Keeping the cashbook open to take credit for remittances actually received after the
year-end, thus enhancing the balance at bank and reducing receivables
b. Recording cheques paid in the period under -review which are not actually dispatched
until after the year-cud, thus decreasing the balance at bank and reducing liabilities
A combination of (a) and (b) can contrive to present an artificially healthy looking current
ratio.
With the possibility of (a) above in mind, where lodgments have not been cleared by the bank
until the new period, the auditors should examine the paying-in slip to ensure that the amounts
were actually paid into the bank on or before the period-end date.
As regards (b) above, where there appears to be a particularly large number of outstanding
cheques at the year-end, the auditors should check whether these were cleared within a
reasonable time in the new period. If not, this may indicate that dispatch occurred after the
year-end.
AUDIT PLAN: BANK

(To confirm completeness, valuation, existence, cut-off and assertions related to disclosure)
- Obtain standard bank confirmations from each bank with which the client conducted
business during the audit period.
- Reperform arithmetic of bank reconciliation.
- Trace cheques shown as outstanding from the bank reconciliation to the cash book prior
to the year- 'end and to the after-date bank statements and obtain explanations for any
large or unusual items not cleared at the time of the audit.
- Compare cash book(s) and bank statements in detail for the last month of the year, and
check items outstanding'at the reconciliation date to bank statements.
- Review bank reconciliation previous to the year-end bank reconciliation and check that,
all items are cleared in the last period or taken forward to the year-end bank
reconciliation.
- Obtain satisfactory explanations for all items in the cash book for which there are no
corresponding entries in the bank statement and vice versa by discussion with -finance
staff.
- Verify contra items appearing in the cash books or bank statements with original entry.
Verify by inspecting paying-in slips that uncleared bankings are paid in prior to the
year-end.
- Examine all lodgments in respect of which payment has been refused. by the bank;
ensure that they are cleared on representation or that other appropriate steps have, been
taken to effect recovery of the amount cue.
- Verify balances per the cash book according to the bank reconciliation by inspecting.
cash book, bank statements and general ledger.
- Verify the bank balances with reply to standard bank letter and with the bank statements.
inspect the cash book and bank statements before and after the year-end for exceptional
entries or transfers which have a material effect on the balance shown to be in-hand.
- Identify whether any accounts are secured on the assets of the company by discussion
with management.
- Consider whether there is a legal right of set-off of overdrafts against positive bank
balances.
- Determine whether the bank accounts are subject to any restrictions by inquiries with
management.
- Review draft accounts to ensure that disclosures for bank are complete and accurate and
in accordance with accounting standards.
Remember that the bank confirmation letter contains the balance held by the client at the bank
per the bank's records. This must be reconciled to the balance held with the bank per the client's
records.
CASH
Cash balances should be verified if they are material or irregularities are suspected. Cash
balances/floats are often individually immaterial but they may require some audit emphasis
because of the opportunities for fraud that could exist where internal control is weak and
because they may be material in total.
However in enterprises such as hotels and retail organisations, the amount of cash-in-hand at
the period- end could be considerable. Cash counts may be important for internal auditors,
who have a role in fraud prevention.
Auditors will be concerned that the cash exists, is complete, and belongs to the company
(rights and obligations) and is stated at the correct value.
Where the auditors determine that cash balances are potentially material they may conduct a
cash count, ideally at the period-end. Rather like attendance at an inventory count, the conduct
of the count falls into three phases: planning, the count itself, and follow-up procedures.
Planning the cash count

Planning is an essential element, as it is important that all cash balances are counted at the
same time as far as possible. Cash in this context may include unbanked cheques received,
IOUs and credit card slips, in addition to notes and coins.
As part of their planning procedures the auditors will need to determine the locations where
cash is held and which of these locations warrant a count.
Planning decisions will need to be recorded on the current audit file including:
- The precise time of the count(s) and location(s)
- The names of the audit staff conducting the counts
- The names of the client staff intending to be present at each location
- Where a location is not visited it may be appropriate to obtain a letter from the client
confirming the balance.
Cash count
The following matters apply to the count itself.
- All cash/petty cash books should be written up to date in ink (or other permanent form)
at the time of-the count.
- All balances must be counted at the same time.
- All negotiable securities must be available and counted at the time the cash balances are
counted.
- At no time should the auditors be left alone with the cash and negotiable securities.
- All cash and securities counted must be recorded on working papers subsequently filed
on the current audit file. Reconciliations should be prepared where applicable (for
example, imprest petty cash float).
AUDIT PLAN: CASH COUNT

(To confirm completeness, valuation, existence and disclosure)
- Count cash balances held and agree to petty cash book or other record:
• Count all balances simultaneously
• All counting to be done in the presence of the individuals responsible
• Enquire into any IOUs or cashed cheques outstanding for -+a long period of
time
- Obtain certificates of cash-in-hand from responsible officials.

- Confirm that bank and cash balances as reconciled above are correctly stated in the
accounts.
Follow up
• Check certificates of cash-in-hand are obtained as appropriate.
• Verify unbanked cheques/cash receipts have subsequently been paid in and agree to the
bank reconciliation by inspection of the relevant documentation.
- Ensure IOUs and cheques cashed for employees have been reimbursed,.
- Check IOUs or cashed cheques outstanding for unreasonable periods of time have been
provided for.
- Verify the balances as counted are reflected in the accounts (subject to any agreed
amendments because of shortages and so on) by inspection of draft accounts.
Bank balances are usually confirmed directly with the bank in question.
The bank confirmation letter can be used to ask a variety of questions, including queries about
outstanding interests, contingent liabilities and guarantees.
Cash balances should be verified if they are material or irregularities are suspected.

AUDIT OF LIABILITIES AND CAPITAL
AUDIT PROCEDURES FOR TRADE PAYABLES AND-PURCHASES
Introduction
When auditing payables, the auditor must test for understatement (i.e. completeness). Rather
than circularising payables, it is more common to obtain audit evidence from suppliers'
statements.
The audit of provisions can be particularly complex due to the accounting treatment and the
degree of judgement involved in calculating the provision.
We examine the substantive audit of trade payables and accruals, long-term liabilities and
provisions and end with a brief look at capital. Purchases are often tested in conjunction with
the audit of trade payables and so are included in the section on trade payables. The following
sets out the financial statement assertions to which audit testing is directed.
Assertions about classes of transactions

- Occurrence: All purchase transactions recorded have occurred and relate to the entity
- Completeness: All purchase transactions that should have been recorded have been
recorded
- Accuracy: Amounts relating to transactions have been recorded appropriately
- Cut-off: Purchase transactions have been recorded in the correct period
- Classification: Purchase transactions are recorded properly in the accounts
Assertions about period —end account balances

- Existence: Trade payables and accrued expenses are valid liabilities
- Rights and obligations: Trade payables and accrued expenses are the obligations of
the entity
- Completeness: All liabilities have been recorded
- Valuation and allocation: All liabilities are included in the accounts at appropriate
amounts
Assertion about presentation and disclosure

- Occurrence and rights and obligations: Occurred and relate to the entity
- Completeness: All disclosures required have been included
- Classification and understandability: Financial information is appropriately
presented and described and disclosures clearly expressed
- Accuracy and valuation: Financial information is disclosed fairly and at appropriate
amounts

Audit procedures for trade payables and accruals

- The largest figure in current liabilities will normally be trade accounts payable which
are generally audited by comparison of supplier's statements with purchase ledger
accounts.
AUDIT PROCEDURES
As with accounts receivable, accounts payable are likely to be a material figure in the
statement of financial position of most enterprises.
Auditors should however be particularly aware, when conducting their work on the statement
of financial position, of the possibility of understatement of liabilities to improve liquidity and
profit (by understating the corresponding purchases). The primary objective of their work will
therefore be to ascertain whether liabilities existing at the year-end have been completely and
accurately recorded.
As regards trade accounts payable, this primary objective can be subdivided into two detailed
objectives is there a satisfactory cut-off between goods received and invoices received, so that
purchases and trade accounts payable are recognised in the correct year?
Do trade accounts payable represent the bona fide amounts due by the company?
Before we ascertain how the auditors design and conduct their tests with these objectives in
mind, we need to establish the importance of the list of balances.
The following table sets out audit procedures to test trade accounts payables and accruals.
AUDIT PLAN -ACCRUALS
Completeness
• Obtain a listing of trade accounts payables and agree the total to the general ledger by
casting and cross casting.
• Test for unrecorded liabilities by inquiries of management on how unrecorded liabilities
and accruals arc identified and examining post year-end transactions.
• Obtain selected suppliers' statements and reconcile these to the relevant suppliers'
accounts.
• Examine files of unmatched purchase orders and supplier invoices for any unrecorded
liabilities. Perform a confirmation. of accounts payables for a sample
• Complete the disclosure checklist to ensure that all the disclosures relevant to liabilities
have been made.
• Compare the current year balances for trade accounts payables and accruals to the
previous year.
• Compare the amounts owed to a sample of individual suppliers in the trade accounts
payables listing to amounts owed to these suppliers in the previous year.
• Compare the payables' turnover and payables' days to the previous year and industry
data.
Existence
• Vouch selected amounts from the trade accounts payables listing and accruals listing to
supporting documentation such as purchase orders and suppliers' invoices.
accounts.
• Perform a confirmation of accounts payables for a sample.
• Perform analytical procedures comparing current year balances to the previous year to
confirm reasonableness, and also calculating payables' turnover and comparing to the
previous year. Rights and obligations
• Vouch a sample of balances to supporting documentation such as purchase orders and
suppliers' invoices to obtain audit evidence regarding rights and obligations.
Valuation and allocation

• Trace selected samples from the trade accounts payables listing and accruals listing to
the supporting documentation (purchase orders, minutes authorising expenditure,
suppliers' invoices etc)
accounts.
• For a sample of accruals, recalculate the amount of the accrual to ensure the amount
accrued is correct.
• Compare the current year balances for trade accounts payables and accruals to the
previous year.
• Compare the amounts owed to a sample of individual suppliers in the trade accounts
payables listing to amounts owed to these suppliers in the previous year.
• Compare the payables' turnover and payables' days to the previous year and industry
data.
Cut-off
For a sample of vouchers, compare the dates with the dates they were recorded in the
ledger for application of correct cut-off.
• Test transactions around the year-end to determine whether amounts have been
recognised in the correct financial period.
• Perform analytical procedures on purchase returns, comparing the purchase returns as a
% of sales or cost of sales to the previous year.
Accuracy
Recalculate the mathematical accuracy of a sample of suppliers' invoices to confirm the
amounts are correct.
Occurrence
For a sample of vouchers, inspect supporting documentation such as authorised purchase
orders.


• Review the trade accounts payables listing to identify any large debits (which should be
reclassified as receivables or deposits) or long-term liabilities which should be disclosed
separately.
• Read the disclosure notes relevant to liabilities in the draft financial statements and
review for understandability.
Accuracy and valuation

Read the disclosure notes to ensure the information is accurate and properly presented at the
CONFIRMATION OF TRADE PAYABLES
It is also possible to undertake confirmation of trade payables, although this is not used a great
deal in practice because the auditor can test trade payables by examining reliable, independent
evidence in the form of suppliers' invoices and suppliers' statements. However, where an
entity's internal controls are weak, suppliers' statements may not be available and in this
situation, it may be relevant to undertake confirmation procedures. Confirmation of trade
payables provides evidence primarily for the completeness assertion.
Where the entity has strong controls in place to ensure that all liabilities are recorded, the
confirmation will focus on large balances.
Where the auditor is concerned about the presence of unrecorded liabilities, regular suppliers
with small or zero balances on their accounts and a sample of other accounts will be confirmed
as well as large balances.
Auditors use a positive confirmation referred to as a blank or zero-balance confirmation. This

confirmation does not state the balance owed but requires the supplier to declare the amount
owed at the year-end and to provide a detailed statement of the account. When the
confirmation is received back, the amount must be reconciled with the entity's records.
The selection and sending out of accounts payables' confirmations should be controlled using
the same procedures as for the receivables' confirmation that we discussed previously.
Reconciliations of accounts payables with suppliers' statements
Many suppliers provide monthly statements to their customers. These may therefore be
available in the entity for examination. Because-they are a source of documentary evidence
originating outside of the entity, they are a reliable source of evidence to support suppliers'
balances and provide evidence as to the existence, completeness and valuation of balances.
Having said this, auditors do still need to be cautious when using them as they may have been
tampered with by the entity. The auditor should not rely on photocopies or faxed statements. If
there is any doubt; the auditor should request a copy directly from the supplier or confirm the
balance with the supplier (see above).
When selecting accounts for testing, the auditor should consider the volume of business during
the year; riot the balance outstanding at the year-end, because the risk is understatement of
balances. Most differences between balances on suppliers' statements and the year-end accounts
payables' listing are likely to be due to goods and cash-in-transit and disputed amounts, however
all differences need to be investigated thoroughly.
AUDIT OF NON-CURRENT LIABILITIES
Non-current liabilities are usually authorised by the board and should be well documented. We
are concerned here with non-current liabilities comprising debentures, loan inventory and other
loans repayable at a date more than one year after the year-end.
Auditors will primarily try and determine:
Completeness: whether all non-current liabilities have been disclosed
Accuracy: whether interest payable has been calculated correctly and in the correct
accounting period
Classification and understandability: whether long-term loans and interest have been
correctly disclosed in the financial statements
The major complication for the auditors is that debenture and loan agreements frequently
contain conditions with which the company must comply, including restrictions on the
company's total borrowings and adherence with specific borrowing ratios.
Audit Plan of Non current Liabilities

- Obtain/prepare schedule of loans outstanding at the year-end date showing; for each
loan: name of lender, date of loan, maturity date, interest date, interest rate, balance at
the end of the period and security.
- Compare opening balances to previous year's papers.
- Test the clerical accuracy of the analysis.
- Compare balances to the general ledger.
- Agree name of lender etc, to register of debenture holders or equivalent (if kept)
- Trace additions and repayments to entries in the cash book.
- Confirm repayments 'are in accordance with loan agreement.
- Examine cancelled cheques and memoranda of satisfaction for loans repaid.
- Verify that borrowing limits imposed by agreements are not exceeded.
- Examine signed Board minutes relating to new borrowings/repayments,
- Obtain direct confirmation from lenders of the amounts outstanding, accrued interest
and what security they hold.
- Verify interest charged for the period and the adequacy of accrued interest..
- Confirm assets charged have been entered in the register of charges and notified to the
Registrar.
• Review restrictive covenants and provisions relating to default:
• Review any correspondence relating to the loan
• Review confirmation replies for non-compliance
• If a default appears to exist, determine its effect, and schedule findings
• Review minutes, cash book to confirm that all loans have been recorded.
- Review draft accounts to ensure that disclosures for non-current liabilities are correct
and in accordance with accounting standards. Any elements repayable within one year
should be classified under current liabilities.
AUDIT PROCEDURE OF PROVISIONS AND CONTINGENCIES
AUDIT OF CONTINGENCIES
The accounting treatments for provisions and contingencies are complex and involve
judgement and this can make them difficult to audit.
Accounting issues
Key terms
A provision is a liability of uncertain timing or amount.
A liability is a present obligation of the entity arising from past events, the settlement of which
is expected to result in an outflow from the entity of resources embodying economic benefits.
An obligating event is an event that creates a legal or constructive obligation that results in an
entity having no realistic alternative to settling that obligation.
A legal obligation is an obligation that derives from:

a) A contract (through its explicit or implicit terms),
b) Legislation, or
c) Other operation of law
A constructive obligation is an obligation that derives from an entity's actions where:

a. By an established pattern of past practice, published policies or a sufficiently specific
current statement, the entity has indicated to other parties that it will accept certain
responsibilities, and
b. As a result, the entity has created a valid expectation on the part of those other
parties that it will discharge those responsibilities.

A contingent liability is:

a. A possible obligation that arises from past events and whose existence will be
confirmed only by the occurrence or non-occurrence of one or more uncertain future
events not wholly within the control of the entity, or
b. A present obligation that arises from past events but is not recognised because:
 It is not probable that an outflow of resources embodying economic benefits
 will be required to settle the obligation, or
 The amount of the obligation cannot be measured with sufficient reliability.
A contingent asset is a possible asset that arises from past events and whose existence will be
Confirmed only by the occurrence or non-occurrence of one or more uncertain future events
not . wholly within the control of the entity.
Under LAS 37 Provisions, contingent liabilities and contingent assets, an entity should not
recognise a contingent-asset or a contingent liability. However if it becomes probable that an
outflow of future economic benefits will be required for a previous contingent liability, a
provision should be recognised.
A contingent asset should not be accounted for unless its realisation is virtually certain; if an
inflow of economic benefits has become probable, the asset should be disclosed.
Examples ofthe principal types of contingencies disclosed by companies are:

- Guarantees (for group companies, of staff pension schemes, of completion of contracts)
- Discounted bills of exchange
- Uncalled liabilities on shares or loan inventory
- Lawsuits or claims pending
- Options to purchase assets
Obtaining audit evidence of contingencies

Part of ISA 501 Audit evidence - additional considerations for specific items, covers
contingencies relating to litigation and legal claims, which will represent the major part of
audit work on contingencies. Litigation and claims involving the entity may have a material
effect on the financial statements, and so will require adjustment to/disclosure in those
The auditor should carry out procedures in order to become aware of any litigation and claims
involving the entity which may have a material effect on the financial statements. Such
procedures would include the following.
• Make appropriate inquiries of management including obtaining written representations.
• Review board minutes and correspondence with the entity's lawyers.
• Examine legal expense accounts.
• Use any information obtained regarding the entity's business including information
obtained from discussions with any in-house legal department

When litigation or claims have been identified or when the auditor believes they may exist, the
auditor should seek direct communication with the entity's lawyers. This will help to obtain
sufficient appropriate audit evidence as to whether potential material litigation and claims are
known and management's estimates of the financial implications, including costs, are reliable.
The ISA discusses the form the letter to the entity's lawyer should take. The letter, which should
be prepared by management and sent by the auditor, should request the lawyer to communicate
directly with the auditor.
If it is thought unlikely that the lawyer will respond to a general enquiry, the letter should
specify the following.
a) A list of litigation and claims
b) Management's assessment of the outcome of the litigation or claim and its estimate of
the financial implications, including costs involved
c) A request that the lawyer confirms the reasonableness of management's assessments
and provides the auditor with further information if the list is considered by the lawyer
to be incomplete or incorrect
The auditors must consider these matters up to the date of their report and so a further,
updating letter may be necessary.
A meeting between the auditors and the lawyer may be required, for example where a complex
matter arises, or where there is a disagreement between management and the lawyer. Such
meetings should take place only with the permission of management, and preferably with a
management representative present.
If management refuses to give the auditor permission to communicate with the lawyers; this
may have an impact on the audit opinion.
AUDIT OF PROVISIONS
The following audit plan can be used in the audit of provisions.
Audit plan of Provisions/contingents

Obtain details of all provisions which have been included in the accounts and all contingencies
that have been disclosed.
Obtain a detailed analysis of all provisions showing opening balances, movements and closing
balances.
Determine for each material provision whether the company has a present obligation as a
result of past events by:
- Review of correspondence relating to the item
- Discussion with the directors. Have they created a valid expectation in other parties that
they will discharge the obligation?
- Determine for each material provision whether it is probable that a transfer of economic
benefits will be required to settle the obligation by:
- Checking whether any payments have been made in the post year-end period in respect
of the item by reviewing after-date cash
- Review of correspondence with solicitors, banks, customers, insurance company and
suppliers both pre and post year-end
- Sending a letter to the solicitor to obtain his views (where relevant)
- Discussing the position of similar past provisions with the directors Were these
provisions eventually settled?
- Considering the likelihood of reimbursement
- Recalculate all provisions made.
- Compare the amount provided with any post year-end payments and with any amount
paid in the past for similar items.
- In the event that it is not possible to estimate the amount of the provision, check that a
contingent liability is disclosed in the accounts.
- Consider the nature of the client's business. Would you expect to see any other
provisions e.g warranties? Consider the adequacy of disclosure of provisions,
contingent assets and contingent liabilities in accordance with IAS 37.
Capital and other issues

The main concern with share capital and reserves is that the company has complied with the
law. . The issued share capital as stated in the accounts must, bp agreed in total with the share
register. An examination of transfers on a test basis should be made in those cases where a
company handles its own registration work. Where the registration work is dealt with by
independent registrars, auditors will normally examine the reports submitted by them to the
company, and obtain from them at the year-end a certificate of the share capital in issue.
Auditors should check carefully whether clients have complied with local legislation about
share issues or purchase of own shares. Auditors should take particular care if there are any
movements in reserves that cannot be distributed, and should confirm that these movements
are valid.
Share equity capital:

Agree the authorised share capital with the statutory documents governing the company's
constitution. Agree changes to authorised share capital with properly authorised resolutions:
Issue of Shares
Verify any issue of share capital or other changes during.the year with general and board
minutes.
Ensure issue or change is within the terms of the constitution, and directors possess
appropriate authority to issue shares.
Confirm that cash or other consideration has been received or receivable{s} is included as
called-up share capital not paid_

Transfer of shares
Verify transfers of shares by reference to:

- Correspondence
- Completed and stamped transfer forms
- Cancelled share certificates
- Minutes of directors' meeting
Review the balances on shareholders' accounts in the register of members and the total list
with the amount of issued share capital in the general ledger.
Dividends
- Agree dividends paid and proposed to authority in minute books and check calculation
with total share capital issued to ascertain whether there are any outstanding or
unclaimed dividends.
- Agree dividend payments with documentary evidence (say, the returned dividend
warrants).
- Check that dividends do not contravene the distribution provisions of the legislation.
- Check that imputed tax has been accounted for to the taxation authorities and correctly
treated in the accounts
Reserves
- Agree movements on reserves to supporting authority
- Ensure that movements on reserves do not contravene the legislation and the company's
constitution
- Confirm that the company can distinguish distributable reserves from those that are
non-distributable
- Ensure appropriate disclosures of movements on reserves are made in the company's
accounts by inspection of the financial statements.
Summary
The largest figure in current liabilities will normally be trade accounts payable which are
generally audited by comparison of suppliers' statements with purchase ledger accounts.
Non-current liabilities are usually authorised by the board and should be well documented.
The accounting treatments for provisions and contingencies are complex and involve
judgement and this can make them difficult to audit.
The main concern with share capital and reserves is that the company has complied with the
law

AUDIT OF INVENTORY
If inventory is material to the financial statements, the auditor shall obtain sufficient
appropriate audit evidence regarding the existence and condition of inventory by:
(a) Attendance at physical inventory counting, unless impracticable, to:

i. Evaluate management's instructions and procedures for recording and
controlling the results of the entity's physical inventory counting;
ii. Observe the performance of management's count procedures;
iii. Inspect the inventory; and
iv. Perform test counts; and
(b) Performing audit procedures over the entity's final inventory records to determine
whether they accurately reflect actual inventory count results.
(c) If physical inventory counting is conducted at a date other than the date of the
financial statements, the auditor shall, perform audit procedures to obtain audit
evidence about whether changes in inventory between the count date and the date of
the financial statements are properly recorded.
(d) If the auditor is unable to attend physical inventory counting due to unforeseen
circumstances, the auditor shall make or observe some physical counts on an
alternative date, and perform audit procedures on intervening transactions.
(e) If attendance at physical inventory counting is impracticable, the auditor shall
perform alternative audit procedures to obtain sufficient appropriate audit evidence
regarding the existence and condition of inventory. If it is not possible to do so, the
auditor shall modify the opinion in the auditor's report in accordance with ISA 705
(f) If inventory under the custody and control of a third party is material to the financial
statements, the auditor shall obtain sufficient appropriate audit evidence regarding the
existence and condition of that inventory by performing one or both of the following:
- Request confirmation from the third party as to the quantities and condition
of inventory held on behalf of the entity.
- Perform inspection or other audit procedures appropriate in the
circumstances.
Attendance at Physical Inventory Counting

- Management ordinarily establishes procedures under which inventory is physically
counted at least once a year to serve as a basis for the preparation of the financial
statements and, if applicable, to ascertain the reliability of the entity's perpetual
inventory system.
- Attendance at physical inventory counting involves:
• inspecting the inventory to ascertain its existence and evaluate its condition, and
performing test counts;
• Observing compliance with management's instructions and the performance of
procedures for recording and controlling the results of the physical inventory
count; and
• Obtaining audit evidence as to the reliability of management's count procedures
These procedures may serve as test of controls or substantive procedures depending on the
auditor's risk assessment; planned approach and the specific procedures carried out.
Matters relevant in planning attendance at physical inventory counting or in designing and

performing audit procedures include, for example:
• The risks of material misstatement related to inventory.
• The nature of the internal control related to inventory.
• Whether adequate procedures are expected to be established and proper instructions
issued for physical inventory counting.
• The timing of physical inventory counting.
• Whether the entity maintains a perpetual inventory system.
• The locations at which inventory is held, including the materiality of the inventory and
the risks of Material misstatement at different locations, in deciding at which locations
attendance is appropriate. ISA 600 deals with the involvement of other auditors and
accordingly may be -relevant if such involvement is with regard to attendance of
physical inventory counting at a remote location.'
Evaluate Management's Instructions and Procedures

Matters relevant in evaluating management's instructions and procedures for recording and
controlling the physical inventory counting include whether they address, for example:
• The application of appropriate control activities, for example, collection of used
physical inventory count records, accounting for unused physical inventory count
records, and count and re-count procedures.
• The accurate identification of the stage of completion of work in progress, of slow
moving, obsolete or damaged items and of inventory owned by a third party, For
example, on consignment.
• The procedures used to estimate physical quantities, where applicable, such as may be
needed in estimating the physical quantity of a coal pile.
• Control over the movement of inventory between areas and the shipping and receipt of
inventory before and after the cutoff date.
Observe the Performance of Management's Count Procedures

Observing the performance of management's count procedures, for example, those relating to
control over the movement of inventory before, during and after the count, assists the auditor
in obtaining audit evidence that management's instructions and count procedures are
adequately designed and implemented. In addition, the auditor may obtain copies of cutoff
information, such as details of the movement of inventory, to assist the auditor in performing
audit procedures over the accounting for such movements at a later date.

Inspect the Inventory

Inspecting inventory when attending physical inventory counting assists the auditor in
ascertaining the existence of the inventory (though not necessarily its ownership), and in
identifying, for example, obsolete, damaged or aging inventory.
Perform Test Counts

Performing test counts, for example, by tracing items selected from management's count
records to the physical inventory and tracing items selected from the physical inventory to
management's, count records, provides audit evidence about the completeness and the
accuracy of those records.
In addition to recording the auditor's test counts, obtaining copies of management's completed
physical inventory count records assists the auditor in performing subsequent audit procedures
to determine whether the entity's final inventory records accurately reflect actual inventory
count results.
Physical Inventory Counting Conducted Other than at the Date of the Financial Statements. For
practical reasons, the physical inventory counting may be conducted at a date, or dates, other
than the date of the financial statements. This may be done irrespective of whether management
determines inventory quantities by an annual physical inventory counting or maintains a
perpetual inventory system. In either case, the effectiveness of the design, implementation and
maintenance of controls over changes in inventory determines whether the conduct of physical
inventory counting at a date, or dates, other than the date of the financial statements is
appropriate for audit purposes. ISA 330 establishes requirements and provides guidance on
substantive procedures performed at an interim date.
Where a perpetual inventory system is maintained, management may perform physical counts
or-other tests to ascertain the reliability of inventory quantity information included in the
entity's perpetual inventory records. In some cases, management or the .auditor may identify
differences .between the perpetual inventory records and actual physical inventory quantities
on hand; this may indicate that the controls over changes in inventory are not operating
effectively.
Relevant matters for consideration when designing audit procedures to obtain audit evidence
about whether changes in inventory amounts between the count date, or dates, and the .final
inventory records are properly recorded include:
• Whether the perpetual inventory records are properly adjusted.

• Reliability of the entity's perpetual inventory records.
• Reasons for significant differences between the information obtained during the
physical count and the perpetual inventory records.

Attendance at Physical Inventory Counting Is Impracticable

In some cases, attendance at physical inventory. counting may be impracticable. This
may be due to factors such as the nature and location of the inventory, for example,
where inventory is held in a location that may pose threats to the safety of the auditor.
The matter of general inconvenience to the auditor, however, is not sufficient to support
a decision by the auditor that attendance is impracticable. Further, as explained in ISA
200, the matter of difficulty, time, or cost involved is not in itself a valid basis for the
auditor to omit an audit procedure for which there is no alternative or-to be satisfied with
audit evidence that is less-than persuasive. In some cases where attendance is
impracticable, alternative audit procedures, for example, inspection of documentation of
the subsequent sale of specific inventory items acquired or purchased prior to' the
physical inventory counting, may provide sufficient appropriate audit evidence about the
existence and condition of inventory. - In other cases, however, it may not be possible to
obtain sufficient appropriate audit evidence regarding the existence and condition of
inventory by performing alternative audit procedures. In such cases, ISA 705 requires the
auditor to modify the opinion in the auditor's report as a result of the scope of limitation.
Inventory under the .Custody and Control of a Third Party
Confirmation
ISA 505 establishes requirements and provides guidance for performing external confirmation
procedures.
Other Audit Procedures

Depending on the circumstances, for example, where information is obtained that raises doubt
about the integrity and objectivity of the third party, the auditor may consider it appropriate to
perform other audit procedures instead of or in addition to, confirmation with the third party.
Examples of other audit procedures include:
• Attending; or arranging for another auditor to attend, the third party's physical counting
of inventory, if practicable.
• Obtaining another auditor's report, or a service auditor's report, on the adequacy of the
third party's internal control for ensuring that inventory is properly counted and
adequately safeguarded.
• Inspecting documentation regarding inventory held by third parties, for example,
warehouse receipts.
Requesting confirmation from other parties when inventory has been pledged as
collateral.

USING THE WORK OF OTHERS (INTERNAL AUDIT AND EXPERTS)
The auditor should obtain sufficient appropriate audit evidence that the work of the expert is
adequate for the purpose of the audit.
An expert is a person possessing specialized skills, knowledge and experience in another field
other than auditing and accounting. From his experience, an auditor only has general
knowledge on matters outside his profession and is not expected to have the skills of a person
trained or qualified to work in another profession .Consequently, the auditor may need the
advice of another expert for example, a pharmacist when verifying stock in the laboratory or
lawyers in arriving at the legal interpretation of legal cases against a client.
Situations where the auditor may require work of an expert
The legal interpretation of contracts, laws and regulations

Valuations of certain types of assets e.g. precious stones, minerals and buildings
Actuarial valuation e.g. for pension funds
When measuring the work to be completed in construction contracts.
In deciding whether to use the work of an expert the auditor should consider.
The materiality of an item being examined in relation to the financial statements as a

whole.
The nature and complexity of the item including the risk.
The audit evidence available in respect with the item.
Factors considered before relying on the work of the expert
The auditor should consider;
The skills and competence of the expert. The auditor should consider this by examining
the expert‘s professional qualifications, licenses or membership of an appropriate
professional body. The experience and reputation of the expert in the field in which the
auditor is seeking evidence is very important.
Objectivity and independence of the expert.. The auditor should consider whether the
expert is independent from the client. The risk of independence being impaired
increases where the expert is employed by the client. In such cases he owes his loyalty
to the client because there exists a financial relationship.
The source of the data used by the expert in arriving at his opinion. If the source of the
data can be regarded as reliable, then the auditor can reasonably use the work of the
expert as audit evidence.
The assumptions and methods used. The auditor should consider whether the methods
used by the expert in arriving at his opinion are appropriate to the circumstances. He
should also obtain an understanding of those assumptions and methods to determine

that they are reasonable based on the auditor‘s knowledge of the client‘s business and
the results of his other audit procedures.
Communication with the expert
When consulting an expert the auditor should cover:
Objectives and scope of his work

An outline of the item the auditor expects to be covered in the report.
The intended use of the expert work by the auditor and disclosure to third parties as to
the expert‘s identity and extent of involvement
Clarification of the expert‘s relationship with the client.
The confidentiality of the client information.
Assumptions and the methods the expert intends to use. These will be evaluated for
reasonableness by the auditor.
Recording of any further information as audit evidence.
COMPUTER ASSISTED AUDIT TECHNIQUES (CAATs)
There are two broad categories of CAAT:
1. Audit software; and

2. Test data.
Audit software
Audit software is used to interrogate a client's system. It can be either packaged, off-the-shelf
software or it can be purpose written to work on a client's system. The main advantage of these
programs is that they can be used to scrutinize large volumes of data, which it would be
inefficient to do manually. The programs can then present the results so that they can be
investigated further.
Specific procedures they can perform include:
Extracting samples according to specified criteria, such as:

o Random;
o Over a certain amount; o
Below a certain amount; o
At certain dates.
Calculating ratios and select indicators that fail to meet certain pre-defined criteria (i.e.
benchmarking);
Check arithmetical accuracy (for example additions);
Preparing reports (budget vs actual);
Stratification of data (such as invoices by customer or age);

Produce letters to send out to customers and suppliers; and
Tracing transactions through the computerised system.
These procedures can simplify the auditor's task by selecting samples for testing, identifying
risk areas and by performing certain substantive procedures. The software does not, however,
replace the need for the auditor's own procedures.
Test data
Test data involves the auditor submitting 'dummy' data into the client's system to ensure that
the system correctly processes it and that it prevents or detects and corrects misstatements.
The objective of this is to test the operation of application controls within the system.
To be successful test data should include both data with errors built into it and data without
errors. Examples of errors include:
codes that do not exist, e.g. customer, supplier and employee;

transactions above pre-determined limits, e.g. salaries above contracted amounts, credit
above limits agreed with customer;
invoices with arithmetical errors; and
Submitting data with incorrect batch control totals.
Data maybe processed during a normal operational cycle ('live' test data) or during a special
run at a point in time outside the normal operational cycle ('dead' test data). Both has their
advantages and disadvantages:
Live tests could interfere with the operation of the system or corrupt master
files/standing data;
Dead testing avoids this scenario but only gives assurance that the system works when
not operating live. This may not be reflective of the strains the system is put under in
normal conditions.
Advantages of CAATs
CAATs allow the auditor to:
Independently access the data stored on a computer system without dependence on the
client;
Test the reliability of client software, i.e. the IT application controls (the results of
which can then be used to assess control risk and design further audit procedures);
Increase the accuracy of audit tests; and
Perform audit tests more efficiently, which in the long-term will result in a more cost
effective audit.

Disadvantages of CAATs
CAATs can be expensive and time consuming to set up, the software must either be
purchased or designed (in which case specialist IT staff will be needed);
Client permission and cooperation may be difficult to obtain;
Potential incompatibility with the client's computer system;
The audit team may not have sufficient IT skills and knowledge to create the complex
data extracts and programming required;
The audit team may not have the knowledge or training needed to understand the
results of the CAATs; and
Data may be corrupted or lost during the application of CAATs.
Other techniques
There are other forms of CAAT that are becoming increasingly common as computer
technology develops, although the cost and sophistication involved currently limits their use to
the larger accountancy firms with greater resources. These include:
Integrated test facilities - this involves the creation of dummy ledgers and records to which test
data can be sent. This enables more frequent and efficient test data procedures to be performed
live and the information can simply be ignored by the client when printing out their internal
records; and
Embedded audit software - this requires a purpose written audit program to be embedded into
the client's accounting system. The program will be designed to perform certain tasks (similar
to audit software) with the advantage that it can be turned on and off at the auditor's wish
throughout the accounting year. This will allow the auditor to gather information on certain
transactions (perhaps material ones) for later testing and will also identify peculiarities that
require attention during the final audit.

TOPIC 8
OVERALL AUDIT REVIEW
SUBSEQUENT EVENTS REVIEWS
Subsequent events are transactions occurring after the balance sheet date, but before the
financial statements are either issued or available to be issued.
Auditors must take steps to ensure that any such events are properly reflected in the financial
statements.
To identify any such events, a subsequent events review is carried out.
There are two types of subsequent events:
1. Adjusting event
Event after the reporting period that provides further evidence of conditions that existed
at the end of the reporting period, including events that indicates that the going concern
assumption in relation to the whole or part of the enterprise is not
2. Non-adjusting event
Events after the reporting period that are indicative of a condition that arose after the
end of the reporting period.
Example 1
You are the trainee accountant of Gabriella Enterprises Co and are preparing the financial
statements for the year-ended 30 September 2012. The financial statements are expected to be
approved in the Annual General Meeting, which is to be held on Monday 29 November 2010.
Today‘s date is 22 November 2010. You have been made aware of the following matters:
1. On 14 October 2010, a material fraud was discovered by the bookkeeper. The payables
ledger assistant had been diverting funds into a fictitious supplier bank account, set up
by the employee, which had been occurring for the past six months. The employee was
immediately dismissed, legal proceedings against the employee have been initiated and
the employee‘s final wages have been withheld as part-reimbursement back to the
company.
2. On 20 September 2010, a customer initiated legal proceedings against the company in
relation to a breach of contract. On 29 September 2010, the company‘s legal advisers
informed the directors that it was unlikely the company would be found liable;
therefore no provision has been made in the financial statements, but disclosure as a
contingent liability has been made. On 29 October 2010, the court found the company
liable on a technicality and is now required to pay damages amounting to a material
sum.
3. On 19 November 2010, a customer ceased trading due to financial difficulties owing
$2,500. As the financial statements are needed for the board meeting on 22 November
2010, you have decided that because the amount is immaterial, no adjustment is
required. The auditors have also confirmed that this amount is immaterial to the draft
Required:
(a) For each of the three events above, you are required to discuss whether the financial
statements require amendment.
Answer:
When presented with such scenarios, it is important to be alert to the timing of the events in
relation to the reporting date and to consider whether the events existed at the year-end, or not.
If the conditions did exist at the year-end, the event will become an adjusting event. If the event
occurred after the year-end, it will become a non-adjusting event and may simply require
disclosure within the financial statements.
1. Fraud
Clearly the fraud committed by the payables ledger clerk has been ongoing during, and beyond
the financial year. Fraud, error and other irregularities that occur prior to the year-end date – but
which are only discovered after the year-end – are adjusting items, and therefore the financial
statements would require amendment to take account of the fraudulent activity up to the year-
end.
2. Legal proceedings
At the year-end, the company had made disclosure of a contingent liability. However,
subsequent to the year-end (29 October 2010), the court found the company liable for breach
of contract. The legal proceedings were issued on 20 September 2010 (some 10 days before
the year-end). This is, therefore, evidence of conditions that existed at the year-end. IAS 10
requires the result of a court case after the reporting date to be taken into consideration to
determine whether a provision should be recognised in accordance with IAS 37, Provisions,
Contingent Liabilities and Contingent Assets at the year-end. In this case, the financial
statements will require adjusting because:
the conditions existed at the year-end

the recognition criteria for a provision in accordance with IAS 37 have been met.
3. Loss of customer
A customer ceasing to trade so soon after the reporting period indicates non-recoverability of a
receivable at the reporting date and therefore represents an adjusting event under IAS 10, Events
After the Reporting Period. Assets should not be carried in the statement of financial position at
any more than their recoverable amount and, therefore, an allowance for receivables should be
made.
The auditor should obtain sufficient appropriate audit evidence about whether events occurring
between the date of the financial statements and the date of the auditor's report that require
adjustment of, or disclosure in, the financial statements are appropriately reflected in those
financial statements in accordance with the applicable financial reporting framework;
Subsequent events reviews — what auditors need to do

ISA 560 Subsequent Events details the responsibilities of the auditors with respect to
subsequent events and the procedures they can use. As auditors are responsible for their audit
work right up to the date that the financial statements are issued, they should perform
subsequent event reviews until that date has passed.
However, the nature of their responsibility changes at the point the audit report is signed.
Procedures undertaken in performing a subsequent events review might include any of the
following:
• Enquiring into management procedures/systems for the identification of subsequent
events.
• Reading minutes of members' and directors' meetings and of audit and executive
committee meetings, and enquiring about matters not yet put in the minutes.
• Reviewing accounting records including -budgets, forecasts and interim information.
• Making enquiries of directors to ask if they are aware of any subsequent events,
adjusting or non-adjusting, that have not yet been included or disclosed in the financial
statements.
• `Normal' post balance sheet work performed in order to verify yearend balances:
 checking after date receipts from receivables verifying the value of accrued
 expenses by checking invoices when received
 checking inventory valuations are at lower cost and net realisable value by testing
 to eventual selling prices.
• Obtaining, from management, a letter of representation.
Subsequent events review — changes triggered by the signing of the audit report
The stage of completion of the annual financial statements determines the procedures the
auditor must undertake in performing subsequent event reviews.
1. Events Up to signing the audit report

Auditors have an active duty to search for all material events between the balance sheet date
and the date the audit report is signed.
The auditor shall perform audit procedures designed to obtain sufficient appropriate audit
evidence that all events occurring between the date of the financial statements and the date of
the auditor's report that require adjustment of, or disclosure in, the financial statements have
been identified. The auditor is not, however, expected to perform additional audit procedures
on matters to which previously applied audit procedures have provided satisfactory
conclusions.
The auditor shall perform the procedures required so that they cover the period from the date
of the financial statements to the date of the auditor's report, or as near as practicable thereto.
The auditor shall take into account the auditor's risk assessment in determining the nature and
extent of such audit procedures, which shall include the following:
a) Obtaining an understanding of any procedures management has established to ensure
that subsequent events are identified.

b) Inquiring of management and, where appropriate, those charged with governance as to

whether any subsequent events have occurred which might affect the financial
statements.
c) Reading minutes, if any, of the meetings of the entity's owners, management and those
charged with governance that have been held after the date of the financial statements
and inquiring about matters discussed at any such meetings for which minutes are not
yet available.
d) Reading the entity's latest subsequent interim financial statements, if any.
If, as a result of the procedures performed as above, the auditor identifies events that require
adjustment of, or disclosure in, the financial statements, the auditor shall determine whether
each such event is appropriately reflected in those financial statements in accordance with the
applicable financial reporting framework.
The auditor shall request management and, where appropriate, those charged with governance,
to provide a written representation in accordance with ISA 580 that all events occurring
subsequent to the date of the financial statements and for which the applicable financial
reporting framework requires adjustment or disclosure have been adjusted or disclosed.
2. Between signing the audit report and issuing the financial statements
Auditors have a passive duty.
Auditors only have to act if they are made aware of something — but once they are
aware, they have a duty to take the necessary action.
The auditor has no obligation to perform any audit procedures regarding the financial
statements after the date of the auditor's report. However, if, after the date of the auditor's
report but before the date the financial statements are issued, a fact becomes known to the
auditor that, had it been known to the auditor at the date of the auditor's report, may have
caused the auditor to amend the auditor's report, the auditor shall:
a) Discuss the matter with management and, where appropriate, those charged with
governance;
b) Determine whether the financial statements need amendment and, if so,
c) Inquire how management intends to address the matter in the financial statements
If amendment is required to the financial statements and management makes the necessary
changes, the auditor must carry out a number of procedures:
Undertake any necessary audit procedures on the changes made.
Extend audit procedures for identifying subsequent events that may require adjustment
of or disclosure in the financial statements to the date of the new auditor's report.
Provide a new auditor's report on the amended financial statements.
If management does not amend the financial statements:

If the auditor's report has not yet been provided to the entity, the auditor shall modify
the opinion and then provide the auditor's report.
If the auditor's report has already been provided to the entity, the auditor shall notify
management and those charged with governance not to issue the financial statements
before the amendments are made; but if the financial statements are issued anyway, the
auditor shall take action to seek to prevent reliance on the auditor's report.
Example
A few days after signing an audit report, but before the client's financial statements have been
approved by the shareholders at the AGM, the auditors receive a phone call from a director
indicating a material error in the financial statements.
In such circumstances, a number of things may happen.
Client produces a revised set of financial statements.

Where this happens, the auditor needs to produce a new audit report, as the audit report must
always be dated on or after the date that the financial statements are signed by the directors.
The auditor will therefore need to extend 'active duties' on all other matters from the original
date of the audit report to the new date..
Client refuses to change the financial statements.

Now the financial statements are materially wrong, but the initial audit report said they were
true and fair. The auditor should ask for the audit report back, so that a new qualified report
can be issued. However, the client may refuse this as well.
In such circumstances, the auditor should obtain legal advice, consider resignation, and speak
at the AGM to notify shareholders.
3. Facts Which Become Known To The Auditor After The Financial Statements Have
Been Issued
After the financial statements have been issued, the auditor has no obligation to perform any
audit procedures regarding such financial statements. However, if, after the financial
statements have been issued, a fact becomes known to the auditor that, had it been known to
the auditor at the date of the auditor's report, may have caused the auditor to amend the
auditor's report, the auditor shall;-
a) Discuss the matter with management and, where appropriate, those charged with
governance;
b) Determine whether the financial statements need amendment; and, if so,
c) Inquire how management intends to address the matter in the financial statements.

GOING CONCERN REVIEW
Introduction
IAS 1 Presentation of Financial Statements recognizes the going concern assumption as one of
the fundamental assumptions that underlie the periodic financial statements of enterprises. The
meaning of going concern can be said to be that the financial statements assume that the
enterprise will continue in operational existence for the foreseeable future, or put another way
the financial statements assume no intention or necessity to liquidate or•curtail significantly the
scale of operation or put more simply that the enterprise can meet its financial obligations as
they fall due.
Going Concern Assumption

- Under the going concern assumption, an entity is viewed as continuing in business for
the foreseeable future. General purpose financial statements are prepared on a going
concern basis, unless management either intends to liquidate the entity or to cease
operations, or has no realistic alternative but to do so.
- Special purpose financial statements may or may not be prepared in accordance with a
financial reporting framework for which the going concern basis is relevant (for
example, the going concern basis is not relevant for some financial statements prepared
on a tax basis in particular jurisdictions)..When the use of the going concern assumption
is appropriate; assets and liabilities are recorded on the basis that the entity will be able
to realize its assets and discharge its liabilities in the normal course of business.
Responsibility for Assessment of the Entity's Ability to Continue as a Going Concern

 Some financial reporting frameworks contain an explicit requirement for management to
make a specific assessment of the entity's ability to continue as a going concern, and
standards regarding matters to be considered and disclosures to be made in connection
 with going concern.
 For example, International Accounting Standard (IAS) l requires management to make
an assessment of an entity's ability to continue as a going concern. The detailed
requirements regarding management's responsibility to assess the entity's ability to
continue as a going concern and related financial statement disclosures may also be set
 out in law or regulation.
 In other financial reporting frameworks, there may be no explicit requirement for
management to make a specific assessment of the entity's ability to continue as a going
concern. Nevertheless, since the going concern assumption is a fundamental principle in
the preparation of financial statements, the preparation of the financial statements
requires management to assess the entity's ability to continue as a going concern even if
 the financial reporting framework does not include an explicit requirement to do so.
 Management's assessment of the entity's ability to continue as a going concern
involves making a judgment, at a particular point in time, about inherently uncertain
future outcomes of events or conditions. The following factors are relevant to that
judgment:

 The degree of uncertainty associated with the outcome of an event or condition

increases significantly the further into the future an event or condition or the
outcome occurs. For that reason, most financial reporting frameworks that
require an explicit management assessment specify the period for which
 management is required to take into account all available information.
 The size and complexity of the entity, the nature and condition of its business
and the degree to which it is affected by external factors affect the judgment
regarding the outcome of events or conditions.
 Any judgment about the future is based on information available at the time at
which the judgment is made. Subsequent events may result in outcomes that are
inconsistent with judgments that were reasonable at the time they were made.
Responsibilities of the Auditor
 The auditor's responsibility is to obtain sufficient appropriate audit evidence about the
appropriateness of management's use of the going concern assumption in the preparation
of the financial statements and to conclude whether there is a material uncertainty about
the entity's ability to continue as a going concern. This responsibility exists even if the
financial reporting framework used in the preparation of the financial statements does
not include an explicit requirement for management to make a specific assessment of
 the entity's ability to continue as a going concern.
 However, as described in ISA 200, the potential effects of inherent limitations on the
auditor's ability to detect material misstatements are greater for future events or
conditions that may cause an entity to cease to continue as a going concern. The auditor
 cannot predict such future events or conditions.
 Accordingly, the absence of any reference to going concern uncertainty in an auditor's
report cannot be viewed as a guarantee as to the entity's ability to continue as a going
concern. Objectives
The objectives of the auditor are:
a) To obtain sufficient appropriate audit evidence regarding the appropriateness of
management's use of the going concern assumption in the preparation of the financial
statements;
b) To conclude, based on the audit evidence obtained, whether a material uncertainty
exists related to events or conditions that may cast significant doubt on the entity's
ability to continue as a going concern; and
c) To determine the implications for the auditor's report.
When performing risk assessment procedures as required by ISA 315, the auditor shall consider
whether there are events or conditions that may cast significant doubt on the entity's ability to
continue as a going concern. In so doing, the auditor shall determine whether management has
already performed a preliminary assessment of the entity's ability to continue as a going
concern, and:
a) if such an assessment has been performed, the auditor shall discuss the assessment with
management and determine whether management has identified events or conditions
that, individually or collectively, may cast significant doubt on the entity's ability to
continue as a going concern and, if so, management's plans to address them; or
b) If such an assessment has not yet been performed, the auditor shall discuss with
management the basis for the intended use of the going concern assumption, and
inquire of management whether events or conditions exist that, individually or
collectively, may cast significant doubt on the entity's ability to continue as a going
concern.
The auditor shall remain alert throughout the audit for audit evidence of events or conditions
that may cast significant doubt on the entity's ability to continue as a going concern.
Evaluating Management's Assessment

The auditor shall evaluate management's assessment of the entity's ability to continue as a going
concern. In evaluating management's assessment of the entity's ability to continue as a going
concern, the auditor shall cover the same period as that used by management to make its
assessment as required by the applicable financial reporting framework, or by law or regulation
if it specifies a longer period.
If management's assessment of the entity's ability to continue as a going concern covers less
than twelve months from the date of the financial statements as defined in ISA 560, the auditor
shall request management to extend its assessment period to at least twelve months from that
date. In evaluating management's assessment, the auditor shall consider whether management's
assessment includes all relevant information of which the auditor is aware as a result of the
audit.
Period beyond Management's Assessment

The auditor shall inquire of management as to its knowledge of events or conditions beyond the
period of management's assessment that may cast significant doubt on the entity's ability to
continue as a going concern.
Additional Audit Procedures When Events or Conditions Are Identified

If events or conditions have been identified that may cast significant doubt on the entity's
ability to continue as a going concern, the auditor shall obtain sufficient appropriate audit
evidence to determine whether or not a material uncertainty exists through performing
additional audit procedures, including consideration of mitigating factors. These
procedures shall include:
a) Where management has not yet performed an assessment of the entity's ability to
continue as a going concern, requesting management to make its assessment.
b) Evaluating management's plans for future actions in relation to its going concern
assessment, whether the outcome of these plans is likely to improve the situation and
whether management's plans are feasible in the circumstances.
c) Where the entity has prepared a cash flow forecast, and analysis of the forecast is a
significant factor in considering the future outcome of events or conditions in the
evaluation of management's plans for future action: Evaluating the reliability of the
underlying data generated to prepare the forecast; and whether there is adequate
support for the assumptions underlying the forecast.
d) Considering whether any additional facts or information have become available since
the date on which management made its assessment.
e) Requesting written representations from management and, where appropriate, those
charged with governance, regarding their plans for future action and the feasibility of
these plans.
Audit Conclusions and Reporting

- Based on the audit evidence obtained, the auditor shall conclude whether, in the
auditor's judgment, a material uncertainty exists related to events or conditions that,
individually or collectively, may cast significant doubt on the entity's ability to
continue as a going concern.
- A material uncertainty exists when the magnitude of its potential impact and
likelihood of occurrence is such that, in the auditor's judgment, appropriate
disclosure of the nature and implications of the uncertainty is necessary for:
a) In the case of a fair presentation financial reporting framework, the fair
presentation of the financial statements, or
b) In the case of a compliance framework, the financial statements not to be
misleading.
Use of Going Concern Assumption Appropriate but a Material Uncertainty Exists
If the auditor concludes that the use of the going concern assumption is appropriate in the
circumstances but a material uncertainty exists, the auditor shall determine whether the
financial statements:
a) Adequately describe the principal events or conditions that may cast significant doubt on
the entity's ability to continue as a going concern and management's plans to deal with
these events or conditions; and
b) Disclose clearly that there is a material uncertainty related to events or conditions that
may cast significant doubt on the entity's ability to continue as a going concern and,
therefore, that it may be unable to realize its assets and discharge its liabilities in the
normal course of business.
- If adequate disclosure is made in the financial statements, the auditor shall express an
unmodified opinion and include an Emphasis in the auditor's report to:
a) Highlight the existence of a material uncertainty relating to the event or
condition that may cast significant doubt on the entity's ability to continue as a
going concern; and
b) Draw attention to the note in the financial statements that discloses the matters
- If adequate disclosure is not made in the financial statements, the auditor shall express a
qualified opinion or adverse opinion, as appropriate, in accordance with ISA 705
The auditor shall state in the auditor's report that there is a material uncertainty that may cast
significant doubt about the entity's ability to continue as a going concern.
If the financial statements have been prepared on a going concern basis but, in the auditor's
judgment, management's use of the going concern assumption in the financial statements is
inappropriate, the auditor shall express an adverse opinion.
Management Unwilling to Make or Extend Its Assessment

If management is unwilling to make or extend its assessment when requested to do so by the
auditor, the auditor shall consider the implications for the auditor's report.
Communication with Those Charged with Governance

Unless all those charged with governance are involved in managing the entity,7 the auditor
shall communicate with those charged with governance events or conditions identified that
may cast significant doubt on the entity's ability to continue as a going concern. Such
communication with those charged with governance shall include the following:
a) Whether the events or conditions constitute a material uncertainty;
b) Whether the use of the going concern assumption is appropriate in the preparation of
the financial statements; and
c) The adequacy of related disclosures in the financial statements.
Significant Delay in the Approval of Financial Statements

If there is significant delay in the approval of the financial statements by management or those
charged with governance after the date of the financial statements, the auditor shall inquire as to
the reasons for the delay. If the auditor believes that the delay could be related to events or
conditions relating to the going concern assessment, the auditor shall perform those additional
audit procedures necessary, as well as consider the effect on the auditor's conclusion regarding
the existence of a material uncertainty.

Events or Conditions That May Cast Doubt about Going Concern Assumption
The following are examples of events or conditions that, individually or collectively, may cast
significant doubt about the going concern assumption. This liSting is not all-inclusive nor does
the existence of one or more of the items always signify that a material uncertainty exists.
Financial
Net liability or net current liability position.
Fixed-term borrowings approaching maturity without realistic prospects of renewal or
repayment; or excessive reliance on short-term borrowings to finance long-term assets.
Indications of withdrawal. of financial support by creditors.
Negative operating cash flows indicated by historical or prospective financial statements.

Adverse key financial ratios.
Substantial operating losses or significant deterioration in the value of assets used to
generate cash flows.
Arrears or discontinuance of dividends.
Inability to pay creditors on due dates.
Inability to comply with the terms of loan agreements.

Change from credit to cash-on-delivery transactions with suppliers.
Inability to obtain financing for essential new product development or other essential
investments.
Operating
Management intentions to liquidate the entity or to cease operations.
Loss of key management without replacement.
Loss of a major market, key customer(s), franchise, license, or principal supplier(s).
Labor difficulties.
Shortages of important supplies.
Emergence of a highly successful competitor.
Other
Non-compliance with capital or other statutory requirements.
Pending legal or regulatory proceedings against the entity that may, if successful, result
in claims that the entity is unlikely to be able to satisfy.
Changes in law or regulation or government policy expected to adversely affect the
entity.
Uninsured or underinsured catastrophes when they occur.
The significance of such events or conditions often can be mitigated by other factors. For
example, the effect of an entity being unable to make its normal debt repayment's may be
counter-balanced by management's plans to maintain adequate cash flows by alternative
means, such as by disposing of assets, rescheduling loan repayments, or obtaining additional
capital. Similarly, the loss of a principal supplier may be mitigated by the availability of a
suitable alternative source of supply.
The risk assessment procedures help the auditor to determine whether management's use of the
going concern assumption is likely to be an important issue and its impact on planning the audit.
These procedures also allow for more timely discussions with management, including a
discussion of management's plans and resolution of any identified going concern issues.
CONTIGENCIES AND COMMITMENTS
In inquiring of management and, where appropriate, those charged with governance, as to

whether any subsequent events have occurred that might affect the financial statements, the
auditor may inquire as to the current status of items that were accounted for on the basis of
preliminary or inconclusive data and may make specific inquiries about the following matters:
Whether new commitments, borrowings or guarantees have been entered into.
Whether sales or acquisitions of assets have occurred or are planned.
Whether there have been increases in capital or issuance of debt instruments, such as the
issue of new shares or debentures, or an agreement to merge or liquidate has been made
or is planned.

Whether any assets have been appropriated by government or destroyed, for example,
by fire or flood.
Whether there have been any developments regarding contingencies.
Whether any unusual accounting adjustments have been made or are contemplated.
Whether any events have occurred or are likely to occur that will bring into question the
appropriateness of accounting policies used in the financial statements, as would be the
case, for example, if such events call into question the validity of the going concern
assumption.
Whether any events have occurred that are relevant to the measurement of estimates or
provisions made in the financial statements.
Whether any events have occurred that are relevant to the recoverability of assets_
In the public sector, the auditor may read the official records of relevant proceedings of the
legislature and inquire about matters addressed in proceedings for which official records are
not yet available.
MANAGEMENT REPRESENTATIONS
It should be normal practice at the end of an audit to send a letter to the client setting out
weaknesses in the system of internal control. Certain rules should be observed when preparing
such a letter (known as the management letter, the letter of weakness, the internal control
memorandum, the letter of recommendations or the constructive service letter).
If management refuses to provide a representation then this constitutes a • limitation in scope
and consideration should be given to expressing a qualified opinion or a disclaimer of opinion.
Objective of the auditor

a) To obtain written representations from management that management believes that it
has fulfilled the fundamental responsibilities that constitute the premise on which an
audit is conducted;
b) To support other audit evidence relevant to the financial statements or specific
assertions in the financial statements by means of written representations if determined
necessary by the auditor-or required by other ISAs; and
c) To respond appropriately to written representations provided by management or if
management does not provide the written representations requested by the auditor.
ISA 580 states, "The auditor should obtain audit evidence that management acknowledges its
responsibility for the fair presentation of the financial statements in accordance with the
applicable financial reporting framework, and has approved the financial statements".
Scope of this ISA

1. This International Standard on Auditing (ISA) deals with the auditor's responsibility to
obtain written representations from management and, where appropriate, those charged
with governance.
2. The specific requirements for written representations of other ISAs do not limit the
application of this ISA. Written Representations as Audit Evidence

3. Audit evidence is all the information used by the auditor in arriving at the conclusions on
which the audit opinion is based. Written representations are necessary information that
the auditor requires in connection with the audit of the entity's financial statements.
4. Accordingly, similar to responses to inquiries, written representations are audit
evidence.
5. Although written representations provide necessary audit evidence, they do not provide
sufficient appropriate audit evidence on their own about any of the matters with which
they deal. Furthermore, the fact that management has provided reliable written
representations does not affect the nature or extent of other audit evidence that the
auditor obtains about the fulfillment of management‘s responsibilities, or about specific
assertions.
Representations as Audit Evidence
The engagement team should obtain Written representations from management on matters
material to the financial statements when other sufficient appropriate audit evidence cannot
reasonably be expected to exist.
The team should obtain written representation from management that:
a) It acknowledges its responsibility for the design and implementation of internal control
to prevent and detect error; and
b) It believes the effects of those uncorrected financial statement misstatements
aggregated by the auditor during the audit are immaterial, both individually and in the
aggregate, to the financial statements taken as a whole. A summary of such items
should be included in or attached to the written representations.
In certain instances, the only audit evidence that can be available to the auditor is that obtained
from inquiry. Therefore, the need to obtain written representations from management arises.
Where representations relate to matters that are material to the financial statements, the
engagement team should:
- Seek corroborative audit evidence from sources inside or outside the entity;
- Evaluate the reasonableness of management representations and consistency with other
audit evidence; and
- Consider whether the individuals making the representations are knowledgeable on
those particular matters.
Where' other audit evidence could reasonably be expected to be available, management
representations cannot be substituted for that audit evidence. For example, a representation by
management as to the cost of an asset is not a substitute for the audit evidence of such cost that
an engagement team would ordinarily expect to obtain.
Where audit evidence is reasonably expected to be available, relating to a matter that is
material to the financial statements, and the engagement team is unable to obtain such
evidence, consideration should be given to modifying the auditor's report with a limitation of
scope paragraph. This will be the case even if management representation on that particular
matter has been received.
Where management representations are contradicted by other audit evidence, the engagement
team should investigate the circumstances and, if need be, reconsider the reliability of other
representations made by management.
Documentation
In Audit Evidence, documentary evidence is more reliable than oral evidence. Thus,
management's representations should be obtained in a written form. This also reduces the
possibility of misunderstandings between the engagement team and management. The
basic elements of the management representation letter are:
- It should be addressed to the auditor.
- It is dated the same date as the auditor's report.
- It is normally signed by members of management who have responsibility for the entity
and its financial aspects (normally the directors), based on the best of their knowledge
and belief.
General points of good practice are as follows:
a) It should make clear that the object of the audit is not to discover fraud, but to report on
the financial statements. The matters referred to have been discovered incidentally to the
main objective.
b) The points should be listed logically.
c) There is no point in drawing attention to a weakness which is inherent in the nature or
size of the business, or it's totally trivial.
d) Only the weakness should be noted. It should not be implied that no fraud is taking
place although the possible consequences of the weaknesses can be expanded upon.
e) Recommendations for improvements should be made in respect of each weakness. 0
Communications in respect of recommendations should be made on a timely basis.
The management letter will normally be a natural by-product of the audit, and the auditor
should incorporate the need to issue the letter in the planning of the audit. The letter should be
sent as soon as possible after completion of the audit procedures giving rise to the need to
comment.
Where audit work is carried out in more than one stage it may be appropriate to issue a letter at
the interim audit stage as well as the final audit stage.
It is important that the management letter is sent and responded to on a timely basis (at the
audit completion stage) in order to have impact, be effective and acted upon by the client. It is
important to discuss all the points in the letter with management before the letter is issued. Any
significant matters should be brought to management's attention immediately first verbally
followed. up in writing. It is essential that the contents of the letter are considered by the
management. A copy of the letter with replies should be kept on the file. Significant matters
should be followed up after the client's response by way of discussion or the performance of
system tests. Normally, it is usual for the auditor to review points made in previous years at the
first subsequent audit visit.
When a group of companies is involved, the management of the holding company may want to
be informed of significant points arising in the reports of the management of the subsidiaries.
The auditor must obtain permission from the management of the subsidiary before releasing
such information.
Any report made to management should be regarded as confidential communication. The

auditor should therefore not normally reveal the contents of the report to any third party
without the prior written consent of the management of the company.
In practice, the auditor has little control over what happens to the report once it has been
dispatched.
Occasionally, management may provide third parties e.g. their bankers, with copies of the
report.
The auditor can use a disclaimer of liability against foreseen liability to third parties but this
may not give full protection from liability where the auditor knows or ought to know that a
report to management may be passed to a third party who would rely on it.
QUALITY CONTROL AND REVIEW
Engagement Quality Control Review

For audits of financial statements of listed entities, and those other audit engagements, if any,
for Which the firm has determined that an engagement quality control review is required, the
engagement partner shall:
a) Determine that an engagement quality control reviewer has been appointed;
b) Discuss significant matters arising during the audit engagement, including those
identified during the engagement quality control review, with the engagement
quality control reviewer; and
c) Not date the auditor's report until the completion of the engagement quality
control review.
The engagement quality control reviewer shall perform an objective evaluation of the
significant-judgments made by the engagement team, and the conclusions reached in
formulating the auditor's report.
This evaluation shall involve:
a) Discussion of significant matters with the engagement partner;
b) Review of the financial statements and the proposed auditor's report;
c) Review of selected audit documentation relating to the significant judgments the
engagement team made and the conclusions it reached; and
d) Evaluation of the conclusions reached in formulating the auditor's report and
consideration of whether the proposed auditor's report is appropriate
For audits of financial statements of listed entities, the engagement quality control reviewer,
on performing an engagement quality control review, shall also consider the following:
a. The engagement team's evaluation of the firm's independence in relation to the audit
engagement;
b. Whether appropriate consultation has taken place on matters involving differences of
opinion or other difficult or contentious matters, and the conclusions arising from those
consultations; and
c. Whether audit documentation selected for review reflects the work performed in
relation to the significant judgments and supports the conclusions reached.
If differences of opinion arise within the engagement team, with those consulted or, where
applicable, between the engagement partner and the engagement quality control reviewer, the
engagement team shall follow the firm's policies and procedures for dealing with and resolving
differences of opinion.
An effective system of quality control includes a monitoring process designed to provide the
firm with reasonable assurance that its policies and procedures relating to the system of quality
control are relevant, adequate, and operating effectively. The engagement partner shall consider
the results of the firm's monitoring process as evidenced in the latest information circulated by
the firm and, if applicable, other network firms and whether deficiencies noted in that
information may affect the audit engagement.
ROLE OF AUDITORS IN RECEIVERSHIPS AND LIQUIDATION
The meaning of insolvency

A company is insolvent if the value of its assets is less than its liabilities — in other words, the
statement of financial position shows a position of net liabilities. If all of the company's assets
were sold at book value, the existing liabilities could not be paid. This is a more fundamental
problem than simply being short of cash.
Company directors are charged with monitoring financial position and performance. This is
especially important when the company is experiencing financial difficulties, as a company
experiencing cash flow problems can quickly turn insolvent. When a company is facing
insolvency, the directors must consider the interests of creditors (payables), shareholders and
other stakeholders,, which is impossible to do without up-to-date financial information.
Directors must, therefore, prepare and monitor financial statements and cash flow and profit
forecasts on a regular basis in order to determine the financial position of the company.
Auditors may be asked to advise on whether a company is insolvent, or to review historic or
projected financial information. Having up-to-date financial information and taking
professional advice may also help to protect directors from legal claims such as wrongful
trading or misfeasance.
Options available
The directors of an insolvent company face a difficult decision. Should they comtinue_to trade,
in the hope that the company's performance and position will improve, or should they cut their
losses and wind up the company? This is a dilemma that the auditor may be asked to help
resolve by evaluating the advantages and disadvantages of the options available, and considering
the impact of each on the relevant parties, including creditors, shareholders, management and
employees. The auditor may also be asked to explain the procedures involved in placing a
company into administration or liquidation, as directors will usually have limited knowledge in
this area.

Administration
If the directors decide to try to save the company, it can be placed into administration, which
offers some breathing space and legal protections while a rescue plan is formulated to try to
preserve the company's going concern status. The main advantage of administration is that
once an administrator is appointed, a moratorium over the company's debts commences
meaning that it is not possible for a winding up petition to be presented at court by the
company's creditors (payables) — thus allowing time for the rescue plan to be designed and
initiated.
A company in administration is under the control of the appointed administrator who is given a
short period of time (usually eight weeks) to set out a proposal for achieving the aim of the
administration, or to decide that it is not reasonable that the company can be rescued. A
creditors' meeting is called, at which the proposals are accepted or rejected. The administrator
takes over management of the company and has the power to appoint and remove directors.
The process for appointment of an administrator varies, and may or may not involve a court
order. A company, its directors or one or more creditors (payables) can apply to the court for
the appointment of an administrator. The court will grant an administration order only if it is
satisfied that the company is — or is likely to become insolvent, and that the administration
process is likely to achieve its purpose of rescuing the company as a going concern. It is also
possible for an administrator to be appointed without a court order, either by a floating
chargeholder, or by the company or its directors.
Liquidation
If the company cannot be saved, then liquidation or 'winding up' is likely to be initiated. The
company will cease to trade, assets are sold, liabilities are paid (to the extent allowed by the
proceeds from the sale of assets and by applying the rules for allocation of assets), and
eventually the company will be dissolved. Once liquidation proceedings are under way share
dealings must stop, and the directors lose their power to manage the company:
The procedures involved in placing a company into liquidation are complicated by the fact that
there are different ways that the process is initiated — compulsory liquidation, members'
voluntary liquidation, and creditors' voluntary liquidation. Compulsory liquidation is usually
initiated by one or more creditors, who apply to the court and must demonstrate that the
company is unable _to, pay its debts. A creditor who is owed and who has served the company
with a written demand for payment that has not been settled, has grounds to apply to the court
for compulsory liquidation. In less common circumstances, a member (shareholder) who is
dissatisfied with the directors' management of the company may petition the court for the
company to be wound up on the just and equitable ground. For this to be successful, the member
has to demonstrate to the court that winding up is the only remedy available. Voluntary
liquidation can occur through two different routes — a member's voluntary liquidation, or a
creditors' voluntary liquidation. The former is used where the company is solvent, and can only
take place when the directors have made a declaration of solvency. Creditors have no
involvement with this type of liquidation, as the declaration of solvency means that they will be
paid in full and therefore have no risk exposure. Shareholders pass a resolution to wind up the
company and appoint a liquidator, who is responsible for closing down the company.

Voluntary liquidation can occur through two different routes — a member's voluntary
liquidation, or a creditors' voluntary liquidation. The former is used where the company is
solvent, and can only take place when the directors have made a declaration of solvency.
Creditors have no involvement with this type of liquidation, as the declaration of solvency
means that they will be paid in full and therefore have no risk exposure. Shareholders pass a
resolution to wind up the company and appoint a liquidator, who is responsible for closing
down the company.
In contrast, in a creditors' voluntary liquidation the creditors are heavily involved with
proceedings, as in this case the company is not solvent, and therefore creditors face the risk that
they Will not be paid the full amount owing to them. The process is started by a shareholders'
meeting where a resolution is passed to agree that the company should be wound up, but
subsequently, the creditors' wishes over the appointment of the liquidator and the process of
winding up will override the wishes of the shareholders.
Allocating company assets An important issue arising on liquidation is the order of priority for
allocating company assets. This is especially important for creditors and shareholders because,
by definition, an insolvent company cannot pay everything that is owed. The amounts that will
be paid on liquidation depend on matters such as whether debts are secured or unsecured,
whether charges over assets are fixed or floating in nature, whether shareholders own
preference or equity shares, the costs suffered by the liquidator (which are generally paid first)
and the amount of preferential creditors (including employees' salaries and other benefits in
arrears). In most liquidations equity shareholders receive very little, and usually nothing, as they
rank last in the order of priority in allocating company assets. The auditor of an insolvent or
potentially insolvent company may be asked to advice on the allocation of company assets

TOPIC 9
AUDIT REPORT
th
7 SCHEDULE PROVISIONS ON AUDIT REPORT
Companies Act stipulates the statements that should be expressly stated in the auditor‘s
report. These are;
1. Whether they have obtained all the information and explanations which to the best of
their knowledge and belief were necessary for the purposes of their audit.
2. Whether in their opinion, proper books of account have been kept by the company, so far
as appears from their examination of those books, and proper returns adequate for
the purposes of their audit have been received from branches not visited by them.
3.
- Whether the company's balance sheet and (unless it is framed as a consolidated profit
and loss account) profit and loss account dealt with by the report are in agreement
with the books of account and returns.
- Whether, in their opinion and to the best of their information and according to the
explanations given to them, the said accounts give the information required by this
Act in the manner so required and give a true and fair view—
(a) in the case of the balance sheet, of the state of the company's affairs as at the
end of its financial year; and
(b) in the case of the profit and loss account, of the profit or loss for its financial
year; or, as the case may be, give a true and fair view thereof subject to the
non-disclosure of any matters (to be indicated in the report) which by virtue of
Part III of the Sixth Schedule are not required to be disclosed.
4. In the case of a company which is a holding company and which submits group accounts
whether, in their opinion, the group accounts have been properly prepared in accordance
with the provisions of this Act so as to give a true and fair view of the state of affairs and
profit or loss of the company and its subsidiaries dealt with thereby, so far as concerns
members of the company, or, as the case may be, so as to give a true and fair view
thereof subject to the non-disclosure of any matters (to be indicated in the report) which
by virtue of Part III of the Sixth Schedule are not required to be disclosed.
When financial statements are finalised, they usually must contain an evaluation – an auditor's
report - from a licensed accountant or auditor. This report provides an overview of the
evaluation of the validity and reliability of a company or organization‘s financial statements.
The goal of an auditor's report is to document reasonable assurance that a company‘s financial
statements are free from error.

An audit of a company‘s financial statements should result in a report wherein the accountant
or auditor is free to share their opinion about the validity and reliability of a company‘s
In this report, the auditor should provide an accurate picture of the company and their financial
statements. The auditor should also state whether they are externally or internally connected to
the company.
Within the report, the auditor can share any reservations about the condition of the company‘s
finances or relevant additional information. Reservations could arise if the auditor disagrees
with something found in the financial statements, e.g. if the auditor disagrees with management
about the valuation of an asset because they believe that this has a more significant impact on
the financial statements.
In the report there are rules concerning what an auditor's report should include and the order in
which various items should be reported.
Auditor's reports must adhere to accepted standards established by governing bodies. The
governing bodies help to assure external users that the auditor's opinion on the fairness of
financial statements is based on a commonly accepted framework.
BASIC ELEMENTS
The Companies Act does not stipulate the form the auditor‘s report should take. The auditing
standards seek to ensure that the auditor‘s report is clear and unambiguous. To this end, it
seeks to standardize the form of the auditor‘s report. It does this by giving the basic elements
of the auditor‘s report.
i. Appropriate report title
Auditing standards require that the report be titled and that the title includes the word
―independent‟ e.g. independent auditors report‟ . The requirement that the title includes the
word independent is intended to convey to users that the audit was unbiased in all aspects.
ii. Address
The report is usually addressed to the company, its stockholders or the board of directors. For
practical reasons, it limits the users of auditor‘s report.
iii. Introductory paragraph
The first paragraph has three purposes, fist, it makes a statement that the practice did an audit.
Secondly, it lists all the financial statements that were audited including the balance sheet dates
and accounting periods for the income statement and cash flow statement. The wording of the
financial statements in the report should be identical to those used by management on
the financial statements. Thirdly, the introductory paragraph states that the statements are the
responsibility of management and that the auditor‘s responsibility is to express an opinion on
the statements based on the audit.
iv. Scope paragraph
This paragraph is a factual statement about what the auditor did in the audit. This paragraph
states how the audit was planned and performed in accordance with ISAs and states that the
audit is designed to obtain reasonable assurance whether the financial statements are free of
material misstatements.
v. Opinion paragraph
This final paragraph states the auditors conclusions based on the results of the audit. This part
of the report is so important that often the audit report is simply called the auditor‘s opinion.
The opinion paragraph is stated as an opinion rather than a statement of absolute fact or a
guarantee.
vi. Audit report date
The appropriate date for the report is the one on which the auditor has completed the most
important audit procedures in the field. This date is important to users of financial statements
as it indicates the last day of auditor‘s responsibility for review of significant events that have
occurred after date of financial statements.
vii. Name of audit firm
The firm‘s name is used because the entire firm has the legal responsibility to ensure that the
quality of audit meets professional standards.
TYPES OF OPINIONS
a) Unqualified opinion.
b) Disclaimer opinion
c) Qualified opinion
d) Adverse opinion
Unqualified opinion
This is issued when the auditor is satisfied in all material aspects that enable him express the
required opinion on financial statements without any reservation. This is sometimes called a
clean opinion. It is expressed when the auditor concludes that the financial statements give a
true and fair view in accordance with the relevant financial reporting standards.
Emphasis on matter report
There are occasions when the auditor has no reservation as to the financial statements but where
they exists unusual events, conditions or accounting policies and he feels that unless the reader
may not reach a proper understanding of the financial position and results. In such
circumstances, the auditor should express an unqualified opinion including an extra paragraph
called „emphasis of the matter paragraph‟ to draw attention of the reader to the unusual matter.
The addition of such an emphasis of matter paragraph does not lead to a qualification of the
audit opinion but is intended to enable the reader obtain a better understanding. To avoid this
being understood as a qualification, the emphasis of the matter paragraph should contain the
phrase ―without qualifying our opinion‟ .
Practical circumstances requiring emphasis of matter paragraph are:
i. Unusual condition would include destruction of assets after balance sheet date but the
company remains a going concern.
ii. The company being insolvent on the face of its own balance sheet but the auditor has
letters of support which he is satisfied can be fulfilled by the other party thus he will
accept appropriateness of the going concern assumption. Unusual events could also
include changes in the legislation that could have a material impact on the entity‘s
business operations subsequent to the balance sheet date. Unusual accounting policies
that may lead to emphasis of matter paragraph would involve those matters not covered
by any accounting standard.
iii. Inherent uncertainties that may call for emphasis of matter paragraph would include
contingencies at the balance sheet date which have not been resolved at the date of
signing the auditor‘s report.
iv. Negotiations for financing which have not been financed by date of signing of the
auditor‘s report.

The format of the unqualified audit report
Here is the illustrative unqualified report from ISA 700
Auditor‘s Report
(APPROPRIATE ADDRESSEE)
We have audited the accompanying balance sheet of the ABC Company as of December
31, 20x1, and the related statements of income, and cash flows for the year then ended.
These financial statements are the responsibility of the Company‘s management. Our
responsibility is to express an opinion on these financial statements based on our audit.
We conducted our audit in accordance with International Standards on Auditing (or refer to
relevant national standards or practices). Those standards require that we plan and perform
the audit to obtain reasonable assurance about whether the financial statements are free of
material misstatement. An audit includes examining, on a test basis, evidence supporting
the amounts and disclosures in the financial statements. An audit also includes assessing
the account principles used in significant estimates made by the management, as well as
evaluating the overall financial statement presentation. We believe that our audit provides
a reasonable basis for our opinion.
In our opinion, the financial statements give a true and view of (or „present fairly, in all
material respects,‟ ) the financial position of the Company as of December 31, 20x1 and
of results of its operations and its cash flows for the year then ended in accordance with
… (and comply with ….)
AUDITOR
Date
Address‟
Footnotes:
1. Reference may be by page numbers
2. Indicate IASs or relevant national standards
3. Refer to relevant statues or law

Qualifications of audit reports
When the auditor has reservation on any matter that is considered material to the financial
statements, he may introduce qualifying remarks in the audit report. The auditor‘s reservation
could arise out of the following;
Limitation on the scope of his work.
Disagreement with management.
Significant uncertainty affecting financial statements, the resolution of which is
dependent upon future events.
b) Qualified audit opinion or except for opinion.
This is expressed when auditor concludes that unqualified opinion cannot be expressed but that
the effect of any disagreement with management or limitation in scope is not so material and
pervasive as to require an adverse opinion or disclaimed opinion. A qualified opinion implies
that all aspects of the financial statements are okay expect for the effects of the matters which
the qualifications relate.
c) Disclaimer of opinion.
This is issued when the possible effect of a limitation in scope or uncertainty is so material or
pervasive that the auditor has not been able to obtain sufficient appropriate audit evidence, as a
result he is unable to express an opinion on financial statements. A disclaimer of opinion implies
that the auditor is unable to form an opinion because sufficient audit evidence could not be
obtained.
d) Adverse opinion.
This is expressed when the effects of a disagreement is so material and pervasive to the
financial statements that the auditor concludes that a qualification of the report is not adequate
to disclose the misleading and incomplete nature of the financial statements. The auditor states
that due to the nature of the disagreement in his opinion, the financial statements do not show
true and fair view.

Limitation of scope
If for any reason the auditor is unable to receive all the information and explanations he deems
necessary for the purposes of his audit, then there is a limitation in scope of his work. It means
that the auditor to conclude his work objectively. This could arise due to the following reasons;
Refusals by management to allow the auditor examine certain documents or records.

If the auditor is denied the opportunity to carry out an auditing procedure he considers
important and he cannot conclude through alternative procedures, then there is
limitation of scope in auditor‘s work.
Destruction of accounting records or documents through fire of other disaster meaning
that such documents or records are not available for examination by the auditor.
Being appointed auditor after the year end with the result that certain evidence will not
be collected.
Effects of limitation in scope on the auditor’s opinion
If the possible effect of limitation in scope of an audit is material but not fundamental to the
financial statements, the auditor issues a qualified opinion. (Except for opinion.)
If the possible effect of limitation in scope of an audit is of fundamental importance that the
auditor is unable to express an opinion on the financial statements, the auditor issues a
disclaimer of opinion as mentioned above.
When there is a limitation in scope of auditor‘s work that requires the expression of a qualified
opinion or a disclaimer of opinion, the auditor should describe the nature of the limitation in his
report and indicate the possible adjustments to the financial statements that might have been
determined to be necessary, had the limitation not existed.
Examples of modified reports
(a) Limitation on scope
(i) Limitation on scope – qualified person

„We have audited … (remaining words are the same as illustrated in the introductory
paragraph of the unqualified above).
Except as discussed in the following paragraph, we conducted our audit in accordance

with….(remaining words are the same as illustrated in the scope paragraph of the
unqualified report above).

We did not observe the counting of the physical inventories as of December 31, 20x1,
since that date was prior to the time we were initially engaged as auditors‘ fir the
company. Owing to the nature of the company‘s records, we were unable to satisfy
ourselves as to inventory quantities by other audit procedures.
In our opinion, except for the effects of such adjustments, if any, as might have been
determined to be necessary had we been able to satisfy ourselves as to physical
inventory quantities, the financial statements give a true and (remaining words are the
same as illustrated in the opinion paragraph of the unqualified report above).‟
(ii) Limitation on scope – disclaimer of opinion

„We are engaged to audit the accompanying balance sheet of the ABC Company as of
December 31 20x1 and the related statements of income, and cash flows for the year then
ended. These financial statements are the responsibility of the Company‘s management.
(Omit the sentence stating the responsibility of the auditor).
(The paragraph discussing the scope of the audit would either be omitted or amended
according to the circumstances.)
(Add a paragraph discussing the scope limitations as follows:)
We were not able to observe all physical inventories and confirm accounts receivable due
to limitations placed on the scope of our work by the company.
Because of the significance of the matters discussed in the preceding paragraph we do not
express an opinion on the financial statements.
Inherent uncertainties
Inherent uncertainties result from circumstances in which it is impossible for the auditor to
reach any objective conclusion as to the outcome of a situation due to the circumstances
themselves rather than a limitation of scope of the audit. Such uncertainties are only resolved
through the passage of time e.g. to wait for the outcome of a litigation. However, time is a
great constraint and financial statements must be prepared within the required time. The
auditor should form an opinion on the adequacy of the accounting treatment of such
uncertainties. This will involve consideration of:
The appropriateness of any accounting policies adopted by the management in treating
the effect of such uncertainties.
The reasonableness of the estimates included in the financial statements.

The adequacy of disclosure of the uncertainties.
Some inherent uncertainties are fundamental. These are uncertainties where the degree of
uncertainty and its potential impact on the view given by the financial statements may very
great.
In determining whether an uncertainty is fundamental, the auditor considers the following:
The risk of the estimate included in the balance sheet being subject to change.
The range of possible outcomes.
The consequences of those outcomes on the view given by the financial statements.
Inherent uncertainties are considered fundamental when they involve a significant level
of concern about the validity of the going concern assumption or other matters whose
potential effect on the financial statements is usually great.
Disagreement
Under disagreement, the auditor is able to conclude objectively that he has received all the
information and explanations he considers necessary for the purpose of the audit. But his
conclusion is at variance with the position adopted by the management or the view given by
the financial statements. Circumstances giving rise to disagreements include;
Application of inappropriate records by the management.

Some facts or amounts included in the financial statements e.g. the auditor may feel
that the amount provided for as a contingent loss arising from a lawsuit against the
company is too low.
Interpretation of accounting policies or legislation.
Manner, mode or extent of disclosure of facts or amounts in the financial statements.
Whether the auditor agrees with the accounting treatment or disclosure of a matter in the
financial statements and in the auditor‘s opinion, the effect of that disagreement is material to
the financial statements, the auditor should;
Include in his report a description of all the factors giving rise to the disagreement.
The implications of such factors on the financial statements.
A quantification of the effect on the financial statements.

Examples
(i) Disagreement on Accounting Policies- Inappropriate Accounting method – Qualified

Opinion
„We have audited ….(remaining words are the same as illustrated in the introductory
paragraph of the unqualified report above.)
We conducted our audit in accordance with … (remaining words are the same as
illustrated in the scope paragraph of the unqualified report above).
As discussed in Note X to the financial statements, no depreciation has been provided in

the financial statements which practice, in our opinion, isn‘t in accordance with
International
Accounting Standards. The provision for the year ended December 31, 20x1 should be
based on the straight line method of depreciation using annual rates of 5% for the
building and 20% for the equipment. Accordingly the non current assets should be
reduced by the accumulated depreciation of xxx and the loss for the year and
accumulated deficit should be increased by xxx and xxx respectively.
In our opinion, except for the effect on the financial statements of the matter referred to in
the preceding paragraph, the financial statements give a true and …. (Remaining words are
the same as illustrated in the opinion paragraph of the unqualified report above).
(ii) Disagreement on Accounting Policies – inadequate disclosure – qualified opinion

„We have audited … (remaining words are the same as illustrated in the introductory
paragraph of the unqualified report above).
We conducted our audit in accordance with…. (Remaining words are the same as
illustrated in the scope paragraph of the unqualified report above.
On January 15, 2OO7, the company issued debentures in the amount of xx for the
purpose of financing plant expansion. The debenture agreement restricts the payment
of future cash dividends to earnings after December 31, 20x1. In our opinion,
disclosure of this information is required by …. (Insert reference to statutory or
regulatory requirement).
In our opinion, except for the omission of the information included in the preceding
paragraph, the financial statements give a true and … (remaining words are the same as
illustrated in the opinion paragraph of the unqualified report above).

(iii) Disagreement on Accounting Policies – inadequate disclosure – adverse opinion
We have audited … (remaining words are the same as illustrated in the introductory
paragraph of the unqualified report above).
We conducted our audit in accordance with.. (Remaining words are the same as illustrated
in the scope paragraph of the unqualified report above.
In our opinion, because of the effects of the matters discussed in the preceding
paragraph(s), the financial statements do not give a true and fair of (or do not „present
fairly‟ ) the financial position of the company as at December 31, 20x1, and of result of its
operations and its cash flows for the year then ended in accordance with (insert relevant
IASs or national standards) ..
And do not comply with …… (Insert relevant statutes or law).
Effects of disagreements on auditor’s opinion
When the auditor concludes that the effect of the matter giving rise to disagreement is so
fundamental that the financial statements are misleading, the auditor should issue an adverse
opinion.
If the nature of the disagreement is material but not fundamental, the auditor should issue a
qualified opinion indicating that all other aspects of the financial statements are okay except
for the matter giving rise to the disagreement.
Material but not pervasive
The auditor may not include qualifying remarks in his audit report unless the matter is material.
Material but not pervasive means that the reservation the auditor has is material in the context
of a segment of the financial statements but not to the financial statements taken as a whole.
Material and pervasive
A matter becomes material and pervasive when it is material in the context of the financial
statements taken as a whole. A limitation of scope becomes pervasive when it makes the
financial statements misleading for decision making purposes or of little value for decision
making purposes. A disagreement becomes pervasive when it makes the financial statements
taken as a whole to be totally misleading.

Qualification matrix
Nature of circumstance Material but not significant Fundamental
Limitation of scope or Qualified opinion (except for opinion) Disclaimer of opinion

uncertainty
Disagreement Qualified opinion (except for opinion) Adverse opinion
Going Concern (ISA 570)
The going concern concept is a fundamental concept of IAS 1 (disclosure of accounting

policies) which governs the preparation and presentation of financial statements. This concept
states that the transactions and the financial statements have to be recognized and prepared in
such a way that the entity shall continue with operations for the foreseeable future period and
shall not cease to be in existence, stop or curtail is present production either currently or in the
near future.
The auditor when reporting on the financial statements is categorically concerned of the going
concern concept because;
It affects true and fair view of the financial statements
It facilitates qualification of audit reports.
It confirms compliance of financial statements with the generally accepted accounting
principles and policies.
The auditor‘s main interest will be that all material matters affecting the financial
statements have been disclosed.
If fundamental accounting principles governing the financial statements have been properly
observed in all material aspects, the financial statements presented show a true and fair view.
Appropriateness of going concern assumption
The auditor should consider the risk that the going concern assumption may no longer be
appropriate. Indications of the risk that the continuance as a going concern may be
questionable could come from the financial statements or from other sources. Examples of
such indications are as follows:
a. Financial indicators.
Changes of the financial position of the company drastically within a short period of
time especially from bad to worse.
Financial difficulties affecting the company‘s production process and sales.
Changes of credit policies especially from credit to cash on delivery.
Difficulties in paying salaries and wages of employees.
Increased financial borrowing.
b. Non financial indicators.
High staff turnover in key accounting and managerial officials and finance personnel
especially without replacement.
Unfriendly environment between management and management and employees
Unusual pressure within the entity for no apparent reason.
Circumstances of labour disputes e.g. strikes by employees leading to demonstrations
ad protests.
Where the entity relies heavily on a customer for sale of its products or for marketing
its output.
Pending legal proceedings against the entity that may, if successful, result in
judgements that could not be met.
Non compliance with capital and other statutory requirements.
The significance of such indications can often be mitigated by other factors. For example, the
effect of an entity being unable to make its normal debt repayments may be counterbalanced y
management‘s plans to maintain adequate cash flows by alternative means, such as by disposal
of assets, rescheduling of loan repayments, or obtaining additional capital. Similarly, the loss of
a principal supplier may be mitigated by the availability of a suitable alternative source of
supply.

TOPIC 10
AUDITING IN THE PUBLIC SECTOR
INTRODUCTION TO AUDITING IN THE PUBLIC SECTOR; REGULATORY

PROVISIONS
Objectives of public-sector auditing
1. The public-sector audit environment is that in which governments and other public-
sector entities exercise responsibility for the use of resources derived from taxation and
other sources in the delivery of services to citizens and other recipients. These entities
are accountable for their management and performance, and for the use of resources,
both to those that provide the resources and to those, who depend on the services
delivered using those resources, for example citizens, Public-sector auditing helps to
create suitable conditions and reinforce the expectation that public-sector entities and
public servants will perform their functions effectively, efficiently, ethically and in
accordance with the applicable laws and regulations.
2. In general public-sector auditing can be described as a systematic process of objectively
obtaining and evaluating evidence to determine whether information or actual conditions
conform to established criteria. Public-sector auditing is essential in that it provides
legislative and oversight bodies, those charged with governance and the general public
with information and. independent and objective assessments concerning the stewardship
and performance of government policies, programs or operations.
3. Supreme Audit Institutions serve this aim as important pillars of their national
democratic systems and governance mechanisms and play an important role in
enhancing public-sector administration by emphasizing the principles of transparency,
accountability, governance and performance.
Public-sector auditing contributes to good governance by:
1. Providing the intended users with independent, objective and reliable information,
conclusions or opinions based on sufficient and appropriate evidence relating to public
entities;
2. Enhancing accountability and transparency, encouraging continuous improvement and
sustained confidence in the appropriate use of public funds and assets and the
performance of public administration;
3. Reinforcing the effectiveness of those bodies within the constitutional arrangement that
exercise general monitoring and corrective functions over government, and those
responsible for the management of publicly-funded activities;
4. Creating incentives for change by providing knowledge,- comprehensive analysis and

well- founded recommendations for improvement.
Types of public-sector audit
In general, public-sector audits can be categorized into three main types: audits of financial
statements, performance audits and audits of compliance with authorities.
1. Financial audit focuses on determining whether an entity's financial information is
presented in accordance with the applicable financial reporting and regulatory
framework. This is accomplished by obtaining sufficient and appropriate audit evidence
to enable the auditor to express an opinion as to whether the financial information is free
from material misstatement ^ due to fraud or error.
2. Performance audit focuses on whether interventions, programmes and institutions are
performing in accordance with the principles of economy, efficiency and effectiveness
and whether there is room for improvement. Performance is examined against suitable
criteria, and the causes of deviations from those criteria or other problems are analyzed.
The aim is to answer key audit questions and to provide recommendations for
improvement.
3. Compliance audit focuses on whether a particular subject matter is in compliance with
authorities identified as criteria. Compliance auditing is performed by assessing whether
activities, financial transactions and information are, in ail material respects, in
compliance with the authorities which govern the audited entity. These authorities may
include rules, laws and regulations, policies, established codes, agreed terms or the
general principles governing sound public-sector financial management and the conduct
of public officials.
ELEMENTS OF PUBLIC-SECTOR AUDITING
All public-sector audits have the same basic elements: the auditor, the responsible party,
intended users (the three parties to the audit), the subject matter and the criteria for assessing
the subject matter.
1. The auditor: In public-sector auditing the role of auditor is fulfilled by the Head of the
SA1 and by persons to whom the task of conducting the audits is delegated. The overall
responsibility for public-sector auditing remains as defined by the SAI's mandate.
2. The responsible party: In public-sector auditing the relevant responsibilities are
determined by constitutional or legislative arrangement. The responsible parties may be
responsible for managing the subject matter or for addressing recommendations, and
may be individuals or organizations.
3. Intended users: The individuals, organizations or classes thereof for whom the auditor
prepares the audit report. The intended users may be legislative or oversight bodies,
those charged with governance or the general public.
4. Subject matter refers to the information, condition or activity that is measured or
evaluated against certain criteria. It can take many forms and have different
characteristics depending on the audit objective, An appropriate subject matter is

identifiable and capable of consistent evaluation or measurement against the criteria,
such that it can be subjected to procedures for gathering sufficient and appropriate audit
evidence to support the audit opinion or conclusion.
5. The criteria are the benchmarks used to evaluate the subject matter. Each audit should
have criteria suitable to the circumstances of that audit. In determining the suitability of
criteria the auditor considers their relevance and understandability for the intended users,
as well as their completeness, reliability and objectivity. The criteria used may depend
on a range of factors, including the objectives and the type of audit. Criteria can be
specific or more general, and may be drawn from various sources, including laws,
regulations, standards, sound principles and best practices. They should be made
available to the intended users to enable them to understand how the subject matter has
been evaluated or measured
Types of engagement
There are two types of engagement:

In attestation engagements the responsible party measures the subject matter against the
criteria and presents the subject matter information, on which the auditor then gathers
sufficient and appropriate audit evidence to provide a reasonable basis for expressing an
opinion on the reasonableness of a certain assertion.
In direct reporting engagements it is the auditor who measures or evaluates the subject
matter against the criteria. The auditor selects the subject matter and criteria, taking into
consideration risk and materiality. The outcome of measuring the subject matter against
the criteria is presented in the audit report in the form of findings, conclusions,
recommendations or an opinion. The audit of the subject matter may also provide new
information, analyses or insights.
Confidence and assurance in public-sector auditing
The need for confidence and assurance

The Intended users will wish to be confident about the reliability and relevance of the
information which they use as the basis for taking decisions. Audits therefore provide
information based on sufficient and appropriate evidence, and auditors should perform
procedures to reduce or manage the risk of reaching inappropriate conclusions. The level of
assurance that can be provided to the intended user should be communicated in a transparent
way. Due to inherent limitations, however, audits can never provide absolute assurance.

Forms of providing assurance
Depending on the audit and the users' needs, assurance can be communicated in two
ways:
Through opinions and conclusions which explicitly convey the level of assurance. This
applies to ah attestation engagements and certain direct reporting engagements.
In other forms in some direct reporting engagements the auditor does not give an
explicit statement of assurance on the subject matter. In such cases the auditor provides
the users with the necessary degree of confidence by explicitly explaining how findings,
criteria and conclusions were developed in a balanced and reasoned manner, and why
the combinations of findings and criteria result in a certain overall conclusion or
recommendation.
Levels of assurance
Assurance can be either reasonable or limited. Reasonable assurance is high but net absolute.
The audit conclusion is expressed positively, conveying that, in the auditor's opinion, the subject
matter is or is not compliant in all material respects, or, where relevant, that the subject matter
information provides a true and fair view, in accordance with the applicable criteria. When
providing limited assurance, the audit conclusion states that, based on the procedures
performed, nothing has come to the auditor's attention to cause the auditor to believe that the
subject matter is not in compliance with the applicable criteria. The procedures performed in a
limited assurance audit are limited compared with what is necessary to obtain reasonable
assurance, but the level of assurance is expected, in the auditor's professional judgement, to be
meaningful to the intended users. A limited assurance report conveys the limited nature of the
assurance provided.
PRINCIPLES OF PUBLIC-SECTOR AUDITING
General principles
1. Ethics and independence- Auditors should comply with the relevant ethical
requirements and be independent Ethical principles should be embodied in an auditor's
professional behaviour. The SAIs should have policies addressing ethical requirements
and emphasising the need for compliance by each auditor. Auditors should remain
independent so that their reports will be impartial and be seen as such by the intended
users.
2. Professional judgement, due care and skepticism- Auditors should maintain appropriate
professional behaviour by applying professional skepticism, professional judgment and
due care throughout the audit. The auditor's attitude should be characterized by
professional skepticism and professional judgement, which are to be applied when
forming decisions about the appropriate course of action. Auditors should exercise due
care to ensure that their professional behaviour is appropriate. Professional
skepticism means maintaining professional distance and an alert and questioning attitude
when assessing the sufficiency and appropriateness of evidence obtained throughout the
audit. It also entails remaining open-minded and receptive to all views and arguments.
Professional judgement implies the application of collective knowledge, skills and
experience to the audit process. Due care means that the auditor should plan and conduct
audits in. a diligent manner. Auditors should avoid any conduct that might discredit their
work.
3. Quality control- Auditors should perform the audit in accordance with professional
standards on quality control An SAI's quality control policies and procedures should
comply with professional standards, the aim being to ensure that audits are conducted at a
consistently high level. Quality control procedures should cover matters such as the
direction, review and supervision of the audit process and the need for consultation in
order to reach decisions on difficult or contentious matters.
4. Audit team management and skills- Auditors should possess or have access to the
necessary skills The individuals in the audit team should collectively possess the
knowledge, skills and expertise necessary to
successfullycompletetheaudit.Thisincludesanunderstandingandpracticalexperieaceofthet
ypeof audit being conducted, familiarity with the applicable standards and legislation, an
understanding of the entity's operations and the ability and experience to exercise
professional judgement. Common to all audits is the need to recruit personnel with
suitable qualifications, offer staff development and training, prepare manuals and other
written guidance and instructions concerning the conduct of audits, and assign sufficient
audit resources. Auditors should maintain their professional competence through ongoing
professional development.
5. Audit risk- Auditors should manage the risks of providing a report that is inappropriate
in the circumstances of the audit The audit risk is the risk that the gudit report may be
inappropriate. The auditor performs procedures to reduce or manage the risk o.f reaching
inappropriate conclusions, recognising that the limitations inherent to all audits mean that
an audit can never provide absolute certainty of the condition of the subject matter.
When the objective is to provide reasonable assurance, the auditor should reduce audit
risk to an acceptably iow level given the circumstances of the audit. The audit may also
aim to provide limited assurance, in which case the acceptable risk that criteria are not
complied with is greater than in a reasonable assurance audit. A limited assurance audit
provides a level of assurance that, in the auditor's professional judgment, will be
meaningful to the intended users.
6. Materiality- Auditors should consider materiality throughout the audit process

Materiality is relevant in all audits. A matter can be judged material if knowledge of it
would be likely to influence the decisions of the intended users. Determining materiality
is a matter of professional judgement and depends on the auditor's interpretation of the
users' needs. This judgement may relate to an individual item or to a group of items
taken together. Materiality is often considered in terms of value, but it
also has other quantitative as well as qualitative aspects. The inherent characteristics of
an item or group of items may render a matter material by its very nature. A matter may
also be material because of the context in which it occurs.
7. Documentation- Auditors should prepare audit documentation that is sufficiently

detailed to provide a dear understanding of the work performed, evidence obtained and
conclusions reached Audit documentation should include an audit strategy and audit
plan. It should record the procedures performed and evidence obtained and support the
communicated results of the audit. Documentation should be sufficiently detailed to
enable an experienced auditor, with no prior knowledge of the audit, to understand the
nature, timing, scope and results of the procedures performed, the evidence Obtained in
support of the audit conclusions and recommendations, the reasoning behind all
significant matters that required the exercise of professional judgement, and the related
conclusions.
8. Communication- Auditors should establish effective communication throughout the

audit process it is essential that the audited entity be kept informed of all matters
relating to the audit. This is key to developing a constructive working relationship.
Communication should include obtaining information relevant to the audit and
providing management and those charged with governance with timely observations
and findings throughout the engagement. The auditor may also have a responsibility to
communicate audit-related matters to other stakeholders, such as legislative and
oversight bodies.
Principles related to the audit process
Planning an audit
1. Auditors should ensure that the terms of the audit have been clearly established Audits
may be required by statute, requested by a legislative or oversight body, initiated by the
SAI or carried out by simple agreement with the audited entity, in ali cases the auditor,
the audited entity's management, those charged with governance and others as applicable
should reach a common formal understanding of the terms of the audit and their
respective roles and responsibilities, important information may include the subject,
scope and objectives of the audit, access to data, the report that will result from the audit,
the audit process, contact persons, and the roles and responsibilities of the different
parties to the engagement.
2. Auditors should obtain an understanding of the nature of the entity/programme to be
audited. This includes understanding the relevant objectives, operations, regulatory
environment, internal controls, financial and other systems and business processes, and
researching the potential sources of audit evidence. Knowledge can be obtained from
regular interaction with management, those charged with governance and other relevant
stakeholders. This may mean consulting experts and examining documents (including
earlier studies and other sources) in order to gain a broad understanding of the subject
matter to be audited and its context.
3. Auditors should conduct a risk assessment or problem analysis and revise this as
necessary in response to the audit findings. The nature of the risks identified will vary
according to the audit objective. The auditor should consider and assess the risk of
different types of deficiencies, deviations or misstatements that may occur in relation to
the subject matter, Both general and specific risks should be considered. This can be
achieved through procedures that serve to obtain an understanding of the entity or
programme and its environment, including the relevant internal controls. The auditor
should assess the management's response to identified risks, including its
implementation and design of internal controls to address them, in a problem analysis the
auditor should consider actual indications of problems or deviations from what should be
or is expected. This process involves examining various problem indicators in order to
define the audit objectives. The identification of risks and their impact on the audit
should be considered throughout the audit process.
4. Auditors should identify and assess the risks of fraud relevant to the audit objectives
Auditors should make enquiries and perform procedures to identify and respond to the
risks of fraud relevant to the audit objectives. They should maintain an attitude of
professional scepticism and be alert to the possibility of fraud throughout the audit
process.
5. Auditors should plan their work to ensure that ‘fee audit is conducted m an effective
and efficient manner
Planning for a specific audit includes strategy and operational aspects. Strategically,
planning should define the audit scope, objectives and approach. The objectives refer
to what the audit is intended to accomplish. The scope relates to the subject matter and
the criteria which the auditors will use to assess and report on the subject matter, and is
directly related to the objectives. The approach will describe the nature and extent of
the procedures to be used for gathering audit evidence. The audit should be planned to
reduce audit risk to an acceptably few fever.
Operationally, planning entails setting a timetable for the audit and defining the nature,
timing; and extent of the audit procedures. During planning, auditors should assign the
members of their team as appropriate and identify other resources that may be required,
such as subject experts

Conducting an audit
1. Auditors should perform audit procedures that provide sufficient appropriate audit
evidence to support the audit report. The auditor's decisions on the nature, timing and
extent of audit procedures will impact on the evidence to be obtained. The choice of
procedures will depend on the risk assessment or problem analysis.
2. Auditors should evaluate me the audit evidence and draw conclusions After completing
the audit Procedures, the auditor will review the audit documentation in order to
determine whether the subject matter has been sufficiently and appropriately audited.
Before drawing conclusions, the auditor reconsiders the initial assessment of risk and
materiality in the light of the evidence collected and determines whether additional audit
procedures need to be performed.
Based on the findings, the auditor should exercise professional judgement to reach a
conclusion on the subject matter or subject matter information.
Reporting and follow-up

Auditors should prepare a report based on the conclusions reached. The audit process involves
preparing a report to communicate the results of the audit to stakeholders, others responsible for
governance and the general public. The purpose is also to facilitate follow-up and corrective
action. In some SAIs, such as courts of audit with jurisdictional authority this may include
issuing legally binding reports or judicial decisions. Reports should be easy to understand, free
from vagueness or ambiguity and complete. They should be objective and fair, only including
information which is supported by sufficient and appropriate audit evidence and ensuring that
findings are put into perspective and context. The form and content of a report will depend on
the nature of the audit, the intended users, the applicable standards and legal requirements. The
SAIs mandate and other relevant laws or regulations may specify the layout or wording of
reports, which can appear in short form or long form.
Attestation engagements. In attestation engagements the audit report may express an opinion as
to whether the subject matter information is, in all material respects, free from misstatement
and/or whether the subject matter complies, in all material respects, with the established criteria,
in an attestation engagement the report is generally referred to as the Auditor
general’s report
Direct engagements In direct engagements the audit report needs to state the audit objectives
and describe how they were addressed in the audit, ft includes findings and conclusions on the
subject matter and may also include recommendations. Additional information about criteria,
methodology and sources of data may also be given, and any limitations to the audit scope
should be described.
The audit report should explain how the evidence obtained was used and why the resulting
conclusions were drawn, this will enable it to provide the intended users with the necessary
degree of confidence.

Opinion
When an audit opinion is used to convey the level of assurance, the opinion should be in a
standardized format. The opinion may be un modified or modified. An unmodified opinion is
used when either limited or reasonable assurance has been obtained. A modified opinion may
be:
Qualified (except for) - where the auditor disagrees with, or is unable to obtain
sufficient and appropriate audit evidence about, certain items in the subject matter
which could be material but not pervasive;
Adverse ~ where the auditor, having obtained sufficient and appropriate audit evidence,
concludes that deviations or misstatements, whether individually or in the aggregate, are
both material and pervasive;
Disclaimer of opinion - where the auditor is unable to obtain sufficient and appropriate
audit evidence due to an uncertainty or scope limitation which is both material and
pervasive.
ESTABLISHMENT AND MANDATE OF KENAO
The Office of the Auditor General draws its mandate from the Constitution of Kenya. Chapter
12, Part 6, Article 229 establishes the Office of the Auditor General. Article 229 states:
1. There shall be an Auditor-General who shall be nominated by the President and, with
the approval of the National Assembly, appointed by the President.
2. To be qualified to be the Auditor-General, a person shall have extensive knowledge of
public finance or at least ten years' experience in auditing or public finance
management.
3. The Auditor-General holds office, subject to Article 251, for a term of eight years and
shall not be eligible for re-appointment.
4. Within six months after the end of each financial year, the Auditor-General shall audit
and report, in respect of that financial year, on:-
The accounts of the national and county governments;
The accounts of all funds and authorities of the national and county governments;
The accounts of all courts;
The accounts of every commission and independent office established by this
Constitution;
p
The accounts of the National Assembly, the Senate and the county assemblies;
The accounts of political parties funded from public funds;
The public debt; and
The accounts of any other entity that legislation requires the Auditor-General to
audit
5. The Auditor General may audit and report on the accounts of any entity that is funded
from public funds.
6. An audit report shall confirm whether or not public money has been applied lawfully
and in an effective way.
7. Audit reports shall be submitted to Parliament or the relevant county assembly.

8. Within three months after receiving an audit report, Parliament or the county assembly
shall debate and consider the report and take appropriate action.
THE ROLE OF INTERNAL AUDITING
Internal audit is an objective assurance and consulting activity that is independently

managed within an organization and guided by philosophy of adding value to improve
the operations of the organization.
It helps an organization accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management, control, and
governance processes. It achieves this by:
a) consultancy that aims to identify the obstacles which prevent the conduct of
normal course of processes, establishment of causes, the determination of
consequences, presenting solutions for their elimination;
b) facilitating understanding in order to obtain additional information for in-depth
knowledge of the operation of a standard or a normative provisions, necessary
for the personnel carrying out their implementation;
c) Training and professional development to provide theoretical and practical
knowledge by organizing courses and seminars on financial management, risk
management and internal control.
Internal auditing may analyze strengths and weaknesses of an organization's internal
control, considering its governance, organizational culture, and related threats and
opportunities for improvement which can affect whether the organization is able to
achieve its goals. The analysis assesses whether risk management identifies the risks
and puts controls in place to manage public funds in an effective and efficient manner
Internal auditing works with those charged with governance, 1 such as board, audit
committee, senior management or, where appropriate, an external oversight body, in
ensuring that appropriate systems of internal control are designed and implemented. As
such, internal auditing can provide assistance regarding accomplishment of goals and
objectives, strengthening controls, and improving the efficiency and effectiveness of
operations and compliance with authorities. It is important to clarify that while internal
auditing can provide ' assistance on internal control, it should not perform management
or operational duties.
The internal audit‘s role is to contribute to the proper end efficient management of
public funds. The internal auditor has to inform the public entity's management with
respect to any evidence of fraud found during the course of an audit missions
The internal auditor has a large degree of involvement and fairness, he solves problems
and improves performances, helps the entity function properly and achieve
performances, following the possible problems in the future, and he offers the entity a
state of safety and comfort.
RELATIONSHIP BETWEEN EXTERNAL AND INTERNAL AUDITORS IN THE

PUBLIC SECTOR
Oversight
Auditors assist decision-makers in exercising oversight by evaluating whether public sector
entities are doing what they are supposed to do, spending funds for the intended purpose, and
complying with laws and regulations. Audits focusing on oversight answer the questions, "Has
the policy been implemented as intended?" and "Are managers implementing effective controls
to minimize risks?" Auditing supports the governance structure by verifying agencies' and
programs' reports of financial and programmatic performance and by testing their adherence to
the organization's rules and aims. Moreover, oversight audits contribute to public accountability
by providing access to this performance information to stakeholders within and outside of the
organization under audit. Elected and appointed officials as well as public sector managers are
responsible for setting direction and defining organizational objectives. In addition, managers
have the duty to assess risks and establish effective controls to achieve objectives and avert
risks. In their oversight role, government auditors assess and report on the success of these
efforts.
Detection
Detection is intended to identify inappropriate, inefficient, illegal, fraudulent, or abusive sets
that have already transpired and to collect evidence to support decisions regarding criminal
prosecutions, disciplinary actions, or other remedies. Detection efforts can take many forms
including:
Audits or Investigations based on suspicious circumstances or complaints that include
specific procedures and tests to Identify fraudulent, wasteful or abusive activity.
Alternatively, red flags that appear during the course of an audit initiated for unrelated
reasons may result in added procedures to specifically identify acts of fraud, waste, or
abuse.
Audits such as payroll accounts payable, or information systems security audits, that
test an organization‘s disbursements and related internal control.
Audits requested by law enforcement officials that analyze and interpret complex
financial statements and transactions for use in investigating evidentiary cases against
perpetrators
Reviews of potential conflicts of interest during the development and implementation
of laws, rules, and procedures.
Deterrence
Deterrence is intended to identify and reduce the conditions that allow corruption. Auditors
seek to deter fraud, abuse, and other breaches of public trust by:
Assessing controls for existing or proposed functions
Assessing organizational or audit specific risks.
Reviewing proposed changes to existing laws, rules, and implementation procedures.
Renewing contracts for potential conflict of interest.

Insight
Auditors provide insight to assist decision-makers by assessing which programs and policies
are working and which are not, sharing best practices and benchmarking information, and
looking horizontally across public sector entities and vertically among the levels of the public
sector to find opportunities to borrow, adapt, or reengineer management practices. The audit
activity helps institutionalize organizational leaning by providing ongoing feedback to adjust
policies. Auditors conduct their work systematically and objectively to develop a detailed
understanding of operations and draw conclusions based on evidence. Therefore, audits can
provide an insightful description of problems, resources, roles, and responsibilities that,
combined with understanding of the root cause of the problem and useful recommendations,
can encourage stakeholder‘s to rethink solutions to problems, not only can the performance of
the specific program under audit be improved, but working through the issues brought to light
by a particular audit can enhance the capacity of the public sector and the public to deal with
similar problems. Audits focusing on insight contribute importantly to answering the broader
question, "Has the policy brought about the intended, results'?" Concurrently with, the
accountability function, audits contribute to improving the operations of the public sector.
Foresight
Auditors also help their organizations look forward by identifying trends and bringing attention
to emerging challenges before they become crises. The audit activity can highlight challenges to
come — such as from demographic trends, economic conditions, or changing security threats —
and identifying risks and opportunities arising from rapidly evolving science and technology,
the complexities of modern society, international events, and changes in the nature of the
economy. These issues often represent long-term risks that may far exceed the terms of office
for most elected or appointed officials, and can sometimes receive low priority for attention
where scarce resources drive more short-term focus on urgent concerns. Additionally, a
common audit approach — risk-based auditing — focuses the cuds: on the organization's:
overall risk management framework, which can help identify and deter unacceptable risks.
Through risk-based auditing, the audit activity provides useful and relevant information to the
organization or managing its risks.
INTERNATIONAL STANDARD ON SUPREME AUDITING INSTITUTIONS
The international Standards for Supreme Audit Institutions (ISSAIs) is a framework of

standards within INTOSAI (The international Organization of Supreme Audit institutions).
Benefits of implementing ISSAIs

The purpose of the ISSAIs is to support INTOSAI members by providing standards and
guidelines aimed to safeguard independent and effective auditing, furthermore, the ISSAIs are
intended to provide members with guidance in the development c: their professional standards
and methods on the basis of their specific mandate- The guidelines provide INTOSAI members
with a common language and approach in the areas of financial, compliance and performance
audit. Using 2 common frameworks of standards and guidance will allow
auditors to share experiences and benchmarks. It will also simplify cooperation in training and
implementation activities across borders. The standards also provide a framework against
which it is possible to measure SAI performance.
Quality
Carrying out audits in accordance with globally accepted standards will ensure a certain level
of quality and consistency m audits. All SAIs strive to earn the trust of citizens and
stakeholders alike. Applying internationally accepted standards in audits is one important step
in the direction of earning this trust. A high-quality standard will reduce auditor‘s risk. The
credibility of all audit organizations is built on the quality achieved in its audits. The use of
globally accepted standards will simplify benchmarking, regional quality assurance initiative
and peer reviews as well as the sharing of experiences in other ways. Using similar audit
methods in different countries can inspire organizations to continuous improvement.
Credibility
Using globally accepted standards will strengthen the credibility of both the audit organization
and its auditors, external stakeholders will gain increased confidence and trust in the work of
auditors using globally accepted standards. The results and conclusions of an audit conducted in
accordance with globally accepted standards can stand up to external scrutiny. The transparency
provided by using standards well-known to audited organizations and other stakeholders also
leads to increased credibility of the audit results
Professionalism
Standards form the basis for professionalization of auditors and audit organizations by
providing a structured process for the audit work. Common standards can improve
opportunities for exchange of professional views and experiences across national and sector
borders. Joint training activities and sharing experiences will be easier if auditors apply the
same set of professional standards. Globally I accepted standards also provide a common
language between public and private sector auditors in areas of similar responsibilities.
Applying globally accepted standards will strengthen the audit profession in general.
Considerations when implementing ISSAls

It is important to recognize that there may be challenges facing a SAI when implementing the
ISSAls. Those challenges will differ depending on the development level of the SAI, the
context in which it operates, the legal requirements, available resources including personnel,
technical resources and funding, and the ambitions of the office. Below you will find some
examples of such challenges, but it is very important for each office to make its own
assessment to be well prepared for the implementation process.

Auditing and Assurance-Pdf-1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Auditing and Assurance-Pdf-1

Uploaded by

Copyright:

Available Formats

CPA

CERTIFIED PUBLIC ACCOUNTANTS

AUDITING AND ASSURANCE

10.1 Assurance engagements

10.2 Nature and purpose of an audit

10.3 Legal framework and regulation

10.4 Planning and risk assessment

10.5 Overview of forensic accounting

10.6 Internal control systems

www.masomomsingi.co.ke Contact: 0728 776 317 Page 2

10.7 Audit evidence

10.8 Overall audit review

10.9 Audit reports

10.10 Auditing in the Public Sector

10.11 Emerging issues and trends

www.masomomsingi.co.ke Contact: 0728 776 317 Page 3

Revised on: November 2019

www.masomomsingi.co.ke Contact: 0728 776 317 Page 4

DEFINITION AND OBJECTIVES

www.masomomsingi.co.ke Contact: 0728 776 317 Page 5

Objectives of the Practitioner

In all cases when .reasonable assurance or limited assurance, as appropriate, cannot be

If an engagement lacks the five elements of assurance engagements, it is considered non-

Elements of Assurance Engagements

1. A three-party relationship involving a practitioner, a responsible party, and intended

5. A written assurance report in the form appropriate to a reasonable assurance

Appropriate Subject Matter

Financial performance or conditions

An appropriate subject matter is

Identifiable and capable of consistent evaluation or measurement against the identified

Sufficient Appropriate Evidence

Sufficiency is the measure of the quantity of evidence

  Obtain from independent source outside the entity

The following are the characteristics of a criteria to be considered suitable:

Reliability – allows reasonably consistent evaluation or measurement of the subject

TYPES OF ASSURANCE ENGAGEMENTS

Importance of Assurance Engagements

1. Potential bias in providing information

Limitations of Assurance Engagements

1. Use of selective testing (sampling)

LEVELS OF ASSURANCE` AND REPORTS

Can the practitioner’s conclusion be worded in terms of:

www.masomomsingi.co.ke Contact: 0728 776 317 Page 9

 In a reasonable assurance engagement, the practitioner's conclusion is expressed in the

www.masomomsingi.co.ke Contact: 0728 776 317 Page 10

i. The practitioner's conclusion is worded in terms of a statement made by the

www.masomomsingi.co.ke Contact: 0728 776 317 Page 11

NATURE AND PURPOSE OF AN AUDIT

NATURE AND OBJECTIVES

www.masomomsingi.co.ke Contact: 0728 776 317 Page 12

Scope of-the Audit

i) Preliminary Engagement Activities

iv) Review and Completion

AUDIT AS AN ASSURANCE ENGAGEMENT

Audit is one form of assurance

www.masomomsingi.co.ke Contact: 0728 776 317 Page 15

DEVELOPMENT OF AUDIT (EARLY AUDIT AND MODERN AUDIT)

The evolution of auditing practices

www.masomomsingi.co.ke Contact: 0728 776 317 Page 17

TYPES OF AUDITS AND LIMITATIONS

• Audits can be classified into two broadways.

Other types of audits

Management audits -These involve investigation of the company‘s entire management to