Professional Documents
Culture Documents
PART II
SECTION 4
STUDY TEXT
AUDITING AND ASSURANCE
CONTENT
CONTENT
TOPIC PAGE
1. Assurance engagements………………………………………………………………..5
2. Nature and purpose of an audit………………………………………………………12
3. Legal framework and regulation………………………………………………….….31
4. Planning and risk assessment…………………………………………………………66
5. Overview of forensic accounting…………………………………………………….113
6. Internal control systems…………………………………………………….…….…..125
7. Audit evidence……………………………………………………………….….……..139
8. Overall audit review……………………………………………………….………….193
9. Audit reports…………………………………………………………….….…………211
10. Auditing in the Public Sector………………………………………………...….…..224
TOPIC 1
ASSURANCE ENGAGEMENTS
Audit engagement refers to audit performed by an auditor. It is the very first stage of an audit
procedure where the client is notified by the auditor that the work pertaining to audit has been
accepted by him/her and also provides clarifications with regard to the scope and purpose of
audit. To be more specific, audit engagement can be referred to the written letter that the auditor
uses to notify the client that he/she would be engaging in auditing services. Thus, the audit
engagement procedure is basically a negotiation based on professional terms that takes place
between prospective customer and a public accounting entity. This procedure is used for finding
new customers and offer accounting related services to different businesses.
The auditor uses the term ‗audit engagement‘ when the entity has to undergo the auditing
procedure. This could imply varied things and therefore it is necessary that the auditor clarifies
what she/he exactly means by the term. Irrespective of the definition followed by the auditor,
he/she makes it a point to follow certain specific guidelines and procedure for offering the
services.
Full Engagement
Audit engagement consists of several steps that basically revolve around planning,
substantiation, control testing and finalization. The very first step involves providing a letter to
the client reminding him about the audit. Once the client has been contacts, both the auditor and
client meet with each other to determine how, why and when the auditing would take place. In
addition to this, the client also needs to provide the auditor with relevant resources for
conducting the procedure smoothly. Following this, the auditor carries out surveys to find out
more about the organization and its controls. This is followed by testing of controls and
garnering of as much detail and information as is possible. On the basis of the results and
information, the auditor prepares a temporary draft and shares the same with client. Once the
client has gone through the draft report, he responds to the recommendations and findings made
in it. After this, the auditor prepares a final audit report and may also request the client to fill a
survey form to better understand his/her performance. The audit is completed after a follow up
meeting with client, which usually happens within 6 months.
NON-ASSURANCE ENGAGEMENTS
Non-assurance Engagements
1. Agreed-upon procedures
2. Compilations engagements
3. Preparation of Income tax returns where no conclusion conveying assurance is
expressed
4. Management advisory services and Consulting
5. Engagement that includes rendering of professional opinions not intended to be an
assurance report
There are five elements that must all be present in order to qualify the engagement as an
assurance engagement.
The subject matter and the subject matter information of an assurance engagement can take
many forms, such as:
Suitable Criteria
1. As to level of assurance:
i. Reasonable Assurance – the objective is a reduction in assurance engagement
risk to an acceptably low level as the basis for a positive form of expression of a
practitioner‘s conclusion. (e.g., audit of historical financial statements)
ii. Limited Assurance – the objective is a reduction in assurance engagement risk
to a level that is acceptable in the circumstances of the engagement, but where
the risk is greater that for a reasonable assurance engagement, as the basis for a
negative form of expression of the practitioner‘s conclusion. (e.g., review of
historical financial statements
2. As to structure of engagement:
i. Assertion-based – the evaluation or measurement of the subject matter is
performed by the responsible party, and the subject matter information is in the
form of assertion to the intended users.
ii. Direct Reporting – the practitioner either directly performs the evaluation or
measurement of the subject matter, or obtains a representation from the
responsible party that has performed the evaluation or measurement that is not
available to intended users. The subject matter information is provided to the
intended users in the assurance report.
REPORTS
The practitioner forms a conclusion on the basis of the evidence obtained, and provides a
written report containing a clear expression of that conclusion that conveys the assurance
obtained about the subject matter information.
Assurance Standards establish basic elements for assurance reports.
In an attestation engagement, the practitioner's conclusion can be worded either:
a. in terms of a statement made by the measurer or evaluator, that is, the party responsible
for measuring or evaluating the underlying subject matter (for example: — In our
opinion the responsible party's statement that internal control is effective, in all material
respects, based on XYZ criteria, is fairly statedil); or
b. In terms of the underlying subject matter and the criteria (for example: —In our
opinion internal control is effective, in all material respects, based on XYZ criteriall).
In a direct engagement, the practitioner's conclusion is worded as for (b) above, that is
in terms of the underlying subject matter and the criteria.
TOPIC 2
Definition of an Audit:
An audit is the independent examination of an expression of an opinion on the financial
statements of an economic entity by appointed auditor in pursuance of that appointment and in
compliance with any relevant statutory obligation
The objective of an audit is to enable the auditor express an opinion whether financial
statements show a true and fair view of the company state of affairs in accordance with an
identified financial reporting framework.
The purpose of an audit is not to provide additional information but rather it is intended to
provide the users of the accounts with assurance that the information provided to then by
directors is reliable. However, the users should not assume the auditor‘s opinion is one to
efficiency with which management has conducted the affairs of the entity.
Financial statement: According to the Companies Act, the company accounts refers to the
balance sheet and the profit and loss account but due to development in business practice and
shareholders information needs, these are inadequate as to the information regarding financial
position and performance of the company. Since most balance sheets and profit and loss
accounts are summarized statements amplified by notes to the statements, the business
community and the accountancy profession require that a cash flow statement as well as a
statement of changes in equity be prepared. The terms company accounts and financial
statements have the same meaning.
Financial Reporting framework: According to International Auditing Standards (ISA 200, the
framework of international standards of auditing), financial statements are usually prepared
and presented annually and are directed at common informational needs of a wide range of
users.
Many of the users rely on the financial statements as their major source of additional
information to meet their specific information needs. Therefore financial statements need to be
prepared in accordance with one or combination of:
International Financial Reporting Standards (IFRS)or IASs
National accounting standards
Any other authoritative and comprehensive financial reporting framework designed for
use in financial reporting and is identified in the financial statements. In Kenya the
financial reporting framework adopted is as prescribed by IFRS.
The auditor's opinion on the financial statements deals with whether the financial
statements are prepared, in all material respects, in accordance with the applicable
financial reporting framework: Such an opinion is common to all audits of financial
statements.
The auditor's opinion therefore does not assure, for example, the future viability of the
entity nor the efficiency or effectiveness with which management has conducted the
affairs of the entity. In some jurisdictions, however, applicable law or regulation may
require auditors to provide opinions on other-specific matters, such as the effectiveness of
internal control, or the consistency of a separate management report with the financial
statements.
While the ISAs include requirements and guidance_ in relation to such matters to the
extent that they are relevant to forming an opinion on the financial statements, the
auditor would be required to undertake further work if the auditor had additional
responsibilities to provide such opinions.
STAGES OF AN AUDIT
The suggested audit approach is designed to gather sufficient and reliable evidence to support
the audit opinion in the most efficient and effective way and to enable the engagement team to
fully understand the client's business. There is no difference between an audit of a large and a
small entity except that the procedures adopted may differ depending on the particular
circumstances of each audit
i. Preliminary Engagement Activities
ii. Planning
iii. Execution
iv. Review and Completion
Planning is an essential component in focusing the audit efforts. The key components of
Identifying the scope of the assignment
Developing an audit strategy taking into consideration the scope of the engagement; the
business and the regulatory environment in which the entity operates; entity specific issues
including reliance on the work of internal audit; reporting objectives, timing of the audit and
the nature of communication required; matters affecting the direction of the audit including
www.masomomsingi.co.ke Contact: 0728 776 317 Page 13
AUDITING AND ASSURANCE
preliminary setting of materiality levels, preliminary review of risk including fraud risk,
preliminary review of internal control including the control environment, the process adopted
by the entity to identify, measure, monitor and control risks.
- Developing, based on the above, the overall audit plan detailing the nature, timing and
extent of the audit procedures to be performed in order to reduce the audit risk to an
acceptably low level; the nature of tests to be adopted; procedures to be adopted at the
assertion level; and tailoring the audit programmes.
- Ascertaining the nature and the extent of the resources required to perform the audit.
iii) Execution
- The key components of the execution stage are:
- Carrying out the test of controls and substantive tests on transactions and balances
including substantive analytical procedures to obtain sufficient and appropriate audit
evidence to enable the engagement team to draw reasonable conclusions on which to
base the audit opinion.
- Evaluating significant assumptions used in fair value measurement to determine the
reasonableness of the basis used and the disclosures.
- Identification of related parties and obtaining sufficient and appropriate audit evidence
in respect of measurement and disclosure of related party transactions.
- Documenting the nature, timing and extent of the audit procedures performed and the
results and conclusions drawn from the audit evidence obtained
While pre-printed forms and programmes are available in the Manual, the extent and the
timing of the tests should be tailored to the specific assignment. Different tests and different
levels will be appropriate for each assignment. The control of the audit at this stage must be
maintained by a senior team member with the appropriate experience and expertise.
presentation and disclosure. In the context of Kenya, this in most cases will be the
IFRS's.
- The engagement partner has reviewed the audit file and is satisfied that sufficient and
appropriate evidence has been obtained to support the conclusions derived and the audit
opinion to be issued. As much of the audit evidence obtained is persuasive rather than
conclusive, absolute certainty is rarely obtainable and .therefore the engagement partner
should ensure that the audit risk is reduced to the lowest level possible.
- Where applicable, sufficient and appropriate procedures have been performed to identify
subsequent events tip to the date of the audit report and ensure that all items that require
adjustment or disclosure in the financial statements have been appropriately dealt with:
- Where appropriate, an engagement quality .control review has been undertaken and all
the issues arising from the review have been fully dealt with and cleared with the
reviewer.
- At the end of each audit, the engagement team is de-briefed, the audit objectives set out
for the assignment have been achieved and that the engagement team has gained
experience from the assignment which will enhance their personal development.
Though not covered by the terms of audit engagement, the engagement team may, as part of the
audit process carry out a business review of the key issues facing the entity and take a strategic
look at the business and at areas where the firm can add value to the entity. In providing other
value added services, the firm and in particular the engagement partner should be conscious of
the independence requirements of the code of ethics
It is often not possible to check things for yourself, whether quality, accuracy, performance or
existence.
You might not have the skills or the time, or you might be in the wrong location. Therefore
you must rely on someone else to give you assurance. This means you have to decide:
- What standards should be applied?
- What represents 'good', 'acceptable' or 'unacceptable?
- How much checking should be done? All checking and assurance has an associated cost
Prior to 1840
Generally, the early historical development of auditing is not well documented (Lee, 1994).
Auditing in the form of ancient checking activities was found in the ancient civilizations of
China, Egypt and Greece. The ancient checking activities found in Greece (around 350 B.C.)
appear to be closest to the present-day auditing.
Similar kinds of checking activities were also found in the ancient Exchequer of England.
When the Exchequer was established in England during the reign of Henry 1(1100-1135),
special audit officers were appointed to make sure that the state revenue and expenditure
transactions were properly accounted for. The person who was responsible for the
examinations of accounts was known as the "auditor". The aim of such examination was to
prevent fraudulent actions.
1840s-1920s
The practice of auditing did not become firmly established until the advent of the industrial
revolution during the period 1840s-1920s in the UK. According to Brown (1962), the large-
scale operations that resulted from the industrial revolutions drove the corporate form of
enterprise to the foreground. Large factories and machine-based production were established.
As a result, a vast amount of capital was needed to facilitate this huge amount of capital
expenditure. The emergence of a "middle class" during the industrial revolution period provided
the funds for the establishment of large industrial and commercial undertakings. However, the
share market during this period was unregulated and highly speculative. As a consequence, the
rate of financial failure was high and liability was not limited. Innocent investors were liable for
the debts of the business. In view of this environment, it was apparent
www.masomomsingi.co.ke Contact: 0728 776 317 Page 16
AUDITING AND ASSURANCE
that the growing number of small investors was in dire need of protection (Porter, et al, 2005).
Hence, the time was ripe for the profession of auditing to emerge (Brown, 1962). In response
to the socio-developments in the UK during this period, the Joint Stock Companies Act Was
passed in 1844. The Joint Stock Companies Act stipulated that "Directors shall cause the
Books of the Company to be balanced and a full and fair Balance Sheet to be made up". In
addition the Act provided the appointment of auditors to check the accounts of the company.
However, the annual presentation of the balance sheet to the shareholders and the
requirement of a statutory audit were only made compulsory in .1900 under the Companies
Act 1862 (UK).
According to Porter, et al (2005) the accountant particularly in the early years of this period, was
normally the company manager and his duties were to ensure proper use of the funds entrusted
to him. The auditors during this period were merely shareholders chosen by their fellow
members. The auditors during this period were required to perform complete checking of
transactions and the preparation of correct accounts and financial statements. Little attention was
paid to internal control of the company.
1920s-1960s
The growth of the US economy in the 1920s-1960s had caused a shift of auditing developthent
from the UK to the USA. In the years of recovery following the 1929 Wall Street Crash and
ensuing depression, investment in business entities grew rapidly. Meanwhile, the advancement
of the securities markets and credit-granting institutions had also facilitated the development of
the capital market in this period. As companies grew in size, the separation of the ownership and
management functions became more evident. Hence to ensure that funds continued to flow from
investors to companies, and the financial markets function smoothly, there was a need to
convince the participants in the financial markets that the company's financial statement
provided a true and fair portrayal of the relevant company's financial position and performance.
In view of the economic condition, the audit function was mainly to provide credibility to the
financial statements prepared by company managers for their shareholders. Consensus were
generally achieved that the primary objective of an audit function is adding credibility to the
financial statement rather than on the detection of fraud and errors.
The concept of materiality and sampling techniques were used in auditing during this period.
The development of material Concept and sampling technique was due to the voluminous
transactions involved in the conduct of business by. large corporations operating in.
widespread locations., It is no longer practical for auditors to verify all the transactions.
Consequently, sampling and the development of judgment of materiality were essential. The
major characteristics of the audit approach during this period included:
i. Reliance on internal control of the company and sampling techniques were used;
ii. Audit evidence was gathered through both internal and external source;
iii. Emphasis on the truth and fairness of financial statements;
iv. Gradually shifted to the audit of Profit and Loss Statement but Balance Sheet
remained important; and
v. Physical observation of external and other evidence outside the "book of account"
1960s to 1990s
The world economy continued to grow in the 1960s-1990s. This period marked an important
development in technological advancement and the size and complexity of the companies.
Auditors in the 1970s played an important role in enhancing the credibility of financial
information and furthering -the operations of an effective capital market. The duties of
auditors. among others, were to affirm the truthfulness of financial statements and to ensure
that financial statements were fairly presented.
Hence, the role of auditors with regard to the audit of financial statement generally remained
the same as per the previous period.
Despite the overall audit objectives remaining similar, auditing had undergone some critical
developments in this period. In the earlier part of this period, a change in audit approach can be
observed from "verifying transaction in the books" to "relying on system". Such a change was
due to the increase in the number of transactions which resulted from the continued growth in
size and complexity companies where it is unlike for auditors to play the role of verifying
transactions. As a result, auditors in this period had placed much higher reliance on companies'
internal control in their audit procedures. Furthermore, auditors were required to ascertain and
document the accounting system with particular consideration to information flows and
identification of internal controls. When internal control of the company was effective, auditors
reduced the level of detailed substance testing. In the early 1980 there was a readjustment in
auditors' approaches where the assessment of internal control systems was found to be an
expensive process and so auditors began to cut back their systems work and make greater use of
analytical procedures. An extension of this was the development during the mid-1980s of risk-
based auditing. Risk-based auditing is an audit approach where an auditor will focus on those
areas which are more likely to contain errors. To adopt the use of risk-based auditing, auditors
are required to gain a thorough understanding of their audit clients in term of the organization,
key personnel, policies, and their industries. Hence, the use of risk-based auditing had placed
strong emphasis on examining audit evidence derived from a wide variety of sources, i.e. both
internal and external information for the audit client. Most of the companies in this period had
introduced computer systems to process their financial and other data, and to perform, monitor
and control many of their operational and administrative processes. Similarly, auditors placed
heavy reliance on the advanced computing auditing tool to facilitate their audit procedures. In
addition to the auditing of financial statement, auditors at the same time were providing advisory
services to the audit clients.
1990s-present
The auditing profession witnessed substantial and rapid change since 1990s as a result of the
accelerating growth at the world economies. It can be observed that auditing in the present day
has expanded beyond the basic financial statement attest function. Present-day auditing has
developed into new processes that build on a business risk perspective of their clients. The
business risk approach rests on the notion that a broad range of the client's business risks are
relevant to the audit. Advocates of the business risk approach opined that many business risks,
if not controlled, will eventually affect the financial statement. Furthermore by understanding
the full range of risks in businesses, the auditor will be in a better position to identify matters of
significance and relevance to the audit profession on a timely basis. Since the early 1990s, the
audit profession began to take increased responsibility to detect and report fraud and to
www.masomomsingi.co.ke Contact: 0728 776 317 Page 18
AUDITING AND ASSURANCE
assess, and report more explicitly, doubts about an auditee's ability to continue in conformance
with society's and regulators' increasing concern about corporate governance matters. Adoption
of the business risk approach in turn enhances auditor's ability to fulfill these responsibilities.
Presently, the ultimate objective of auditing is to lend credibility to financial and non-financial
information provided by management in annual reports; however, audit firms have been largely
providing consultancy services to businesses
Although the overall audit objectives in the present period remained the same, i.e. lending
credibility to the financial statement, critical changes have been made to the audit practice as a
result of the extensive 'reform in various countries. Such reform has implicated the auditing
profession in the following ways:.
i. The role of auditors is expected to Converge: refocusing on the public interest,
redefining -audit relationship, ensuring integrity of financial reports, separation of non-
audit function and other advisory services;
ii. The audit methods revert to basics i.e. risk attention, fraud awareness, objectivity and
independence, and.
iii. Increase attention on the needs of financial statement users"
Statutory audits
These are carried out as per the requirements of various statutes e.g. Companies Act Cap 486
requires that all public limited companies to have their financial statements subjected to an
independent audit. The objective of the audit is to enable the auditor express an opinion
whether the financial statements have a true and fair view of the company‘s state of affairs.
The rights and duties of the auditor are laid down in the relevant statute. The powers of
appointment of the auditors are vested on the shoulders.
Private audits
These are not governed by statutes. They are performed by independent auditors because the
owners, members or interested parties require them carried out. Private audits are carried out for
organizations such as non governmental organizations, partnerships and clubs and among
others. Appointment of auditors is carried out as a private contract between the auditor and the
relevant shareholder. The scope and objective of the work as well as rights and duties of the
auditor are determined by the agreed terms between the auditor and the client. The auditor is not
liable to third parties.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 19
AUDITING AND ASSURANCE
According to approach of the work to be done, audits can be continuous, interim or final.
Continuous audits
This is an approach whereby an audit is carried out throughout the financial period usually at
predetermined intervals. This approach is ideal for large organizations with tight reporting
deadlines e.g. multinational banks. The approach ensures accounts are kept up to date, errors
and frauds are discovered in early stages and better audit reports are developed since more
time is taken.
However, this approach is expensive considering amount of time taken, has frequent
interruptions of client work and auditors‟ independence may be affected by their continuous
presence at clients premises.
Interim audits
This is an audit carried out halfway through the financial period. It usually precedes the final
audit and is a preparation for the final audit. It is ideal for dynamic businesses, cheaper
compared to continuous audits and enhances keeping of up to date records.
Final audits
These are usually done at the end of the year as either a continuation of the interim audit for
large and medium size companies or as a single audit for small companies at end of financial
period.
Procedural audits - These require examination of procedures or records for reliability and
accuracy. They usually relate to company‘s internal control systems, laid down guidelines and
procedures and records of the company.
Balance sheet audits - This tests the strength of internal control system by working
backwards to get the initial transactions using assertion methodology.
Internal Audit
Management upon realizing the advantages of an audit have established within the company
„an independent activity to examine and evaluate the organizations risk management process
and systems of control and to make recommendations for the achievement of the company‘s
objective‟ . This activity is called internal auditing. The duties of internal audit personnel are:
The focus of internal auditing is adding value to an organization through improvement in risk
control.
In 1999, the institute of internal auditors (IIA) defined internal auditing as „an independent
objective assurance and consulting activity designed to add value and improve an
organization‘s operations, help it achieve its objective and improve the effectiveness of risk
management, control and governance process.
Legal basis Internal auditing is not a legal requirement It is a legal requirement for
but corporate governance advises and limited liability companies and
recommends that a company should have an public bodies to have their
internal audit department. accounts audited.
Scope It covers all areas of organization i.e. It has a purely financial focus.
operational as well as financial.
Approach It is increasingly risk based. The approach is Its increasingly risk based as it
to assess risks, evaluate systems of control only tests underlying
and test operation of the systems and finally transactions that form having
make recommendations for improvement. of financial statements.
This depends on the size and structure of the entity and the responsibility assigned to it by
management. Ordinarily these would include:
Review of accounting internal control systems. The management is responsible for
establishing internal control system. The system requires proper attention and
continuous review, a function usually assigned to internal audit. Internal Audit function
designs a plan on areas and control procedures that will be reviewed during the financial
year.
Carrying out examination of financial and operational information. This may include
detailed testing of transactions and operation procedures.
Review of the economic efficiency and effectiveness of operations including non
financial controls of the entity.
Review of company‘s compliance with external laws and regulation. The internal audit
functions checks whether procedure are in place to ensure that all relevant laws and
regulations are adhered to.
Review of entity‘s compliance with management policies and other internal
requirements.
Carrying out independent investigations into company affairs as required by
management e.g. investigation areas of suspected fraud or misuse of company‘s
resources.
Before deciding on whether to rely on work of internal audit function with the intention of
reducing audit procedures, the external auditor should evaluate the internal audit function to
determine the scope of the function its independence and the extent to which its work can be
relied on. In evaluating internal audit function, the external auditor considers the following
factors:
Organization status. Since internal audit function is part of the entity, it cannot be totally
independent. To aid in its independence, the internal audit function should report to the
highest level of management. The internal auditor should also be free from duties such as
accounting functions which may bring about conflict of interest. The internal auditor
should not have any restrictions upon him or her from management which could impair
effectiveness of doing his or her work.
Scope of the function. The external auditor should ascertain the nature and depth of
coverage of internal audit assignments. Also to be considered are the management
actions on the recommendations of internal auditor. In case the management does not
follow up on the recommendations, the external auditor must reduce his reliance on
work of internal audit function as this means it is weak.
Technical competence. The external auditor should assess the competence experience,
qualifications, technical training and proficiency of the staff members in the internal
audit function.
Due professional care. The external auditor should ascertain whether due professional
care has been observed in doing the work of the internal audit function e.g. whether
there were work plans, supervision and documentation of audit evidence in executing
internal audit functions.
Availability of resources. The external auditor should consider whether the internal
audit function has adequate resources to enable it carry out its functions as expected
e.g. adequate staff and time.
ISA 320 discusses the concepts of risk and materiality. An audit risk is the risk that an auditor
may give an inappropriate opinion i.e. an opinion that contradicts the true nature of the financial
situation of the company. Materiality plays a role in each of the following two stages.
The international auditing and assurance standards board (IAASB) in its framework for
preparation and presentation of financial statement defines materiality as follows;
www.masomomsingi.co.ke Contact: 0728 776 317 Page 24
AUDITING AND ASSURANCE
„information is material if its omission or misstatement could influence the decision of users
taken on basis of the financial statements.‟ Therefore materiality provides a threshold or cut
off point rather than being a primary qualitative characteristic which information must have if
it is to be useful.
The auditor should plan sufficient audit procedures so that he or she has reasonable
expectation of detecting material misstatements in financial statements. Any immaterial item
will not affect the truth and fair view of the financial statement and thus can be ignored.
Auditors consider the following before appropriately testing whether an item is material or
not.
1. Qualitative aspects: these may include inadequate or inaccurate descriptions of an
accounting policy.
2. Cumulative effect of small amounts: small errors at a month end procedure could
individually be immaterial but continuous errors of this kind throughout the financial
year could be material.
3. Relatively of materiality. A figure of Kshs. 100,000 may be absolutely immaterial for a
large company but absolutely material for a small company. An amount must be
considered in relation to:
5. In evaluating the true and fair presentation of financial statement, the auditor should
assess whether the aggregate of uncorrected misstatements that have been identified in
the audit is material. The auditor should reconsider all uncorrected misstatements and
check whether this total is material.
Assertion Methodology
In preparing financial statements which show true and fair view of the company‘s financial
position and performance, the management explicitly or implicitly makes certain assertions.
These assertions are categorized as:
i. Existence
ii. Completeness
iii. Occurrence
iv. Rights & obligation
v. Measurement
vi. Valuation, presentation and disclosure.
vii. Classification
www.masomomsingi.co.ke Contact: 0728 776 317 Page 26
AUDITING AND ASSURANCE
viii. Cut-off
ix. Accuracy
x. Allocation
Existence
This is the assertion that an asset or liability exists at a given date. It is either true or not true
that an asset or liability reflected in the balance sheet was in existence at the balance sheet
date.
Occurrence
This is the assertion that a transaction or event took place which pertains to the entity during
the financial period or that a recorded event or transaction actually took place as recorded and
it is a valid transaction pertaining the entity. It is either the transaction took place as recorded
or not.
Completeness
This is the assertion that there are no unrecorded assets, liabilities, transactions or undisclosed
items. It would suggest 100% completion and accuracy however, this is impossible under
accrual basis of accounting. The users of the financial statements do not expect 100%
completeness in financial statements but completeness within a certain range such that they can
still make justifiable decisions. This assertion is therefore assessed for reasonableness as some
transactions may be excluded if they are not material.
Valuation
This is the assertion that an asset or liability is recorded at an appropriate carrying value. It is
the most crucial assertion of all the assertions. In arriving at appropriate carrying value of an
asset or liability, the management considers.
1. Overall valuation basis. The management must consider the entity as a whole and make
an assessment whether it is appropriate to apply the going concern assumption in
preparing the financial statements. The basis of preparing financial statement when
entity is going concern is radically different from preparing financial statement on basis
that the entity is not a going concern.
2. Suitable accounting policies. In determining carrying amount of an asset or liability
appropriate accounting policies must be followed. The accounting policies must be in
line with the generally accepted accounting principles (GAAPs), appropriate to the
circumstances of the entity, applied consistently, be in conformity with entity‘s industry
practices and be adequately disclosed.
3. Desirable qualitative characteristics. The suitable accounting policy adopted must be
applied after taking into consideration the qualitative characteristics of materiality,
prudence and substance over form. Since it may subjective whether an entity is a going
www.masomomsingi.co.ke Contact: 0728 776 317 Page 27
AUDITING AND ASSURANCE
concern or not, the accounting policy adopted can be subsequently subjective thus the
assertion of valuation can only be assessed for reasonableness.
Measurement
This is the assertion that a transaction or an event is recorded and proper amounts of revenue
and expense are allocated to the proper period for proper reporting purposes. Whether a
transaction brings into being an asset or liability, revenue or expense depends largely on the
capitalization policy of an entity i.e. the guidance as to what items are revenue items and
capital items.
The period in which a transaction took place may be influenced by management‘s desire to
reflect a given financial position. However, where revenue or expense of an item is spread
over more than one accounting period is called allocation rather than measurement and is a
component of valuation.
In conclusion, truth and fairness of financial statements can be assessed on these seven
assertions i.e. the financial statements will reflect a true and fair view of company‘s financial
position and performance if the seven assertions are used as guidelines in preparing the
financial statements.
Classification
Are transactions recorded in appropriate accounts?
Cut-off
Are transactions recorded in appropriate period?
Accuracy
Are the amounts disclosed in the financial statements appropriate?
Allocation
Are account balances included in appropriate accounts?
The annual accounts and report are primarily prepared by the directors to the shareholders.
However, the following parties need financial statements.
- Potential shareholders
- Trustees
- Suppliers Customers
4. Others
- Competitors
- Stock brokers
- Statisticians
- Financial journalists
- Trade unions.
Present and potential investors. These risk capital providers and their advisors are
concerned with the risk that is inherent in their investment. They need information to
help them determine whether they should buy more shares, hold on to the shares they
have or sell the shares they have.
Employees. These and their representative groups such as trade unions are interested
in information about the stability and profitability of their employers. They are also
interested in information which enable them assess the ability of the company to
provide adequate remuneration, retirement benefits and employment opportunities.
Lenders. These are interested in information that enables them determine whether their
loans and interests arising from the loans will be paid back when due.
Suppliers and other trade creditors. These users are interested in information that
enables them determine whether the amounts owing to them will be paid when due.
Their interest in the company is of shorter period than lenders while they are dependent
upon the continuation of the company as a major customer.
Customers. These have interest in information about the continuance of the company
especially when they have long term involvement and or are dependent as the company.
Government. The main interest of the government is allocation of resources. It also
requires information in order to regulate the activities of the enterprise, determine
taxation policies and obtain national income statistics.
Public. A company affects public in a variety of ways. A company may make
substantial contribution to the local economy by employing people and obtaining
supplies locally.
Financial statements assist the public in information on trends and recent developments
of the company in the economy.
TOPIC 3
STATUTORY REGULATIONS
Auditor’s liability
Auditors are potentially liable for both criminal and civil offences. The former occur when
individuals or organizations breach a government imposed law; in other words criminal law
governs relationships between entities and the state. Civil law, in contrast, deals with disputes
between individuals and/or organizations.
Civil liability
Companies Act Section 206 of the provides that officers of the company and for these purposes
auditors are considered as officers may be liable for financial damages in respect of the civil
offences of misfeasance and breach of trust. This section which is only relevant to winding up
refers to a situation where officers have misused their position of authority for the purposes of -
personal gain e.g. if the auditor uses information acquired in course of an engagement for his
financial gain or for benefit of another party.
Criminal liability
Companies Act Section 46 of the states that an auditor shall be criminally liable if he 'willfully
makes a materially false statement in any report, certificate, financial statement with an
intention to deceive or mislead etc. Willfully implies fraudulently and can be difficult to prove.
Whereby, it is held that where an officer of a body corporate with intent to deceive members or
creditors, publishes or concurs in publishing a written statement of account which to his
knowledge is or may be misleading, false or deceptive in a material particular he shall on
conviction be liable to imprisonment for a term not exceeding 7 years.
Auditors may uncover criminal offences committed by a client or an employee of the client.
This puts them in a difficult position, but the auditor should act carefully and correctly and if-
necessary„ take legal advice. The auditor must not commit a criminal offence himself. It is felt
that he would have committed a criminal offence if:
a) He advises his client to commit a criminal offence;
b) Aids the client in devising or examining a crime;
c) If he agrees with a client to conceal or destroy evidence or mislead the police with 'false
statements;
d) If he knows that his client has committed an arrest able offence and tries to impede his
arrest and prosecution. Impede does not include refusing to answer questions or
refusing to produce documents without the client's consent;
e) If he knows that his client has committed an offence. and agreed to accept consideration
to withhold information;
f) If he knows that the client has committed treason and fails to report the offence to the
proper authority.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 31
AUDITING AND ASSURANCE
Case history
The application of the law of tort in the auditing profession, and the way in which auditors
seek to limit their exposure to the ensuing liabilities, has been shaped by a number of recent
landmark cases. The most notable of these are Caparo Industries Plc (Caparo) v Dickman
(1990) and Royal Bank of Scotland (RBS) vs Bannerman Johnstone MacLay (Bannerman)
(2002).
In the first case Caparo pursued the firm Touche Ross (who later merged to form Deloitte &
Touche) following a series of share purchases of a company called Fidelity plc. Caparo alleges
that the purchase decisions were based upon inaccurate accounts that overvalued the company.
They also claimed that, as auditors of Fidelity, Touche Ross owed potential investors a duty of
care. The claim was unsuccessful; the House of Lords concluded that the accounts were
prepared for the existing shareholders as a class for the purposes of exercising their class rights
and that the auditor had no reasonable knowledge of the purpose that the accounts would be put
to by Caparo.
It was this case that provided the current guidance for when duty of care between an auditor
and a third party exists. Under the ruling this occurs when:
In the second case RBS alleged to have lost over £13m in unpaid overdraft facilities to insolvent
client APC Ltd. They claimed that Bannerman had been negligent in failing to detect a
fraudulent and material misstatement in the accounts of APC. The banking facility was provided
on the basis of receiving audited financial statements each year.
In contrast to Touche Ross, who had no knowledge of Caparo‘s intention to rely upon the
audited financial statements, Bannerman, through their audit of the banking facility letter of
APC, would have been aware of RBS‘s intention to use the audited accounts as a basis for
lending decisions. For this reason it was upheld that they owed RBS a duty of care. The judge
in the Bannerman case also, and crucially, concluded that the absence of any disclaimer of
liability to third parties was a significant contributing factor to the duty of care owed to them.
Decided legal cases have not been consistent on the issue of auditor's liability. Discussed
below are few, of the decided cases on auditors liability
Every company shall at each annual general meeting appoint an auditor or auditors to hold
office from the conclusion of that, until the conclusion of the next, annual general meeting.
At any annual general meeting a retiring auditor, however appointed, shall be deemed to be
reappointed without any resolution being passed unless —
a) he is not qualified for reappointment; or
b) a resolution has been passed at that meeting appointing somebody instead of him or
providing expressly that he shall not be reappointed; or
c) he has given the company notice in writing of his unwillingness to be reappointed:
Provided that where notice is given of an intended resolution to appoint some person or persons
in place of a retiring auditor, and by reason of the death, incapacity or disqualification of that
person or of all those persons, as the case may be, the resolution cannot be proceeded with, the
retiring auditor shall not be deemed to be automatically reappointed by virtue of this
subsection.
Where at an annual general meeting no auditors are appointed or are deemed to be
reappointed, the registrar may appoint a person to fill the vacancy.
The company shall, within seven days of the registrar's power becoming exercisable, give him
notice of that fact, and, if a company fails to give notice as required by this subsection, the
company and every officer of the company who is in default shall be liable to a default fine.
Subject as hereinafter provided, the first auditors of a company may be appointed by the
directors at any time before the first annual general meeting, and auditors so appointed shall
hold office until the conclusion of that meeting: Provided that—
i. the company may at a general meeting remove any such auditors and appoint in their
place any other persons who have been nominated for appointment by any member of
the company and of whose nomination notice has been given to the members of the
company not less than fourteen days before the date of the meeting; and
www.masomomsingi.co.ke Contact: 0728 776 317 Page 34
AUDITING AND ASSURANCE
ii. If the directors fail to exercise their powers under this subsection, the company in
general meeting may appoint the first auditors, and thereupon the said powers of the
directors shall cease.
The directors may fill any casual vacancy in the office of auditor, but while any such vacancy
continues the surviving or continuing auditor or auditors, if any, may act.
Remuneration
Provided that note (ii) above shall not apply in the case of a private company.
- References in this subsection to an officer or servant shall be construed_ as not
including references to an auditor.
- A person shall also not be qualified for appointment as auditor of a company if he is,
disqualified for appointment as auditor of any other body corporate which is that
company's subsidiary or-holding company-or a subsidiary of that company's_ holding
company, or would be so disqualified if the body corporate were a company.
- If any person who is not 'qualified so to act is appointed as auditor of a company such
person and the company and every officer in default shall each be liable to a fine not
exceeding four thousand shillings.
Auditors' report and right of access to books and to attend and be heard at general
meetings
- The auditors shall make a report to the members on the accounts examined by them,
and on every balance sheet, every profit and loss account and all group accounts laid
before the company in general meeting during their tenure of office.
- The auditors' report shall be read before the company in general meeting and shall be
open to inspection by any member.
- Every auditor of a company shall have a right of access at all times to the books and
accounts and vouchers of the company, and shall be entitled to require from the officers
of the company such information and explanation as he thinks necessary for the
performance of the duties of the auditors.
- The auditors of a company shall be entitled to attend any general meeting of the
company and to receive all notices of and other communications relating to any general
meeting which any member of the company is entitled to receive and to be heard at any
general meeting which they attend on any part of the business. of the meeting which
concerns them ,as auditors.
International Standards on Auditing (ISAs) are to be applied in the audit of historical financial
information.
ISAs are written in the context of an audit of financial statements by an independent auditor.
They are to be adapted as necessary in the circumstances when applied to audits of other
historical financial information.
Auditors must include in their report their opinion on whether the financial statements they
report on give a true and fair view. It is generally felt that in order for accounts to show a true
and fair view there must be compliance with the IAS. The auditor therefore must know and
understand the IAS / IFRS in detail.
Auditing students are also expected to know the IAS in detail because invariably, there will be
an examination question that requires this knowledge and students are advised to quote from the
IAS and state which of the IAS is relevant to their answer.
IASs are intended to be applied to all financial statements which show a true and fair view.
They set out the main assumptions underlying statements and they prescribe which accounting
policy should be used when more than one is possible.
They also specify disclosure requirements in many areas including the disclosure of
accounting policies. Again they are not intended to be a comprehensive code of rigid rules. It
is -recognized that such a code sufficiently elaborate to cater for all business situation and
circumstances and for every exceptional and marginal case is impossible.
Fundamental Principles
The IESBA Code of Ethics requires accountants to adhere to five fundamental principles
1. Integrity -- a professional accountant should be straight forward and holiest in
performing professional -services.
2. Objectivity— a professional accountant should not allow bias, conflict of interest or
undue influence of others to override professional or business judgments.
3. Professional Competence andllue Care—a professional accountant has a continuing
duty to maintain professional knowledge and skill at the level required to ensure that a
client or employer receives competent professional service based on current
developments. A professional accountant should act diligently and in accordance with
applicable technical and professional standards when providing professional services.
4. Confidentiality—A professional accountant should respect the confidentiality of
information acquired as a result of professional and business relationships and should not
disclose any such information to third parties without proper and specific authority unless
there is a legal or professional right or duty to disclose. Confidential information
acquired as a result of professional and business relationships should not be used for the
personal advantage of the professional accountant or third parties.
5. Professional Behavior—a professional accountant should comply with relevant laws
and regulations and should avoid any action that discredits the profession.
The IESBA Code serves as the foundation for codes of ethics developed and enforced by
member bodies. No member body of IFAC or firm issuing reports in accordance with
International Auditing and Assurance Standards is allowed to apply less stringent standards
than those stated in the IESBA Code
Accountant's pronouncements
• Research and consultation —A project task force is ordinarily established with the
responsibility to develop a draft standard or interpretation. The task force develops its
positions based on appropriate research and consultation.
• Transparent debate —A proposed standard or interpretation is presented as an agenda
paper for discussion and debate at an International Ethics Standards Board for
Accountants meeting, which is open to the public.
• Exposure for public comment—Exposure drafts are placed on the International Ethics
Standards Board for Accountants' website and are widely distributed for public
comment. The exposure period is ordinarily' no shorter than 90 days.
• Consideration of comments received on exposure—the comments and suggestions
received as a result of exposure are considered at an International Ethics Standards
Board for Accountants meeting, which is open to the public, and the exposure draft is
revised as appropriate. If the changes made after exposure are viewed by the
International Ethics Standards Board for Accountants to be so substantive as to require
re-exposure, the document is reissued for further comment.
• Affirmative approval—Approval of exposure drafts, .re-exposure drafts, standards
and interpretations is made by the affirmative vote of at least two-thirds . of the
members Public Interest Oversight
• The Public Interest Oversight Board (PIOB) oversees the public interest activities
of IFAC. The objective of the PIOB is to increase confidence of investors and others
that such activities, including the setting of standards by the International Ethics
Standards Board for Accountants, are properly responsive to the public interest. PIOB
members are nominated by international institutions and regulatory bodies.
They also specify disclosure requirements in many areas including the disclosure of
accounting policies. Again they are not intended to be a comprehensive code of rigid rules. It
is recognized that such a code sufficiently elaborate to cater for all business situation and
circumstances and for every exceptional and marginal case is impossible.
ICPAK is run through a Council of I 1 members, of who 10 are elected and 1 appointed by the
Ministry of Finance. ICPAK also plays active roles in national life by contributing in the
following ways:
Public Finance Management- making recommendations to the Treasury on public
finance matters including taxation measures and improvement in expenditure
management.
Regulatory linkages working closely with regulators in various sectors to promote good
corporate governance with particular reference to the integrity of the audit process. As
part of this, ICPAK is represented in decision-making organs of various regulatory
institutions including the Capital Markets Authority.
Financial reporting and disclosure - ensuring that financial disclosure standards in Kenya
meet internationally recognized benchmarks. Among other things, ICPAK established the
Financial Reporting (FiRe) Award for excellence, an annual competition
www.masomomsingi.co.ke Contact: 0728 776 317 Page 40
AUDITING AND ASSURANCE
that showcases best practice disclosures among Kenyan companies. The FiRe Award
competition is presently promoted jointly with the Capital Markets Authority and the
Nairobi Stock Exchange. It is now the leading competition in Kenya in this regard.
A registered student is also expected to observe the ethical requirements of the Institute and
has the same right to consult the Institute as a member. He or she should still observe the
ethical requirements of the Institute during the period between successful completion of the
examinations and his or her admission to membership. This applies whether the student is an
associate or not.
Safeguards created by the profession, legislation or regulation include, but are not restricted
to:.
• Educational, training and experience requirements for entry into the profession.
• Continuing professional development requirements.
• Corporate governance regulations.
• Professional standards.
• Professional or regulatory monitoring and disciplinary procedures.
• Externally review by a legally empowered third party of the reports, returns,
communications or information ptodU6ed by a professional accountant.
Certain safeguards may increase the likelihood of identifying or deterring unethical behavior.
Such safeguards, which may be created by the accounting profession, legislation, regulation or
an employing organization, include, but are not restricted to:
www.masomomsingi.co.ke Contact: 0728 776 317 Page 42
AUDITING AND ASSURANCE
The nature of the safeguards to be applied will vary depending on the circumstances. In
exercising professional judgment, a professional accountant should consider what a reasonable
and informed third party, having knowledge of all relevant information, including the
significance of the threat and the safeguards applied, would conclude to be unacceptable.
Having considered these issues, a professional accountant should determine the appropriate
course of action that is consistent with the fundamental principles identified. The professional
accountant should also weigh the consequences of each possible course of action. If the matter
remains unresolved, the professional accountant should consult with other appropriate persons
within the firm" or employing organization for help in obtaining resolution.
Where a matter involves a conflict with, or within, an organization, a professional accountant
should also consider consulting with those charged with governance of the organization, such
as the board of directors or the audit committee.
It may be in the best interests of the professional accountant to document the substance of the
issue and details of any discussions held or decisions taken, concerning that issue.
If a significant conflict cannot be resolved, a professional accountant may wish to obtain
professional advice from the relevant professional body or legal advisors, and thereby obtain
guidance on ethical issues without breaching confidentiality. For example, a professional:
accountant may have encountered a fraud, the reporting of which could breach the professional
accountant's responsibility to respect confidentiality. The professional accountant should
consider obtaining legal advice to determine whether there is a requirement to report. lf, after
exhausting all relevant possibilities, the ethical conflict remains unresolved, a professional
accountant should, where possible, refuse to remain associated with the matter creating the
conflict: The professional accountant may determine that, in the circumstances, it is appropriate
to withdraw from the engagement team" or specific assignment, or to resign altogether from the
engagement, the firm or the employing organization.
FUNDAMENTAL PRINCIPLES
Integrity
The principle of integrity imposes an obligation on all professional accountants to be
straightforward and honest in professional and business relationships. A member must be aware
of his role in the society and maintain high standards of conduct should not satisfy what he
knows as untrue as true and should take caution not to mislead intentionally or unintentionally.
Integrity also implies fair dealing and truthfulness.
A professional accountant should not be associated with reports, returns, communications or
other information where they believe that the information:
i. Contains a materially false or misleading statement;
ii. Contains statements or information furnished recklessly; or
iii. Omits or obscures information required to be included where such omission or
obscurity would be misleading.
A professional accountant will not be considered to be in breach of matters associated with
reports, returns, communications or other information if the professional accountant provides a
modified report in respect of such matters.
Objectivity
A professional accountant should not allow bias, conflict of interest or undue influence of
others to override professional or business judgments.
A professional accountant • may be exposed to situations that may impair objectivity. It is
impracticable to define and prescribe all such situations. Relationships that bias or unduly
influence the professional judgment of the professional accountant should be avoided.
Confidentiality
The guide to professional ethics states that information acquired in the course of professional
work should not be disclosed except where consent has been acquired from the client, where
there's public duty to disclose or where there is legal or professional duty to disclose such
information. A member acquiring information in the course of professional work, should neither
use nor appear to use that information in his personal or third party advantages e g. if a member
is auditing a limited company and he realizes that the company has made a substantial increase
in profits, it would be unethical to advise a friend to buy the shares of this company in
anticipation of the expected increase in the share prices as a result of increase in profitability.
The principle of confidentiality imposes an obligation on professional accountants to refrain
from:
- Disclosing outside the firm or employing organization confidential information acquired
as a result of professional and business relationships without proper and specific
authority or unless there is a legal or professional right or duty to disclose; and
- Using confidential information acquired as a result of professional and business
relationships to their personal advantage or the advantage of third Parties.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 44
AUDITING AND ASSURANCE
Professional competence
Auditing is a structured process that:
a) Involves the application of analytical skills, professional Judgment and
professional skepticism: .
b) Is usually performed by a team of professionals directed with managerial skills:
c) Uses appropriate forms of technology and adheres to a methodology:
d) Complies with all relevant technical standards, such as International Standards on
Auditing (IAS), International Standards on Quality Control (ISQCs), International
Financial Reporting standards (IFRS), International Public Sector Accounting
Standards (IPSAS), and any applicable international or local equivalents: and
e) Complies with required standards of professional ethics.
Auditing is also an integral part of the evolving systems of accountability and responsibilities
within organizations and society worldwide. Although audits of historical financial information
may be mandated by regulation and laws, they may be required as a condition of borrowing, a
matter of contract or for other reasons. In addition organizations may voluntarily undertake
audits to evaluate the fairness of financial representations and assertions, or to provide a
credible report of the financial stewardship of their resources to their stakeholders. Entities
subject to audit operate with diverse organizational structures in public private and not-for-
profit sectors have to adapt to complex and changing environments. Within an audit assignment
many actor must be understood and evaluated appropriately including:
a) The entity and its environment:
b) The industry and regulatory and other external factors: and
c) The applicable financial reporting framework.
Globalization of business has dramatically increased the need for consistent and high-quality
financial reporting within countries and across borders. This directly affects both accounting
and auditing. Many stakeholders in today's global business environment expect compliance
with recognized international standards in accounting and auditing. Establishing
internationally accepted benchmarks for the competence of audit professionals; will help to
promote internationally accepted standards accounting and auditing
Capabilities: The professional knowledge; professional skills: and professional values, ethics
and attitudes required to demonstrate competence.
Capabilities are the attributes held by individuals that enable them to perform their roles,
whereas competence refers to the actual demonstration of performance. The possession of
capabilities gives an indication that an individual has the ability to perform competently in the
workplace. Capabilities include content knowledge: technical and functional skills: behavioral
skills: intellectual abilities (including professional judgment): and professional values, ethics
and attitudes. They are sometimes referred to, in other literature as competencies capacities,
abilities key skills, core skills, fundamental skills, and values, attitudes, distinguishing
www.masomomsingi.co.ke Contact: 0728 776 317 Page 46
AUDITING AND ASSURANCE
characteristics, pervasive qualities and individual attributes competence: Being able to perform a
work role to a defined standard, with reference to real working environments.
Explanation: Competence refers to the demonstrated ability to perform relevant roles or tasks
to the required standard. Whereas capability, refers to the attribute held by individuals that give
them the potential to perform. Competence may be assessed by a variety, of means including
workplace performance workplace simulation written and oral tests of various types and self-
assessment
Engagement partner is the partner or other person in the audit organization who is responsible
for the engagement and its performance and for the audit report that is issued on behalf of the
firm, and who, where required, has the appropriate authority from a professional, legal or
regulatory body,
Audit professional is a professional accountant who has responsibility or has been delegated
responsibility for significant judgments in all audit of historical financial information.
The engagement partner retains overall responsibility for the audit. The definition of audit
professional does not apply to experts undertake specific tasks within an audit (e.g., taxation,
information technology or valuation experts).
IFAC recognizes that each member body needs, to determine not only how best to comply
with this IES but also hat emphasis to place on the various parts of the education and
development process
In addition to acquiring the necessary knowledge e and skill, professional accountants will have
to be assessed to demonstrate the capabilities and competence needed to take on responsibility
for significant judgment in an audit of historical financial information. The IAESB recognizes
that when assessing capabilities measuring output is likely to be superior to measuring inputs.
Output-based approaches concentrate on me assuming the development and maintenance of
competence actually achieved through learning rather than measuring the various learning
activities.
Audit professionals will need further development to progress through supervisory and
managerial roles to acting as-the engagement partner.
All professional accountants are obliged to engage ill lifelong learning to keep up-to-date on
developments influencing the profession and the quality of the services they provide.
Knowledge Content
The appropriate level of education and learning of the intellectual and personal skills
necessary to become an audit-professional is generally found ill it combination of
undergraduate degree and professional education programs.
Where a member body does not require an undergraduate degree, the member body needs to
be able to demonstrate that the intellectual and personal skill; have been developed to the
required level in other ways.
The knowledge content within the education and development program for audit professionals
should include the following subject areas:
a) audit of historical financial information at an advanced level
b) financial accounting and reporting at an advanced level
c) information technology
www.masomomsingi.co.ke Contact: 0728 776 317 Page 48
AUDITING AND ASSURANCE
Audit professionals are expected to have sufficient knowledge of cut-rent developments in the
field of audit of historical financial information to respond to issues in the business
environment. It is important therefore, that education and continuing development programs for
audit professionals include coverage of relevant current issues and developments.
The knowledge content of the audit of historical financial information subject area should
include the following at an advanced level:
a) best practices in the audits of historical financial information including relevant current
issues and developments: and
b) International Standards on Auditing (ISAs) and International Auditing Practice
Statements (IAPSs): and/or
c) Any other applicable standards or laws.
In addition to the knowledge listed above, audit professionals may also require. knowledge of
international Standards Quality Control (ISQCs), International Standards on Review
Engagements (ISRE,) International Standard, on Assurance Engagements (ISREs).
International Standards on Related Services (ISRSs), or local equivalents of these.
The knowledge content of the financial accounting and reporting subject area should include
the following:
a. Financial accounting and reporting processes and practices, including relevant
current issues and developments: and
b. International Financial Reporting Standard s (IFRSs): and/or
c. Any other applicable standards or laws
If an audit client is required to prepare financial reports in accordance with standards specific
to the public sector, statements will include International Public Sector Accounting Standards
(IPSAS) and any applicable international national and or local equivalents of these.
The knowledge content of the information technology subject area should include the
following:
a) Information technology systems for financial accounting and reporting including
relevant current issues and developments: and
b) Frameworks for evaluating controls, and assessing risks in accounting and reporting
system as - appropriate for the audit of historical financial information.
Professional skills
The skill requirement within the education and development program for audit professionals
should include:
a) Applying the following g professional skills in all audit environments:
a) identifying and solving problems:
b) undertaking appropriate technical research:
c) working in teams effectively:
d) gathering and evaluating evidence:
e) Presenting discussing and defending views effectively through formal, informal
written and spoken communication': and
b) Developing the following professional skills at an advanced in an audit environment:
i. applying relevant audit standards and guidance:
www.masomomsingi.co.ke Contact: 0728 776 317 Page 49
AUDITING AND ASSURANCE
Practical Experience
Professional accountants should complete a period of relevant practical experience before
taking on the role of an audit professional. This period should be long enough and intensive
enough to permit them to demonstrate that they have acquired the necessary professional
www.masomomsingi.co.ke Contact: 0728 776 317 Page 50
AUDITING AND ASSURANCE
knowledge: professional skills: and professional values, ethics and attitudes. A substantial
proportion of the period of practical experience should be in the area of audit of historical
financial information.
Practical Experience Requirements sets out the practical experience requirements for all
professional accountants, Professional accountant assuming the role of an audit professional
are also required to demonstrate application of the knowledge and skills specifically required
by this section of IES S, and in an audit environment in accordance with the professional
values, ethics and attitudes
Practical experience that contributes to the competence of an audit professional need: to be
relevant to the type and size of audit assignments audit professionals are, or are likely to be,
involved in the period of experience should permit them to:
a) apply, in a properly supervised environment, the requisite knowledge e and skills: and
b) develop and demonstrate the competence required
The period of practical experience relevant to an audit professional may come during or after
qualification as a professional accountant.
A period of practical experience relevant to an audit professional would normally be not less
than three years, of which at least two year should normally be spent in the area of audit of
historical financial information under the guidance of an engagement partner. Where a
member body does not require the completion of this minimum period of experience the
member body need to be able to demonstrate that the application of the knowledge and skill,
required has been achieved in an audit environment and has resulted in candidate, developing
the necessary competence and capability to apply professional judgment in the audit
assignment.
The required audit experience should be obtained with an organization that can provide
suitable audit experience under the guidance of engagement partner.
Due Care: diligence which a person would exercise under a given set of circumstances.
Due Professional Care: diligence which a person, who possesses a special skill, would
exercise under a given set of circumstances. The standard of "due care" is that level of
diligence which a prudent and competent person would exercise under a given set of
circumstances.
"Due professional care" applies to an individual who professes to exercise a special skill such
as information systems auditing. Due professional care requires the individual to exercise that
skill to a level commonly possessed by practitioners of that speciality.
Due professional care applies to the exercise of professional judgment in the conduct of work
performed. Due professional care implies that the professional approaches matters requiring
professional judgment with proper diligence. Despite the exercise of due professional care and
professional judgment, situations may nonetheless arise where an incorrect conclusion may be
drawn from a diligent review of the available facts and circumstances.
Therefore, the subsequent discovery of incorrect conclusions does not, in and of itself, indicate
inadequate professional judgment or lack of diligence on the part of the Auditor.
'Due professional care should extend to every aspect of the audit, including the evaluation of
audit risk, the formulation of audit objectives, the establishment of the audit scope,
the.selection of audit tests, and the evaluation of test results. In doing this, the Auditor should
determine or evaluate:
www.masomomsingi.co.ke Contact: 0728 776 317 Page 52
AUDITING AND ASSURANCE
- The type and level of audit resources required to meet the audit objectives
- The significance of identified risks and the potential effect of such risks on the audit
- The audit evidence gathered
- The competence, integrity, and conclusions of others upon whose work the Auditor
places reliance
The intended recipients of the audit reports have an appropriate expectation that the Auditor has
exercised due professional care throughout the course of the audit. The Auditor should not
accept an assignment unless adequate skills, knowledge, and other resources are available to
complete the work in a manner expected of a professional.
The Auditor should conduct the audit with diligence while adhering to professional standards.
The Auditor should disclose the circumstances of any non-compliance with professional
standards in a manner consistent with the communication of the audit results.
INDEPENDENCE OF OPINION
Independence Comprises:
a. Independence of mind—the state of mind that permits the provision of an opinion
without being affected by influences that compromise professional judgment, allowing
an individual to act with integrity, and exercise objectivity and professional skepticism.
Principles of independence:
• An auditor may not have a mutual or conflicting interest with the client
• An auditor may not audit his own firm's work
• An auditor may not function as management or as an employee of the audit client
• An auditor may not act as an advocate for the audit client
To ensure both independence and the appearance of independence, rules have been set out in
the professional bodies' ethical codes.
Included in the codes are the following matters which impair independence.
• Undue dependence on an audit client as a proportion of fee income
www.masomomsingi.co.ke Contact: 0728 776 317 Page 53
AUDITING AND ASSURANCE
Integrity
The principle of integrity imposes an obligation on all professional accountants to be
straightforward and honest in professional and business relationships. Integrity also implies
fair dealing and truthfulness.
A professional accountant should not be associated with reports, returns, communications or
other information where they believe that the information: Contains a materially false or
misleading statement;
a) Contains statements or information furnished recklessly; or
b) Omits or obscures information required to be included where such omission or
obscurity would be misleading.
A professional accountant will not be considered to be in breath of matters associated with
reports, returns, communications or other information if the professional accountant provides a
modified report in respect of a matter such matters.
Objectivity
Objectivity is essential for any professional person exercising professional judgement. It is as
essential for members in business as for practising members. Objectivity is the state of mind
which has regard to all considerations relevant to the task in hand but no other. It is sometimes
described as 'independence of mind'.
The need for objectivity is particularly evident in the case of a practising accountant carrying,
out an audit or some other reporting role where his professional opinion is likely to affect
rights between parties and the decisions they take.
Threats to objectivity
Each of the above threats may arise either in relation to the auditor's own person or in
relation to a connected person such as a member of his family or a partner or a person
who is close to him for some other reason, such as past or present association or
obligation or indebtedness.
Safeguards and sanctions built into the structure of the profession itself
These might include:
i. The long-standing ethical code of the profession, of which this guidance forms part.
Where appropriate, this code imposes specific prohibitions where the threat to the
auditor's objectivity is so significant, or is generally perceived to be so, that no other
appropriate safeguards would be effective.
ii. The ethical support provided by the Institute, including the Ethics Advisory Services
helpline, published advice on ethics such as Help Sheets and the Support Member
Scheme involving District Societies.
iii. The reinforcement given to the above safeguards by a policing system which reacts
to complaints, whether by members of the public or members of the profession,
investigates the background to the complaints, and where necessary commences
disciplinary proceedings against an offending Member. Together with monitoring
(below), the system ensures that a firm's past conduct and current procedures are
likely to come under close independent professional scrutiny if the conduct of
practising members gives rise to challenge over their exercise of these guidelines:
iv. The active monitoring procedures conducted by the profession for reserved activities
such as auditing. On behalf of the Institute Committees concerned, the Quality
www.masomomsingi.co.ke Contact: 0728 776 317 Page 56
AUDITING AND ASSURANCE
Steps taken by firms to ensure that threats to objectivity are recognized, documented
and mitigated
These might not be disclosed to outsiders unless disciplinary or regulatory follow4fp requires
it. Examples of internal procedures within firms which may contribute to reassurance that the
required audit objectivity has been preserved include:
i. Arrangements to ensure that staffs are adequately trained and empowered to
communicate any issue of objectivity that concerns them to a separate principal.
ii. The involvement of an additional principal (in the case of a sole-practitioner, a
qualified colleague) to carry out a review' or otherwise advise.
iii. Rotation of engagement partners and staff.
iv. The evaluation of a potential client when a firm is approached to act, to assess such
facts as the integrity of the client's management, company profile, accountancy
competence, etc.
v. Formal-Consideration and review of the continuance of all engagements before the
firm's name is allowed to go forward for reappointment as auditor.
vi. An overall control environment, starting with a professional approach towards matters
of quality and ethics, and taking in staff training, development and performance
appraisal, and the assurance provided by a regularly monitored and evidenced control
system.
The involvement of a third party such as a client audit committee, or a regulatory body
or another firm
Refusal to act where no other course can abate the perceived problem
Some exclusions and prohibitions are the subject of statute or regulation outside the control of
the profession. In addition, there are some situations in which the threat to an auditor's
objectivity is so significant, or generally perceived to be so, that an auditor should, having
regard to preservation of the public image of his profession, decline to accept appointment,
even if he believes that the circumstances are such that available safeguards and procedures
could, in his particular case, enable him to maintain proper objectivity. In this eventuality, he
should decline or resign appointment.
It follows from the preceding paragraphs that the perception of the publicjor any section of it)
that an auditor's objectivity may be threatened is not, of itself, a reason. why an appointment
should be refused. The countervailing pressures and safeguards described above may often
override a threat. Members and firms are encouraged to make clients and others outside the
profession aware of the extensive and sophisticated compliance procedures that they employ.
A major issue attesting the self-review threat, which should be carefully considered by the
auditor, is the materiality of the amounts involved in relation to the financial statements. In
addition to the amounts involved, the issue of materiality is likely to be influenced, to a
considerable extent, by the degree of subjectivity inherent in the items concerned.
In evaluating the extent of the threat the auditor should also consider the following matters in
relation to the amounts included in the financial statements:
• The extent of the directors‘ knowledge and experience and ability to evaluate the
issues. Concerned and the extent of their involvement in determining and approving
significant matters of judgement;
• the degree to which established methodologies and professional guidelines are utilised
in the type of expert services;
• the reliability and extent of the underlying base data;
• the degree of dependence on future events of a nature which could create significant
volatility inherent in the amounts involved;
• The extent and clarity of related disclosures in the financial statements including
disclosure of the underlying assumptions, and the identity of the provider of the expert
services.
Safeguards
Where a firm has identified a threat it should consider the matters set out in above in relation
to the audit team and take any necessary steps to safeguard its objectivity. Such steps will
often include the use of different partners and separate teams each having separate reporting
lines and additional review procedures sufficient to ensure that objectivity is preserved. Firms
should ensure that their work complies with the International Standards on Auditing (ISA
620), 'Using the Work of an Auditor's Expert', particularly the elements identified in the
section: 'Assessing the Work of an Expert'.
Members should endeavor to foresee such difficulties arising, and either avoid the extreme
position or suggest to the company that it may seek alternate advisers to perform any roles
requiring adversarial advocacy. It should be re-emphasised that there is nothing inherently
unethical in advocating an extreme position on a client's behalf, if it can be supported by
objective evidence. But it may be improper to perform such advocacy while at the same time
asserting that the objectivity. of the audit role has been maintained. In some situations
separation of roles between different partners may provide a degree of internal safeguards, but
practitioners should recognise the risk of bringing themselves and the profession into disrepute
by entering into a -situation Where a position of advocacy appears to indicate a position of
commitment or a bias in state of mind which is not consistent with the objective state of mind
required for a reporting role.
Fees should not be charged on a percentage or similar basis except where it is authorized by
the law or is generally% accepted practice for certain specialist work e.g. construction work.
Also, no instructions should be accepted on a contingency basis e.g. bonus of 3% on profits.
This is because auditor's judgment should not be impaired by hope of a financial gain. If fees
were computed as a percentage of the net profit, the auditor would be hesitant to propose to the
management audit adjustment that would result to reduction of the audit fees derived from the
assignment.
• In practice the most common mode of determination of audit fees is to compute them
on the following considerations:
• The skill and knowledge required for the type of work involved. If the work required an
expert, the fees would be higher
• The seniority of the person engaged in the work i.e. audit partners, managers, seniors
and assistants.
• The time necessarily engaged on each person on the work.
• The nature of responsibility which the work entails.
Contingent fee
A fee calculated on a predetermined basis relating to the outcome or result of a transaction or
the result of the work performed. A fee that is established by a court or other public authority
is not a contingent fee.
Contingent fees arc widely used for certain types of non-assurance engagements
They may, however, give rise to threats to compliance with the fundament principles in
certain circumstances. They may give rise to a self-interest threat to objectivity. The
significance of such threats will depend on factors including:
• The nature of the engagement.
• The range of possible fee amounts.
• The basis for determining the fee.
• Whether the outcome or result of the transaction is to be reviewed by an independent
third party.
The significance of such threats should be evaluated and, if they are other than clearly
insignificant, safeguards should be considered and applied as necessary to eliminate or reduce
them to an acceptable level. Such safeguards may include:
a) An advance written agreement with the client as to the basis of remuneration.
b) Disclosure to intended users of the work performed by the professional accountant in
public practice and the basis of remuneration.
c) Quality control policies and procedures.
d) Review by an objective third party of the work performed by the professional
accountant in public practice.
In certain circumstances, a professional accountant in public practice may receive a referral
fee or commission relating to a client. For example, where the professional accountant in
public practice does not provide the specific service required, a fee may be received for
referring a continuing client to another professional accountant in public practice or other
expert. A professional accountant in public practice may receive a commission from a third
party (e.g., a software vendor) in connection with the sale of goods or services to a client.
Accepting such a referral fee or commission may give rise to self-interest threats objectivity
and professional competence and due care.
A professional accountant in public practice may also pay a referral fee to obtain a client, for
example, where the client continues as a client of another professional accountant in public
practice but requires specialist services not offered by the existing accountant. The payment of
such a referral fee may also create a self- interest threat to objectivity and professional
competence and due care.
A professional accountant in public practice should not pay or receive a referral fee or
commission, unless the professional accountant in public practice has established safeguards
to eliminate the threats or reduce them to an acceptable level. Such safeguards may include:
a) Disclosing to the client any arrangements to pay a referral fee to another professional
accountant for the work referred.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 62
AUDITING AND ASSURANCE
b) Disclosing to the client any arrangements to receive a referral fee for referring the
client to another professional accountant in public practice.
c) Obtaining advance agreement from the client for commission arrangements in
connection with the sale by a third party of goods or services to the client.
A professional accountant in public practice may purchase all or part of another firm on the
basis that payments will be made to individuals formerly owning the firm or to their heirs or
estates. Such payments are not regarded as commissions or referral fees.
When a professional accountant in public practice solicits new work through advertising or
other forms of marketing, there may be potential threats to compliance with the fundamental
principles. For example, a self-interest threat to compliance with the principle of professional
behaviour is created if services, achievements or products are marketed in a way that is
inconsistent with that principle.
A professional accountant in public practice should not bring the profession into disrepute
when marketing professional services. The professional accountant in public practice should
be honest and truthful and should not:
a) Make exaggerated claims for services offers, qualifications possessed or experience
gained; or
b) Make disparaging references to unsubstantiated comparisons to the work of another.
If the professional accountant in public practice is in doubt whether a proposed form
of advertising or marketing is appropriate, the professional accountant in public
practice should consult with the relevant professional body.
Advertising
The communication to the public of information as to the services or skills provided by
professional accountants in public practice with a view to procuring professional business.
A member should not advertise professional services or skills in such a way as to show
himself to be more qualified than other practicing accountants.
A member may place an advertisement under the following circumstances:
• When acting on behalf of the client.
• When acting in fiduciary or similar capacity.
• When seeking staff or salary employment.
A member may have paid announcements in the press for opening a new office, changing the
name, address or membership of his firm or for member's appointment. Publicity given to
member's activity both professional and otherwise is acceptable as it is publicity for the
professional activity of a firm. From the ethical guidance, it is unethical for an accountant to
seek professional work by advertising his services. One cannot therefore place an
advertisement in the media claiming he is a superior service provider than other accountants.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 63
AUDITING AND ASSURANCE
Advertisements should not contain comparisons with other members or firms, contain
testimonies or endorsements or bring the firm, members or the accountancy profession
discredit or dispute.
Although advertisements may refer to the basis on which fees are calculated and where they
contain any statements concerning the hourly rate charged by the firm, care should be taken to
,avoid giving the impression that lower quality performance is provided than that expected
from professional persons.
member's name and description, either as auditor or in some other professional capacity,
should not be permitted to appear on a client's note paper.
Audit reports on headed notepaper in facsimile form should not be included in published
accounts.
The above applies only where the member is acting in some professional capacity. It does not
apply to a member who is appointed chairman, director, treasurer, secretary or other officer of a
company or as an employee, in which case his name and designatory letters may appear in any
document issued by the organisation.
A member making for publication a report on, for example, net sales or newspaper circulation
figures, should be careful to ensure that his report deals only with ascertained facts. If this
report is quoted in any literature by the organisation or in the press, it should not be presented
in such a way, either as to size or presentation, as to be capable of being regarded as an
advertisement for the member and should not include his practicing address. Such a, report on
headed notepaper should not be reproduced in a facsimile form.
Opinion shopping
The term 'opinion shopping' is generally understood to involve the search for an auditor
willing to support a proposed aecounting.treatment designed to help a company achieve its
reporting objectives even though that treatment might frustrate reliable reporting.
An auditor can be defined as lacking independence if he/she adopts a viewpoint that is biased in
favour of management. A lad< of auditor independence might be manifest in the design of the
audit programme, the volume and quality of audit evidence collected, and the audit opinion
issued. The threat of audit firm dismissal and the consequent loss of audit income relates closely
to the issue of auditor independence. An independent audit firm would not change its opinion in
response to a client's dismissal threat, whereas a firm that lacks independence might bend to its
client's wishes. Dismissal threats need not be explicitly stated in order for them to be effective.
If an audit firm is concerned that an unfavourable opinion would lead to the loss of a client, it
may be deterred from issuing an unfavourable opinion without explicit threats from client
management. Instead, there might be an implicit recognition by the client's management and the
audit firm that their economic interests are mutually dependent
TOPIC 4
In the current business environment, it not only makes good business sense to consider client
due diligence, but certain client acceptance and continuance procedures are required by the
auditing and assurance standards.
ISA 210 Agreeing the terms of the audit engagement establishes the preconditions for
accepting an audit, which are:
An acceptable financial reporting framework has been used in the preparation of the
financial statements
Those charged with governance agree that they acknowledge and understand their
responsibilities.
If the preconditions for an audit are not present, the auditor must discuss the matter with those
charged with governance. Unless required by law or regulation to do so, the auditor must not
accept the engagement.
ISA 220 Quality control for an audit of financial statements deals with those aspects of
engagement acceptance that are within the control of the auditor. The engagement partner
must be satisfied that appropriate procedures regarding the acceptance and continuance of
client relationships and audit engagements have been followed, and must determine that
conclusions reached in this regard are appropriate.
Information such as the following assists the engagement partner in determining whether the
conclusions reached regarding the acceptance and continuance of audit engagements is
appropriate:
the integrity of the principal owners, key management and those charged with
governance of the entity
whether the engagement team is competent to perform the audit engagement and has
the necessary capabilities, including time and resources
whether the firm and the engagement team can comply with relevant ethical
requirements
Significant matters that have arisen during the current or previous audit engagement
and their implications for continuing the relationship.
Ethical requirements
Audit firms should expect the same commitment to quality and integrity on the part of their
clients as they do of themselves. As a result, many have developed and implemented improved
processes for approving new clients as well as reviewing relationships with existing clients.
An important part of the client acceptance process is for the prospective auditor to
communicate with the existing auditor in writing. A professional clearance letter enquires
whether there are any professional or other reasons why the engagement should not be
accepted. For example, one such reason may be a disagreement with some particular
accounting treatment the client wishes to adopt. However, before the existing auditor can pass
on any information to the prospective auditor, they must have the client‘s authority to discuss
its affairs. If the client refuses permission then all the existing auditor can do is advise the
prospective auditor that there are matters they would like to discuss but the client has refused
permission for this, and this should speak volumes.
Adequate resources
Key message
Typically the process of handling audit client acceptance and continuance varies with the size of
the firm, and such directives should be included in a firm's quality control manual. The process
should provide the audit firm with information to judge whether the entity meets or exceeds the
necessary standards of integrity and whether the firm has the capacity to perform a quality audit.
if these standards are not clearly met, the engagement should not be accepted. If a client no
longer meets the firm's standards, or when the firm cannot commit sufficient resources to
deliver a quality audit to the client, the auditor should not accept the engagement. As with any
auditing procedure, the process should be documented and all correspondence retained as audit
evidence.
The cost of client due diligence is a small fraction of the value of the engagement, and if the
outcome is acceptance this cost should be passed onto the client as part of the audit fee. If the
prospective client is not accepted, then clearly this is time and money well spent. The key
message is that audit firms can turn work down, a firm does not have to accept an audit
engagement, it can say ―no‖ to clients that do not fit the risk profile of the firm and capital will
go where it is deserved. This will contribute towards developing a healthy and profitable
business.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 67
AUDITING AND ASSURANCE
Engagement letters
The engagement letter will be sent before the audit. It specifies the nature of the contract
between the audit firm and the client and minimises the risk of any misunderstanding of the
auditor's role.
It should be reviewed every year to ensure that it is up to date but does not need to be reissued
every year unless there are changes to the terms of the engagement. The auditor must issue a
new engagement letter if the scope or context of the assignment changes after initial
appointment.
ISA 210 requires the auditor to consider whether there is a need to remind the entity of the
existing terms of the audit engagement for recurring audits and many firms choose to send a
new letter every year, to emphasise its importance to clients.
In addition to the above the engagement letter may also make reference to:
The unavoidable risk that some material misstatements may go undetected due to the
inherent limitations in an audit;
Arrangements regarding the planning and performance of the audit;
www.masomomsingi.co.ke Contact: 0728 776 317 Page 68
AUDITING AND ASSURANCE
Recurring Audits
On recurring audits, the auditor should consider whether circumstances require the terms of
the engagement to be revised and whether there is a need to remind the client of the existing
terms of the engagement.
The auditor may decide not to send a new engagement letter each period. However, the
following factors may make it appropriate to send a new letter:
Any indication that the client misunderstands the objective and scope of the audit. Any
revised or special terms of the engagement.
A recent change of senior management or those charged with governance.
A significant change in ownership.
A significant change in nature or size of the client's business.
Legal or regulatory requirements.
If the auditor concludes that there is reasonable justification to change the engagement and if
the audit work performed complies with the ISAs applicable to the changed engagement,. the
report issued would be that appropriate for the revised terms of engagement. In order to avoid
confusing the reader, the report would not include reference to:
a) The original engagement; or
b) Any procedures that may have been performed in the original engagement, except where
the engagement is changed to an engagement to undertake agreed-upon procedures and
thus reference to the procedures performed is a normal part of the report
Where the terms of the engagement are changed, the auditor and the client should agree on the
new terms.
The auditor should not agree to a change of engagement where there is no reasonable
justification for doing so. An example might be an audit engagement where the auditor is unable
to obtain sufficient appropriate audit evidence regarding receivables and the client asks for the
engagement to be changed to a review engagement to avoid a qualified audit opinion or a
disclaimer of opinion.
If the auditor is unable to agree to a change of the engagement and is not permitted to continue
the original engagement, the auditor should withdraw and consider whether there is any
obligation, either contractual or otherwise, to report to other parties, such as those charged with
governance or shareholders, the circumstances necessitating the withdrawal.
The objective of the auditor is to identify and assess the risks of material misstatement,
whether due to fraud or error, at the financial statement and assertion levels, through
understanding the entity and its environment, including the entity's internal control, thereby
providing a basis for designing and implementing responses to the assessed risks of material
misstatement.
Risk assessment procedures are performed at the planning stage of an audit to obtain an
understanding of the entity being audited and to identify any areas of concern which could
result in material misstatements in the financial statements. They allow the auditor to assess
the nature, timing and extent of audit procedures to be performed.
ISA 315 Risk Assessments and Internal Controls states that the auditor should obtain an
understanding of the accounting and internal control systems sufficiently to plan the audit and
develop an effective audit approach. The auditor should use professional judgment to assess
audit risk and to design audit procedures to ensure it is reduced to an acceptably low level.
Sources of audit evidence that can be used as part of risk assessment procedures.
Inquiries of management
Prior year financial statement
Current year management accounts and budgets
Analytical procedures
Observation and inspection
Definitions
For purposes of the ISAs, the following terms have the meanings attributed below:
a) Assertions — Representations by management, explicit or otherwise, that are
embodied in the financial statements, as used by the auditor to consider the different
types of potential misstatements that may occur.
b) Business risk - A risk resulting from significant conditions, events, circumstances,
actions or inactions that could adversely affect an entity's ability to achieve its
objectives and execute its strategies, or from the setting of inappropriate objectives and
strategies.
c) Internal control — The process designed, implemented and maintained by those
charged with governance, management and other personnel to provide reasonable
assurance about the achievement of an entity's objectives with regard to reliability of
financial reporting, effectiveness and efficiency of operations, and compliance with
applicable laws and regulations. The term "controls" refers to any aspects of one or
more of the components of internal control.
d) Risk assessment procedures: - The audit procedures performed to obtain an
.understanding of the entity and its environment, including the entity's internal control,
to identify and assess the risks of material misstatement, whether due to fraud or error,
at the financial statement and assertion levels.
e) Significant risk -- An identified and assessed risk of material misstatement that, in the
auditor's judgment, requires special audit consideration.
The auditor shall perform risk assessment procedures to provide a basis for the
identification and assessment of risks of material misstatement at the financial statement
and assertion levels. Risk assessment procedures by themselves, however, do not provide
sufficient appropriate audit evidence on which to baSe the audit opinion.
The risk assessment procedures shall include the following:
a) Inquiries of management, of appropriate individuals within the internal audit function
(if the function exists), and of others within the entity who in the auditor's judgment
may have information that is likely to assist in identifying risks of material
misstatement due to fraud or error.
b) Analytical procedures.
c) Observation and inspection.
The auditor shall consider whether information obtained from the auditor's client acceptance
or continuance process is relevant to identifying risks of material misstatement.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 71
AUDITING AND ASSURANCE
If the engagement partner has performed other engagements for the entity, the engagement
partner shall consider whether information obtained is relevant to identifying risks of
material misstatement.
Where the auditor intends to use information obtained from the auditor's previous
experience with the entity and from audit procedures performed in previous audits, the
auditor shall determine whether changes have occurred since the previous audit that may
affect its relevance to the current audit.
The engagement partner and other key engagement team members shall discuss the
susceptibility of the entity's financial statements to material misstatement, and the
application of the applicable financial reporting framework to the entity's facts and
circumstances. The engagement partner shall determine which matters are to be
communicated to engagement team members not involved in the discussion.
The Required Understanding of the Entity and Its Environment, Including the Entity's
Internal Control
If the entity has established such a process (referred to hereafter as the "entity's risk assessment
process"), the auditor shall obtain an understanding of it, and the results thereof. If the auditor
identifies risks of material misstatement that management failed to identify, the auditor shall
evaluate whether there was an underlying risk of a kind that the auditor expects would have
been identified by the entity's risk assessment process. If there is such a risk, the auditor shall
obtain an understanding of why that process failed to identify it, and evaluate whether the
process is .appropriate to its circumstances or determine if there is a significant deficiency in
internal control with regard to the entity's risk assessment process... ..„
If the entity has not established such a process or has an ad hoc process, the auditor shall
discuss with management whether business risks relevant to financial. reporting objectives
have been • identified and how they have been addressed. The auditor shall evaluate whether
the absence of a documented risk assessment process is appropriate in the circumstances, or
determine whether it represents a significant deficiency in internal control.
AUDITING
The information system, including the related business processes, relevant to financial
reporting, and communication
The auditor shall obtain an understanding of the information system, including the related
business processes, relevant to financial reporting, including the following areas:
a. The classes of transactions in the entity's operations that are significant to the financial
• statements;
www.masomomsingi.co.ke Contact: 0728 776 317 Page 73
AUDITING AND ASSURANCE
b. The procedures, within both information technology (IT) and manual systems, by
which those transactions are initiated, recorded, processed, corrected as necessary,
transferred to the general ledger and reported in the financial statements;
c. The related accounting records, supporting information and specific accounts in the
financial statements that are used to initiate, record, process and report transactions; this
includes the correction of incorrect information and how information is transferred to
the general ledger. The records may be in either manual or electronic form;
d. How the information system captures events and conditions, other than transactions,
that are significant to the financial statements;
e. The financial reporting process used to prepare the entity's financial statements,
including significant accounting estimates and disclosures; and
f. Controls surrounding journal entries, including non-standard journal entries used to
record non-recurring, unusual transactions or adjustments.
The auditor shall obtain an understanding of how the entity communicates financial
reporting roles and responsibilities and significant matters relating to financial reporting,
including:
a) Communications between management and those charged with governance; and
b) External communications, such as those with regulatory authorities.
Monitoring of controls
- The auditor shall obtain an understanding of the major activities that the entity uses to
monitor internal control relevant to financial reporting, including those related to those
control activities relevant to the audit, and how the entity initiates remedial actions to
deficiencies in its controls.
- If the entity has an internal audit function the auditor shall obtain an understanding of
the nature of the internal audit function's responsibilities, its organizational status, and
the activities performed, or to be performed.
- The auditor shall obtain an understanding of the sources of the information used in the
entity's monitoring activities, and the basis upon which management considers the
information to be sufficiently reliable for the purpose.
- The auditor shall identify and assess the risks of material misstatement at:
a. the financial statement level; and
b. the assertion level for classes of transactions, account balances, and disclosures,
to provide a basis for designing and performing further audit procedures.
- For this purpose, the auditor shall:
a. Identify risks throughout the process of obtaining an understanding of the entity and
its environment, including relevant controls that relate to the risks, and by
considering the classes of transactions, account balances, and disclosures in the
financial statements;
b. Assess the identified risks, and evaluate whether they relate more pervasively to the
financial statements as a whole and potentially affect many assertions;
c. Relate the identified risks to what can go wrong at the assertion level, taking account
of relevant controls that the auditor intends to test; and
d. Consider the likelihood of misstatement, including the possibility of multiple
misstatements, and whether the potential misstatement is of a magnitude that could
result in a material misstatement.
Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate
Audit Evidence
In respect of some risks the auditor may judge that it is not possible or practicable to obtain,
sufficient appropriate audit evidence only from substantive procedures. Such risks may relate
to the inaccurate or incomplete recording of routine and significant classes of transactions or
www.masomomsingi.co.ke Contact: 0728 776 317 Page 75
AUDITING AND ASSURANCE
account balances, the characteristics of which often permit highly automated processing with
little or no manual intervention. In such cases, the entity's controls over such risks are relevant
to the audit and the auditor shall obtain an understanding of them.
misstatement. In addition, the auditor may obtain audit evidence about classes of transactions,
account balances, or disclosures, and related assertions, and about the operating effectiveness
of controls, even though such procedures were not specifically planned as substantive
procedures or as tests of controls. The auditor also may choose to perform substantive
procedures or tests of controls concurrently with risk assessment procedures because it is
efficient to do so.
The auditor uses professional judgment to determine the extent of the understanding required.
The auditor's primary consideration is whether the understanding that has been obtained is
sufficient to meet the objective stated in this ISA. The depth of the overall understanding that is
required by the auditor is less than that possessed by management in managing the entity. The
risks to be assessed include both those due to error and those due to fraud, and both are covered
by this ISA.. However, the significance of fraud is such that further requirements and guidance
are included in ISA 240 in relation to risk assessment procedures and related activities to obtain
information that is used to identify the risks of material misstatement due to fraud.
Although the auditor is required to perform all the risk assessment procedures above in the
course of obtaining the required understanding of the entity, the auditor is not required to
perform all of them for each aspect of that understanding. Other procedures may be performed
where the information to be obtained therefrom may be helpful in identifying risks of material
misstatement.
Inquiries of Management, the Internal Audit Function and Others within the Entity
Much of the information obtained by the auditor's inquiries is obtained from management and
those responsible for financial reporting. Information may also be obtained by the auditor
through inquiries with the internal audit function,- f the entity has such a function and others
within the entity.
The auditor may also obtain information, or a different perspective in .identifying risks of
material misstatement, through inquiries of others within the entity and other employee's with
different levels of authority.
For example:
Inquiries directed towards those charged with governance may help the auditor
understand the environment in which the financial statements are prepared. ISA 260
identifies the importance of effective two-way communication in assisting the auditor
to obtain information from those charged with governance in this regard.
personnel within the function. The auditor may also consider it appropriate to have periodic
meetings with these individuals.
Analytical Procedures
Analytical procedures performed as risk assessment procedures may identify aspects of the
entity of which the auditor was unaware and may assist in assessing the risks of material
misstatement in order to provide a basis for designing and implementing responses to the
assessed risks. Analytical procedures performed as risk assessment procedures may include
both financial and non-financial information, for example, the relationship between sales and
square footage of selling space or volume of goods sold.
Analytical procedures may help identify the existence of unusual transactions or events, and
amounts, ratios, and trends that might indicate matters that have audit implications. Unusual or
unexpected relationships that are identified may assist the auditor in identifying risks of material
misstatement, especially risks of material misstatement due to fraud.
However, when such analytical procedures use data aggregated at a high level (which may be
the situation with analytical procedures performed as risk assessment procedures), the results of
those analytical procedures only provide a broad initial indication about whether a material
misstatement may exist. Accordingly, in such cases, consideration of other information that has
been gathered when identifying the risks of material misstatement together with the results of
such analytical procedures may assist the auditor in understanding and evaluating the results of
the analytical procedures.
The auditor is required to determine whether information obtained in prior periods remains
relevant, if the auditor intends to use that information for the purposes of the current audit. This
is because changes in the control environment, for example, may affect the relevance of
information obtained in the prior year. To determine whether changes have occurred that may
affect the relevance of such information; the auditor may make inquiries and perform other
appropriate audit procedures, such as walk-troughs of relevant systems.
Industry Factors
Relevant industry factors include industry conditions such as the competitive environment,
supplier and customer relationships, and technological developments. Examples of matters the
auditor may consider include:
The market and competition, including demand, capacity, and price competition.
Cyclical or seasonal activity.
Product technology relating to the entity's products.
Energy supply and cost.
The industry in which the entity operates may give rise to specific risks of material
misstatement arising from the nature of the business or the degree of regulation. For example,
long-term contracts may involve significant estimates of revenues and expenses that give rise
to risks of material misstatement. in such cases, it is important-that the engagement team
include members with sufficient relevant knowledge and experience.
Regulatory Factors
Relevant regulatory factors include the regulatory environment. The regulatory environment
encompasses, among other matters, the applicable financial reporting framework and the legal
and political environment.
ENGAGEMENT RISK
Engagement risk—This is the risk that the practitioner expresses an inappropriate conclusion
when the subject matter information is materially misstated.
- Engagement risk does not refer to or include the practitioner's business risks such as
loss from litigation, adverse publicity, or other events arising in connection with a subject
matter information reported on.
In general, engagement risk can be represented by the following components, although not all
of these components will necessarily be present or significant for all assurance engagements:
(a) Risks that the practitioner does not directly influence, which may consist of:
i. The susceptibility of the subject matter information to a material misstatement
before consideration of any related controls (inherent risk); and
ii. The risk that a material misstatement that occurs in the subject matter
information will not be prevented, or detected and corrected, on a timely basis
by the appropriate party(ies)'s internal control (control risk); and
(b) Risks that the practitioner does directly influence, which may consist of:
i. The risk that the procedures performed by the practitioner will not detect a
material misstatement (detection risk); and
ii. in the case of a direct engagement, the risks associated with the practitioner's
measurement or evaluation of the underlying subject matter against the
applicable criteria.
The degree to which each of these components is relevant to the engagement is affected by the
engagement circumstances;, in particular:
i. The nature of the underlying subject matter and the subject matter information. For
example, the concept of control risk may be more useful when the underlying
subject matter relates to the preparation of information about an entity's
performance than when it relates to information about the effectiveness of a
controls or the existence of a physical condition.
ii. Whether a reasonable assurance or a limited assurance engagement is being
performed. For example, in limited assurance attestation engagements the
practitioner may often decide to obtain evidence by means other than tests of
controls, in which case consideration of control risk may be less relevant than in a
reasonable assurance attestation engagement on the same subject matter
information.
iii. Whether it is a direct engagement or an attestation engagement. While the concept
of control risk is relevant to attestation engagements, the broader concept of
measurement or evaluation risk is relevant to direct engagements.
iv. The consideration of risks is a matter of professional judgment, rather than a
matter capable of precise measurement.
Reducing engagement risk to zero is very rarely attainable or cost beneficial and, therefore,
reasonable assurance is less than absolute assurance, as a result of factors such as the
following:
• The use of selective testing.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 81
AUDITING AND ASSURANCE
Significant Risks
For example, where there are one-off events such as the receipt of notice of a significant
lawsuit, consideration of the entity's response may include such matters as whether it has been
referred to appropriate experts (such as internal or external legal counsel), whether an
assessment has been made of the potential effect, and how it is proposed that the circumstances
are to be disclosed in the financial statements.
In some cases, management may not have appropriately responded to significant risks of
material misstatement by implementing controls over these significant risks. Failure by
Management to implement such controls is an indicator of a significant deficiency in internal
control.
Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate
Audit Evidence
Risks of material misstatement may relate directly to the recording of routine classes of
transactions or account balances, and the preparation of reliable financial statements_ Such
risks may include risks of inaccurate or incomplete processing for routine and significant
classes of transactions such as an entity's revenue, purchases, and cash receipts or cash
payments.
Where such routine business transactions are subject to highly automated processing with little
or no manual intervention, it may not be possible to perform only substantive procedures in
relation to the risk. For example, the auditor may consider this to be the case in circumstances
where a significant amount of an entity's information is initiated, recorded, processed, or
reported only in electronic form such as in an integrated system. In such cases:
Audit evidence may be available only in electronic form, and its sufficiency and
appropriateness usually depend on the effectiveness of controls over its accuracy and
completeness.
The potential for improper initiation or alteration of information to occur and not be
detected may be greater if appropriate controls are not operating effectively.
Documentation
The manner in which the requirements are documented is for the auditor to determine using
professional judgment. For example, in audits of small entities the documentation may be
incorporated in the auditor's documentation of the overall strategy and audit plan. Similarly,
for example, the results of the risk assessment may be documented separately, or may be
documented as part of the auditor's documentation of further procedures.
For example, where there are one-off events such as the receipt of notice of a significant
lawsuit, consideration of the entity's response may include such matters as whether it has been
referred to appropriate experts (such as internal or external legal counsel), whether an
assessment has been made of the potential effect, and how it is proposed that the circumstances
are to be disclosed in the financial statements.
In some cases, management may not have appropriately responded to significant risks of
material misstatement by implementing controls over these significant risks. Failure by
Management to implement such controls is an indicator of a significant deficiency in internal
control.
Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate
Audit Evidence
Risks of material misstatement may relate directly to the recording of routine classes of
transactions or account balances, and the preparation of reliable financial statements. Such
risks may include risks of inaccurate or incomplete processing for routine and significant
classes of transactions such as an entity's revenue, purchases, and cash receipts or cash
payments.
Where such routine business transactions are subject to highly automated processing with little
or no manual intervention, it may not be possible to perform only substantive procedures in
relation to the risk. For example, the auditor may consider this to be the case in circumstances
where a significant amount of an entity's information is initiated, recorded, processed, or
reported only in electronic form such as in an integrated system. In such cases:
Audit evidence may be available only in electronic form, and its sufficiency and
appropriateness usually depend on the effectiveness of controls over its accuracy and
completeness.
The potential for improper initiation or alteration of information to occur and not be
detected may be greater if appropriate controls are not operating effectively.
Revision of Risk Assessment
During the audit, information may come to the auditor's attention that differs significantly
from the information on which the risk assessment was based. For example, the risk
assessment may be based on an expectation that certain controls are operating effectively. In
performing tests of those controls, the auditor may obtain audit evidence that they were not
operating effectively at relevant times during the audit.
Similarly, in performing substantive procedures the auditor may detect misstatements in
amounts or frequency greater than is consistent with the auditor's risk assessments. In such
circumstances, the risk assessment may not appropriately reflect the true circumstances of the
entity and the further planned audit procedures may not be effective in detecting material
misstatements.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 84
AUDITING AND ASSURANCE
Documentation
The manner in which the requirements are documented is for the auditor to determine using
professional judgment. For example, in audits of small entities the documentation may be
incorporated in the auditor's documentation of the overall strategy and audit plan. Similarly,
for example, the results of the risk assessment may be documented separately, or may be
documented as part of the auditor's documentation of further procedures.
The form and extent of the documentation is influenced by the nature, size and complexity of
the entity and its internal control, availability of information from the entity and the audit
methodology and technology used in the course of the audit.
For entities that have uncomplicated businesses and processes relevant to financial reporting,
the documentation may be simple in form and relatively brief. It is not necessary to document
the entirety 01 the auditor's understanding of the entity and matters related to it. Key elements
of understanding documented by the auditor include those on which the auditor based the
assessment of the risks of material misstatement.
The extent of documentation may also reflect the experience and capabilities of the members
of the audit engagement team. Provided the requirements of ISA 230 are always met, an audit
undertaken by an .engagement team comprising less experienced individuals may require more
detailed documentation to assist them to obtain an appropriate understanding of the entity than
one that includes experienced individuals.
For recurring audits, certain documentation may be carried forward,- updated as necessary to
reflect changes in the entity's business or processes.
Control Environment
Control Activities
Generally, control activities that may be relevant to an audit may be categorized as policies
and procedures that pertain to the following:
Performance reviews. These control activities include reviews and analyses of actual
performance versus budgets, forecasts, and prior period performance; relating different
sets of data — operating or financial — to one another, together with analyses of the
relationships and investigative --and corrective actions; comparing internal data with
external sources of information; and review of functional or activity performance.
Information processing. The two broad groupings of information systems control
activities are application controls, which apply to the processing of individual
applications, and general IT controls, which are policies and procedures that relate to
many applications and support the effective functioning of application controls by
helping to ensure the continued proper operation of information systems.
Examples of application controls include checking the arithmetical - accuracy of,
records, maintaining and reviewing accounts and trial balances, automated controls such
as edit checks of input data and numerical sequence checks, and manual follow-up of
exception reports. Examples of general IT controls are program change controls, controls
that restrict access to programs or data, controls over the implementation of new releases
of packaged software applications, and controls over system software that restrict access
to or monitor the use of system utilities that could change financial data or records
without leaving an audit trail.
Physical controls. Controls that encompass:
- The physical security of assets, including adequate safeguards such as secured
facilities over access to assets and records.
- The authorization for access to computer programs and data files.
- The periodic counting and comparison with amounts shown on control records (for
example, comparing the results of cash, security and inventory counts with
accounting records). The extent to which physical controls intended to prevent
theft of assets are relevant to the reliability of financial statement preparation, and
therefore the audit, depends on circumstances such as when assets are highly
susceptible to misappropriation.
Segregation of duties. Assigning different people the responsibilities of authorizing
transactions, recording transactions, and maintaining custody of assets. Segregation of
duties is intended to reduce the opportunities to allow any person to be in a position to
both perpetrate and conceal errors or fraud in the normal course of the person's duties.
- Certain control activities may depend on the existence of appropriate higher level
policies established by management or those charged with governance.
- For example, authorization controls may be delegated under established guidelines, such
as investment criteria set by those charged with governance; alternatively, non-routine
transactions such as major acquisitions or divestments may require specific high level
approval, including in some cases that of shareholders.
Monitoring of Controls
An important management responsibility is to establish and maintain internal control on . an
ongoing basis. .Management's monitoring of controls includes considering whether they are
operating as intended and that they are modified as appropriate for changes in conditions.
Monitoring of controls may include activities such as management's review of whether bank
reconciliations are being prepared on a timely basis, internal auditors' evaluation of sales
personnel's compliance with the entity's policies on terms of sales contracts, and a legal
department's oversight of compliance with the entity's ethical or business practice policies.
Monitoring is done also to ensure that controls continue to operate effectively over time. For
example, if the timeliness and accuracy of bank reconciliations are not monitored, personnel
are likely to stop preparing them.
Internal auditors or personnel performing similar functions may contribute to the monitoring
of an entity's controls through separate evaluations.
Ordinarily, they regularly provide information about the functioning of internal control,
focusing considerable attention on evaluating the effectiveness of internal control, and
communicate information about strengths and deficiencies in internal control and
recommendations for improving internal control.
Monitoring activities may include using information from communications from external
parties that may indicate problems or highlight areas in need of improvement. Customers
implicitly corroborate billing data by paying their invoices or complaining about their charges.
In addition, regulators may communicate with the entity concerning matters that affect the
functioning of internal. Control for example, communications concerning examinations by bank
regulatory agencies. Also, management may consider communications relating to internal
control from external auditors in performing monitoring activities.
PLANNING AN AUDIT
Planning is not a discrete .phase of an audit, but a continual process that often begins shortly
after the completion of the previous audit and continues until the completion of the current
audit engagement. Planning should in any case start before then accounting year-end to take -
into account year end procedures which need to be carried out e.g. attendance at the annual
inventory count or circularisation of receivables. The nature and extent of planning will vary'
according to the size and complexity of the entity, previous experience with the entity and
changes in circumstances that occur during the engagement.
Initial engagements
In case of initial engagements, while the planning elements remain the same as for recurring
engagements, the auditor may need to expand the planning activities as the auditor does not
necessarily have the previous experience with the entity that is considered when planning
recurring engagements.
Additional matters that may be considered in planning initial engagements include:
- Where possible and where not prohibited by law, consider arrangements with the
previous auditor to review the working papers.
- Review any major issues, including the application of accounting principles or auditing
and reporting, standards, discussed with management or those charged with governance
in connection with the initial selection_ as auditors, and how these affect the audit
strategy and audit plan.
- Obtaining sufficient appropriate audit evidence regarding opening balances.
- Involvement of another partner or a senior individual to review the overall audit
strategy prior to commencing significant audit procedures or to review reports prior to
their issuance.
Once the overall audit strategy has been established the auditor can commence the development
of a more detailed audit plan to address the various matters identified in the strategy. Although
the auditor establishes the overall audit strategy before developing the audit plan, the two
activities are not necessarily sequential processes but closely inter-related since changes in one
may result in changes to the other.
In case of audits of smaller entities where the audit is conducted by a very small audit team, the
development of an audit strategy need not be a complex process and a brief memorandum
prepared at the completion of the previous audit, based on a review of the working papers and
highlighting the issues identified, updated and changed in the current period based on
discussions with the management, can serve as the basis for planning the current audit
engagement.
Requirements
The auditor's consideration of client continuance and relevant ethical requirements, including
independence, occurs throughout the audit engagement as conditions and changes in
circumstances occur. Performing initial procedures on both client continuance and evaluation
of relevant ethical requirements (including independence) at the beginning of the current audit
engagement means that they are completed prior to the performance of other significant
activities for the current audit engagement. For continuing audit engagements, such initial
procedures often occur shortly after (or, in connection with) the completion of the previous
audit.
The use of unedited programmes does not constitute adequate planning as it could expose the
auditor to risks not covered in detail by the programme or result in the auditor carrying out
unnecessary tests thereby resulting, in inefficiencies.
Planning Activities
The auditor shall establish an overall audit strategy that sets the scope, timing and direction of
the audit, and that guides the development of the audit plan. In establishing the overall audit
strategy, the auditor shall:
a) Identify the characteristics of the engagement that define its scope;
b) h) Ascertain the reporting objectives of the engagement to plan the timing of the audit-
and the nature of the communications required;
c) Consider the factors that, in the auditor's professional judgment, are significant in
directing the engagement team's efforts;
d) Consider the results of preliminary engagement activities and, where applicable,
Whether knowledge gained on other engagements performed by the engagement
partner for the entity is relevant; and
e) Ascertain the nature, timing and extent of resources necessary to perform the
engagement.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 93
AUDITING AND ASSURANCE
The process of establishing the overall audit strategy assists the auditor to determine, subject
to the completion of the auditor's risk assessment procedures, such matters as:
The resources to deploy for specific audit areas, such as the use of appropriately
experienced team members for high risk areas or the involvement of experts on complex
matters;
The amount of resources to allocate to specific audit areas, such as the number of team
members assigned to observe the inventory count at material locations, the extent of
review of other auditors' work in the case of group audits, or the audit budget in hours to
allocate to high risk areas;
When these resources are to be deployed, such as whether at an interim audit stage O at
key cutoff dates; and
How such resources are managed, directed and supervised, such as when team briefing
and debriefing meetings are expected to be held, how engagement partner and manager
reviews are expected to take place (for example, on-site or off-site), and whether to
complete engagement quality control reviews.
The development and documentation of the overall audit strategy sets the scope, timing and
direction of the audit, and guides the development of the more detailed audit plan. It also helps
to ascertain the nature, timing and extent of the 'resources necessary to perform the engagement.
In developing the audit strategy, the engagement team may consider the experience gained on
other engagements performed for the entity. The key components of an audit strategy include:
Once the overall audit strategy has been established, an audit plan can be developed to address
the various matters identified in the overall-audit strategy, taking into account the need to
achieve the audit objectives through the efficient use of the auditor's resources.
The establishment of the overall audit strategy and the detailed audit plan are not necessarily
discrete or sequential processes, but are closely inter-related since changes in one may result in
consequential changes to the other.
DOCUMENTATION
encountered together with evidence of work performed and conclusion reached. They
can also serve as a good reference point for future audit.
- Preparation of working papers enables to auditor to adopt a methodical approach to his
work.
- Working papers assist in planning and performance of audit in future financial periods.
- If sued for negligence, the auditor can use the working papers as evidence for work
done.
- Working papers can be used for training of audit staff. They contain audit programme
and specimen schedules which audit assistants can refer to when conducting the audit.
Auditing guidelines do not define precisely, the form of working papers but it indicates what
might typically be contained therein.
- Information of continuing importance to the audit such as letter of engagement and
memorandum of association.
- Planned audit approach as contained in the planning memorandum.
- Auditor's assessment of client's accounting system, his review and evaluation of
internal controls. Details of work carried out, not as of errors or exceptions noted and
action taken together with conclusion drawn by audit staff.
- Evidence that the work of staff has been properly reviewed.
- Record of relevant balances and other financial info that is subject to the audit
- Analysis of significant ration and trends
- Copies of communications with other auditors, expects and other third parties.
- Letters of representation received form management.
- Working papers are divided into the current audit file (CAF) and the permanent audit
file (PAF)
Disadvantages
- It is not appropriate to follow mechanically, a standardized approach to the conduct and_
documentation of audit work as the auditor in some cases will need to exercise his own
judgment.
- The initiative of auditor staff may be restricted because the need to exercise judgment
in preparing working papers is eliminated.
- The client staff may become familiar with the method and perpetuate fraud in areas not
covered by the standard working papers.
- The audit work becomes very mechanical with use of standardized working papers.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 98
AUDITING AND ASSURANCE
When the auditor is faced with the normal audit risk, the audit approach adopted is usually one
of reliance on key controls supported by substantive tests, compliance tests and analytical
review.
In addition to normal risk and higher than normal risk discussed above, the auditor can also be
exposed by sub-standard work such as:
His failure to recognise put upon enquiry situation
His failure to draw correct inferences from audit evidence and the analytical
review
His use of wrong procedures in a particular situation
His failure to perform necessary audit work because of time and cost
consideration
His failure to detect errors or fraud because of poor sampling methods or the
selection
of inadequate sample sizes
It is essential that an audit firm should organize itself in such a way that it can minimise the
risk of suffering any damage. We can look at these measures from two points of view. Broad
measures taken by the profession as a whole and measures to be taken by the individual
auditor in minimising this audit risk.
This approach requires the auditor to determine what are the very important business risks
which the client faces. This line of approach both helps the client and also enables the auditor
to appreciate and understand his clients business and appreciate all aspects of the business
activities. It is then for the auditor to determine where the risks are likely or unlikely and
whether the risks are likely to produce serious consequences. This enable the audit to be
focussed on those matters where there is a possibility of misstatement. This is the basis of
revised auditing standards.
The big firms have largely adopted this approach within their audit methodology.
The history of auditing shows a gradual change over time as detailed testing of transactions
moved to system audits. The next development was the audit risk model which focuses the
audit and the extent of audit procedures on to the areas of an audit where the auditor was most
at risk of giving an inappropriate opinion.
ISA 220, Quality Control for an Audit of Financial Statements,
Environmental requirements affecting the industry and the entity's business.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 101
AUDITING AND ASSURANCE
ISA 250 includes some specific requirements related to the legal and regulatory
framework applicable to the entity and the industry or sector in which the entity
operates.
Other External Factors
Examples of other external factors affecting the entity that the auditor may consider include
the general economic conditions, interest rates and availability of financing, and inflation or
currency revaluation.
Nature of the Entity
An understanding of the nature of an entity enables the auditor to understand such matters as:
Whether the entity has a complex structure, for example, with subsidiaries or other
components in multiple locations. Complex structures often introduce issues that may
give rise to risks of material misstatement. Such issues may include whether goodwill,
joint ventures, investments, or special-purpose entities are accounted for appropriately.
The ownership, and relations between owners and other people or entities. This
understanding assists in determining whether related party transactions have been
identified and accounted for appropriately:
ISA 550 establishes requirements and provides guidance on the auditor's considerations
relevant to related parties.
Examples of matters that the auditor may consider when obtaining an understanding of the
nature of the entity include:
Business operations such as:
- Nature of revenue sources, products or services, and markets, including
involvement in electronic commerce such as Internet sales and marketing
activities.
- Conduct of operations (for example, stages and methods of production, or
activities exposed to environmental risks).
- Alliances, joint ventures, and outsourcing activities.
- Geographic dispersion and industry segmentation.
- Location of production facilities, warehouses, and offices, and location and
quantities of inventories.
- Key customers and important suppliers of goods and services, employment
arrangements (including the existence of union contracts, pension and other post-
employment benefits, stock option or incentive bonus arrangements, and
government regulation related to employment matters).
- Research and development activities and expenditures.
- Transactions with related parties.
Investments and investment activities such as:
- Planned or recently executed acquisitions or divestitures:
- o. Investments and dispositions of securities and loans
- Capital investment activities
- Investments in non-consolidated entities, including partnerships, joint ventures
and special-purpose entities
Financing and financing activities such as:
www.masomomsingi.co.ke Contact: 0728 776 317 Page 102
AUDITING AND ASSURANCE
As should be evident from this summary the business risk approach is a more holistic.
approach to the audit. The business risk approach starts at a stage back from the traditional
audit risk model and offers more benefit to auditors and clients alike.
Business Risk results from significant conditions, events, circumstances or actions that could
adversely affect the entity's ability to achieve its objectives and execute its strategies. Even
though such risks are likely to eventually have an impact on an entity's financial statements,
not every business risk will translate directly in a risk of a material misstatement in the
financial statements, which is often referred to as audit risks. There are 3 categories of business
risk.
Financial risk- this is the risk that the firm will not be able to meet its short term
maturing obligations as a when they fall due.
Operational risk- these are risks arising with regard to operations for instance, the
risk that a major supplier will lay longer be able to supply the company with the key
raw materials.
Compliance risk- Risk that arises from non-compliance with laws and regulations
under which the business operates for example, environmental issues.
An understanding of the business risks facing the entity increases the likelihood of identifying
risks of material misstatement, since most business risks will eventually have financial
consequences and, therefore, an effect on the financial statements. However, the auditor does
not have a responsibility to identify or assess all business risks because not all business risks
give rise to risks of material misstatement.
Examples of matters that the auditor may consider when obtaining an understanding of the
entity's objectives, strategies and related business risks that may result in a risk of material
misstatement of the financial statements include:
• Industry developments (a potential related business risk might be, for example, that the
entity does not have the personnel or expertise to deal with the changes in the industry).
• New products and services (a potential related business risk might be, for example, that
there is increased product liability).
www.masomomsingi.co.ke Contact: 0728 776 317 Page 105
AUDITING AND ASSURANCE
• Expansion of the business (a potential related business risk might be, for example, that
the demand has not been accurately estimated).
• New accounting requirements (a potential related business risk might be, for example,
incomplete or improper implementation, or increased costs).
• Regulatory requirements (a potential related business risk might be, for example, that
there is increased legal exposure).
• Current and prospective financing requirements (a potential related business risk might
be, for example, the loss of financing due to the entity's inability to meet requirements).
• Use of IT (a potential related business risk might be, for example, that systems and
processes are incompatible).
• The effects of implementing a strategy, particularly any effects that will lead to new
accounting requirements (a potential related business risk might be, for example,
incomplete or improper implementation).
A business risk may have an immediate consequence for the risk of material misstatement for
classes of transactions, account balances, and disclosures at the assertion level or the financial
statement level. For example, the business risk arising from a contracting customer base may
increase the risk of material misstatement associated with the valuation of receivables.
However, the same risk, particularly in combination with a contracting economy, may also have
a longer-term consequence, which the auditor considers when assessing the appropriateness of
the going concern assumption. Whether a business risk may result in -a risk of material
misstatement is, therefore, considered in light of the entity's circumstances. Usually,
management identifies business risks and develops approaches to address them. Such a risk
assessment process is part of internal control...
An error is an unintentional mistake in presenting the financial information which can occur at
anytime during processing and recording of transactions. These include
• Mathematical or clerical mistakes
• Overnight or misrepresentation of facts
• Misapplication of accounting policies
Types of errors
i. Errors of commission. These are errors that do not show in the trial balance because it
still balances. This is where the correct amount for a transaction is recorded but in the
wrong person‘s account e.g. for debtors the correct class of accounts may be used but
the wrong personal entries entered.
ii. Errors of omissions. This is where transactions are completely omitted from books of
accounts.
iii. Errors of principle. This is where an item is entered in the wrong class of account e.g. a
fixed asset is debited to the expense account.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 106
AUDITING AND ASSURANCE
iv. Compensating errors. This is where errors cancel each other out. The errors occur
usually on opposite sides of the accounts i.e. on credit and debits sides with equal
amounts and are totally independent from each other.
v. Errors of original entry. These occur when the original figure is incorrect and the
double entry system is still observed.
vi. Complete reversal entries. These occurs where correct accounts are used but each items
shown on wrong side of the account e.g. crediting sales in debtors account and debiting
sales account.
Fraud
Fraudulent financial reporting may be committed because management is under pressure from
outside or inside the entity to report unrealistic profit levels. A perceived opportunity for
fraudulent financial reporting or misappropriation of company assets may exist when an
individual believes that an internal control can be overridden. This could be because an
individual is in a position of trust or has knowledge of specific weaknesses in the internal
control system.
The distinction between fraud and error is of little importance so far as audit procedure are
concerned. This is because the audit procedure used to detect errors is the same used to detect
www.masomomsingi.co.ke Contact: 0728 776 317 Page 107
AUDITING AND ASSURANCE
fraud. The only difference may arise where the auditor may be required by law to disclose
certain illegal acts to the regulatory authority.
The primary responsibility for the detection and prevention of fraud and error rests with the
management of the company. This responsibility is fulfilled through the implementation and
continuous operation of adequate system of internal controls. Such system reduces but does
not eliminate the possibility of fraud and error. The auditor on his part seeks reasonable
assurance that fraud and error which may be material to the financial statements has not
occurred or if it has occurred, the effect is properly reflected in the financial statements. At
this point, the auditor should plan his work so that he has reasonable expectation of detecting
material misstatements in the financial information resulting from fraud and error. It is
important to emphasis that the auditor cannot be held responsible for failing to detect errors
and frauds. However, he is expected to carry out his work in a manner that he is in a position
to detect material errors and frauds. Failure to detect such material errors implies that the
financial statements are materially misstated.
Expectations gap
This is the gap that exists between external auditor‘s understanding of their role and duty and
the expectations of various users of the financial statements and the general public regarding
the process and the outcome of the external audit. I.e. the expectation by users of financial
statements that auditor should detect and prevent error and fraud as a duty, while actually it is
not his duty but of the directors.
Most users of financial statements believe that the auditor has prepared the statements and
should therefore be in a position to explain the performance results of the company. Some
other users of the financial statements do not understand the audit opinion issue.
It has also been suggested that the role of the auditor should be broadened especially in areas
of fraud. ISA 240(fraud and error), requires that the auditor should report to the users of the
financial statements if there is material misstatements as a result of fraud and any other
irregularities.
There should be attempts to improve the knowledge and understanding of auditor‟ s role and
responsibility through public education.
In addition to weaknesses in the accounting and internal control system, events which also
increase risk of fraud and error are:
• Questions regarding the integrity and competence of management. Where management
is not honest and could misappropriate company assets, the risk of fraud and error
increases.
• Unusual pressure within the company e.g. pressure on organization to attain a certain
level or profitability. This could tempt the managers to manipulate the financial
statement so as to achieve the set profit level.
• Unusual transactions. Such could be carried out with intention of manipulating the
financial performance of the company e.g. a very large purchase of stock at the year
end to increase level of closing stock and subsequently increase profits.
If circumstances indicate possible existence of fraud and error, the auditor should consider the
potential effect of financial statements. If the effect is material, the auditor should perform
additional procedures to dispel the suspicion. Where fraud or error is confirmed, the auditor
should satisfy himself that the effect of fraud or error is properly reflected in the financial
statements or the error corrected. The auditor should communicate his findings to management
on timely basis if:
• He believes fraud may exist even if the potential effect would be immaterial.
• Fraud or error is actually found to exist.
An audit is subject to the avoidable risk that some material misstatements will not be detected,
even though the audit is properly planned and performed in accordance with ISAs. The risk of
not detecting misstatements resulting from fraud is higher than the risk of not detecting material
misstatements resulting from errors. This is because fraud involves acts designed to conceal it
such as forgery and deliberate failure to record transactions. When the audit reveals evidence to
the contrary, the auditor is entitled to accept representations from management as truthful and
documents as genuine. However, the auditor should plan and perform his work with
professional skepticism, recognizing that conditions or events may be found that indicate that
fraud or error may exist. Existence of a strong internal control system reduces the
www.masomomsingi.co.ke Contact: 0728 776 317 Page 109
AUDITING AND ASSURANCE
probability of misstatements in the financial reporting occurring due to fraud or error but there
is always a risk that the system may fail to operate as designed.
The following procedures could be applied as general leads to where fraud or error may have
occurred.
• Comparison of the company‘s current balance sheet with those of previous years.
• Calculation of profitability, leverage, activity and performance ratios for the current and
previous years.
• Using search inquiry to pose questions to management and accounting staff.
• Auditing in depth to establish the audit trail. This facilitates checking a transactions
recording process from initial to final stage.
• Using surprise checks and visits.
• Comparing budgeted and actual results of the company and investigating any variances
noted.
This process goes or the fraud is discovered. This method of fraud is known as short banking
or delayed accounting of money received or lapping. This is method by which the past
defalcations are covered up by the present receipt. If remittances are received by means of
cheques, then cheques will have to be split up. This proves is known as splitting cheques.
Because by encashing the cheques, less amount is credited to the debtor and rest amount is
misappropriated.
We can detect such frauds with the help of auditors. The auditor should find out what is the
internal check system regarding cash. If there is any weak point, he must probe into the matter.
The cashier should not have access to ledger. Auditor should check the counterfoils of the
receipts with the cash book paying particular attentions to the dates.
Implications
• Understated sales, wrong management accounts, loss of assets of the company and
accounts without true and fair view.
• Bad debts
• Misappropriation of cash, exposure to theft and loss of interest due to delayed banking.
• Unreliable records and disputes between the company and customers.
Potential errors
• Liabilities being set up for goods not received or not authorized
• Liabilities being incurred but not recorded.
• Making payments without proper documents and authorization.
• Misallocation of funds to the wrong general ledger accounts
• Goods being returned without being recorded.
Implications
• Loss of company resources because of paying for goods never received
• Understanding of liabilities hence disputes with suppliers.
• Paying for services and goods not received
• Overstatement of expenses and creditors.
• Misstatement of various expense accounts hence unreliable records.
• Overstatement of purchases
(c) Wages
Potential errors
• Dummy workers in the payroll or fraudulent double payment of workers, payment for
work not done and unclaimed wages being misappropriated.
• Occurrence of payroll errors.
• Improper deductions being made or being misappropriated
• Inflation of the payroll in other ways.
Implications
• Overvaluation of stocks because using wrong labour costs.
• Overstatement of stocks
• Misstatement of various expense accounts
• Unreliable records.
How is internal control system helps prevent and detect fraud and error
• Supervision. This serves to prevent fraud or error by boosting the awareness of senior
employees who will refrain from committing fraud and error by virtue of constant
review of operations.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 111
AUDITING AND ASSURANCE
• Physical controls. These limit access to the assets of the company thus preventing them
from damage, misuse or theft.
• Segregation of duties. This boosts automatic checks, accountability and supervision at
all stages of processing transactions, minimizing chances of error and fraud.
• Arithmetic and accounting controls. Proper recording of transactions according to the
principles of ISAs will prevent errors and frauds such an manipulation of accounts.
• Personnel. Engaging qualified, competent and efficient personnel will reduce chances
of errors. The company‘s staff should be motivated and properly remunerated to
prevent temptations of fraud.
• Routine and automatic checks. These minimize fraud by boosting awareness that work
will be continuously checked, accountability will be increased and importance of being
honest will be emphasized.
TOPIC 5
Definition
Forensic accounting is the use of accounting skills to investigate fraud or embezzlement and to
analyze financial information for use in legal proceedings
Forensic accounting in its present state can be broadly classified into two categories
encompassing litigation support and investigative accounting.
1. Litigation support - is the provision of assistance of an accounting nature in a matter
involving existing or pending litigation. It is primarily focused on issues relating to the
quantification of economic damages, which means a typical litigation support
assignment would involve calculating the economic loss or damage resulting from a
breach of contract. However, it also extends to other areas involving valuations, tracing
assets, revenue recovery, accounting reconstruction and financial analysis. Litigation
support also works closely with lawyers in matters involving, but not limited to, contract
disputes, insolvency litigation, insurance claims, royalty audits, shareholders disputes
and intellectual property claims
6. Arbitration
7. Partnership and corporation disputes
8. Shareholder disputes (minority shareholders claiming
9. Civil and criminal actions concerning fraud and financial irregularities - cross
examination, formulate questions
10. Fraud and white-collar crime investigations
Investigative accounting
1. Reviewing the factual situation and providing suggestions on alternative course of
action.
2. Assisting in the preservation, protection and recovery of assets.
3. Co-ordinating with other experts, including private investigators, expert document
examiners, consulting engineers and other industry specialists;
4. Assisting in the tracing and recovery of assets through civil, criminal and other
administrative or statutory proceedings.
Litigation support
4. Enhanced effectiveness and efficiency - this arises from the additional dimension and
depth which experienced individuals in fraud investigation bring with them to focus on
the issues at hand. Such individuals are specialists in rooting out fraud and would
recognise transactions normally passed over by the organisation's accountants or
auditors.
I. Core skills:
Fraud is quite common in big organizations where the number of daily financial transactions
is huge. In such an environment, an employee can easily undertake fraudulent activities
without being caught. Forensic accounting helps in analyzing whether the company's
accounting policies are followed or not, and whether all the transactions are clearly stated in
the books of accounts. Any deviation observed in the books of accounts can help in
identifying fraud, and necessary measures can be taken to prevent it in the future.
1) Confidentiality Issue
If the analysis of a company's financial statements points out the involvement of a particular
person in fraudulent activities, there is a significant chance that the person will try to threaten
the company to safeguard himself from the trial, Also, any trial that confirms a fraud
happening in the company comes under public eye and gains negative publicity, which
directly affects the reputation and investor relations of the company,
Forensic accounting can be an expensive affair because the procedures which accountants use
involve high-end accounting software. If study results have to be presented in a trial, the
overall expenditure goes up even further, because the fees of forensic accountants are quite
high. This can be a matter of concern for the organization .
It is quite obvious for employees to feel offended when they come to know that their job is
under scrutiny by a third person. If no fraud is identified, employees are left with the feeling
that the employer does not have faith in them. Lost trust can be difficult to regain in such
cases.
The forensic accountant could be asked to investigate many different types of fraud. It is
useful to categorize these types into three groups to provide an overview of the wide range
of investigations that could be carried out. The three categories of frauds are corruption,
asset misappropriation and financial statement fraud
Corruption
There are three types of corruption fraud: conflicts of interest, bribery, and extortion.
Research shows that corruption is involved in around one third of all frauds.
In a conflict of interest fraud, the fraudster exerts their influence to achieve a personal
gain which detrimentally affects the company. The fraudster may not benefit
financially, but rather receives an undisclosed personal benefit as a result of the
situation. For example, a manager may approve the expenses of an employee who is
also a personal friend in order to maintain that friendship, even if the expenses are
inaccurate.
Bribery is when money (or something else of value) is offered in order to influence a
situation.
Extortion is the opposite of bribery, and happens when money is demanded (rather
than offered) in order to secure a particular outcome.
Asset misappropriation
By far the most common frauds are those involving asset misappropriation, and
there are many different types of fraud which fall into this category: The common
feature is the theft of cash or other assets from the company, for example:
Cash theft - the stealing of physical cash, for example petty cash, from the premises
of a company.
Fraudulent disbursements - company funds being used to make fraudulent payments.
Common examples include billing schemes, where payments are made to a fictitious
supplier, and payroll schemes, where payments are made to fictitious employees
(often known as 'ghost employees').
Inventory frauds ^ the theft of inventory from the company,
www.masomomsingi.co.ke Contact: 0728 776 317 Page 120
AUDITING AND ASSURANCE
Misuse of assets - employees using company assets for their own personal interest.
Financial statement fraud
This is also known as fraudulent financial reporting, and is a type of fraud that causes a
material misstatement in the financial statements. It can include deliberate falsification of
accounting records; omission of transactions, balances or disclosures from the financial
statements; or the misapplication of financial reporting standards. This is often carried out
with the intention of presenting the financial statements with a particular bias, for example
concealing liabilities in order to improve any analysis of liquidity and gearing.
CONDUCTING AN INVESTIGATION
The process of conducting a forensic investigation is, in many ways, similar to the process
of conducting an audit, but with some additional considerations. The various stages are
briefly described below.
Gathering evidence
In order to gather detailed evidence, the investigator must understand the specific type of
fraud that has been carried out, and how the fraud has been committed. The evidence should
be sufficient to ultimately prove the identity of the fraudster(s), the mechanics of the fraud
scheme, and the amount of financial loss suffered. It is important that the investigating team
is skilled in collecting evidence that can be used in a court case, and in keeping a clear chain
of custody until the evidence is presented in court.
If any evidence is inconclusive or there are gaps in the chain of custody, then the evidence
may be challenged in court, or even become inadmissible. Investigators must be alert to
documents being falsified, damaged or destroyed by the suspect(s). Evidence can be
gathered using various techniques, such as:
testing controls to gather evidence which identifies the weaknesses, which allowed
the fraud to be perpetrated
using analytical procedures to compare trends over time or to provide comparatives
between different segments of the business
applying computer assisted audit techniques, for example to identify the timing and
location of relevant details being altered in the computer system
discussions and interviews with employees
Substantive techniques such as reconciliations, cash counts and reviews of
documentation.
The ultimate goal of the forensic investigation team is to obtain a confession by the fraudster,
if a fraud did actually occur. For this reason, the investigators are likely to avoid deliberately
confronting the alleged fraudster(s) until they have gathered sufficient evidence to extract a
confession. The interview with the suspect is a crucial part of evidence gathered during the
investigation.
Reporting
The client will expect a report containing the findings of the investigation, including a
summary of evidence and a conclusion as to the amount of loss suffered as a result of the
fraud. The report will also discuss how the fraudster set up the fraud scheme, and which
controls, if any, were circumvented. It is also likely that the investigative team will
recommend improvements to controls within the organisation to prevent any similar frauds
occurring in the future.
Opportunities to Commit Financial Reporting Fraud?
1. The absence of a segregation of duties Or unclear job descriptions resulting in a lack of
clarity of ownership allowing an individual to manipulate data to achieve a desired
result.
2. The absence of effective supervision allowing an individual (s) to manipulate data to
present a desired result or avoid detection of an improper activity (e.g. remote
locations; specialized or complex businesses; recently acquired entities or outsourced
activities).
3. The ability to create transactions to achieve a desired result (e.g. inter-company
transactions; fictitious receivables; improper reserves; or manipulation of cut-off
procedures).
www.masomomsingi.co.ke Contact: 0728 776 317 Page 122
AUDITING AND ASSURANCE
1. Implement internal controls to reduce fraud risk: Many businesses depend on one person
to process payments and invoices, make bank deposits, handle petty cash, and reconcile
bank statements. This is asking for trouble. Your business should implement a system
that spreads and, if possible, rotates the financial duties of the business among two or
more employees. Insist that all employees, especially those with financial
responsibilities, take a mandatory vacation of at least one week of consecutive days.
2. Tone at the Top: An effective way to prevent fraud in your business is to create a
positive work culture. It is important that the business owner and senior management
serve as role models of honesty and integrity. Set clear standards example zero
tolerance policy for fraud.
3. The directors should lead by Example by
Whistle blower: Every company should establish a system that makes it easy for
employees, vendors and customers to anonymously report suspected fraud activities.
Work with Professionals: Consider hiring a professional to conduct both regularly
scheduled and surprise audits. Audits can serve as a deterrent because when
employees are aware that there will be checks of their areas, they are more likely to
stay honest.
TOPIC 6
Introduction
When carrying out the audit, the auditor first needs to carry out an evaluation of the internal
control systems and evaluate its operating effectiveness and its efficiency. This will help the
auditor to ascertain the degree of reliance he or she is going to place on the controls and hence
the level of the level of tests the needs to be carried on the final balances. To ascertain the
effectiveness of these controls, the auditor carries out tests of control. The tests of control will
also help the auditor have a better understanding of the entity. Internal control is covered by the
International Standard on Auditing (ISA) 315 on Understanding the entity and its environment
and assessing the risk of material misstatement.
Internal audit is normally set up by the management to help in the risk assessment process and
to ensure the company adheres to good corporate governance. This function can either be
carried out in-house whereby the employees of the company employed as the internal auditors
or it can be outsourced. Internal auditing is covered by the International Standard of Auditing
(ISA) 610 on considering the work of internal auditing.
ISA 400 defines an accounting system as the series of tasks and procedures by which
transaction are procedures as a means of maintaining proper financial records. The accounting
system identifies, assembles, analyses, defines, records and summarizes transactions of an
entity the mgt requires complete and accurate accounting and other records to assist in
executing their responsibilities which are:
Safeguarding the company assets and preventing fraud and error
Selecting suitable accounting policies and applying them consistently
Ensuring that the company keeps proper accounting records as per the Companies Act.
Delivering to the government agency, court or stock exchange a copy of the company‘s
auditor financial statements within the specified period after year-end.
Stating whether applicable accounting standards have been followed subject to any
material departure disclosed and explained in the financial statements.
Prepare the financial statements on a going concern basis unless it is appropriate to
presume that the company will continue operations.
Setting up an internal control system to enable all the above responsibilities to be
carried out as required.
ISA 400 defines internal control system as all the policies and procedures adopted by
management to in achieving objectives as far as practicable. The objectives of an internal
control system are: -
Orderly and efficient conduct of business.
Adherence to management policies.
Safeguarding of company assets
www.masomomsingi.co.ke Contact: 0728 776 317 Page 125
AUDITING AND ASSURANCE
1. Risk assessment
Audit risk means the risk that the auditor may give an inappropriate audit opinion i.e. the
auditor may report that the financial statements show a true and fair view while in reality they
are materially misstated.
Audit risk is composed of:
a) Inherent risk
b) Control risk
c) Detection risk
d) Inherent risk
a) Inherent risk
This is the risk that the account balances are transactions could be materially misstated
assuming that there were no internal control system. Inherent risk could increase a result of an
adverse attitude of managers on the internal control system i.e. if they view internal control
system as unimportant.
b) Control risk
This is the risk that a material misstatement could occur in an account balance or clan of
transactions which will not be prevented or detected in a timely manner by the entity‟ s
accounting and internal control system.
c) Detection risk
This is the risk that the auditor‟ s tests of balances and transactions will not detect a material
misstatement that exists in an accounts balance or class of transactions. This implies that
detection risk is the only component of audit risk under the auditor‟ s control.
For the audit model, audit risk equals inherent risk multiplied by the control risk and detection
risk.
Disadvantages
The model gives an impression of accuracy which is unrealistic as in practice its
difficult to put a quantitative value on inherent risk.
For the model to be useful, the number of items being tested need to be sufficiently
large to allow for valid statistical conclusions to be made. This rule out the use of the
model in many small audits.
The model has a danger of adapting an overly mechanistic approach and that the
auditor may lose his „feel‟ for the audit assignment.
It requires proper knowledge of the burden to be able to assess the audit risk.
A wrong assessment of inherent and control risk will lead to over or under auditing.
2. Control Environment
ISA 400 refers control environment as being the overall attitude, awareness and actions of
directors and management regarding the internal control system and its importance to the
entity.
The control environment has an effect on the effectiveness of the specific control procedures.
A strong control environment i.e. one with tight budgetary control and an effective internal
audit function can significantly complement specific control procedures. Thus the control
environment sets the tone of the entity by influencing the control consciousness of people. It
may be viewed as the foundation of other components of internal control.
The function of the board of directors or the audit committee. The control environment
is significantly influenced by the effectiveness of the board of directors or the audit
committee. This effectiveness is determined by the extent of its independence from
management, experience and status of members and the extent to which it raises and
pursues difficult matters with management and also its relationship with internal and
external auditors.
Management philosophy, style and ease with which managers could override controls.
Management philosophy refers to whether the management likes taking risk in business
or has a conservative approach. This has an impact on the overall reliability of financial
statements. If they are risk takers, losses are likely and may want to hide them. If they
are conservative to risk, there may be no business hence low profits and this may lead to
falsification of financial statements.
The implementation of organizational structure and methods of assigning authority and
responsibility. This determines how well employees understand the limits placed upon
their powers and responsibilities. The objective is to separate responsibility for
authorizing a transaction, keeping records for the transaction and custody of assets
acquired from the transaction.
Personnel policies and procedures. Employees should be recruited on basis of skills and
knowledge essential for the performance of their jobs and if necessary, be trained
3. Control procedures
These are the policies and procedures in addition to the control environment, which the
management has established to achieve the entity‟ s specific objectives. The mix of types of
controls implemented by mgt will depend on the control objectives and the size of the entity.
a) Organizational plan chart
Companies should have proper organization plans. An organized plan shows clearly the
various departments within the company, their functions and persons charged with ensuring
that such functions are fulfilled. They seek to ensure that the entity is properly
departmentalized preventing duplication of duties across departments and boosting
accountability within the entity. Delegation and limits of authority should be well and clearly
defined.
b) Segregation of duties.
This refers to separation of various duties and responsibilities such that one person cannot
process and record a complete transaction from beginning to the end without being checked by
another person. E.g. in purchase of fixed assets, an individual should not authorize the purchase,
place the order, receive the assets, record the transaction and keep custody of the assets. To
minimize risk of error and or intention the following should be performed by different
individuals and departments as much as practicable.
Initiation of transaction. This is where if an item is found to be out of stock and a
requisition is made.
Authorization Different levels of management should be given limits as to what they
can authorize or to what extent they can commit company resources.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 128
AUDITING AND ASSURANCE
Execution. Person‘s independent from those who authorize the transactions should
execute them.
Recording. Segregation of duties also includes an internal check which refers to the
activities of one person being complementary to those of another person.
c) Physical controls
These are security measures concerned with the custody of company‟ s assets by limiting
access to authorized people only. Direct physical controls include keeping assets under lock
and key, employment of security guards, building fences and use of closed circuit cameras.
Indirect physical controls include use of a fixed asset movement registers and use of
computers to record utilization of company vehicles.
d) Authorization and approval.
Transactions that commit the organizations resources should be subject to authorization and
approval by a responsible official. The limits for authorization should also be specified.
e) Arithmetic and accounting control.
These are controls within the accounting function which check that transactions are authorized
and accurately recorded. These are aimed at ensuring completeness and accuracy of the
accounting records. The key features are;
Use of pre numbered documents in processing transactions.
Issuing of documents in sequence when processing transactions.
Monitoring movement of documents by use of a register in which all the people in
possession of specific documents have signed that they are possession of those
documents.
Production of exception reports e.g. where a local purchase order (LPO) has been raised
and the order has not been fulfilled by the supplier.
Reconciliation of different accounts and the related control accounts e.g. bank
reconciliation. Reconciliations would only be effective if prepared by independent
persons and non reconciling items resolved in a timely manner.
f) Personnel.
The proper functioning of any system is dependent on the competence and integrity of those
operating it. The company must therefore recruit competent staff with integrity and
intelligence. Staff should be assigned responsibilities that match their capability and undergo
training where necessary.
g) Supervision.
Transactions and their recording should be subjected to supervision by competent and
responsible officials. Supervision is necessary because it gives the chance of correcting errors
and also because lower level employees generally tend to be indiscipline if not closely
supervised.
h) Management controls.
These are controls exercised by management in addition to daily routines of the system. They
include comparison of actual performance with budgets review of management accounts e.g.
budgets and internal audit function.
i) Rotation of duties.
Duties should be rotated between personnel at the same organizational level e.g. payroll staff
and credit control staff. Staff should be encouraged to take annual leave to provide an
opportunity for their work to be checked by an independent person.
k) Internal audit
This is a control function set up by management to review the accounting and internal control
system. Internal audit carries out continuous evaluation of operating effectiveness of the
internal control policies and procedures. The findings and recommendations are then reported
to management.
purchasing requires a quotation to be submitted, an employee can leak the prices in the
quotations to his preferred supplier in exchange for a kick back.
f. The possibility that procedures may become inadequate due to changes in conditions of
the burden e.g. expansion of business without corresponding increase in number of staff
may require some staff member to perform more tasks than previously. This dilutes the
extent of segregation of duties.
Ascertaining
This refers to the auditors attempt to identify and understand the internal controls that
management has put in place. This is carried out in the following ways:-
Utilizing clients accounting and control manuals which describe the accounting and
internal control system.
Obtaining and relying on system records and description prepared by internal audit for
organizations with inter audit functions.
Interviewing procedures being performed e.g. stock taking in order to clearly
understand the nature of the controls involved.
Relying on prior year‘s system notes which can be obtained from the previous auditor‘s
working papers.
The auditor‘s objective in evaluating the internal control system is to determine the degree of
reliance which he may place on the information contained in the accounting records. If he
obtains reasonable assurance by means of compliance tests that the internal controls are
effective in ensuring the completeness and accuracy of accounting records and the validity of
entries therein, he may limit the extent of substantive testing. Because of the inherent
limitation of even the most effective internal control system, it will be impossible for the
auditor to rely solely on its operation as a basis of his opinion on the financial statements.
Recording
Having identified the controls that management has put in place, it is important to create
documented records of the internal control system. This will enhance the auditor‟ s
understanding of the system and provide documentary evidence of work done. The following
are methods used in recording the system.
and information through the system. This use of visual description eliminates use of
lengthy narratives in explaining the system.
Narratives. These refer to recording of the internal control system in narrative form or
explanatory notes. They are preferable for simple systems where all the transactions
and documentation are handled by one person only. They require little formal training
of staff and are best suited to small and simple system description or to explain
peripheral aspects of a larger system not dealt with by other techniques. Narratives are
too easy to record but difficult to change.
Confirming
Having recorded the system, the auditor then needs to confirm whether the system recorded
exists, is operational and that the auditor has correct understanding of the system. This is done
by use of walk through tests. A walk through test refers to the process where the auditor selects
the particular transaction and traces it through the accounting information system from the time
it was first captured and input as data to its final recording in the financial statements. The
purpose of walk through tests may be either for auditor to identify specific control procedures or
to confirm an existing understanding of internal control procedure in the internal control system.
Evaluating
Having recorded and confirmed the internal control system, the auditor will commence his
evaluation. The auditor evaluates the client‘s internal control system in order to decide whether
the system is suitably designed and constitutes a reliable basis for preparation of financial
statements. Evaluation is normally carried out simultaneously with recording. Evaluation will
be assisted by the use of documentation designed to help identify the internal controls on which
the auditor may wish to place reliance. The auditor uses internal control evaluation
questionnaires (ICEQ) in evaluating the system based on key control questions. Examples of
key control questions that could be applied in evaluating internal control system for sales and
debtors are:
TESTS OF CONTROL
After the system has been evaluated as being suitably designed the auditor then plans to carry
out tests of control which are also called compliance tests. Compliance tests are procedures
performed to obtain audit evidence about the effectiveness of the:
Design of the accounting and internal control system i.e. whether it is suitably designed
to prevent and correct material misstatements.
Operation of the internal controls consistently throughout the financial period.
The Auditor carries out tests of control to determine whether these controls have worked
effectively throughout the financial period and can be relied upon to ensure complete, accurate
and reliable accounting records.
Some of the procedures performed to obtain an understanding of the accounting and internal
control system may not have been specifically planned as tests of control but may provide
audit evidence about the effectiveness of the design and operation of the internal controls
relevant to certain assertions and consequently serve as tests of control.
Inspection: Documents supporting transactions and other events are inspected to gain
assurance that internal controls have operated properly.
Inquiry: Inquiries about internal controls which have no audit trail need to be done e.g.
inquiring whether appropriate security measures are undertaken during payment of
wages.
Re-performance of internal controls. E.g. reconciliation of the bank accounts to ensure
clients bank accounts to ensure clients bank reconciliation statements is accurately
prepared.
Observation. This entails observing control procedures being performed e.g. physical
counting of stock will enable the auditor confirm that the exercise is being conducted
properly. Such observation will provide evidence that a control is operating effectively
as designed. When obtaining audit evidence about the effectiveness of internal controls,
the auditors considers how they were applied and the consistency with which they were
www.masomomsingi.co.ke Contact: 0728 776 317 Page 134
AUDITING AND ASSURANCE
applied. The concept of effective operational controls recognizes that some deviation
from prescribed control may occur. This may be due to changes in key personnel,
human error and significant fluctuation in the volume of transactions.
Although the statutory reporting requirements of the Companies Act only calls for the auditor
to make a report to the members as to whether the financial statements show a true and fair
view. In addition to this, auditors provide management with a summary of their findings
concerning strengths and weaknesses of accounting and internal control system as well as
material issues arising from review of the financial statements. This summary is called the
management letter.
Communicates matters arising during the audit so that there is a written record of all
such matters. In case of litigation, the auditor may rely on the management letter for
defense.
Ensures auditor‘s comments on the accounting on the internal control system reach
those responsible members of management who have powers to act on the findings.
A report to management will normally be a natural way of adding value to the client and the
auditor should incorporate the need to report in the planning of the audit. Before documenting
the weaknesses in management letter, the auditor should discuss these with the appropriate
officials. This eliminates the possibility that the auditor may have misunderstood. The
operation of the system and will also enable the company make quick corrective actions. The
management letter should be addressed to the board of directors or the audit committee.
The timing of the management letter will vary. It will often be useful to complete the
compliance tests before its submission, so that weaknesses in internal control system may be
included. However, serious weaknesses discovered should be reported immediately. This may
make it necessary to submit more than one management letter.
The management letter acts as effective feedback that assists management in running the
company more efficiently and thus promotes constructive relationship between the auditor and
management which may be useful in future audits. The management letter should be both
objective and constructive. The auditor should request for comments from management as to all
the matters rose indicating what actions management intends to take regarding the matters
raised.
An entity's mix of manual and automated elements in internal control varies with the nature
and complexity of the entity's use of IT.
The use of IT affects the way that control activities are implemented. From the auditor's'
perspective, controls over IT systems are effective when they maintain the integrity of
information and the security of the data such systems process, and include effective general IT
controls and application controls. General IT controls are policies and procedures that relate to
many applications and support the effective functioning of application controls.
They apply to mainframe, miniframe, and end-user environments. General IT controls that
maintain the integrity of information and security of data commonly include controls over the
following:
Data center and network operations.
System software acquisition, change and maintenance.
Program change.
Access security.
Application system acquisition, development, and maintenance.
IT also poses specific risks to an entity's internal control, including, for example:
• Reliance on systems or programs that are inaccurately processing data, processing
inaccurate data, or both.
• Unauthorized access to data that may result in destruction of data or improper changes
to data, including the recording of unauthorized or non-existent transactions, or
inaccurate recording of transactions.
• Particular risks may arise where multiple users access a common database.
• The possibility of IT personnel gaining access privileges beyond those necessary to
perform their assigned duties thereby breaking down segregation of duties.
• Unauthorized changes to data in master files.
• Unauthorized changes to systems or programs.
• Failure to make necessary changes to systems or programs.
• Inappropriate manual intervention.
• Potential loss of data or inability to access data as required.
Manual elements in internal control may be more suitable where judgment and discretion are
required such as for the following circumstances:
• Large, unusual or non-recurring transactions.
• Circumstances where errors are difficult to define anticipate or predict.
• In changing circumstances that require a control response outside the scope of an
existing automated control.
• In monitoring the effectiveness of automated controls
Manual elements in internal control may be less reliable than automated elements because they
can be more easily bypassed, ignored, or overridden and they are also more prone to simple
errors and mistakes. Consistency of application of a manual control element cannot therefore be
assumed. Manual control elements may be less suitable for the following circumstances:
• High volume or recurring transactions, or in situations where errors that can be
anticipated or predicted can be prevented, or detected and corrected, by control
parameters that are automated
• Control activities where the specific ways to perform the control can be adequately
designed and automated
The extent and nature of the risks to internal control vary depending on the nature and
characteristics of the entity's information system. The entity responds to the risks arising from
the use of IT or from use of manual elements in internal control by establishing effective
controls in light of the characteristics of the entity's information system
TOPIC 7
AUDIT EVIDENCE
FINANCIAL STATEMENT ASSERTIONS AND AUDIT EVIDENCE
Financial Statement Assertions are the implicit or explicit claims and representations made
by the management responsible for the preparation of financial statements regarding the
appropriateness of the various elements of financial statements and disclosures.
Financial Statement Assertions are also known as Management Assertions and Audit
Assertions.
Assertions relating to assets, liabilities and equity balances at the period end
Assertions Explanation Examples: Inventory balance
Assets, liabilities and equity Inventory recognized in the balance sheet exists at the
Existence
balances exist at the period end. period end.
All assets, liabilities and equity
All inventory units that should have been recorded
balances that were supposed to
have been recognized in the financial statements. Any
Completeness be recorded have been
inventory held by a third party on behalf of the audit
recognized in the financial
entity has been included in the inventory balance.
statements.
Entity has the right to
Audit entity owns or controls the inventory
ownership or use of the
recognized in the financial statements. Any inventory
Rights & recognized assets, and the
held by the audit entity on account of another entity
Obligations liabilities recognized in the
has not been recognized as part of inventory of the
financial statements represent
audit entity.
the obligations of the entity.
Inventory has been recognized at the lower of cost
and net realizable value in accordance with IAS 2
Inventories. Any costs that could not be reasonably
Assets, liabilities and equity allocated to the cost of production (e.g. general and
Valuation balances have been valued administrative costs) and any abnormal wastage has
appropriately. been excluded from the cost of inventory. An
acceptable valuation basis has been used to value
inventory cost at the period end (e.g. FIFO, AVCO,
etc.)
AUDIT EVIDENCE
Audit evidence refers to the information obtained by the auditor in arriving at the conclusions
on which audit opinion on the financial statements is based. Audit evidence comprises of
source documents and accounting records underlying the financial statements. The accounting
records generally include:
The sources and amount of evidence needed to achieve the required level of assurance is
determined by the auditor‘s judgment. The auditor‘s judgment will be influenced by the
materiality of item being examined, the relevance and reliability of evidence available from
each source and cost involved in obtaining it. Audit evidence is obtained through an
appropriate mix of tests of controls and substantive procedures where internal control system
is considered weak; evidence may be obtained entirely from substantive procedures.
Substantive tests are procedures carried out to test the accuracy and validity of accounting
records. They are of two types i.e. analytical review procedure and test of detail.
ISA 500 requires that „the auditor should obtain sufficient audit evidence to be able to draw
reasonable conclusions on which to base the audit opinion.‟
Sufficient means that there needs to be enough evidence. What is enough is a matter of
professional judgment.
a) Relevance.
Relevance of audit evidence should be considered in relation to the overall audit objective of
forming an opinion and reporting on financial statements. It therefore refers to the ability of
the evidence to assist the auditor in testing management assertions.
b) Reliability
Reliability of audit evidence refers to the credibility of that evidence the credibility is
influenced by its source and its nature
When preparing financial statements the management makes certain implicit or explicit
assertions about the financial affairs of the company.
1. Assertions about hinting of transactions and events for the period under audit i.e.
Occurrence transaction and events that have been recorded have occurred and pertain to
the entity.
Completeness
Cut off. Transactions and events have been recorded in the appropriate accounting
period
Accuracy Amounts and other data relating to the recorded transactions have been
recorded appropriately.
Classification. Transactions and events have been recorded in the correct period
Occurrence and rights and obligation. Disclosed events and transactions and other
matters have occurred and pertained to the entity
Completeness All disclosures that should have been included e.g. compositions of
director‘s fees.
Measurement and valuation. Financial and other information are disclosed fairly and at
appropriate amounts
Classification and understandability. Financial information is appropriately presented
and described, and disclosures are clearly expressed
The auditor may use the assertions described above or may express them differently provided
all aspects described above have been covered.
The auditor may rely on sufficient appropriate evidence obtained by substantive testing to form
his opinion. Alternatively he may be able to obtain assurance from presence of a reliable
internal contrast system and therefore reduce the extent of substantive testing the auditor
obtains evidence in performing compliance and substantive procedures using the following
methods.
a) Inspection.
This consists of examining records, documents or tangible assets. The reliability of the
evidence obtained from inspection depends on nature, source and effectiveness of the internal
control system. Inspection of tangible assets provides evidence with the respect to the
existence but not to their value and ownership.
b) Observation
This involves looking at procedures being performed by others e.g. stock counting by client
personnel.
Inquiry consists of seeking information from knowledgeable persons inside and outside the
company. It ranges from formal written inquires addressed to the third parties to oral inquiries
addressed to persons within the entity. The information may be new to the auditor or may
corroborate evidence from other sources. Confirmation is the response to inquiry to corroborate
information contained in financial statements e.g. debtors circularization.
This involves checking the arithmetic accuracy of source documents and accounting records or
performing independent computations e.g. re-computing amount of provision for depreciation
and comparing this against that computed by client.
e) Analytical procedures.
This is the analysis of relationships such as between items of financial data to identify
consistency and predicted patterns or significant fluctuations, unexpected relationships and
results of investigations thereof.
Analytical procedures
1. Developing an expectation.
A variety of types of information are available to the auditor to develop an expectation for
analytical procedures including;
To increase the precision of the analytical procedures, separate relationships may be computed
for each department or product line. Industrial average‘s provide a potentially rich source of
information in developing expectation for analytical procedures, since industry statistics may
alert auditors to classification error, improper application of accounting principles or other
www.masomomsingi.co.ke Contact: 0728 776 317 Page 145
AUDITING AND ASSURANCE
a) Trend analysis. This includes review of changes in an account balance over time e.g.
review of clients sales for the past six years may reveal a growth rate of 5%. This
information could assist auditor in developing an expectation of sales for the current
year.
b) Ratio analysis. This involves comparison of relationships between two or more
financial statement account balances or comparisons of an account balance to non
financial data e.g. revenue per sale order. The typical financial ratios are liquidity,
profitability, leverage and activity ratios.
Because ratio analysis involves examination relationships between two or more variables and
may involve industrial data, it is often a richer analysis than trend analysis. There are two basic
approaches to ratio analysis;
Horizontal analysis. This involves review of client‘s ratios and trends over time
Cross sectional analysis. This involves comparisons of ratios of similar firms at a given
point in time.
The amount of acceptable difference between the expectation and the financial statements
balance that can be accepted without investigation is determined primarily by the amount that is
considered to be a material misstatement However; this amount must be consistent with the
degree of assurance from the procedure. When trend or ratio analysis is used, the auditor
typically uses professional judgment to specify an absolute amount of difference or percentage
difference that will result into investigation.
3. Comparison of the account balance or ratio with the expected balance or ratio.
Once the auditor has determined the expectation and amount of acceptable difference, he
makes the actual comparison to determine where significant difference lies.
ISAs require the application of analytical procedures at the planning and overall review stages
of the audit. The auditor may also decide to use them during the audit on substantive tests to
provide evidence as to the reasonableness of specific account balances. Analytical procedures
performed in planning the audit are used to determine the nature, timing and extent of audit
procedures that will be used to obtain evidence about specific accounts. They are also used in
understanding the client‘s business at the planning stage.
Analytical procedures must be used as part of the overall review stage of an audit to assist the
auditor in assessing the adequacy of the evidence gathered and the validity of conclusions
reached. At the final review stage of an audit, the analytical procedures generally include
reviewing the financial statements and re-computing ratios if necessary to identify any unusual
or unexpected balance or that have not been previously identified and explained.
Where the auditors are not required to use analytical procedure as substantive tests, they are
usually most efficient tests of certain assertions .e.g. performing analytical procedures is the
most efficient way to evaluate competence of various revenue and expense accounts.
Auditors must consider cost and likely effectiveness of analytical procedures in determining
how much they may be used for a particular audit A primary measure of the effectiveness of
analytical procedures is its precision. Precision depends on a number of factors including the
predictability of the relationship, the techniques used to develop the expectation and the
reliability of the underlying data used. Monthly data is more precise than yearly data.
a) Oral representations.
Throughout an audit the auditors ask many questions to the officials and employees of Client
Company. Oral inquires are made on an endless range of topics from the location of records
and document, reasons for unusual account procedures and probability of collecting overdue
accounts receivable. In making inquires, the auditor should consider the knowledge,
objectivity, experience, responsibility and qualifications of individuals being questioned and
use carefully structured questions to address relevant issues. Client replies should be carefully
evaluated as appropriate and followed up with additional questions.
Generally, oral client representations are not sufficient themselves but they may be useful in
disclosing situations that require investigation or in corroborating other forms of evidence e.g.
after making careful analysis of all accounts receivable, the auditor normally discusses with the
credit manager, the prospects of collecting specific accounts.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 147
AUDITING AND ASSURANCE
b) Written representations.
The auditor must also obtain written representations from the client in accordance with
provisions of ISA 580. At conclusion of the audit, the auditor obtains from the client a written
representation letter. This letter summarizes the most important oral representations made by
management during the audit. Many specific items are included in this representation letter e.g.
management represents that all liabilities known to exist are reflected the financial statements.
The representations generally fall into the following broad categories;
All accounting records, financial data and minutes of director‘s meetings have been
made available to the auditor.
The financial statements are complete and were prepared in conformity with generally
accepted accounting principles.
Management believes that adjusting entries brought to the attention by the auditor and
not recorded are not material individually or collectively.
All items requiring disclosures such as contingencies, illegal acts and related parties
transactions have been properly disclosed.
ISA 580 requires the auditor to obtain representations letter on every engagement and provide
suggestions as to its form, content and guidance on how it is to be used as audit evidence and
actions to be taken if client refuses to provide representations. These letters are dated as of the
date of the auditor‘s report ordinarily the last day of field work and are usually signed by both
the client chief executive officer and the chief accountant. A client representations letter should
never be used as a substitute for performing other audit procedures. The financial statements
already constitute written representations by the client hence representation letter does little
more than assert that the original representations were correct.
To remind the client‘s directors of their primary responsibilities for the financial
statements.
Documents in the audit working papers, client responses to the significant questions
asked by the auditor during the engagement.
At times a representation letter may be the only evidence available in respect to
management future intentions e.g. whether a maturing debt is classified as a current or
long term liability will depend on whether management has both the ability and intent
to refinance the debt.
Management may be unwilling to sign letters of representation or pass minutes required by the
auditor. If management declines, the auditor should inform the management that he will himself
prepare a statement in writing setting out his understanding of any representations that they
have been made during the course of the audit and send this statements to management with a
request for confirmation that the auditor‘s understanding of the representations is correct.
In rare circumstances, the auditor may be completely unable to obtain written representations
which he requires e.g. because of the refusal by management to cooperate or because
management declines to give proper representations required on the ground of its own
uncertainty regarding that particular issue. In such circumstances, the auditor may have to
conclude that he has not received all information and explanations required and consequently
may need to consider qualification his audit report an ground of limitation in scope of the
audit.
Objective
The objective of the auditor, when using audit sampling, is to provide a reasonable basis for
the auditor to draw conclusions about the population from which the sample is selected.
Definitions
For purposes of the ISAs, the following terms have the meanings attributed below:
a) Audit sampling (sampling) – The application of audit procedures to less than 100% of
items within a population of audit relevance such that all sampling units have a chance of
selection in order to provide the auditor with a reasonable basis on which to draw
conclusions about the entire population.
b) Population – The entire set of data from which a sample is selected and about which the
auditor wishes to draw conclusions.
c) Sampling risk – The risk that the auditor‘s conclusion based on a sample may be
different from the conclusion if the entire population were subjected to the same audit
procedure. Sampling risk can lead to two types of erroneous conclusions:
i. In the case of a test of controls, that controls are more effective than they actually
are, or in the case of a test of details, that a material misstatement does not exist
when in fact it does. The auditor is primarily concerned with this type of erroneous
conclusion because it affects audit effectiveness and is more likely to lead to an
inappropriate audit opinion.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 149
AUDITING AND ASSURANCE
ii. In the case of a test of controls, that controls are less effective than they actually
are, or in the case of a test of details, that a material misstatement ISA 500, ―Audit
Evidence.‖ exists when in fact it does not. This type of erroneous conclusion affects
audit efficiency as it would usually lead to additional work to establish that initial
conclusions were incorrect.
d) Non-sampling risk – The risk that the auditor reaches an erroneous conclusion for any
reason not related to sampling risk.
A sampling approach that does not have characteristics (i) and (ii) is considered non-
statistical sampling
i) Tolerable misstatement – A monetary amount set by the auditor in respect of which the
auditor seeks to obtain an appropriate level of assurance that the monetary amount set by
the auditor is not exceeded by the actual misstatement in the population.
i. A complete check for all transactions and balances a business is no longer possible
owing to the numerous numbers of transactions.
ii. Time factor. Examining all the transactions will take a lot of time. The cost of doing this
will be prohibitive because audit fees are largely based on amount of time spent on
assignment. Also a complete check will take so long that the accounts will be ancient
history before users saw them.
iii. The objective of an audit is to express an opinion as to whether the financial statements
show a true and a fair view. It is possible for the auditor to obtain the assurance without
www.masomomsingi.co.ke Contact: 0728 776 317 Page 150
AUDITING AND ASSURANCE
examining all transactions. The use of sampling with properly set out objectives and
properly constructed tests allows more valid conclusions to be reached than when many
transactions as possible are tested. This is because detailed testing is done on a sample.
iv. A complete check would bore the audit staff so much that their work would become
ineffective and errors would remain unidentified.
When planning how to carry out sampling, the auditor considers the following:
i. Objectives of tests and combinations of audit procedures which are likely to achieve the
objectives e.g. objective to verify compliance of the debtors balances.
ii. The population and sampling units should be appropriate to the objectives of sampling
e.g. if auditors objective is to test overstatement of debtors, an appropriate population
would be a list of total debtors.
iii. Definition of errors is substantive testing and deviation in compliance testing. Before
performing testing on a chosen sample, the auditor should define clearly test results and
conditions that will be considered errors or deviations by reference to audit objective.
For substantive testing, the auditor should project errors found in the sample to
population and consider the effect of projected errors on a particular test objective.
The auditor needs to determine the appropriate size of the sample on which audit procedures
will be applied. Sample size is determined by;
i. The tolerable error. The larger the tolerable error, the smaller the sample size
required for a given test.
ii. Auditor‘s assessment of the inherent risk. The higher the assessment of inherent
risk, the larger the sample size is required. Higher inherent risk implies that there is
a greater risk of an account balance being misstated and this may be reduced by
testing a larger sample.
iii. Auditor‘s assessment of control risk. A higher control risk implies that little reliance
can be placed on effectiveness of operations of internal controls and the sample size
needs to be increased.
iv. Auditor‘s required confidence level. The greater the degree of confidence level the
auditor requires, the larger the sample size needs to be so that the results of the
sample are in fact representative of the actual amount of error in the population.
i. Random sampling. This is done by use of random number tables or use computers to
select sampling units
ii. Systematic selection. In this type of sampling, units in the population are divided by the
sample size to give sampling intervals e.g. if the population to be sample has 600 items
and sample size is 50, the sampling interval will be 12. One of the first 12 items will be
selected as the starting point and thereafter, every twelfth item will be selected i.e. if the
first item selected is third item, every 15th, 27 th, 39 th and so on items will be picked.
However, the auditor needs to determine that sampling units within the population are
not structured in a way that sampling intervals corresponds to a particular pattern in the
population.
iii. Haphazard selection. The auditor selects a sample without following structured
techniques. The auditor should avoid conscious bias and predictability in selecting
items in attempt to ensure that all items in the population have a chance of being
selected. This technique is not suitable for statistical sampling.
iv. Block selection. This involves selecting a group of continuous items within the
population e.g. all sales transactions for August. Block sampling cannot be ordinarily
used in audit sampling because most populations are structured such that items in a
sequence can be expected to have similar characteristics therefore the sample selected
may not be representative of the population.
d) Testing.
After selecting the sample items the auditor should carry out the predetermined test on each
item.
a) Judgmental sampling
This is also called non-statistical sampling. It involves using experience and knowledge of
client‘s business and circumstances to select and taste a sample without using any
mathematical of or statistical tools. The auditor does not rely on probability theory and uses
judgment in making sampling decisions.
i. Unscientific. The approach does not form a strong basis of defense. It is difficult to
justify why the auditor selected some items and left out others.
ii. Wasteful as large simples need to be selected. This is because in effort to reduce the
sampling risk, the auditor attempts to select as many items as possible as opposed to
statistical sampling where sample size is determined using probability theory.
iii. Samples may not be representative of the population and thus results cannot be
projected to the population.
iv. There is danger of personal bias in selecting samples.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 153
AUDITING AND ASSURANCE
b) Statistical sampling.
This involves two steps;
i. Use of random selection to pick a sample.
ii. Use of probability theory to determine the sample size, evaluate quantitatively the
sample results and measure sampling risk. Statistical sampling differs from non
statistical sampling in that the auditor uses probability theory to measure the
sampling risk and evaluate the sample results.
i. The number of clients to whom a technique as appropriate. This is because the set
up and training costs are high.
ii. Whether large population exists. Statistics is the science of large numbers. Where
organizations are small with few transactions, a statistical approach is inappropriate.
iii. Adequate controls must exist where they are no controls it is impossible to use
statistical techniques because of increased statistical errors
iv. The population being tested must be homogenous.
v. Sampling units must be separately identifiable and therefore sequential numbering
is essential.
vi. The expectation of the error must be low i.e. the internal control system of
organization must be reliable.
vii. The risk factors. The level of risk allowable and the degree of risk attached to an
item being tested must be considered.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 154
AUDITING AND ASSURANCE
Sampling methods
1. Estimation sampling for variables.
2. Estimation sampling for attributes.
3. Acceptance sampling.
4. Discovery sampling
This method seeks the estimate the total value of some population e.g. total value of debtors,
stock or loose tools. The procedure is to extrapolate estimate or form an opinion using the
facts that are valid for one situation (sample) supposing that they will be valid in the new
situation. This estimate can be compared with the book value and if any difference is within
the materiality limits pre-established, the auditor has evidence for the book value of the item.
This method seeks to estimate the proportion of a population having particular characteristic
e.g. overdue debts or damaged inventory.
3. Acceptance sampling
This method seeks to discover the error rate in a population to determine a maximum error
rate.
Its uses include;
i. Whether a control can be relied upon. If non compliance is greater than the
acceptable rate, the control will not be relied upon and other audit tests will have to
be applied.
ii. Used to test whether stock calculation can be relied upon. If the error rate is greater
than some acceptable proportion, the auditor will have to request the client to redo
the calculations.
4. Discovery sampling
This method extends acceptance sampling to an acceptance level of zero. E.g. a system with
controls exists in an investment trust company to ensure that all bonus issues are recorded.
Even if one bonus has not been recorded, the auditor will be unable to accept the controls and
www.masomomsingi.co.ke Contact: 0728 776 317 Page 155
AUDITING AND ASSURANCE
will have to seek other evidence. This method requires a large sample. A form of discovery
sampling is monetary unit sampling.
Monetary unit sampling is appropriate for use with large variance population e.g. debtors or
stock where individual units have widely different sizes or values. This method is suited to a
population where errors are not expected and it implicitly takes into account the auditor‟ s
concept of materiality.
i. Does not cope easily with errors of understatement. A debtors balance which is
understated will have a smaller chance of being selected than if it was correctly
valued hence there is a reduced chance of selecting that balance and discovering the
error.
ii. It can be difficult to select samples where a computer cannot be used e.g. where the
accounting system of an organization is manual. Manual selection will involve
adding items cumulatively through the entire population which is very tiring.
iii. It is not possible to extend a sample if the error rate turns out to be higher than the
expected error. In such cases an entirely new sample must be selected and
evaluated.
iv. Monetary unit sampling is useful especially in testing for overstatements where
significant understatements are not expected i.e. when dealing with debtors, fixed
assets and stock it is clearly not suitable for testing creditors where understatement
is the primary characteristic to be tested.
AUDIT TESTING
Tests of Controls
The auditor's understanding of internal controls is used to assess control risk for each
transaction-related audit objective;
Substantive Tests are procedures designed to test for dollar misstatements that directly affect the
correctness of financial statement balances; Substantive tests of transactions are used to
determine whether all six transaction related audit objectives have been satisfied for each class
of transactions
Analytical Procedures
Focus on the ending general ledger balances for both balance sheet and income statement
accounts; emphasis is mostly on the balance sheet; help establish the monetary correctness of
the accounts they relate to and therefore are substantive test; the extent of these tests depends
on the results of tests of controls, substantive tests of transactions, and substantive analytical
procedures
Tangible non-current assets, is a key area of the statement of financial position. Key areas
when testing tangible non-current assets are:
i. Confirmation of ownership
ii. Inspection of non-current assets
iii. - Valuation by third parties
iv. Adequacy of depreciation rates
Assertion: Completeness
Existence
Confirm that the company physically inspects all items in the non-current asset register
each year.
Inspect assets, concentrating on high value items and additions in-year.
Confirm that items inspected:
Exist
Are in use
Are good condition
Have correct serial numbers
Review records of income-yielding assets.
Reconcile opening and closing vehicles by numbers as well as amounts.
Valuation
Additions
These tests are to confirm rights and obligations, valuation and completeness.
- Verify additions by inspection of architects' certificates, solicitors' completion
statements, suppliers' invoices etc.
- Review capitalisation of expenditure by examining for non-current assets additions and
items in relevant expense categories (repairs, motor expenses, sundry expenses) to
ensure that:
- Capital/revenue distinction is correctly drawn
- Capitalisation is in line with consistently applied company policy
- Inspect non-current asset accounts for a sample of purchases to ensure they have been
properly allocated.
- Check purchases have been authorised by directors/senior management by reviewing
board minutes.
- Ensure that appropriate claims have been made for grants, and grants received and
receivable have been received, by inspecting claims documentations and bank
statements.
- Check additions have been recorded by scrutinising the non-current asset register and
general ledger.
Disposal
These tests are to confirni rights and Obligations, completeness, occurrence and accuracy.
- Verify disposals with supporting documentation,, checking transfer of title, sales
price and dates of completion and payment.
- Recalculate profit or loss on disposal.
- Check that disposals have been authorised by reviewing boards minutes.
- Consider whether proceeds are reasonable.
- If the asset was used as security, ensure release from security has been correctly
made.
- Review non-current asset disclosures in-the financial statements to ensure they meet
lAS 16 criteria.
- For a sample of fully depreciated assets, inspect the register to ensure no further
depreciation is Charged.
- Inspect draft accounts to ensure that depreciation policies and rates are correctly
disclosed
Key assertions for intangible non-current assets are existence and valuation.
The key assertions relating to intangible are existence (not so much 'do they exist`?', hut, are
they genuinely assets?) and valuation.
AUDIT PLAN
Goodwill
- Agree the consideration to sales agreement by inspection.
- Consider whether asset valuation is reasonable.
- Agree that the calculation is correct by recalculation.
- Review the impairment review and discuss with management.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 162
AUDITING AND ASSURANCE
AUDIT OF RECEIVABLES
Receivables are usually audited using a combination of tests of detail and analytical
procedures.
The audit of receivables is important as this is likely to be a material area: A combination of
analytical procedures and tests of detail are used, with sales also being tested in conjunction
with trade receivables.
- Occurrence: All sales transactions recorded have occurred and relate to the entity
- Completeness: All sales transactions that should have been recorded have been
recorded
- Accuracy: Amounts relating to transactions have been recorded appropriately
- Cut-off: All transactions have been recorded in the correct period
- Classification: All transactions are recorded properly
- Occurrence, rights and obligations: All disclosed events and transactions relating to
receivables have occurred and pertain to the entity
- Completeness: All disclosures required have been included
- classification and understandability: Financial information is appropriately presented
and described and I disclosures clearly expressed
- Accuracy and valuation: Financial and other information is disclosed fairly and at
appropriate amounts
Existence, completeness and valuation are key assertions relating to the audit of receivables.
Audit procedures for receivables are set out in the table below. This covers the audit of sales
and prepayments as well as trade receivables. Receivables are often tested in conjunction with
sales. The key assertions for sales are occurrence, completeness and accuracy.
Completeness
- Agree the balance from the individual sales ledger accounts to the aged receivables'
listing and vice versa.
- Match the total of the aged receivables' listing to the sales ledger control account.
- Cast and cross cast the aged trial balance before selecting any samples to test.
- Trace a sample of shipping documentation to sales invoices and into the sales and
receivables' ledger.
- Complete the disclosure checklist to ensure that all the disclosures relevant to
receivables have been made
- Compare the gross profit percent by product line with the previous year and industry
data.
- Compare the level of prepayments to the previous year to ensure the figure is materially
correct and complete.
Existence
- Inquire from management explanations for invoices remaining unpaid after subsequent
ones have been paid.
- Observe whether the balance on the account is growing and if so, find out why by
discussing with management.
Cut off
- For a sample of sales invoices around the year-end, inspect the dates and compare with-
the dates of dispatch and the dates recorded in ledger for application of correct cut-off.
- For sales returns, select a sample of returns documentation around the year-end and
trace to the related credit entries.
- Perform analytical procedures on sales returns, comparing the ratio of sales returns to
sales. Review material after-date invoices, credit notes and adjustments' ensure that
they are recorded correctly in the relevant financial period
Classification
Take a sample of sales invokes and examine for proper classification into revenue accounts
Accuracy
- For a sample of sales invoices, compare the prices and terms to the authorised price list
and terms of trade documentation
www.masomomsingi.co.ke Contact: 0728 776 317 Page 165
AUDITING AND ASSURANCE
- Test whether discounts have been properly applied by recalculating them for a sample
of invoices
- Test the correct calculation of tax on a sample of invoices
Occurrence
For a sample of sales transactions recorded in the ledger, vouch the sales invoice back to
customer orders and dispatch documentation.
Objectives of confirmation
Part of ISA 505 External Confirmation states that, when it is reasonable to expect customers to
respond, the auditors should ordinarily plan to obtain direct confirmation of receivables to
individual entries in an account balance.
The verification of trade receivables by direct confirmation is therefore the normal means of
providing audit evidence to -satisfy the objective of checking whether customers exist and
owe bona fide amounts to the company (existence and rights and obligations).
Confirmation will produce for the current audit file a written statement from each respondent
that the amount owed at the date of the confirmation is correct. This is, prima facie, reliable
audit evidence, being from an independent source and in documentary form. The confirmation
www.masomomsingi.co.ke Contact: 0728 776 317 Page 166
AUDITING AND ASSURANCE
of receivables on a test basis should not be regarded as replacing other normal audit tests, such
as the testing in-depth of sales transactions, but the results may influence the scope of such
tests.
Timing of confirmation
Ideally the confirmation should take place immediately after the year-end and hence cover the
year-end balances to be included in the balance sheet. However, time constraints may make it
impossible to achieve this ideal.
In these circumstances it may be acceptable to carry out the confirmation prior to the year-end
provided that confirmation is no more than three months before, the year-end and internal
controls are strong.
Client's mandate
Confirmation is essentially an act of the client, who alone can authorise third parties to divulge
information to the auditors.
The ISA outlines what the auditors' response should be when management refuses permission
for the auditors to contact third parties for evidence. Note that this applies to all such external
confirmations, not just trade receivables' circularisations.
If management asks the auditor not to seek the confirmation, the auditor should consider if
there are valid grounds for the request and obtain evidence to support this. If the auditor-
agrees not to seek external confirmations, other procedures should be carried out to obtain
'sufficient appropriate audit evidence. If the auditor does not accept the validity of
management's request and is prevented from undertaking the confirmations, this may impact
on the auditor's report.
Under the positive method the customer is requested to confirm the accuracy of the balance
shown or state in., what respect he is in disagreement..
Under the negative method the customer is requested to reply only if the amount stated is
disputed.
The positive method is generally preferable as it is designed to encourage definite replies from
those contacted.
The negative method may be used if the client has good internal controls, with a large number
of small accounts. In some circumstances, say where there are a small number of large
accounts and a large number of small accounts, a combination of both methods may be
appropriate.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 167
AUDITING AND ASSURANCE
The statements will normally be prepared by the client's staff, from which point the auditors,
as a safeguard against the possibility of fraudulent manipulation, must maintain strict control
over the preparation and dispatch of the statements.
Sample Selection
Auditors will normally only contact a sample of accounts receivable. If this sample is to yield a
meaningful result, it must be based upon a complete list of all accounts receivable. In addition,
when constructing the sample, the following classes of account should receive special
attention:
- Old unpaid accounts
- Accounts written off during the period under review
- Accounts with credit balances
- Accounts settled by -round sum payments
- Accounts with nil balances
- Accounts which have been paid by the date of the examination
Follow-up procedures
Auditors will have to carry out further work in relation to those receivable who:
- Positive and negative confirmation - Disagree with the balance stated
- Negative confirmation — Do not respond
In the case of disagreements, the customer response should have identified specific amounts
which are disputed
When the positive confirmation method is used the auditors must follow up by all practicable
means those receivables who fail to respond. Second requests should be sent out in the event of
no reply being received within two or three weeks and if necessary this may be followed by
telephoning the customer, with the client's permission.
After two, or even three, attempts to obtain confirmation, a list of the outstanding items will
normally be passed to a responsible company official, preferably independent of the sales
accounting department, who will arrange for them to be investigated
The receivables' confirmation provides good audit evidence of the existence of receivables,
but not necessarily of their valuation. Therefore, in a question on the audit of receivables,
remember to include other audit procedures such as analytical procedures.
'Cash' in the financial statements represents cash in-hand and cash on deposit in bank accounts.
Most accounting transactions pass through the cash account so cash is affected by all of the
entity's business processes, and is particularly impacted by the sales and purchases processes.
We consider the substantive audit testing applied to the year-end cash figure.
BANK
Bank balances are usually confirmed directly with the bank in question.
This type of audit evidence is valuable because it comes directly from an independent source
and; therefore, provides greater assurance of reliability than that obtained solely from the
client's own records.
The-bank letter is mentioned as a source of external third party evidence in ISA 505 .External
Confirmations and guidance to auditors is provided in ZAPS 1000 Inter-bank confirmation
procedures.
Confirmation requests
The bank confirmation letter can be used to ask a variety of questions, including queries about
outstanding interests, contingent liabilities and guarantees.
The auditors should decide from which bank or banks to request confirmation, having regard
to such matters as size of balance, volume of activity, degree of reliance on internal control,
and materiality within the context of the financial statements.
The auditors should determine which of the following approaches is the most appropriate in
seeking confirmation of balances or other information from the bank:
- Listing balances and other information, and requesting confirmation of their accuracy
and completeness, or
- Requesting details of balances and other information, which can then be compared with
the requesting client's records
In determining which of the above approaches is the most appropriate, the auditors should
weigh the quality of audit evidence they require in the particular circumstances against the
practicality of obtaining a reply from the confirming bank.
Difficulty may be encountered in obtaining a satisfactory response even where the client
company submits information for confirmation to the confirming bank. It is important that a
www.masomomsingi.co.ke Contact: 0728 776 317 Page 170
AUDITING AND ASSURANCE
response is sought for all confirmation requests. Auditors should not usually request a
response only if the information submitted is incorrect or incomplete.
The most commonly requested information is in respect of balances due to or from the client
entity on current, deposit, loan and other accounts. The request letter should provide the
account description number and the type of currency for the account.
It may also be advisable to request information about nil balances on accounts, and accounts
which were closed in the 12 months prior to the chosen confirmation date. The client entity
may ask for confirmation not only of the balances on accounts but also, where it may be
helpful, other information, such as the maturity and interest terms on loans and overdrafts,
unused facilities, lines of credit/standby facilities, any offset or other rights or encumbrances,
and details of any collateral given or received.
The client entity and its auditors are likely to request confirmation of contingent liabilities,
such as those arising on guarantees, comfort letter, bills and so on.
Banks often hold securities and other items in safe custody on behalf of customers. A request
letter may thus ask for confirmation of such items held by the bank. The procedure is simple
but important, and outlined below.
a. The banks will require explicit written authority from their client to disclose the
information requested.
b. The auditors' request must refer to the client's letter of authority and the date thereof.
c. Alternatively it may be countersigned by the client or it may be accompanied by a
specific letter of authority.
d. In the case of joint accounts, letters to authority signed by all parties will be necessary.
e. Such letters of authority may either give permission to the bank to disclose
information for a .specific request or grant permission for an indeterminate length of
time.
f. The request should reach the branch manager at least one month in advance of the
client's year
g. The auditors should themselves check that the bank response covers all the
information in the standard and other responses.
Cut-off
Care must be taken to ensure that there is no window dressing, by auditing cut-off carefully.
Window dressing in this context is usually manifested as an attempt to overstate the liquidity
of the company by:
a. Keeping the cashbook open to take credit for remittances actually received after the
year-end, thus enhancing the balance at bank and reducing receivables
b. Recording cheques paid in the period under -review which are not actually dispatched
until after the year-cud, thus decreasing the balance at bank and reducing liabilities
A combination of (a) and (b) can contrive to present an artificially healthy looking current
ratio.
With the possibility of (a) above in mind, where lodgments have not been cleared by the bank
until the new period, the auditors should examine the paying-in slip to ensure that the amounts
were actually paid into the bank on or before the period-end date.
As regards (b) above, where there appears to be a particularly large number of outstanding
cheques at the year-end, the auditors should check whether these were cleared within a
reasonable time in the new period. If not, this may indicate that dispatch occurred after the
year-end.
- Verify the bank balances with reply to standard bank letter and with the bank statements.
inspect the cash book and bank statements before and after the year-end for exceptional
entries or transfers which have a material effect on the balance shown to be in-hand.
- Identify whether any accounts are secured on the assets of the company by discussion
with management.
- Consider whether there is a legal right of set-off of overdrafts against positive bank
balances.
- Determine whether the bank accounts are subject to any restrictions by inquiries with
management.
- Review draft accounts to ensure that disclosures for bank are complete and accurate and
in accordance with accounting standards.
Remember that the bank confirmation letter contains the balance held by the client at the bank
per the bank's records. This must be reconciled to the balance held with the bank per the client's
records.
CASH
Cash balances should be verified if they are material or irregularities are suspected. Cash
balances/floats are often individually immaterial but they may require some audit emphasis
because of the opportunities for fraud that could exist where internal control is weak and
because they may be material in total.
However in enterprises such as hotels and retail organisations, the amount of cash-in-hand at
the period- end could be considerable. Cash counts may be important for internal auditors,
who have a role in fraud prevention.
Auditors will be concerned that the cash exists, is complete, and belongs to the company
(rights and obligations) and is stated at the correct value.
Where the auditors determine that cash balances are potentially material they may conduct a
cash count, ideally at the period-end. Rather like attendance at an inventory count, the conduct
of the count falls into three phases: planning, the count itself, and follow-up procedures.
As part of their planning procedures the auditors will need to determine the locations where
cash is held and which of these locations warrant a count.
Planning decisions will need to be recorded on the current audit file including:
- The precise time of the count(s) and location(s)
- The names of the audit staff conducting the counts
- The names of the client staff intending to be present at each location
www.masomomsingi.co.ke Contact: 0728 776 317 Page 173
AUDITING AND ASSURANCE
- Where a location is not visited it may be appropriate to obtain a letter from the client
confirming the balance.
Cash count
The following matters apply to the count itself.
- All cash/petty cash books should be written up to date in ink (or other permanent form)
at the time of-the count.
- All balances must be counted at the same time.
- All negotiable securities must be available and counted at the time the cash balances are
counted.
- At no time should the auditors be left alone with the cash and negotiable securities.
- All cash and securities counted must be recorded on working papers subsequently filed
on the current audit file. Reconciliations should be prepared where applicable (for
example, imprest petty cash float).
Follow up
• Check certificates of cash-in-hand are obtained as appropriate.
• Verify unbanked cheques/cash receipts have subsequently been paid in and agree to the
bank reconciliation by inspection of the relevant documentation.
- Ensure IOUs and cheques cashed for employees have been reimbursed,.
- Check IOUs or cashed cheques outstanding for unreasonable periods of time have been
provided for.
- Verify the balances as counted are reflected in the accounts (subject to any agreed
amendments because of shortages and so on) by inspection of draft accounts.
Bank balances are usually confirmed directly with the bank in question.
The bank confirmation letter can be used to ask a variety of questions, including queries about
outstanding interests, contingent liabilities and guarantees.
Cash balances should be verified if they are material or irregularities are suspected.
Introduction
When auditing payables, the auditor must test for understatement (i.e. completeness). Rather
than circularising payables, it is more common to obtain audit evidence from suppliers'
statements.
The audit of provisions can be particularly complex due to the accounting treatment and the
degree of judgement involved in calculating the provision.
We examine the substantive audit of trade payables and accruals, long-term liabilities and
provisions and end with a brief look at capital. Purchases are often tested in conjunction with
the audit of trade payables and so are included in the section on trade payables. The following
sets out the financial statement assertions to which audit testing is directed.
AUDIT PROCEDURES
As with accounts receivable, accounts payable are likely to be a material figure in the
statement of financial position of most enterprises.
Auditors should however be particularly aware, when conducting their work on the statement
of financial position, of the possibility of understatement of liabilities to improve liquidity and
profit (by understating the corresponding purchases). The primary objective of their work will
therefore be to ascertain whether liabilities existing at the year-end have been completely and
accurately recorded.
As regards trade accounts payable, this primary objective can be subdivided into two detailed
objectives is there a satisfactory cut-off between goods received and invoices received, so that
purchases and trade accounts payable are recognised in the correct year?
Do trade accounts payable represent the bona fide amounts due by the company?
Before we ascertain how the auditors design and conduct their tests with these objectives in
mind, we need to establish the importance of the list of balances.
The following table sets out audit procedures to test trade accounts payables and accruals.
Completeness
• Obtain a listing of trade accounts payables and agree the total to the general ledger by
casting and cross casting.
• Test for unrecorded liabilities by inquiries of management on how unrecorded liabilities
and accruals arc identified and examining post year-end transactions.
• Obtain selected suppliers' statements and reconcile these to the relevant suppliers'
accounts.
• Examine files of unmatched purchase orders and supplier invoices for any unrecorded
liabilities. Perform a confirmation. of accounts payables for a sample
• Complete the disclosure checklist to ensure that all the disclosures relevant to liabilities
have been made.
• Compare the current year balances for trade accounts payables and accruals to the
previous year.
• Compare the amounts owed to a sample of individual suppliers in the trade accounts
payables listing to amounts owed to these suppliers in the previous year.
• Compare the payables' turnover and payables' days to the previous year and industry
data.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 176
AUDITING AND ASSURANCE
Existence
• Vouch selected amounts from the trade accounts payables listing and accruals listing to
supporting documentation such as purchase orders and suppliers' invoices.
• Obtain selected suppliers' statements and reconcile these to the relevant suppliers'
accounts.
• Perform a confirmation of accounts payables for a sample.
• Perform analytical procedures comparing current year balances to the previous year to
confirm reasonableness, and also calculating payables' turnover and comparing to the
previous year. Rights and obligations
• Vouch a sample of balances to supporting documentation such as purchase orders and
suppliers' invoices to obtain audit evidence regarding rights and obligations.
Cut-off
For a sample of vouchers, compare the dates with the dates they were recorded in the
ledger for application of correct cut-off.
• Test transactions around the year-end to determine whether amounts have been
recognised in the correct financial period.
• Perform analytical procedures on purchase returns, comparing the purchase returns as a
% of sales or cost of sales to the previous year.
Accuracy
Recalculate the mathematical accuracy of a sample of suppliers' invoices to confirm the
amounts are correct.
Occurrence
For a sample of vouchers, inspect supporting documentation such as authorised purchase
orders.
It is also possible to undertake confirmation of trade payables, although this is not used a great
deal in practice because the auditor can test trade payables by examining reliable, independent
evidence in the form of suppliers' invoices and suppliers' statements. However, where an
entity's internal controls are weak, suppliers' statements may not be available and in this
situation, it may be relevant to undertake confirmation procedures. Confirmation of trade
payables provides evidence primarily for the completeness assertion.
Where the entity has strong controls in place to ensure that all liabilities are recorded, the
confirmation will focus on large balances.
Where the auditor is concerned about the presence of unrecorded liabilities, regular suppliers
with small or zero balances on their accounts and a sample of other accounts will be confirmed
as well as large balances.
The selection and sending out of accounts payables' confirmations should be controlled using
the same procedures as for the receivables' confirmation that we discussed previously.
Reconciliations of accounts payables with suppliers' statements
Many suppliers provide monthly statements to their customers. These may therefore be
available in the entity for examination. Because-they are a source of documentary evidence
originating outside of the entity, they are a reliable source of evidence to support suppliers'
balances and provide evidence as to the existence, completeness and valuation of balances.
Having said this, auditors do still need to be cautious when using them as they may have been
tampered with by the entity. The auditor should not rely on photocopies or faxed statements. If
www.masomomsingi.co.ke Contact: 0728 776 317 Page 178
AUDITING AND ASSURANCE
there is any doubt; the auditor should request a copy directly from the supplier or confirm the
balance with the supplier (see above).
When selecting accounts for testing, the auditor should consider the volume of business during
the year; riot the balance outstanding at the year-end, because the risk is understatement of
balances. Most differences between balances on suppliers' statements and the year-end accounts
payables' listing are likely to be due to goods and cash-in-transit and disputed amounts, however
all differences need to be investigated thoroughly.
Non-current liabilities are usually authorised by the board and should be well documented. We
are concerned here with non-current liabilities comprising debentures, loan inventory and other
loans repayable at a date more than one year after the year-end.
Accuracy: whether interest payable has been calculated correctly and in the correct
accounting period
Classification and understandability: whether long-term loans and interest have been
correctly disclosed in the financial statements
The major complication for the auditors is that debenture and loan agreements frequently
contain conditions with which the company must comply, including restrictions on the
company's total borrowings and adherence with specific borrowing ratios.
- Verify interest charged for the period and the adequacy of accrued interest..
- Confirm assets charged have been entered in the register of charges and notified to the
Registrar.
• Review restrictive covenants and provisions relating to default:
• Review any correspondence relating to the loan
• Review confirmation replies for non-compliance
• If a default appears to exist, determine its effect, and schedule findings
• Review minutes, cash book to confirm that all loans have been recorded.
- Review draft accounts to ensure that disclosures for non-current liabilities are correct
and in accordance with accounting standards. Any elements repayable within one year
should be classified under current liabilities.
AUDIT OF CONTINGENCIES
The accounting treatments for provisions and contingencies are complex and involve
judgement and this can make them difficult to audit.
Accounting issues
Key terms
A provision is a liability of uncertain timing or amount.
A liability is a present obligation of the entity arising from past events, the settlement of which
is expected to result in an outflow from the entity of resources embodying economic benefits.
An obligating event is an event that creates a legal or constructive obligation that results in an
entity having no realistic alternative to settling that obligation.
A contingent asset is a possible asset that arises from past events and whose existence will be
Confirmed only by the occurrence or non-occurrence of one or more uncertain future events
not . wholly within the control of the entity.
Under LAS 37 Provisions, contingent liabilities and contingent assets, an entity should not
recognise a contingent-asset or a contingent liability. However if it becomes probable that an
outflow of future economic benefits will be required for a previous contingent liability, a
provision should be recognised.
A contingent asset should not be accounted for unless its realisation is virtually certain; if an
inflow of economic benefits has become probable, the asset should be disclosed.
The auditor should carry out procedures in order to become aware of any litigation and claims
involving the entity which may have a material effect on the financial statements. Such
procedures would include the following.
• Make appropriate inquiries of management including obtaining written representations.
• Review board minutes and correspondence with the entity's lawyers.
• Examine legal expense accounts.
• Use any information obtained regarding the entity's business including information
obtained from discussions with any in-house legal department
When litigation or claims have been identified or when the auditor believes they may exist, the
auditor should seek direct communication with the entity's lawyers. This will help to obtain
sufficient appropriate audit evidence as to whether potential material litigation and claims are
known and management's estimates of the financial implications, including costs, are reliable.
The ISA discusses the form the letter to the entity's lawyer should take. The letter, which should
be prepared by management and sent by the auditor, should request the lawyer to communicate
directly with the auditor.
If it is thought unlikely that the lawyer will respond to a general enquiry, the letter should
specify the following.
a) A list of litigation and claims
b) Management's assessment of the outcome of the litigation or claim and its estimate of
the financial implications, including costs involved
c) A request that the lawyer confirms the reasonableness of management's assessments
and provides the auditor with further information if the list is considered by the lawyer
to be incomplete or incorrect
The auditors must consider these matters up to the date of their report and so a further,
updating letter may be necessary.
A meeting between the auditors and the lawyer may be required, for example where a complex
matter arises, or where there is a disagreement between management and the lawyer. Such
meetings should take place only with the permission of management, and preferably with a
management representative present.
If management refuses to give the auditor permission to communicate with the lawyers; this
may have an impact on the audit opinion.
AUDIT OF PROVISIONS
Obtain a detailed analysis of all provisions showing opening balances, movements and closing
balances.
Determine for each material provision whether the company has a present obligation as a
result of past events by:
- Review of correspondence relating to the item
- Discussion with the directors. Have they created a valid expectation in other parties that
they will discharge the obligation?
www.masomomsingi.co.ke Contact: 0728 776 317 Page 182
AUDITING AND ASSURANCE
- Determine for each material provision whether it is probable that a transfer of economic
benefits will be required to settle the obligation by:
- Checking whether any payments have been made in the post year-end period in respect
of the item by reviewing after-date cash
- Review of correspondence with solicitors, banks, customers, insurance company and
suppliers both pre and post year-end
- Sending a letter to the solicitor to obtain his views (where relevant)
- Discussing the position of similar past provisions with the directors Were these
provisions eventually settled?
- Considering the likelihood of reimbursement
- Recalculate all provisions made.
- Compare the amount provided with any post year-end payments and with any amount
paid in the past for similar items.
- In the event that it is not possible to estimate the amount of the provision, check that a
contingent liability is disclosed in the accounts.
- Consider the nature of the client's business. Would you expect to see any other
provisions e.g warranties? Consider the adequacy of disclosure of provisions,
contingent assets and contingent liabilities in accordance with IAS 37.
Issue of Shares
Verify any issue of share capital or other changes during.the year with general and board
minutes.
Ensure issue or change is within the terms of the constitution, and directors possess
appropriate authority to issue shares.
Confirm that cash or other consideration has been received or receivable{s} is included as
called-up share capital not paid_
Transfer of shares
Dividends
- Agree dividends paid and proposed to authority in minute books and check calculation
with total share capital issued to ascertain whether there are any outstanding or
unclaimed dividends.
- Agree dividend payments with documentary evidence (say, the returned dividend
warrants).
- Check that dividends do not contravene the distribution provisions of the legislation.
- Check that imputed tax has been accounted for to the taxation authorities and correctly
treated in the accounts
Reserves
- Agree movements on reserves to supporting authority
- Ensure that movements on reserves do not contravene the legislation and the company's
constitution
- Confirm that the company can distinguish distributable reserves from those that are
non-distributable
- Ensure appropriate disclosures of movements on reserves are made in the company's
accounts by inspection of the financial statements.
Summary
The largest figure in current liabilities will normally be trade accounts payable which are
generally audited by comparison of suppliers' statements with purchase ledger accounts.
Non-current liabilities are usually authorised by the board and should be well documented.
The accounting treatments for provisions and contingencies are complex and involve
judgement and this can make them difficult to audit.
The main concern with share capital and reserves is that the company has complied with the
law
AUDIT OF INVENTORY
If inventory is material to the financial statements, the auditor shall obtain sufficient
appropriate audit evidence regarding the existence and condition of inventory by:
These procedures may serve as test of controls or substantive procedures depending on the
auditor's risk assessment; planned approach and the specific procedures carried out.
In addition to recording the auditor's test counts, obtaining copies of management's completed
physical inventory count records assists the auditor in performing subsequent audit procedures
to determine whether the entity's final inventory records accurately reflect actual inventory
count results.
Physical Inventory Counting Conducted Other than at the Date of the Financial Statements. For
practical reasons, the physical inventory counting may be conducted at a date, or dates, other
than the date of the financial statements. This may be done irrespective of whether management
determines inventory quantities by an annual physical inventory counting or maintains a
perpetual inventory system. In either case, the effectiveness of the design, implementation and
maintenance of controls over changes in inventory determines whether the conduct of physical
inventory counting at a date, or dates, other than the date of the financial statements is
appropriate for audit purposes. ISA 330 establishes requirements and provides guidance on
substantive procedures performed at an interim date.
Where a perpetual inventory system is maintained, management may perform physical counts
or-other tests to ascertain the reliability of inventory quantity information included in the
entity's perpetual inventory records. In some cases, management or the .auditor may identify
differences .between the perpetual inventory records and actual physical inventory quantities
on hand; this may indicate that the controls over changes in inventory are not operating
effectively.
Relevant matters for consideration when designing audit procedures to obtain audit evidence
about whether changes in inventory amounts between the count date, or dates, and the .final
inventory records are properly recorded include:
Confirmation
ISA 505 establishes requirements and provides guidance for performing external confirmation
procedures.
• Attending; or arranging for another auditor to attend, the third party's physical counting
of inventory, if practicable.
• Obtaining another auditor's report, or a service auditor's report, on the adequacy of the
third party's internal control for ensuring that inventory is properly counted and
adequately safeguarded.
• Inspecting documentation regarding inventory held by third parties, for example,
warehouse receipts.
Requesting confirmation from other parties when inventory has been pledged as
collateral.
The auditor should obtain sufficient appropriate audit evidence that the work of the expert is
adequate for the purpose of the audit.
An expert is a person possessing specialized skills, knowledge and experience in another field
other than auditing and accounting. From his experience, an auditor only has general
knowledge on matters outside his profession and is not expected to have the skills of a person
trained or qualified to work in another profession .Consequently, the auditor may need the
advice of another expert for example, a pharmacist when verifying stock in the laboratory or
lawyers in arriving at the legal interpretation of legal cases against a client.
In deciding whether to use the work of an expert the auditor should consider.
The skills and competence of the expert. The auditor should consider this by examining
the expert‘s professional qualifications, licenses or membership of an appropriate
professional body. The experience and reputation of the expert in the field in which the
auditor is seeking evidence is very important.
Objectivity and independence of the expert.. The auditor should consider whether the
expert is independent from the client. The risk of independence being impaired
increases where the expert is employed by the client. In such cases he owes his loyalty
to the client because there exists a financial relationship.
The source of the data used by the expert in arriving at his opinion. If the source of the
data can be regarded as reliable, then the auditor can reasonably use the work of the
expert as audit evidence.
The assumptions and methods used. The auditor should consider whether the methods
used by the expert in arriving at his opinion are appropriate to the circumstances. He
www.masomomsingi.co.ke Contact: 0728 776 317 Page 189
AUDITING AND ASSURANCE
Audit software
Audit software is used to interrogate a client's system. It can be either packaged, off-the-shelf
software or it can be purpose written to work on a client's system. The main advantage of these
programs is that they can be used to scrutinize large volumes of data, which it would be
inefficient to do manually. The programs can then present the results so that they can be
investigated further.
These procedures can simplify the auditor's task by selecting samples for testing, identifying
risk areas and by performing certain substantive procedures. The software does not, however,
replace the need for the auditor's own procedures.
Test data
Test data involves the auditor submitting 'dummy' data into the client's system to ensure that
the system correctly processes it and that it prevents or detects and corrects misstatements.
The objective of this is to test the operation of application controls within the system.
To be successful test data should include both data with errors built into it and data without
errors. Examples of errors include:
Data maybe processed during a normal operational cycle ('live' test data) or during a special
run at a point in time outside the normal operational cycle ('dead' test data). Both has their
advantages and disadvantages:
Live tests could interfere with the operation of the system or corrupt master
files/standing data;
Dead testing avoids this scenario but only gives assurance that the system works when
not operating live. This may not be reflective of the strains the system is put under in
normal conditions.
Advantages of CAATs
Independently access the data stored on a computer system without dependence on the
client;
Test the reliability of client software, i.e. the IT application controls (the results of
which can then be used to assess control risk and design further audit procedures);
Increase the accuracy of audit tests; and
Perform audit tests more efficiently, which in the long-term will result in a more cost
effective audit.
Disadvantages of CAATs
CAATs can be expensive and time consuming to set up, the software must either be
purchased or designed (in which case specialist IT staff will be needed);
Client permission and cooperation may be difficult to obtain;
Potential incompatibility with the client's computer system;
The audit team may not have sufficient IT skills and knowledge to create the complex
data extracts and programming required;
The audit team may not have the knowledge or training needed to understand the
results of the CAATs; and
Data may be corrupted or lost during the application of CAATs.
Other techniques
There are other forms of CAAT that are becoming increasingly common as computer
technology develops, although the cost and sophistication involved currently limits their use to
the larger accountancy firms with greater resources. These include:
Integrated test facilities - this involves the creation of dummy ledgers and records to which test
data can be sent. This enables more frequent and efficient test data procedures to be performed
live and the information can simply be ignored by the client when printing out their internal
records; and
Embedded audit software - this requires a purpose written audit program to be embedded into
the client's accounting system. The program will be designed to perform certain tasks (similar
to audit software) with the advantage that it can be turned on and off at the auditor's wish
throughout the accounting year. This will allow the auditor to gather information on certain
transactions (perhaps material ones) for later testing and will also identify peculiarities that
require attention during the final audit.
TOPIC 8
Subsequent events are transactions occurring after the balance sheet date, but before the
financial statements are either issued or available to be issued.
Auditors must take steps to ensure that any such events are properly reflected in the financial
statements.
To identify any such events, a subsequent events review is carried out.
There are two types of subsequent events:
1. Adjusting event
Event after the reporting period that provides further evidence of conditions that existed
at the end of the reporting period, including events that indicates that the going concern
assumption in relation to the whole or part of the enterprise is not
2. Non-adjusting event
Events after the reporting period that are indicative of a condition that arose after the
end of the reporting period.
Example 1
You are the trainee accountant of Gabriella Enterprises Co and are preparing the financial
statements for the year-ended 30 September 2012. The financial statements are expected to be
approved in the Annual General Meeting, which is to be held on Monday 29 November 2010.
Today‘s date is 22 November 2010. You have been made aware of the following matters:
1. On 14 October 2010, a material fraud was discovered by the bookkeeper. The payables
ledger assistant had been diverting funds into a fictitious supplier bank account, set up
by the employee, which had been occurring for the past six months. The employee was
immediately dismissed, legal proceedings against the employee have been initiated and
the employee‘s final wages have been withheld as part-reimbursement back to the
company.
2. On 20 September 2010, a customer initiated legal proceedings against the company in
relation to a breach of contract. On 29 September 2010, the company‘s legal advisers
informed the directors that it was unlikely the company would be found liable;
therefore no provision has been made in the financial statements, but disclosure as a
contingent liability has been made. On 29 October 2010, the court found the company
liable on a technicality and is now required to pay damages amounting to a material
sum.
3. On 19 November 2010, a customer ceased trading due to financial difficulties owing
$2,500. As the financial statements are needed for the board meeting on 22 November
2010, you have decided that because the amount is immaterial, no adjustment is
www.masomomsingi.co.ke Contact: 0728 776 317 Page 193
AUDITING AND ASSURANCE
required. The auditors have also confirmed that this amount is immaterial to the draft
financial statements.
Required:
(a) For each of the three events above, you are required to discuss whether the financial
statements require amendment.
Answer:
When presented with such scenarios, it is important to be alert to the timing of the events in
relation to the reporting date and to consider whether the events existed at the year-end, or not.
If the conditions did exist at the year-end, the event will become an adjusting event. If the event
occurred after the year-end, it will become a non-adjusting event and may simply require
disclosure within the financial statements.
1. Fraud
Clearly the fraud committed by the payables ledger clerk has been ongoing during, and beyond
the financial year. Fraud, error and other irregularities that occur prior to the year-end date – but
which are only discovered after the year-end – are adjusting items, and therefore the financial
statements would require amendment to take account of the fraudulent activity up to the year-
end.
2. Legal proceedings
At the year-end, the company had made disclosure of a contingent liability. However,
subsequent to the year-end (29 October 2010), the court found the company liable for breach
of contract. The legal proceedings were issued on 20 September 2010 (some 10 days before
the year-end). This is, therefore, evidence of conditions that existed at the year-end. IAS 10
requires the result of a court case after the reporting date to be taken into consideration to
determine whether a provision should be recognised in accordance with IAS 37, Provisions,
Contingent Liabilities and Contingent Assets at the year-end. In this case, the financial
statements will require adjusting because:
3. Loss of customer
A customer ceasing to trade so soon after the reporting period indicates non-recoverability of a
receivable at the reporting date and therefore represents an adjusting event under IAS 10, Events
After the Reporting Period. Assets should not be carried in the statement of financial position at
any more than their recoverable amount and, therefore, an allowance for receivables should be
made.
The auditor should obtain sufficient appropriate audit evidence about whether events occurring
between the date of the financial statements and the date of the auditor's report that require
adjustment of, or disclosure in, the financial statements are appropriately reflected in those
financial statements in accordance with the applicable financial reporting framework;
www.masomomsingi.co.ke Contact: 0728 776 317 Page 194
AUDITING AND ASSURANCE
Subsequent events review — changes triggered by the signing of the audit report
The stage of completion of the annual financial statements determines the procedures the
auditor must undertake in performing subsequent event reviews.
If, as a result of the procedures performed as above, the auditor identifies events that require
adjustment of, or disclosure in, the financial statements, the auditor shall determine whether
each such event is appropriately reflected in those financial statements in accordance with the
applicable financial reporting framework.
The auditor shall request management and, where appropriate, those charged with governance,
to provide a written representation in accordance with ISA 580 that all events occurring
subsequent to the date of the financial statements and for which the applicable financial
reporting framework requires adjustment or disclosure have been adjusted or disclosed.
2. Between signing the audit report and issuing the financial statements
Auditors have a passive duty.
Auditors only have to act if they are made aware of something — but once they are
aware, they have a duty to take the necessary action.
The auditor has no obligation to perform any audit procedures regarding the financial
statements after the date of the auditor's report. However, if, after the date of the auditor's
report but before the date the financial statements are issued, a fact becomes known to the
auditor that, had it been known to the auditor at the date of the auditor's report, may have
caused the auditor to amend the auditor's report, the auditor shall:
a) Discuss the matter with management and, where appropriate, those charged with
governance;
b) Determine whether the financial statements need amendment and, if so,
c) Inquire how management intends to address the matter in the financial statements
If amendment is required to the financial statements and management makes the necessary
changes, the auditor must carry out a number of procedures:
Undertake any necessary audit procedures on the changes made.
Extend audit procedures for identifying subsequent events that may require adjustment
of or disclosure in the financial statements to the date of the new auditor's report.
Provide a new auditor's report on the amended financial statements.
before the amendments are made; but if the financial statements are issued anyway, the
auditor shall take action to seek to prevent reliance on the auditor's report.
Example
A few days after signing an audit report, but before the client's financial statements have been
approved by the shareholders at the AGM, the auditors receive a phone call from a director
indicating a material error in the financial statements.
3. Facts Which Become Known To The Auditor After The Financial Statements Have
Been Issued
After the financial statements have been issued, the auditor has no obligation to perform any
audit procedures regarding such financial statements. However, if, after the financial
statements have been issued, a fact becomes known to the auditor that, had it been known to
the auditor at the date of the auditor's report, may have caused the auditor to amend the
auditor's report, the auditor shall;-
a) Discuss the matter with management and, where appropriate, those charged with
governance;
b) Determine whether the financial statements need amendment; and, if so,
c) Inquire how management intends to address the matter in the financial statements.
Introduction
IAS 1 Presentation of Financial Statements recognizes the going concern assumption as one of
the fundamental assumptions that underlie the periodic financial statements of enterprises. The
meaning of going concern can be said to be that the financial statements assume that the
enterprise will continue in operational existence for the foreseeable future, or put another way
the financial statements assume no intention or necessity to liquidate or•curtail significantly the
scale of operation or put more simply that the enterprise can meet its financial obligations as
they fall due.
When performing risk assessment procedures as required by ISA 315, the auditor shall consider
whether there are events or conditions that may cast significant doubt on the entity's ability to
continue as a going concern. In so doing, the auditor shall determine whether management has
already performed a preliminary assessment of the entity's ability to continue as a going
concern, and:
www.masomomsingi.co.ke Contact: 0728 776 317 Page 199
AUDITING AND ASSURANCE
a) if such an assessment has been performed, the auditor shall discuss the assessment with
management and determine whether management has identified events or conditions
that, individually or collectively, may cast significant doubt on the entity's ability to
continue as a going concern and, if so, management's plans to address them; or
b) If such an assessment has not yet been performed, the auditor shall discuss with
management the basis for the intended use of the going concern assumption, and
inquire of management whether events or conditions exist that, individually or
collectively, may cast significant doubt on the entity's ability to continue as a going
concern.
The auditor shall remain alert throughout the audit for audit evidence of events or conditions
that may cast significant doubt on the entity's ability to continue as a going concern.
underlying data generated to prepare the forecast; and whether there is adequate
support for the assumptions underlying the forecast.
d) Considering whether any additional facts or information have become available since
the date on which management made its assessment.
e) Requesting written representations from management and, where appropriate, those
charged with governance, regarding their plans for future action and the feasibility of
these plans.
If the auditor concludes that the use of the going concern assumption is appropriate in the
circumstances but a material uncertainty exists, the auditor shall determine whether the
financial statements:
a) Adequately describe the principal events or conditions that may cast significant doubt on
the entity's ability to continue as a going concern and management's plans to deal with
these events or conditions; and
b) Disclose clearly that there is a material uncertainty related to events or conditions that
may cast significant doubt on the entity's ability to continue as a going concern and,
therefore, that it may be unable to realize its assets and discharge its liabilities in the
normal course of business.
- If adequate disclosure is made in the financial statements, the auditor shall express an
unmodified opinion and include an Emphasis in the auditor's report to:
a) Highlight the existence of a material uncertainty relating to the event or
condition that may cast significant doubt on the entity's ability to continue as a
going concern; and
b) Draw attention to the note in the financial statements that discloses the matters
- If adequate disclosure is not made in the financial statements, the auditor shall express a
qualified opinion or adverse opinion, as appropriate, in accordance with ISA 705
The auditor shall state in the auditor's report that there is a material uncertainty that may cast
significant doubt about the entity's ability to continue as a going concern.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 201
AUDITING AND ASSURANCE
If the financial statements have been prepared on a going concern basis but, in the auditor's
judgment, management's use of the going concern assumption in the financial statements is
inappropriate, the auditor shall express an adverse opinion.
Financial
Net liability or net current liability position.
Fixed-term borrowings approaching maturity without realistic prospects of renewal or
repayment; or excessive reliance on short-term borrowings to finance long-term assets.
Indications of withdrawal. of financial support by creditors.
Other
Non-compliance with capital or other statutory requirements.
Pending legal or regulatory proceedings against the entity that may, if successful, result
in claims that the entity is unlikely to be able to satisfy.
Changes in law or regulation or government policy expected to adversely affect the
entity.
Uninsured or underinsured catastrophes when they occur.
The significance of such events or conditions often can be mitigated by other factors. For
example, the effect of an entity being unable to make its normal debt repayment's may be
counter-balanced by management's plans to maintain adequate cash flows by alternative
means, such as by disposing of assets, rescheduling loan repayments, or obtaining additional
capital. Similarly, the loss of a principal supplier may be mitigated by the availability of a
suitable alternative source of supply.
The risk assessment procedures help the auditor to determine whether management's use of the
going concern assumption is likely to be an important issue and its impact on planning the audit.
These procedures also allow for more timely discussions with management, including a
discussion of management's plans and resolution of any identified going concern issues.
Whether any assets have been appropriated by government or destroyed, for example,
by fire or flood.
Whether there have been any developments regarding contingencies.
Whether any unusual accounting adjustments have been made or are contemplated.
Whether any events have occurred or are likely to occur that will bring into question the
appropriateness of accounting policies used in the financial statements, as would be the
case, for example, if such events call into question the validity of the going concern
assumption.
Whether any events have occurred that are relevant to the measurement of estimates or
provisions made in the financial statements.
Whether any events have occurred that are relevant to the recoverability of assets_
In the public sector, the auditor may read the official records of relevant proceedings of the
legislature and inquire about matters addressed in proceedings for which official records are
not yet available.
MANAGEMENT REPRESENTATIONS
It should be normal practice at the end of an audit to send a letter to the client setting out
weaknesses in the system of internal control. Certain rules should be observed when preparing
such a letter (known as the management letter, the letter of weakness, the internal control
memorandum, the letter of recommendations or the constructive service letter).
If management refuses to provide a representation then this constitutes a • limitation in scope
and consideration should be given to expressing a qualified opinion or a disclaimer of opinion.
3. Audit evidence is all the information used by the auditor in arriving at the conclusions on
which the audit opinion is based. Written representations are necessary information that
the auditor requires in connection with the audit of the entity's financial statements.
4. Accordingly, similar to responses to inquiries, written representations are audit
evidence.
5. Although written representations provide necessary audit evidence, they do not provide
sufficient appropriate audit evidence on their own about any of the matters with which
they deal. Furthermore, the fact that management has provided reliable written
representations does not affect the nature or extent of other audit evidence that the
auditor obtains about the fulfillment of management‘s responsibilities, or about specific
assertions.
Representations as Audit Evidence
The engagement team should obtain Written representations from management on matters
material to the financial statements when other sufficient appropriate audit evidence cannot
reasonably be expected to exist.
The team should obtain written representation from management that:
a) It acknowledges its responsibility for the design and implementation of internal control
to prevent and detect error; and
b) It believes the effects of those uncorrected financial statement misstatements
aggregated by the auditor during the audit are immaterial, both individually and in the
aggregate, to the financial statements taken as a whole. A summary of such items
should be included in or attached to the written representations.
In certain instances, the only audit evidence that can be available to the auditor is that obtained
from inquiry. Therefore, the need to obtain written representations from management arises.
Where representations relate to matters that are material to the financial statements, the
engagement team should:
- Seek corroborative audit evidence from sources inside or outside the entity;
- Evaluate the reasonableness of management representations and consistency with other
audit evidence; and
- Consider whether the individuals making the representations are knowledgeable on
those particular matters.
Where' other audit evidence could reasonably be expected to be available, management
representations cannot be substituted for that audit evidence. For example, a representation by
management as to the cost of an asset is not a substitute for the audit evidence of such cost that
an engagement team would ordinarily expect to obtain.
Where audit evidence is reasonably expected to be available, relating to a matter that is
material to the financial statements, and the engagement team is unable to obtain such
evidence, consideration should be given to modifying the auditor's report with a limitation of
scope paragraph. This will be the case even if management representation on that particular
matter has been received.
Where management representations are contradicted by other audit evidence, the engagement
team should investigate the circumstances and, if need be, reconsider the reliability of other
representations made by management.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 205
AUDITING AND ASSURANCE
Documentation
In Audit Evidence, documentary evidence is more reliable than oral evidence. Thus,
management's representations should be obtained in a written form. This also reduces the
possibility of misunderstandings between the engagement team and management. The
basic elements of the management representation letter are:
- It should be addressed to the auditor.
- It is dated the same date as the auditor's report.
- It is normally signed by members of management who have responsibility for the entity
and its financial aspects (normally the directors), based on the best of their knowledge
and belief.
General points of good practice are as follows:
a) It should make clear that the object of the audit is not to discover fraud, but to report on
the financial statements. The matters referred to have been discovered incidentally to the
main objective.
b) The points should be listed logically.
c) There is no point in drawing attention to a weakness which is inherent in the nature or
size of the business, or it's totally trivial.
d) Only the weakness should be noted. It should not be implied that no fraud is taking
place although the possible consequences of the weaknesses can be expanded upon.
e) Recommendations for improvements should be made in respect of each weakness. 0
Communications in respect of recommendations should be made on a timely basis.
The management letter will normally be a natural by-product of the audit, and the auditor
should incorporate the need to issue the letter in the planning of the audit. The letter should be
sent as soon as possible after completion of the audit procedures giving rise to the need to
comment.
Where audit work is carried out in more than one stage it may be appropriate to issue a letter at
the interim audit stage as well as the final audit stage.
It is important that the management letter is sent and responded to on a timely basis (at the
audit completion stage) in order to have impact, be effective and acted upon by the client. It is
important to discuss all the points in the letter with management before the letter is issued. Any
significant matters should be brought to management's attention immediately first verbally
followed. up in writing. It is essential that the contents of the letter are considered by the
management. A copy of the letter with replies should be kept on the file. Significant matters
should be followed up after the client's response by way of discussion or the performance of
system tests. Normally, it is usual for the auditor to review points made in previous years at the
first subsequent audit visit.
When a group of companies is involved, the management of the holding company may want to
be informed of significant points arising in the reports of the management of the subsidiaries.
The auditor must obtain permission from the management of the subsidiary before releasing
such information.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 206
AUDITING AND ASSURANCE
In practice, the auditor has little control over what happens to the report once it has been
dispatched.
Occasionally, management may provide third parties e.g. their bankers, with copies of the
report.
The auditor can use a disclaimer of liability against foreseen liability to third parties but this
may not give full protection from liability where the auditor knows or ought to know that a
report to management may be passed to a third party who would rely on it.
c. Whether audit documentation selected for review reflects the work performed in
relation to the significant judgments and supports the conclusions reached.
If differences of opinion arise within the engagement team, with those consulted or, where
applicable, between the engagement partner and the engagement quality control reviewer, the
engagement team shall follow the firm's policies and procedures for dealing with and resolving
differences of opinion.
An effective system of quality control includes a monitoring process designed to provide the
firm with reasonable assurance that its policies and procedures relating to the system of quality
control are relevant, adequate, and operating effectively. The engagement partner shall consider
the results of the firm's monitoring process as evidenced in the latest information circulated by
the firm and, if applicable, other network firms and whether deficiencies noted in that
information may affect the audit engagement.
Options available
The directors of an insolvent company face a difficult decision. Should they comtinue_to trade,
in the hope that the company's performance and position will improve, or should they cut their
losses and wind up the company? This is a dilemma that the auditor may be asked to help
resolve by evaluating the advantages and disadvantages of the options available, and considering
the impact of each on the relevant parties, including creditors, shareholders, management and
employees. The auditor may also be asked to explain the procedures involved in placing a
company into administration or liquidation, as directors will usually have limited knowledge in
this area.
Administration
If the directors decide to try to save the company, it can be placed into administration, which
offers some breathing space and legal protections while a rescue plan is formulated to try to
preserve the company's going concern status. The main advantage of administration is that
once an administrator is appointed, a moratorium over the company's debts commences
meaning that it is not possible for a winding up petition to be presented at court by the
company's creditors (payables) — thus allowing time for the rescue plan to be designed and
initiated.
A company in administration is under the control of the appointed administrator who is given a
short period of time (usually eight weeks) to set out a proposal for achieving the aim of the
administration, or to decide that it is not reasonable that the company can be rescued. A
creditors' meeting is called, at which the proposals are accepted or rejected. The administrator
takes over management of the company and has the power to appoint and remove directors.
The process for appointment of an administrator varies, and may or may not involve a court
order. A company, its directors or one or more creditors (payables) can apply to the court for
the appointment of an administrator. The court will grant an administration order only if it is
satisfied that the company is — or is likely to become insolvent, and that the administration
process is likely to achieve its purpose of rescuing the company as a going concern. It is also
possible for an administrator to be appointed without a court order, either by a floating
chargeholder, or by the company or its directors.
Liquidation
If the company cannot be saved, then liquidation or 'winding up' is likely to be initiated. The
company will cease to trade, assets are sold, liabilities are paid (to the extent allowed by the
proceeds from the sale of assets and by applying the rules for allocation of assets), and
eventually the company will be dissolved. Once liquidation proceedings are under way share
dealings must stop, and the directors lose their power to manage the company:
The procedures involved in placing a company into liquidation are complicated by the fact that
there are different ways that the process is initiated — compulsory liquidation, members'
voluntary liquidation, and creditors' voluntary liquidation. Compulsory liquidation is usually
initiated by one or more creditors, who apply to the court and must demonstrate that the
company is unable _to, pay its debts. A creditor who is owed and who has served the company
with a written demand for payment that has not been settled, has grounds to apply to the court
for compulsory liquidation. In less common circumstances, a member (shareholder) who is
dissatisfied with the directors' management of the company may petition the court for the
company to be wound up on the just and equitable ground. For this to be successful, the member
has to demonstrate to the court that winding up is the only remedy available. Voluntary
liquidation can occur through two different routes — a member's voluntary liquidation, or a
creditors' voluntary liquidation. The former is used where the company is solvent, and can only
take place when the directors have made a declaration of solvency. Creditors have no
involvement with this type of liquidation, as the declaration of solvency means that they will be
paid in full and therefore have no risk exposure. Shareholders pass a resolution to wind up the
company and appoint a liquidator, who is responsible for closing down the company.
Voluntary liquidation can occur through two different routes — a member's voluntary
liquidation, or a creditors' voluntary liquidation. The former is used where the company is
solvent, and can only take place when the directors have made a declaration of solvency.
Creditors have no involvement with this type of liquidation, as the declaration of solvency
means that they will be paid in full and therefore have no risk exposure. Shareholders pass a
resolution to wind up the company and appoint a liquidator, who is responsible for closing
down the company.
In contrast, in a creditors' voluntary liquidation the creditors are heavily involved with
proceedings, as in this case the company is not solvent, and therefore creditors face the risk that
they Will not be paid the full amount owing to them. The process is started by a shareholders'
meeting where a resolution is passed to agree that the company should be wound up, but
subsequently, the creditors' wishes over the appointment of the liquidator and the process of
winding up will override the wishes of the shareholders.
Allocating company assets An important issue arising on liquidation is the order of priority for
allocating company assets. This is especially important for creditors and shareholders because,
by definition, an insolvent company cannot pay everything that is owed. The amounts that will
be paid on liquidation depend on matters such as whether debts are secured or unsecured,
whether charges over assets are fixed or floating in nature, whether shareholders own
preference or equity shares, the costs suffered by the liquidator (which are generally paid first)
and the amount of preferential creditors (including employees' salaries and other benefits in
arrears). In most liquidations equity shareholders receive very little, and usually nothing, as they
rank last in the order of priority in allocating company assets. The auditor of an insolvent or
potentially insolvent company may be asked to advice on the allocation of company assets
TOPIC 9
AUDIT REPORT
th
7 SCHEDULE PROVISIONS ON AUDIT REPORT
Companies Act stipulates the statements that should be expressly stated in the auditor‘s
report. These are;
1. Whether they have obtained all the information and explanations which to the best of
their knowledge and belief were necessary for the purposes of their audit.
2. Whether in their opinion, proper books of account have been kept by the company, so far
as appears from their examination of those books, and proper returns adequate for
the purposes of their audit have been received from branches not visited by them.
3.
- Whether the company's balance sheet and (unless it is framed as a consolidated profit
and loss account) profit and loss account dealt with by the report are in agreement
with the books of account and returns.
- Whether, in their opinion and to the best of their information and according to the
explanations given to them, the said accounts give the information required by this
Act in the manner so required and give a true and fair view—
(a) in the case of the balance sheet, of the state of the company's affairs as at the
end of its financial year; and
(b) in the case of the profit and loss account, of the profit or loss for its financial
year; or, as the case may be, give a true and fair view thereof subject to the
non-disclosure of any matters (to be indicated in the report) which by virtue of
Part III of the Sixth Schedule are not required to be disclosed.
4. In the case of a company which is a holding company and which submits group accounts
whether, in their opinion, the group accounts have been properly prepared in accordance
with the provisions of this Act so as to give a true and fair view of the state of affairs and
profit or loss of the company and its subsidiaries dealt with thereby, so far as concerns
members of the company, or, as the case may be, so as to give a true and fair view
thereof subject to the non-disclosure of any matters (to be indicated in the report) which
by virtue of Part III of the Sixth Schedule are not required to be disclosed.
When financial statements are finalised, they usually must contain an evaluation – an auditor's
report - from a licensed accountant or auditor. This report provides an overview of the
evaluation of the validity and reliability of a company or organization‘s financial statements.
The goal of an auditor's report is to document reasonable assurance that a company‘s financial
statements are free from error.
An audit of a company‘s financial statements should result in a report wherein the accountant
or auditor is free to share their opinion about the validity and reliability of a company‘s
financial statements.
In this report, the auditor should provide an accurate picture of the company and their financial
statements. The auditor should also state whether they are externally or internally connected to
the company.
Within the report, the auditor can share any reservations about the condition of the company‘s
finances or relevant additional information. Reservations could arise if the auditor disagrees
with something found in the financial statements, e.g. if the auditor disagrees with management
about the valuation of an asset because they believe that this has a more significant impact on
the financial statements.
In the report there are rules concerning what an auditor's report should include and the order in
which various items should be reported.
Auditor's reports must adhere to accepted standards established by governing bodies. The
governing bodies help to assure external users that the auditor's opinion on the fairness of
financial statements is based on a commonly accepted framework.
BASIC ELEMENTS
The Companies Act does not stipulate the form the auditor‘s report should take. The auditing
standards seek to ensure that the auditor‘s report is clear and unambiguous. To this end, it
seeks to standardize the form of the auditor‘s report. It does this by giving the basic elements
of the auditor‘s report.
Auditing standards require that the report be titled and that the title includes the word
―independent‟ e.g. independent auditors report‟ . The requirement that the title includes the
word independent is intended to convey to users that the audit was unbiased in all aspects.
ii. Address
The report is usually addressed to the company, its stockholders or the board of directors. For
practical reasons, it limits the users of auditor‘s report.
The first paragraph has three purposes, fist, it makes a statement that the practice did an audit.
Secondly, it lists all the financial statements that were audited including the balance sheet dates
and accounting periods for the income statement and cash flow statement. The wording of the
financial statements in the report should be identical to those used by management on
www.masomomsingi.co.ke Contact: 0728 776 317 Page 212
AUDITING AND ASSURANCE
the financial statements. Thirdly, the introductory paragraph states that the statements are the
responsibility of management and that the auditor‘s responsibility is to express an opinion on
the statements based on the audit.
This paragraph is a factual statement about what the auditor did in the audit. This paragraph
states how the audit was planned and performed in accordance with ISAs and states that the
audit is designed to obtain reasonable assurance whether the financial statements are free of
material misstatements.
v. Opinion paragraph
This final paragraph states the auditors conclusions based on the results of the audit. This part
of the report is so important that often the audit report is simply called the auditor‘s opinion.
The opinion paragraph is stated as an opinion rather than a statement of absolute fact or a
guarantee.
The appropriate date for the report is the one on which the auditor has completed the most
important audit procedures in the field. This date is important to users of financial statements
as it indicates the last day of auditor‘s responsibility for review of significant events that have
occurred after date of financial statements.
The firm‘s name is used because the entire firm has the legal responsibility to ensure that the
quality of audit meets professional standards.
TYPES OF OPINIONS
a) Unqualified opinion.
b) Disclaimer opinion
c) Qualified opinion
d) Adverse opinion
Unqualified opinion
This is issued when the auditor is satisfied in all material aspects that enable him express the
required opinion on financial statements without any reservation. This is sometimes called a
clean opinion. It is expressed when the auditor concludes that the financial statements give a
true and fair view in accordance with the relevant financial reporting standards.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 213
AUDITING AND ASSURANCE
There are occasions when the auditor has no reservation as to the financial statements but where
they exists unusual events, conditions or accounting policies and he feels that unless the reader
may not reach a proper understanding of the financial position and results. In such
circumstances, the auditor should express an unqualified opinion including an extra paragraph
called „emphasis of the matter paragraph‟ to draw attention of the reader to the unusual matter.
The addition of such an emphasis of matter paragraph does not lead to a qualification of the
audit opinion but is intended to enable the reader obtain a better understanding. To avoid this
being understood as a qualification, the emphasis of the matter paragraph should contain the
phrase ―without qualifying our opinion‟ .
i. Unusual condition would include destruction of assets after balance sheet date but the
company remains a going concern.
ii. The company being insolvent on the face of its own balance sheet but the auditor has
letters of support which he is satisfied can be fulfilled by the other party thus he will
accept appropriateness of the going concern assumption. Unusual events could also
include changes in the legislation that could have a material impact on the entity‘s
business operations subsequent to the balance sheet date. Unusual accounting policies
that may lead to emphasis of matter paragraph would involve those matters not covered
by any accounting standard.
iii. Inherent uncertainties that may call for emphasis of matter paragraph would include
contingencies at the balance sheet date which have not been resolved at the date of
signing the auditor‘s report.
iv. Negotiations for financing which have not been financed by date of signing of the
auditor‘s report.
Auditor‘s Report
(APPROPRIATE ADDRESSEE)
We have audited the accompanying balance sheet of the ABC Company as of December
31, 20x1, and the related statements of income, and cash flows for the year then ended.
These financial statements are the responsibility of the Company‘s management. Our
responsibility is to express an opinion on these financial statements based on our audit.
We conducted our audit in accordance with International Standards on Auditing (or refer to
relevant national standards or practices). Those standards require that we plan and perform
the audit to obtain reasonable assurance about whether the financial statements are free of
material misstatement. An audit includes examining, on a test basis, evidence supporting
the amounts and disclosures in the financial statements. An audit also includes assessing
the account principles used in significant estimates made by the management, as well as
evaluating the overall financial statement presentation. We believe that our audit provides
a reasonable basis for our opinion.
In our opinion, the financial statements give a true and view of (or „present fairly, in all
material respects,‟ ) the financial position of the Company as of December 31, 20x1 and
of results of its operations and its cash flows for the year then ended in accordance with
… (and comply with ….)
AUDITOR
Date
Address‟
Footnotes:
1. Reference may be by page numbers
2. Indicate IASs or relevant national standards
3. Refer to relevant statues or law
When the auditor has reservation on any matter that is considered material to the financial
statements, he may introduce qualifying remarks in the audit report. The auditor‘s reservation
could arise out of the following;
Limitation on the scope of his work.
Disagreement with management.
Significant uncertainty affecting financial statements, the resolution of which is
dependent upon future events.
This is expressed when auditor concludes that unqualified opinion cannot be expressed but that
the effect of any disagreement with management or limitation in scope is not so material and
pervasive as to require an adverse opinion or disclaimed opinion. A qualified opinion implies
that all aspects of the financial statements are okay expect for the effects of the matters which
the qualifications relate.
c) Disclaimer of opinion.
This is issued when the possible effect of a limitation in scope or uncertainty is so material or
pervasive that the auditor has not been able to obtain sufficient appropriate audit evidence, as a
result he is unable to express an opinion on financial statements. A disclaimer of opinion implies
that the auditor is unable to form an opinion because sufficient audit evidence could not be
obtained.
d) Adverse opinion.
This is expressed when the effects of a disagreement is so material and pervasive to the
financial statements that the auditor concludes that a qualification of the report is not adequate
to disclose the misleading and incomplete nature of the financial statements. The auditor states
that due to the nature of the disagreement in his opinion, the financial statements do not show
true and fair view.
Limitation of scope
If for any reason the auditor is unable to receive all the information and explanations he deems
necessary for the purposes of his audit, then there is a limitation in scope of his work. It means
that the auditor to conclude his work objectively. This could arise due to the following reasons;
If the possible effect of limitation in scope of an audit is material but not fundamental to the
financial statements, the auditor issues a qualified opinion. (Except for opinion.)
If the possible effect of limitation in scope of an audit is of fundamental importance that the
auditor is unable to express an opinion on the financial statements, the auditor issues a
disclaimer of opinion as mentioned above.
When there is a limitation in scope of auditor‘s work that requires the expression of a qualified
opinion or a disclaimer of opinion, the auditor should describe the nature of the limitation in his
report and indicate the possible adjustments to the financial statements that might have been
determined to be necessary, had the limitation not existed.
We did not observe the counting of the physical inventories as of December 31, 20x1,
since that date was prior to the time we were initially engaged as auditors‘ fir the
company. Owing to the nature of the company‘s records, we were unable to satisfy
ourselves as to inventory quantities by other audit procedures.
In our opinion, except for the effects of such adjustments, if any, as might have been
determined to be necessary had we been able to satisfy ourselves as to physical
inventory quantities, the financial statements give a true and (remaining words are the
same as illustrated in the opinion paragraph of the unqualified report above).‟
December 31 20x1 and the related statements of income, and cash flows for the year then
ended. These financial statements are the responsibility of the Company‘s management.
(The paragraph discussing the scope of the audit would either be omitted or amended
according to the circumstances.)
We were not able to observe all physical inventories and confirm accounts receivable due
to limitations placed on the scope of our work by the company.
Because of the significance of the matters discussed in the preceding paragraph we do not
express an opinion on the financial statements.
Inherent uncertainties
Inherent uncertainties result from circumstances in which it is impossible for the auditor to
reach any objective conclusion as to the outcome of a situation due to the circumstances
themselves rather than a limitation of scope of the audit. Such uncertainties are only resolved
through the passage of time e.g. to wait for the outcome of a litigation. However, time is a
great constraint and financial statements must be prepared within the required time. The
auditor should form an opinion on the adequacy of the accounting treatment of such
uncertainties. This will involve consideration of:
The appropriateness of any accounting policies adopted by the management in treating
the effect of such uncertainties.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 218
AUDITING AND ASSURANCE
Some inherent uncertainties are fundamental. These are uncertainties where the degree of
uncertainty and its potential impact on the view given by the financial statements may very
great.
In determining whether an uncertainty is fundamental, the auditor considers the following:
The risk of the estimate included in the balance sheet being subject to change.
The range of possible outcomes.
The consequences of those outcomes on the view given by the financial statements.
Inherent uncertainties are considered fundamental when they involve a significant level
of concern about the validity of the going concern assumption or other matters whose
potential effect on the financial statements is usually great.
Disagreement
Under disagreement, the auditor is able to conclude objectively that he has received all the
information and explanations he considers necessary for the purpose of the audit. But his
conclusion is at variance with the position adopted by the management or the view given by
the financial statements. Circumstances giving rise to disagreements include;
Whether the auditor agrees with the accounting treatment or disclosure of a matter in the
financial statements and in the auditor‘s opinion, the effect of that disagreement is material to
the financial statements, the auditor should;
Include in his report a description of all the factors giving rise to the disagreement.
The implications of such factors on the financial statements.
A quantification of the effect on the financial statements.
Examples
We conducted our audit in accordance with … (remaining words are the same as
illustrated in the scope paragraph of the unqualified report above).
Accounting Standards. The provision for the year ended December 31, 20x1 should be
based on the straight line method of depreciation using annual rates of 5% for the
building and 20% for the equipment. Accordingly the non current assets should be
reduced by the accumulated depreciation of xxx and the loss for the year and
accumulated deficit should be increased by xxx and xxx respectively.
In our opinion, except for the effect on the financial statements of the matter referred to in
the preceding paragraph, the financial statements give a true and …. (Remaining words are
the same as illustrated in the opinion paragraph of the unqualified report above).
We conducted our audit in accordance with…. (Remaining words are the same as
illustrated in the scope paragraph of the unqualified report above.
On January 15, 2OO7, the company issued debentures in the amount of xx for the
purpose of financing plant expansion. The debenture agreement restricts the payment
of future cash dividends to earnings after December 31, 20x1. In our opinion,
disclosure of this information is required by …. (Insert reference to statutory or
regulatory requirement).
In our opinion, except for the omission of the information included in the preceding
paragraph, the financial statements give a true and … (remaining words are the same as
illustrated in the opinion paragraph of the unqualified report above).
We have audited … (remaining words are the same as illustrated in the introductory
paragraph of the unqualified report above).
We conducted our audit in accordance with.. (Remaining words are the same as illustrated
in the scope paragraph of the unqualified report above.
In our opinion, because of the effects of the matters discussed in the preceding
paragraph(s), the financial statements do not give a true and fair of (or do not „present
fairly‟ ) the financial position of the company as at December 31, 20x1, and of result of its
operations and its cash flows for the year then ended in accordance with (insert relevant
IASs or national standards) ..
And do not comply with …… (Insert relevant statutes or law).
When the auditor concludes that the effect of the matter giving rise to disagreement is so
fundamental that the financial statements are misleading, the auditor should issue an adverse
opinion.
If the nature of the disagreement is material but not fundamental, the auditor should issue a
qualified opinion indicating that all other aspects of the financial statements are okay except
for the matter giving rise to the disagreement.
The auditor may not include qualifying remarks in his audit report unless the matter is material.
Material but not pervasive means that the reservation the auditor has is material in the context
of a segment of the financial statements but not to the financial statements taken as a whole.
A matter becomes material and pervasive when it is material in the context of the financial
statements taken as a whole. A limitation of scope becomes pervasive when it makes the
financial statements misleading for decision making purposes or of little value for decision
making purposes. A disagreement becomes pervasive when it makes the financial statements
taken as a whole to be totally misleading.
Qualification matrix
The auditor when reporting on the financial statements is categorically concerned of the going
concern concept because;
It affects true and fair view of the financial statements
It facilitates qualification of audit reports.
It confirms compliance of financial statements with the generally accepted accounting
principles and policies.
The auditor‘s main interest will be that all material matters affecting the financial
statements have been disclosed.
If fundamental accounting principles governing the financial statements have been properly
observed in all material aspects, the financial statements presented show a true and fair view.
The auditor should consider the risk that the going concern assumption may no longer be
appropriate. Indications of the risk that the continuance as a going concern may be
questionable could come from the financial statements or from other sources. Examples of
such indications are as follows:
a. Financial indicators.
Changes of the financial position of the company drastically within a short period of
time especially from bad to worse.
Financial difficulties affecting the company‘s production process and sales.
Changes of credit policies especially from credit to cash on delivery.
Difficulties in paying salaries and wages of employees.
Increased financial borrowing.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 222
AUDITING AND ASSURANCE
High staff turnover in key accounting and managerial officials and finance personnel
especially without replacement.
Unfriendly environment between management and management and employees
Unusual pressure within the entity for no apparent reason.
Circumstances of labour disputes e.g. strikes by employees leading to demonstrations
ad protests.
Where the entity relies heavily on a customer for sale of its products or for marketing
its output.
Pending legal proceedings against the entity that may, if successful, result in
judgements that could not be met.
Non compliance with capital and other statutory requirements.
The significance of such indications can often be mitigated by other factors. For example, the
effect of an entity being unable to make its normal debt repayments may be counterbalanced y
management‘s plans to maintain adequate cash flows by alternative means, such as by disposal
of assets, rescheduling of loan repayments, or obtaining additional capital. Similarly, the loss of
a principal supplier may be mitigated by the availability of a suitable alternative source of
supply.
TOPIC 10
1. The public-sector audit environment is that in which governments and other public-
sector entities exercise responsibility for the use of resources derived from taxation and
other sources in the delivery of services to citizens and other recipients. These entities
are accountable for their management and performance, and for the use of resources,
both to those that provide the resources and to those, who depend on the services
delivered using those resources, for example citizens, Public-sector auditing helps to
create suitable conditions and reinforce the expectation that public-sector entities and
public servants will perform their functions effectively, efficiently, ethically and in
accordance with the applicable laws and regulations.
2. In general public-sector auditing can be described as a systematic process of objectively
obtaining and evaluating evidence to determine whether information or actual conditions
conform to established criteria. Public-sector auditing is essential in that it provides
legislative and oversight bodies, those charged with governance and the general public
with information and. independent and objective assessments concerning the stewardship
and performance of government policies, programs or operations.
3. Supreme Audit Institutions serve this aim as important pillars of their national
democratic systems and governance mechanisms and play an important role in
enhancing public-sector administration by emphasizing the principles of transparency,
accountability, governance and performance.
1. Providing the intended users with independent, objective and reliable information,
conclusions or opinions based on sufficient and appropriate evidence relating to public
entities;
2. Enhancing accountability and transparency, encouraging continuous improvement and
sustained confidence in the appropriate use of public funds and assets and the
performance of public administration;
3. Reinforcing the effectiveness of those bodies within the constitutional arrangement that
exercise general monitoring and corrective functions over government, and those
responsible for the management of publicly-funded activities;
www.masomomsingi.co.ke Contact: 0728 776 317 Page 224
AUDITING AND ASSURANCE
In general, public-sector audits can be categorized into three main types: audits of financial
statements, performance audits and audits of compliance with authorities.
1. Financial audit focuses on determining whether an entity's financial information is
presented in accordance with the applicable financial reporting and regulatory
framework. This is accomplished by obtaining sufficient and appropriate audit evidence
to enable the auditor to express an opinion as to whether the financial information is free
from material misstatement ^ due to fraud or error.
2. Performance audit focuses on whether interventions, programmes and institutions are
performing in accordance with the principles of economy, efficiency and effectiveness
and whether there is room for improvement. Performance is examined against suitable
criteria, and the causes of deviations from those criteria or other problems are analyzed.
The aim is to answer key audit questions and to provide recommendations for
improvement.
3. Compliance audit focuses on whether a particular subject matter is in compliance with
authorities identified as criteria. Compliance auditing is performed by assessing whether
activities, financial transactions and information are, in ail material respects, in
compliance with the authorities which govern the audited entity. These authorities may
include rules, laws and regulations, policies, established codes, agreed terms or the
general principles governing sound public-sector financial management and the conduct
of public officials.
All public-sector audits have the same basic elements: the auditor, the responsible party,
intended users (the three parties to the audit), the subject matter and the criteria for assessing
the subject matter.
1. The auditor: In public-sector auditing the role of auditor is fulfilled by the Head of the
SA1 and by persons to whom the task of conducting the audits is delegated. The overall
responsibility for public-sector auditing remains as defined by the SAI's mandate.
2. The responsible party: In public-sector auditing the relevant responsibilities are
determined by constitutional or legislative arrangement. The responsible parties may be
responsible for managing the subject matter or for addressing recommendations, and
may be individuals or organizations.
3. Intended users: The individuals, organizations or classes thereof for whom the auditor
prepares the audit report. The intended users may be legislative or oversight bodies,
those charged with governance or the general public.
4. Subject matter refers to the information, condition or activity that is measured or
evaluated against certain criteria. It can take many forms and have different
www.masomomsingi.co.ke Contact: 0728 776 317 Page 225
AUDITING AND ASSURANCE
Types of engagement
In direct reporting engagements it is the auditor who measures or evaluates the subject
matter against the criteria. The auditor selects the subject matter and criteria, taking into
consideration risk and materiality. The outcome of measuring the subject matter against
the criteria is presented in the audit report in the form of findings, conclusions,
recommendations or an opinion. The audit of the subject matter may also provide new
information, analyses or insights.
Depending on the audit and the users' needs, assurance can be communicated in two
ways:
Through opinions and conclusions which explicitly convey the level of assurance. This
applies to ah attestation engagements and certain direct reporting engagements.
In other forms in some direct reporting engagements the auditor does not give an
explicit statement of assurance on the subject matter. In such cases the auditor provides
the users with the necessary degree of confidence by explicitly explaining how findings,
criteria and conclusions were developed in a balanced and reasoned manner, and why
the combinations of findings and criteria result in a certain overall conclusion or
recommendation.
Levels of assurance
Assurance can be either reasonable or limited. Reasonable assurance is high but net absolute.
The audit conclusion is expressed positively, conveying that, in the auditor's opinion, the subject
matter is or is not compliant in all material respects, or, where relevant, that the subject matter
information provides a true and fair view, in accordance with the applicable criteria. When
providing limited assurance, the audit conclusion states that, based on the procedures
performed, nothing has come to the auditor's attention to cause the auditor to believe that the
subject matter is not in compliance with the applicable criteria. The procedures performed in a
limited assurance audit are limited compared with what is necessary to obtain reasonable
assurance, but the level of assurance is expected, in the auditor's professional judgement, to be
meaningful to the intended users. A limited assurance report conveys the limited nature of the
assurance provided.
General principles
1. Ethics and independence- Auditors should comply with the relevant ethical
requirements and be independent Ethical principles should be embodied in an auditor's
professional behaviour. The SAIs should have policies addressing ethical requirements
and emphasising the need for compliance by each auditor. Auditors should remain
independent so that their reports will be impartial and be seen as such by the intended
users.
2. Professional judgement, due care and skepticism- Auditors should maintain appropriate
professional behaviour by applying professional skepticism, professional judgment and
due care throughout the audit. The auditor's attitude should be characterized by
professional skepticism and professional judgement, which are to be applied when
forming decisions about the appropriate course of action. Auditors should exercise due
care to ensure that their professional behaviour is appropriate. Professional
www.masomomsingi.co.ke Contact: 0728 776 317 Page 227
AUDITING AND ASSURANCE
skepticism means maintaining professional distance and an alert and questioning attitude
when assessing the sufficiency and appropriateness of evidence obtained throughout the
audit. It also entails remaining open-minded and receptive to all views and arguments.
Professional judgement implies the application of collective knowledge, skills and
experience to the audit process. Due care means that the auditor should plan and conduct
audits in. a diligent manner. Auditors should avoid any conduct that might discredit their
work.
3. Quality control- Auditors should perform the audit in accordance with professional
standards on quality control An SAI's quality control policies and procedures should
comply with professional standards, the aim being to ensure that audits are conducted at a
consistently high level. Quality control procedures should cover matters such as the
direction, review and supervision of the audit process and the need for consultation in
order to reach decisions on difficult or contentious matters.
4. Audit team management and skills- Auditors should possess or have access to the
necessary skills The individuals in the audit team should collectively possess the
knowledge, skills and expertise necessary to
successfullycompletetheaudit.Thisincludesanunderstandingandpracticalexperieaceofthet
ypeof audit being conducted, familiarity with the applicable standards and legislation, an
understanding of the entity's operations and the ability and experience to exercise
professional judgement. Common to all audits is the need to recruit personnel with
suitable qualifications, offer staff development and training, prepare manuals and other
written guidance and instructions concerning the conduct of audits, and assign sufficient
audit resources. Auditors should maintain their professional competence through ongoing
professional development.
5. Audit risk- Auditors should manage the risks of providing a report that is inappropriate
in the circumstances of the audit The audit risk is the risk that the gudit report may be
inappropriate. The auditor performs procedures to reduce or manage the risk o.f reaching
inappropriate conclusions, recognising that the limitations inherent to all audits mean that
an audit can never provide absolute certainty of the condition of the subject matter.
When the objective is to provide reasonable assurance, the auditor should reduce audit
risk to an acceptably iow level given the circumstances of the audit. The audit may also
aim to provide limited assurance, in which case the acceptable risk that criteria are not
complied with is greater than in a reasonable assurance audit. A limited assurance audit
provides a level of assurance that, in the auditor's professional judgment, will be
meaningful to the intended users.
also has other quantitative as well as qualitative aspects. The inherent characteristics of
an item or group of items may render a matter material by its very nature. A matter may
also be material because of the context in which it occurs.
Planning an audit
1. Auditors should ensure that the terms of the audit have been clearly established Audits
may be required by statute, requested by a legislative or oversight body, initiated by the
SAI or carried out by simple agreement with the audited entity, in ali cases the auditor,
the audited entity's management, those charged with governance and others as applicable
should reach a common formal understanding of the terms of the audit and their
respective roles and responsibilities, important information may include the subject,
scope and objectives of the audit, access to data, the report that will result from the audit,
the audit process, contact persons, and the roles and responsibilities of the different
parties to the engagement.
2. Auditors should obtain an understanding of the nature of the entity/programme to be
audited. This includes understanding the relevant objectives, operations, regulatory
environment, internal controls, financial and other systems and business processes, and
researching the potential sources of audit evidence. Knowledge can be obtained from
regular interaction with management, those charged with governance and other relevant
stakeholders. This may mean consulting experts and examining documents (including
www.masomomsingi.co.ke Contact: 0728 776 317 Page 229
AUDITING AND ASSURANCE
earlier studies and other sources) in order to gain a broad understanding of the subject
matter to be audited and its context.
3. Auditors should conduct a risk assessment or problem analysis and revise this as
necessary in response to the audit findings. The nature of the risks identified will vary
according to the audit objective. The auditor should consider and assess the risk of
different types of deficiencies, deviations or misstatements that may occur in relation to
the subject matter, Both general and specific risks should be considered. This can be
achieved through procedures that serve to obtain an understanding of the entity or
programme and its environment, including the relevant internal controls. The auditor
should assess the management's response to identified risks, including its
implementation and design of internal controls to address them, in a problem analysis the
auditor should consider actual indications of problems or deviations from what should be
or is expected. This process involves examining various problem indicators in order to
define the audit objectives. The identification of risks and their impact on the audit
should be considered throughout the audit process.
4. Auditors should identify and assess the risks of fraud relevant to the audit objectives
Auditors should make enquiries and perform procedures to identify and respond to the
risks of fraud relevant to the audit objectives. They should maintain an attitude of
professional scepticism and be alert to the possibility of fraud throughout the audit
process.
5. Auditors should plan their work to ensure that ‘fee audit is conducted m an effective
and efficient manner
Planning for a specific audit includes strategy and operational aspects. Strategically,
planning should define the audit scope, objectives and approach. The objectives refer
to what the audit is intended to accomplish. The scope relates to the subject matter and
the criteria which the auditors will use to assess and report on the subject matter, and is
directly related to the objectives. The approach will describe the nature and extent of
the procedures to be used for gathering audit evidence. The audit should be planned to
reduce audit risk to an acceptably few fever.
Operationally, planning entails setting a timetable for the audit and defining the nature,
timing; and extent of the audit procedures. During planning, auditors should assign the
members of their team as appropriate and identify other resources that may be required,
such as subject experts
Conducting an audit
1. Auditors should perform audit procedures that provide sufficient appropriate audit
evidence to support the audit report. The auditor's decisions on the nature, timing and
extent of audit procedures will impact on the evidence to be obtained. The choice of
procedures will depend on the risk assessment or problem analysis.
2. Auditors should evaluate me the audit evidence and draw conclusions After completing
the audit Procedures, the auditor will review the audit documentation in order to
determine whether the subject matter has been sufficiently and appropriately audited.
Before drawing conclusions, the auditor reconsiders the initial assessment of risk and
materiality in the light of the evidence collected and determines whether additional audit
procedures need to be performed.
Based on the findings, the auditor should exercise professional judgement to reach a
conclusion on the subject matter or subject matter information.
Direct engagements In direct engagements the audit report needs to state the audit objectives
and describe how they were addressed in the audit, ft includes findings and conclusions on the
subject matter and may also include recommendations. Additional information about criteria,
methodology and sources of data may also be given, and any limitations to the audit scope
should be described.
The audit report should explain how the evidence obtained was used and why the resulting
conclusions were drawn, this will enable it to provide the intended users with the necessary
degree of confidence.
Opinion
When an audit opinion is used to convey the level of assurance, the opinion should be in a
standardized format. The opinion may be un modified or modified. An unmodified opinion is
used when either limited or reasonable assurance has been obtained. A modified opinion may
be:
Qualified (except for) - where the auditor disagrees with, or is unable to obtain
sufficient and appropriate audit evidence about, certain items in the subject matter
which could be material but not pervasive;
Adverse ~ where the auditor, having obtained sufficient and appropriate audit evidence,
concludes that deviations or misstatements, whether individually or in the aggregate, are
both material and pervasive;
Disclaimer of opinion - where the auditor is unable to obtain sufficient and appropriate
audit evidence due to an uncertainty or scope limitation which is both material and
pervasive.
The Office of the Auditor General draws its mandate from the Constitution of Kenya. Chapter
12, Part 6, Article 229 establishes the Office of the Auditor General. Article 229 states:
1. There shall be an Auditor-General who shall be nominated by the President and, with
the approval of the National Assembly, appointed by the President.
2. To be qualified to be the Auditor-General, a person shall have extensive knowledge of
public finance or at least ten years' experience in auditing or public finance
management.
3. The Auditor-General holds office, subject to Article 251, for a term of eight years and
shall not be eligible for re-appointment.
4. Within six months after the end of each financial year, the Auditor-General shall audit
and report, in respect of that financial year, on:-
The accounts of the national and county governments;
The accounts of all funds and authorities of the national and county governments;
The accounts of all courts;
The accounts of every commission and independent office established by this
Constitution;
p
The accounts of the National Assembly, the Senate and the county assemblies;
The accounts of political parties funded from public funds;
The public debt; and
The accounts of any other entity that legislation requires the Auditor-General to
audit
5. The Auditor General may audit and report on the accounts of any entity that is funded
from public funds.
6. An audit report shall confirm whether or not public money has been applied lawfully
and in an effective way.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 232
AUDITING AND ASSURANCE
a) consultancy that aims to identify the obstacles which prevent the conduct of
normal course of processes, establishment of causes, the determination of
consequences, presenting solutions for their elimination;
b) facilitating understanding in order to obtain additional information for in-depth
knowledge of the operation of a standard or a normative provisions, necessary
for the personnel carrying out their implementation;
c) Training and professional development to provide theoretical and practical
knowledge by organizing courses and seminars on financial management, risk
management and internal control.
Internal auditing may analyze strengths and weaknesses of an organization's internal
control, considering its governance, organizational culture, and related threats and
opportunities for improvement which can affect whether the organization is able to
achieve its goals. The analysis assesses whether risk management identifies the risks
and puts controls in place to manage public funds in an effective and efficient manner
Internal auditing works with those charged with governance, 1 such as board, audit
committee, senior management or, where appropriate, an external oversight body, in
ensuring that appropriate systems of internal control are designed and implemented. As
such, internal auditing can provide assistance regarding accomplishment of goals and
objectives, strengthening controls, and improving the efficiency and effectiveness of
operations and compliance with authorities. It is important to clarify that while internal
auditing can provide ' assistance on internal control, it should not perform management
or operational duties.
The internal audit‘s role is to contribute to the proper end efficient management of
public funds. The internal auditor has to inform the public entity's management with
respect to any evidence of fraud found during the course of an audit missions
The internal auditor has a large degree of involvement and fairness, he solves problems
and improves performances, helps the entity function properly and achieve
performances, following the possible problems in the future, and he offers the entity a
state of safety and comfort.
www.masomomsingi.co.ke Contact: 0728 776 317 Page 233
AUDITING AND ASSURANCE
Oversight
Auditors assist decision-makers in exercising oversight by evaluating whether public sector
entities are doing what they are supposed to do, spending funds for the intended purpose, and
complying with laws and regulations. Audits focusing on oversight answer the questions, "Has
the policy been implemented as intended?" and "Are managers implementing effective controls
to minimize risks?" Auditing supports the governance structure by verifying agencies' and
programs' reports of financial and programmatic performance and by testing their adherence to
the organization's rules and aims. Moreover, oversight audits contribute to public accountability
by providing access to this performance information to stakeholders within and outside of the
organization under audit. Elected and appointed officials as well as public sector managers are
responsible for setting direction and defining organizational objectives. In addition, managers
have the duty to assess risks and establish effective controls to achieve objectives and avert
risks. In their oversight role, government auditors assess and report on the success of these
efforts.
Detection
Detection is intended to identify inappropriate, inefficient, illegal, fraudulent, or abusive sets
that have already transpired and to collect evidence to support decisions regarding criminal
prosecutions, disciplinary actions, or other remedies. Detection efforts can take many forms
including:
Audits or Investigations based on suspicious circumstances or complaints that include
specific procedures and tests to Identify fraudulent, wasteful or abusive activity.
Alternatively, red flags that appear during the course of an audit initiated for unrelated
reasons may result in added procedures to specifically identify acts of fraud, waste, or
abuse.
Audits such as payroll accounts payable, or information systems security audits, that
test an organization‘s disbursements and related internal control.
Audits requested by law enforcement officials that analyze and interpret complex
financial statements and transactions for use in investigating evidentiary cases against
perpetrators
Reviews of potential conflicts of interest during the development and implementation
of laws, rules, and procedures.
Deterrence
Deterrence is intended to identify and reduce the conditions that allow corruption. Auditors
seek to deter fraud, abuse, and other breaches of public trust by:
Assessing controls for existing or proposed functions
Assessing organizational or audit specific risks.
Reviewing proposed changes to existing laws, rules, and implementation procedures.
Renewing contracts for potential conflict of interest.
Insight
Auditors provide insight to assist decision-makers by assessing which programs and policies
are working and which are not, sharing best practices and benchmarking information, and
looking horizontally across public sector entities and vertically among the levels of the public
sector to find opportunities to borrow, adapt, or reengineer management practices. The audit
activity helps institutionalize organizational leaning by providing ongoing feedback to adjust
policies. Auditors conduct their work systematically and objectively to develop a detailed
understanding of operations and draw conclusions based on evidence. Therefore, audits can
provide an insightful description of problems, resources, roles, and responsibilities that,
combined with understanding of the root cause of the problem and useful recommendations,
can encourage stakeholder‘s to rethink solutions to problems, not only can the performance of
the specific program under audit be improved, but working through the issues brought to light
by a particular audit can enhance the capacity of the public sector and the public to deal with
similar problems. Audits focusing on insight contribute importantly to answering the broader
question, "Has the policy brought about the intended, results'?" Concurrently with, the
accountability function, audits contribute to improving the operations of the public sector.
Foresight
Auditors also help their organizations look forward by identifying trends and bringing attention
to emerging challenges before they become crises. The audit activity can highlight challenges to
come — such as from demographic trends, economic conditions, or changing security threats —
and identifying risks and opportunities arising from rapidly evolving science and technology,
the complexities of modern society, international events, and changes in the nature of the
economy. These issues often represent long-term risks that may far exceed the terms of office
for most elected or appointed officials, and can sometimes receive low priority for attention
where scarce resources drive more short-term focus on urgent concerns. Additionally, a
common audit approach — risk-based auditing — focuses the cuds: on the organization's:
overall risk management framework, which can help identify and deter unacceptable risks.
Through risk-based auditing, the audit activity provides useful and relevant information to the
organization or managing its risks.
auditors to share experiences and benchmarks. It will also simplify cooperation in training and
implementation activities across borders. The standards also provide a framework against
which it is possible to measure SAI performance.
Quality
Carrying out audits in accordance with globally accepted standards will ensure a certain level
of quality and consistency m audits. All SAIs strive to earn the trust of citizens and
stakeholders alike. Applying internationally accepted standards in audits is one important step
in the direction of earning this trust. A high-quality standard will reduce auditor‘s risk. The
credibility of all audit organizations is built on the quality achieved in its audits. The use of
globally accepted standards will simplify benchmarking, regional quality assurance initiative
and peer reviews as well as the sharing of experiences in other ways. Using similar audit
methods in different countries can inspire organizations to continuous improvement.
Credibility
Using globally accepted standards will strengthen the credibility of both the audit organization
and its auditors, external stakeholders will gain increased confidence and trust in the work of
auditors using globally accepted standards. The results and conclusions of an audit conducted in
accordance with globally accepted standards can stand up to external scrutiny. The transparency
provided by using standards well-known to audited organizations and other stakeholders also
leads to increased credibility of the audit results
Professionalism
Standards form the basis for professionalization of auditors and audit organizations by
providing a structured process for the audit work. Common standards can improve
opportunities for exchange of professional views and experiences across national and sector
borders. Joint training activities and sharing experiences will be easier if auditors apply the
same set of professional standards. Globally I accepted standards also provide a common
language between public and private sector auditors in areas of similar responsibilities.
Applying globally accepted standards will strengthen the audit profession in general.