Advanced Auditing & Assurance

mDarasa Resources
www.mdarasa.com
Mobile Phone Application
+254708068851
ADVANCED AUDITING & ASSURANCE

mDarasa Resources
CERTIFIED PUBLIC ACCOUNTANT
SECTION 6
REVISED JULY 2018
CLASS NOTES
www.mdarasa.com
+254708068851

mDarasa Resources
CONTENT
17.1 Assurance and non-assurance
- The concept of assurance and non-assurance engagements
- Agreed upon procedures
- Compilation engagements
- Assurance reports
17.2 Audit framework and regulations

- Objective and general principles
- Legal framework
- International, regulatory framework for audit and assurance services
- Auditors’ professional liability and legal responsibilities
17.3 Professional and ethical considerations

- Code of ethics for professional accountants
- Fundamental principles, threats and safeguards
- Advertising, publicity, obtaining professional work and fees and money laundering
- Professional skepticism (in the context of errors and fraud)
17.4 Management of audit practice

- Client acceptance and retention
- Tendering for audit services
- Professional appointments
- Planning, materiality and assessing risk of misstatement (audit risk)
- Methods and techniques of auditing high risk areas
- Use and evaluation of internal control system by auditors
- Preparation of audit working papers
17.5 Audit evaluation and reviews

- Financial statement assertions and audit procedures
- Subsequent events
- Going concern
- Related parties management representation
- Group audit/joint/component audit
- Analytical review
- The company audit
- Audit of consolidated financial statements
- Audit of banks and non banking financial institutions
- Audit of general insurance companies
- Audit of cooperatives societies
- Audit under taxation laws
- Other special audit assignments
17.6 Audit related assurance services

- Prospective financial information,
www.mdarasa.com
+254708068851

mDarasa Resources
- Investigations and due diligence
- Special audit assignments (social and environment audit)
- Audit committee and corporate governance
- Operations and internal audit management
- Audit under computerised information systems
- Audit of public sector undertakings
17.7 Forensic accounting

- Conduct of forensic investigations: accepting the investigation, planning, evidence
gathering, reporting
- Rules of evidence in court proceedings
- Regulations and standards on forensic accounting
- Applicable codes of ethics
17.8 Audit clearance and reporting

- Quality control and peer review
- Reports to those charged with governance
- Reporting on compliance and other information (Chairman’s statement and
directors report)
- Auditors report on financial statements
17.9 Emerging issues and trends
www.mdarasa.com
+254708068851

mDarasa Resources
CONTENT
TOPIC 1
17.1 Assurance and non-assurance
 Theconcept of assurance and non-assurance engagements

 Agreed upon procedures
 Compilation engagements
 Assurance reports
www.mdarasa.com
+254708068851

mDarasa Resources
TOPIC 1
ASSURANCE AND NON-ASSURANCE
ASSURANCE AND NON-ASSURANCE CONCEPT
Auditing the independent examination of and expression of opinion on, the financial statements
of an enterprise by an appointed auditor in pursuance of that appointment and in compliance with
any relevant statutory obligation
Auditor—“Auditor” is used to refer to the person or persons conducting the audit, usually the
engagement partner or other members of the engagement team, or, as applicable, the firm. Where
an ISA expressly intends that a requirement or responsibility be fulfilled by the engagement
partner, the term “engagement partner” rather than “auditor” is used. “Engagement partner” and
“firm” are to be read as referring to their public sector equivalents where relevant.
Audit This is the independent investigation into the quality of published accounting information.
ELEMENTS ASSURANCE ENGAGEMENT.
There are five elements that must all be present in order to qualify the engagement as an
assurance engagement. (TSECA)
1. A three-party relationship involving a practitioner, a responsible party, and intended

users;
2. An appropriate subject matter;
3. Sufficient appropriate evidence;
4. Suitable Criteria;
5. A written assurance report in the form appropriate to a reasonable assurance engagement
or a limited assurance engagement.
Appropriate Subject Matter
The subject matter and the subject matter information of an assurance engagement can take many
forms, such as:
 Financial performance or conditions

 Non-financial performance or conditions
www.mdarasa.com
+254708068851

mDarasa Resources
 Physical characteristics
 Systems and Processes
 Behavior
An appropriate subject matter is
 Identifiable and capable of consistent evaluation or measurement against the identified

criteria
 Capable of being subjected to procedures for gathering sufficient appropriate evidence to
support a reasonable assurance or limited assurance conclusion, as appropriate
Sufficient Appropriate Evidence
 Sufficiency is the measure of the quantity of evidence

o The quantity of evidence needed is affected by the risk of the subject matter being
materially misstated.
 Appropriateness is the measure of the quality of evidence, that is,
its relevanceand reliability
o The reliability of evidence is influenced by its source and by its nature, and is
dependent on the individual circumstances under which it is obtained.
o Generalization about the reliability of evidence – evidence is more reliable if:
 Obtain from independent source outside the entity
 Generated internally when the related controls are effective
 Obtained directly by the practitioner than indirect or by inference
 Exist in documentary form
 Provided by original documents
 Merely obtaining more evidence may not compensate for its poor quality
 The auditor should consider the cost of obtaining the usefulness of the evidence.
Suitable Criteria
The following are the characteristics of a criteria to be considered suitable:
 Relevance – contribute to conclusions that assist decision-making by the intended users.

 Completeness – the relevant factors that could affect the conclusions are not omitted.
Includes benchmarks for presentation and disclosure
 Reliability – allows reasonably consistent evaluation or measurement of the subject
matter including where relevant, presentation and disclosure, when used in similar
circumstances by similarly qualified practitioners
 Neutrality – free from bias
 Understandability – contribute to conclusions that are clear, comprehensive, and not
subject to significantly different interpretations
www.mdarasa.com
+254708068851

mDarasa Resources
Types of Assurance Engagements
1. As to level of assurance:
a) Reasonable Assurance
The objective is a reduction in assurance engagement risk to an acceptably low level as the basis
for a positive form of expression of a practitioner’s conclusion. (e.g., audit of historical financial
statements)
b) Limited Assurance
The objective is a reduction in assurance engagement risk to a level that is acceptable in the
circumstances of the engagement, but where the risk is greater that for a reasonable assurance
engagement, as the basis for a negative form of expression of the practitioner’s conclusion. (e.g.,
review of historical financial statements
2. As to structure of engagement:
a) Assertion-based
The evaluation or measurement of the subject matter is performed by the responsible party, and
the subject matter information is in the form of assertion to the intended users.
b) Direct Reporting
The practitioner either directly performs the evaluation or measurement of the subject matter, or
obtains a representation from the responsible party that has performed the evaluation or
measurement that is not available to intended users. The subject matter information is provided
to the intended users in the assurance report.
IMPORTANCE OF ASSURANCE ENGAGEMENTS
1. Potential bias in providing information

2. Remoteness between a user and the organization
3. Complexity of the transactions, information, or processing systems
4. Investors need to manage their risk and thereby minimize financial surprises as
consequences to investors, and others, of relying on inaccurate information can be quite
significant.
LIMITATIONS OF ASSURANCE ENGAGEMENTS
www.mdarasa.com
+254708068851

mDarasa Resources
1. Use of selective testing (sampling)
2. Use of judgment
3. Inherent Limitations of internal control
4. Persuasive evidence rather than conclusive evidence
5. Characteristics of the subject matter
LEVELS OF ASSURANCE ENGAGEMENT
The assurance
Type of
Objective Evidence gathering procedures engagement
engagement
report
Sufficient appropriate evidence is
obtained as part of a systematic
A reduction in assurance assurance engagement process that
engagement risk to an includes:
Description of
acceptably low level in the
the assurance
circumstances of the  obtaining an understanding
engagement
Reasonable assurance engagement, as of the assurance engagement
circumstances,
assurance the basis for a positive circumstances
and a positive
engagement form of expression of the  assessing risks
form of
auditor’s conclusion.  responding to assessed risks
expression of the
Reasonable assurance  performing further evidence
conclusion.
means a high but not gathering procedures, and
absolute level of assurance.  evaluating the evidence
obtained.
A reduction in assurance Sufficient appropriate evidence is

engagement risk to a level obtained as part of a systematic
Description of
that is acceptable in the assurance engagement process that
the assurance
circumstances of the includes obtaining an understanding
engagement
Limited assurance engagement but of the matter to be audited and other
circumstances,
assurance where that risk is greater assurance engagement
and a negative
engagement than for a reasonable circumstances; but evidence
form of
assurance engagement, as gathering procedures are
expression of the
the basis for a negative deliberately limited in comparison
conclusion.
form of expression of the with a reasonable assurance
auditor’s conclusion. engagement.
NON-ASSURANCE ENGAGEMENTS
www.mdarasa.com
+254708068851

mDarasa Resources
If an engagement lacks the five elements of assurance engagements, it is considered non-
assurance (residual definition). Examples of non-assurance engagement are the following:
1. Agreed-upon procedures
2. Compilations engagements
3. Preparation of Income tax returns where no conclusion conveying assurance is expressed
4. Management advisory services and Consulting
5. Engagement that includes rendering of professional opinions not intended to be an
assurance report
An audit is an objective examination and evaluation of the financial statements of an

organization to make sure that the records are a fair and accurate representation of the
transactions they claim to represent. It can be done internally by employees of the organization,
or externally by an outside firm.
partner, the term “engagement partner” rather than “auditor” is used.
Definition and Objective of an Assurance Engagement
“Assurance engagement” means an engagement in which a practitioner expresses a conclusion

designed to enhance the degree of confidence of the intended users other than the responsible
party about the outcome of the evaluation or measurement of a subject matter against criteria.
Practitioner:
The person who performs the engagement. It is broader than the term “auditor” which relates
only to practitioners performing audit or review engagements with respect to historical financial
information
Responsible Party:
The person responsible for the subject matter in direct reporting engagement or subject matter
information (the assertion), and may be the subject matter in an assertion-based engagement. The
responsible party may or may not be the party who engages the practitioner or the engaging
party.
Intended Users:
www.mdarasa.com
+254708068851

mDarasa Resources
For whom the assurance report is prepared. The responsible party can be one of the intended
users, but not the only one.
Suitable Criteria:
Benchmarks used to evaluate or measure the subject matter
Professional Skepticism:
An attitude that includes a questioning mind, being alert to conditions which may indicate
possible misstatement due to error or fraud, and a critical assessment of evidence.
AGREED UPON PROCEDURES
Non-assurance Engagements
 Agreed upon Procedures

 Compilations
Reviews
The objective of a review of financial statements is to enable an auditor to state whether, on the
basis of procedures which do not provide all the evidence that would be required in an audit,
anything has come to the auditor’s attention that causes the auditor to believe that the
financial statements are not prepared, in all material respects, in accordance with an identified
financial reporting framework. A similar objective applies to the review of financial or other
Information prepared in accordance with appropriate criteria.
Agreed-upon Procedures
In an engagement to perform agreed-upon procedures, an auditor is engaged to carry out those

procedures of an audit nature to which the auditor and the entity and any appropriate third parties
have agreed and to report on factual findings. The recipients of the report must form their own
conclusions from the report by the auditor. The report is restricted to those parties that have agreed
to the procedures to be performed since others, unaware of the reasons for the procedures, may
misinterpret the results.
Compilations
In a compilation engagement, the accountant is engaged to use accounting expertise as opposed to

auditing expertise to collect, classify and summarize financial information. This ordinarily entails
reducing detailed data to a manageable and understandable form without a requirement to test the
assertions underlying that information. The procedures employed are not designed and do not
www.mdarasa.com
+254708068851

mDarasa Resources
enable the accountant to express any assurance on the financial information. However, users of the
compiled financial information derive some benefit as a result of the accountant’s involvement
because the service has been performed with due professional skill and care.
The objective of compilations is to collect, summarize and classify financial information i.e.
using accounting rather than auditing expertise into understandable form e.g. financial
statements
In a compilation engagement, the accountant is engaged to use accounting expertise as opposed to

auditing expertise to collect, classify and summarize financial information. This ordinarily entails
reducing detailed data to a manageable and understandable form without a requirement to test the
assertions underlying that information. The procedures employed are not designed and do not
enable the accountant to express any assurance on the financial information. However, users of the
compiled financial information derive some benefit as a result of the accountant’s involvement
because the service has been performed with due professional skill and care.
ASSURANCE REPORTS
The need for assurance reports is increasing because for example,
 The need quicker and better information for decision making in increasingly competitive
business environment.
 The complexity of systems and the anonymity of the internet present potential barriers to
growth.
 The need for independent assurance that decisions are made based on reliable information.
An assurance engagement is an engagement in which the practitioner expresses a conclusion

designed to enhance the degree of confidence of intended users, other than the responsible party,
about the outcome of the evaluation or measurement of subject matter against criteria.
The practitioner provides a written report containing a conclusion that conveys the assurance
obtained about the subject matter information. He or she also considers othe reporting
responsibilities including communicating with those charged with governance.
ISAs, ISREsand ISAE s establish basic elements of assurance reports.
The form of assurance given maybe reasonable assurance or limited assurance.
A reasonable assurance engagement expresses an opinion in a positive form while a limited

assurance engagement expresses a conclusion in a negative form.
www.mdarasa.com
+254708068851

mDarasa Resources
CONTENT
www.mdarasa.com
+254708068851

mDarasa Resources
TOPIC 2
17.2 Audit framework and regulations
 Objective and general principles

 Legal framework
 International, regulatory framework for audit and assurance
services
 Auditors’ professional liability and legal responsibilities
www.mdarasa.com
+254708068851

mDarasa Resources
TOPIC 2
AUDIT FRAMEWORK AND REGULATIONS
OBJECTIVES AND PRINCIPLES
An audit is an objective examination and evaluation of the financial statements of an

organization to make sure that the records are a fair and accurate representation of the
transactions they claim to represent. It can be done internally by employees of the organization,
or externally by an outside firm.
partner, the term “engagement partner” rather than “auditor” is used.
A. PRIMARY OBJECTIVES OF AUDIT

The main objectives of audit are known as primary objectives of audit. They are as follows:
i. Examining the system of internal check.
ii. Checking arithmetical accuracy of books of accounts, verifying posting, costing, balancing
etc.
iii. Verifying the authenticity and validity of transactions.
iv. Checking the proper distinction of capital and revenue nature of transactions.
v. Confirming the existence and value of assets and liabilities.
vi. Verifying whether all the statutory requirements are fulfilled or not.
vii. Proving true and fairness of operating results presented by income statement and financial
position presented by balance sheet.
B. SUBSIDIARY OBJECTIVES OF AUDIT

These are such objectives which are set up to help in attaining primary objectives. They are as
follows:
i. Detection and prevention of errors
Errors are those mistakes which are committed due to carelessness or negligence or lack of
knowledge or without having vested interest. Errors may be committed without or with any
vested interest. So, they are to be checked carefully. Errors are of various types. Some of them
are:
* Errors of principle
* Errors of omission
* Errors of commission
www.mdarasa.com
+254708068851

mDarasa Resources
* Compensating errors
ii. Detection and prevention of frauds

Frauds are those mistakes which are committed knowingly with some vested interest on the
direction of top level management. Management commits frauds to deceive tax, to show the
effectiveness of management, to get more commission, to sell share in the market or to maintain
market price of share etc. Detection of fraud is the main job of an auditor. Such frauds are as
follows:
* Misappropriation of cash
* Misappropriation of goods
* Manipulation of accounts or falsification of accounts without any misappropriation
iii. Under or over valuation of stock

Normally such frauds are committed by the top level executives of the business. So, the
explanation given to the auditor also remains false. So, an auditor should detect such frauds
using skill, knowledge and facts.
iv. Other objectives
* To provide information to income tax authority.
* To satisfy the provision of company Act.
* To have moral effect
INTERNATIONAL, REGULATORY FRAMEWORK FOR AUDIT AND ASSURANCE

SERVICES
Regulation of the Accounting Profession in Kenya
The broad regulations that govern the Accounting profession in Kenya are set out in the
Accountants Act, Chapter 531 of the Laws of Kenya.
The act establishes various bodies to regulate the profession in Kenya. These are detailed below
with their major respective functions summarised.
1. Kenya Accountants and Secretaries National Examination Board (KASNEB)

(Section 17).
Functions: • Prepare syllabuses for accounting examinations;
• Make rules with respect to examinations;
• Arrange and conduct examinations;
• Issue certificates to candidates who have satisfied examination

requirements;
www.mdarasa.com
+254708068851

mDarasa Resources
• Promote recognition of its examinations in foreign countries.
2. Registration of Accountants Board (RAB)
Functions:
• Register accountants who are effectively graduates of IAS / IFRSNEB examinations or hold
qualifications recognised by RAB (Section 23 & 24).
• Issue of Practising Certificates (Section 21).
3. Institute of Certified Public Accountants of Kenya (ICPAK)
Functions: • To promote standards of professional competence and practice amongst

members;
• Promote research into the subjects of accountancy and finance and related
matters, publication of books, periodicals, journals and articles;
• Promote the international recognition of the institute;
• Advise the KASNEB on matters relating to examination standards and

policies.
4. Disciplinary Committee
Membership to be determined by Council of ICPAK. Where the Institute Council has

reason to believe that a member may be guilty of professional misconduct it shall refer the matter
to the Disciplinary Committee which will inquire into the matter.
After its inquiry the Committee can recommend:-
a) No further action be taken against the member;
b) The member be reprimanded;
c) The member be reprimanded with publication of the reprimand in the Gazette;
d) Registration be cancelled;
e) Practising certificate be suspended.
Section 28 of the Accountants Act details what constitutes professional misconduct.
www.mdarasa.com
+254708068851

mDarasa Resources
Organisation in an Auditing Firm
The organisation adopted by most of the large firms in Kenya involves a pyramid structure
that is usually made up as follows:
Partner
Manager
Accountant in Charge
Audit Assistants, Trainees, juniors
International, Assurance Auditing, Standards Board (IAASB)
The preface to the International Standards on Quality Control, Auditing, Assurance and Related
Services (International Standards or IAASB’s Standards) is issued to facilitate understanding of
the objectives and operating procedures of the International Auditing and Assurance Standards
Board (IAASB) and the scope and authority of the pronouncements it issues, as set forth in the
IAASB’s Interim Terms of Reference.
The mission of the International Federation of Accountants (IFAC), as set out in its constitution,
is “the worldwide development and enhancement of an accountancy profession with harmonized
standards, able to provide services of consistently high quality in the public interest.”
In pursuing this mission, the IFAC Board has established the IAASB to develop and issue, under
its own authority, high quality standards on auditing, assurance and related services engagements
(IAASB’s Engagement Standards, as defined in paragraph 14),
related Practice Statements and quality control standards for use around the world.
The IAASB’s pronouncements govern audit, assurance and related services engagements that are
conducted in accordance with International Standards.
They do not override the local laws or regulations that govern the audit of historical financial
statements or assurance engagements on other information in a particular country required to be
www.mdarasa.com
+254708068851

mDarasa Resources
followed in accordance with that country’s national standards. In the event that local laws or
regulations differ from, or conflict with, the IAASB’s Standards on a particular subject, an
engagement conducted in accordance with local laws or regulations will not automatically comply
with them. A professional accountant should not represent compliance with the IAASB’s
Engagement Standards unless the professional accountant has complied fully with all of those
relevant to the engagement.
The IAASB is committed to the goal of developing a set of International Standards generally
accepted worldwide. To further this goal, the IAASB works cooperatively with national standard
setters, and takes a lead role in joint projects with them, to promote convergence between national
and international standards and achieve acceptance of IAASB’s Standards.
The International Auditing and Assurance Standards Board
The IAASB is a Board established by IFAC. The members of the IAASB are appointed by the
IFAC Board to serve on the IAASB.
IAASB members act in the common interest of the public at large and the worldwide accountancy
profession. This could result in their taking a position on a matter that is not in
accordance with current practice in their country or firm or not in accordance with the position
taken by those who put them forward for membership of the IAASB. Each IAASB member has
the right to appoint one technical advisor who may participate in the discussions at IAASB
meetings.
IAASB meetings to discuss the development and to approve the issuance of International
Standards, Practice Statements or other papers are open to the public. Agenda papers, including
minutes of the meetings of the IAASB, are published on the IAASB’s website.
The Authority Attaching to International Standards Issued by the International Auditing

and Assurance Standards Board
International Standards on Auditing (ISAs) are to be applied in the audit of historical financial
information.
International Standards on Review Engagements (ISREs) are to be applied in the review of

historical financial information.
International Standards on Assurance Engagements (ISAEs) are to be applied in assurance

engagements dealing with subject matters other than historical financial information.
www.mdarasa.com
+254708068851

mDarasa Resources
International Standards on Related Services (ISRSs) are to be applied to compilation
engagements, engagements to apply agreed upon procedures to information and other related
services engagements as specified by the IAASB.
ISAs, ISREs, ISAEs and ISRSs are collectively referred to as the IAASB’s Engagement
Standards.
International Standards on Quality Control (ISQCs) are to be applied for all services falling
under the IAASB’s Engagement Standards.
The IAASB’s Standards contain basic principles and essential procedures (identified in bold type
lettering) together with related guidance in the form of explanatory and other material, including
appendices. The basic principles and essential procedures are to be understood and applied in the
context of the explanatory and other material that provide guidance for their application. It is
therefore necessary to consider the whole text of a Standard to understand and apply the basic
principles and essential procedures.
The nature of the IAASB’s Standards requires professional accountants to exercise professional
judgment in applying them. In exceptional circumstances, a professional accountant may judge it
necessary to depart from a basic principle or essential procedure of an Engagement Standard to
achieve more effectively the objective of the engagement. When such a situation arises, the
professional accountant should be prepared to justify the departure.
Any limitation of the applicability of a specific International Standard is made clear in the standard.
AUDITORS LIABILITY
Where the auditor’s legal liability falls. We need therefore to refer to decided cased in other
countries. But even in those countries there are in fact very few decided cases against auditors. In
those countries, the vast majority of actions against auditors are settled out of court. This saves
what could otherwise be very expensive court costs. It is also significant to note that this saves
dragging the professional firm's name through the courts and most likely through the
newspapers. Firms are of course anxious to avoid such bad publicity.
It is however generally known that the auditor's liability falls under three specific headings:
(a) To his clients under contract law;
(b) To third parties under the law of tort;
(c) Civil and criminal liability under statute law and we will deal with each in turn:
www.mdarasa.com
+254708068851

mDarasa Resources
To his clients: The auditor is under duty to report to the members in general meetings on all
accounts examined by him and laid before them. His contract is therefore with the company as a
whole and not with individual shareholders. The auditor can therefore be accused of negligence
if:
(a) he fails to detect fraud or error which he should reasonably have detected;
(b) if he fails to comply with generally accepted auditing standards and practices.
However, it is also generally held that for an auditor to suffer actual financial loss, the following
conditions must be met.
i. he must be proved to have been negligent;
ii. the complainant must have suffered a loss;
iii. the loss must be as a direct consequence of his reliance on the auditor's report and the
auditors negligence.
Therefore if the auditor fails to detect a fraud which is immaterial to the accounts and unless there
are suspicious circumstances which he had noticed or should reasonably have noticed, it is unlikely
that he will be held negligent.
Even if the fraud was material to the accounts, he may still escape liability if detection could not
reasonably have been achieved using normal audit procedures. It must be admitted however this
is a very dubious area of law.
The auditor has no duty to individual shareholders. A shareholder who makes an investment
decision by relying on the auditor's report and suffers loss cannot claim under the law of
contract. Only if the company as a whole has suffered, can the whole body of shareholders claim
from the auditor.
In a number of cases it appears that claims have arisen as a result of some misunderstanding as to
the degree of responsibility which the accountant was expected to take in giving advice or
expressing an opinion. It is therefore important, to distinguish between disputes arising from
misunderstanding regarding the duties assumed, and negligence in carrying out agreed terms
Liability to third parties
For a long time liability to third parties existed only in respect to physical injury. Liability for
financial loss is a recent development. Examples of occasions when an accountant may run the
risk of insuring a liability to third parties may include the following:
www.mdarasa.com
+254708068851

mDarasa Resources
(a)Preparing financial statements or reports for a client when it is known or ought to be known that
they are intended to be shown to and relied upon by a third party even if the identity of the third
party is not disclosed.
b) Giving references regarding a client's credit worthiness or an assurance as to his capacity to

carry out the terms of a contract or giving any other reference on behalf of the client.
Again, it must be shown that the accountant was negligent, third parties suffered a financial loss,
the financial loss occurred as a result of the accountant's negligence and that the accountant knew
the purpose for which his report or accounts were to be used.
Liability under statute
Civil liability: Section 206 of the Companies Act provides that officers of the company and for
these purposes auditors are considered as officers, may be liable for financial damages in respect
of the civil offences of misfeasance and breach of trust. This section which is only relevant to
winding up refers to a situation where officers have misused their position of authority for the
purposes of personal gain.
Criminal liability: Section 46 of the Companies Act states that an auditor shall be criminally
liable if he wilfully makes a materially false statement in any report, certificate, financial statement
etc. Wilfully implies fraudulently and can be difficult to prove. Whereby, it is held that where
an officer of a body corporate with intent to deceive members or creditors, publishes or concurs in
publishing a written statement of account which to his knowledge is or may be misleading, false
or deceptive in a material particular he shall on conviction be liable to imprisonment for a term not
exceeding 7 years.
Other relevant issues to be considered under this section include:
• The auditor with errors and irregularities;
• The auditor with illegal acts by client or client's staff;
• Questionable payments;
ILLEGAL ACTS
Auditors may uncover criminal offences committed by a client or an employee of the client. This
puts them in a difficult position, but the auditor should act carefully and correctly and if necessary,
take legal advice. The auditor must not commit a criminal offence himself. It is felt that he would
have committed a criminal offence if:
www.mdarasa.com
+254708068851

mDarasa Resources
(a) He advises his client to commit a criminal offence;
(b) Aids the client in devising or examining a crime;
(c) If he agrees with a client to conceal or destroy evidence or mislead the police with
false statements;
(d) If he knows that his client has committed an arrest able offence and tries to impede
his arrest and prosecution. Impede does not include refusing to answer questions or refusing to
produce documents without the client's consent;
(e) If he knows that his client has committed an offence and agreed to accept
consideration to withhold information;
(f) If he knows that the client has committed treason and fails to report the offence to the
proper authority.
Discovery of unlawful acts
When an auditor discovers unlawful acts, usually he is not expected to disclose to the police or
other authorities unless:
i. The client authorises disclosure;
ii. That disclosure is compelled by process of law for example, a court order;
iii. That disclosure is required in the auditor's own defence;
iv. The circumstances are such that the auditor has a public duty to disclose, for
example, when the client has committed a serious crime or his act treasonable
CONTENT
www.mdarasa.com
+254708068851

mDarasa Resources
TOPIC 3
17.3 Professional and ethical considerations
 Code of ethics for professional accountants

 Fundamental principles, threats and safeguards
 Advertising, publicity, obtaining professional work and fees and
money laundering
 Professional skepticism (in the context of errors and fraud)
www.mdarasa.com
+254708068851

mDarasa Resources
TOPIC 3
PROFESSIONAL AND ETHICAL
CONSIDERATIONS
CODE OF ETHICS FOR PROFESSIONAL ACCOUNTANTS
Requirements
Ethical Requirements Relating to an Audit of Financial Statements
The auditor shall comply with relevant ethical requirements, including those pertaining to
independence, relating to financial statement audit engagements.
 The auditor is subject to relevant ethical requirements, including those pertaining to

independence, relating to financial statement audit engagements. Relevant ethical
requirements ordinarily comprise Parts A and B of the International Ethics Standards
Board for Accountants’ Code of Ethics forProfessional Accountants (IESBA Code)
related to an audit of financial statements together with national requirements that are
more restrictive.
 Part A of the IESBA Code establishes the fundamental principles of professional ethics
relevant to the auditor when conducting an audit of financial statements and provides a
conceptual framework for applying those principles. The fundamental principles with
which the auditor is required to comply by the IESBA Code are:
(a) Integrity;
(b) Objectivity;
(c) Professional competence and due care;
(d) Confidentiality; and
(e) Professional behavior.
Part B of the IESBA Code illustrates how the conceptual framework is to be applied in specific
situations.
www.mdarasa.com
+254708068851

mDarasa Resources
FUNDAMENTAL PRINCIPLES, THREATS AND SAFEGUARDS
Fundamental Principles
The IESBA Code of Ethics requires accountants to adhere to five fundamental principles:
i. Integrity —a professional accountant should be straight forward and honest in

performing professional services.
ii. Objectivity—a professional accountant should not allow bias, conflict of interest or
undue influence of others to override professional or business judgments.
iii. Professional Competence and Due Care—a professional accountant has a continuing
duty to maintain professional knowledge and skill at the level required to ensure that a
client or employer receives competent professional service based on current
developments. A professional accountant should act diligently and in accordance with
applicable technical and professional standards when providing professional services.
iv. Confidentiality—A professional accountant should respect the confidentiality of
information acquired as a result of professional and business relationships and should not
disclose any such information to third parties without proper and specific authority unless
there is a legal or professional right or duty to disclose. Confidential information acquired
as a result of professional and business relationships should not be used for the personal
advantage of the professional accountant or third parties.
v. Professional Behavior—a professional accountant should comply with relevant laws and
regulations and should avoid any action that discredits the profession.
Threats and Safeguards
Compliance with the fundamental principles may potentially be threatened by a broad range of
circumstances. Many threats fall into the following categories:
a. Self-interest threats, which may occur as a result of the financial or other interests of a
professional accountant or of an immediate or close family" member;
b. Self-review threats, which may occur when a previous judgment needs to be re-valuated
by the professional accountant responsible for that judgment;
c. Advocacy threats, which may occur when a professional accountant promotes a position
or opinion to the point that subsequent objectivity may be compromised;
d. Familiarity threats, which may occur when, because of a close relationship, a professional
accountant becomes too sympathetic to the interests of others; and
e. Intimidation threats, which may occur when a professional accountant may be deterred
from acting objectively by threats, actual or perceived.
Safeguards that may eliminate or reduce such threats to an acceptable level fall into two broad
categories:
www.mdarasa.com
+254708068851

mDarasa Resources
a. Safeguards created by the profession, legislation or regulation; and
b. Safeguards in the work environment.
Safeguards created by the profession, legislation or regulation include, but are not restricted to:
 Educational, training and experience requirements for entry into the profession.
 Continuing professional development requirements.
 Corporate governance regulations.
 Professional standards.
 Professional or regulatory monitoring and disciplinary procedures.
 Externally review by a legally empowered third party of the reports, returns,
communications or information produced by a professional accountant.
Certain safeguards may increase the likelihood of identifying or deterring unethical behavior.
Such safeguards, which may be created by the accounting profession, legislation, regulation or
an employing organization, include, but are not restricted to:
 Effective, well publicized complaints systems operated by the employing organization,

the profession or a regulator, which enable colleagues, employers and members of the
public to draw attention to unprofessional or unethical behaviour
 An explicitly stated duty to report breaches of ethical requirements.
The nature of the safeguards to be applied will vary depending on the circumstances. In
exercising professional judgment, a professional accountant should consider what a reasonable
and informed third party, having knowledge of all relevant information, including the
significance of the threat and the safeguards applied, would conclude to be unacceptable.
ADVERTISING, PUBLICITY, OBTAINING PROFESSIONAL WORK AND FEES AND

MONEY LAUNDERING.
ADVERTISING
Promotional materials and advertisements must not;
 Discredit ACCA members, firms or the accountancy profession..

 claim superiority
 mislead
 fall short of standards regarding legality decency, clarity honesty and truthfulness
PUBLICITY
www.mdarasa.com
+254708068851

mDarasa Resources
This is communication to the public of facts which are not designed for deliberate promotion.
Acceptable publicity includes
 Appointments and approval.

 Seeking employment or professional business\in professional directories but entry must
not to be a promotional advertisement
 Books articles, interviews, lectures, media appearances.
 Training courses and seminars but must not have undue prominence in materials issued.
AUDIT FEES
General basis on which fees are computed should be set out in the letter of engagement.
Members can charge whatever they consider appropriate. The following factors should be
considered;
 Seniority and professional expertise of persons engaged in work

 Time taken
 Risk and responsibility entailed in work.
 Urgency and importance of work to client.
 Overhead expenses
A firm may obtain assurance engagement for a fee level that is significantly lower than that charged
by the predecessor firm or quoted by another firm. This creates a self interest threat that will not
be reduced to an acceptable level unless the firm can demonstrate that appropriate time and
qualified staff are assigned to the task and that all applicable assurance standards, guidelines and
quality control procedures are complied with
Contingency fee means that no fee is charged unless a specified finding or result is obtained.
Fess should not be charged on a %’ contingency or similar basis except where it is generally
accepted
In assurance engagements fees must not be calculated on a percentage or contingency basis. In

non-assurance engagements contingent fees are not acceptable. The threat of contingent fee
arrangement for non-assurance clientswill depend on the possible range and degree of variability
of the fee The threat maybe reduced by prior approval by an audit committee or an independent
third party
Fee quotations - If a fee quotation is not economical, there maybe a self-interest threat. The firm
must be able to demonstrate that appropriate time and qualified staff are assigned to the task and
that all applicable assurance standards guidelines and quality control procedures are being
complied with
FEES DISPUTES MAY BE DEALT WITH AS FOLLOWS
www.mdarasa.com
+254708068851

mDarasa Resources
 Variations between the notes should be explained e.g. reasons for extra work.
 If a client pays a smaller amount, it must be stated, in writing. That is accepted as part
payment and not full discharge of the amount owed.
 Both parties to a fee dispute may make a written application to ha an arbitrator appointed.
 A particular lien maybe exercised over certain books and papers which have been worked
on.
MONEY LAUNDERING
Money laundering is the process by which funds derived from criminal activity (“dirty money”)
are given the appearance of having been legitimately obtained, through a series of transactions in
which the funds are cleaned. Its purpose is to provide a legitimate cover for the source of the
money.
Money laundering is a global phenomenon that affects all countries to varying degrees. By its
very nature, it is a hidden activity and involves various actor and is a white collar crime.
It is important for auditors conducting forensic audit to understand what money laundering
entails, the International and domestic legal and institutional framework to combat money
laundering.
FORENSIC INVESTIGATION IN ML
Crime investigation mainly involves forensic auditing of accounts and documents, examination
of bank statements and various records and statements filed by the companies or Govt. Agencies.
} Forensic auditing is a technique to legally determine whether accounting transactions are in
consonance with various accounting, auditing and legal requirements and eventually determine
whether any crime has taken place.
Forensic auditing is a blend of accounting, auditing and investigative skills. } Forensic

examination of documents is also required to be done to verify the signature, handwriting etc
STEPS INVOLVED IN FORENSIC AUDITING
 Detailed examination of financial statements and books of accounts.

 Examination of related party transactions and Inter-corporate Deposits as disclosed in the
financial statements
 Auditing of off Balance sheet items.
ROLE OF ACCOUNTANTS IN AML AND FINANCIAL CRIME INVESTIGATIONS
 Report suspicious transactions

 Maintain and keep proper accounting records and when required be made available to
law enforcement agencies.
www.mdarasa.com
+254708068851

mDarasa Resources
 Undertake customer due diligence to identify the beneficial owner } Verify the
legitimacy of funds.
 Duty to ensure that financial statements are true and fair view of legal entities
PROFESSIONAL SKEPTICISM
The auditor shall plan and perform an audit with professional skepticism recognizing that
circumstances may exist that cause the financial statements to be materially misstated.
Professional skepticism includes being alert to, for example:
 Audit evidence that contradicts other audit evidence obtained.

 Information that brings into question the reliability of documents and responses to
inquiries to be used as audit evidence.
 Conditions that may indicate possible fraud.
 Circumstances that suggest the need for audit procedures in addition to those required by
the ISAs.
Maintaining professional skepticism throughout the audit is necessary if the auditor is, for
example, to reduce the risks of:
 Overlooking unusual circumstances.

 Over generalizing when drawing conclusions from audit observations.
 Using inappropriate assumptions in determining the nature, timing and extent of the audit
procedures and evaluating the results thereof.
 Professional skepticism is necessary to the critical assessment of audit evidence. This
includes questioning contradictory audit evidence and the reliability of documents and
responses to inquiries and other information obtained from management and those
charged with governance. It also includes consideration of the sufficiency and
appropriateness of audit evidence obtained in the light of the circumstances, for example,
in the case where fraud risk factors exist and a single document, of a nature that is
susceptible to fraud, is the sole supporting evidence for a material financial statement
amount.
 The auditor may accept records and documents as genuine unless the auditor hasreason to
believe the contrary. Nevertheless, the auditor is required to consider thereliability of
information to be used as audit evidence. In cases of doubt about thereliability of
information or indications of possible fraud (for example, if conditionsidentified during
the audit cause the auditor to believe that a document may not beauthentic or that terms in
a document may have been falsified), the ISAs requirethat the auditor investigate further
and determine what modifications or additions toaudit procedures are necessary to
resolve the matter.
www.mdarasa.com
+254708068851

mDarasa Resources
 The auditor cannot be expected to disregard past experience of the honesty andintegrity
of the entity’s management and those charged with governance.Nevertheless, a belief that
management and those charged with governance arehonest and have integrity does not
relieve the auditor of the need to maintainprofessional skepticism or allow the auditor to
be satisfied with less thanpersuasive audit evidence when obtaining reasonable assurance.
Professional Judgment
The auditor shall exercise professional judgment in planning and performing an audit of financial
statements.
Professional judgment is essential to the proper conduct of an audit. This is because

interpretation of relevant ethical requirements and the ISAs and the informed decisions required
throughout the audit cannot be made without the application of relevant knowledge and
experience to the facts and circumstances. Professional judgment is necessary in particular
regarding decisions about:
 Materiality and audit risk.

 The nature, timing and extent of audit procedures used to meet the requirements of the
ISAs and gather audit evidence.
 Evaluating whether sufficient appropriate audit evidence has been obtained, and whether
more needs to be done to achieve the objectives of the ISAs and thereby, the overall
objectives of the auditor.
 The evaluation of management’s judgments in applying the entity’s applicable financial
reporting framework.
CONTENT
www.mdarasa.com
+254708068851

mDarasa Resources
TOPIC 4
17.4 Management of audit practice
 Client acceptance and retention

 Tendering for audit services
 Professional appointments
 Planning, materiality and assessing risk of misstatement (audit
risk)
 Methods and techniques of auditing high risk areas
 Use and evaluation of internal control system by auditors
 Preparation of audit working papers
www.mdarasa.com
+254708068851

mDarasa Resources
TOPIC 4
MANAGEMENT OF AUDIT PRACTICE
CLIENT ACCEPTANCE AND RETENTION
The audit acceptance and planning process can be compared to a road map which gives
directions and guidance for the audit team to follow throughout the audit in order to help it reach
the correct final conclusion, i.e. whether the financial statements give a true and fair view of the
position of the company at the end of the accounting period.
The issues and activities that an auditor must consider prior to commencement of the fieldwork of
an audit are of vital importance. These are referred to as the audit acceptance and planning stages.
Identification of these various stages will assist the auditor to recognise key areas of risk and
concerns, which in turn will help the auditor make decisions such as:
 whether to accept or continue an engagement

 what level of audit staff is required to carry out the audit

to be done.
The process of audit acceptance, planning and subsequent undertaking and completion of the
audit can be broadly distilled into four phases, namely;
 Phase 1: Acceptance of the audit

 Phase 2: Planning the audit
 Phase 3: Documenting audit plan and strategy, performing the audit and gathering audit
evidence
 Phase 4: Completing the audit and issuing an audit opinion on the financial statements.
Phase 3, documenting the plan and strategy of the audit, the gathering of audit evidence
via the performance of the audit process will vary from audit to audit. The methods for
gathering the evidence are dependent on the nature of the entity’s business, the internal
controls and the transactions and balances included within the financial statements.
Phase 2 is critical to the success of Phases 3 and 4. This is because if not adequately planned or
an inappropriate strategy is adopted the approach to performing the audit and gathering evidence
may not be suitable, resulting in sufficient evidence not being obtained by the audit team, and an
incorrect audit opinion being issued
Review of Phases 1 and 2.
Phase 1: Acceptance of the audit
www.mdarasa.com
+254708068851

mDarasa Resources
Audit firms should only accept a new client or continue an existing client relationship where it;
 Has considered the integrity of the client

 Is competent to perform the engagement (capabilities / time / resources)
 Is in compliance with Ethical Standards for Auditors ISA 220 – Quality Control for
Audits of Financial Statements
Audit firms should establish policies and procedures for the acceptance and continuance of client
relationships and specific engagements.
These should be designed to provide the firm with reasonable assurance that it will only
undertake or continue relationships and engagements where the three principles listed above are
met.
The key point is that an audit firm does not want to engage with a client who brings with it
unacceptable levels of risk; thus it is essential that a thorough assessment is made of the
prospective engagement prior to the firm becoming engaged with the client.
Issues to be considered in relation to integrity, competency and ethics that the auditor may have
cause to address, are various. A sample of such issues are outlined below: Integrity of the Client:
 Client Reputation
 Nature of Client Operations
 Attitudes of Key Players (Aggressive Standards Interpretation / internal controls / Low
audit fees / limiting scope of work)
 Money Laundering
 Outgoing auditors (reason).
Competency of the Audit Firm to Perform the Engagement:
 Knowledge of Industry / Subject Matter

 Experience with Relevant Statutory / Reporting Requirements
 Sufficient Personnel and Time / Capacity
 Experts where Necessary
Ethical Considerations:
 Ability to Perform Quality Control Review.

 Audit Firm and Individual Personnel - Independence
 No perceived Conflict of Interest with an existing audit client.
Where issues arise out of any of the above considerations, the firm must conduct appropriate
consultations with the client or third parties. Should the firm then decide to engage with the
www.mdarasa.com
+254708068851

mDarasa Resources
client. It must ensure that a record of the resolution of the issues involved is documented clearly
in the audit file.
In the event that no such issues are raised in regards to the client the firm may issue the
engagement letter.
The final decision as to whether to engage with a new client or continue engaging with an
existing client is the responsibility of the audit engagement leader:
 “The engagement partner should be satisfied that appropriate procedures regarding the
acceptance and continuance of client relationships and audit engagements have been
followed, and shall determine that conclusions reached in this regard are appropriate” ISA
220 – Quality Control for Audits of Financial Statements Paragraph 12
Issue of an engagement letter
The auditor and the client should agree terms of the engagement and the terms should be
recorded in writing.
The issuing of an engagement letter is in the interest of both the firm and the client, as it helps
avoid any misunderstandings with respect to the engagement.
The client and the auditor should agree on all terms of the engagement and the signing of the
engagement letter is the recognition of this agreement.
The following main points of reference should be included in an engagement letter:
 The objective and scope of the audit of the financial statements

 The responsibilities of the auditor
 The responsibilities of the management
 Identification of the applicable financial reporting framework for the preparation of the
 Reference to an expected form and content of any reports to be issued by the auditor and
a statement that there may be circumstances in which a report may differ from its
expected form and content.
A new engagement letter may not be required each year of a continuing engagement. However,
each year the auditor should consider whether circumstances require the terms of the engagement
to be revised and whether there is a need to remind the client of the existing terms of the
engagement. Alternatively, the client may request a change to the terms of the engagement.
Phase 2: Planning the audit Importance of planning.
www.mdarasa.com
+254708068851

mDarasa Resources
“..the auditor should plan an audit so that the engagement will be performed in an effective
manner and reduce audit risk to an acceptably low level”
ISA 300 – Planning an Audit of Financial Statements
The auditor may approach the process by identifying two main areas of planning namely;
 Establish the overall Audit Strategy

 Develop an Audit Plan
This part of the procedure is performed in conjunction with all members / levels of the audit
team and with their experience and competencies in mind
Audit Strategy
There must be consideration of a number of key factors in order to ensure the detailed plan is the
most efficient approach and hence assists in guiding the detailed audit plan. Some key factors
include:
 Assessment of the internal control function within the entity

 Resourcing the audit
 Determination of audit materiality
 The concept of risk, and the assessment of risk of material misstatement and developing
responses to risks at financial statement and assertion levels.
Adequate audit planning should benefit an audit of financial statements in a number of facets,
some of which are listed below:
 Assisting in the selection of engagement team members with appropriate levels of

capabilities and competence to respond to anticipated risks, and the proper assignment of
work to them
 Facilitating the direction and supervision of engagement team members and the review of
their work
 Assisting, where applicable, in coordination of work done by experts
 Helping the auditor to devote appropriate attention to important areas of the audit
 Helping the auditor properly organise and manage the audit engagement so that it is
performed in an effective and efficient manner
 Helping the auditor identify and resolve potential problems on a timely basis.
The auditor must develop an understanding of internal control function within the entity (see ISA
315) by considering the following factors:
Tone at the top
www.mdarasa.com
+254708068851

mDarasa Resources
 Participation by those charged with governance
 Management philosophy and operating style
 Communication and enforcement of integrity and ethical values. Organisational
Structure
 Chart of authority (assignment of authority and responsibility) Human Resource
 HR Policies and Practices
 Commitment to competence.
Materiality (see ISA 320)
When determining audit materiality the auditor must consider:
 Misstatements (omissions) are considered to be material if they, individually or in

aggregate, could reasonably be expected to influence the economic decisions of the users.
 Judgements about materiality should be taken in light of surroundings – size v nature of
misstatement.
 Materiality is a matter of audit judgement taking into account auditor perception of
financial information needs of the user.
Materiality discussions points:
 Performance materiality – lower than materiality for financial statements as a whole.

 Relativity to financial statements.
 Overall Materiality level for financial statements as a whole – v – materiality for
particular classes of transactions.
 Possible existence of undetected and material misstatements.
 Calculating materiality – identify Financial Statement critical balance (i.e. profit / net
assets / revenues etc)
Profits – 5% / Net Assets - 0.5% / Revenues 0.5%
 Updating Materiality
Sample Question
You are planning the audit of Lonco Ltd (Lonco) for the year ended 31 December 20X5. The
company manufactures and sells products made from imported timber.
In recent years, the company has expanded into the manufacture of quality childrens’ garden
swings and jungle gyms which are sold with a 10-year guarantee. Most sales are to domestic
customers, but the company also has a small export market which has grown steadily over the last
few years.
At your planning meeting with the finance director, the following matters were discussed:
www.mdarasa.com
+254708068851

mDarasa Resources
Operating activities
During the year, the company’s revenue increased by 20% and the gross and operating margins
increased by 5% and 2% respectively. Inventory and trade receivable balances are significantly
higher than the previous year as a result of this increased activity.
Online ordering on the company’s website began in recent years. Internet orders have grown
steadily but still only represent a small percentage of the total of company sales however the
company continues to invest significant sums in the website to maintain its speed and ease of use
for customers.
Payroll
Following the successful implementation of a new computer system two years ago, payroll
processing, which had been outsourced for many years, was brought back in house from 1 March
2013. Management were unhappy with the service provided by the external payroll company,
and cancelled the contract. Additional staff has been recruited to process the payroll.
Managing director
The MD has announced his intention to sell his 100% shareholding in Lonco in order to
concentrate on his other business interests. Negotiations are underway with a potential buyer for
his shares.
TENDERING FOR AUDIT SERVICES
The Audit Tender Process
Annual financial audits are required for all publicly held firms. Many private firms, especially
those that receive funding from investors, must also undergo a yearly audit. Depending on the
size and complexity of a company, financial audits may take place over several months and cost
a considerable amount of money. An audit tender process begins with a solicitation of bids.
Audit firms provide audit tender offers, submitted according to instructions detailed in the audit
services tender letter or request.
The Tender Document
The soliciting firm sends an audit services tender letter to firms asking bids. Conditions are
stipulated in the document include the limit of only one tender per tenderer, the review and
approval process timeline, eligibility and selection criteria. The letter also discusses site visits
and related tender expenses.
www.mdarasa.com
+254708068851

mDarasa Resources
Preparing Tenders
An audit firm prepares a tender document, which must adhere to certain conditions and contain
certain components as requested by the potential hiring firm. Each process may have its own
requirements, but generally, tenderers should include a draft contract. This contract should
include general conditions and address any special conditions. It should provide an explanation
of proposed terms and include a model of the financial bid for the audit project work.
Submitting Tenders
Audit firms must adhere to a formal tender submission process. The tender must be sealed and
delivered as specified by the potential client. A submission time and a date will be identified in
the invitation letter. Tenderers may submit variants of their proposals, but they must package and
seal them separately, marking them clearly as variants. Tenders received after the stated deadline
are usually not considered. If a tenderer wishes to alter or withdraw its tender, it must provide a
written explanation, delivered in the same way as the original tender.
Evaluating Offers
When the soliciting firm receives tenders, the evaluation process usually remains confidential
until the audit work is awarded. If the soliciting firm is a public entity, the tender offers might be
opened during a public meeting, resulting in a posted summary of the tender details. This could
include tenderers' names, prices, proposal variants and any other information considered
relevant. While the soliciting firm evaluates the offers, it may ask tenderers to provide
clarification on certain points or issues. The tenders will be reviewed on criteria such as
compliance with administrative, eligibility and technical requirements. Tenderers that meet the
technical requirements may be asked to submit additional technical documentation or samples.
Finally, tenders will undergo a financial evaluation where the soliciting firm evaluates the best
financial offer.
Awarding the Contract
Upon selection of a qualified tender, the award will be stated in writing and delivered to the
winning firm. Unsuccessful bidding firms are also notified, usually with details on the winning
bidder, such as proposed price and name of the firm. The notice will also outline why the
unsuccessful bidder was rejected and note the deadline for filing an appeal.
APPOINTMENT OF AUDITORS
- Every company shall at each annual general meeting appoint an auditor or auditors to hold
office from the conclusion of that, until the conclusion of the next, annual general meeting.
- At any annual general meeting a retiring auditor, however appointed, shall be deemed to be
reappointed without any resolution being passed unless –
www.mdarasa.com
+254708068851

mDarasa Resources
a) he is not qualified for reappointment; or

b) a resolution has been passed at that meeting appointing somebody instead of him or
providing expressly that he shall not be reappointed; or
c) he has given the company notice in writing of his unwillingness to be reappointed:
- Provided that where notice is given of an intended resolution to appoint some person or persons
in place of a retiring auditor, and by reason of the death, incapacity or disqualification of that
person or of all those persons, as the case may be, the resolution cannot be proceeded with, the
retiring auditor shall not be deemed to be automatically reappointed by virtue of this
subsection.
- Where at an annual general meeting no auditors are appointed or are deemed to be reappointed,
the registrar may appoint a person to fill the vacancy.
- The company shall, within seven days of the registrar’s power becoming exercisable, give
him notice of that fact, and, if a company fails to give notice as required by this subsection,
the company and every officer of the company who is in default shall be liable to a default
fine.
- Subject as hereinafter provided, the first auditors of a company may be appointed by the
directors at any time before the first annual general meeting, and auditors so appointed shall
hold office until the conclusion of that meeting:
Provided that–
i) the company may at a general meeting remove any such auditors and appoint in their place
any other persons who have been nominated for appointment by any member of the
company and of whose nomination notice has been given to the members of the company
not less than fourteen days before the date of the meeting; and
ii) if the directors fail to exercise their powers under this subsection, the company in general
meeting may appoint the first auditors, and thereupon the said powers of the directors shall
cease.
The directors may fill any casual vacancy in the office of auditor, but while any such vacancy
continues the surviving or continuing auditor or auditors, if any, may act.
Remuneration
The remuneration of the auditors of a company–
i) In the case of an auditor appointed by the directors or by the registrar remuneration may be
fixed by the directors or by the registrar as the case may be;
ii) Subject to note (i) above, shall be fixed by the company in general meeting or in such manner
as the company in general meeting may determine.
www.mdarasa.com
+254708068851

mDarasa Resources
Any sums paid by the company in respect of the auditors’ expenses shall be deemed to be
included in the expression “remuneration”.
Provisions as to resolution relating to appointment and removal of auditors
- Special notice shall be required for a resolution at a company’s annual general meeting
appointing as auditor a person other than a retiring auditor or providing expressly that a retiring
auditor shall not be reappointed.
- On receipt of notice of such an intended resolution as aforesaid, the company shall forthwith
send a copy thereof to the retiring auditor (if any).
- Where notice is given of such an intended resolution as aforesaid and the retiring auditor
makes with respect to the intended resolution representations in writing to the company (not
exceeding a reasonable length) and requests their notification to members of the company,
the company shall, unless the representations are received by it too late for it to do so–
- and if a copy of the representations is not sent as aforesaid because received too late or
because of the company’s default, the auditor may (without prejudice to his right to be heard
orally) require that the representations shall be read out at the meeting:
- Provided that copies of the representations need not be sent out and the representations need
not be read out at the meeting if, on the application either of the company or of any other
person who claims to be aggrieved, the court is satisfied that the rights conferred by this
section are being abused to secure needless publicity for defamatory matter; and the court
may order the company’s costs on an application under this section to be paid in whole or in
part by the auditor, notwithstanding that he is not a party to the application.
Disqualifications for appointment as auditor

- A person or firm shall not be qualified for appointment as auditor of a company unless he, or
in the case of a firm, every partner in the firm is the holder of a practising certificate issued
pursuant to section 21 of the Accountants Act.
- None of the following persons shall be qualified for appointment as auditor of a company–
i) an officer or servant of the company;
ii) a person who is a partner of or in the employment of an officer or servant of the company;
iii) a body corporate:
Provided that note (ii) above shall not apply in the case of a private company.
- References in this subsection to an officer or servant shall be construed as not including
references to an auditor.
- A person shall also not be qualified for appointment as auditor of a company if he is,
disqualified for appointment as auditor of any other body corporate which is that company’s
subsidiary or holding company or a subsidiary of that company’s holding company, or would
be so disqualified if the body corporate were a company.
www.mdarasa.com
+254708068851

mDarasa Resources
- If any person who is not qualified so to act is appointed as auditor of a company such person
and the company and every officer in default shall each be liable to a fine not exceeding four
thousand shillings.
Auditors’ report and right of access to books and to attend and be heard at general
meetings
- The auditors shall make a report to the members on the accounts examined by them, and on
every balance sheet, every profit and loss account and all group accounts laid before the
company in general meeting during their tenure of office.
- The auditors’ report shall be read before the company in general meeting and shall be open to
inspection by any member.
- Every auditor of a company shall have a right of access at all times to the books and accounts
and vouchers of the company, and shall be entitled to require from the officers of the company
such information and explanation as he thinks necessary for the performance of the duties of
the auditors.
- The auditors of a company shall be entitled to attend any general meeting of the company
and to receive all notices of and other communications relating to any general meeting which
any member of the company is entitled to receive and to be heard at any general meeting
which they attend on any part of the business of the meeting which concerns them as
auditors.
PLANNING AN AUDIT
International Standard on Auditing (ISA) 300, Planning an Audit of Financial Statements
Introduction
ISA 300 requires the auditor to plan the audit so that the engagement is performed in an effective
manner. Planning also helps the firm perform the engagement efficiently. Planning involves
establishing and documenting the overall audit strategy for the engagement and developing
and documenting an audit plan, in order to reduce audit risk to an acceptably low level.
Effective audit planning ensures:

- That appropriate attention is devoted to key audit areas and significant risks.
- That potential problems are identified and resolved on a timely basis.
- That the engagement is properly organised and managed in order to be performed in an
effective and efficient manner.
- Proper assignment of work to the engagement team and also makes the engagement team
aware of their responsibilities.
www.mdarasa.com
+254708068851

mDarasa Resources
- Proper direction and supervision of the engagement team and review of their work, and
assists, where applicable, in the coordination of work done by the auditors of components and
experts.
Planning is not a discrete phase of an audit, but a continual process that often begins shortly after
the completion of the previous audit and continues until the completion of the current audit
engagement.
Planning should in any case start before the accounting year-end to take into account year end
procedures which need to be carried out e.g. attendance at the annual inventory count or
circularisation of receivables. The nature and extent of planning will vary according to the size
and complexity of the entity, previous experience with the entity and changes in circumstances
that occur during the engagement.
Initial engagements
In case of initial engagements, while the planning elements remain the same as for recurring
engagements, the auditor may need to expand the planning activities as the auditor does not
necessarily have the previous experience with the entity that is considered when planning recurring
engagements.
Additional matters that may be considered in planning initial engagements include:

- Where possible and where not prohibited by law, consider arrangements with the previous
auditor to review the working papers.
- Review any major issues, including the application of accounting principles or auditing and
reporting standards, discussed with management or those charged with governance in
connection with the initial selection as auditors, and how these affect the audit strategy and
audit plan.
- Obtaining sufficient appropriate audit evidence regarding opening balances.
- Involvement of another partner or a senior individual to review the overall audit strategy prior
to commencing significant audit procedures or to review reports prior to their issuance.
Once the overall audit strategy has been established the auditor can commence the development
of a more detailed audit plan to address the various matters identified in the strategy. Although the
auditor establishes the overall audit strategy before developing the audit plan, the two activities
are not necessarily sequential processes but closely inter-related since changes in one may result
in changes to the other.
In case of audits of smaller entities where the audit is conducted by a very small audit team, the
development of an audit strategy need not be a complex process and a brief memorandum prepared
www.mdarasa.com
+254708068851

mDarasa Resources
at the completion of the previous audit, based on a review of the working papers and highlighting
the issues identified, updated and changed in the current period based on discussions with the
management, can serve as the basis for planning the current audit engagement.
The Role and Timing of Planning

Planning an audit involves establishing the overall audit strategy for the engagement and
developing an audit plan. Adequate planning benefits the audit of financial statements in several
ways, including the following:
 Helping the auditor to devote appropriate attention to important areas of the audit.
 Helping the auditor identify and resolve potential problems on a timely basis.
 Helping the auditor properly organize and manage the audit engagement so that it is
performed in an effective and efficient manner.
 Assisting in the selection of engagement team members with appropriate levels of
capabilities and competence to respond to anticipated risks, and the proper assignment of
work to them.
 Facilitating the direction and supervision of engagement team members and the review of
their work.
 Assisting, where applicable, in coordination of work done by auditors of components and
experts
The objective of the auditor is to plan the audit so that it will be performed in an effective
manner.
Time Budgeting
Time budgets are an essential tool for monitoring the progress of an engagement, in determining
actual performance against the budget and to assist in future planning of audits.
The aim of preparing budgets is:

- To aid in planning, so that the engagement team may use their time efficiently.
- To monitor the actual costs of the engagement.
- To estimate and negotiate the fees.
When preparing budgets, the following factors should be considered:

- The level of detail i.e. whether the budget is to be broken down into individual audit areas or
prepared for the assignment as a whole.
- The time to be spent in planning, review and completion procedures.
- Any additions in the scope of the engagement.
- Contingency factors such as future staff salary increases.
www.mdarasa.com
+254708068851

mDarasa Resources
- A comparison of last years’ time spent with this year's budget. Any significant differences
should be explained.
When conducting the audit, the engagement team should aim to keep within the budget in so far
as is possible, but should never compromise the standard of his audit work, to keep within budget.
If it appears that there will be significant discrepancies between the budgeted time and the actual
time, the senior / manager should inform the manager/ partner as soon as possible, particularly
where additional time arises due to the client's shortcomings.
Time summaries should be prepared for all engagements and the total time spent should be
compared with the budgeted time and reasons given for significant variances. A record should be
kept of work which the engagement team have had to complete as a result of client shortcomings,
as a basis for additional charges if necessary.
Requirements
Involvement of Key Engagement Team Members
- The engagement partner and other key members of the engagement team shall be involved
in planning the audit, including planning and participating in the discussion among
engagement team members.
- The involvement of the engagement partner and other key members of the engagement
team in planning the audit draws on their experience and insight, thereby enhancing the
effectiveness and efficiency of the planning process
Preliminary Engagement Activities

The auditor shall undertake the following activities at the beginning of the current audit
engagement:
a) Performing procedures required by ISA 220 regarding the continuance of the client
relationship and the specific audit engagement;
b) Evaluating compliance with relevant ethical requirements, including independence, in
accordance with ISA 220; and
c) Establishing an understanding of the terms of the engagement, as required by ISA 210.
- Performing the preliminary engagement activities at the beginning of the current audit
engagement assists the auditor in identifying and evaluating events or circumstances that
may adversely affect the auditor’s ability to plan and perform the audit engagement.
- Performing these preliminary engagement activities enables the auditor to plan an audit
engagement for which, for example:
 The auditor maintains the necessary independence and ability to perform the engagement.
www.mdarasa.com
+254708068851

mDarasa Resources
 There are no issues with management integrity that may affect the auditor’s willingness to
continue the engagement.
 There is no misunderstanding with the client as to the terms of the engagement.
- The auditor’s consideration of client continuance and relevant ethical requirements,

including independence, occurs throughout the audit engagement as conditions and changes
in circumstances occur. Performing initial procedures on both client continuance and
evaluation of relevant ethical requirements (including independence) at the beginning of
the current audit engagement means that they are completed prior to the performance of
other significant activities for the current audit engagement. For continuing audit
engagements, such initial procedures often occur shortly after (or in connection with) the
completion of the previous audit.
Review of last year's file

The last year's audit file should be reviewed for:
- Points brought forward to be considered during the engagement.
- Any areas where time or cost savings could be made, any unnecessary audit work and any other
ways in which the effectiveness of the audit could be improved.
- Any previously unidentified areas of audit risk.
Planning - Audit Plan

The audit plan includes the nature, timing and extent of the audit procedures to be performed by
the engagement team in order to obtain sufficient appropriate audit evidence to reduce the audit
risk to an acceptably low level. Audit planning is evidenced in two ways by the:
i) Audit plan
ii) Audit programme.
i) The Audit Plan

The audit plan documents the assessment of risk and the response to assessed risk by setting out
the nature, timing and extent of the overall audit procedures to be performed by the engagement
team in order to obtain sufficient appropriate audit evidence to reduce the audit risk to an
acceptably low level. The plan also reflects the auditor’s decision on whether to test the operating
effectiveness of controls and the extent of planned substantive procedures.
The audit planwill often be prepared by the manager, although preparation of parts or all of it may
be delegated to the senior. In case of high risk audits the partner may also be involved in preparing
the plan, particularly in the areas of materiality, risk assessment and approach to assessed risk and
sample sizes. The plan together with the tailored audit programmes setting out the nature, timing
and extent of the audit procedures to be adopted during the engagement should be completed and
www.mdarasa.com
+254708068851

mDarasa Resources
approved by the partner prior to commencement of the engagement. In case of a sole
proprietorships or small audit firms, the partner may be actively involved in developing the audit
plan and programmes.
ii) Audit Programme

The audit programme documents the nature, timing and extent of audit procedures to be performed
at the assertion level for each material class of transactions, account balance and disclosure. The
programme sets out the nature, timing and extent of the audit procedures required to implement
the overall plan and serves as a set of instructions to the engagement team and as a means to control
and record the proper execution of the audit.
The audit programme will often be drafted by the senior and reviewed by the manager and
approved by the engagement partner. However, the extent of the manager’s role will depend on
the senior’s previous experience and knowledge of the entity.
In preparing the audit programme, consideration should be given to the specific assessment of risk
and the level of assurance to be provided by substantive procedures.
The use of unedited programmes does not constitute adequate planning as it could expose the
auditor to risks not covered in detail by the programme or result in the auditor carrying out
unnecessary tests thereby resulting in inefficiencies.
Planning Activities
- The auditor shall establish an overall audit strategy that sets the scope, timing and direction
of the audit, and that guides the development of the audit plan.
- In establishing the overall audit strategy, the auditor shall:
a) Identify the characteristics of the engagement that define its scope;

b) Ascertain the reporting objectives of the engagement to plan the timing of the audit and
the nature of the communications required;
c) Consider the factors that, in the auditor’s professional judgment, are significant in
directing the engagement team’s efforts;
d) Consider the results of preliminary engagement activities and, where applicable, whether
knowledge gained on other engagements performed by the engagement partner for the
entity is relevant; and
e) Ascertain the nature, timing and extent of resources necessary to perform the
engagement.
THE OVERALL AUDIT STRATEGY

The process of establishing the overall audit strategy assists the auditor to determine, subject to
the completion of the auditor’s risk assessment procedures, such matters as:
www.mdarasa.com
+254708068851

mDarasa Resources
 The resources to deploy for specific audit areas, such as the use of appropriately
experienced team members for high risk areas or the involvement of experts on complex
matters;
 The amount of resources to allocate to specific audit areas, such as the number of team
members assigned to observe the inventory count at material locations, the extent of review
of other auditors’ work in the case of group audits, or the audit budget in hours to allocate
to high risk areas;
 When these resources are to be deployed, such as whether at an interim audit stage or at
key cutoff dates; and
 How such resources are managed, directed and supervised, such as when team briefing and
debriefing meetings are expected to be held, how engagement partner and manager reviews
are expected to take place (for example, on-site or off-site), and whether to complete
engagement quality control reviews.
The development and documentation of the overall audit strategy sets the scope, timing and
direction of the audit, and guides the development of the more detailed audit plan. It also helps to
ascertain the nature, timing and extent of the resources necessary to perform the engagement. In
developing the audit strategy, the engagement team may consider the experience gained on other
engagements performed for the entity.
The key components of an audit strategy include:
- Review and updating the client background information.

- Location of the components of the entity.
- Financial reporting framework used and industry specific reporting requirements.
- The timing of the audit and reporting deadlines.
- Key dates for communicating with the management and those charges with governance.
- Materiality.
- Identification of areas where there may be higher risk of material misstatement.
- Preliminary identification of material components and account balances.
- Preliminary indication of whether the auditor may plan to obtain evidence regarding the
effectiveness of internal controls.
- Identification of recent significant entity-specific, industry, financial reporting or other
developments.
- Initial assessment of the overall resource requirements including the use of experts on complex
matters.
- Initial assessment of resource allocation to specific audit areas, e.g. the allocation of team
members to observe inventory count at material locations, extent of review of the other
auditor’s work in the case of group audits.
www.mdarasa.com
+254708068851

mDarasa Resources
Discussion with client

Discussions with the client will be an essential aid to developing the audit strategy. The discussions
would usually take place before the accounting year-end. It would be preferable to have a pre-audit
meeting but in some cases a telephone conversation may be adequate. One of the primary aims of
such discussions is to enable the auditor to update his knowledge of the client’s business. An auditor
should have sufficient knowledge of the business to enable him to identify and understand the events
and activities that may have a significant effect on the financial statements.
Discussions should also aim to:

- Obtain the latest financial information to help in setting materiality levels and in performing
preliminary analytical review work.
- Agree a timetable (including inventory counts and visits) and any specific deadlines.
- Agree schedules requirements and on any other accounting work to be produced by the client.
- Find out the actions taken on the points raised in last year's management letter.
- Agree settlement of any outstanding fees.
- Identify any specific areas of concern to the client and their impact on the audit scope.
Once the overall audit strategy has been established, an audit plan can be developed to address
the various matters identified in the overall audit strategy, taking into account the need to achieve
the audit objectives through the efficient use of the auditor’s resources.
The establishment of the overall audit strategy and the detailed audit plan are not necessarily
discrete or sequential processes, but are closely inter-related since changes in one may result in
consequential changes to the other.
Considerations Specific to Smaller Entities

In audits of small entities, the entire audit may be conducted by a very small engagement team.
Many audits of small entities involve the engagement partner (who may be a sole practitioner)
working with one engagement team member (or without any engagement team members). With a
smaller team, coordination of, and communication between, team members are easier.
Establishing the overall audit strategy for the audit of a small entity need not be a complex or
time-consuming exercise; it varies according to the size of the entity, the complexity of the audit,
and the size of the engagement team. For example, a brief memorandum prepared at the
completion of the previous audit, based on a review of the working papers and highlighting
issues identified in the audit just completed, updated in the current period based on discussions
with the owner-manager, can serve as the documented audit strategy for the current audit
engagement if it covers the matters.
The auditor shall develop an audit plan that shall include a description of:
www.mdarasa.com
+254708068851

mDarasa Resources
a) The nature, timing and extent of planned risk assessment procedures, as determined under
ISA 315.
b) The nature, timing and extent of planned further audit procedures at the assertion level, as
determined under ISA 330.
c) Other planned audit procedures that are required to be carried out so that the engagement
complies with ISAs.
- The audit plan is more detailed than the overall audit strategy in that it includes the nature,
timing and extent of audit procedures to be performed by engagement team members.
Planning for these audit procedures takes place over the course of the audit as the audit plan
for the engagement develops. For example, planning of the auditor’s risk assessment
procedures occurs early in the audit process. However, planning the nature, timing and extent
of specific further audit procedures depends on the outcome of those risk assessment
procedures. In addition, the auditor may begin the execution of further audit procedures for
some classes of transactions, account balances and disclosures before planning all remaining
further audit procedures.
- The auditor shall update and change the overall audit strategy and the audit plan as necessary
during the course of the audit.
CHANGES TO PLANNING DECISIONS DURING THE COURSE OF THE AUDIT

- As a result of unexpected events, changes in conditions, or the audit evidence obtained from
the results of audit procedures, the auditor may need to modify the overall audit strategy and
audit plan and thereby the resulting planned nature, timing and extent of further audit
procedures, based on the revised consideration of assessed risks. This may be the case when
information comes to the auditor’s attention that differs significantly from the information
available when the auditor planned the audit procedures. For example, audit evidence
obtained through the performance of substantive procedures may contradict the audit
evidence obtained through tests of controls.
- The auditor shall plan the nature, timing and extent of direction and supervision of
engagement team members and the review of their work.
Direction, Supervision and Review

The nature, timing and extent of the direction and supervision of engagement team members and
review of their work vary depending on many factors, including:
 The size and complexity of the entity.
 The area of the audit.
 The assessed risks of material misstatement (for example, an increase in the assessed risk of
material misstatement for a given area of the audit ordinarily requires a corresponding
www.mdarasa.com
+254708068851

mDarasa Resources
increase in the extent and timeliness of direction and supervision of engagement team
members, and a more detailed review of their work).
 The capabilities and competence of the individual team members performing the audit work.

- If an audit is carried out entirely by the engagement partner, questions of direction and
supervision of engagement team members and review of their work do not arise. In such
cases, the engagement partner, having personally conducted all aspects of the work, will be
aware of all material issues.
- Forming an objective view on the appropriateness of the judgments made in the course of the
audit can present practical problems when the same individual also performs the entire audit.
If particularly complex or unusual issues are involved, and the audit is performed by a sole
practitioner, it may be desirable to consult with other suitably-experienced auditors or the
auditor’s professional body.
Documentation
The auditor shall include in the audit documentation:
a) The overall audit strategy;
b) The audit plan; and
c) Any significant changes made during the audit engagement to the overall audit strategy or
the audit plan, and the reasons for such changes.
The documentation of the overall audit strategy is a record of the key decisions considered
necessary to properly plan the audit and to communicate significant matters to the engagement
team. For example, the auditor may summarize the overall audit strategy in the form of a
memorandum that contains key decisions regarding the overall scope, timing and conduct of the
audit.
The documentation of the audit plan is a record of the planned nature, timing and extent of risk
assessment procedures and further audit procedures at the assertion level in response to the
assessed risks. It also serves as a record of the proper planning of the audit procedures that can
be reviewed and approved prior to their performance. The auditor may use standard audit
programs or audit completion checklists, tailored as needed to reflect the particular engagement
circumstances.
A record of the significant changes to the overall audit strategy and the audit plan, and resulting
changes to the planned nature, timing and extent of audit procedures, explains why the
significant changes were made, and the overall strategy and audit plan finally adopted for the
audit. It also reflects the appropriate response to the significant changes occurring during the
audit.
www.mdarasa.com
+254708068851

mDarasa Resources

A suitable, brief memorandum may serve as the documented strategy for the audit of a smaller
entity. For the audit plan, standard audit programs or checklists drawn up on the assumption of
few relevant control activities, as is likely to be the case in a smaller entity, may be used
provided that they are tailored to the circumstances of the engagement, including the auditor’s
risk assessments.
Additional Considerations in Initial Audit Engagements

The auditor shall undertake the following activities prior to starting an initial audit:
a) Performing procedures regarding the acceptance of the client relationship and the specific
audit engagement; and
b) Communicating with the predecessor auditor, where there has been a change of auditors, in
compliance with relevant ethical requirements.
The purpose and objective of planning the audit are the same whether the audit is an initial or
recurring engagement. However, for an initial audit, the auditor may need to expand the planning
activities because the auditor does not ordinarily have the previous experience with the entity
that is considered when planning recurring engagements. For an initial audit engagement,
additional matters the auditor may consider in establishing the overall audit strategy and audit
plan include the following:
 Unless prohibited by law or regulation, arrangements to be made with the predecessor
auditor, for example, to review the predecessor auditor’s working papers.
 Any major issues (including the application of accounting principles or of auditing and
reporting standards) discussed with management in connection with the initial selection as
auditor, the communication of these matters to those charged with governance and how these
matters affect the overall audit strategy and audit plan.
 The audit procedures necessary to obtain sufficient appropriate audit evidence regarding
opening balances.
 Other procedures required by the firm’s system of quality control for initial audit
engagements (for example, the firm’s system of quality control may require the involvement
of another partner or senior individual to review the overall audit strategy prior to
commencing significant audit procedures or to review reports prior to their issuance).
Considerations in Establishing the Overall Audit Strategy

This appendix provides examples of matters the auditor may consider in establishing the overall
audit strategy. Many of these matters will also influence the auditor’s detailed audit plan. The
examples provided cover a broad range of matters applicable to many engagements. While some
of the matters referred to below may be required by other
www.mdarasa.com
+254708068851

mDarasa Resources
ISAs, not all matters are relevant to every audit engagement and the list is not necessarily
complete.
Characteristics of the Engagement

 The financial reporting framework on which the financial information to be audited has been
prepared, including any need for reconciliations to another financial reporting framework.
 Industry-specific reporting requirements such as reports mandated by industry regulators.
 The expected audit coverage, including the number and locations of components to be
included.
 The nature of the control relationships between a parent and its components that determine
how the group is to be consolidated.
 The extent to which components are audited by other auditors.
 The nature of the business segments to be audited, including the need for specialized
knowledge.
 The reporting currency to be used, including any need for currency translation for the
financial information audited.
 The need for a statutory audit of standalone financial statements in addition to an audit for
consolidation purposes.
 The availability of the work of internal auditors and the extent of the auditor’s potential
reliance on such work.
 The entity’s use of service organizations and how the auditor may obtain evidence
concerning the design or operation of controls performed by them.
 The expected use of audit evidence obtained in previous audits, for example, audit evidence
related to risk assessment procedures and tests of controls.
 The effect of information technology on the audit procedures, including the availability of
data and the expected use of computer-assisted audit techniques.
 The coordination of the expected coverage and timing of the audit work with any reviews of
interim financial information and the effect on the audit of the information obtained during
such reviews.
 The availability of client personnel and data.
Reporting Objectives, Timing of the Audit, and Nature of Communications

 The entity’s timetable for reporting, such as at interim and final stages.
 The organization of meetings with management and those charged with governance to
discuss the nature, timing and extent of the audit work.
 The discussion with management and those charged with governance regarding the expected
type and timing of reports to be issued and other communications, both written and oral,
www.mdarasa.com
+254708068851

mDarasa Resources
including the auditor’s report, management letters and communications to those charged with
governance.
 The discussion with management regarding the expected communications on the status of
audit work throughout the engagement.
 Communication with auditors of components regarding the expected types and timing of
reports to be issued and other communications in connection with the audit of components.
 The expected nature and timing of communications among engagement team members,
including the nature and timing of team meetings and timing of the review of work
performed.
 Whether there are any other expected communications with third parties, including any
statutory or contractual reporting responsibilities arising from the audit.
Significant Factors, Preliminary Engagement Activities, and Knowledge

Gained on Other Engagements
 The determination of materiality in accordance with ISA 320 and, where applicable:
- The determination of materiality for components and communication thereof to
component auditors in accordance with ISA 600.
- The preliminary identification of significant components and material classes of
transactions, account balances and disclosures.
 Preliminary identification of areas where there may be a higher risk of material misstatement.
 The impact of the assessed risk of material misstatement at the overall financial statement
level on direction, supervision and review.
 The manner in which the auditor emphasizes to engagement team members the need to
maintain a questioning mind and to exercise professional skepticism in gathering and
evaluating audit evidence.
 Results of previous audits that involved evaluating the operating effectiveness of internal
control, including the nature of identified deficiencies and action taken to address them.
 The discussion of matters that may affect the audit with firm personnel responsible for
performing other services to the entity.
 Evidence of management’s commitment to the design, implementation and maintenance of
sound internal control, including evidence of appropriate documentation of such internal
control.
 Volume of transactions, which may determine whether it is more efficient for the auditor to
rely on internal control.
 Importance attached to internal control throughout the entity to the successful operation of
the business.
www.mdarasa.com
+254708068851

mDarasa Resources
 Significant business developments affecting the entity, including changes in information

technology and business processes, changes in key management, and acquisitions, mergers
and divestments.
 Significant industry developments such as changes in industry regulations and new reporting
requirements.
 Significant changes in the financial reporting framework, such as changes in accounting
standards.
 Other significant relevant developments, such as changes in the legal environment affecting
the entity.
Nature, Timing and Extent of Resources

 The selection of the engagement team (including, where necessary, the engagement quality
control reviewer) and the assignment of audit work to the team members, including the
assignment of appropriately experienced team members to areas where there may be higher
risks of material misstatement.
 Engagement budgeting, including considering the appropriate amount of time to set aside for
areas where there may be higher risks of material misstatement.
Communication with Those Charged with Governance

The engagement partner or the manager may discuss elements of planning with those charged with
governance and the management as part of the overall communication required to be made or to
improve the effectiveness and efficiency of the audit. The overall audit strategy and the audit plan,
however, remain the auditor’s responsibility and the engagement team should exercise care not to
compromise the audit by making the audit procedures too predictable by discussing the nature,
timing and the extent of the audit tests. The matters normally communicated would include the
overall audit strategy, the timing of the audit, any limitations on the scope of the audit and the audit
requirements.
Changes to Planning Decisions during the Course of the Audit

The engagement team may be required to change the audit strategy and the audit plan thereby
resulting in the planned nature, timing and extent of further audit procedures as a result of:
- Unexpected events;
- Changes in condition e.g. a material business combination; or
- Evidence obtained from the result of audit procedures which contradict the information
available at the planning stages or the result of substantive tests which contradict the results
obtained from testing the effectiveness of internal controls.
www.mdarasa.com
+254708068851

mDarasa Resources
As the assessed risk of material misstatement increases, one would ordinarily increase the extent
and timeliness of direction and supervision of the engagement team and perform a more detailed
review of their work.
Any changes to the audit strategy and plan needs to be documented giving reasons for significant
changes and the auditor’s response to the events, conditions or results of audit procedures that
resulted in such changes. The changes need to be discussed and approved by the partner.
In case of smaller entities where the audit is carried out entirely by the engagement partner, the
partner needs to ensure that the audit has been conducted in accordance with ISA’s. In such cases
the partner needs to ensure that he takes an objective view on the appropriateness of the judgements
made in the course of the audit, and where desirable, on complex or unusual issues, the partner
undertakes appropriate consultations.
ENTERPRISE RISK MANAGEMENT

Enterprise risk management is a process, effected by an entity’s board of directors, management
and other personnel, applied in strategy setting and across the enterprise, designed to identify
potential events that may affect the entity, and manage risk to be within its risk appetite, to
provide reasonable assurance regarding the achievement of entity objectives.
Objective
The objective of the auditor is to identify and assess the risks of material misstatement, whether
due to fraud or error, at the financial statement and assertion levels, through understanding the
entity and its environment, including the entity’s internal control, thereby providing a basis for
designing and implementing responses to the assessed risks of material misstatement.
Risk assessment procedures are performed at the planning stage of an audit to obtain an
understanding of the entity being audited and to identify any areas of concern which could result
in material misstatements in the financial statements. They allow the auditor to assess the nature,
timing and extent of audit procedures to be performed.
ISA 315 Risk Assessments and Internal Controls states that the auditor should obtain an
understanding of the accounting and internal control systems sufficiently to plan the audit and
develop an effective audit approach. The auditor should use professional judgment to assess
audit risk and to design audit procedures to ensure it is reduced to an acceptably low level.
Sources of audit evidence that can be used as part of risk assessment procedures.
- Inquiries of management
- Prior year financial statement
- Current year management accounts and budgets
www.mdarasa.com
+254708068851

mDarasa Resources
- Analytical procedures
- Observation and inspection
Definitions
For purposes of the ISAs, the following terms have the meanings attributed below:
a) Assertions – Representations by management, explicit or otherwise, that are embodied in the
financial statements, as used by the auditor to consider the different types of potential
misstatements that may occur.
b) Business risk – A risk resulting from significant conditions, events, circumstances, actions
or inactions that could adversely affect an entity’s ability to achieve its objectives and
execute its strategies, or from the setting of inappropriate objectives and strategies.
c) Internal control – The process designed, implemented and maintained by those charged
with governance, management and other personnel to provide reasonable assurance about the
achievement of an entity’s objectives with regard to reliability of financial reporting,
effectiveness and efficiency of operations, and compliance with applicable laws and
regulations. The term “controls” refers to any aspects of one or more of the components of
internal control.
d) Risk assessment procedures – The audit procedures performed to obtain an understanding
of the entity and its environment, including the entity’s internal control, to identify and assess
the risks of material misstatement, whether due to fraud or error, at the financial statement
and assertion levels.
e) Significant risk – An identified and assessed risk of material misstatement that, in the
auditor’s judgment, requires special audit consideration.
RISK ASSESSMENT PROCEDURES AND RELATED ACTIVITIES

- The auditor shall perform risk assessment procedures to provide a basis for the identification
and assessment of risks of material misstatement at the financial statement and assertion
levels. Risk assessment procedures by themselves, however, do not provide sufficient
appropriate audit evidence on which to base the audit opinion.
- The risk assessment procedures shall include the following:
a) Inquiries of management, of appropriate individuals within the internal audit function
(if the function exists), and of others within the entity who in the auditor’s judgment
may have information that is likely to assist in identifying risks of material
misstatement due to fraud or error.
b) Analytical procedures.
c) Observation and inspection.
- The auditor shall consider whether information obtained from the auditor’s client acceptance
or continuance process is relevant to identifying risks of material misstatement.
www.mdarasa.com
+254708068851

mDarasa Resources
- If the engagement partner has performed other engagements for the entity, the engagement
partner shall consider whether information obtained is relevant to identifying risks of
material misstatement.
- Where the auditor intends to use information obtained from the auditor’s previous experience
with the entity and from audit procedures performed in previous audits, the auditor shall
determine whether changes have occurred since the previous audit that may affect its
relevance to the current audit.
- The engagement partner and other key engagement team members shall discuss the
susceptibility of the entity’s financial statements to material misstatement, and the
application of the applicable financial reporting framework to the entity’s facts and
circumstances. The engagement partner shall determine which matters are to be
communicated to engagement team members not involved in the discussion.
The Required Understanding of the Entity and Its Environment, Including the Entity’s
Internal Control
The Entity and Its Environment

The auditor shall obtain an understanding of the following:
a) Relevant industry, regulatory, and other external factors including the applicable financial
b) The nature of the entity, including:
i) its operations;
ii) its ownership and governance structures;
iii) the types of investments that the entity is making and plans to make, including
investments in special-purpose entities; and
iv) the way that the entity is structured and how it is financed, to enable the auditor to
understand the classes of transactions, account balances, and disclosures to be
expected in the financial statements.
c) The entity’s selection and application of accounting policies, including the reasons for
changes thereto. The auditor shall evaluate whether the entity’s accounting policies are
appropriate for its business and consistent with the applicable financial reporting
framework and accounting policies used in the relevant industry.
d) The entity’s objectives and strategies, and those related business risks that may result in
risks of material misstatement.
e) The measurement and review of the entity’s financial performance.
The Entity’s Internal Control

The auditor shall obtain an understanding of internal control relevant to the audit. Although most
controls relevant to the audit are likely to relate to financial reporting, not all controls that relate
www.mdarasa.com
+254708068851

mDarasa Resources
to financial reporting are relevant to the audit. It is a matter of the auditor’s professional
judgment whether a control, individually or in combination with others, is relevant to the audit.
Nature and Extent of the Understanding of Relevant Controls

When obtaining an understanding of controls that are relevant to the audit, the auditor shall
evaluate the design of those controls and determine whether they have been implemented, by
performing procedures in addition to inquiry of the entity’s personnel.
Components of Internal Control
Control environment
The auditor shall obtain an understanding of the control environment. As part of obtaining this
understanding, the auditor shall evaluate whether:
a) Management, with the oversight of those charged with governance, has created and
maintained a culture of honesty and ethical behavior; and
b) The strengths in the control environment elements collectively provide an appropriate
foundation for the other components of internal control, and whether those other components
are not undermined by deficiencies in the control environment.
The entity’s risk assessment process

- The auditor shall obtain an understanding of whether the entity has a process for:
a) Identifying business risks relevant to financial reporting objectives;
b) Estimating the significance of the risks;
c) Assessing the likelihood of their occurrence; and
d) Deciding about actions to address those risks.
- If the entity has established such a process (referred to hereafter as the “entity’s risk
assessment process”), the auditor shall obtain an understanding of it, and the results thereof.
If the auditor identifies risks of material misstatement that management failed to identify, the
auditor shall evaluate whether there was an underlying risk of a kind that the auditor expects
would have been identified by the entity’s risk assessment process. If there is such a risk, the
auditor shall obtain an understanding of why that process failed to identify it, and evaluate
whether the process is appropriate to its circumstances or determine if there is a significant
deficiency in internal control with regard to the entity’s risk assessment process.
- If the entity has not established such a process or has an ad hoc process, the auditor shall
discuss with management whether business risks relevant to financial reporting objectives
have been identified and how they have been addressed. The auditor shall evaluate whether
the absence of a documented risk assessment process is appropriate in the circumstances, or
determine whether it represents a significant deficiency in internal control.
AUDITING
The information system, including the related business processes, relevant to financial reporting,
and communication
www.mdarasa.com
+254708068851

mDarasa Resources
- The auditor shall obtain an understanding of the information system, including the related
business processes, relevant to financial reporting, including the following areas:
a) The classes of transactions in the entity’s operations that are significant to the financial
statements;
b) The procedures, within both information technology (IT) and manual systems, by which
those transactions are initiated, recorded, processed, corrected as necessary, transferred to
the general ledger and reported in the financial statements;
c) The related accounting records, supporting information and specific accounts in the
financial statements that are used to initiate, record, process and report transactions; this
includes the correction of incorrect information and how information is transferred to the
general ledger. The records may be in either manual or electronic form;
d) How the information system captures events and conditions, other than transactions, that
are significant to the financial statements;
e) The financial reporting process used to prepare the entity’s financial statements,
including significant accounting estimates and disclosures; and
f) Controls surrounding journal entries, including non-standard journal entries used to
record non-recurring, unusual transactions or adjustments.
- The auditor shall obtain an understanding of how the entity communicates financial reporting
roles and responsibilities and significant matters relating to financial reporting, including:
(a) Communications between management and those charged with governance; and
(b) External communications, such as those with regulatory authorities.
Control activities relevant to the audit

- The auditor shall obtain an understanding of control activities relevant to the audit, being
those the auditor judges it necessary to understand in order to assess the risks of material
misstatement at the assertion level and design further audit procedures responsive to assessed
risks. An audit does not require an understanding of all the control activities related to each
significant class of transactions, account balance, and disclosure in the financial statements or
to every assertion relevant to them.
- In understanding the entity’s control activities, the auditor shall obtain an understanding of
how the entity has responded to risks arising from IT.
Monitoring of controls
- The auditor shall obtain an understanding of the major activities that the entity uses to
monitor internal control relevant to financial reporting, including those related to those
control activities relevant to the audit, and how the entity initiates remedial actions to
deficiencies in its controls.
www.mdarasa.com
+254708068851

mDarasa Resources
- If the entity has an internal audit function the auditor shall obtain an understanding of the
nature of the internal audit function’s responsibilities, its organizational status, and the
activities performed, or to be performed.
- The auditor shall obtain an understanding of the sources of the information used in the
entity’s monitoring activities, and the basis upon which management considers the
information to be sufficiently reliable for the purpose.
Identifying and Assessing the Risks of Material Misstatement

- The auditor shall identify and assess the risks of material misstatement at:
a) the financial statement level; and
b) the assertion level for classes of transactions, account balances, and disclosures, to
provide a basis for designing and performing further audit procedures.
- For this purpose, the auditor shall:
a) Identify risks throughout the process of obtaining an understanding of the entity and its
environment, including relevant controls that relate to the risks, and by considering the
classes of transactions, account balances, and disclosures in the financial statements;
b) Assess the identified risks, and evaluate whether they relate more pervasively to the
financial statements as a whole and potentially affect many assertions;
c) Relate the identified risks to what can go wrong at the assertion level, taking account of
relevant controls that the auditor intends to test; and
d) Consider the likelihood of misstatement, including the possibility of multiple
misstatements, and whether the potential misstatement is of a magnitude that could result
in a material misstatement.
Risks that Require Special Audit Consideration

- As part of the risk assessment, the auditor shall determine whether any of the risks identified
are, in the auditor’s judgment, a significant risk. In exercising this judgment, the auditor shall
exclude the effects of identified controls related to the risk.
- In exercising judgment as to which risks are significant risks, the auditor shall consider at
least the following:
a) Whether the risk is a risk of fraud;

b) Whether the risk is related to recent significant economic, accounting or other
developments and, therefore, requires specific attention;
c) The complexity of transactions;
d) Whether the risk involves significant transactions with related parties;
e) The degree of subjectivity in the measurement of financial information related to the risk,
especially those measurements involving a wide range of measurement uncertainty; and
www.mdarasa.com
+254708068851

mDarasa Resources
f) Whether the risk involves significant transactions that are outside the normal course of
business for the entity, or that otherwise appear to be unusual.
If the auditor has determined that a significant risk exists, the auditor shall obtain an
understanding of the entity’s controls, including control activities, relevant to that risk.
Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate
Audit Evidence
In respect of some risks, the auditor may judge that it is not possible or practicable to obtain
sufficient appropriate audit evidence only from substantive procedures. Such risks may relate to
the inaccurate or incomplete recording of routine and significant classes of transactions or
account balances, the characteristics of which often permit highly automated processing with
little or no manual intervention. In such cases, the entity’s controls over such risks are relevant to
the audit and the auditor shall obtain an understanding of them.
Revision of Risk Assessment

The auditor’s assessment of the risks of material misstatement at the assertion level may change
during the course of the audit as additional audit evidence is obtained. In circumstances where
the auditor obtains audit evidence from performing further audit procedures, or if new
information is obtained, either of which is inconsistent with the audit evidence on which the
auditor originally based the assessment, the auditor shall revise the assessment and modify the
further planned audit procedures accordingly.
Documentation
The auditor shall include in the audit documentation:
a) The discussion among the engagement team and the significant decisions reached;
b) Key elements of the understanding obtained regarding each of the aspects of the entity and
its environment specified in and of each of the internal control components; the sources of
information from which the understanding was obtained; and the risk assessment
procedures performed;
c) The identified and assessed risks of material misstatement at the financial statement level
and at the assertion level and
d) The risks identified, and related controls about which the auditor has obtained an
understanding,
Risk Assessment Procedures and Related Activities

Obtaining an understanding of the entity and its environment, including the entity’s internal
control (referred to hereafter as an “understanding of the entity”), is a continuous, dynamic
process of gathering, updating and analyzing information throughout the audit. The
www.mdarasa.com
+254708068851

mDarasa Resources
understanding establishes a frame of reference within which the auditor plans the audit and
exercises professional judgment throughout the audit, for example, when:
 Assessing risks of material misstatement of the financial statements;
 Determining materiality in accordance with ISA 320;
 Considering the appropriateness of the selection and application of accounting policies,
and the adequacy of financial statement disclosures;
 Identifying areas where special audit consideration may be necessary, for example,
related party transactions, the appropriateness of management’s use of the going concern
assumption, or considering the business purpose of transactions;
 Developing expectations for use when performing analytical procedures;
 Responding to the assessed risks of material misstatement, including designing and
performing further audit procedures to obtain sufficient appropriate audit evidence; and
 Evaluating the sufficiency and appropriateness of audit evidence obtained, such as the
appropriateness of assumptions and of management’s oral and written representations.
- Information obtained by performing risk assessment procedures and related activities may be
used by the auditor as audit evidence to support assessments of the risks of material
misstatement. In addition, the auditor may obtain audit evidence about classes of
transactions, account balances, or disclosures, and related assertions, and about the operating
effectiveness of controls, even though such procedures were not specifically planned as
substantive procedures or as tests of controls. The auditor also may choose to perform
substantive procedures or tests of controls concurrently with risk assessment procedures
because it is efficient to do so.
- The auditor uses professional judgment to determine the extent of the understanding
required. The auditor’s primary consideration is whether the understanding that has been
obtained is sufficient to meet the objective stated in this ISA. The depth of the overall
understanding that is required by the auditor is less than that possessed by management in
managing the entity.
- The risks to be assessed include both those due to error and those due to fraud, and both are
covered by this ISA. However, the significance of fraud is such that further requirements and
guidance are included in ISA 240 in relation to risk assessment procedures and related
activities to obtain information that is used to identify the risks of material misstatement due
to fraud.
- Although the auditor is required to perform all the risk assessment procedures above in the
course of obtaining the required understanding of the entity, the auditor is not required to
perform all of them for each aspect of that understanding. Other procedures may be
performed where the information to be obtained therefrom may be helpful in identifying risks
of material misstatement.
Examples of such procedures include:
www.mdarasa.com
+254708068851

mDarasa Resources
 Reviewing information obtained from external sources such as trade and economic
journals; reports by analysts, banks, or rating agencies; or regulatory or financial
publications.
 Making inquiries of the entity’s external legal counsel or of valuation experts that the entity
has used.
Inquiries of Management, the Internal Audit Function and Others within the Entity
- Much of the information obtained by the auditor’s inquiries is obtained from management
and those responsible for financial reporting. Information may also be obtained by the
auditor through inquiries with the internal audit function, if the entity has such a function
and others within the entity.
- The auditor may also obtain information, or a different perspective in identifying risks of
material misstatement, through inquiries of others within the entity and other employees
with different levels of authority.
For example:
 Inquiries directed towards those charged with governance may help the auditor
understand the environment in which the financial statements are prepared. ISA 260
identifies the importance of effective two-way communication in assisting the auditor to
obtain information from those charged with governance in this regard.
 Inquiries of employees involved in initiating, processing or recording complex or unusual
transactions may help the auditor to evaluate the appropriateness of the selection and
application of certain accounting policies.
 Inquiries directed toward in-house legal counsel may provide information about such
matters as litigation, compliance with laws and regulations, knowledge of fraud or
suspected fraud affecting the entity, warranties, post-sales obligations, arrangements
(such as joint ventures) with business partners and the meaning of contract terms.
 Inquiries directed towards marketing or sales personnel may provide information about
changes in the entity’s marketing strategies, sales trends, or contractual arrangements
with its customers.
 Inquiries directed to the risk management function (or those performing such roles) may
provide information about operational and regulatory risks that may affect financial
reporting.
 Inquiries directed to information systems personnel may provide information about
system changes, system or control failures, or other information system-related risks.
- As obtaining an understanding of the entity and its environment is a continual, dynamic
process, the auditor’s inquiries may occur throughout the audit engagement.
www.mdarasa.com
+254708068851

mDarasa Resources
ENGAGEMENT RISK
Engagement risk―This is the risk that the practitioner expresses an inappropriate conclusion
when the subject matter information is materially misstated.
- Engagement risk does not refer to or include the practitioner’s business risks such as loss
from litigation, adverse publicity, or other events arising in connection with a subject matter
information reported on.
- In general, engagement risk can be represented by the following components, although not
all of these components will necessarily be present or significant for all assurance
engagements:
(a) Risks that the practitioner does not directly influence, which may consist of:
(i) The susceptibility of the subject matter information to a material misstatement before
consideration of any related controls (inherent risk); and
(ii) The risk that a material misstatement that occurs in the subject matter information
will not be prevented, or detected and corrected, on a timely basis by the appropriate
party(ies)’s internal control (control risk); and
(b) Risks that the practitioner does directly influence, which may consist of:
(i) The risk that the procedures performed by the practitioner will not detect a material
misstatement (detection risk); and
(ii) In the case of a direct engagement, the risks associated with the practitioner’s
measurement or evaluation of the underlying subject matter against the applicable
criteria.
- The degree to which each of these components is relevant to the engagement is affected by
the engagement circumstances, in particular:
i) The nature of the underlying subject matter and the subject matter information. For
example, the concept of control risk may be more useful when the underlying subject
matter relates to the preparation of information about an entity’s performance than when
it relates to information about the effectiveness of a controls or the existence of a physical
condition.
ii) Whether a reasonable assurance or a limited assurance engagement is being performed.
For example, in limited assurance attestation engagements the practitioner may often
decide to obtain evidence by means other than tests of controls, in which case
consideration of control risk may be less relevant than in a reasonable assurance
attestation engagement on the same subject matter information.
www.mdarasa.com
+254708068851

mDarasa Resources
iii) Whether it is a direct engagement or an attestation engagement. While the concept of
control risk is relevant to attestation engagements, the broader concept of measurement or
evaluation risk is relevant to direct engagements.
iv) The consideration of risks is a matter of professional judgment, rather than a matter
capable of precise measurement.
Reducing engagement risk to zero is very rarely attainable or cost beneficial and, therefore,
reasonable assurance is less than absolute assurance, as a result of factors such as the following:
 The use of selective testing.
 The inherent limitations of internal control.
 The fact that much of the evidence available to the practitioner is persuasive rather than
conclusive.
 The use of professional judgment in gathering and evaluating evidence and forming
conclusions based on that evidence.
 In some cases, the characteristics of the underlying subject matter when evaluated or
measured against the applicable criteria.
Significant Risks
Identifying Significant Risks
- Significant risks often relate to significant non-routine transactions or judgmental matters.
Non-routine transactions are transactions that are unusual, due to either size or nature, and
that therefore occur infrequently.
- Judgmental matters may include the development of accounting estimates for which there
is significant measurement uncertainty. Routine, noncomplex transactions that are subject
to systematic processing are less likely to give rise to significant risks.
- Risks of material misstatement may be greater for significant non-routine transactions
arising from matters such as the following:
 Greater management intervention to specify the accounting treatment.
 Greater manual intervention for data collection and processing.
 Complex calculations or accounting principles.
 The nature of non-routine transactions, which may make it difficult for the entity to
implement effective controls over the risks.
- Risks of material misstatement may be greater for significant judgmental matters that require
the development of accounting estimates, arising from matters such as the following:
 Accounting principles for accounting estimates or revenue recognition may be subject
to differing interpretation.
 Required judgment may be subjective or complex, or require assumptions about the
effects of future events, for example, judgment about fair value.
www.mdarasa.com
+254708068851

mDarasa Resources
- ISA 330 describes the consequences for further audit procedures of identifying a risk as
significant.
- Significant risks relating to the risks of material misstatement due to fraud
- ISA 240 provides further requirements and guidance in relation to the identification and
assessment of the risks of material misstatement due to fraud.
Understanding Controls Related to Significant Risks

Although risks relating to significant non-routine or judgmental matters are often less likely to be
subject to routine controls, management may have other responses intended to deal with such
risks. Accordingly, the auditor’s understanding of whether the entity has designed and
implemented controls for significant risks arising from non-routine or judgmental matters
includes whether and how management responds to the risks. Such responses might include:
 Control activities such as a review of assumptions by senior management or experts.
 Documented processes for estimations.
 Approval by those charged with governance.
- For example, where there are one-off events such as the receipt of notice of a significant
lawsuit, consideration of the entity’s response may include such matters as whether it has
been referred to appropriate experts (such as internal or external legal counsel), whether an
assessment has been made of the potential effect, and how it is proposed that the
circumstances are to be disclosed in the financial statements.
- In some cases, management may not have appropriately responded to significant risks of
material misstatement by implementing controls over these significant risks. Failure by
management to implement such controls is an indicator of a significant deficiency in
internal control.
Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate
Audit Evidence
- Risks of material misstatement may relate directly to the recording of routine classes of
transactions or account balances, and the preparation of reliable financial statements. Such
risks may include risks of inaccurate or incomplete processing for routine and significant
classes of transactions such as an entity’s revenue, purchases, and cash receipts or cash
payments.
- Where such routine business transactions are subject to highly automated processing with
little or no manual intervention, it may not be possible to perform only substantive
procedures in relation to the risk. For example, the auditor may consider this to be the case in
circumstances where a significant amount of an entity’s information is initiated, recorded,
processed, or reported only in electronic form such as in an integrated system. In such cases:
www.mdarasa.com
+254708068851

mDarasa Resources
 Audit evidence may be available only in electronic form, and its sufficiency and
appropriateness usually depend on the effectiveness of controls over its accuracy and
completeness.
 The potential for improper initiation or alteration of information to occur and not be
detected may be greater if appropriate controls are not operating effectively.
Revision of Risk Assessment

- During the audit, information may come to the auditor’s attention that differs significantly
from the information on which the risk assessment was based. For example, the risk
assessment may be based on an expectation that certain controls are operating effectively. In
performing tests of those controls, the auditor may obtain audit evidence that they were not
operating effectively at relevant times during the audit.
- Similarly, in performing substantive procedures the auditor may detect misstatements in
amounts or frequency greater than is consistent with the auditor’s risk assessments. In such
circumstances, the risk assessment may not appropriately reflect the true circumstances of the
entity and the further planned audit procedures may not be effective in detecting material
misstatements.
Documentation
- The manner in which the requirements are documented is for the auditor to determine using
professional judgment. For example, in audits of small entities the documentation may be
incorporated in the auditor’s documentation of the overall strategy and audit plan.
- Similarly, for example, the results of the risk assessment may be documented separately, or
may be documented as part of the auditor’s documentation of further procedures.
- The form and extent of the documentation is influenced by the nature, size and complexity of
the entity and its internal control, availability of information from the entity and the audit
methodology and technology used in the course of the audit.
- For entities that have uncomplicated businesses and processes relevant to financial reporting,
the documentation may be simple in form and relatively brief. It is not necessary to document
the entirety of the auditor’s understanding of the entity and matters related to it. Key
elements of understanding documented by the auditor include those on which the auditor
based the assessment of the risks of material misstatement.
- The extent of documentation may also reflect the experience and capabilities of the members
of the audit engagement team. Provided the requirements of ISA 230 are always met, an
audit undertaken by an engagement team comprising less experienced individuals may
require more detailed documentation to assist them to obtain an appropriate understanding of
the entity than one that includes experienced individuals.
- For recurring audits, certain documentation may be carried forward, updated as necessary to
reflect changes in the entity’s business or processes.
www.mdarasa.com
+254708068851

mDarasa Resources
Control Environment
The control environment encompasses the following elements:
(a) Communication and enforcement of integrity and ethical values.
The effectiveness of controls cannot rise above the integrity and ethical values of the people
who create, administer, and monitor them.
Integrity and ethical behaviorsare the product of the entity’s ethical and behavioral standards,
how they are communicated, and how they are reinforced in practice.
The enforcement of integrity and ethical values includes, for example, management actions
to eliminate or mitigate incentives or temptations that might prompt personnel to engage in
dishonest, illegal, or unethical acts. The communication of entity policies on integrity and
ethical values may include the communication of behavioral standards to personnel through
policy statements and codes of conduct and by example.
(b) Commitment to competence. Competence is the knowledge and skills necessary to
accomplish tasks that define the individual’s job.
(c) Participation by those charged with governance. An entity’s control consciousness is
influenced significantly by those charged with governance. The importance of the
responsibilities of those charged with governance is recognized in codes of practice and other
laws and regulations or guidance produced for the benefit of those charged with governance.
Other responsibilities of those charged with governance include oversight of the design and
effective operation of whistle blower procedures and the process for reviewing the
effectiveness of the entity’s internal control.
(d) Management’s philosophy and operating style. Management’s philosophy and operating
style encompass a broad range of characteristics. For example, management’s attitudes and
actions toward financial reporting may manifest themselves through conservative or
aggressive selection from available alternative accounting principles, or conscientiousness
and conservatism with which accounting estimates are developed.
(e) Organizational structure. Establishing a relevant organizational structure includes
considering key areas of authority and responsibility and appropriate lines of reporting. The
appropriateness of an entity’s organizational structure depends, in part, on its size and the
nature of its activities.
(f) Assignment of authority and responsibility. The assignment of authority and responsibility
may include policies relating to appropriate business practices, knowledge and experience of
key personnel, and resources provided for carrying out duties. In addition, it may include
policies and communications directed at ensuring that all personnel understand the entity’s
objectives, know how their individual actions interrelate and contribute to those objectives,
and recognize how and for what they will be held accountable.
(g) Human resource policies and practices. Human resource policies and practices often
demonstrate important matters in relation to the control consciousness of an entity. For
www.mdarasa.com
+254708068851

mDarasa Resources
example, standards for recruiting the most qualified individuals – with emphasis on
educational background, prior work experience, past accomplishments, and evidence of
integrity and ethical behavior – demonstrate an entity’s commitment to competent and
trustworthy people. Training policies that communicate prospective roles and responsibilities
and include practices such as training schools and seminars illustrate expected levels of
performance and behavior.
Promotions driven by periodic performance appraisals demonstrate the entity’s commitment to

the advancement of qualified personnel to higher levels of responsibility.
Entity’s Risk Assessment Process

- For financial reporting purposes, the entity’s risk assessment process includes how
management identifies business risks relevant to the preparation of financial statements in
accordance with the entity’s applicable financial reporting framework, estimates their
significance, assesses the likelihood of their occurrence, and decides upon actions to
respond to and manage them and the results thereof. For example, the entity’s risk
assessment process may address how the entity considers the possibility of unrecorded
transactions or identifies and analyzes significant estimates recorded in the financial
statements.
- Risks relevant to reliable financial reporting include external and internal events,
transactions or circumstances that may occur and adversely affect an entity’s ability to
initiate, record, process, and report financial data consistent with the assertions of
management in the financial statements.
- Management may initiate plans, programs, or actions to address specific risks or it may
decide to accept a risk because of cost or other considerations. Risks can arise or change due
to circumstances such as the following:
 Changes in operating environment. Changes in the regulatory or operating
environment can result in changes in competitive pressures and significantly different
risks.
 New personnel. New personnel may have a different focus on or understanding of
internal control.
 New or revamped information systems. Significant and rapid changes in
information systems can change the risk relating to internal control.
 Rapid growth. Significant and rapid expansion of operations can strain controls and
increase the risk of a breakdown in controls.
 New technology. Incorporating new technologies into production processes or
information systems may change the risk associated with internal control.
www.mdarasa.com
+254708068851

mDarasa Resources
 New business models, products, or activities. Entering into business areas or

transactions with which an entity has little experience may introduce new risks
associated with internal control.
 Corporate restructurings. Restructurings may be accompanied by staff reductions
and changes in supervision and segregation of duties that may change the risk
associated with internal control.
 Expanded foreign operations. The expansion or acquisition of foreign operations
carries new and often unique risks that may affect internal control, for example,
additional or changed risks from foreign currency transactions.
 New accounting pronouncements. Adoption of new accounting principles or
changing accounting principles may affect risks in preparing financial statements.
Information System, Including the Related Business Processes, Relevant to Financial

Reporting, and Communication
- An information system consists of infrastructure (physical and hardware components),
software, people, procedures, and data. Many information systems make extensive use of
information technology (IT).
- The information system relevant to financial reporting objectives, which includes the
financial reporting system, encompasses methods and records that:
 Identify and record all valid transactions.
 Describe on a timely basis the transactions in sufficient detail to permit proper
classification of transactions for financial reporting.
 Measure the value of transactions in a manner that permits recording their proper
monetary value in the financial statements.
 Determine the time period in which transactions occurred to permit recording of
transactions in the proper accounting period.
 Present properly the transactions and related disclosures in the financial statements.
- The quality of system-generated information affects management’s ability to make

appropriate decisions in managing and controlling the entity’s activities and to prepare
reliable financial reports.
- Communication, which involves providing an understanding of individual roles and
responsibilities pertaining to internal control over financial reporting, may take such forms as
policy manuals, accounting and financial reporting manuals, and memoranda.
Communication also can be made electronically, orally, and through the actions of
management.
Control Activities
www.mdarasa.com
+254708068851

mDarasa Resources
Generally, control activities that may be relevant to an audit may be categorized as policies and
procedures that pertain to the following:
 Performance reviews. These control activities include reviews and analyses of actual
performance versus budgets, forecasts, and prior period performance; relating different sets
of data – operating or financial – to one another, together with analyses of the relationships
and investigative and corrective actions; comparing internal data with external sources of
information; and review of functional or activity performance.
 Information processing. The two broad groupings of information systems control
activities are application controls, which apply to the processing of individual applications,
and general IT controls, which are policies and procedures that relate to many applications
and support the effective functioning of application controls by helping to ensure the
continued proper operation of information systems.
 Examples of application controls include checking the arithmetical accuracy of records,
maintaining and reviewing accounts and trial balances, automated controls such as edit
checks of input data and numerical sequence checks, and manual follow-up of exception
reports. Examples of general IT controls are program change controls, controls that restrict
access to programs or data, controls over the implementation of new releases of packaged
software applications, and controls over system software that restrict access to or monitor
the use of system utilities that could change financial data or records without leaving an
audit trail.
 Physical controls. Controls that encompass:
- The physical security of assets, including adequate safeguards such as secured facilities
over access to assets and records.
- The authorization for access to computer programs and data files.
- The periodic counting and comparison with amounts shown on control records (for
example, comparing the results of cash, security and inventory counts with accounting
records).
- The extent to which physical controls intended to prevent theft of assets are relevant to
the reliability of financial statement preparation, and therefore the audit, depends on
circumstances such as when assets are highly susceptible to misappropriation.
 Segregation of duties. Assigning different people the responsibilities of authorizing
transactions, recording transactions, and maintaining custody of assets. Segregation of
duties is intended to reduce the opportunities to allow any person to be in a position to both
perpetrate and conceal errors or fraud in the normal course of the person’s duties.
- Certain control activities may depend on the existence of appropriate higher level policies
established by management or those charged with governance.
- For example, authorization controls may be delegated under established guidelines, such as
investment criteria set by those charged with governance; alternatively, non-routine
www.mdarasa.com
+254708068851

mDarasa Resources
transactions such as major acquisitions or divestments may require specific high level
approval, including in some cases that of shareholders.
Monitoring of Controls
- An important management responsibility is to establish and maintain internal control on an
ongoing basis. Management’s monitoring of controls includes considering whether they are
operating as intended and that they are modified as appropriate for changes in conditions.
- Monitoring of controls may include activities such as management’s review of whether bank
reconciliations are being prepared on a timely basis, internal auditors’ evaluation of sales
personnel’s compliance with the entity’s policies on terms of sales contracts, and a legal
department’s oversight of compliance with the entity’s ethical or business practice policies.
Monitoring is done also to ensure that controls continue to operate effectively over time.
- For example, if the timeliness and accuracy of bank reconciliations are not monitored,
personnel are likely to stop preparing them.
- Internal auditors or personnel performing similar functions may contribute to the monitoring
of an entity’s controls through separate evaluations.
- Ordinarily, they regularly provide information about the functioning of internal control,
focusing considerable attention on evaluating the effectiveness of internal control, and
communicate information about strengths and deficiencies in internal control and
recommendations for improving internal control.
- Monitoring activities may include using information from communications from external
parties that may indicate problems or highlight areas in need of improvement. Customers
implicitly corroborate billing data by paying their invoices or complaining about their
charges. In addition, regulators may communicate with the entity concerning matters that
affect the functioning of internal control, for example, communications concerning
examinations by bank regulatory agencies. Also, management may consider communications
relating to internal control from external auditors in performing monitoring activities.
AUDIT RISK
Audit risks (ISA 320)
Audit risk refers to the risk that the auditors will express an inappropriate audit opinion when the
financial statements are materially misstated.
Audit risk therefore could be defined as the chance of damage to the audit firm as a result of
giving an opinion that is wrong in some particular. Or put another way, it could be explained as
the possibility that financial statements contain material mis-statements which had escaped
www.mdarasa.com
+254708068851

mDarasa Resources
detection by both an internal control on which the auditor has relied and on the auditor’s own
substantive tests and other work.
It could be looked at also as: the possibility that the auditor may be required to pay damages to
the client or other persons as a consequence of:
1. The financial statements containing a mis-statement;

2. The complaining party suffering a loss as a direct consequence of relying on the financial
statement and
3. Negligence by the auditor in not detecting any reporting on the mis-statement which can be
demonstrated.
Damage to the audit firm or the auditor may be in the form of monetary damages paid to the
complainant as compensation or simply damage to their reputation with a client or the business
community.
All audits involve an element of risk such that however strong the audit evidence and however
careful the auditor, there is always a possibility of an error or a fraud going undetected. It is
generally known that the auditor who organises his office and staff in a competent manner an
follows auditing standards and guidelines is unlikely to be found negligent and to pay damages
as a consequence of fraud or error not being discovered by him.
Audit risks facing the auditor when material assets are stated at fair values instead of historical
costs include:
o Inherent risk is the susceptibility of an assertion to a misstatement that could be material,

either individually or when aggregated with other misstatements, assuming that there are
no related controls.
o Control risk is the risk that a misstatement that could occur in an assertion and that could
be material either individually or when aggregated with other misstatements, will not be
prevented or detected and corrected on a timely basis by the entity’s internal control.
Control risk is a function of the effectiveness of the design and operation of internal control
in achieving the entity’s objectives relevant to the preparation of the entity’s financial
statements.
o Detection risk is the risk that the auditor will not detect a material misstatement that exists
in an assertion that could be material either individually or when aggregated with other
misstatements. Detection risk is a function of the effectiveness of an audit procedure and
its application by the auditor.
Key audit risks may include

www.mdarasa.com
+254708068851

mDarasa Resources
1. The management should install an internal control system to detect material errors and
correct them. In this case management should implement controls around receivables, work
in progress and inventory to ensure that any materials errors are detected before they make it
to the financial statements.
2. Some material errors may fail to be detected by the controls and others may completely by-
pass the controls. The value of inventory depends on the valuation by the chief engineer of
the firm, who despite all the controls may under or overstate the value of inventory to suit the
management intentions.
3. The auditor is expected to carry out audit procedures to provide reasonable assurance that
material errors will be detected and removed from the financial statements. Despite the audit
procedures and the controls, there will be the possibility that some misstatements will be
undetected. The management makes provisions for warranties based on estimates
of the costs incurred in repairing the machines.
Audit risk can be either normal or higher than normal.
Normal audit risk

Indications that an audit is a normal risk audit are:
a) The client having management and staff who are competent and have integrity;
b) Where the client has an accounting system that is well designed, works and is subject
c) to strong internal controls;
d) Where the client has no special financial problems;
e) The auditor’s past experience;
f) Where the client is old, well established and the business of the entity is not subject to
g) rapid change;
h) If the client’s board of directors are actively engaged in the company and they provide
i) control and leadership of a good quality;
j) If the board of directors has competent non-executive directors;
k) If the organization has an audit committee.
When the auditor is faced with the normal audit risk, the audit approach adopted is usually one of
reliance on key controls supported by substantive tests, compliance tests and analytical review.
Higher than normal risk

Several audit assignments involve high audit risk and usually in any client there will always be at
least one high risk area. Indications that an audit has an element of higher than normal audit risk
include:
a) Poor management with lack of control and poor book-keeping;
www.mdarasa.com
+254708068851

mDarasa Resources
b) Liquidity problems and high gearing;
c) The opposite of all the factors mentioned in the normal risk above;
d) Recent changes in ownership, control or key staff;
e) Changes in accounting policies or procedures;
f) Future plans to seek quotation on the Nairobi Stock Exchange;
g) Over-reliance on a few products, customers, suppliers and investments in new ventures or
products;
h) Problems inherent in the nature of the business for example difficulties in stock counting or
valuation, difficulties in determining the extent of claims and provisions and cut-off
problems;
i) The existence of put upon enquiry situations, dominance by the single person and lack of
involvement of directors or proprietors. In such a situation, the auditor approaches his audit
in a manner that is:
 Collection of audit evidence in each area from a wide range of sources

 Taking extreme care in the preparation of audit working papers
 Investigating thoroughly high risk and problematic areas
 Exercising extreme care in drafting the audit report
In addition to normal risk and higher than normal risk discussed above, the auditor can also be
exposed by sub-standard work such as:
i) His failure to recognise put upon enquiry situation

ii) His failure to draw correct inferences from audit evidence and the analytical review
iii) His use of wrong procedures in a particular situation
iv) His failure to perform necessary audit work because of time and cost consideration
v) His failure to detect errors or fraud because of poor sampling methods or the selection
vi) of inadequate sample sizes
It is essential that an audit firm should organize itself in such a way that it can minimise the risk
of suffering any damage. We can look at these measures from two points of view. Broad
measures taken by the profession as a whole and measures to be taken by the individual auditor
in minimising this audit risk.
This approach requires the auditor to determine what are the very important business risks which
the client faces. This line of approach both helps the client and also enables the auditor to
appreciate and understand his clients business and appreciate all aspects of the business
activities. It is then for the auditor to determine where the risks are likely or unlikely and whether
the risks are likely to produce serious consequences. This enable the audit to be focussed on
www.mdarasa.com
+254708068851

mDarasa Resources
those matters where there is a possibility of misstatement. This is the basis of revised auditing
standards.
The big firms have largely adopted this approach within their audit methodology.
The history of auditing shows a gradual change over time as detailed testing of transactions
moved to system audits. The next development was the audit risk model which focuses the audit
and the extent of audit procedures on to the areas of an audit where the auditor was most at risk
of giving an inappropriate opinion.
ISA 220, Quality Control for an Audit of Financial Statements,

 Environmental requirements affecting the industry and the entity’s business.
 ISA 250 includes some specific requirements related to the legal and regulatory framework
applicable to the entity and the industry or sector in which the entity operates.
Considerations specific to public sector entities

For the audits of public sector entities, law, regulation or other authority may affect the entity’s
operations. Such elements are essential to consider when obtaining an understanding of the entity
and its environment.
Other External Factors

Examples of other external factors affecting the entity that the auditor may consider include the
general economic conditions, interest rates and availability of financing, and inflation or
currency revaluation.
Nature of the Entity

An understanding of the nature of an entity enables the auditor to understand such matters as:
 Whether the entity has a complex structure, for example, with subsidiaries or other
components in multiple locations. Complex structures often introduce issues that may give
rise to risks of material misstatement. Such issues may include whether goodwill, joint
ventures, investments, or special-purpose entities are accounted for appropriately.
 The ownership, and relations between owners and other people or entities. This
understanding assists in determining whether related party transactions have been identified
and accounted for appropriately.
 ISA 550establishes requirements and provides guidance on the auditor’s considerations
relevant to related parties.
Examples of matters that the auditor may consider when obtaining an understanding of the nature
of the entity include:
• Business operations such as:

o Nature of revenue sources, products or services, and markets, including involvement in
electronic commerce such as Internet sales and marketing activities.
www.mdarasa.com
+254708068851

mDarasa Resources
o Conduct of operations (for example, stages and methods of production, or activities
exposed to environmental risks).
o Alliances, joint ventures, and outsourcing activities.
o Geographic dispersion and industry segmentation.
o Location of production facilities, warehouses, and offices, and location and quantities of
inventories.
o Key customers and important suppliers of goods and services, employment arrangements
(including the existence of union contracts, pension and other post- employment benefits,
stock option or incentive bonus arrangements, and government regulation related to
employment matters).
o Research and development activities and expenditures.
o Transactions with related parties.
 Investments and investment activities such as:
o Planned or recently executed acquisitions or divestitures.
o Investments and dispositions of securities and loans
o Capital investment activities
o Investments in non-consolidated entities, including partnerships, joint ventures and
special-purpose entities
 Financing and financing activities such as:
o Major subsidiaries and associated entities, including consolidated and non-consolidated
structures.
o Debt structure and related terms, including off-balance-sheet financing arrangements and
leasing arrangements.
o Beneficial owners (local, foreign, business reputation and experience) and related parties.
o Use of derivative financial instruments.
• Financial reporting such as:
o Accounting principles and industry-specific practices, including industry-specific
significant categories (for example, loans and investments for banks, or research and
development for pharmaceuticals).
o Revenue recognition practices.
o Accounting for fair values.
o Foreign currency assets, liabilities and transactions.
o Accounting for unusual or complex transactions including those in controversial or
emerging areas (for example, accounting for stock-based compensation).
Significant changes in the entity from prior periods may give rise to, or change, risks of material
misstatement.
Nature of Special-Purpose Entities
www.mdarasa.com
+254708068851

mDarasa Resources
- A special-purpose entity (sometimes referred to as a special-purpose vehicle) is an entity that
is generally established for a narrow and well defined purpose, such as to effect a lease or a
securitization of financial assets, or to carry out research and development activities. It may
take the form of a corporation, trust, partnership or unincorporated entity. The entity on
behalf of which the special-purpose entity has been created may often transfer assets to the
latter (for example, as part of a de-recognition transaction involving financial assets), obtain
the right to use the latter’s assets, or perform services for the latter, while other parties may
provide the funding to the latter. As ISA 550 indicates, in some circumstances, a special
purpose entity may be a related party of the entity.
- Financial reporting frameworks often specify detailed conditions that are deemed to amount
to control, or circumstances under which the special purpose entity should be considered for
consolidation. The interpretation of the requirements of such frameworks often demands a
detailed knowledge of the relevant agreements involving the special-purpose entity.
The Entity’s Selection and Application of Accounting Policies

- An understanding of the entity’s selection and application of accounting policies may
encompass such matters as:
 The methods the entity uses to account for significant and unusual transactions.
 The effect of significant accounting policies in controversial or emerging areas for which
there is a lack of authoritative guidance or consensus.
 Changes in the entity’s accounting policies.
 Financial reporting standards and laws and regulations that are new to the entity and
when and how the entity will adopt such requirements.
BUSINESS RISK ON THE STRENGTH OF AUDIT EVIDENCE ASSESSING

INTERNAL CONTROLS
The Business Risk Approach to Auditing
Business risk is the threat that an event or action will adversely affect a business’s ability to
achieve its ongoing objective. It can be split between external and internal factors.
TAXATION OF INCOMES OF PERSONS
The business risk approach to auditing involves examining the business in it’s entirely and
evaluating the various risks to which it is exposed. The business risks are factors which affect the
company’s ability to meet its goals. The risks may be controllable (to some extent) or
uncontrollable (for example, external factors). It may be possible to trade-off some risks (e.g.
insurance). The auditor is concerned about those risks which may impact upon the financial
statements and therefore needs a full understanding of the business and its risks in order to do
this. The auditor will then plan the audit strategy with these business risks clearly focused in
mind.
www.mdarasa.com
+254708068851

mDarasa Resources
The Effects of the Business Risk Approach

There are some general points which can be made about the business risk approach and the effect
it has had on the auditing process.
i) This ‘top down’ approach to the audit, beginning with business risk and ending with the
ii) There is still a lack of clarity in the relationship between business risk and audit risk
iii) The ideas of inherent risk and control risk have tended to merge into the larger concept of
business risk.
iv) The ideas of inherent risk and control risk can be called residual risk which has to be
minimized by audit action. An audit action carries with it detection risk.
v) The approach is very much a high level approach and should include consideration of all
matters which are critical to the business. For example, ‘could the client lose the
vi) XYZ franchise and what would be the possible consequences for the company and its
financial statements?’
vii) Because of the high level of understanding required of a client’s business it is possible to
use analytical procedures more frequently as a procedure for verification of financial
statement assertions
viii) It is an aid to the firm’s acceptance and continuation procedures for clients (do we want
this client?)
ix) Business failure risk is an important aspect of overall business risk. The assessment of
business failure risk will assist the auditor when considering the going concern status of
the clients business.
x) The audit needs to be tailor made and a generalized approach to audits is neither
productive nor economical
xi) Auditors need more understanding of business and to that end the larger firms set up
larger databases of information about the economy and the business world
xii) The concept implies a continuing relationship with the client rather than a one off view
with each year being separate.
As should be evident from this summary the business risk approach is a more holistic approach
to the audit. The business risk approach starts at a stage back from the traditional audit risk
model and offers more benefit to auditors and clients alike.
Business Risk results from significant conditions, events, circumstances or actions that could
adversely affect the entity's ability to achieve its objectives and execute its strategies. Even
though such risks are likely to eventually have an impact on an entity's financial statements, not
every business risk will translate directly in a risk of a material misstatement in the financial
statements, which is often referred to as audit risks. There are 3 categories of business risk.
www.mdarasa.com
+254708068851

mDarasa Resources
o Financial risk- this is the risk that the firm will not be able to meet its short term maturing
obligations as a when they fall due.
o Operational risk- these are risks arising with regard to operations for instance, the risk that
a major supplier will lay longer be able to supply the company with the key raw materials.
o Compliance risk- Risk that arises from non-compliance with laws and regulations under
which the business operates tor example, environmental issues.
Objectives and Strategies and Related Business Risks

- The entity conducts its business in the context of industry, regulatory and other internal and
external factors. To respond to these factors, the entity’s management or those charged with
governance define objectives, which are the overall plans for the entity. Strategies are the
approaches by which management intends to achieve its objectives. The entity’s objectives
and strategies may change over time.
- Business risk is broader than the risk of material misstatement of the financial statements,
though it includes the latter. Business risk may arise from change or complexity. A failure to
recognize the need for change may also give rise to business risk. Business risk may arise, for
example, from:
 The development of new products or services that may fail;
 A market which, even if successfully developed, is inadequate to support a product or
service; or
 Flaws in a product or service that may result in liabilities and reputational risk.
- An understanding of the business risks facing the entity increases the likelihood of
identifying risks of material misstatement, since most business risks will eventually have
financial consequences and, therefore, an effect on the financial statements. However, the
auditor does not have a responsibility to identify or assess all business risks because not all
business risks give rise to risks of material misstatement.
- Examples of matters that the auditor may consider when obtaining an understanding of the
entity’s objectives, strategies and related business risks that may result in a risk of material
misstatement of the financial statements include:
 Industry developments (a potential related business risk might be, for example, that the
entity does not have the personnel or expertise to deal with the changes in the industry).
 New products and services (a potential related business risk might be, for example, that
there is increased product liability).
 Expansion of the business (a potential related business risk might be, for example, that
the demand has not been accurately estimated).
 New accounting requirements (a potential related business risk might be, for example,
incomplete or improper implementation, or increased costs).
www.mdarasa.com
+254708068851

mDarasa Resources
 Regulatory requirements (a potential related business risk might be, for example, that
there is increased legal exposure).
 Current and prospective financing requirements (a potential related business risk might
be, for example, the loss of financing due to the entity’s inability to meet requirements).
 Use of IT (a potential related business risk might be, for example, that systems and
processes are incompatible).
 The effects of implementing a strategy, particularly any effects that will lead to new
accounting requirements (a potential related business risk might be, for example,
incomplete or improper implementation).
- A business risk may have an immediate consequence for the risk of material misstatement
for classes of transactions, account balances, and disclosures at the assertion level or the
financial statement level. For example, the business risk arising from a contracting customer
base may increase the risk of material misstatement associated with the valuation of
receivables.
- However, the same risk, particularly in combination with a contracting economy, may also
have a longer-term consequence, which the auditor considers when assessing the
appropriateness of the going concern assumption. Whether a business risk may result in a
risk of material misstatement is, therefore, considered in light of the entity’s circumstances.
- Usually, management identifies business risks and develops approaches to address them.
Such a risk assessment process is part of internal control.
METHODS AND TECHNIQUES OF AUDITING HIGH RISK AREAS

TECHNIQUES OF AUDITING
Audit techniques stand for the methods that are adopted by an auditor to obtain evidence. SAP5
describes various techniques of auditing to be applied by the auditor under different circumstances.
1. INSPECTION
a. Documents and records:
While verifying various transactions, the auditor examines the supporting documents and records.
This technique is otherwise called vouching. The purpose of examining the documents and records
is to
a. confirm the authenticity (genuineness) of the transaction.

b. to find whether the transactions and the supporting document are appropriate.
c. to ensure whether the transactions are authorized (approved).
d. to ensure whether the classification of the transaction is proper.
www.mdarasa.com
+254708068851

mDarasa Resources
The auditor goes through the accounting records and documents and if he comes across any
unusual transactions, he verifies the same thoroughly. This is called scanning of records, which
requires experience and expertise.
How for an auditor can rely on the documents depends on the origin (source) of the documents
and the efficiency of the internal control system in operation.
Documents which have their origin in the hands of the third parties and held by third parties are
more reliable than the documents which have their origin in the organization itself and held by the
organization. One can classify the documents into 4 major categories according to their origin and
availability.
1. Documents which have their origin in the hands of the third party and held by them – Most
reliable evidence.
2. Documents which have their origin in the hands of the third party and held by the organization
– More reliable.
3. Documents which have their origin in the hands of the organization and held by the third party
– Reliable.
4. Documents which have the origin in the hands of the organization and held by the organization
– Reliable only if the internal control is effective.
b. Physical Verification
If an item can be measured in physical term, the same may be verified for quantity and quality (if
possible). By physical examination, the auditor ensures the availability of the item. However, the
ownership of the items cannot be verified through this method.
2. OBSERVATION
The auditor observes a particular procedure being carried by the organization. Examples are
observation of the internal control measures that are adopted in transactions involving cash,
procedures followed on receipt or issue of material, etc. The auditor makes his observations to
evaluate the efficiency and effectiveness of the system followed by the organization.
3. INQUIRY AND CONFIRMATION
Inquiry: Seeking information from persons belonging to the organization or from outside
organization is called inquiry.
Confirmation: Confirming the information available with the records of the organization or with
the persons mostly from outside the organization through an inquiry is confirmation.
www.mdarasa.com
+254708068851

mDarasa Resources
Inquiry and confirmation can take place either orally or in writing. The best example for inquiry
and confirmation is confirming the balances of debtors shown in the accounting records with the
debtors of the organization.
4. COMPUTATION
An auditor makes appropriate calculations and verifies the accuracy of the accounting records. For
example, the auditor computes the depreciation to be charged for the year, by taking into
consideration. the value of the asset (cost), the date of purchase, the rate of depreciation, etc., to
verify the accuracy of the depreciation charged by the organization. The auditor also traces a
particular transaction from the origin to check the book keeping procedure.
5. ANALYTICAL PROCEDURES
The purpose of analysis is to ensure consistency of accounting methods and also to evaluate the
efficiency of the management by comparing the results of several years. The several analytical
procedures are
i. Reconciliation
ii. Ratio Analysis; and
iii. Variance Analysis.
The auditor also applies the analytical procedures to help the management in decision making.
Such analytical techniques are
i. Marginal Costing
ii. Standard costing etc.
The auditor studies the nature of the business and also the prevailing circumstances and selects the
techniques to be applied. While conducting the audit, he may change his technique according to
the changes observed in the circumstances. The suitable audit techniques adopted by the auditor
helps him to carry on the audit efficiently.
INTERNAL CONTROL SYSTEMS
The auditors must understand the accounting system and control environment in order to
determine
their audit approach.
Internal control is the process designed and effected by those charged with governance,
management,
and other personnel to provide reasonable assurance about the achievement of the entity's
objectives with regard to reliability of financial reporting, effectiveness and efficiency of
www.mdarasa.com
+254708068851

mDarasa Resources
operations and compliance with applicable laws and regulations.
ISA 315 Identifying and assessing the risks of material misstatement through understanding the
entity and its environment deals with the whole area of controls.
Internalcontrol has five elements:
 The control environment

 The entity's risk assessment process
 The information system relevant to financial reporting
 Control activities
 Monitoring of controls
In obtaining an understanding of internal control, the auditor must understand the design of the
internal control and the implementation of that control. In the following sub-sections, we look at
each of the elements of internal control in turn.
Control environment
The control environment is the framework within which controls operate. The control
environment is very much determined by the management of a business.
Control environment includes the governance and management functions and the attitudes,
awareness and actions of those charged with governance and management concerning the entity's
internal control and its importance in the entity.
A strong control environment does not, itself, ensure the effectiveness of the overall internal
control system, but can be a positive factor when assessing the risks of material misstatement. A
weak control environment can undermine the effectiveness of controls.
Aspects of the control environment (such as management attitudes towards control) will
nevertheless be a significant factor in determining how controls operate. Controls are more likely
to operate well in an environment where they are treated as being important. In addition
consideration of the control environment will mean determining whether certain controls
(internal auditors, budgets) actually exist.
ISA 315 states that auditors shall have an understanding of the control environment. As part of
this
understanding, the auditor shall evaluate whether:
www.mdarasa.com
+254708068851

mDarasa Resources
Management has created and maintained a culture of honesty and ethical behavior
The strengths in the control environment provide an appropriate foundation for the other
components of internal control and whether those components are not undermined by
deficiencies in the control environment
The following illustrates the elements of the control environment that may be relevant when
obtaining an understanding of the control environment.
Communication and enforcement of integrity and ethical values - Essential elements which
influence the effectiveness of the design, administration and monitoring of controls
Commitment to competence - Management's consideration of the competence levels for

particular jobs and how those levels translate into requisite skills and knowledge
Participation by those charged with governance
 Independence from management

 Experience and stature
 Extent of involvement and scrutiny of activities
 Appropriateness of actions and interaction with internal and external auditors
Management's philosophy and operating style

 Approach to taking and managing business risks'
 Attitudes and actions towards financial reporting
 Attitudes towards information processing and accounting functions and personnel
Organisational structure
The framework within which an entity's activities for achieving its objectives are planned,
executed, controlled and reviewed
Assignment of authority and responsibility

How authority and responsibility for operating activities are assigned and how reporting
relationships and authorisation hierarchies are established
Human resource policies and practices

Recruitment, orientation, training, evaluating, counseling, promoting, compensation and
remedial actions
The auditor shall assess whether these elements of the control environment have been
www.mdarasa.com
+254708068851

mDarasa Resources
implemented using a combination of inquiries of management and observation and inspection.
Entity's risk assessment process
ISA 315 says the auditor shall obtain an understanding of whether the entity has a process for:
 Identifying business risks relevant to financial reporting objectives

 Estimating the significance of the risks
 Assessing the likelihood of their occurrence
 Deciding upon actions to address those risks
If the entity has established such a process, the auditor shall obtain an understanding of it. If
there is not a process, the auditor shall discuss with management whether relevant business risks
have been identified and how they have been addressed.
Information system relevant to financial reporting

The information system relevant to financial reporting is a component of internal control that
includes
the financial reporting system, and consists of the procedures and records established to
initiate,record, process and report entity transactions and to maintain accountability for the
related assets, liabilities and equity.
The auditor shall obtain an understanding of the information system relevant to financial
reporting
objectives, including the following areas:
 The classes of transactions in the entity's operations that are significant to the financial
statements
 The procedures, within both IT and manual systems, by which those transactions are
initiated,
recorded, processed, corrected, transferred to the general ledger and reported in the financial
statements
 The related accounting records, supporting information, and specific accounts in the financial
statements, in respect of initiating, recording, processing and reporting transactions
 How the information system captures events and conditions, other than transactions, that are
significant to the financial statements
 The financial reporting process used to prepare the entity's financial statements, including
significant accounting estimates and disclosures
 Controls surrounding journal entries, including non-standard journal entries used to record
www.mdarasa.com
+254708068851

mDarasa Resources
non-
recurring, unusual transactions or adjustments
The auditor shall obtain an understanding of how the entity communicates financial reporting
roles and responsibilities and significant matters relating to financial reporting.
Control activities
Control activities are those policies and procedures that help ensure that management directives
are carried out.
 ISA 315 states that the auditor shall obtain an understanding of control activities relevant to
the audit and how the entity has responded to risks arising from IT.
 Control activities include those activities designed to prevent or to detect and correct errors.
Examples
include activities relating to authorisation, performance reviews, information processing,
physical controls and segregation of duties.
Examples of control activities
Approval and control of documents - Transactions should be approved by an appropriate

person. For example, overtime should be approved by departmental managers.
Controls over computerised applications
Checking the arithmetical accuracy of records - for example checking to see if individual
invoices have been added up correctly.
Maintaining and reviewing control accounts and trial balances - Control accounts bring
together transactions in individual ledgers. Trial balances bring together unusual transactions for
the organisation as a whole. Preparing these can highlight unusual transactions or accounts.
Reconciliations - Reconciliations involve comparison of a specific balance in the accounting

records with what another source says the balance should be, for example, a bank reconciliation.
Differences between the two figures should only be reconciling items.
Comparing the results of cash, security and inventory counts with accounting records - For
example, in a physical count of petty cash, the balance shown in the cash book should be the
same as the amount held.
Comparing internal data with external sources of information - For example, comparing
www.mdarasa.com
+254708068851

mDarasa Resources
records of goods dispatched to customers with customers' acknowledgement of goods that have
been received.
Limiting physical access to assets and records - Only authorised personnel should have access
to certain assets (particularly valuable or portable ones)for example, ensuring that the inventory
store is only open when store personnel are there and is otherwise locked
Segregation of duties
Segregation implies a number of people being involved in the accounting process. This makes it
more
difficult for fraudulent transactions to be processed (since a number of people would have to
collude in the fraud), and it is also more difficult for accidental errors to be processed (since the
more people are involved, the more checking there can be). Segregation should take place in
various ways:
a) Segregation of function. The key functions that should be segregated are the carrying out of a
transaction, recording that transaction in the accounting records and maintaining custody of
assets that arise from the transaction.
b) The various steps in carrying out the transaction should also be segregated.
c) The carrying out of various accounting operations should be segregated. For example the
same
staff should not record transactions and carry out the reconciliations at the period-end.
Monitoring of controls
Monitoring of controls is a process to assess the effectiveness of internal control performance
over time.
It includes assessing the design and operation of controls on a timely basis and taking necessary
corrective actions modified for changes in conditions.
The auditor shall obtain an understanding of the major activities that the entity uses to monitor
internal control over financial reporting, including those related to those control activities
relevant to the audit, and how the entity initiates corrective actions to deficiencies in its controls.
If the entity has an internal audit function, the auditor shall obtain an understanding of the nature
of its responsibilities and how it fits in the organisational structure, and the activities
performed/to be
performed.
www.mdarasa.com
+254708068851

mDarasa Resources
The auditor shall also obtain an understanding of the sources of the information used in the
monitoring activities and the basis on which management considers it reliable.
Small companies - the problem of control

Many of the controls which would be relevant to a large entity are neither practical nor
appropriate for a small company. For a small company the most important form of internal
control is generally the close involvement of the directors or proprietors. However, that very
involvement will enable them to override controls and, if they wish, to exclude transactions from
the records.
Auditors can have difficulties not because there is a general lack of controls but because the
evidence available as to their operation and the completeness of the records is insufficient.
Segregation of duties will often appear inadequate in enterprises having a small number of staff.
Similarly, because of the scale of the operation, organisation and management controls are likely
to be
rudimentary at best.
The onus is on the proprietor, by virtue of his day-to-day involvement, to compensate for this
lack. This involvement should encompass physical, authorisation, arithmetical and accounting
controls as well as supervision.
However it is important to stress that in a well run small company there will be a system of
internal
control. In any case, all companies must comply with any relevant legislation concerning the
maintenance of a proper accounting system.
Where the manager of a small business is not himself the owner, he may not possess the same
degree of commitment to the running of it as an owner-manager would. In such cases, the
auditors will have to consider the adequacy of controls exercised by the shareholders over the
manager in assessing internal control.
Limitations of accounting and control systems
Any internal control system can only provide the directors with reasonable assurance that their
objectives are reached, because of inherent limitations. These include:
The costs of control not outweighing their benefits

The potential for human error
www.mdarasa.com
+254708068851

mDarasa Resources
Collusion between employees

The possibility of controls being by-passed or overridden by management
Controls being designed to cope with routine and not non-routine transactions
These factors demonstrate why auditors cannot obtain all their evidence from tests of the systems
of
internal control. The key factors in the limitations of controls system are human error and
potential for
fraud.
The safeguard of segregation of duties can help deter fraud. However, if employees decide to
perpetrate frauds by collusion, or management commits fraud by overriding systems, the
accounting system will not be able to prevent such frauds.
This is one of the reasons that auditors always need to be alert to the possibility of fraud, the
subject of ISA 240.
THE USE OF INTERNAL CONTROL SYSTEMS BY AUDITORS
The auditors shall assess the adequacy of the systems as a basis for the financial statements and
shall
identify risks of material misstatements to provide a basis for designing and performing further
audit
procedures.
Auditors are only concerned with assessing policies and procedures which are relevant to the
financial
statements. Auditors shall:
 Assess the adequacy of the accounting system as a basis for preparing the accounts
 Identify the types of potential misstatements that could occur in the accounts
 Consider factors that affect the risk of misstatements
 Design appropriate audit procedures
We have discussed the process of assessing the risks of material misstatement in previously. The
assessment of the controls of an entity will have an impact on that risk assessment.
Risks arising from poor control environments are unlikely to be confined to particular assertions
in the financial statements, and, if severe, may even raise questions about whether the financial
statements are capable of being audited, that is, if control risk is so high that audit risk cannot be
www.mdarasa.com
+254708068851

mDarasa Resources
reduced to an
acceptable level.
On the other hand, some control procedures may be closely connected to an assertion in financial
statements, for example, controls over the inventory count are closely connected with the
existence and completeness of inventory in the financial statements.
The evaluation of internal control components the controls, that is by controls testing. This is
most likely to be the case in a system which is highly computerised and which does not require
much manual intervention.
Recording accounting and control systems
The auditors must keep a record of the client's systems which must be updated each year. This
can be
done through the use of narrative notes, flowcharts, questionnaires or checklists.
There are several techniques for recording the assessment of control risk, that is, the system. One
or more of the following may be used depending on the complexity of the system.
 Questionnaires
 Checklists
 Narrative notes
 Flowcharts
Whatever method of recording is used, the record will usually be retained on the permanent file
and
updated each year. We will look at the use of questionnaires in a little more detail here. There are
two
types, each with a different purpose.
 Internal Control Questionnaires (ICQs) are used to ask whether controls exist which meet
specific control objectives.
 Internal Control Evaluation Questionnaires (ICEQs) are used to determine whether there
are controls which prevent or detect specified errors or omissions.
If the auditors believe the system of controls is strong, they may choose to test controls to assess
whether they can rely on the controls having operated effectively.
www.mdarasa.com
+254708068851

mDarasa Resources
Confirming understanding
In order to confirm their understanding of the control systems, auditors will often carry out walk-
through tests. This is where they pick up a transaction and follow it through the system to see
whether all the controls they anticipate should be in existence were in operation with regard to
that transaction.
Tests of control
Tests of control are tests performed to obtain audit evidence about the effectiveness of the:
Design of the accounting and internal control systems, i.e. whether they are suitably designed to
prevent, or detect and correct, material misstatement at the assertion level; and
Operation of the internal controls throughout the period.
Tests of control are distinguished from substantive tests which are designed to detect material
misstatements in the financial statements.
Tests of control may include the following.
a) Inspection of documents supporting controls or events to gain audit evidence that internal
controls
have operated properly, e.g. verifying that a transaction has been authorised
b) Inquiries about internal controls which leave no audit trail, e.g. determining who actually
performs each function not merely who is supposed to perform it
c) Reperformance of control procedures, e.g. reconciliation of bank accounts, to ensure they
were
correctly performed by the entity
d) Examination of evidence of management views, e.g. minutes of management meetings
e) Testing of internal controls operating on computerised systems or over the overall IT
functionegaccess controls
f) Observation of controls to consider the manner in which the control is being operated
Auditors should consider:
How controls were applied
The consistency with which they were applied during the period
By whom they were applied
Deviations in the operation of controls (caused by change of staff etc) may increase control
riskandtestsof control may need to be modified to confirm effective operation during and after
any change,
www.mdarasa.com
+254708068851

mDarasa Resources
The use of computer-assisted audit techniques (CAATs) may be appropriate
In a continuing engagement, the auditor will be aware of the accounting and internal control
systems through work carried out previously but will need to update the knowledge gained and
considerthe need to obtain further audit evidence of any changes in control.
Revision of risk assessment

The auditors may find that the evidence they obtain from controls testing indicates that controls
did not operate as well as they expected, If the evidence contradicts the original risk assessment,
the auditorshave to amend the further procedures they have planned to carry out.
In particular, if controls testing reveal that controls have not operated effectively throughout the
year,theauditor may have to extend substantive testing,
Communication on internal control

Significant weaknesses on internal controls shall be communicated in writing to those charged
with
governance in a report to management in accordance with ISA 260 and ISA 315, Such a report
wouldbeissued at the conclusion of the interim audit or at the conclusion of the final audit if no
interim audit is undertaken. In summary, such a report includes weaknesses found, the
implications of those weaknesses, and possible recommendations to mitigate them.
Internal controls in a computerised environment

There are special considerations for auditors when a system is computerised. IT controls
comprise
general and application controls.
The internal controls in a computerised environment include both manual procedures and
procedures
designed into computer programs. Such control procedures comprise two types of control,
general
controls and application controls.
General IT controls are policies and procedures that relate to many applications and support the
effective functioning of application controls by helping to ensure the continued proper operation
of information systems. They commonly include controls over data center and network
operations, system software acquisition, change and maintenance, access security, and
application system acquisition, development and maintenance.
www.mdarasa.com
+254708068851

mDarasa Resources
Application controls are manual or automated procedures that typically operate at a business
process
level. They can be preventative or detective in nature and are designed to ensure the integrity of
the
accounting records. Accordingly, they relate to procedures used to initiate, record, process and
report
transactions or other financial data.
TEST OF CONTROLS
THE SALES SYSTEM
The tests of controls in the sales system will be based around:
 Selling (authorisation)
 Goods outwards (custody)
 Accounting (recording)
Assertion: Occurrence and existence
Control objectives
 One person is not responsible for taking orders, recording sales and receiving payment.
 Recorded sales transactions represent goods shipped.
 Goods and services are only supplied to customers with good credit ratings.
 Goods and services are provided at authorised prices and on authorised terms.
 Customers are encouraged to pay promptly.
Controls
- Segregation of duties
- Sales recorded only with approved sales order form and shipping documentation.
- Accounting for numerical sequences of invoices.
- Monthly customer statements sent out and customer queries and complaints handled
independently.
- Authorisation of credit terms to customers (senior staff authorisation, references/credit
checksfornew customers, regular review of credit limits)
- Authorisation by senior staff required for changes in other customer data such as address etc.
- Orders not accepted unless credit limits reviewed first.
- Authorised price lists and specified terms of trade in place.
Tests of controls
- Observe and evaluate whether proper segregation of duties is operating.
www.mdarasa.com
+254708068851

mDarasa Resources
- Test a sample of sales invoices for authorised sales order form and shipping documentation.
- Examine application controls for authorisation.
- Review and test entity's procedures for accounting for numerical sequences of invoices.
- Review entity's procedures for sending out monthly statements and dealing with customer
queries and complaints.
- Review entity's procedures for granting credit to customers.
- Examine a sample of sales orders for evidence of proper credit approval by the appropriate
senior staff member.
- Examine application controls for credit limits.
- Authorised price lists and specified terms of trade in place.
- Review all new customer files to ensure satisfactory credit references have been obtained.
- Compare prices and terms on a sample of sales invoices to the authorised price list and terms
of trade.
- Examine application controls for authorised prices and terms.
Assertion:Completeness
Control objectives
- All revenue relating to goods dispatched is recorded.
- All goods and services sold are correctly invoiced.
Controls
- Accounting for numerical sequences of invoices.
- Shipping documentation is matched to sales invoices.
- Sales invoices are reconciled to the daily sales report.
- An open-order file is maintained and reviewed regularly.
Tests of controls
- Review and test entity's procedures for accounting for numerical sequences of invoices.
- Trace a sample of shipping documents to the sales invoices and ledger.
- Review a sample of reconciliations performed.
- Inspect the open- order file for unfilled orders.
Assertion: Accuracy
Control objectives
All sales and adjustments are correctly journalised, summarised and posted to the correct
accounts.
Controls
Sales invoices and matching documents required for all entries.
www.mdarasa.com
+254708068851

mDarasa Resources
Tests of controls
Vouch recorded sales to supporting documents.
Assertion: Cut-off
Control objectives
Transactions have been recorded in the correct period.
Controls
- All shipping documentation is forwarded to the invoicing section on a daily basis.
- Daily invoicing of goods shipped.
Tests of controls
- Compare dates on sales invoices with dates of corresponding shipping documentation.
- Compare dates on sales invoices with dates recorded in the sales ledger.
Assertion: Classification
Control objectives
All transactions are properly classified in accounts.
Controls
- Chart of accounts in place.
- Codes in place for different types of products or services.
Tests of controls
- Review sales ledger for proper classification.
- Examine a sample of sales invoices for proper classification.
- Test application controls for proper codes.
THE PURCHASES SYSTEM

The tests of controls in the purchases system will be based around:
 Buying (authorisation)
 Goods inwards (custody)
 Accounting (recording)
Purchases Control objectives, controls and tests of controls

Assertion:Occurrence and existence
Control objectives
www.mdarasa.com
+254708068851

mDarasa Resources
Recorded purchases represent goods and services received.
Controls
- Authorisation procedures and policies in place for ordering goods and services.
- Segregation of duties.
- Purchase orders raised for each purchase and authorised by appropriate senior personnel.
- Approved purchase order for each receipt of goods.
- Staff receiving goods and check them against the purchase order.
- Stores clerks sign for goods received.
- Purchase orders and GRNs are matched with the supplies’ invoices
Tests of controls
- Inspect policies and procedures and inquire about them.
- Observe and evaluate segregation of duties.
- Examine a sample of purchase orders to ensure they have been appropriately authorised.
- Review the delegated list of authority for purchases.
- For a sample of orders, examine the goods received note (GRN) and match it to the order.
- Observe receipt of goods by staff to confirm whether the check is done.
- Inspect a sample to confirm whether stores staff undertake this check.
- Examine supporting documentation for a sample of invoices
Assertion: Completeness
Control objectives
All purchase transactions that occurred have been recorded.
Controls
- Purchase orders and GRNs are matched with the suppliers' invoices.
- Periodic accounting for prenumbered GRNs and purchase orders.
- Independent check of amount recorded in the purchase journal.
Tests of control
- Examine supporting documentation for a sample of invoices.
- Review entity's procedures for accounting for prenumbered documents.
- Examine application controls.
- Examine documentation for evidence of this check.
Assertion: Rights and obligations
www.mdarasa.com
+254708068851

mDarasa Resources
Control objectives
Recorded purchases represent the liabilities of the entity.
Controls
Purchase orders and GRNs are matched with the suppliers' invoices.
Tests of control
Examine supporting documentation for a sample of invoices.
Assertion: Accuracy, classification and valuation
Control objectives
Purchase transactions are correctly recorded in the accounting system.
Controls
- Purchase orders and GRNs are matched- with the suppliers' invoices.
- Mathematical accuracy of the supplier's invoice is verified.
- Amount posted to general ledger is reconciled to the purchases ledger.
- Chart of accounts in place.
Tests of control
- Examine supporting documentation for documentation for a sample of invoices.
- Recalculate the mathematical accuracy of a sample of suppliers' invoices.
- Review reconciliations for evidence of this check.
- Review purchases journal and general ledger for reasonableness.
Assertion: Cut-off
Control objectives
Purchase transactions are recorded in the correct accounting period.
Controls
- All goods received reports forwarded to accounts payable department daily.
- Procedures in place that require recording of purchases as soon as possible after
goods/services received.
Tests of control
- Compare dates on reports to dates on relevant vouchers.
- Compare dates on vouchers with dates they were recorded in the purchases journal
www.mdarasa.com
+254708068851

mDarasa Resources
THE INVENTORY SYSTEM

Inventory controls are designed to ensure safe custody. Such controls include restriction of
access, documentation and authorisation of movements, regular Independent Inventory counting
and reviews of inventory condition.
Introduction
The inventory system can be very important in an audit because of the high value of inventory or
the complexity of its audit. It is closely connected with the sales and purchases systems covered
in the previous sections.
There are three possible approaches to the audit of inventory and the approach chosen depends
on the control in system in place over inventory.
(a) If the entity has a perpetual inventory system in place where inventory is counted
continuously throughout the year, and therefore a year-end count is not undertaken, a
controls-based approach can be taken if control risk has been assessed as low.
(b) If an inventory count is to be undertaken near the year-end and adjusted by perpetual
inventory records for the year-end value, this approach also requires control risk to be
assessed as low.
(c) If inventory quantities will be determined by an inventory count at the year-end date, a
substantive approach is taken and no reliance is placed on controls.
Control objectives, controls and tests of controls

Most of the controls testing relating to inventory has been covered in the purchase and sales
testing outlined in sections 1 and 2. Auditors will primarily be concerned at this stage with
ensuring that the business keeps track of inventory. To confirm this, tests must be undertaken on
how inventory movements are recorded and how inventory is secured. Auditors will carry out
extensive tests on the valuation of inventory at the substantive testing stage
Assertion: Occurrence and existence
Control objectives
- All inventory movements are authorised and recorded.
- Inventory included on the statement of financial position physically exists.
Controls
- Pre-numbered documentation such as GDNs and GRNs in use.
- Reconciliations of inventory records with general ledger.
www.mdarasa.com
+254708068851

mDarasa Resources
- Physical safeguards in place to ensure inventory is not stolen.
- Separate responsibilities for maintenance of records and custodianship.
- Inventory counted regularly.
Tests of control
- Review documentation in use.
- Review a sample of reconciliations to confirm they are performed and then reviewed by an
independent person
- Observe and evaluate proper segregation of duties.
- Review security systems in place (e.g. locked warehouses, CCTV etc).
- Review policies and procedures in place; discuss procedures with relevant staff.
- Review procedures for counting inventory.
- Attend inventory count.
Control objectives
- All purchases and sales of inventory have been recorded in the accounting system.
Controls
- Procedures in place to include inventory held at third parties and exclude inventory held on
consignment for third parties.
- Reconciliations of accounting records with physical inventory.
Tests of control
- Review entity's procedures relating to consignment inventory.
- Review reconciliations performed and whether reviewed by independent person.
Assertive: Rights and obligations
Control objectives
Inventory records only include items that belong to the entity.
Controls
Procedures in place to include inventory held at third parties and exclude inventory held on
consignment for third parties.
Tests of control
Review entity's procedures relating to consignment inventory.
www.mdarasa.com
+254708068851

mDarasa Resources
Assertive: Accuracy, classification and valuation
Control objectives
- Inventory quantities have been accurately determined.
- Inventory is properly stated at the lower of cost and net realisable value.
Controls
- Periodic or annual comparison of inventory with amounts shown in continuous (perpetual)
inventory records
- Standard costs reviewed by management.
- Review of cost accumulation and variance reports.
- Inventory managers review inventory regularly to identify slow-moving, obsolete and excess
inventory.
Tests of control
- Review and test entity's procedures for taking physical inventory
- Review and test entity's procedures for developing standard costs.
- Inspect variance reports produced.
- Discuss with inventory managers how this is done.
- Observe the procedure being performed.
Assertive: Cut off
Control objectives
All purchases and sales of inventory are recorded in the correct accounting period.
Controls
- All dispatch documents processed daily to record the dispatch of finished goods.
- All goods inwards reports processed daily to record the receipt of inventory.
- Reconciliations of inventory records with general ledger.
Tests of control
- Inspect documentation to confirm daily processing.
- Inspect documentation to confirm daily processing.
- Review reconciliations performed.
Assertive: Presentation and disclosure assertions
Control objectives
- Inventory transactions and balances are properly identified and classified in the financial
statements.
www.mdarasa.com
+254708068851

mDarasa Resources
- Disclosures relating to classification and valuation are sufficient.
Controls
- Orders for materials and production data forms used to process goods through
manufacturing.
- Approval by Finance
- Director
Tests of control
- Review entity's procedures and documentation used to classify inventory.
- Review entity's working papers for evidence of review.
THE CASH SYSTEM
Controls over cash receipts and payments should prevent fraud or theft.
Control objectives, controls and tests of controls

The following table sets out the control objectives, controls and possible tests of controls over
cash
payments.
Assertion: Occurrence
Control Objective
- Only valid cash payments are made.
Controls
- Supplier statements independently reviewed and reconciled to trade payable records.
- Monthly bank reconciliations prepared and reviewed.
- Only authorised staff can make electronic cash payments and issue cheques .
- Electronic cash payments and cheques prepared only after all source documents have been
independently approved.
Test of control
- Review procedures for reconciling supplier statements.
- Review reconciliations to confirm whether undertaken and reviewed.
- Review delegated list of authority for cash payments.
- Inspect relevant documentation for evidence of approval by senior personnel.
Control objective
- All cash payments that occurred are recorded
www.mdarasa.com
+254708068851

mDarasa Resources
Control
- Supplier statements
- Independently reviewed and reconciled to trade payable records.
- Monthly bank reconciliations prepared and reviewed.
- Review of cash payments by manager before release.
- Daily cash payments reconciled to posting to payable accounts.
- Use of prenumbered cheques.
Test of control
- Review procedures for reconciling supplier statements.
- Review reconciliations to confirm whether undertaken and independently reviewed.
- Inspect sample of listings for evidence of senior review.
- Review a sample of reconciliations for evidence that they have been done.
- Examine evidence of use of prenumbered cheques.
The following table sets out the control objectives, controls and possible tests of control over
cash
Control objectives
- Cash payments recorded correctly in the ledger
- Cash payments posted to correct payable accounts and to the general ledger.
Controls
- Reconciliation of daily payments report to electronic cash payment transfers and cheques
issued.
- Supplier statements reconciled to payable accounts regularly.
- Monthly bank reconciliations of bank statements to ledger account. ,
- Supplier statements reconciled to payable accounts regularly.
- Agreement of monthly cash payments journal to general ledger posting
- Payable accounts reconciled to general ledger control account.
Tests of control
- Review reconciliation.
- Review reconciliations for a sample of accounts.
- Review bank reconciliation for evidence it was done and independently reviewed.
- Review reconciliations for a sample of accounts.
- Review postings from journal to general ledger.
www.mdarasa.com
+254708068851

mDarasa Resources
Assertion: Cut-off
Control objectives
Cash payments are recorded in the correct accounting period.
Controls
Reconciliation of electronic funds transfers and cheques issued with postings to cash payments
journal and payable accounts
Tests of control
Review reconciliation and check it is carried out regularly.
Assertion: Presentation and disclosure assertions

Control objectives
- Cash payments are charged to the correct accounts.
Controls
- Chart of accounts
- Independent approval and review of general ledger account assignment.
Tests of control
- Review cash payments journal to assess reasonableness of charging of accounts.
- Review assignment of general ledger account.
The following are control objectives, controls and possible tests of controls over cash receipts.
Assertion: Occurrence
Control objectives
All valid cash receipts are received and deposited.
Controls
- Use of electronic cash receipts transfer not received or deposited
- Monthly bank reconciliations performed and independently reviewed.
- Use of cash registers or point-of-sale devices.
- Periodic inspections of cash sales procedures.
www.mdarasa.com
+254708068851

mDarasa Resources
- Restrictive endorsement of cheques immediately on receipt.
- Mail opened by two staff members.
- Immediate preparation of cash book or list of mail receipts
- Independent check of agreement of cash/cheques to be deposited at bank with register totals
and receipts listing.
- Independent check of agreement of bank deposit slip with daily cash summary.
Test of control
- Examine application controls for electronic cash receipts transfer.
- Review monthly bank reconciliations to confirm performed and reviewed.
- Observe cash sales procedures.
- Inquire of managers about results of inspections.
- Observe mail opening, including endorsement of cheques.
- Observe mail opening procedures.
- Observe preparation of cash receipts' records.
- Review documentation for evidence of independent check.
Assertion:Completeness
Control objectives
All cash receipts received are recorded
Controls
- Use of electronic cash receipts transfer not received or deposited.
- Monthly bank reconciliations performed and independently reviewed.
- Daily cash receipts listing reconciled with posting to customer accounts.
- Customer statements prepared and sent out on a regular basis.
Tests of Controls
- Examine application controls for electronic cash receipts transfer.
- Review monthly bank reconciliations to confirm performed and reviewed.
- Review reconciliation.
- Inquire of management about handling of customer statements.
- Examine a sample of customers and note frequency of statements.

www.mdarasa.com
+254708068851

mDarasa Resources
Control objectives
- Cash receipts recorded at correct amounts.
- Cash receipts posted to correct receivables accounts and to the general ledger.
Control
- Daily remittance report
- Review reconciliations reconciled to control listing of remittance advices.
- Monthly bank statement performed and reviewed independently
- Daily remittance report reconciled, daily with postings to cash, receipts journal and customer
accounts.
- Monthly customer statements sent out.
- Monthly cash receipts journal agreed to general ledger posting
- Receivables ledger reconciled to control account.
Tests of controls
- Review reconciliations for evidence they were performed and independently reviewed.
- Review reconciliations.
- Review entity's procedures for sending out customer statements.
- Review journal and posting to general ledger.
Assertion: Cut-off
Control objectives
Cash receipts are recorded in the correct accounting period.
Control
Bank reconciliation at period-end
Tests of control
Review and test reconciliation
Presentation and disclosure assertions
Control objective
Cash receipts are charged to the correct accounts.
Control
Chart of accounts.
Tests of control
- Review cash receipts journal for unusual items.
www.mdarasa.com
+254708068851

mDarasa Resources
- Trace cash receipts from listing to cash receipts journal for proper classification.
AUDIT WORKING PAPERS

Audit working papers refer to the documents that prepare by or use by auditors as part of their
works. Those documents include the summary of client’s nature of business, business process
flow, audit program, as well as audit testing documents.
Audit working papers are sometime refer to audit documents that they are very import part of
audit works. These documents are the evidence that support auditor to make their conclusion on
the financial statements.
For example, auditor has an engagement with a company to audit the financial statements.
Before signing audit engagement, auditor require to obtain some information about the client, do
the client’s due diligence, and assess whether they should reject or accept the engagement. In this
case if the engagement is ready signed, that mean assessment is already done and accepted.
The documents that auditors use to documents client nature of business, perform client due
diligence, as well as assessment are the example of audit working papers.
Audit working papers also include the words or excel files that auditors used to documents
client’s key internal control over financial reporting, nature of business, as well as audit test’s
working paper. There are many types of audit working papers are listed below.
Form and Content of Working Papers:

Audit working papers are vary depend on many factors include:
 The size and complexity: Size and complexity of entity can be so much different from one client
to another. If the complexity of entity nature of business is different, then the form is also
different. For example, more samples are selected for large entity and different information is
obtain for complex nature of business.
 The nature of the audit procedures to be performed: For example, some testing is very
straightforward and some testing is very complicate.
 The identified risks of material misstatement. For example, if the risks of material misstatements
found to be significant, extend of audit works should be large.
 The significance of the audit evidence obtained.
www.mdarasa.com
+254708068851

mDarasa Resources
 The nature and extent of exceptions
Example:
Here are the example of audit working papers:
 Audit documents on client nature of business
 Audit documents of team meeting
 Evidence of the planning process including audit programs and any changes thereto
 Evidence of the auditor’s consideration of the work of internal audit and conclusions reached
 Analyses of transactions and balances
 Analyses of significant ratios and trends
 Identified and assessed risks of material misstatements
 A record of the nature, timing, extent and results of audit procedures
 Evidence that the work performed was supervised and reviewed
 An indication as to who performed the audit procedures and when they were performed
 Details of audit procedures applied regarding components whose financial statements are audited
 Result of audit testing on depreciation expenses
 Result of audit testing on salaries expenses
 by another auditor
Importance of audit working papers:

Managing audit working paper properly is part of the quality control to make sure that auditors
themselves are compliant with the applicable law and regulation. Auditors might also subject to
be reviewed by local authority, and peer firm to access the quality of audit work.
Keeping audit working properly help auditor to deal with this problem as well as help them to
assess whether they themselves are perform at the acceptable quality.
Auditor required, as per standard, to make sure that all sufficient and appropriate audit
documents are obtained and they could prove this to the relevant parties by documenting,
recording, and keeping audit working papers.
www.mdarasa.com
+254708068851

mDarasa Resources
CONTENT
TOPIC 5
17.5 Audit evaluation and reviews
 Financial statement assertions and audit procedures

 Subsequent events
 Going concern
 Related parties management representation
 Group audit/joint/component audit
 Analytical review
 The company audit
 Audit of consolidated financial statements
 Audit of banks and non banking financial institutions
 Audit of general insurance companies
 Audit of cooperatives societies
 Audit under taxation laws
 Other special audit assignments
www.mdarasa.com
+254708068851

mDarasa Resources
TOPIC 5
AUDIT EVALUATION AND REVIEWS
FINANCIAL STATEMENT ASSERTIONS AND AUDIT PROCEDURES
Financial statement assertions are claims made by an organization's management regarding

its financial statements. The assertions form a theoretical basis from which
external auditors develop a set of audit procedures. These assertions are as follows:
 Accuracy. All of the information contained within the financial statements has been
accurately recorded.
 Completeness. All of the information that should be disclosed has been included within the
financial statements and accompanying footnotes, so that readers have a complete picture of
the results and financial position of the entity.
 Cut-off. Transactions have been compiled into the correct reporting period.
 Existence. The information recorded in the financial statements actually occurred during the
year; fraudulent transactions are most likely to violate this assertion.
 Rights and obligations. The entity is entitled to the assets it is reporting, and is reporting
all of its obligations as liabilities.
 Understandability. The information contained within the financial statements has been
clearly presented, with no intent to obfuscate the results or financial position of the entity.
 Valuation. The transactions that are summarized in the financial statements were properly
valued; this is a particular concern when transactions must be either initially or subsequently
recorded at their market value.
www.mdarasa.com
+254708068851

mDarasa Resources
If audit procedures result in a conclusion that any of the preceding assertions are not correc t,
then the auditors may need to conduct additional audit procedures, or they may not be able
to provide a clean audit opinion at all.
If management is committing fraud in generating financial statements, it is possible that all

of the preceding assertions will prove to be false.
AUDIT PROCEDURES FOR TANGIBLE NON-CURRENT ASSETS
Tangible non-current assets, is a key area of the statement of financial position.
Key areas when testing tangible non-current assets are:
i) Confirmation of ownership
ii) Inspection of non-current assets
iii) Valuation by third parties
iv) Adequacy of depreciation rates
- Obtain or prepare a summary of tangible non-current assets showing how:
 Gross book value
 Accumulated depreciation
 Net book value reconcile with the opening position.
- Compare non-current assets in the general ledger with the non-current assets register and
obtain explanations for differences.
- For a sample of assets which physically exist agree that they are recorded in the
non-current asset register.
- If a non-current asset register is not kept, obtain a schedule showing the original costs and
present depreciated value of major non-current assets.
- Reconcile the schedule of non-current assets with the general ledger.
Existence
- Confirm that the company physically inspects all items in the non-current asset register each
year.
- Inspect assets, concentrating on high value items and additions in-year.
- Confirm that items inspected:
 Exist
 Are in use
 Are in good condition
 Have correct serial numbers
- Review records of income-yielding assets.
- Reconcile opening and closing vehicles by numbers as well as amounts.
www.mdarasa.com
+254708068851

mDarasa Resources
Valuation
- Verify valuation to valuation certificate.
- Consider reasonableness of valuation, reviewing:
 Experience of valuer
 Scope of work
 Methods and assumptions used
 Valuation bases are in line with accounting standards
- Reperform calculation of revaluation surplus.
- Confirm whether valuations of all assets that have been revalued have been updated regularly
(full valuation every five years and an interim valuation in year three generally) by inquiries
of Finance Director and inspection of previous financial statements.
- Inspect draft accounts to check that client has recognised in the statement of comprehensive
income revaluation losses unless there is a credit balance in respect of that asset in equity, in
which case it should be debited to equity to cancel the credit. All revaluation gains should be
credited to equity.
- Review depreciation rates applied in relation to:
 Asset lives
 Residual values
 Replacement policy
 Past experience of gains and losses on disposal
 Consistency with prior years and accounting policy
 Possible obsolescence
- Review non-current assets register to ensure that depreciation has been charged on all assets
with a limited useful life.
- For revalued assets, ensure that the charge for depreciation is based on the revalued amount
by recalculating it for a sample of revalued assets.
- Reperform calculation of depreciation rates to ensure it is correct.
- Compare ratios of depreciation to non-current assets (by category) with:
 Previous years
 Depreciation policy rates
- Scrutinise draft accounts to ensure that depreciation policies and rates are disclosed in the
accounts.
- Review insurance policies in force for all categories of tangible non-current assets and
consider the adequacy of their insured values and check expiry dates.
Rights and obligations

- Verify title to land and buildings by inspection of:
www.mdarasa.com
+254708068851

mDarasa Resources
• Title deeds
• Land registry certificates
• Leases
- Obtain a certificate from solicitors/bankers:
• Stating purpose for which the deeds are being held (custody only)
• Stating deeds are free from mortgage or lien.
- Inspect registration documents for vehicles held, confirming that they are in client's name.
- Confirm all vehicles are used for the client's business.
- Examine documents of title for other assets (including purchase invoices, architects'
certificates, contracts, hire purchase or lease agreements).
- Review for evidence of charges in statutory books and by company search.
- Review leases of leasehold properties to ensure that company has fulfilled covenants therein.
- Examine invoices received after year-end, orders and minutes for evidence of capital
commitments
Additions
These tests are to confirm rights and obligations, valuation and completeness.
- Verify additions by inspection of architects' certificates, solicitors' completion statements,
suppliers' invoices etc.
- Review capitalisation of expenditure by examining for non-current assets additions and items
in relevant expense categories (repairs, motor expenses, sundry expenses) to ensure that:
- Capital/revenue distinction is correctly drawn
- Capitalisation is in line with consistently applied company policy
- Inspect non-current asset accounts for a sample of purchases to ensure they have been
properly allocated.
- Check purchases have been authorised by directors/senior management by reviewing board
minutes.
- Ensure that appropriate claims have been made for grants, and grants received and receivable
have been received, by inspecting claims documentations and bank statements.
- Check additions have been recorded by scrutinising the non-current asset register and general
ledger.
Self constructed assets

These tests are to confirm valuation and completeness.
- Verify material and labour costs and overheads to invoices, wage records etc.
- Ensure expenditure has been analysed correctly and properly charged to capital.
- Expenditure should be capitalised if it:
• Enhances the economic benefits of the asset in excess of its previously assessed standard
of performance
www.mdarasa.com
+254708068851

mDarasa Resources
• Replaces or restores a component of the asset that has been treated separately for
depreciation purposes, and depreciated over its useful economic life
• Relates to a major inspection or overhaul that restores the economic benefits of the asset
that have been consumed by the entity, and have already been reflected in depreciation
- Review costs to ensure that no profit element has been included.

- Review accounts to ensure that finance costs have been capitalised or not capitalised on a
consistent basis, and costs capitalised in period do not exceed total finance costs for period.
Disposal
These tests are to confirm rights and Obligations, completeness, occurrence and accuracy.
- Verify disposals with supporting documentation, checking transfer of title, sales price and
dates of completion and payment.
- Recalculate profit or loss on disposal.
- Check that disposals have been authorised by reviewing boards minutes.
- Consider whether proceeds are reasonable.
- If the asset was used as security, ensure release from security has been correctly made.
Classification and understandability

- Review non-current asset disclosures in the financial statements to ensure they meet IAS 16
criteria.
- For a sample of fully depreciated assets, inspect the register to ensure no further depreciation
is charged.
- Inspect draft accounts to ensure that depreciation policies and rates are correctly disclosed
AUDIT PROCEDURE FOR INTANGIBLE NON-CURRENT ASSETS

Key assertions for intangible non-current assets are existence and valuation.
The key assertions relating to intangible are existence (not so much ‘do they exist?’, but, are they
genuinely assets?) and valuation.
AUDIT PLAN
Goodwill
- Agree the consideration to sales agreement by inspection.
- Consider whether asset valuation is reasonable.
- Agree that the calculation is correct by recalculation.
- Review the impairment review and discuss with management.
- Ensure valuation of goodwill is reasonable/there has been no impairment not adjusted
through discussion with management.
www.mdarasa.com
+254708068851

mDarasa Resources
Research and development costs

- Confirm that capitalised development costs conform to IAS 38 criteria by inspecting details
of projects and discussions with technical managers.
- Confirm feasibility and viability by inspection of budgets.
- Recalculate amortisation calculation, to ensure it commences with production/is reasonable.
- Inspect invoices to verify expenditure incurred on R&D projects.
Other intangible assets

- Agree purchased intangibles to purchase documentation agreement by inspection.
- Inspect specialist valuation of intangibles and ensure it is reasonable.
- Review amortisation calculations and ensure they are correct by recalculation.
AUDIT OF RECEIVABLES
Receivables are usually audited using a combination of tests of detail and analytical procedures.
The audit of receivables is important as this is likely to be a material area. A combination of
analytical
procedures and tests of detail are used, with sales also being tested in conjunction with trade
receivables.
The following assertions apply:
Assertions about classes of transactions

- Occurrence: All sales transactions recorded have occurred and relate to the entity
- Completeness: All sales transactions that should have been recorded have been recorded
- Accuracy: Amounts relating to transactions have been recorded appropriately
- Cut-off: All transactions have been recorded in the correct period
- Classification: All transactions are recorded properly
Assertions about account balances at the period-end

- Existence: Recorded receivables exist
- Rights and obligations: The entity controls the rights to receivables and related accounts
- Completeness: All receivables that should have been recorded have been recorded
- Valuation and allocation: Receivables are included in the accounts at the correct amounts
Assertions about presentation and discosure

- Occurrence, rights and obligations: All disclosed events and transactions relating to
receivables have occurred and pertain to the entity
- Completeness: All disclosures required have been included
www.mdarasa.com
+254708068851

mDarasa Resources
- classification and understandability: Financial information is appropriately presented and
described and I disclosures clearly expressed
- Accuracy and valuation: Financial and other information is disclosed fairly and at appropriate
amounts
Audit procedures for receivables

Existence, completeness and valuation are key assertions relating to the audit of receivables.
Audit procedures for receivables are set out in the table below. This covers the audit of sales and
prepayments as well as trade receivables. Receivables are often tested in conjunction with sales.
The key assertions for sales are occurrence, completeness and accuracy.
Completeness
- Agree the balance from the individual sales ledger accounts to the aged receivables' listing
and vice versa.
- Match the total of the aged receivables' listing to the sales ledger control account.
- Cast and cross cast the aged trial balance before selecting any samples to test.
- Trace a sample of shipping documentation to sales invoices and into the sales and
receivables' ledger.
- Complete the disclosure checklist to ensure that all the disclosures relevant to receivables
have been made.
- Compare the gross profit percent by product line with the previous year and industry data.
- Compare the level of prepayments to the previous year to ensure the figure is materially
correct and complete.
Existence
- Perform a receivables' circularisation on a sample of year-end trade receivables
- Follow up all balance disagreements and non-replies to the receivables' confirmation,
- Perform alternative procedures for any exceptions and non-replies to the receivables'
confirmation, such as:
- Review after-date cash receipts by inspecting bank statements and cash receipts
documentation.
- Examine the customer's account and customer correspondence to assess whether the balance
outstanding represents specific invoices and confirm their validity.
- Examine the underlying documentation (purchase order, dispatch documentation, duplicate
sales invoice etc).
- Inquire from management explanations for invoices remaining unpaid after subsequent ones
have been paid.
- Observe whether the balance on the account is growing and if so, find out why by discussing
with management.
www.mdarasa.com
+254708068851

mDarasa Resources

- Review bank confirmation for any liens on receivables.
- Make inquiries of management, review loan agreements and review board minutes for any
evidence of receivables being sold (e.g. to factors).
Valuation and allocation

- Compare receivables' turnover and receivables' days to the previous year and/or to industry
data.
- Compare the aged analysis of receivables from the aged trial balance
- Review the adequacy of the allowance for uncollectable accounts through discussion with
management.
- Compare the bad debt expense as a percent of sales to the previously and/or to industry data
- Compare the allowance for uncollectable accounts as a percent of receivables or credit sales
to the previous year and/or to industry
- Examine large customer accounts individually and compare to the previous year's balances.
- For a sample of old debts on the aged trial balance, obtain further information regarding their
recoverability by discussions with management and review of customer correspondence.
- For a sample of prepayments from the prepayments' listing, recalculate the amount prepaid to
ensure that it has been accrual calculated.
Cut off
- For a sample of sales invoices around the year-end, inspect the dates and compare with the
dates of dispatch and the dates recorded in ledger for application of correct cut-off.
- For sales returns, select a sample of returns documentation around the year-end and trace to
the related credit entries.
- Perform analytical procedures on sales returns, comparing the ratio of sales returns to sales.
- Review material after-date invoices, credit notes and adjustments' ensure that they are
recorded correctly in the relevant financial period
Classification
Take a sample of sales invoices and examine for proper classification into revenue accounts
Accuracy
- For a sample of sales invoices, compare the prices and terms to the authorised price list and
terms of trade documentation
- Test whether discounts have been properly applied by recalculating them for a sample of
invoices
- Test the correct calculation of tax on a sample of invoices
www.mdarasa.com
+254708068851

mDarasa Resources
Occurrence
For a sample of sales transactions recorded in the ledger, vouch the sales invoice back to
customer orders and dispatch documentation.
Occurrence and rights and obligations

Determine, through discussion with management, whether any receivables have been pledged,
assigned or discounted and whether such items require disclosure in the financial statements.

- Review the aged analysis of receivables for any large credits, non trade receivables and long-
term receivables and consider whether such items require separate disclosure.
- Read the disclosure notes relevant to receivables in the draft finance' statements and review
for understandability
Accuracy and valuation

Read the disclosure notes to ensure the information is accurate and properly presented at the
appropriate amounts.
THE RECEIVABLES CONFIRMATION

A confirmation of receivables is a major procedure, usually achieved by direct contact with
customers.
Receivables are usually audited using a combination of tests of detail and analytical procedures.
Existence, completeness and valuation are key assertions relating to the audit of receivables.
A confirmation of receivables is a major procedure, usually achieved by direct contact with
customer.
There are two methods of confirmation: positive and negative.
Objectives of confirmation
Part of ISA 505 External Confirmation states that, when it is reasonable to expect customers to
respond, the auditors should ordinarily plan to obtain direct confirmation of receivables to
individual entries in an account balance.
The verification of trade receivables by direct confirmation is therefore the normal means of
providing audit evidence to satisfy the objective of checking whether customers exist and owe
bona fide amounts to the company (existence and rights and obligations).
Confirmation will produce for the current audit file a written statement from each respondent that
the
amount owed at the date of the confirmation is correct. This is, prima facie, reliable audit
evidence, being from an independent source and in documentary form. The confirmation of
www.mdarasa.com
+254708068851

mDarasa Resources
receivables on a test basis should not be regarded as replacing other normal audit tests, such as
the testing in-depth of sales transactions, but the results may influence the scope of such tests.
Timing of confirmation
Ideally the confirmation should take place immediately after the year-end and hence cover the
year-end balances to be included in the balance sheet. However, time constraints may make it
impossible to achieve this ideal.
In these circumstances it may be acceptable to carry out the confirmation prior to the year-end
provided that confirmation is no more than three months before the year-end and internal
controls are strong.
Client's mandate
Confirmation is essentially an act of the client, who alone can authorise third parties to divulge
information to the auditors.
The ISA outlines what the auditors' response should be when management refuses permission for
the
auditors to contact third parties for evidence. Note that this applies to all such external
confirmations, not just trade receivables' circularisations.
If management asks the auditor not to seek the confirmation, the auditor should consider if there
are valid grounds for the request and obtain evidence to support this. If the auditor agrees not to
seek external confirmations, other procedures should be carried out to obtain sufficient
appropriate audit evidence. If the auditor does not accept the validity of management's request
and is prevented from undertaking the confirmations, this may impact on the auditor's report.
Positive v negative confirmation

When confirmation is undertaken the method of requesting information from the customer may
be either positive or negative.
Under the positive method the customer is requested to confirm the accuracy of the balance
shown or state in what respect he is in disagreement.
Under the negative method the customer is requested to reply only if the amount stated is
disputed.
The positive method is generally preferable as it is designed to encourage definite replies from
those
contacted.
www.mdarasa.com
+254708068851

mDarasa Resources
The negative method may be used if the client has good internal controls, with a large number of
small accounts. In some circumstances, say where there are a small number of large accounts and
a large number of small accounts, a combination of both methods may be appropriate.
The statements will normally be prepared by the client's staff, from which point the auditors, as a
safeguard against the possibility of fraudulent manipulation, must maintain strict control over the
preparation and dispatch of the statements.
Sample Selection
Auditors will normally only contact a sample of accounts receivable. If this sample is to yield a
meaningful result, it must be based upon a complete list of all accounts receivable. In addition,
when constructing the sample, the following classes of account should receive special attention:
- Old unpaid accounts
- Accounts written off during the period under review
- Accounts with credit balances
- Accounts settled by round sum payments
- Accounts with nil balances
- Accounts which have been paid by the date of the examination
Follow-up procedures
Auditors will have to carry out further work in relation to those receivable who:
- Positive and negative confirmation - Disagree with the balance stated
- Negative confirmation – Do not respond
In the case of disagreements, the customer response should have identified specific amounts
which are
disputed
Reasons for disagreement

- There is a dispute between the client and the customer. The reasons for the dispute would
have to be identified, and provision made if appropriate against the debt.
- Cut-off problems exist, because the client records the following year's sales in the current
year or because goods returned by the customer in the current year are not recorded in the
current year. Cut-off testing may have to be extended.
- The customer may have sent the monies before the year-end, but the monies were not
recorded by the client as receipts until after the year-end. Detailed cut-off work may be
required on receipts.
- Monies received may have been posted to the wrong account or a cash-in-transit account.
Auditors should check if there is evidence of other mis-posting. If the monies have been
www.mdarasa.com
+254708068851

mDarasa Resources
posted to a cash-in-transit account, auditors should ensure this account has been cleared
promptly.
- Customers who are also suppliers may net-off balances owed and owing. Auditors should
check that this is allowed.
- Teeming and lading, stealing monies and incorrectly posting other receipts so that no
particular customer is seriously in debt is a fraud that can arise in this area. If auditors suspect
teeming and lading has occurred, detailed testing will be required on cash receipts,
particularly on prompt posting of cash receipts.
When the positive confirmation method is used the auditors must follow up by all practicable
means those receivables who fail to respond. Second requests should be sent out in the event of
no reply being received within two or three weeks and if necessary this may be followed by
telephoning the customer, with the client's permission.
After two, or even three, attempts to obtain confirmation, a list of the outstanding items will
normally be passed to a responsible company official, preferably independent of the sales
accounting department, who will arrange for them to be investigated
The receivables' confirmation provides good audit evidence of the existence of receivables, but
not
necessarily of their valuation. Therefore, in a question on the audit of receivables, remember to
include other audit procedures such as analytical procedures.
AUDIT OF CASH AND BANK

'Cash' in the financial statements represents cash in-hand and cash on deposit in bank accounts.
Most
accounting transactions pass through the cash account so cash is affected by all of the entity's
business
processes, and is particularly impacted by the sales and purchases processes. We consider the
substantive audit testing applied to the year-end cash figure.
Audit objectives for cash

The following table demonstrates the audit objectives for cash balances and how these are related
to the financial statement assertions relevant to this account area. The audit procedures described
in the
remainder of this chapter are undertaken to provide audit evidence to support these financial
statement
assertions.
Financial statement assertion and the Audit objective
www.mdarasa.com
+254708068851

mDarasa Resources
Existence: Recorded cash balances exist at the period-end
Completeness: Recorded cash balances include the effects of all transactions that have occurred
Rights and obligations:The entity has legal title to all cash balances shown at the period-end
Valuation: Recorded cash balances are realisable at the amounts stated
Assertions relating to presentation and disclosure (classification and understandability,
occurrence and rights and obligations, accuracy and valuation, completeness) - Disclosures
relating to cash are adequate and in accordance with accounting standards and legislation
BANK
Bank balances are usually confirmed directly with the bank in question.
Bank confirmation procedures

The audit of bank balances will need to cover completeness, existence, rights and obligations and
valuation. All of these assertions can be audited directly by obtaining third party confirmations
from the client's banks and reconciling these with the accounting records, having regard to cut-
off.
The audit objectives linking these assertions are as follows:

- existence:Recorded cash balances exist at the year-end
- completeness: Recorded cash balances include the effects of all transactions that occurred
- cut-off: Year-end transfers are recorded in the correct period
- valuation and allocation: Recorded balances are realisable at the amounts stated
- rights and obligations: The entity has legal title to all cash balance shown at the year-end
This type of audit evidence is valuable because it comes directly from an independent source
and, therefore, provides greater assurance of reliability than that obtained solely from the client's
own records.
The bank letter is mentioned as a source of external third party evidence in ISA 505 External
confirmations, and guidance to auditors is provided in IAPS 1000 Inter-bank confirmation
procedures.
Confirmation requests
The bank confirmation letter can be used to ask a variety of questions, including queries about
outstanding interests, contingent liabilities and guarantees.
The auditors should decide from which bank or banks to request confirmation, having regard to
such
matters as size of balance, volume of activity, degree of reliance on internal control, and
materiality
within the context of the financial statements.
The auditors should determine which of the following approaches is the most appropriate in
seeking
confirmation of balances or other information from the bank:
www.mdarasa.com
+254708068851

mDarasa Resources
- Listing balances and other information, and requesting confirmation of their accuracy and
completeness, or
- Requesting details of balances and other information, which can then be compared with the
requesting client's records
In determining which of the above approaches is the most appropriate, the auditors should weigh
the
quality of audit evidence they require in the particular circumstances against the practicality of
obtaining a reply from the confirming bank.
Difficulty may be encountered in obtaining a satisfactory response even where the client
company submits information for confirmation to the confirming bank. It is important that a
response is sought for all confirmation requests. Auditors should not usually request a response
only if the information submitted is incorrect or incomplete.
Preparation and dispatch of requests and receipt of replies

Control over the content and dispatch of confirmation requests is the responsibility of the
auditors.
However, it will be necessary for the request to be authorised by the client entity. Replies should
be
returned directly to the auditors and to facilitate such a reply, a pre-addressed envelope should be
enclosed with the request.
Content of confirmation requests

The form and content of a confirmation request letter will depend on the purpose for which it is
required and on local practices.
The most commonly requested information is in respect of balances due to or from the client
entity on
current, deposit, loan and other accounts. The request letter should provide the account
description
number and the type of currency for the account.
It may also be advisable to request information about nil balances on accounts, and accounts
which were closed in the 12 months prior to the chosen confirmation date. The client entity may
ask for confirmation not only of the balances on accounts but also, where it may be helpful, other
information, such as the maturity and interest terms on loans and overdrafts, unused facilities,
lines of credit/standby facilities, any offset or other rights or encumbrances, and details of any
collateral given or received.
The client entity and its auditors are likely to request confirmation of contingent liabilities, such
as those arising on guarantees, comfort letter, bills and so on.
www.mdarasa.com
+254708068851

mDarasa Resources
Banks often hold securities and other items in safe custody on behalf of customers. A request
letter may thus ask for confirmation of such items held by the bank.
The procedure is simple but important, and outlined below.
a) The banks will require explicit written authority from their client to disclose the information
requested.
b) The auditors' request must refer to the client's letter of authority and the date thereof.
c) Alternatively it may be countersigned by the client or it may be accompanied by a specific
letter of
authority.
d) In the case of joint accounts, letters to authority signed by all parties will be necessary.
e) Such letters of authority may either give permission to the bank to disclose information for a
specific request or grant permission for an indeterminate length of time.
f) The request should reach the branch manager at least one month in advance of the client's
year-
g) The auditors should themselves check that the bank response covers all the information in the
standard and other responses.
Cut-off
Care must be taken to ensure that there is no window dressing, by auditing cut-off carefully.
Window
dressing in this context is usually manifested as an attempt to overstate the liquidity of the
company by:
a) Keeping the cash book open to take credit for remittances actually received after the year-
end,
thus enhancing the balance at bank and reducing receivables
b) Recording cheques paid in the period under review which are not actually dispatched until
after the year-end, thus decreasing the balance at bank and reducing liabilities
A combination of (a) and (b) can contrive to present an artificially healthy looking current
ratio.
With the possibility of (a) above in mind, where lodgments have not been cleared by the bank
until the new period, the auditors should examine the paying-in slip to ensure that the amounts
were actually paid into the bank on or before the period-end date.
As regards (b) above, where there appears to be a particularly large number of outstanding
cheques at
the year-end, the auditors should check whether these were cleared within a reasonable time in
the new period. If not, this may indicate that dispatch occurred after the year-end.
Audit plan for bank

www.mdarasa.com
+254708068851

mDarasa Resources
AUDIT PLAN: BANK

(To confirm completeness, valuation, existence, cut-off and assertions related to disclosure)
- Obtain standard bank confirmations from each bank with which the client conducted business
during the audit period.
- Reperform arithmetic of bank reconciliation.
- Trace cheques shown as outstanding from the bank reconciliation to the cash book prior to
the year- end and to the after-date bank statements and obtain explanations for any large or
unusual items not cleared at the time of the audit.
- Compare cash book(s) and bank statements in detail for the last month of the year, and check
items outstanding at the reconciliation date to bank statements.
- Review bank reconciliation previous to the year-end bank reconciliation and check that all
items are cleared in the last period or taken forward to the year-end bank reconciliation.
- Obtain satisfactory explanations for all items in the cash book for which there are no
corresponding entries in the bank statement and vice versa by discussion with finance staff.
- Verify contra items appearing in the cash books or bank statements with original entry.
- Verify by inspecting paying-in slips that unclearedbankings are paid in prior to the year-end.
- Examine all lodgments in respect of which payment has been refused by the bank; ensure
that they are cleared on representation or that other appropriate steps have been taken to
effect recovery of the amount cue.
- Verify balances per the cash book according to the bank reconciliation by inspecting cash
book, bank statements and general ledger.
- Verify the bank balances with reply to standard bank letter and with the bank statements.
- Inspect the cash book and bank statements before and after the year-end for exceptional
entries or
transfers which have a material effect on the balance shown to be in-hand.
- Identify whether any accounts are secured on the assets of the company by discussion with
management.
- Consider whether there is a legal right of set-off of overdrafts against positive bank balances.
- Determine whether the bank accounts are subject to any restrictions by inquiries with
management.
- Review draft accounts to ensure that disclosures for bank are complete and accurate and in
accordance with accounting standards.
Remember that the bank confirmation letter contains the balance held by the client at the bank
per the
bank's records. This must be reconciled to the balance held with the bank per the client's records.
CASH
Cash balances should be verified if they are material or irregularities are suspected.
www.mdarasa.com
+254708068851

mDarasa Resources
Cash balances/floats are often individually immaterial but they may require some audit emphasis
because of the opportunities for fraud that could exist where internal control is weak and because
they may be material in total.
However in enterprises such as hotels and retail organisations, the amount of cash-in-hand at the
period- end could be considerable. Cash counts may be important for internal auditors, who have
a role in fraud prevention.
Auditors will be concerned that the cash exists, is complete, and belongs to the company (rights
and
obligations) and is stated at the correct value.
Where the auditors determine that cash balances are potentially material they may conduct a cash
count, ideally at the period-end. Rather like attendance at an inventory count, the conduct of the
count falls into three phases: planning, the count itself, and follow-up procedures.
Planning the cash count

Planning is an essential element, as it is important that all cash balances are counted at the same
time as far as possible. Cash in this context may include unbanked cheques received, IOUs and
credit card slips, in addition to notes and coins.
As part of their planning procedures the auditors will need to determine the locations where cash
is held and which of these locations warrant a count.
Planning decisions will need to be recorded on the current audit file including:
- The precise time of the count(s) and location(s)
- The names of the audit staff conducting the counts
- The names of the client staff intending to be present at each location
- Where a location is not visited it may be appropriate to obtain a letter from the client
confirming the balance.
Cash count
The following matters apply to the count itself.
- All cash/petty cash books should be written up to date in ink (or other permanent form) at the
time
of the count.
- All balances must be counted at the same time.
- All negotiable securities must be available and counted at the time the cash balances are
counted.
- At no time should the auditors be left alone with the cash and negotiable securities.
- All cash and securities counted must be recorded on working papers subsequently filed on
the
www.mdarasa.com
+254708068851

mDarasa Resources
current audit file. Reconciliations should be prepared where applicable (for example, imprest
petty cash float).
AUDIT PLAN: CASH COUNT

(To confirm completeness, valuation, existence and disclosure)
- Count cash balances held and agree to petty cash book or other record:
• Count all balances simultaneously

• All counting to be done in the presence of the individuals responsible
• Enquire into any IOUs or cashed cheques outstanding for a long period of time
- Obtain certificates of cash-in-hand from responsible officials.
- Confirm that bank and cash balances as reconciled above are correctly stated in the accounts.
Follow up
- Check certificates of cash-in-hand are obtained as appropriate.
- Verify unbanked cheques/cash receipts have subsequently been paid in and agree to the bank
reconciliation by inspection of the relevant documentation.
- Ensure IOUs and cheques cashed for employees have been reimbursed.
- Check IOUs or cashed cheques outstanding for unreasonable periods of time have been
providedfor.
- Verify the balances as counted are reflected in the accounts (subject to any agreed
amendments because of shortages and so on) by inspection of draft accounts.
Bank balances are usually confirmed directly with the bank in question.
The bank confirmation letter can be used to ask a variety of questions, including queries about
outstanding interests, contingent liabilities and guarantees.
Cash balances should be verified if they are material or irregularities are suspected.
AUDIT OF LIABILITIES AND CAPITAL

AUDIT PROCEDURES FOR TRADE PAYABLES AND PURCHASES
Introduction
When auditing payables, the auditor must test for understatement (i.e. completeness). Rather than
circularising payables, it is more common to obtain audit evidence from suppliers' statements.
The audit of provisions can be particularly complex due to the accounting treatment and the
degree of judgement involved in calculating the provision.
www.mdarasa.com
+254708068851

mDarasa Resources
We examine the substantive audit of trade payables and accruals, long-term liabilities and
provisions and end with a brief look at capital. Purchases are often tested in conjunction with the
audit of trade payables and so are included in the section on trade payables. The following sets
out the
financial statement assertions to which audit testing is directed.
Assertions about classes of transactions

- Occurrence: All purchase transactions recorded have occurred and relate to the entity
- Completeness: All purchase transactions that should have been recorded have been recorded
- Accuracy: Amounts relating to transactions have been recorded appropriately
- Cut-off: Purchase transactions have been recorded in the correct period
- Classification: Purchase transactions are recorded properly in the accounts
Assertions about period –end account balances

- Existence: Trade payables and accrued expenses are valid liabilities
- Rights and obligations: Trade payables and accrued expenses are the obligations of the
entity
- Completeness: All liabilities have been recorded
- Valuation and allocation: All liabilities are included in the accounts at appropriate amounts
Assertion about presentation and disclosure

- Occurrence and rights and obligations: Occurred and relate to the entity
- Completeness: All disclosures required have been included
- Classification and understandability: Financial information is appropriately presented and
described and disclosures clearly expressed
- Accuracy and valuation: Financial information is disclosed fairly and at appropriate amounts
Audit procedures for trade payables and accruals

The largest figure in current liabilities will normally be trade accounts payable which are
generally
audited by comparison of supplier’s statements with purchase ledger accounts.
AUDIT PROCEDURES
As with accounts receivable, accounts payable are likely to be a material figure in the statement
of financial position of most enterprises.
Auditors should however be particularly aware, when conducting their work on the statement of
financial position, of the possibility of understatement of liabilities to improve liquidity and
profit (by understating the corresponding purchases). The primary objective of their work will
therefore be to ascertain whether liabilities existing at the year-end have been completely and
accurately recorded.
www.mdarasa.com
+254708068851

mDarasa Resources
As regards trade accounts payable, this primary objective can be subdivided into two detailed
objectives is there a satisfactory cut-off between goods received and invoices received, so that
purchases and trade accounts payable are recognised in the correct year?
Do trade accounts payable represent the bona fide amounts due by the company?
Before we ascertain how the auditors design and conduct their tests with these objectives in
mind, we need to establish the importance of the list of balances.
The following table sets out audit procedures to test trade accounts payables and accruals.
AUDIT PLAN -ACCRUALS

Completeness
 Obtain a listing of trade accounts payables and agree the total to the general ledger by casting
and cross casting.
 Test for unrecorded liabilities by inquiries of management on how unrecorded liabilities and
accruals are identified and examining post year-end transactions.
 Obtain selected suppliers' statements and reconcile these to the relevant suppliers' accounts
 Examine files of unmatched purchase orders and supplier invoices for any unrecorded
liabilities.
 Perform a confirmation of accounts payables for a sample
 Complete the disclosure checklist to ensure that all the disclosures relevant to liabilities have
been made.
 Compare the current year balances for trade accounts payables and accruals to the previous
year.
 Compare the amounts owed to a sample of individual suppliers in the trade accounts payables
listing to amounts owed to these suppliers in the previous year.
 Compare the payables' turnover and payables' days to the previous year and industry data.
Existence
 Vouch selected amounts from the trade accounts payables listing and accruals listing to
supporting documentation such as purchase orders and suppliers' invoices.
 Obtain selected suppliers' statements and reconcile these to the relevant suppliers' accounts.
 Perform a confirmation of accounts payables for a sample.
 Perform analytical procedures comparing current year balances to the previous year to
confirm reasonableness, and also calculating payables' turnover and comparing to the
previous year.
www.mdarasa.com
+254708068851

mDarasa Resources
Vouch a sample of balances to supporting documentation such as purchase orders and suppliers'
invoices to obtain audit evidence regarding rights and obligations.
Valuation and allocation

 Trace selected samples from the trade accounts payables listing and accruals listing to the
supporting documentation (purchase orders, minutes authorising expenditure, suppliers'
invoices etc).
 Obtain selected suppliers' statements and reconcile these to the relevant suppliers' accounts.
 For a sample of accruals, recalculate the amount of the accrual to ensure the amount accrued
is correct.
 Compare the current year balances for trade accounts payables and accruals to the previous
year.
 Compare the amounts owed to a sample of individual suppliers in the trade accounts payables
listing to amounts owed to these suppliers in the previous year.
 Compare the payables' turnover and payables' days to the previous year and industry data.
Cut-off
 For a sample of vouchers, compare the dates with the dates they were recorded in the ledger
for application of correct cut-off.
 Test transactions around the year-end to determine whether amounts have been recognised in
the correct financial period.
 Perform analytical procedures on purchase returns, comparing the purchase returns as a % of
sales or cost of sales to the previous year.
Accuracy
Recalculate the mathematical accuracy of a sample of suppliers' invoices to confirm the amounts
are correct.
Occurrence
For a sample of vouchers, inspect supporting documentation such as authorised purchase orders.

• Review the trade accounts payables listing to identify any large debits (which should be
reclassified as receivables or deposits) or long-term liabilities which should be disclosed
separately.
• Read the disclosure notes relevant to liabilities in the draft financial statements and review
for understandability.
Accuracy and valuation

www.mdarasa.com
+254708068851

mDarasa Resources
Read the disclosure notes to ensure the information is accurate and properly presented at the
appropriate amounts.
CONFIRMATION OF TRADE PAYABLES

It is also possible to undertake confirmation of trade payables, although this is not used a great
deal in practice because the auditor can test trade payables by examining reliable, independent
evidence in the form of suppliers' invoices and suppliers' statements. However, where an entity's
internal controls are weak, suppliers' statements may not be available and in this situation, it may
be relevant to undertake confirmation procedures. Confirmation of trade payables provides
evidence primarily for the completeness assertion.
Where the entity has strong controls in place to ensure that all liabilities are recorded, the
confirmation will focus on large balances.
Where the auditor is concerned about the presence of unrecorded liabilities, regular suppliers
with smallor zero balances on their accounts and a sample of other accounts will be confirmed as
well as large balances.
Auditors use a positive confirmation referred to as a blank or zero-balance confirmation. This
confirmation does not state the balance owed but requires the supplier to declare the amount
owed at the year-end and to provide a detailed statement of the account. When the confirmation
is received back, the amount must be reconciled with the entity's records.
The selection and sending out of accounts payables' confirmations should be controlled using the
same procedures as for the receivables' confirmation that we discussed previously.
Reconciliations of accounts payables with suppliers' statements

Many suppliers provide monthly statements to their customers. These may therefore be available
in the entity for examination. Because they are a source of documentary evidence originating
outside of the entity, they are a reliable source of evidence to support suppliers' balances and
provide evidence as to the existence, completeness and valuation of balances.
Having said this, auditors do still need to be cautious when using them as they may have been
tampered with by the entity. The auditor should not rely on photocopies or faxed statements. If
there is any doubt, the auditor should request a copy directly from the supplier or confirm the
balance with the supplier (see above).
When selecting accounts for testing, the auditor should consider the volume of business during
the year, not the balance outstanding at the year-end, because the risk is understatement of
balances. Most
differences between balances on suppliers' statements and the year-end accounts payables' listing
are
www.mdarasa.com
+254708068851

mDarasa Resources
likely to be due to goods and cash-in-transit and disputed amounts, however all differences need
to be
investigated thoroughly.
AUDIT OF NON-CURRENT LIABILITIES

Non-current liabilities are usually authorised by the board and should be well documented.
We are concerned here with non-current liabilities comprising debentures, loan inventory and
other loans repayable at a date more than one year after the year-end.
Auditors will primarily try and determine:
Completeness: whether all non-current liabilities have been disclosed
Accuracy: whether interest payable has been calculated correctly and included in the correct
accounting period
Classification and understandability: whether long-term loans and interest have been correctly
disclosed in the financial statements
The major complication for the auditors is that debenture and loan agreements frequently contain
conditions with which the company must comply, including restrictions on the company's total
borrowings and adherence with specific borrowing ratios.
Audit Plan of Non current Liabilities

- Obtain/prepare schedule of loans outstanding at the year-end date showing, for each loan:
name of lender, date of loan, maturity date, interest date, interest rate, balance at the end of
the period and security.
- Compare opening balances to previous year's papers.
- Test the clerical accuracy of the analysis.
- Compare balances to the general ledger.
- Agree name of lender etc, to register of debenture holders or equivalent (if kept).
- Trace additions and repayments to entries in the cash book.
- Confirm repayments 'are in accordance with loan agreement.
- Examine cancelled cheques and memoranda of satisfaction for loans repaid.
- Verify that borrowing limits imposed by agreements are not exceeded.
- Examine signed Board minutes relating to new borrowings/repayments.
- Obtain direct confirmation from lenders of the amounts outstanding, accrued interest and
what security they hold.
- Verify interest charged for the period and the adequacy of accrued interest.
www.mdarasa.com
+254708068851

mDarasa Resources
- Confirm assets charged have been entered in the register of charges and notified to the
Registrar.
- Review restrictive covenants and provisions relating to default:
 Review any correspondence relating to the loan

 Review confirmation replies for non-compliance
 If a default appears to exist, determine its effect, and schedule findings
- Review minutes, cash book to confirm that all loans have been recorded.
- Review draft accounts to ensure that disclosures for non-current liabilities are correct and in
accordance with accounting standards. Any elements repayable within one year should be
classified under current liabilities.
AUDIT PROCEDURE OF PROVISIONS AND CONTINGENCIES

AUDIT OF CONTINGENCIES
The accounting treatments for provisions and contingenciesare complex and involve judgement
and this can make them difficult to audit.
Accounting issues
Key terms
A provision is a liability of uncertain timing or amount.
A liability is a present obligation of the entity arising from past events, the settlement of which is
expected to result in an outflow from the entity of resources embodying economic benefits.
An obligating event is an event that creates a legal or constructive obligation that results in an
entity having no realistic alternative to settling that obligation.
A legal obligation is an obligation that derives from:

a) A contract (through its explicit or implicit terms),
b) Legislation, or
c) Other operation of law
A constructive obligation is an obligation that derives from an entity's actions where:
a) By an established pattern of past practice, published policies or a sufficiently specific current
statement, the entity has indicated to other parties that it will accept certain responsibilities,
and
b) As a result, the entity has created a valid expectation on the part of those other parties that it
will
discharge those responsibilities.
A contingent liability is:
www.mdarasa.com
+254708068851

mDarasa Resources
a) A possible obligation that arises from past events and whose existence will be confirmed
only by
the occurrence or non-occurrence of one or more uncertain future events not wholly within
the
control of the entity, or
b) A present obligation that arises from past events but is not recognised because:
i) It is not probable that an outflow of resources embodying economic benefits will be
required to settle the obligation, or
ii) The amount of the obligation cannot be measured with sufficient reliability.
A contingent asset is a possible asset that arises from past events and whose existence will be
confirmed only by the occurrence or non-occurrence of one or more uncertain future events not
wholly within the control of the entity.
Under IAS 37 Provisions, contingent liabilities and contingent assets, an entity should not
recognise a
contingent asset or a contingent liability. However if it becomes probable that an outflow of
future
economic benefits will be required for a previous contingent liability, a provision should be
recognised.
A contingent asset should not be accounted for unless its realisation is virtually certain; if an
inflow of
economic benefits has become probable, the asset should be disclosed.
Examples of the principal types of contingencies disclosed by companies are:
- Guarantees (for group companies, of staff pension schemes, of completion of contracts)
- Discounted bills of exchange
- Uncalled liabilities on shares or loan inventory
- Lawsuits or claims pending
- Options to purchase assets
Obtaining audit evidence of contingencies

Part of ISA 501 Audit evidence - additional considerations for specific items, covers
contingencies relatingto litigation and legal claims, which will represent the major part of
audit work on contingencies. Litigation and claims involving the entity may have a material
effect on the financial statements, and so will require adjustment to/disclosure in those
financial statements.
The auditor should carry out procedures in order to become aware of any litigation and
claims involving the entity which may have a material effect on the financial statements.
Such procedures would include the following.
www.mdarasa.com
+254708068851

mDarasa Resources
 Make appropriate inquiries of management including obtaining written

representations.
 Review board minutes and correspondence with the entity's lawyers.
 Examine legal expense accounts.
 Use any information obtained regarding the entity's business including information
obtained from discussions with any in-house legal department
When litigation or claims have been identified or when the auditor believes they may exist,
the auditor
should seek direct communication with the entity's lawyers. This will help to obtain
sufficient appropriate audit evidence as to whether potential material litigation and claims
are known and management's estimates of the financial implications, including costs, are
reliable.
The ISA discusses the form the letter to the entity's lawyer should take. 'The letter, which should
be
prepared by management and sent by the auditor, should request the lawyer to communicate
directly with the auditor.
If it is thought unlikely that the lawyer will respond to a general enquiry, the letter should specify
the
following.
(a) A list of litigation and claims
(b) Management's assessment of the outcome of the litigation or claim and its estimate
of the
financial implications, including costs involved
(c) A request that the lawyer confirms the reasonableness of management's assessments
and
provides the auditor with further information if the list is considered by the lawyer
to be incomplete or incorrect
The auditors must consider these matters up to the date of their report and so a further, updating
letter
may be necessary.
A meeting between the auditors and the lawyer may be required, for example where a complex
matter
arises, or where there is a disagreement between management and the lawyer. Such meetings
should take place only with the permission of management, and preferably with a management
representative present.
If management refuses to give the auditor permission to communicate with the lawyers; this may
have an impact on the audit opinion.
www.mdarasa.com
+254708068851

mDarasa Resources
AUDIT OF PROVISIONS
The following audit plan can be used in the audit of provisions.
Audit plan of Provisions/contingents

Obtain details of all provisions which have been included in the accounts and all contingencies
that
have been disclosed.
Obtain a detailed analysis of all provisions showing opening balances, movements and closing
balances.
Determine for each material provision whether the company has a present obligation as a result
of
past events by:
- Review of correspondence relating to the item
- Discussion with the directors. Have they created a valid expectation in other parties that they
will discharge the obligation?
- Determine for each material provision whether it is probable that a transfer of economic
benefits will be required to settle the obligation by:
- Checking whether any payments have been made in the post year-end period in respect of the
item by reviewing after-date cash
- Review of correspondence with solicitors, banks, customers, insurance company and
suppliers
both pre and post year-end
- Sending a letter to the solicitor to obtain his views (where relevant)
- Discussing the position of similar past provisions with the directors. Were these provisions
eventually settled?
- Considering the likelihood of reimbursement
- Recalculate all provisions made.
- Compare the amount provided with any post year-end payments and with any amount paid in
the past for similar items.
- In the event that it is not possible to estimate the amount of the provision, check that a
contingent
liability is disclosed in the accounts.
- Consider the nature of the client's business. Would you expect to see any other provisions eg
warranties? Consider the adequacy of disclosure of provisions, contingent assets and
contingent liabilities in accordance with IAS 37.
Capital and other issues

The main concern with share capital and reserves is that the company has complied with the law.
www.mdarasa.com
+254708068851

mDarasa Resources
The issued share capital as stated in the accounts must be agreed in total with the share register.
An
examination of transfers on a test basis should be made in those cases where a company handles
its own registration work. Where the registration work is dealt with by independent registrars,
auditors will normally examine the reports submitted by them to the company, and obtain from
them at the year-end a certificate of the share capital in issue.
Auditors should check carefully whether clients have complied with local legislation about share
issues or purchase of own shares. Auditors should take particular care if there are any
movements in reserves that cannot be distributed, and should confirm that these movements are
valid.
Share equity capital:

Agree the authorised share capital with the statutory documents governing the company's
constitution.
Agree changes to authorised share capital with properly authorised resolutions.
Issue of Shares
Verify any issue of share capital or other changes during the year with general and board
minutes.
Ensure issue or change is within the terms of the constitution, and directors possess appropriate
authority to issue shares.
Confirm that cash or other consideration has been received or receivable{s) is included as cal/ed-
up share capital not paid.
Transfer of shares
Verify transfers of shares by reference to:
- Correspondence
- Completed and stamped transfer forms
- Cancelled share certificates
- Minutes of directors' meeting
Review the balances on shareholders' accounts in the register of members and the total list with
the amount of issued share capital in the general ledger.
Dividends
- Agree dividends paid and proposed to authority in minute books and check calculation with
total share capital issued to ascertain whether there are any outstanding or unclaimed
dividends.
- Agree dividend payments with documentary evidence (say, the returned dividend warrants).
- Check that dividends do not contravene the distribution provisions of the legislation.
www.mdarasa.com
+254708068851

mDarasa Resources
- Check that imputed tax has been accounted for to the taxation authorities and correctly
treated in the accounts.
Reserves
- Agree movements on reserves to supporting authority
- Ensure that movements on reserves do not contravene the legislation and the company’s
constitution
- Confirm that the company can distinguish distributable reserves from those that are non-
distributable
- Ensure appropriate disclosures of movements on reserves are made in the company’s
accounts by inspection of the financial statements.
Summary
The largest figure in current liabilities will normally be trade accounts payable which are
generally
audited by comparison of suppliers' statements with purchase ledger accounts.
Non-current liabilities are usually authorised by the board and should be well documented.
The accounting treatments for provisions and contingencies are complex and involve judgement
and this can make them difficult to audit.
The main concern with share capital and reserves is that the company has complied with the law
AUDIT OF INVENTORY
Inventory
If inventory is material to the financial statements, the auditor shall obtain sufficient appropriate
audit evidence regarding the existence and condition of inventory by:
a) Attendance at physical inventory counting, unless impracticable, to:
i) Evaluate management’s instructions and procedures for recording and controlling the
results of the entity’s physical inventory counting;
ii) Observe the performance of management’s count procedures;
iii) Inspect the inventory; and
iv) Perform test counts; and
b) Performing audit procedures over the entity’s final inventory records to determine whether
they accurately reflect actual inventory count results.
c) If physical inventory counting is conducted at a date other than the date of the financial
statements, the auditor shall, perform audit procedures to obtain audit evidence about
whether changes in inventory between the count date and the date of the financial statements
are properly recorded.
www.mdarasa.com
+254708068851

mDarasa Resources
d) If the auditor is unable to attend physical inventory counting due to unforeseen
circumstances, the auditor shall make or observe some physical counts on an alternative date,
and perform audit procedures on intervening transactions.
e) If attendance at physical inventory counting is impracticable, the auditor shall perform
alternative audit procedures to obtain sufficient appropriate audit evidence regarding the
existence and condition of inventory. If it is not possible to do so, the auditor shall modify
the opinion in the auditor’s report in accordance with ISA 705.
f) If inventory under the custody and control of a third party is material to the financial
statements, the auditor shall obtain sufficient appropriate audit evidence regarding the
existence and condition of that inventory by performing one or both of the following:
(a) Request confirmation from the third party as to the quantities and condition of inventory
held on behalf of the entity.
(b) Perform inspection or other audit procedures appropriate in the circumstances.
Attendance at Physical Inventory Counting

- Management ordinarily establishes procedures under which inventory is physically counted
at least once a year to serve as a basis for the preparation of the financial statements and, if
applicable, to ascertain the reliability of the entity’s perpetual inventory system.
- Attendance at physical inventory counting involves:
 Inspecting the inventory to ascertain its existence and evaluate its condition, and
performing test counts;
 Observing compliance with management’s instructions and the performance of
procedures for recording and controlling the results of the physical inventory count; and
 Obtaining audit evidence as to the reliability of management’s count procedures.
These procedures may serve as test of controls or substantive procedures depending on the
auditor’s risk assessment, planned approach and the specific procedures carried out.
Matters relevant in planning attendance at physical inventory counting or in designing and

performing audit procedures include, for example:
 The risks of material misstatement related to inventory.
 The nature of the internal control related to inventory.
 Whether adequate procedures are expected to be established and proper instructions
issued for physical inventory counting.
 The timing of physical inventory counting.
 Whether the entity maintains a perpetual inventory system.
 The locations at which inventory is held, including the materiality of the inventory and
the risks of material misstatement at different locations, in deciding at which locations
attendance is appropriate. ISA 600deals with the involvement of other auditors and
www.mdarasa.com
+254708068851

mDarasa Resources
accordingly may be relevant if such involvement is with regard to attendance of physical
inventory counting at a remote location.
Evaluate Management’s Instructions and Procedures

Matters relevant in evaluating management’s instructions and procedures for recording and
controlling the physical inventory counting include whether they address, for example:
 The application of appropriate control activities, for example, collection of used physical
inventory count records, accounting for unused physical inventory count records, and count
and re-count procedures.
 The accurate identification of the stage of completion of work in progress, of slow moving,
obsolete or damaged items and of inventory owned by a third party, for example, on
consignment.
 The procedures used to estimate physical quantities, where applicable, such as may be
needed in estimating the physical quantity of a coal pile.
 Control over the movement of inventory between areas and the shipping and receipt of
inventory before and after the cutoff date.
Observe the Performance of Management’s Count Procedures

Observing the performance of management’s count procedures, for example, those relating to
control over the movement of inventory before, during and after the count, assists the auditor in
obtaining audit evidence that management’s instructions and count procedures are adequately
designed and implemented. In addition, the auditor may obtain copies of cutoff information, such
as details of the movement of inventory, to assist the auditor in performing audit procedures over
the accounting for such movements at a later date.
Inspect the Inventory

Inspecting inventory when attending physical inventory counting assists the auditor in
ascertaining the existence of the inventory (though not necessarily its ownership), and in
identifying, for example, obsolete, damaged or aging inventory.
Perform Test Counts

Performing test counts, for example, by tracing items selected from management’s count records
to the physical inventory and tracing items selected from the physical inventory to management’s
count records, provides audit evidence about the completeness and the accuracy of those records.
In addition to recording the auditor’s test counts, obtaining copies of management’s completed
physical inventory count records assists the auditor in performing subsequent audit procedures to
determine whether the entity’s final inventory records accurately reflect actual inventory count
results.
www.mdarasa.com
+254708068851

mDarasa Resources
Physical Inventory Counting Conducted Other than at the Date of the Financial Statements
- For practical reasons, the physical inventory counting may be conducted at a date, or dates,
other than the date of the financial statements. This may be done irrespective of whether
management determines inventory quantities by an annual physical inventory counting or
maintains a perpetual inventory system. In either case, the effectiveness of the design,
implementation and maintenance of controls over changes in inventory determines whether
the conduct of physical inventory counting at a date, or dates, other than the date of the
financial statements is appropriate for audit purposes. ISA 330 establishes requirements and
provides guidance on substantive procedures performed at an interim date.
- Where a perpetual inventory system is maintained, management may perform physical
counts or other tests to ascertain the reliability of inventory quantity information included in
the entity’s perpetual inventory records. In some cases, management or the auditor may
identify differences between the perpetual inventory records and actual physical inventory
quantities on hand; this may indicate that the controls over changes in inventory are not
operating effectively.
- Relevant matters for consideration when designing audit procedures to obtain audit evidence
about whether changes in inventory amounts between the count date, or dates, and the final
inventory records are properly recorded include:
 Whether the perpetual inventory records are properly adjusted.

 Reliability of the entity’s perpetual inventory records.
 Reasons for significant differences between the information obtained during the physical
count and the perpetual inventory records.
Attendance at Physical Inventory Counting Is Impracticable

- In some cases, attendance at physical inventory counting may be impracticable. This may be
due to factors such as the nature and location of the inventory, for example, where inventory
is held in a location that may pose threats to the safety of the auditor. The matter of general
inconvenience to the auditor, however, is not sufficient to support a decision by the auditor
that attendance is impracticable. Further, as explained in ISA 200, the matter of difficulty,
time, or cost involved is not in itself a valid basis for the auditor to omit an audit procedure
for which there is no alternative or to be satisfied with audit evidence that is less than
persuasive.
- In some cases where attendance is impracticable, alternative audit procedures, for example,
inspection of documentation of the subsequent sale of specific inventory items acquired or
purchased prior to the physical inventory counting, may provide sufficient appropriate audit
evidence about the existence and condition of inventory.
www.mdarasa.com
+254708068851

mDarasa Resources
- In other cases, however, it may not be possible to obtain sufficient appropriate audit evidence
regarding the existence and condition of inventory by performing alternative audit
procedures. In such cases, ISA 705 requires the auditor to modify the opinion in the auditor’s
report as a result of the scope limitation.
Inventory under the Custody and Control of a Third Party
Confirmation
ISA 505 establishes requirements and provides guidance for performing external confirmation
procedures.
Other Audit Procedures

Depending on the circumstances, for example, where information is obtained that raises doubt
about the integrity and objectivity of the third party, the auditor may consider it appropriate to
perform other audit procedures instead of, or in addition to, confirmation with the third party.
Examples of other audit procedures include:
 Attending, or arranging for another auditor to attend, the third party’s physical counting of
inventory, if practicable.
 Obtaining another auditor’s report, or a service auditor’s report, on the adequacy of the third
party’s internal control for ensuring that inventory is properly counted and adequately
safeguarded.
 Inspecting documentation regarding inventory held by third parties, for example, warehouse
receipts.
 Requesting confirmation from other parties when inventory has been pledged as collateral.
SUBSEQUENT EVENTS
A subsequent event is an event that occurs after a reporting period, but before the financial
statements for that period have been issued or are available to be issued. Depending on the
situation, such events may or may not require disclosure in an organization's financial
statements.
The two types of subsequent events are:
 Additional information. An event provides additional information about conditions in

existence as of the balance sheet date, including estimates used to prepare the financial
statements for that period.
www.mdarasa.com
+254708068851

mDarasa Resources
 New events. An event provides new information about conditions that did not exist as of the
balance sheet date.
Generally accepted accounting principles state that the financial statements should include
the effects of all subsequent events that provide additional information about conditions in
existence as of the balance sheet date. This rule requires that all entities evaluate subsequent
events through the date when financial statements are available to be issued, while a public
company should continue to do so through the date when the financial statements are
actually filed with the Securities and Exchange Commission. Examples of situations calling
for the adjustment of financial statements are:
 Lawsuit. If events take place before the balance sheet date that trigger a lawsuit, and l awsuit
settlement is a subsequent event, consider adjusting the amount of any contingent
loss already recognized to match the amount of the actual settlement.
 Bad debt. If a company issues invoices to a customer before the balance sheet date, and the
customer goes bankrupt as a subsequent event, consider adjusting the allowance for doubtful
accounts to match the amount of receivables that will likely not be collected.
If there are subsequent events that provide new information about conditions that did not
exist as of the balance sheet date, and for which the information arose before the financial
statements were available to be issued or were issued, these events should not be recognized
in the financial statements. Examples of situations that do not trigger an adjustment to the
financial statements if they occur after the balance sheet date but before financial statements
are issued or are available to be issued are:
 A business combination
 Changes in the value of assets due to changes in exchange rates
 Destruction of company assets
 Entering into a significant guarantee or commitment
 Sale of equity
 Settlement of a lawsuit where the events causing the lawsuit arose after the balance sheet
date
www.mdarasa.com
+254708068851

mDarasa Resources
A company should disclose the date through which there has been an evaluation of
subsequent events, as well as either the date when the financial statements were issued or
when they were available to be issued.
There may be situations where the non-reporting of a subsequent event would result in
misleading financial statements. If so, disclose the nature of the event and an estimate of its
financial effect.
If a business reissues its financial statements, disclose the dates through which it has
evaluated subsequent events, both for the previously issued and revised financial statements.
The recognition of subsequent events in financial statements can be quite subjective in many
instances. Given the amount of time required to revise financial statements at the last
minute, it is worthwhile to strongly consider whether the circumstances of a subsequent
event can be construed as not requiring the revision of financial statements.
There is a danger in inconsistently applying the subsequent event rules, so that similar
events do not always result in the same treatment of the financial statements. Consequently,
it is best to adopt internal rules regarding which events will always lead to the revision of
financial statements; these rules will likely require continual updating, as the business
encounters new subsequent events that had not previously been incorporated into its rules.
ISA 560 (REDRAFTED) SUBSEQUENT EVENTS
ISA 560 (redrafted) outlines the auditor’s responsibility in relation to subsequent events. For the
purposes of ISA 560, subsequent events are those events that occur between the reporting date
and the date of approval of the financial statements and signing of the auditors’ report.
In summary, the auditor should perform audit procedures designed to obtain sufficient
appropriate audit evidence that all events up to the date of the auditors’ report that may require
adjustment of, or disclosure in, the financial statements have been identified.
www.mdarasa.com
+254708068851

mDarasa Resources
It is widely understood that an audit of an entity’s financial statements often takes place
sometime after the reporting date and during the intervening period, facts could arise that may
affect the financial statements. There is also a relevant International Accounting Standard which
deals with such events, IAS 10 ‘Events after the Reporting Period’.
The audit procedures to be adopted by the auditor where subsequent events are concerned may
give rise to an adjustment to, or the inclusion of a note in, the financial statements. The auditor
will adopt relevant procedures depending on the risk assessment of the client.
THE OBJECTIVES OF THE AUDITOR ARE:

(a) To obtain sufficient appropriate audit evidence about whether events occurring between the
date of the financial statements and the date of the auditor’s report that require adjustment of, or
disclosure in, the financial statements are appropriately reflected in those financial statements in
accordance with the applicable financial reporting framework; and
(b) To respond appropriately to facts that become known to the auditor after the date of the
auditor’s report, that, had they been known to the auditor at that date, may have caused the
auditor to amend the auditor’s report.
GOING CONCERN
Introduction
IAS 1 Presentation of Financial Statements recognizes the going concern assumption as one of the
fundamental assumptions that underlie the periodic financial statements of enterprises.
The meaning of going concern can be said to be that the financial statements assume that the
enterprise will continue in operational existence for the foreseeable future, or put another way the
financial statements assume no intention or necessity to liquidate or curtail significantly the scale
of operation or put more simply that the enterprise can meet its financial obligations as they fall
due.
Going Concern Assumption

- Under the going concern assumption, an entity is viewed as continuing in business for the
foreseeable future. General purpose financial statements are prepared on a going concern
basis, unless management either intends to liquidate the entity or to cease operations, or has
no realistic alternative but to do so.
- Special purpose financial statements may or may not be prepared in accordance with a
financial reporting framework for which the going concern basis is relevant (for example, the
www.mdarasa.com
+254708068851

mDarasa Resources
going concern basis is not relevant for some financial statements prepared on a tax basis in
particular jurisdictions). When the use of the going concern assumption is appropriate, assets
and liabilities are recorded on the basis that the entity will be able to realize its assets and
discharge its liabilities in the normal course of business.
Responsibility for Assessment of the Entity’s Ability to Continue as a Going

Concern
- Some financial reporting frameworks contain an explicit requirement for management to
make a specific assessment of the entity’s ability to continue as a going concern, and
standards regarding matters to be considered and disclosures to be made in connection with
going concern.
- For example, International Accounting Standard (IAS) 1 requires management to make an
assessment of an entity’s ability to continue as a going concern. The detailed requirements
regarding management’s responsibility to assess the entity’s ability to continue as a going
concern and related financial statement disclosures may also be set out in law or regulation.
- In other financial reporting frameworks, there may be no explicit requirement for
management to make a specific assessment of the entity’s ability to continue as a going
concern. Nevertheless, since the going concern assumption is a fundamental principle in the
preparation of financial statements, the preparation of the financial statements requires
management to assess the entity’s ability to continue as a going concern even if the financial
reporting framework does not include an explicit requirement to do so.
- Management’s assessment of the entity’s ability to continue as a going concern involves
making a judgment, at a particular point in time, about inherently uncertain future outcomes
of events or conditions. The following factors are relevant to that judgment:
 The degree of uncertainty associated with the outcome of an event or condition increases
significantly the further into the future an event or condition or the outcome occurs. For
that reason, most financial reporting frameworks that require an explicit management
assessment specify the period for which management is required to take into account all
available information.
 The size and complexity of the entity, the nature and condition of its business and the
degree to which it is affected by external factors affect the judgment regarding the
outcome of events or conditions.
 Any judgment about the future is based on information available at the time at which the
judgment is made. Subsequent events may result in outcomes that are inconsistent with
judgments that were reasonable at the time they were made.
Responsibilities of the Auditor
www.mdarasa.com
+254708068851

mDarasa Resources
- The auditor’s responsibility is to obtain sufficient appropriate audit evidence about the
appropriateness of management’s use of the going concern assumption in the preparation of
the financial statements and to conclude whether there is a material uncertainty about the
entity’s ability to continue as a going concern. This responsibility exists even if the financial
reporting framework used in the preparation of the financial statements does not include an
explicit requirement for management to make a specific assessment of the entity’s ability to
continue as a going concern.
- However, as described in ISA 200, the potential effects of inherent limitations on the
auditor’s ability to detect material misstatements are greater for future events or conditions
that may cause an entity to cease to continue as a going concern. The auditor cannot predict
such future events or conditions.
- Accordingly, the absence of any reference to going concern uncertainty in an auditor’s report
cannot be viewed as a guarantee as to the entity’s ability to continue as a going concern.
Objectives
The objectives of the auditor are:
a) To obtain sufficient appropriate audit evidence regarding the appropriateness of
management’s use of the going concern assumption in the preparation of the financial
statements;
b) To conclude, based on the audit evidence obtained, whether a material uncertainty exists
related to events or conditions that may cast significant doubt on the entity’s ability to
continue as a going concern; and
c) To determine the implications for the auditor’s report.

When performing risk assessment procedures as required by ISA 315, the auditor shall consider
whether there are events or conditions that may cast significant doubt on the entity’s ability to
continue as a going concern. In so doing, the auditor shall determine whether management has
already performed a preliminary assessment of the entity’s ability to continue as a going concern,
and:
a) If such an assessment has been performed, the auditor shall discuss the assessment with
management and determine whether management has identified events or conditions that,
individually or collectively, may cast significant doubt on the entity’s ability to continue
as a going concern and, if so, management’s plans to address them; or
www.mdarasa.com
+254708068851

mDarasa Resources
b) If such an assessment has not yet been performed, the auditor shall discuss with
management the basis for the intended use of the going concern assumption, and inquire
of management whether events or conditions exist that, individually or collectively, may
cast significant doubt on the entity’s ability to continue as a going concern.
The auditor shall remain alert throughout the audit for audit evidence of events or conditions that
may cast significant doubt on the entity’s ability to continue as a going concern.
Evaluating Management’s Assessment

- The auditor shall evaluate management’s assessment of the entity’s ability to continue as
a going concern. In evaluating management’s assessment of the entity’s ability to
continue as a going concern, the auditor shall cover the same period as that used by
management to make its assessment as required by the applicable financial reporting
framework, or by law or regulation if it specifies a longer period.
- If management’s assessment of the entity’s ability to continue as a going concern covers
less than twelve months from the date of the financial statements as defined in ISA 560,
the auditor shall request management to extend its assessment period to at least twelve
months from that date.
- In evaluating management’s assessment, the auditor shall consider whether
management’s assessment includes all relevant information of which the auditor is aware
as a result of the audit.
Period beyond Management’s Assessment

The auditor shall inquire of management as to its knowledge of events or conditions beyond the
period of management’s assessment that may cast significant doubt on the entity’s ability to
continue as a going concern.
Additional Audit Procedures When Events or Conditions Are Identified

If events or conditions have been identified that may cast significant doubt on the entity’s ability
to continue as a going concern, the auditor shall obtain sufficient appropriate audit evidence to
determine whether or not a material uncertainty exists through performing additional audit
procedures, including consideration of mitigating factors.
These procedures shall include:

(a) Where management has not yet performed an assessment of the entity’s ability to continue as
a going concern, requesting management to make its assessment.
(b) Evaluating management’s plans for future actions in relation to its going concern assessment,
whether the outcome of these plans is likely to improve the situation and whether
management’s plans are feasible in the circumstances.
www.mdarasa.com
+254708068851

mDarasa Resources
(c) Where the entity has prepared a cash flow forecast, and analysis of the forecast is a
significant factor in considering the future outcome of events or conditions in the evaluation
of management’s plans for future action:
Evaluating the reliability of the underlying data generated to prepare the forecast; and
whether there is adequate support for the assumptions underlying the forecast.
(d) Considering whether any additional facts or information have become available since the
date on which management made its assessment.
(e) Requesting written representations from management and, where appropriate, those charged
with governance, regarding their plans for future action and the feasibility of these plans.
Audit Conclusions and Reporting

- Based on the audit evidence obtained, the auditor shall conclude whether, in the auditor’s
judgment, a material uncertainty exists related to events or conditions that, individually or
collectively, may cast significant doubt on the entity’s ability to continue as a going concern.
- A material uncertainty exists when the magnitude of its potential impact and likelihood of
occurrence is such that, in the auditor’s judgment, appropriate disclosure of the nature and
implications of the uncertainty is necessary for:
(a) In the case of a fair presentation financial reporting framework, the fair presentation of
the financial statements, or
(b) In the case of a compliance framework, the financial statements not to be misleading.
Use of Going Concern Assumption Appropriate but a Material Uncertainty Exists

- If the auditor concludes that the use of the going concern assumption is appropriate in the
circumstances but a material uncertainty exists, the auditor shall determine whether the
financial statements:
(a) Adequately describe the principal events or conditions that may cast significant doubt on
the entity’s ability to continue as a going concern and management’s plans to deal with
these events or conditions; and
(b) Disclose clearly that there is a material uncertainty related to events or conditions that
may cast significant doubt on the entity’s ability to continue as a going concern and,
therefore, that it may be unable to realize its assets and discharge its liabilities in the
normal course of business.
- If adequate disclosure is made in the financial statements, the auditor shall express an
unmodified opinion and include an Emphasis in the auditor’s report to:
(a) Highlight the existence of a material uncertainty relating to the event or condition that
may cast significant doubt on the entity’s ability to continue as a going concern; and
www.mdarasa.com
+254708068851

mDarasa Resources
(b) Draw attention to the note in the financial statements that discloses the matters
- If adequate disclosure is not made in the financial statements, the auditor shall express a
qualified opinion or adverse opinion, as appropriate, in accordance with ISA 705
The auditor shall state in the auditor’s report that there is a material uncertainty that may cast
significant doubt about the entity’s ability to continue as a going concern.
If the financial statements have been prepared on a going concern basis but, in the auditor’s
judgment, management’s use of the going concern assumption in the financial statements is
inappropriate, the auditor shall express an adverse opinion.
Management Unwilling to Make or Extend Its Assessment

If management is unwilling to make or extend its assessment when requested to do so by the
auditor, the auditor shall consider the implications for the auditor’s report.
Communication with Those Charged with Governance

Unless all those charged with governance are involved in managing the entity,7 the auditor shall
communicate with those charged with governance events or conditions identified that may cast
significant doubt on the entity’s ability to continue as a going concern. Such communication with
those charged with governance shall include the following:
(a) Whether the events or conditions constitute a material uncertainty;

(b) Whether the use of the going concern assumption is appropriate in the preparation of the
financial statements; and
(c) The adequacy of related disclosures in the financial statements.
Significant Delay in the Approval of Financial Statements

If there is significant delay in the approval of the financial statements by management or those
charged with governance after the date of the financial statements, the auditor shall inquire as to
the reasons for the delay. If the auditor believes that the delay could be related to events or
conditions relating to the going concern assessment, the auditor shall perform those additional
audit procedures necessary, as well as consider the effect on the auditor’s conclusion regarding
the existence of a material uncertainty.
Considerations Specific to Public Sector Entities

- Management’s use of the going concern assumption is also relevant to public sector entities.
For example, International Public Sector Accounting Standard (IPSAS) 1 addresses the issue
of the ability of public sector entities to continue as going concerns.8 Going concern risks
may arise, but are not limited to, situations where public sector entities operate on a for-profit
www.mdarasa.com
+254708068851

mDarasa Resources
basis, where government support may be reduced or withdrawn, or in the case of
privatization.
- Events or conditions that may cast significant doubt on an entity’s ability to continue as a
going concern in the public sector may include situations where the public sector entity lacks
funding for its continued existence or when policy decisions are made that affect the services
provided by the public sector entity.

Events or Conditions That May Cast Doubt about Going Concern Assumption
The following are examples of events or conditions that, individually or collectively, may cast
significant doubt about the going concern assumption. This listing is not all-inclusive nor does
the existence of one or more of the items always signify that a material uncertainty exists.
MANAGEMENT LETTER AND MANAGEMENT REPRESENTATION

It should be normal practice at the end of an audit to send a letter to the client setting out
weaknesses in the system of internal control. Certain rules should be observed when preparing
such a letter (known as the management letter, the letter of weakness, the internal control
memorandum, the letter of recommendations or the constructive service letter).
If management refuses to provide a representation then this constitutes a limitation in scope and
consideration should be given to expressing a qualified opinion or a disclaimer of opinion.
Objective of the auditor

a) To obtain written representations from management that management believes that it has
fulfilled the fundamental responsibilities that constitute the premise on which an audit is
conducted;
b) To support other audit evidence relevant to the financial statements or specific assertions in
the financial statements by means of written representations if determined necessary by the
auditor or required by other ISAs; and
c) To respond appropriately to written representations provided by management or if
management does not provide the written representations requested by the auditor.
ISA 580 states, “The auditor should obtain audit evidence that management acknowledges its
responsibility for the fair presentation of the financial statements in accordance with the applicable
financial reporting framework, and has approved the financial statements”.
Scope of this ISA
www.mdarasa.com
+254708068851

mDarasa Resources
1. This International Standard on Auditing (ISA) deals with the auditor’s responsibility to
obtain written representations from management and, where appropriate, those charged
with governance.
2. The specific requirements for written representations of other ISAs do not limit the
application of this ISA. Written Representations as Audit Evidence
3. Audit evidence is all the information used by the auditor in arriving at the conclusions on
which the audit opinion is based. Written representations are necessary information that the
auditor requires in connection with the audit of the entity’s financial statements.
4. Accordingly, similar to responses to inquiries, written representations are audit evidence.
5. Although written representations provide necessary audit evidence, they do not provide
sufficient appropriate audit evidence on their own about any of the matters with which they
deal. Furthermore, the fact that management has provided reliable written representations
does not affect the nature or extent of other audit evidence that the auditor obtains about the
fulfillment of management’s responsibilities, or about specific assertions.
Representations as Audit Evidence

The engagement team should obtain written representations from management on matters material
to the financial statements when other sufficient appropriate audit evidence cannot reasonably be
expected to exist.
The team should obtain written representation from management that:

a) It acknowledges its responsibility for the design and implementation of internal control to
prevent and detect error; and
b) It believes the effects of those uncorrected financial statement misstatements aggregated by
the auditor during the audit are immaterial, both individually and in the aggregate, to the
financial statements taken as a whole. A summary of such items should be included in or
attached to the written representations.
In certain instances, the only audit evidence that can be available to the auditor is that obtained
from inquiry. Therefore, the need to obtain written representations from management arises.
Where representations relate to matters that are material to the financial statements, the
engagement team should:
- Seek corroborative audit evidence from sources inside or outside the entity;
- Evaluate the reasonableness of management representations and consistency with other audit
evidence; and
- Consider whether the individuals making the representations are knowledgeable on those
particular matters.
Where other audit evidence could reasonably be expected to be available, management
representations cannot be substituted for that audit evidence. For example, a representation by
www.mdarasa.com
+254708068851

mDarasa Resources
management as to the cost of an asset is not a substitute for the audit evidence of such cost that an
engagement team would ordinarily expect to obtain.
Where audit evidence is reasonably expected to be available, relating to a matter that is material
to the financial statements, and the engagement team is unable to obtain such evidence,
consideration should be given to modifying the auditor’s report with a limitation of scope
paragraph. This will be the case even if management representation on that particular matter has
been received.
Where management representations are contradicted by other audit evidence, the engagement team
should investigate the circumstances and, if need be, reconsider the reliability of other
representations made by management.
Documentation
In Audit Evidence, documentary evidence is more reliable than oral evidence. Thus, management’s
representations should be obtained in a written form. This also reduces the possibility of
misunderstandings between the engagement team and management.
The basic elements of the management representation letter are:
- It should be addressed to the auditor.
- It is dated the same date as the auditor’s report.
- It is normally signed by members of management who have responsibility for the entity and
its financial aspects (normally the directors), based on the best of their knowledge and belief.
General points of good practice are as follows:

a) It should make clear that the object of the audit is not to discover fraud, but to report on the
financial statements. The matters referred to have been discovered incidentally to the main
objective.
b) The points should be listed logically.
c) There is no point in drawing attention to a weakness which is inherent in the nature or size
of the business, or it’s totally trivial.
d) Only the weakness should be noted. It should not be implied that no fraud is taking place
although the possible consequences of the weaknesses can be expanded upon.
e) Recommendations for improvements should be made in respect of each weakness.
f) Communications in respect of recommendations should be made on a timely basis.
The management letter will normally be a natural by-product of the audit, and the auditor should
incorporate the need to issue the letter in the planning of the audit. The letter should be sent as
soon as possible after completion of the audit procedures giving rise to the need to comment.
Where audit work is carried out in more than one stage it may be appropriate to issue a letter at
the interim audit stage as well as the final audit stage.
www.mdarasa.com
+254708068851

mDarasa Resources
It is important that the management letter is sent and responded to on a timely basis (at the audit
completion stage) in order to have impact, be effective and acted upon by the client. It is
important to discuss all the points in the letter with management before the letter is issued. Any
significant matters should be brought to management’s attention immediately first verbally
followed up in writing. It is essential that the contents of the letter are considered by the
management. A copy of the letter with replies should be kept on the file. Significant matters
should be followed up after the client’s response by way of discussion or the performance of
system tests. Normally, it is usual for the auditor to review points made in previous years at the
first subsequent audit visit.
When a group of companies is involved, the management of the holding company may want to
be informed of significant points arising in the reports of the management of the subsidiaries.
The auditor must obtain permission from the management of the subsidiary before releasing such
information.
Any report made to management should be regarded as confidential communication. The auditor
should therefore not normally reveal the contents of the report to any third party without the prior
written consent of the management of the company.
In practice, the auditor has little control over what happens to the report once it has been
dispatched.
Occasionally, management may provide third parties e.g. their bankers, with copies of the report.
The auditor can use a disclaimer of liability against foreseen liability to third parties but this may
not give full protection from liability where the auditor knows or ought to know that a report to
management may be passed to a third party who would rely on it.
Example of a management letter

There are other acceptable layouts which you may have seen in practice; columnar formats with
the headings ‘weakness’, ‘implication’ and ‘recommendation’ are common. Again it is not
necessary to learn this example, as the points would not be appropriate for all enterprises. Note
however the type of points made.
PRIVATE AND CONFIDENTIAL
The Directors
Zawadi Ltd.
Nairobi.
www.mdarasa.com
+254708068851

mDarasa Resources
Morovia
15th May 20x8
Dear Sirs
ZawadiLtd.
Audit for the year ended 31 December 2007

In accordance with our normal practice, we are writing to you with regard to matters arising out
of our audit for the year ended 31 December 2007 which we consider should be brought to your
attention.
Our responsibilities as auditors are governed by the (IASs/ national laws) and principally require
us to report on the accounts laid before the company in general meeting.
This report has been prepared for the sole use of the directors of Upper plc. None of its contents
may be disclosed to third parties without our written consent. Swift and Co assumes no liability
to any other persons.
The matters detailed in this report reflect matters coning to our attention during the course of our
audit. They are not intended to be a comprehensive statement of all weaknesses that may exist or
of all improvements that could be made. We set out below those matters which we consider to be
of fundamental importance. Other matters of lesser significance, but which nevertheless require
your attention, are dealt with in note form.
(a) Management reporting

A fundamental requirement to allow proper control over your business is the regular and timely
preparation of accurate management accounts. Preferably those should be prepared monthly,
compared with budgets and submitted for formal consideration and adoption by the full board of
directors. At the moment no such system exists.
(b) Internal control – accounting system

i) The company exercises no control over the input, processing or output of information
processed by the computer bureau. Reliance is placed on the computer bureau to ensure
complete processing of accounting information. In our opinion the directors should ensure
that the company effects proper control over the completeness and accuracy of information
processed.
ii) There are other areas covering aspects of inventory, non-curent assets and receivables
where control is lacking or inadequate.
iii) Our audit work was made considerably more difficult by the absence of care in filing
supporting documentation which was therefore difficult to trace. The proper maintenance
www.mdarasa.com
+254708068851

mDarasa Resources
of records is not only a requirement of the (national laws/IASs but is also necessary for the
efficient running of your business.
(c) Preparation of accounts

The quality of the draft financial statements submitted to us for audit was poor.
(i) The financial statements were produced late without proper support. When support was
provided in some cases it failed to agree with the amounts stated in the draft financial
statements.
(ii) A number of items required to be disclosed under the (IAS/national laws) was omitted.
Extensive discussions were necessary with you to ascertain the information to be disclosed
in respect of director’s interests and capital expenditure.
To reduce the time spent on the audit, and thus the cost to you, all supporting documentation
should agree with the financial statements and statutory disclosure information would be
assembled prior to our examination.
We would be pleased to discuss these points with you at your convenience.

EXTERNAL AUDITORS REPORTS AND OTHER REPORTS
Yours faithfully
Swift & Co
Appendix
Zawadi Ltd. – year ended 31 December 2007
(a) Computer processing
Weaknesses:
Lack of control exercised over computer processing.
Implications
The completeness, accuracy and validity of the accounting records may be undermined.
Recommendations:
(i) Authorization of input especially journals not arising from books of prime entry.
(ii) Batch controls using registers over all input in terms of value and number of
documents/transactions processed.
(iii) Use of hash totals
(iv) Management control over master file amendments
(v) Reconciliation to control accounts
www.mdarasa.com
+254708068851

mDarasa Resources
(vi) Clear audit trial for the correction and resubmission of nay rejected
(vii) All financial information processed at one location
(viii) A back up system should be available if the bureau is unable to process the input.
(b) Payroll
Weaknesses
No evidence of approval
Implications
Unauthorized changes may occur
Recommendations
Management should evidence their approval of the payroll, changes in rates of pay and the
employment of new staff.
(c) Inventory
Weaknesses
• Lack of physical and financial control over times of inventory
• Cut off errors were discovered for widgets dispatched prior to the year end but not invoiced
• Overhead allocation in valuation of widgets lacked support
Implications
• Inventory could be misappropriated
• The year-end inventory figure could be misstated
Recommendations
(i) A simple system of perpetual inventory should be implemented at each location.
This should be used to check for the dispatch and receipt of inventory and would provide good
overall control to enable a comparison of:
- Expected use to actual by comparison with orders, and
- Book inventory to actual after regular inventory checks
(ii) Improvements should be made to the system of control to facilitate a review of the
dispatches at the year end to ensure that a proper cutoff is achieved.
(iii) The valuation of widgets depends on the estimated throughout during the year.
It is important that the number of widgets produced is properly recorded and that
consideration is given to normal production levels to allow compliance with accounting
standards.
www.mdarasa.com
+254708068851

mDarasa Resources
(d) Non-current assets

Weaknesses
 Lack of physical control
 Lack of clear capitalization policy
 Assets will nil net book value subject to depreciation charge.
Implications
 Portable assets could be misappropriated.
 Items could be incorrectly capitalized
 The depreciation figures in the accounts could be overstated.
Recommendations
(i) A register should be introduced to record all assets at cost together with associated
depreciation
(ii) In previous year’s capital additions, notably the improvements to the leasehold premises
have been written off. Also, assets scrapped have not been written off. The effect of this
cancels out and therefore we have not proposed an adjustment to opening figures. A
capitalization should be laid down and adhered to.
(iii) A register would enable the identification of fully depreciated assets and allow them to be
excluded from the deprecation calculations.
(e) Purchases of payments
Weaknesses
• Lack of proper allocation of costs
• Lack of supporting documents
• Lack of control over cheque books
• Unauthorized charges
• Poor control over unrecorded liabilities
Implications
• Purchases in the accounts may be misstated
• Payables may be understated if unrecorded liabilities are not controlled
Recommendations
i) All charges incurred should be allocated to the relevant cost centres to promote
accountability of these centers.
www.mdarasa.com
+254708068851

mDarasa Resources
ii) Proper supporting documents for all payments must be retained and property filed for easy
retrieval.
iii) Control over payments would be improved if only one cheque book was in use at any one
time.
iv) Documents supporting charges should be authorized by an appropriate level of
management
v) A purchases journal should be introduced. Payments should be marked off. This would
provide control over unpaid invoices and a means for regular control account
reconciliation.
GROUP AUDITS
Group audits are audits of financial statements that include the financial information of more
than one component.
 Group audit: The audit of group financial statements.
 Group financial statements: Group financial statements are financial statements that
include the financial information of more than one component. “Group financial
statements” also refers to combined financial statements aggregating the financial
information of components that are under common control.
 Component: A component is an entity or business activity for which group or
component management prepares financial information that is required to be included in
the group financial statements. A component may include, but is not limited to,
subsidiaries, geographical locations, divisions, investments, products or services,
functions, processes, or component units of state or local governments.
ISA 600 (revised and redrafted), special considerations – audits of group financial
statements (including the work of component auditors)
Definitions
The group auditor is responsible for providing the audit opinion on the group financial
statements. Components of the group financial statements can include subsidiaries, associates,
joint ventures, and branches. The components may be audited by the group auditor, but may
instead be audited by a different firm of auditors known as the ‘component auditors’, also known
as the ‘other auditor’. The term component auditor is introduced by the revised and redrafted ISA
600. This article focuses on the objectives and responsibilities of the group auditor.
www.mdarasa.com
+254708068851

mDarasa Resources
Objectives
The objective of the group auditor is twofold. First, the group auditor should establish that it is
appropriate to act as group auditor. Second, the group auditor should gather sufficient and
appropriate evidence in order to reach an opinion on the consolidated financial statements. This
article focuses on the second of these two objectives.
It is useful to consider the process by which the group financial statements are produced before
considering the group auditor’s objectives in relation to evidence. This three-stage process is
summarised
Stage one – gathering evidence on the components
Planning and risk assessment

It is imperative that the group auditor has a good understanding of the structure of the group, the
significance (ie materiality) of each component of the group, the mechanics of the consolidation
process, and the risk of material misstatement presented by each of the company’s financial
statements. Materiality levels should be established for the group in aggregate, and for the
individually significant components.
Involvement in the work of component auditors

In a group, it is likely that some companies will be audited by a different firm of auditors. The
group auditor has two issues to resolve. First, the group auditor cannot simply rely on another
auditor’s opinion on the financial statements of the company. In other words, if the other auditor
has concluded that the financial statements of the component are free from material
misstatement, the group auditor should not just rely on this opinion and assume that the figures
taken from the company’s financial statements into the consolidated financial statements are
correct. A material misstatement in the financial statements of a company could become a
material misstatement in the financial statements of the group.
For all companies within the group, regardless of materiality, the group auditor should review a
report of work done by the component auditor. This report of work done could be in the form of
an executive summary, or a memorandum of audit issues arising from the audit of the company.
Alternatively, the group auditor may issue a questionnaire, to be completed by the component
auditor, which would highlight key issues arising from the audit of the component. Following
this review, the group auditor will need to decide on the extent of any further actions which need
to be taken, or any further work which needs to be carried out, in order to ensure that the
financial statements are free from material misstatement. Such actions could include:
a review of the component auditor’s overall audit strategy
performing a risk assessment at the company level
www.mdarasa.com
+254708068851

mDarasa Resources
participating in closing meetings with the component auditor and the management of the
company
a review of relevant parts of the component auditor’s audit working papers.
Where a company is material to the group financial statements, the group auditor should carry
out further actions, including:
discussing with the component auditor, and/or the management of the company, the business
activities that are significant to the group
discussing with the component auditor the susceptibility of the company’s financial statements to
material error or deliberate misstatement
reviewing the component auditor’s documentation of identified significant risks, and the
conclusions reached on these risks.
It may be the case that, having performed the actions outlined above, the group auditor concludes
that further audit work is required on the financial statements of a company, or that a
memorandum of audit issues arising from the audit of the company is needed. For example, the
group auditor may consider that an element of the financial statements of the company could be
materially misstated, and that further audit evidence is necessary.
The group auditor should determine the nature of the work necessary, and whether the work
should be carried out by the group auditor or the component auditor.
Having taken the actions outlined above, the group auditor should now have obtained sufficient
evidence to show that the individual company financial statements are free from material
misstatement, and are a sound basis for the preparation of the consolidated financial statements.
Stage two – auditing the consolidation
The consolidation process

The group auditor must plan the audit procedures to be performed on the consolidation process.
For some groups, the consolidation will be complex and is likely to involve some areas of
judgement, and so there is a high degree of audit risk. Thorough planning will be essential to
ensure that audit risk is minimised. The types of audit procedures that could be performed
include:
checking that figures taken into the consolidation have been accurately extracted from the
financial statements of the components
www.mdarasa.com
+254708068851

mDarasa Resources
evaluating the classifications of the components of the group – for example, whether the
components have been correctly identified and treated as subsidiaries, associates, or joint
ventures
reviewing the disclosures necessary in the group financial statements, such as related party
transactions and minority interests
investigating the treatment of any components which have a different financial year end from
that of the rest of the group
gathering evidence appropriate to the specific consolidation adjustments made necessary by
financial reporting standards, including, for example:
– the calculation of goodwill and its impairment review
– cancellation of inter-company balances and transactions
– provision for unrealised profits as a result of inter-company transactions
– fair value adjustments needed for assets and liabilities held by the component
– re-translation of financial statements of components denominated in a foreign currency.
Some of the evidence required to meet the above objectives will be gathered by the component
auditor, and it is the group auditor’s responsibility to communicate to the component auditor the
evidence that they are expected to gather. This communication ideally occurs at the audit
planning stage.
The group auditor must have a sound knowledge of the relevant financial reporting standards,
which include:
IFRS 3, Business Combinations
IAS 28, Investments in Associates
IAS 31, Interests in Joint Ventures
IAS 32, Financial Instruments: Presentation
IAS 39, Financial Instruments: Recognition and Measurement.
Candidates are advised that, for the purposes of study for Paper P7, they must be very familiar
with the above financial reporting standards. Particularly important are the accounting
regulations relating to subsidiaries regarding goodwill, inter-company transactions, and fair value
adjustments, as well as the financial reporting implications on the acquisition and disposal of a
subsidiary. Candidates must also be aware of the principles of accounting for associates, joint
ventures, and foreign subsidiaries.
It is also important to remember that the parent company’s individual financial statements will
contain balances and transactions pertinent to the components of the group. The parent
company’s statement of financial position (balance sheet) will carry the investments as non-
www.mdarasa.com
+254708068851

mDarasa Resources
current assets, and the statement of comprehensive income is likely to contain dividend receipts
and other group transactions. The auditor expressing an opinion on the parent company’s
individual financial statements must gather sufficient appropriate evidence regarding these items,
paying particular attention to the carrying value of the investments. Candidates are reminded that
IFRS 3 contains detailed guidance on the treatment of group investments, particularly on the
calculation of the cost of investment.
Stage three – issuing the group audit opinion

The group auditor issues an opinion on the consolidated financial statements. This is done after a
thorough review of all evidence gathered in the first and second stages.
Other matters relevant to a group audit situation
Joint auditing
A joint audit is when two audit firms are appointed to jointly provide an audit opinion on a set of
financial statements. This is becoming increasingly common, especially in group audits, where a
component may be audited by both the group auditor and another auditor. The main benefit of
this type of arrangement is that when a new component is acquired by the group, for example the
acquisition of a new subsidiary, it is advantageous to keep the subsidiary’s existing audit firm,
which will have built up considerable knowledge and experience of the business of the
component. However, the group auditor will also need to build up knowledge of the new
subsidiary’s business, and also become familiar with the audit methods and procedures used by
the other auditor. One way for this to happen is for the group auditor to be appointed, along with
the other auditor, to jointly provide the audit opinion on the individual financial statements of the
subsidiary. The two firms will work together to plan the audit, gather evidence, review the work
done, and to finally provide the opinion.
Other benefits from a joint audit may include better availability of resources and the provision of
a higher quality audit, as there will be access to staff from both firms of auditors. The inclusion
of members of staff from the group audit firm within the audit team of the subsidiary should also
improve the efficiency of the audit of the consolidation process.
However, it may be difficult for the two firms to work together if they use different audit
methods and it may take time to develop a ‘joint audit’ approach. There will also be cost
implications for the client, as it will presumably be more expensive to use two firms of auditors
to provide an audit opinion instead of one.
Joint auditing has been the subject of some debate within the profession in recent times. This is
largely because it is seen as a way for small and medium-sized audit firms to continue to be
involved in the audit of their client once the client has been acquired by another company. Prior
to the emergence of the joint audit, it would have been most likely for the existing auditor
www.mdarasa.com
+254708068851

mDarasa Resources
(especially if a small or medium-sized audit firm) to be replaced by the group auditor (likely to
be a larger audit firm) as the provider of the audit opinion on the individual financial statements.
As more and more companies become acquisition targets, it can be seen that if this practice were
to continue, the small and medium-sized audit firms would continue to lose audit clients to the
larger audit firms, and would be left with few clients to provide a source of income. Therefore, in
the interests of maintaining revenue streams for small and medium-sized audit firms, and in the
interests of competition in the audit profession, joint auditing is an important current issue, and
will continue to be debated for the foreseeable future.
Conclusion
Group audits raise a variety of issues. The group structure can be complex and the existence of
numerous components within the group means that there may be several firms of auditors
involved. The group auditor must ensure that the group audit is carefully planned and that
communications with other auditors are made early in the audit process. The group auditor needs
to gather two types of evidence. Evidence regarding individual components of the group may be
gathered using a joint audit arrangement, though this is not without disadvantages. Evidence on
the consolidation process must be thorough, and planned with regard to numerous complex
financial reporting standards.
ANALYTICAL REVIEW
An analytical review is used by auditors to assess the reasonableness of account balances. A

CPA does this by comparing changes in account balances over time, as well as by comparing
related accounts. Here are several examples of analytical reviews:
 If sales increase by 20% during the review period, then accounts receivable should increase by a
similar amount. If the proportional change in receivables is greater than the increase in sales, this
could be caused by several issues, such as a reduced collections effort or extending credit to
lower-quality customers. In both cases, a larger reserve for bad debts is indicated.
 If 10% of the inventory has been declared obsolete in the past three years, then the obsolescence
charge for the current year should be about the same. If the actual amount of this charge is lower
than 10%, one might suspect that there is unidentified obsolete inventory still in stock.
 If there has been a change in an expense account of greater than 25% and more than $5,000 in
the past year, investigate the reason for the change.
www.mdarasa.com
+254708068851

mDarasa Resources
Analytical reviews can be quite useful for spotlighting general areas in which financial
statements are incorrect or where transactions have been mis-classified. Once the analysis
identifies areas of concern, the auditor must conduct a further investigation in order to pinpoint
the source of the underlying problem.
ANALYTICAL TESTS
It is a procedure evaluating data relationships to derive substantive audit evidence. It identifies
areas requiring additional audit attention. For example, auditors would compare actual financial
statement figures against their professional expectations and the firm's experience. Discrepancies
are noted and investigated. A comparison may also be made between figures of competing firms
and industry norms. Further, financial information can be compared to nonfinancial information,
where appropriate.
An example is the relationship between sales and number of employees. Analytical tests can be
conducted in measures other than dollars, if desired, such as in physical quantities and ratio
percentages.
Purposes Of Analytical Review In An Audit
 To assist the auditor in planning the nature, timing and extend of other audit procedures
 As substantive procedures when their use can be more effective or efficient than tests of
details in reducing detection risk for specific financial statement assertion
 As an overall review of the financial statements in the final review stage of the audit
BANK AUDITING
Bank auditing is the procedure of reviewing the services and procedures adopted by banks and
other financial institutions. It is a routine procedure that all financial services entities must
undergo in order to ensure that they are in compliance with industry standards and jurisdictional
regulations.
Banks are central to the nation’s financial system because, by receiving deposits and distributing
loans, they circulate money. This makes stable and efficient banks essential to the economy.
Bank auditors, therefore, evaluate financial information for accuracy and perform procedures
that determine if management controls are effective. The public can rely on the banking system
because of these audit activities
Key Areas
Auditors define your bank’s key areas depending on factors such as the services it offers,
systems it runs and the risk of fraud or misstatement these systems pose. They examine all the
earning streams, including interest income, and the recording mechanisms. They also audit all
www.mdarasa.com
+254708068851

mDarasa Resources
expense streams, including interest, human resources and regulatory expenses and their
recording mechanisms. Items that have an element of human judgment, such as provision for bad
debts or asset capitalization, also attract the auditors’ attention. Other significant areas include
key assets and liabilities, such as government grants, tax assets or loans.
Test of Details
Test of details is a substantive audit procedure that auditors carry out when they think that the
risk of misstatement at the assertion level is substantial. While auditing your bank, auditors
usually assume loans are risky. This is because the more loans the bank issues, the more interest
it earns. Therefore, as a test of detail, auditors send out confirmation letters to customers who
borrowed from your bank. These borrowers respond to the letters, confirming their balances and
interest due. Recalculations and physical inspection are among the other tests of details that
auditors use. These tests are evidence that the information is legitimate.
Substantive Analytics
While auditing your bank’s financial statements, auditors apply a second type of substantive
procedure, the substantive analytics. While performing this analysis they try to find existing
plausible relationships among financial data. For example, if your bank’s lending is increasing,
auditors expect to find a corresponding increase in interest income. If they don’t find this
increase in interest, they look for and try to identify, calculate and corroborate reasonable factors
contributing to this situation.
Test of Controls
Usually, when risk of material misstatement isn’t high, auditors rely on a test of controls and
substantive analytics for their opinion. Tests of controls are procedures that auditors perform to
determine how effectively management or system controls function. Their goal is to find
significant control weaknesses if they exist. For example, auditors check whether your bank’s
system correctly calculates interest and principal. They also check to see if appropriate bank
employees with applicable authorization approve them.
INSURANCE AUDIT
Insurance Companies
Authoritative documents include:
 The Insurance Act
 The Companies Act
 IFRS 4 Insurance Contracts
www.mdarasa.com
+254708068851

mDarasa Resources
The main legislation governing insurance companies and their conduct is the Insurance Act
Key audit areas: For an insurance company these are:

1. Investments,
2. unearned premiums, and
3. Expired risks, this is when a category of business has proved to be unprofitable
provision is made for future losses on risks already accepted,
4. Outstanding claims,
5. Ascertainment of debtors and creditors,
6. Actuarial valuation re: life insurance.
Insurance companies like banks are also subject to special exempting provisions in the
Companies Act and in the Insurance Act. Unlike banks, not only do they take advantage of
the special provision but are in fact required by the Commissioner to take advantage of the
provisions. The auditor therefore, in practice gives two audit reports for an insurance company
and is also required to sign various reports that are submitted to the Commissioner of
Insurance. The insurance company prepares statutory accounts which are audited in the
normal way and a true and fair view report given and these are submitted to the members in
the normal way and adopted and dividends paid on their strength. The Commissioner then
requires accounts to be prepared in accordance with insurance regulations taking advantage of
creating secret reserves. These are also audited and reported on accordingly by the auditor but
not in true and fair view terms but rather by simply stating compliance with the insurance act.
Key audit areas in detail
(a) Ascertainment of debtors and creditors. Insurance companies do not maintain their
personal ledgers in such a way as to produce directly a separate list of debtors and creditors.
Their ledgers instead reflect the section of the market from which the business originates e.g.
broker, reinsurer, direct policy holder etc, hence it is quite possible that both debtor and creditor
balances will exist in one ledger sometimes for the same person. The legal position with regard
to right of set off between debit and credit balances with the same person is not clear. From a
professional point of view the auditor must ensure therefore that the company adopts a
consistence approach in establishing the separate amounts of debtors and creditors.
(b) Unearned premiums: This represents the appropriate portion of a premium received during
the year under review but is applicable to later accounting periods. Once again, a consistent
approach should be adopted and the accounts should declare the basis selected by the insurance
company under the heading of accounting policies. The most common basis adopted for
annual premiums is the 24th basis.
(c) Expired risks: This represents the carry forward of provisions to the next accounting period
in circumstances where it appears that insurance business undertaken in the period under
review is unprofitable. This makes it similar to the provision on long term contracts in the
construction industry. The audit difficulty is that a considerable element of adjustment enters
the computation of such risks, the issue is for the auditor to form an opinion on the need for
such a provision and if one exists whether the sum provided is adequate.
www.mdarasa.com
+254708068851

mDarasa Resources
(d) Outstanding claims: We can classify these claims in the following three categories:
i. Those which have been notified and agreed but are still outstanding at the balance
sheet date
ii. Those which have been notified before, but not yet agreed at the balance sheet date
and
iii. Those which have arisen but have not yet been notified to the company by the
balance sheet date.
A good deal of estimation is needed with regard to category (ii) and (iii) above. The audit
procedures therefore would invariably include, review of the claims files in order to appraise
the company's estimates. We must also compare the average cost of outstanding claims for
each class of business with current experience and finally the auditor should examine statistical
elements comparing past estimates with actual results.
Co-operative Societies
An audit in this case is carried out as a normal audit except you should note that the auditor is
appointed by the Commissioner of Co-operatives and although he reports to the members the
accounts must be registered with the Commissioner. Of special note is that he is required to carry
out special investigations on the bad debts provision to determine its adequacy and on the good debts
he has to confirm their recoverability.
Building Societies
Building Societies are organisations which exist to offer a savings and investment medium to
the public and to lend to individuals money to enable them buy their own houses taking as
security the deeds of the houses. They are not limited companies but are run by a board of
directors elected by the investors and permanent staff. There are strong similarities in the
legislation covering building societies and that covering companies.
There are additional control problems peculiar to building societies:
i. The large volume of deposits and withdrawals of small amounts of cash;

ii. The granting of loans on mortgage
iii. Control over documents of title
iv. Control over investments and their related income
It shall be the duty of the auditors of a building society to carry out such investigations as will enable
them to form an opinion as to the following matter.
(a) Whether the society has kept proper books of account;

www.mdarasa.com
+254708068851

mDarasa Resources
(b) Whether the society has maintained a satisfactory system of control over its transactions
and records;
(c) Whether the balance sheets and revenue and appropriation account are in agreement with
the books of account and records of the society and if the auditors are of the opinion that
the society has failed to keep proper books of account or proper records or a proper
system of control they should state that fact in their report.
Key Audit Areas

1. The auditor must examine the procedure for checking deeds on receipt from the lawyers
to ensure that they are complete in accordance with the advance records properly
executed and stamped;
2. Examine the maintenance of records that show the location of all deeds and the dates of
any changes in the location of any of them.
3. Examine the procedure that ensures that the deeds are received from the society's lawyers
without undue delay;
4. Examine the authority required for the release of deeds for a temporary period from their
normal custody and the proper control for their prompt return;
5. Examine whether there is a continuous independent check of the deeds against the
advance records or the borrowers ledger accounts;
6. Examine the necessity for satisfactory cross reference between the advance records, the
cash book, the borrower's ledger account and the deed.
7. Examine the procedure for the release of deeds on redemption of the mortgage.
Other matters the auditor needs to be concerned with are:
Examination of deeds
• Ensure that the mortgage is in the name shown in the advance records;
• That there is a document of title to the property under mortgage and that the society's
lawyers have been satisfied as to the borrower's title;
• The amount of the advance as stated in the mortgage deed is not less than that shown on the
advance records;
• The mortgage deed is stamped, properly signed, witnessed and is prima facie in order;
• The property is adequately insured, the premium is paid up to date and the society's interest
as mortgage is endorsed in the insurance policy.
Share and deposits

Shares may consist of subscription shares and paid up shares. Interest on shares may be credited to
the accounts instead of being paid to ensure proper control the following should be covered by the
system:
o There should be proper custody of unused share and deposit pass book, receipt forms
and share certificates;
www.mdarasa.com
+254708068851

mDarasa Resources
o There should be proper instructions to the staff as to the making of entries in the pass
books and the issue of receipts;
o Withdrawal terms, notice and specimen signatures;
o Authorization of withdrawals by the ledger department or against the pass books;
o Records of deaths, marriages, powers of attorney and transmission of shares and
deposits;
o The comparison of the balance shown in the pass book with that shown in the ledger.
Cash
Possibility of error and misappropriation always accompany the handling of cash. Building societies
transactions to a large extent are in cash. This however does not involve audit considerations which
differ in principle from those encountered in any other business. So there should be surprise cash
counts and any discrepancies should be investigated in detail.
Window Dressing
Auditors should examine transactions which have the effect of showing as at the balance sheet date
a state of affairs particularly the society's liquidity which is materially better than it was during the
year and shortly after. Of particular attention are:
1. Large deposits received shortly before the year end and repaid shortly after;
2. Large mortgage repayments received shortly before the year end and re-advanced on the
same property shortly after;
3. Unusual delay until after the year end in making payments in accordance with
applications received for withdrawals of shares or deposits;
4. An abnormal year end accumulation of commitments for advances followed by the
making of the advances shortly after the year end;
5. The significance of items in the bank reconciliation statements.
Not only does the auditor report to the members on the financial statements, he is also supposed
to give a report to the registrar of societies to accompany the annual return.
Charities and Non Governmental Organizations

Key audit areas:
1. Income: donations are hard to verify therefore good internal control is needed
particularly on the opening of mail. A published list of donors can be very helpful in
verification;
2. Outgoings: Should be minuted and be subject to delegated authority;
3. Investments: Many charities have investments and these are verified in the normal way
of verifying in investments.
The audit report is usually qualified on grounds that it is not possible because of the nature of the
www.mdarasa.com
+254708068851

mDarasa Resources
society to verify whether all the income receivable in the form of donations has been fully accounted
for.
Control problems in charities

(a) Door to door collections: Volunteers should be issued with numbered boxes, the boxes
should be sealed, the boxes should be opened and counted regularly preferably in the
presence of the volunteer and one or more trustees. All contents should be promptly
entered in a register kept for that purpose and banked. The entries in the book should be
initialled by those counting.
(b) Donations received by post: Two people including a trustee should open the mail.
Receipts should be entered in a register kept for the purpose and the entries initialled.
Banking should be immediate.
(c) Deeds of covenant: A register of donors under deed should be kept. Checks should be
made regularly to see that all amounts have been received or donors followed up.
(d) Harambee and other fund raising events: The plans for the events especially expenditure
should be approved in advance by the trustees. Records should be kept of all details of
these events. Individuals should be politely instructed in their financial duties. All cash
and cheques should go to the society's bank account. All proceeds should be counted in
the presence of a trustee and banked promptly. An account should be drawn up after the
event approved by the trustee and publicised to all the members.
(e) Donations of equipment and materials: A full register of such donations should be
maintained. An estimate should be made of the market value of all items. Maintenance
materials should be properly stored.
(f) All cash payments should be made out of cash drawn from the bank, unless any donor
objects the annual report should contain a full list of donors. The annual report and the
accounts should be as detailed as possible.
Pension Funds
Pension funds are set up by companies or other organizations:
(a) To administer the pension payable to retired employees and

(b) Ensure that funds are available to pay pensions even if the sponsoring organization goes
into liquidation. The auditors duties include:
i. Examining the trust deed that set up the fund and ensuring that its provisions have
been correctly carried out;
ii. Verifying that there is proper control over the transactions of the fund;
iii. Verifying the portfolio of investments. All changes should be authorised by
trustee minutes and all income must be received;
iv. Verify that the funds are sufficient to meet its future commitments. These are
www.mdarasa.com
+254708068851

mDarasa Resources
usually determined actuarially, preferably annually. Many schemes incorporate
an undertaking by the sponsor to make good any deficiency.
Advocates
The statutory provision regulating the handling of client's monies are covered in the advocate's
act.
Purpose of the rules:
• To require a lawyer to keep client's money separate from his own money;
• To ensure that a lawyer keeps adequate records of his transactions so that his books show
money received and paid and balance held on account of each client;
• To ensure that one client's money is clearly distinguished from that of other clients and from
any other money passing through the lawyer's accounts.
Broad effects of the rules:

• That money received by a lawyer which does not belong to him should be dealt with through
the client account;
• That his own money is kept in an office account
The Accountant's Role

Every year a lawyer who handles client's money is required to produce to the Law Society of Kenya
a report by a qualified accountant that he has complied with the rules in the advocate's act. This
report is required once every year, however, a complete audit is not required nor is there a
requirement for the preparation of the profit and loss account or balance sheet. For the purpose of
giving his report the accountant must:
1. Ascertain from the lawyer particulars of all bank accounts kept or operated by the lawyer
in connection with his practice.
2. Examine the book keeping system in every office of the lawyer to see that the system
complies with the following requirements:
o That there is a ledger account for each client

o The ledger accounts show separately particulars of all client money received, held or
paid on account of each client
o Transactions relating to clients money are recorded in the lawyers books so as to
distinguish them from transactions relating to any other monies
o Test check postings to client's ledger accounts from records of receipts and payments
of client's money
o Make test checks of casts of such accounts
o Compare a sample of lodgements and payments as shown in the bank statement with
the lawyer's records of receipts and payments of client's monies
o Enquire into and test check the system of recording costs and of making withdrawals
in respect of costs from the client account
www.mdarasa.com
+254708068851

mDarasa Resources
o Satisfy himself by test examination that financial transactions are in accordance with
the rules and that any entries in ledger accounts reflect the transaction in a manner
which complies with the rules
o Extract all client's ledger balances at least two dates in the year and reconcile the cash
book balance with that confirmed direct to the accountant by the bank
o Make test examination to ascertain whether payments from client account have been
made on any individual account in excess of the money held on behalf of that client
o Peruse the office ledger, cash accounts and bank statements to see whether client
money has not been paid into a client account
The accountant is not required
1. To extend his enquiries beyond the information contained in the relevant documents as
supplemented by such information and explanations as he may obtain from the lawyer.
2. To enquire into stocks shares other securities or documents of title held by the lawyer
on behalf of clients.
3. To consider whether the books of accounts of the lawyer were properly written up in
accordance with the rules at any other time than at which his examination took place.
www.mdarasa.com
+254708068851

mDarasa Resources
CONTENT
TOPIC 6
17.6 Audit related assurance services
 Prospective financial information,

 Investigations and due diligence
 Special audit assignments (social and environment audit)
 Audit committee and corporate governance
 Operations and internal audit management
 Audit under computerised information systems
 Audit of public sector undertakings
www.mdarasa.com
+254708068851

mDarasa Resources
TOPIC 6
AUDIT RELATED ASSURANCE SERVICES
DUE DILIGENCE
Due diligence is an investigation or audit of a potential investment or product to confirm all
facts, such as reviewing all financial records, plus anything else deemed material. It refers to the
care a reasonable person should take before entering into an agreement or a
financial transaction with another party. Due diligence can also refer to the investigation a seller
does of a buyer; items that may be considered are whether the buyer has adequate resources to
complete the purchase, as well as other elements that would affect the acquired entity or the
seller after the sale has been completed.
Conducting a due diligence audit lets you know in advance if a business is worth an investment
of your time and money. Reviewing the financial and corporate documents gives you a complete
picture of the company, and you can hire a professional business appraiser to help you with this
task. You have a set deadline to get out of the contract if your due diligence finds something
materially wrong with the business. Because the seller is providing you with private corporate
and financial information, be prepared to sign a nondisclosure or confidentiality agreement
before receiving the documents.
Obtain Financial Documents
The seller should provide you with audited financial statements and copies of bank statements
for the business checking, savings and investment accounts for the past three years. Ask for
copies of credit and loan agreements, notes payable and any liens that have been filed against the
company. You’ll also want copies of vendor and supplier contracts, the accounts receivable, an
accounts receivable aging spreadsheet and accounts written off as uncollectable. Get copies of all
income tax records for the past seven years to be sure there are no outstanding taxes or ongoing
IRS collection activities.
Visit the Business Location
What looks good on paper may not be so impressive when seen in person. Plan to make at least
one trip to inspect the business premises. Look at the overall condition of the building inside and
out. Bring along a list of the fixed assets and equipment, inventory and supplies, office furniture
www.mdarasa.com
+254708068851

mDarasa Resources
and fixtures the business owns. Verify that what’s on the list is physically there, functioning and
in good condition. Be sure to get copies of current business licenses and operating permits.
Employees and Key Personnel
Employee wages and benefits are a substantial business expense. Along with monthly payroll
information, you’ll want to know about employer-sponsored retirement plans, health insurance
benefits and employee vacation and leave policies. Determine if there are any employee
agreements or contracts in force. The employee handbook should be current and in compliance
with federal and state employment laws. Verify the identity of key employees along with their
payment and benefit package. If key employees have left the company, ensure that they signed a
noncompete agreement or nondisclosure agreement.
Products, Services and Competitors
If sales or services are the lifeblood of the business, you’ll want to know how many products or
services the business provides along with how the selling price is determined. You need to know
how the products and services stack up against the competitors. Ask the seller how he sets his
products or services apart from his competitors to attract and retain customers. Compare the
financial ratios against industry norms to get an idea of how the business stacks up. If the
business is involved in an environmentally sensitive industry such as dry cleaning or gasoline
sales, be sure any regulatory concerns or issues are resolved.
AUDIT COMMITTEES
An audit committee is one of the major operating committees of a company's board of
directors that is in charge of overseeing financial reporting and disclosure.
The main objectives usually associated with audit committees include;
i. Increasing public confidence in the creditability and objectivity of published
financial information including unaudited interim statements
ii. Assisting directors (particularly non executive directors) in meeting their
responsibilities in respect of financial reporting
iii. Strengthening the independent position of a company’s external auditor by
providing an additional channel of communication.
www.mdarasa.com
+254708068851

mDarasa Resources
a) The roles of an audit committee might include:

• To review the company's financial statements prior to their submission to the board;
• To review the scope and planning of the audit;
• To review the findings of the independent auditor;
• To ascertain whether the accounting and reporting policies of the company are in
accordance with legal requirements and best practice;
• To keep under review the effectiveness of the company's systems of accounting and control;
• To make recommendations to the board concerning the appointment and remuneration of
the independent auditors;
A particular role is to assist in the communication process between the board and the auditors
throughout the medium of the non-executive directors and it provides a useful way of assisting
the latter in the discharge of their duties.
b) The benefits may include

• helping directors to meet their legal responsibilities. Very often main boards spend very
little time on reviewing the financial statements. An audit committee could spend the time
on completing this task in depth;
• enabling non-executive directors to become deeply involved in the company's affairs;
• the audit committee can review the financial statements objectively. This may improve the
quality of financial reporting and improve public confidence;
• The audit function may become more independent as there will be a quasi-independent
body between the board and the auditors. It may paradoxically improve communications
between auditor and board;
• Improvement in the quality of the accounting and auditing functions. A continuous review
of the functions of financial management and internal and external audit will inevitably
result in higher status to the practitioners and superior performance.
c) Some of the arguments against the formation of Audit Committees
• Audit committees would split the board;

• Audit committees would pre-empt (and hence delay the coming) of two-tier boards (which
is the European practice);
• Audit committees would create conflicts within companies;
• Audit committees would encroach on management's responsibilities;
• Audit committees would be a talking shop with no real power;
• There are not enough non-executive directors;
• Audit committees would take too much time and cost too much;
• Audit committees would be least effective in companies which need them most (e.g.
companies dominated by ambitious and unscrupulous entrepreneurs).
• The production of financial statements may be delayed.
www.mdarasa.com
+254708068851

mDarasa Resources
d) Detailed matters to be considered by the Chairman of a new audit committee

• Ensuring the committee has the full backing of the board;
• The precise constitution and program of the committee;
• Adequate resources (secretarial, communication, time etc must be made available);
• The correct number of members. Three to five is probably optimal;
• Membership - probably but not essentially non-executive;
• His own role as chairman;
• The frequency of meetings;
• The establishment of agendas;
• The establishment of administrative arrangement - calling meetings, involving other
people, auditors, managers etc. taking minutes;
• The dissemination of findings to the offers responsible for changes consequent upon the
findings.
• The relationships required with the main board, external audit, internal audit, financial
managers etc.
• any publicity requirements.
Corporate governance is the system by which organisations are directed and controlled. It
encompasses the relationship between the board of directors, shareholders and other
stakeholders, and the effects on corporate strategy and performance. Corporate governance is
important because it looks at how these decision makers act, how they can or should be
monitored, and how they can be held to account for their decisions and actions.
The published audited financial statements and related information are therefore of key
importance. They will usually be the main information set to which shareholders and other
stakeholders have access and this is why having credible financial statements supported by the
auditor’s opinion is crucial.
The main principles of the Corporate Governance Code

The Code comprises five sections, each containing main principles:
Leadership
Every company should be headed by an effective board which is collectively responsible for the
long-term success of the company, and should lead and control the company’s operations.
There should be a clear division of responsibilities at the head of the company, which will ensure
a balance of power and authority, such that no one individual has unfettered powers of decision.
www.mdarasa.com
+254708068851

mDarasa Resources
Non-executive directors should constructively challenge and help develop proposals on strategy.
The board should include a balance of executive and non-executive directors such that no
individual or small group of individuals can dominate the board’s decision taking.
Effectiveness
The board and its committees should have the appropriate balance of skills, experience,
independence and knowledge of the company to enable them to discharge their respective duties
and responsibilities effectively.
There should be a formal, rigorous and transparent procedure for the appointment of new
directors to the board. All directors should receive induction on joining the board and should
regularly update and refresh their skills and knowledge.
All directors should be submitted for re-election at regular intervals, subject to continued
satisfactory performance.
Accountability
The board should present a balanced and understandable assessment of the company’s position
and prospects. For UK companies, this is also required by the Companies Act 2006, which
requires that the directors disclose a business review as part of the directors’ report to be
included in the financial statements.
The board should maintain sound risk management and internal control systems. The board
should establish formal and transparent arrangements for considering how they should apply the
corporate reporting and risk management and internal control principles and for maintaining an
appropriate relationship with the company’s auditor.
Remuneration
Levels of remuneration should be sufficient to attract, retain and motivate directors of the quality
required to run the company successfully, but a company should avoid paying more than is
necessary for this purpose. A significant proportion of executive directors’ remuneration should
be structured so as to link rewards to corporate and individual performance.
Relations with shareholders

There should be a dialogue with shareholders based on the mutual understanding of objectives.
The board as a whole has responsibility for ensuring that a satisfactory dialogue with
shareholders takes place. The board should use the Annual General Meeting to communicate
with investors and to encourage their participation.
www.mdarasa.com
+254708068851

mDarasa Resources
The role of audit committees

The audit committee is such an important part of corporate governance that it is the subject of its
own guidance document in the UK, the Financial Reporting Council’s Guidance on Audit
Committees. The audit committee should be made up of at least three independent non-executive
directors, one of whom should have recent and relevant financial experience. The committee has
many roles, including several that are specifically related to the external auditor, which are
discussed below.
Review of published financial information

The audit committee should monitor the integrity of the company’s financial statements and any
formal announcements relating to the company’s performance. Significant financial reporting
judgements should be specifically reviewed. This means that committee members should
scrutinise all published financial information, and question and be ready to challenge the finance
director and external auditors on any contentious matters arising.
Systems and controls

The audit committee members have responsibility to review the company’s internal financial
controls and systems, and the risk management systems, unless there is a separate risk
committee.
Most large companies have an internal audit function, in which case the audit committee should
extend its monitoring role to include that function, including the evaluation of the effectiveness
of that function.
Where there is no internal audit function, the audit committee should consider annually whether
there is a need for internal audit and make a recommendation to the board, and the reasons for
the absence of such a function should be explained in the relevant section of the annual report.
Fraud prevention and detection

Finally, the audit committee plays a part in fraud prevention and detection in that whistleblowing
arrangements should be made so that staff of the company may raise concerns about possible
improprieties in respect of financial reporting matters.
INTERNAL AUDIT FUNCTION

It is the responsibility of management and those charged with governance to prevent and detect
www.mdarasa.com
+254708068851

mDarasa Resources
fraud,
in this respect, internal auditors may have a role to play.
Internal audit has two key roles to play in relation to organisational risk management:
- Ensuring the company's risk management system operates effectively
- Ensuring that strategies implemented in respect of business risks operate effectively
The role of internal audit

The internal audit department has a two-fold role in relation to risk management.
 It monitors the company's overall risk management policy to ensure it operates effectively.
 It monitors the strategies implemented to ensure that they continue to operate effectively.
As a significant risk management policy in companies is to implement internal controls, internal

audit has a key role in assessing systems and testing controls.
Internal audit may assist in the development of systems. However, its key role will be in
monitoring the overall process and in providing assurance that the systems which the
departments have designed meet objectives and operate effectively.
It is important that the internal audit department retains its objectivity towards these aspects of its
role,
which is another reason why internal audit would generally not be involved in the assessment of
risks and the design of the system.
Responsibility for fraud and error

It is the responsibility of management and those charged with governance to prevent and detect
fraud, and in this respect, internal auditors may have a role to play
Limitations of the internal audit function

Although the presence of an internal audit department within an organisation is indicative of
good internal control, by its very nature, there are some limitations of the internal audit function.
Internal auditors are employed by the organisation and this can impair their independence and
objectivity and ability to report fraud/error to senior management because of perceived threats to
their continued employment within the company.
To ensure transparency, best practice indicates that the internal audit function should have a dual
reporting relationship, i.e. report both to management and those charged with governance (the
www.mdarasa.com
+254708068851

mDarasa Resources
audit committee). If this reporting structure is not in place, management may be able to unduly
influence the internal audit plan, scope, and whether issues are reported appropriately.
This results in a serious conflict, limits the scope and compromises the effectiveness of the
internal audit function.
Internal auditors are not required to be professionally qualified (as accountants are) and so there
may be limitations in their knowledge and technical expertise
Factors necessitating growth in Internal Audit

1. Increase in size of business
As businesses grow in size and increase the level of operations it becomes necessary to have a
function that over looks the all the internal controls that have been put in place.
2. Dynamic business
Due to changes in technology a number of companies have become so dynamic such that their
controls are updated on a continuous basis and this calls for constant feed back on those controls
that necessitate updating. This meant that, to cope with these demands companies had to
improvise and use expert advice, which was available from the Internal Auditor.
3. Legislation and regulatory requirements

As the concept of corporate governance gains roots in business management, the need for
internal audit is increasing. The function is looked plays a critical role in ensuring that
management has put in place adequate systems of internal controls. Companies are now required
to have audit committees to overlook the operation of controls within the organizations. The
internal auditor reports to the audit committee.
4. Competition
Under perfect competition companies can only survive if they are operationally efficient and this
calls for stronger controls and cost effectiveness.
5. Evolution of IT
Of late many companies have computerised their operations and controls. There is need therefore
for continuous review of the operation of controls over these computerized systems.
USING THE WORK OF INTERNAL AUDITORS

International Standard on Auditing (ISA) 610 (Revised),Using the Work of Internal Auditors
This International Standard on Auditing (ISA) deals with the external auditor’s responsibilities if
using the work of the internal audit function in obtaining audit evidence.
Relationship between the Internal Audit Function and the External Auditor
www.mdarasa.com
+254708068851

mDarasa Resources
The objectives of the internal audit function are determined by management and, where
applicable, those charged with governance. While the objectives of the internal audit function
and the external auditor are different, some of the ways in which the internal audit function and
the external auditor achieve their respective objectives may be similar.
Irrespective of the degree of autonomy and objectivity of the internal audit function, such
function is not independent of the entity as is required of the external auditor when expressing an
opinion on financial statements. The external auditor has sole responsibility for the audit opinion
expressed, and that responsibility is not reduced by the external auditor’s use of the work of the
internal auditors.
Objectives of the external auditor

The objectives of the external auditor, where the entity has an internal audit function that the
external auditor has determined is likely to be relevant to the audit, are:
a) To determine whether, and to what extent, to use specific work of the internal auditors; and
b) If using the specific work of the internal auditors, to determine whether that work is
adequate for the purposes of the audit.
Using Specific Work of the Internal Auditors

- In order for the external auditor to use specific work of the internal auditors, the external
auditor shall evaluate and perform audit procedures on that work to determine its adequacy
for the external auditor’s purposes.
- To determine the adequacy of specific work performed by the internal auditors for the
external auditor’s purposes, the external auditor shall evaluate whether:
a) The work was performed by internal auditors having adequate technical training and
proficiency;
b) The work was properly supervised, reviewed and documented;
c) Adequate audit evidence has been obtained to enable the internal auditors to draw
reasonable conclusions;
d) Conclusions reached are appropriate in the circumstances and any reports prepared by the
internal auditors are consistent with the results of the work performed; and
e) Any exceptions or unusual matters disclosed by the internal auditors are properly
resolved.
Documentation
If the external auditor uses specific work of the internal auditors, the external auditor shall
include in the audit documentation the conclusions reached regarding the evaluation of the
adequacy of the work of the internal auditors, and the audit procedures performed by the external
auditor on that work.
www.mdarasa.com
+254708068851

mDarasa Resources
Scope of this ISA {International Standard on Auditing (ISA) 610 (Revised), Using the Work of
Internal Auditors}
- The entity’s internal audit function is likely to be relevant to the audit if the nature of the
internal audit function’s responsibilities and activities are related to the entity’s financial
reporting, and the auditor expects to use the work of the internal auditors to modify the
nature or timing, or reduce the extent, of audit procedures to be performed.
- Carrying out procedures in accordance with this ISA may cause the external auditor to re-
evaluate the external auditor’s assessment of the risks of material misstatement.
Consequently, this may affect the external auditor’s determination of the relevance of the
internal audit function to the audit.
- Similarly, the external auditor may decide not to otherwise use the work of the internal
auditors to affect the nature, timing or extent of the external auditor’s procedures. In such
circumstances, the external auditor’s further application of this ISA may not be necessary.
Objectives of the Internal Audit Function

The objectives of internal audit functions vary widely and depend on the size and structure of the
entity and the requirements of management and, where applicable, those charged with
governance. The activities of the internal audit function may include one or more of the
following:
 Monitoring of internal control. The internal audit function may be assigned specific
responsibility for reviewing controls, monitoring their operation and recommending
improvements thereto.
 Examination of financial and operating information. The internal audit function may be
assigned to review the means used to identify, measure, classify and report financial and
operating information, and to make specific inquiry into individual items, including
detailed testing of transactions, balances and procedures.
 Review of operating activities. The internal audit function may be assigned to review the
economy, efficiency and effectiveness of operating activities, including non-financial
activities of an entity.
 Review of compliance with laws and regulations. The internal audit function may be
assigned to review compliance with laws, regulations and other external requirements,
and with management policies and directives and other internal requirements.
 Risk management. The internal audit function may assist the organization by identifying
and evaluating significant exposures to risk and contributing to the improvement of risk
management and control systems.
 Governance. The internal audit function may assess the governance process in its
accomplishment of objectives on ethics and values, performance management and
www.mdarasa.com
+254708068851

mDarasa Resources
accountability, communicating risk and control information to appropriate areas of the
organization and effectiveness of communication among those charged with governance,
external and internal auditors, and management.
Determining Whether and to What Extent to Use the Work of the Internal Auditors
Whether the Work of the Internal Auditors is likely to be Adequate for Purposes of the
Audit
Factors that may affect the external auditor’s determination of whether the work of the internal
auditors is likely to be adequate for the purposes of the audit include:
Objectivity
 The status of the internal audit function within the entity and the effect such status has on the
ability of the internal auditors to be objective.
 Whether the internal audit function reports to those charged with governance or an officer
with appropriate authority, and whether the internal auditors have direct access to those
charged with governance.
 Whether the internal auditors are free of any conflicting responsibilities.
 Whether those charged with governance oversee employment decisions related to the internal
audit function.
 Whether there are any constraints or restrictions placed on the internal audit function by
management or those charged with governance.
 Whether, and to what extent, management acts on the recommendations of the internal audit
function, and how such action is evidenced.
Technical competence
 Whether the internal auditors are members of relevant professional bodies.
 Whether the internal auditors have adequate technical training and proficiency as internal
auditors.
 Whether there are established policies for hiring and training internal auditors.
Due professional care

 Whether activities of the internal audit function are properly planned, supervised, reviewed
and documented.
 The existence and adequacy of audit manuals or other similar documents, work programs and
internal audit documentation.
Communication
Communication between the external auditor and the internal auditors may be most effective
when the internal auditors are free to communicate openly with the external auditors, and:
www.mdarasa.com
+254708068851

mDarasa Resources
 Meetings are held at appropriate intervals throughout the period;

 The external auditor is advised of and has access to relevant internal audit reports and is
informed of any significant matters that come to the attention of the internal auditors when
such matters may affect the work of the external auditor; and
 The external auditor informs the internal auditors of any significant matters that may affect
the internal audit function.
Planned Effect of the Work of the Internal Auditors on the Nature, Timing or Extent of the
External Auditor’s Procedures
Where the work of the internal auditors is to be a factor in determining the nature, timing or
extent of the external auditor’s procedures, it may be useful to agree in advance the following
matters with the internal auditors:
 The timing of such work;
 The extent of audit coverage;
 Materiality for the financial statements as a whole (and, if applicable, materiality level or
levels for particular classes of transactions, account balances or disclosures), and
performance materiality;
 Proposed methods of item selection;
 Documentation of the work performed; and
 Review and reporting procedures.
The nature, timing and extent of the audit procedures performed on specific work of the internal
auditors will depend on the external auditor’s assessment of the risk of material misstatement,
the evaluation of the internal audit function, and the evaluation of the specific work of the
internal auditors. Such audit procedures may include:
 Examination of items already examined by the internal auditors;
 Examination of other similar items; and
 Observation of procedures performed by the internal auditors.
The External Auditor’s Responsibility for the Audit

The external auditor has sole responsibility for the audit opinion expressed, and that
responsibility is not reduced by the external auditor’s use of the work of the internal audit
function on the engagement. Although the function may perform audit procedures similar to
those performed by the external auditor, neither the internal audit function nor the internal
auditors are independent of the entity as is required of the external auditor in an audit of financial
statements in accordance with ISA 200.
www.mdarasa.com
+254708068851

mDarasa Resources
This ISA, therefore, defines the conditions that are necessary for the external auditor to be able to
use the work of internal auditors. It also defines the necessary work effort to obtain sufficient
appropriate evidence that the work of the internal audit function is adequate for the purposes of
the audit. The requirements are designed to provide a framework for the external auditor’s
judgments regarding the use of the work of the internal audit function to prevent over or undue
use of such work.
Objectives
The objectives of the external auditor, where the entity has an internal audit function and the
external auditor expects to use the work of the function to modify the nature or timing, or reduce
the extent, of audit procedures to be performed directly by the external auditor are:
a) To determine whether the work of the internal audit function can be used, and if so, in which
areas and to what extent; and having made that determination:
b) If using the work of the internal audit function, to determine whether that work is adequate
for purposes of the audit.
Determining Whether, in Which Areas, and to What Extent the Work of the Internal Audit
Function Can Be Used
Evaluating the Internal Audit Function

The external auditor shall determine whether the work of the internal audit function can be used
for purposes of the audit by evaluating the following:
a) The extent to which the internal audit function’s organizational status and relevant policies
and procedures support the objectivity of the internal auditors;
b) The level of competence of the internal audit function; and
c) Whether the internal audit function applies a systematic and disciplined approach, including
quality control.
The external auditor shall not use the work of the internal audit function if the external auditor
determines that:
a) The function’s organizational status and relevant policies and procedures do not adequately
support the objectivity of internal auditors;
b) The function lacks sufficient competence; or
c) The function does not apply a systematic and disciplined approach, including quality control.
As a basis for determining the areas and the extent to which the work of the internal audit
function can be used, the external auditor shall consider the nature and scope of the work that has
been performed, or is planned to be performed, by the internal audit function and its relevance to
the external auditor’s overall audit strategy and audit plan.
www.mdarasa.com
+254708068851

mDarasa Resources
The external auditor shall make all significant judgments in the audit engagement and, to prevent
undue use of the work of the internal audit function, shall plan to use less of the work of the
function and perform more of the work directly:
(a) The more judgment is involved in:
i) Planning and performing relevant audit procedures; and
ii) Evaluating the audit evidence gathered;
(b) The higher the assessed risk of material misstatement at the assertion level, with special
consideration given to risks identified as significant;
(c) The less the internal audit function’s organizational status and relevant policies and
procedures adequately support the objectivity of the internal auditors; and
(d) The lower the levels of competence of the internal audit function.
- The external auditor shall also evaluate whether, in aggregate, using the work of the internal
audit function to the extent planned would still result in the external auditor being sufficiently
involved in the audit, given the external auditor’s sole responsibility for the audit opinion
expressed.
- The external auditor shall, in communicating with those charged with governance an
overview of the planned scope and timing of the audit communicate how the external auditor
has planned to use the work of the internal audit function.
- If the external auditor plans to use the work of the internal audit function, the external auditor
shall discuss the planned use of its work with the function as a basis for coordinating their
respective activities.
- The external auditor shall read the reports of the internal audit function relating to the work
of the function that the external auditor plans to use to obtain an understanding of the nature
and extent of audit procedures it performed and the related findings.
- The external auditor shall perform sufficient audit procedures on the body of work of the
internal audit function as a whole that the external auditor plans to use to determine its
adequacy for purposes of the audit, including evaluating whether:
a) The work of the function had been properly planned, performed, supervised, reviewed
and documented;
b) Sufficient appropriate evidence had been obtained to enable the function to draw
reasonable conclusions; and
c) Conclusions reached are appropriate in the circumstances and the reports prepared by the
function are consistent with the results of the work performed.
- The nature and extent of the external auditor’s audit procedures shall be responsive to the
external auditor’s evaluation of:
www.mdarasa.com
+254708068851

mDarasa Resources
a) The amount of judgment involved;
b) The assessed risk of material misstatement;
c) The extent to which the internal audit function’s organizational status and relevant
policies and procedures support the objectivity of the internal auditors; and
d) The level of competence of the function and,
e) Shall include performance of some of the work.
- The external auditor shall also evaluate whether the external auditor’s conclusions
regarding the internal audit function and the determination of the nature and extent of use
of the work of the function for purposes of the audit
Documentation
If the external auditor uses the work of the internal audit function, the external auditor shall
include in the audit documentation:
(a) The evaluation of:
i) Whether the function’s organizational status and relevant policies and procedures
adequately support the objectivity of the internal auditors;
ii) The level of competence of the function; and
iii) Whether the function applies a systematic and disciplined approach, including quality
control;
(b) The nature and extent of the work used and the basis for that decision; and
(c) The audit procedures performed by the external auditor to evaluate the adequacy of the work
used.
The objectives and scope of internal audit functions typically include assurance and consulting
activities designed to evaluate and improve the effectiveness of the entity’s governance
processes, risk management and internal control such as the following:
COMPUTERIZED INFORMATION SYSTEMS

The following areas have been covered below;
i) Introduction to Computer Accountancy Systems.

ii) Introduction to Computers and the way they process data.
iii) Programs & operating Systems.
iv) Introduction to Computer Control.
v) Auditing in a Computerized Environment.
vi) The auditor’s Approach
www.mdarasa.com
+254708068851

mDarasa Resources
vii) Auditing around the computer
viii) Auditing through the computer
ix) Real time and on-line Systems
Industry context
With the current trend in technological changes auditors need to be updated in system use to
make their work easier. This means that the auditor has to device new means of carrying out an
audit in a computerized environment. He also needs to understand how the controls work in such
a system.
KEY TERMS
Transaction Files: Are the equivalent of journals such as the sales journal or the purchases
journal or the cashbook.
Programs are the instructions telling the computer how each type of transaction is to be
processed.
Test data are designed to test the performance of the clients programs.
Exam Context
As the world embraces the emerging technological changes, so does the audit profession.
Bearing this in mind, questions bordering on the application of information technology will be
common in the exam. The questions that are likely to appear are the ones that deal with the
impact Information technology has had on audit.
Introduction
In the business environment today and in today’s world, there has been an irreversible push for
companies to automate their systems and their way of doing business so as to be competitive.
The push for companies to embrace the new technological changes has come with new
challenges for the audit environment. Unlike before where most systems were manual and the
procedures carried out by the auditor’s were tailor made for them, most company systems today
are automated. This means that the auditor has to device new means of carrying out an audit in a
computerized environment. He also needs to understand how the controls work in such a system.
www.mdarasa.com
+254708068851

mDarasa Resources
In the chapter below, all this is covered so that the student can be able to understand and
appreciate the challenges and the gains in auditing in a computerized environment.
A computer system requires procedures to;
 Convert data to machine readable form.

 Input data into the computer.
 Process data.
 Store data in machine readable form.
 Convert data into desired output form.
For these procedures to be undertaken, a mixture of hardware and software is needed. The
hardware will consist of;
i) Input devices. These include keyboards, optical readers, and bar code scanners.
ii) Processing devices. These are the computers themselves. i.e. CPU
iii) Storages devices include hard disk, diskettes and magnetic tapes.
iv) Output devices. These include the visual display unit (VDU) and printers.
The computer software consists of programs and operating systems.
Programs are the instructions telling the computer how each type of transaction is to
beprocessed. These instructions include routines of checking and controlling data, matching data
with master files and performing mathematical operations on data. E.g. for sales transactions,
matching routines will enable the computer to identify the right sales price from the sales master
file and the right customer from debtors master file. Mathematical routines will include
calculating the total debtor’s amount and updating customer’s balance in the debtors’ master file.
Operating system relates to a series of related programs to provide instructions as to what files
are required to be on-line, what output devices are required to be ready and what additional file
need to be created for further processing. E.g. with a batch of sales transactions, the sales price
file and debtor’s file need to be on-line. The printer must be loaded with blank invoice forms and
the totals must be retained for posting to the sales and debtors control accounts in the general
ledger master file.
An operating system will provide details of further processing runs within the system. So, for
example, in sales these will include updating the general ledger, processing cash receipts and
credit notes to the debtor’s file, printing out monthly statements and printing out analysis of due
accounts for credit control purposes.
In a batch processing system, the operating system may consist of a set of instructions provided
to the operator but increasingly the operating system is part of the computer software such
www.mdarasa.com
+254708068851

mDarasa Resources
thatwith real time system, the computer identifies source of an incoming signal and
automaticallyprocesses that transaction using the appropriate programs and the right file.
COMPUTER FILES
These are equivalent of books and records in a manual system and are described as either
transaction files or master files.
a) Transaction files.
These are equivalent of journal such as sales journal, the purchases journal or the cash book.
They contain details of individual transactions, but unlike books, a transaction file is not a
cumulative record. A separate file is set up for each batch. Thus in real time systems, a
transaction file is not necessary, but good systems will always create a transaction file for control
purposes to provide a security back up, incase of errors or computer malfunctions during
processing data to master file.
b) Master files.
These contain what is referred as standing data. They may be the equivalent of ledgers but may
also contain semi permanent data needed to process transactions. E.g. a debtor’s master file the
equivalent of debtor’s ledger but will also include data that in a manual system may be kept
separately such as invoicing address, discount terms and credit limits, even non accounting data
as cumulative sales to specific customers.
When master files are updated by processing them against a transaction file, the entire contents
of the file are usually re-written in a separate location so that after processing, the two files can
be compared and the difference agreed to the total of the transaction file. Any errors in updating
the master file will thus be detected and the process repeated. In practice, the old copy of the
master file and transaction file will be retained until the master file is updated again. This is the
grandfather-father-son approach. If the current master file is corrupted or lost due to machine or
operator error, previous versions provide back up from which the master file can be re-created.
Master files holding semi permanent data would in the case of debtor’s system include current
sales price list and in the case of personnel department, a personnel file giving details of wage
rates, authorized deductions and cumulative record of amounts paid to date for purpose of
providing tax certificates.
A special class of transactions includes those of amending standing data held in master files such
as sales price or wage rate. These transactions require special consideration because an error in
such data held in a master file will cause errors in all transactions processed against the master
www.mdarasa.com
+254708068851

mDarasa Resources
file. E.g. an item priced erroneously in sales price list will mean all sales will be charged to
customers at the wrong price.
Real time and on-line systems
Traditional batch processing has the advantage that the data can be subjected to checks for
validity, accuracy and completeness before it is processed. But for organizations that need
information on strict time scale, this type of processing is unacceptable. This has led to the
development of on-line and real time systems and the number is growing particularly in airline
offices, banks and other financial institutions. The auditor’s duties do not change but his audit
techniques must change.
The key features of these systems are that they are based on the use of a remote terminal which is
just a VDU and a keyboard. These terminals will be scattered within the user department and
have access to the central computer store. The problem for the auditor arises from the fact that
master files held in the central computer store may be read and updated by the remote terminals
without an adequate audit trail. Necessary precautions have to be made therefore to ensure that
these terminals are used in a controlled way by authorized personnel only.
The security techniques include;
- Hardware constraints e.g. necessitating the use of a key of magnetic strip badge or card to
engage a terminal or placing the terminal in allocation to which access is carefully restricted
and which is constantly monitored by closed circuit television surveillance systems.
- The allocation of identification numbers to authorized terminal operators. With or without
the use of passwords, these are checked by the main frame computer against stored records of
authorized numbers or passwords.
- Using operator characteristics such as voice, fingerprints and hand geometry (finger length
ratios) as a means of identification by the mainframe computer.
- Restricting the access to particular programs or master files in the mainframe computer to
designated terminals.
- In top security systems, the authority to allocate authorities such as determination of
passwords and nominating selected terminals should be restricted to senior personnel other
than intended users.
- A special file maybe maintained in the central processor which records every occasion on
which access is made by particular terminals and operators to the central programs and files.
This log will be printed out on regular basis or on request by personnel with appropriate
authority.
What differentiate on-line system from real time system is that the on-line system has a buffer
store where input data is held by the central processor before accessing the master files. This
www.mdarasa.com
+254708068851

mDarasa Resources
enables input from the remote terminals to be checked by a special scanning program before
processing commences.
With real systems however, action at the terminal causes an immediate response in the central
processor where the terminal is on-line. Security against unauthorized access and input is even
more important in real time systems because the effect of the input is that it instantaneously
updates the file held in the central processor and any edit checks on the input are likely to be
under the control of the terminal operators themselves. In view of these control problems, most
real time systems incorporate additional controls over the scrutiny of the master file.
In planning the audit, the auditor should consider how the presence of computerized information
systems may affect client’s accounting and internal control system and the conduct of the audit.
This is because computerized information systems have unique features compared to manual
systems and require inbuilt adequate controls to ensure that the accounting system can be relied
upon for complete and accurate accounting records. These features include;
- Consistency unlike manual systems. Computerized information systems will process

transactions consistently. This implies that if the system is properly programmed, the all
transactions will be processed consistently and accurately. On the other hand, if there are any
programming errors, the transactions will be consistently processed inaccurately.
- Concentration of functions and controls. In a computerized information system, few people
are involved in processing of financial information. This may compromise segregation of
duties such that persons involved in writing of programs may also be involved in processing
transactions. This increases risk of manipulation of operating programs and data. Programs
ad data are held together increasing the potential for unauthorized access and alteration.
- Computerized information systems are designed to limit paperwork. This result in less visible
evidence to support transactions processed which ultimately leads to loss of the audit trail.
- Ease of access of data and computer programs. Where there are no proper controls over
access to computers at remote terminals, there is increased danger of unauthorized access and
alteration of data and programs.
- Use of programmed controls. In a computerized environment, controls are programmed
together with data processing instructions e.g. protection of data against unauthorized access
may be by way of using passwords and user profiles that grant different levels of access to
the system. Use of programmed controls implies that the auditor must adopt an audit
approach to test effectiveness of those controls.
- System generated transactions. Many systems are capable of generating transactions
automatically without manual intervention e.g. calculation of interest from customer’s
accounts may be done and charged to income automatically. If the system set up is interfered
with, this could affect the accuracy and integrity of transactions generated.
www.mdarasa.com
+254708068851

mDarasa Resources
- Data and programs are stored in portable magnetic disks and tapes which are vulnerable to
theft and intentional or accidental alteration.
SYSTEMS AUDIT APPROACH
- The systems audit is based on the following:

- The volume of transactions in a modern company and the cost of auditing preclude the
examination and verification of every transaction followed by the summarization of the
transactions into the financial statements.
- The verification of all transactions would not in itself be sufficient because it would not give
any assurance as to the completeness of transactions.
- The systems based audit depends on reliance on systems which prevent or detect any
variation from correct processing of documents into entries in the financial records, and
hence their inclusion in the financial statements. The auditor needs to understand the system
and verify that controls are effective throughout the period under review.
INTERNAL CONTROLS IN A COMPUTERIZED ACCOUNTING SYSTEM
To mitigate the risks occasioned by the features of a computerized information system, the
management should design internal controls over the system. These controls are mainly
classified into general controls and application controls.
1. General controls.
These relate to the environment within which the computer based systems are developed,
maintained and operated aimed at providing reasonable assurance that the overall objectives of
internal controls are achieved e.g. completeness, accuracy and validity of financial information
The objective of the general controls is to ensure the proper development and implementation of
applications and the integrity of program files and information. These controls could either be
manual or programmed and are classified into;
 System development controls

 Access controls.
 Computer operations and other controls.
a) System development controls.

These relate to controls that must be exercised by the client when developing new systems or
modifying existing systems. The controls that can be exercised during systems development can
be discussed in the following groupings.
www.mdarasa.com
+254708068851

mDarasa Resources
Appropriate review testing and approval of new systems
Development of computer applications
- Standards over systems design, programming and documentation

- Full testing procedures using test data
- Approval by computer users and management
- Segregation of duties so that those responsible for design are not responsible for testing
- Installation procedures so that data is not corrupted in transition
- Training of staff in new procedures and availability of adequate documentation
The organization should set up a steering committee composed of senior management and high
level representatives of system users who should the development and implementation of the
new system.
Management should approve specifications of the new system after the steering committee has
assessed the user needs. Before the new system is commissioned for use, appropriate testing
should be carried out to ensure that both the hardware and the application programs are operating
effectively. The testing will provide assurance that the new system is reliable.
The information technology manager, user department and the appropriate management level
should give appropriate approval of new system before being placed under operation and after
reviewing completeness of system documentation and results of its testing.
General IT controls that relate to some or all applications are usually interdependent controls, i.e.
their
operation is often essential to the effectiveness of application controls. As application controls
may be
useless when general controls are ineffective, it will be more efficient to review the design of
general IT controls first, before reviewing the application controls.
Controls over program changes
Testing and documentation of program changes

- Complete testing procedures
- Documentation standards
- Approval of changes by computer users and management
- Training of staff using programs
www.mdarasa.com
+254708068851

mDarasa Resources
Program changes refer to modifications made to existing programs. Changes in the computer
system should be subject to strict controls e.g. a written request for an application program
changes should be met by user department and authorized by designated manager or committee.
Once changes have been made, appropriate testing should be carried out to ensure that the
modified system is reliable.
The system documentation should then be amended to reflect the changes and appropriate
approval obtained for the modified system to start running.
User training should also be carried out as appropriate.
Prevention or detection of unauthorised changes to programs

- Full records of program changes
- Password protection of programs so that access is limited to computer operations staff.
- Restricted access to central computer by locked doors, keypads
Maintenance of programs logs
- Virus checks on software: use of anti-virus software and policy prohibiting use of non-
authorised programs or files
- Back-up copies of programs being taken and stored in other locations
Control copies of programs being preserved and regularly compared with actual programs
- Stricter controls over certain programs (utility programs) by use of read-only memory
System documentation
This involves putting together information that supports and explains computer applications. The
documentation provides details of capability of the system and how it is operated.
System documentation is important in conducting user training and also enables the management
to effectively review the system by considering whether appropriate controls have been put in
place during system development.
Parallel running
Before switching to the new system, the whole system should be tested by running it alongside
the old system for a specified period. This is important because it provides user with the
opportunity to familiarize themselves with the new system before it is fully implemented and
ensures that the new system is reliable and data is correctly carried forward from the old to the
new system.
www.mdarasa.com
+254708068851

mDarasa Resources
b) Access controls.
The success of computerized information systems is largely dependent on the accuracy, validity
and credibility of the data processed by the system. Access controls to computer hardware,
software and data files is therefore vital.
Access controls provide assurance that only authorized individuals use the system and that the
usage is for authorized purposes only.
Access may be restricted to specified persons, files, functions or computer devices. This can be
achieved using both physical and programmed controls. Examples of access controls include;
- Physical restriction of access to computer facilities to specified persons only e.g. file servers
should be maintained in a secure location where access is granted to only specified persons.
- Controls over computers stored in the user department could be improved by making sure
that vital data on programs are not left running when the computer is left unattended.
- Passwords should be used by all staff when accessing computer facilities.
- Passwords should be changed regularly and access to password data held in a computer
system should be subject to stringent controls. This will ensure that some users do not gain
access to other people’s passwords.
- In granting user rights within the system, there should be appropriate segregation of duties to
ensure that rights granted are not excessive. e.g. a user should not have right to post data and
also make amendments on the same data.
- When designing the user rights, sensitive data and programs should only be accessible to few
individuals. In other cases, some files should be designed as ‘read only’ to avoid
unauthorized amendments.
- Programs and data that do not need to be online should be stored in secure locations.
- A system’s access log to record all attempts to log in the system should be maintained.
This would record name of user, data accessed or entered, time of log in and mode of access.
- When transmitting data over communication lines, it should be encrypted to make it difficult
for persons with access to communication lines from being able to modify the contents.
- There should be automatic log off i.e. the disconnection of active data terminal to prevent
viewing of sensitive data on unattended terminals.
Controls to ensure continuity of operation
- Storing extra copies of programs and data files off-site
- Protection of equipment against fire and other hazards
- Back-up power sources
- Disaster recovery procedures e.g. availability of back-up computer facilities.
- Maintenance agreements and insurance
www.mdarasa.com
+254708068851

mDarasa Resources
The auditors will wish to test some or all of the above general IT controls, having considered
how they affect the computer applications significant to the audit.
c) Computer operations and other controls.

The organization should have a reconstruction or disaster recovery plan that will allow it to
regenerate important programs and data files incase of disasters or accidental destructions.
The recovery plan should create back up or duplicate copies of important data files and programs
which should be stored off site.
The recovery plan should also be tested on regular basis to ensure that it indeed works. Other
issues that should be addressed include:
- Undertaking protection measures against natural disasters such as setting up computer rooms
in areas protected from floods and fitted with smoke or fire detectors.
- There should be standby equipment to revert to incase of computer breakdown.
There should be adequate virus detection. Procedures for dealing with virus infection are.
- Establishing a formal security policy which requires only clean and certified copies of
software are installed and checking data introduced from external sources for viruses.
- The company can also install antivirus software.
- Clean back up should be maintained and there should be adequate segregation of duties such
that people with powers and knowledge in making amendments to the application programs
should not have the responsibility for initiation and processing transactions and even making
amendments to existing data.
Controls to prevent wrong programs or files being used
- Operation controls over programs
- Libraries of programs
- Proper job scheduling
Application control
The purpose of application controls is to establish specific control procedures over the
accounting
applications in order to provide reasonable assurance that all transactions are authorised and
recorded,
and are processed completely, accurately and on a timely basis. Application controls include the
following.
The objective of application controls which may be manual or programmed is to ensure

completeness and accuracy of accounting records and the validity of transactions processed.
www.mdarasa.com
+254708068851

mDarasa Resources
Application controls are therefore important in providing assurance that all transaction are
recorded on timely basis and that only valid transactions are captured by the system. Application
controls are divided into;
1. Input controls.
2. Processing controls.
3. Output controls
4. Controls over master files and standby data
However, some of the controls management implement would cut across the four categories
mentioned above. E.g. some edit checks could provide comfort over the completeness and
accuracy of the input data by the way the data is processed and output information obtained and
also provide protection over standby data.
Input controls.
Most errors in data processed by computerized information systems can be traced to errors made
when the data was being input into the system. Controls over input fulfill the following
objectives.
- Completeness of input. This ensures that all transactions that took place have been processed.
- Accuracy. This ensures that the recorded transactions have been captured accurately.
- Validity. This ensures that only valid or genuine transactions appropriately authorized have
been
- Recorded. It also ensures credibility and reliability of recorded transactions.
Control over input: completeness
- Manual or programmed agreement of control totals
- Document counts
- One-to-one checking of processed output to source documents
- Programmed matching of input to an expected input control file
- Procedures over resubmission of rejected controls
Control over input: Accuracy
Programmes to check data fields (for example value, reference number, date) on input
transactions for plausibility:
 Digit verification (e.g. reference numbers are as expected)

 Reasonableness test (e.g. sales tax to total value)
 Existence checks (e.g. customer name)
 Character checks (no unexpected characters used in reference)
www.mdarasa.com
+254708068851

mDarasa Resources
 Necessary information (no transaction passed with gaps)

 Permitted range (no transaction processed over a certain value)
Manual scrutiny of output and reconciliation to source

Agreement of control totals (manual/programmed)
Controls over input: authorisation

Manual checks to ensure information input was:
 Authorised
 Input by authorised personnel
Controls over processing

- Similar controls to input must be in place when input is completed example, batch
reconciliations.
- Screen warnings can prevent people logging out before processing; complete
- Controls over master files and standing data
To achieve the above objectives the most common types of input controls that management can
implement are called edit controls and examples include:
Field checks - These controls check that all data fields required to process the transactions have
been filled with correct information. The controls also ensure accuracy of processed data and its
completeness because transactions cannot be properly processed if necessary data is missing.
Valid character checks-These check that data fields are filled with data of the correct type. E.g.
that amounts column is filled with numerical variables. This also ensures correctness of input
data.
Reasonableness or limit checks - These verify that data falls within predetermined reasonable
limits. E.g. if the authorized discount is 10%, the system would seek to verify that no customer is
awarded discounts beyond this limit without approved authorization. These controls ensure
accuracy and validity of the input data.
Master file checks - These verify that the codes used in processing transactions match with
those from master files. E.g. that customer identification code keyed in matches with what is on
sales master file.
These controls ensure that data is processed against correct master file.
Document count - This agrees number of input records if what is expected as per batch control.
www.mdarasa.com
+254708068851

mDarasa Resources
This control ensures that all transactions are processed.
Sign checks-These ensure that data has been keyed in with correct arithmetic sign. E.g. a
positive sign for debit entry and a negative sign for credit entry. The objective is to check
validity and accuracy of the processed data.
Zero balance checks - These verify that for every transaction process, debit entries equal
creditentries and any mismatches found are reported through an exception report. This control
ensuresaccuracy of input data.
Other input controls include;
Generation of exception reports to capture transactions that have been rejected for failing various
control checks.
Measures to ensure that the reasons behind rejected transactions are investigated and corrective
action taken.
There may be need for manual controls to for instance, a check to reveal that all purchase orders
have been appropriately authorized before a transaction is submitted for processing.
Processing controls
These controls seek to ensure that transactions are processed by the right programs and against
the correct master files. They also seek to ensure that data is not lost, duplicated or altered during
processing and that errors are identified ad corrected.
Some of the controls in input could help in meeting the above objectives of processing controls.
In addition to those, processing controls include;
Physical file identification procedures -This is in form of labels which are physically attached
to files or diskettes to ensure right files are used during processing of transactions.
Sequence tests over pre-numbered documents-This ensures that all transactions are being
processed. Comparing the contents in files before and after processing a transaction to ensure
that the expected processing results have been achieved.
Zero balance checks that add up debits and credits of the transactions posted to ensure that the
result is zero as an indication that double entry has been completed.
An audit trail should be created through use of input and output control logs and maintenance of
transaction listing. This trail will facilitate an attempt to trace a transaction as a way of verifying
that it has been correctly processed.
www.mdarasa.com
+254708068851

mDarasa Resources
Output controls.
These are necessary to ensure that:
- Expected reports are received from input data processed.

- Results of processing are accurate.
- Output is distributed to appropriate users promptly.
Controls over output include;
- Matching and agreeing output information to the input data e.g. for input data related
tojournal processed to create an additional provision for bad and doubtful debts, one
maywant to compare or match the balance appearing in the ledger after the transaction
isprocessed as a way of verifying that output matches the input.
- Noting distribution of all output information to verify that this information is accessible
toand is distributed to the list of authorized users only.
- Error listing or exception reports should be generated on a daily basis and reviewed byan
independent person to ensure that the transactions summarized in these reports
areinvestigated and where appropriate resubmitted for processing.
If, in addition to manual controls exercised by the user, the controls to be tested use information
produced by the computer or are contained within computer programs, such controls may be
tested by examining the system's output using either manual procedures or computers. Such
output may be in the form of magnetic media, microfilm or printouts. Alternatively, the auditor
may test the control by performing it with the use of computers.
Others include
- Similar controls to input must be in place when input is completed, for example, batch
reconciliations.
- Screen warnings can prevent people logging out before processing is complete
- Cyclical reviews of all master files and standing data
- Record counts (number of documents processed) and hash totals (for example, the total of all
the payroll numbers) used when master files are used to ensure no deletions
- Controls over the deletion of accounts that have no current balance
- Controls over input, processing, data files and output may be carried out by IT personnel,
users of the system, a separate control group and may be programmed into application
software. The auditors may wish to test the following application controls.
Cyclical reviews of all master files and standing data
Standing data refers to the data that is required during processing of the transactions but which
does not vary or change with every transaction. E.g. customer details such as name and address
do not change with every transaction although they are required in processing every transaction
with the customer.
www.mdarasa.com
+254708068851

mDarasa Resources
Controls over master files and standing data are aimed at ensuring completeness, accuracy and
credibility of the information maintained. These controls include;
- Restrictive access to standing data and ensuring that only few individuals have the user rights
within the system to make adjustments to the standing data.
- Before any changes are made to the standing data, appropriate authorization should be
obtained. E.g. before any changes are made on selling prices in the master file, appropriate
authorization should be obtained from the responsible officials.
- Once amendments have been made on standing data, a print out should be obtained from the
system such that an independent person can verify that the correct amendments have been
made.
- Where necessary, the organization should print out all the standing data and an independent
check be carried out to verify that this data is accurate and complete.
- An exception report should be generated on a regular basis providing details of any
unauthorized amendments made on standing data.
- One-to-one checking
- Record counts (number of documents processed) and hash totals (for example, the total of all
the payroll numbers) used when mast; files are used to ensure no deletions
- Controls over the deletion of accounts that have no current balance
- Controls over input, processing, data files and output may be carried out by IT personnel
users of the system, a separate control group and may be programmed into application
software. The auditors may wish to test the following application controls.
Testing the internal controls in a computerized environment
The auditor tests the internal controls when he wishes to place reliance on the controls to
determine whether the accounting records are reliable.
A computerized information system may differ from a manual system by having both manual
and programmed controls. The manual controls are tested in exactly the same way as in a manual
system. The programmed controlled in the following ways:
- By examination of exception reports and rejection reports. But there is no assurance that the
items on the exception reports were the only exceptions or that they actually met the
parameters set by the management. The auditor must seek for ways to test the performance of
the programs by auditing.
- Use of CAATs (computer assisted audit techniques). Test data is mainly applied intesting
computerized information systems.
Programmed control procedures
In the case of certain computer systems, the auditor may find that it is not possible or, in some
cases, not practical to test controls by examining only user controls or the system's output. The
www.mdarasa.com
+254708068851

mDarasa Resources
auditor may
consider performing tests of control by using computers, reprocessing transaction data or, in
unusual situations, examining the coding of the application program.
As we have already noted, general IT controls may have a pervasive effect on the processing of
transactions in application systems. If these general controls are not effective, there may be a risk
that
misstatements occur and go undetected in the application systems. Although weaknesses in
general IT
controls may preclude testing certain IT application controls, it is possible that manual
procedures
exercised by users may provide effective control at the application levelfocus
The examiner expects you to be comfortable with a computerised scenario so it's important that
you
understand the use of IT controls within an organisation.
Summary
 The auditors must understand the accounting system and control environment in order to
determine their audit approach.
 The auditors shall assess the adequacy of the systems as a basis for the financial statements
and shall identify risks of material misstatements to provide a basis for designing and
performing further audit procedures.
 The auditors must keep a record of the client's systems which must be updated each year.
This can be done through the use of narrative notes, flowcharts, questionnaires or checklists.
 If the auditors believe the system of controls is strong, they may choose to test controls to
assess whether they can rely on the controls having operated effectively.
 There are special considerations for auditors when a system is computerised. IT controls
comprise
general and application controls.
Substantive tests in computerized environment

Substantive testing of computer records is possible and necessary. The extent depends on the
degree of reliance the auditor has placed on the internal controls. Substantive testing includes
two basic approaches both of which would be used.
Manual testing techniques

If manual controls exercised by the user of the application system are capable of providing
reasonable assurance that the system's output is complete, accurate and authorised, the auditors
www.mdarasa.com
+254708068851

mDarasa Resources
may decide to limit tests of control to these manual controls.
- Review of exception reports. The auditor attempts to confirm these with other data
e.g.comparison of an outstanding dispatch note listing with the actual dispatch notes.
- Totaling. Relevant totals for example for debtors and creditors can be manuallyverified.
- Re-performance. The auditor may re-perform a sample of computer generatedcalculations
e.g. for depreciation and interest expense.
- Reconciliations. These will include reconciliations for computer listings with
creditor’sstatements, bank statements, actual stock and personnel records.
- Comparison with other evidence such as results of debtor’s circularization, attendanceat
stock take and physical inspection of fixed asset.
- If manual controls exercised by the user of the application system are capable of providing
reasonable assurance that the system's output is complete, accurate and authorised, the
auditors may decide to limit tests of control to these manual controls.
Uses of computer audit programs.
Computer audit programs sometimes generalized audit software. These programs are also
calledinquiry or interrogation programs. Computer audit programs are computer programs used
by the auditor to;
- Read magnetic files and to extract specified information from the files.
- To carry out audit work on the contents of the files.
- In the selection of representative or randomly chosen transactions or items for audittests.
- The scrutiny of files and selection of exceptional items for testing
- Comparison of two files and printing out the difference e.g. payrolls at two selecteddates.
- Preparing exception reports e.g. overdue debts.
- Stratification of data such as stock items or debtors with a view to examine only thematerial
items.
- Carrying out detailed tests and calculations
- Verifying data such as stock or fixed assets at the interim stage and then comparingthe
examined file with the end file so that only changed items need to be examined atthe final
audit.
The Control file
When auditing computerized information systems, it will be found that much reliance is placed
within the system upon standard forms and documentation in general, as well as upon strict
adherence to procedures laid down. This is no surprise, of course, since the ultimate constraining
factor in the system is the computers own capability and all users are competitors for its time. It
is therefore important that an audit control file be built as part of working papers and the auditor
must that he is on the distribution list for notifications of all new procedures, documents and
system changes in general.
www.mdarasa.com
+254708068851

mDarasa Resources
The following should be included in the control file;
- Copies of all the forms which source documents might take and details of the checksthat
have been carried out to ensure their accuracy.
- Details of physical controls over source documents as well as of the nature of anycontrol
totals of numbers, quantities or values including the names of persons keepingthese controls.
- Full description of how the source documents are to be converted into input media andthe
checking of control procedures.
- A detailed account of the clerical, procedural and systems development controlscontained in
the system. e.g. separation of programs from operators and separation ofcontrols over assets
from records relating to the assets.
- The arrangements for retaining source documents and input media for suitable periods.
- This is of great importance as they may be required for reconstructing stored files inevent of
error or mishap.
- A detailed flow diagram of what takes place during each routine processing run.
- Details of all tapes and discs in use including their layout, labeling, storage and
retentionarrangements.
- Copies of all the forms which output documents might take and details of their sortingand
checking.
- The auditor’s comments on the effectiveness of the controls.
Internal controls over computer processing include both manual procedures and procedures built
into the computer programs.
- The use of computers does not affect the auditor’s primary responsibility of reporting onthe
accounts but the way in which the auditor carries out his substantive and
complianceprocedures to arrive, at his opinion will be considerably different.
- The objectives of application controls which may be manual or programmed are toensure the
completeness and accuracy of the accounting records and the validity of theentries made
therein resulting from both manual and programmed processing.
- There are basically two techniques available to the auditor for auditing through thecomputer.
These are a use of test data and the use of computer audit programs.
- Substantive testing of computer records is possible and necessary. The extent dependson the
degree of reliance the auditor has placed on the internal controls
When auditing Electronic data processing systems, it will be found that much reliance is placed
within the system upon standard forms and documentation in general, as well as upon strict
adherence to procedures laid down. This is no surprise, of course, since the ultimate constraining
factor in the system is the computer’s own capability, and all users are competitors for its time. It
is therefore important that an audit control file be built up as part of the working papers, and the
auditor should ensure that he is on the distribution list for notifications of all new procedures,
www.mdarasa.com
+254708068851

mDarasa Resources
documents and systems changes in general. The following should be included in the audit control
file.
(a) Copies of all the forms which source documents might take, and details of the checks that
have been carried out to ensure their accuracy.
(b) Details of physical control over source documents, as well as of the nature of any control
totals of numbers, quantities or values, including the names of the persons keeping these
controls.
(c) Full description of how the source documents are to be converted into input media, and the
checking and control procedures.
(d) A detailed account of the clerical, procedural and systems development controls contained in
the system (e.g. separation of programmers from operators; separation of control of assets
from records relating thereto).
(e) The arrangements for retaining source documents and input media for suitable periods.
(f) This is of great importance, as they may be required for reconstructing stored files in the
event of error or mishap.
(g) A detailed flow diagram of what takes place during each routine processing run.
(h) Details of all tapes and discs in use, including their layout, labelling, storage andretention
arrangements.
(i) Copies of all the forms which output documents might take, and details of their subsequent
sorting and checking.
(j) The auditor’s own comments on the effectiveness of the controls
THE AUDIT APPROACH IN COMPUTERIZED INFORMATION SYSTEMS
The actual approach adopted by the auditor will depend on:
 The auditor’s experience with the client.

 The control environment.
 The complexity of the computerized information system.
 The risk profile of the client.
 The risk of misstatements in the financial statements.
The approach taken by the auditor when examining computerized records takes either of the two
main forms.
a) Auditing round the computer.

b) Auditing through the computer.
www.mdarasa.com
+254708068851

mDarasa Resources
AUDITING AROUND THE COMPUTER
This means examining evidence for all items in the financial statements without getting
immersed in the details of the computerized information system. The benefits of this approach
are that it saves time and its justification is that computers are 100% accurate in processing
transactions and therefore material processing errors simply do not occur.
The draw back of this approach is that once an application is programmed to process an item
incorrectly, then it processes exactly as programmed indefinitely. However, major frauds and
error or system failures should be picked up in the assets and liabilities verification e.g. if
processing of sales is incorrect, verification of debtors can uncover the error. Also an analysis of
gross profit margins will help discover any errors in sales. This approach is suitable for small
businesses but largely unsuitable for large scale entities.
When it is possible to relate on a one to one basis, the original input to the final output or to put it
another way, where the audit trail is always preserved than the presence of the computer has
minimal effect on the auditor’s work, and in that case it is possible to ignore what goes on in the
computer and concentrate audit tests on the completeness, accuracy, validity on the input and the
output, without paying any due concern to how that output has been processed. Where there is
super abundance of documentation and the output is as detailed and complete as in any manual
system and where the trail from beginning to end is complete so that all documents can be
identified and vouched and totally cross referenced, then the execution of normal audit tests on
records which are computer produced but which are nevertheless as complete as above then this
type of auditing is called auditing around the machine. In this case, the machine is viewed as
simply an instrument through which conventional records are produced. This approach is much
criticised because:
i) It indicates a lack of knowledge on the part of the auditor;

ii) It is extremely risky to audit and give an opinion on records that have been produced bya
system that the auditor does not understand fully, and;
iii) A computer has immense advantages for the auditor and it is inefficient to carry out anaudit
in this manner.
However, problems arise when it is discovered that management can use the computer more
efficiently in running the business. This is usually done by the production of exception reports
rather than the full records. For example, the management is interested in a list of delinquent
debtors, therefore producing the whole list of debtors means the list has to be analyzed again to
identify delinquent debtors and act upon them. This is inefficient and time consuming as the
printer is the slowest piece of equipment in any computerised system. From the auditor’s view,
exception reports which provide him with the very material he requires for his verification work
www.mdarasa.com
+254708068851

mDarasa Resources
raises a serious problem because he cannot simple assume that the programs which produce the
exception reports are:
i) Doing so accurately;
ii) Printing all the exception which exists;
iii) Are authorised programs as opposed to dummy programs specially created for a fraudulent
purpose or out of date programs accidentally taken from the library and;
iv) That they contain programs control parameters which do in fact meet the company’s genuine
internal control requirements.
So although it may be reasonable for management to have faith in their systems and programs,
such faith on the part of the auditor would be completely misplaced and may reflect very
adversely on his duty of care. This is the first situation on the loss of audit trail.
The other situation where loss of audit trail is noted where the computer generates, totals,
analyses and balances without printing out details. It therefore becomes necessary for the auditor
to find a way to audit through the computer rather than around it. But before we go on to that, the
loss of audit train can be overcome as follows:
a) We can have special print outs for auditors, remember the need to be consulted at the design
stage.
b) Inclusive audit facility: This means putting in the programs special audit instructions that
enable the computer to carry out some audit tests and produce print outs specially for the
auditor.
c) Clerical recreation: Given unlimited time and man power, maintain the possibility to recreate
manually the audit trail. This would obviously be a very tedious exercise.
d) Total testing and comparison: It is possible to compare results with other data, budgets,
previous periods and industry averages.
e) Alternative tests: We can perform stock takes, debtors’ circularisation and examination of the
condition of fixed assets.
f) We can use test packs to verify program performance.
AUDITING THROUGH THE COMPUTER
There are two basic techniques available to the auditor for auditing through the computer. These
are use of test data and use of computer audit programs which are also called CAATs (computer
assisted audit techniques).
i) Test data
These are designed to test the performance of client’s programs. What it involves is for the
auditor either using dummy data or live data for processing to manually work out the expected
result using the logic of the program. This is then run on the computer using the program and the
www.mdarasa.com
+254708068851

mDarasa Resources
results are compared. A satisfactory outcome gives the auditor a degree of assurance that if that
program is used continuously throughout the year, then it will perform as required. This
technique of test data falls under compliance testing.
(a) Live testing has the following disadvantages:

i) If the data is included with normal data, separate test data totals cannot be obtained. This can
sometimes be resolved by the use of dummy branches or separate codes to report the
program’s effects on the test data.
ii) Side effects can occur. It has been known for an auditor’s dummy product to be included in a
catalogue.
iii) Client’s files and totals are corrupted although this is unlikely to be material.
iv) If the auditor is testing procedures such as debt follow up, then the testing has to be over a
fairly long period of time. This can be difficult to organise.
(b) Dead testing has the following disadvantages:
i) Difficulties will be encountered in simulating a whole system or even a part of it.
ii) A more detailed knowledge of the system is required than with the use of live files.
iii) There is often uncertainty as to whether operational programs are really being used for the
test.
iv) The time span problem is still difficult but more capable of resolution than with live testing.
Computer audit programsThese consist of computer programs used by an auditor to read
magnetic files and to extract specified information from the files. They are also used to carry out
audit work in the contents of the file. These programs are sometimes called enquiry or
interrogation programs. They can be written by an audit firm themselves or they can be found
from software houses. They have the advantage that unskilled staff can easily be taught to use
them.
Uses of computer audit programs

Selection of representations or randomly chosen transactions or items for audit tests, e.g. item
number 36 and every 140th item thereafter. Scrutiny of files and selection of exceptional items
for examination e.g. all wages payments over Kshs.120, or all stock lines worth more
thanKshs.1,000 in total. Comparison of two files and printing out differences e.g. payrolls at
twoselected dates. Preparation of exception reports e.g. overdue debts. Stratification of data
e.g.stock lines or debtors; with a view to examination only of material items.Carrying out
detailtests and calculations. Verifying data such as stock or fixed assets at the interim stage
andthe comparing of the examined file with the year-end file so that only changed items need be
examined at the final audit (with a small sample of the other unchanged items). Comparison of
files at succeeding year ends e.g. to identify changes in the composition of stock.
Advantages
1. Examination of data is more rapid;
www.mdarasa.com
+254708068851

mDarasa Resources
2. Examination of data is more accurate
3. The only practical method of examining large amounts of data;
4. Gives the auditor practical acquaintance with live files;
5. Provides new opportunities to the auditor;
6. Overcomes in some cases a loss of audit trail;
7. Relatively cheap to use once set up costs have been incurred
Disadvantages
1. Can be expensive to set up or acquire.
2. Some technical knowledge is required.
3. A variety of programming languages is used in business. Standard computer audit programs
may not be compatible.
4. Detailed knowledge of systems and programs is required. Some auditors would dispute the
need for this detailed knowledge to be gained.
5. Difficulty in obtaining computer time especially for testing.
There can be no doubt that standard computer audit program packages will be in general use in
the near future. Use of audit software raises the visibility of the auditor in the eyes of the
company. It makes the audit more credible. Deficiencies in the system are often discovered and
can be reported to management. This also makes the audit more credible. Packages are not
however usually available for small machines.
COMPUTER AIDED AUDITING TECHNIQUES (CAAT'S)

'Computer-aided audit techniques (CAATs) or computer-assisted audit tools and
techniques(CAATTs) is a growing field within the audit profession. CAATs are the practice of
using computers to automate the audit process. CAATs normally includes using basic office
productivity software such as spreadsheet, word processors and text editing programs and more
advanced software packages involving use statistical analysis and business intelligence tools.
Applications of auditing procedures using the computer as an audit tool (also known as CAATs).
In the most general terms, CAATTs can refer to any computer program utilized to improve the
audit process. Generally, however, it is used to refer to any data extraction and analysis software.
This would include programs such as spreadsheets (e.g. Excel), databases (e.g. Access),
statistical analysis (e.g. SAS), business intelligence (e.g. Crystal Reports and Business Objects),
etc.
There are, however, companies that have developed dedicated specialized data analytic software
specifically for auditors.
Computer-assisted audit techniques (CAATs) are the applications of auditing procedures using
the computer as an audit tool.
www.mdarasa.com
+254708068851

mDarasa Resources
CAATs are the use of computers for audit work. The two most commonly used CAATs are audit
software and test data.
The overall objectives and scope of an audit do not change when an audit is conducted in a
computerisedenvironment. However, the application of auditing procedures may require auditors
to consider techniques that use the computer as an audit tool. These uses of the computer for
audit work are known as computer-assisted audit techniques (CAATs).
Circumstances when the use of CAATS when performing audit procedures would be
necessary
i) When the company has recently installed a new computer system
ii) when software has been changed in the past year
iii) When standard software allows the company to change the programs or add procedures
iv) When there is a significant loss of audit trail in the computer system
v) When the auditor has identified weaknesses in the company accounting software
CAATs may be used in performing various auditing procedures, including the following.
- Tests of details of transactions and balances
- Analytical review procedures
- Tests of computer information system controls
The advantages of using CAATs are:

- Auditors can test programme controls as well as general internal controls associated with
computers.
- Auditors can test a greater number of items more quickly and accurately than would be the
case otherwise.
- Auditors can test transactions rather than paper records of transactions that could be
incorrect.
- CAATs are cost-effective in the long-term if the client does not change its systems.
- Results from CAATs can be compared with results from traditional testing - if the results
correlate, overall confidence is increased.
The major steps to be undertaken by the auditors in the application of a CAAT are as follows.
- Set the objective of the CAAT application
- Determine the content and accessibility of the entity's files
Define the transaction types to be tested
- Define the procedures to be performed on the data
Define the output requirements
- Identify the audit and computer personnel who may participate in the design and application
of the CAAT
www.mdarasa.com
+254708068851

mDarasa Resources
- Refine the estimates of costs and benefits
- Ensure that the use of the CAAT is properly controlled and documented
- Arrange the administrative activities, including the necessary skills and computer facilities
- Execute the CAAT application
- Evaluate the results
There are two particularly common types of CAAT, audit software and test data.
Use of computers on audits is common practice. The examiner expects you to consider the
computer
aspects of auditing as a matter of course. Therefore in answering questions on obtaining
evidence,
remember to include reference to CAATs if they seem relevant.
AUDIT SOFTWARE
Audit software consists of computer programs used by the auditors, as part of their auditing
procedures, to process data of audit significance from the entity's accounting system. It may
consist of generalised audit software or custom audit software, Audit software is used for
substantive procedures.
Generalised audit software allows auditors to perform tests on computer files and databases, such
as reading and extracting data from a client's systems for further testing; selecting data that meets
certain
criteria, performing arithmetic calculations on data, facilitating audit sampling and producing
documents and reports.
Custom Audit software is written by auditors for specific tasks when generalised audit software
cannot be used
The following provides some examples of the use of audit software in the course of an audit.
Audit software: example of use

- Perform calculations and comparisons in analytical procedures
- Sampling programs to extract data for audit testing, e.g. select a sample of receivables for
confirmation
- Scan a file to ensure that all documents in a series have been accounted for or to search for
large and unusual items
- Compare data elements in different files for agreement (e.g. prices on sales invoices to
authorised
www.mdarasa.com
+254708068851

mDarasa Resources
prices in master file)
- Reperform calculations e,g, totalling sales ledger
- Prepare documents and reports e.g. produce receivables' confirmation letters and monthly
statements
TEST DATA
Test data techniques are used in conducting audit procedures by entering data (eg a sample of
transactions) into an entity's computer system, and comparing the results obtained with pre-
determined results. Test data is used for tests of controls.
Examples include:
(a) Test data used to test specific controls in computer programs such as on-line password and
data
access controls.
(b) Test transactions selected from previously processed transactions or created by the auditors
to test
specific processing characteristics of an entity's computer system. Such transactions are
generally processed separately from the entity's normal processing, Test data can for example
be
used to check the controls that prevent the processing of invalid data by entering data with
say a
non-existent customer code or worth an unreasonable amount, or a transaction which may if
processed break customer credit limits.
(c) Test transactions used in an integrated test facility. This is where a 'dummy' unit (e.g. a
department
or employee) is established, and to which test transactions are posted during the normal
processing cycle.
A significant problem with test data is that any resulting corruption of data files has to be
corrected. This is difficult with modern real-time systems, which often have built-in (and highly
desirable) controls to ensure that data entered cannot be easily removed without leaving a mark.
Other problems with test data are that it only tests the operation of the system at a single point of
time,
and auditors are only testing controls in the programs being run and controls which they know
about. The problems involved mean that test data is being used less as a CAAT.
CONSIDERATIONS SPECIFIC TO PUBLIC SECTOR ENTITIES

www.mdarasa.com
+254708068851

mDarasa Resources
Auditors of public sector entities often have additional responsibilities with regard to internal
control and compliance with applicable laws and regulations. Inquiries of appropriate individuals
in the internal audit function can assist the auditors in identifying the risk of material
noncompliance with applicable laws and regulations and the risk of deficiencies in internal
control over financial reporting.
Analytical Procedures
- Analytical procedures performed as risk assessment procedures may identify aspects of the
entity of which the auditor was unaware and may assist in assessing the risks of material
misstatement in order to provide a basis for designing and implementing responses to the
assessed risks. Analytical procedures performed as risk assessment procedures may include
both financial and non-financial information, for example, the relationship between sales and
square footage of selling space or volume of goods sold.
- Analytical procedures may help identify the existence of unusual transactions or events, and
amounts, ratios, and trends that might indicate matters that have audit implications. Unusual
or unexpected relationships that are identified may assist the auditor in identifying risks of
material misstatement, especially risks of material misstatement due to fraud.
- However, when such analytical procedures use data aggregated at a high level (which may be
the situation with analytical procedures performed as risk assessment procedures), the results
of those analytical procedures only provide a broad initial indication about whether a
material misstatement may exist. Accordingly, in such cases, consideration of other
information that has been gathered when identifying the risks of material misstatement
together with the results of such analytical procedures may assist the auditor in understanding
and evaluating the results of the analytical procedures.
www.mdarasa.com
+254708068851

mDarasa Resources
CONTENT
TOPIC 7
17.7 Forensic accounting
 Conduct of forensic investigations: accepting the investigation,

planning, evidence gathering, reporting
 Rules of evidence in court proceedings
 Regulations and standards on forensic accounting
 Applicable codes of ethics
www.mdarasa.com
+254708068851

mDarasa Resources
TOPIC 7
FORENSIC ACCOUNTING
FORENSIC ACCOUNTING
Forensic accounting is defined as "the application of investigative and analytical skills for the
purpose of resolving financial issues in a manner that meets standards required by courts of law.
Forensic accountants apply special skills in accounting, auditing, finance, quantitative methods,
certain areas of the law, research and investigative skills to collect, analyze and evaluate
evidential matter and to interpret and communicate findings."[4]
Forensic accounting is the term used to describe the type of engagement. It is the whole process
of carrying out a forensic investigation, including preparing an expert’s report or witness
statement, and potentially acting as an expert witness in legal proceedings.
Forensic investigation is a part of a forensic accounting engagement. Forensic investigation is the
process of gathering evidence so that the expert’s report or witness statement can be prepared. It
includes forensic auditing, but incorporates a much broader range of investigative techniques,
such as interviewing witnesses and suspects, imaging or recovering computer files including
emails, physical searches of premises etc.
Forensic auditing is the application of traditional auditing procedures and techniques in order to
gather evidence as part of the forensic investigation.
APPLICATION
The major applications of forensic accounting include fraud investigations, negligence cases and
insurance claims.
An insurance claim would require determination of how much the client should claim from the
insurer.
STEP 1
The first step would be a detailed review of the insurance policy to determine ‘coverage’, ie what
is insured and any clauses that might restrict the amount that can be claimed or invalidate the
claim.
STEP 1
The second step would be to gather evidence to quantify the loss, ie the amount to be claimed.
Insurance claims might include claims following misappropriation of assets, ie theft of goods or
money. In such cases, the forensic accountant will review inventory or cash records and details
www.mdarasa.com
+254708068851

mDarasa Resources
of sales and purchases to reconcile the amounts held and determine the value of the goods or
cash stolen. They will also test the reliability of the information held by counting a sample of
inventory or cash currently held in comparison with the client’s records. The forensic accountant
will not assume that there has been a theft; they will consider other possibilities such as an error
in the data held.
Insurance claims may however, be much more complicated than this, such as in the case of
business interruptions arising as a result of fire or flood. In these types of engagements the
forensic accountant will review prospective financial information in comparison with reported
outturn to evaluate the loss of profit arising as a result of the business interruption. The forensic
accountant will not assume that there has been any loss of profit due to the business interruption;
they will consider other possibilities such as a straightforward loss of market share to a
competitor.
FORENSIC ENGAGEMENTS
Forensic engagements often require the forensic accountant to quantify a loss. One such
engagement is in professional negligence claims, ie when another accountant has breached their
duty of care to a client or third party resulting in a loss for that client. In these types of
engagement, the forensic accountant would also provide an opinion on whether the duty of care
owed has been breached, ie whether the audit or other accountancy service was performed in
accordance with current standards in practice, legislation and techniques. In relation to an audit,
this would require consideration of whether the International Standards on Auditing were
followed.
Financial forensic engagements may fall into several categories. For example:
 Economic damages calculations, whether suffered through tort or breach of contract;

 Post-acquisition disputes such as earnouts or breaches of warranties;
 Bankruptcy, insolvency, and reorganization;
 Securities fraud;
 Tax fraud;
 Money laundering;
 Business valuation; and
 Computer forensics/e-discovery.
NEED FOR A FORENSIC ACCOUNTANT

The need for a forensic accountant may also arise because two parties cannot agree on the
amount owed by one party to another, and the accountant is engaged to provide an expert
valuation, of a business for example.
This might be the case in a matrimonial dispute, where a divorcing couple whose assets include
shares in a company or partnership, engage a forensic accountant to value the company so that a
www.mdarasa.com
+254708068851

mDarasa Resources
settlement can be reached. A similar process might apply in partnerships, when one partner
wishes to leave the partnership and is being bought out by the remaining partner(s).
THE ROLE OF AN EXPERT WITNESS

An expert witness is quite different to any other witness in court proceedings. Most witnesses are
'witnesses of fact', ie they can only provide evidence on what they saw, did or heard. Most
importantly, they cannot give their opinion on any of the matters about which they give
evidence. By contrast, an expert witness is specifically called to give their opinion on a particular
matter.
An accountant can be called to give evidence as a professional witness, ie a witness of fact, or an
expert witness. In order to give evidence as an expert witness they must be just that, an expert.
They must be able to demonstrate a level of expertise that means their opinion is valuable to the
court. This means not only expertise in accountancy, but also expertise in the particular area of
accountancy that they are giving evidence on.
A witness will provide a written report/statement to the court, and may also be required to attend
court to give live evidence, in person, and be cross-examined by the ‘other side’.
However, not all forensic engagements will require evidence to be submitted to a court. Often,
the engagement will simply require a report for the client’s own purposes or sometimes a report
for use by the insurer.
Either way, a key skill necessary in being a successful forensic accountant is the ability to
explain complex accounting concepts in simple terms to someone who is not themselves an
accountant, whether that be as an expert witness explaining matters to the judge or jury, or when
explaining matters to the client. Forensic accounting integrates investigative, accountancy, and
communication skills.
PLANNING
Forensic accounting engagements are agreed-upon procedures engagements, not assurance
engagements. The forensic accountant will not provide an assurance opinion – that is the role of
the auditor when reviewing the amount of loss included in the financial statements.
This will normally involve determining an appropriate value or quantifying a loss as discussed
above; this is quite distinct from an assurance engagement in which the engagement team would
review an amount determined by the client.
As an agreed-upon procedures engagement, the forensic accountant will normally prepare a
report for the client that sets out their findings, based on the scope agreed in the engagement
letter. This report may be addressed to management, often in the case of a fraud, or to the insurer.
www.mdarasa.com
+254708068851

mDarasa Resources
It may be that a witness statement/report for submission to the court/arbitrator is required in
addition to or instead of a report to the client.
However, planning the investigation is likely to be similar to planning an audit or any other
assurance engagement.
Planning will commence with a meeting with the client in which the engagement team will
develop an understanding of the issue/events (the fraud, theft etc) and actions taken by the client
since it occurred.
A key part of planning is to confirm exactly what format the output is required in, and exactly
what matters are required to be covered within it.
At this stage any key documentation will be obtained and scrutinised – for example, the
insurance policy, the partnership agreement, the evidence that led to the discovery of the fraud,
etc.
The team will agree with the client, what access to other information or personnel will be
required and this will be arranged.
Based on the above, the team will design procedures that enable them to meet the requirements
of the client, as agreed. This may or may not include test of controls, depending on the
circumstances. There would be no need to tests control when valuing a business for a
matrimonial dispute. However, testing controls will be key to determining how a fraud took
place.
PROCEDURES AND EVIDENCE

Any method of obtaining evidence can be used in a forensic accounting engagement – this is not
a limited assurance engagement in which procedures are likely to be restricted to enquiry and
analytical procedures.
Forensic engagements will include a detailed and wholesale review of all documentation and
electronic evidence available. The opinion given by the expert accountant must be reasoned, and
backed up by evidence. Their opinion cannot be objective if only based on what they are told;
they must corroborate that information.
To be awarded marks in the exam, your procedures cannot be vague. They must be specific
enough that the engagement team could actually follow your instructions.
For example, it would not be sufficient to write 'interview the suspect'. You must suggest
questions that should be asked of the suspect in interview, depending on the circumstances in the
scenario. For example, the suspect could be asked to explain their job role and what access that
gives them to systems, cash, inventory etc.
www.mdarasa.com
+254708068851

mDarasa Resources
This also applies when recommending enquires of or discussions with management – it must be
clear in your answer what it is the engagement team should ask of them, eg have they informed
the police, has the suspect been suspended, have they informed the insurer etc.
Equally it is not sufficient to suggest the use of computer assisted auditing techniques (CAATs).
You must specify how the CAATs could be used. For example, data matching bank accounts
used for paying suppliers with bank accounts for paying employees, exception reports
identifying employees who are not taking holiday, etc.
In order to design appropriate procedures you must identify the type of forensic accounting
engagement, and the specific type of fraud, insurance or negligence claim. For example,
quantifying the theft of goods will be very different from quantifying a loss from payroll or
‘ghost employee’ fraud or loss of profits following a business interruption (as discussed above).
RULES OF EVIDENCE IN COURT PROCEEDINGS
The potential forensic accounting expert witness should keep the following in mind the
following requirements:
 Opinions must be disclosed in an oral or written report.

 The basis for all opinions must be identified.
 The report must include a list of information that was considered in forming the opinions
and exhibits used as supporting documentation for the opinions.
 Qualifications including articles written for publication and history of expert witness
testimony must be listed.
In many trials, including those involving fraud, there may be forensic accounting expert
witnesses brought by both sides of the case. Representing the actual “innocent” party in the case
is not a guarantee that the expert witness for the opposition cannot hurt your case. The next part
of this series will delve further into the skills and background a forensic accounting expert
witness may bring to the table.
The various forms of evidence that can be used during a criminal trial are
Documentary evidence
www.mdarasa.com
+254708068851

mDarasa Resources
In order for a document to be admissible during criminal proceedings, the following conditions
must be met
(a) The original document must be produced and
(b) The document must be authenticated.
Real evidence
Real evidence is an object which, upon proper identification, becomes, of itself, evidence.
If the evidence is properly identified and relevant and if there is no other rule of evidence that
excludes it as evidence, it will be included as an exhibit that will be duly labelled and numbered
and available for the court to inspect.
Electronic Evidence
It is stated that a data message that was made by a person during the ordinary course of their
business, or a certified copy thereof, is admissible as evidence
Difference between the audit report and a forensic accounting expert report
A forensic accounting report differs considerably from an audit report. The audit report contains
audit opinions that are issued under International Financial Reporting Standards (IFRS), while
the forensic accounting report is not constrained by the required language of a governing
standard and forensic reports differ from one investigation to another, and one firm to another,
depending on the client‘s needs.
The following table illustrates the difference between auditing and a forensic accounting
investigation
AUDIT FORENSIC
ACCOUNTING
INVESTIGATION
www.mdarasa.com
+254708068851

mDarasa Resources
Objective Form an opinion on the Determine the likelihood

overall financial statements and/or magnitude of fraud
taken as a whole occurring
Purpose Usually required by Sufficient predication that a

thirdparty users of financial fraud has or may have
statements occurred
Value Adds credibility to reported Resolves suspicions and

financial information accusations, determines the
facts
Source of evidence Inquiry, observation, Review detailed financial and

examination, and nonfinancial data, search
reperformance of accounting public records, conduct fact-
transactions to support finding as well as admission-
financial statement assertions seeking interviews, including
thirdparty inquiries
Sufficiency of evidence Reasonable assurance Establish facts to support or

refute suspicions or
accusations
FUNDAMENTAL ETHICAL PRINCIPLES

The range of ethical and professional issues will be similar to any other type of engagement.
However, the importance of ethics is arguably much greater in relation to forensic
accountancy. Often both ‘sides’ will bring an expert witness to the hearing where they do not
agree. The decision maker must decide which evidence they ‘prefer’ – the credibility of the
witness is often the primary factor on which they can base that decision and the credibility of an
accountant is reliant on their compliance with the fundamental ethical principles.
In the exam, you will also need to note whether the client requesting the forensic accounting
service is an audit client, if so, this will present an additional and particularly important threat to
www.mdarasa.com
+254708068851

mDarasa Resources
objectivity; a self-review threat. The investigation is likely to involve the quantification of an
amount, which will then be reviewed as part of the financial statements audit. The significance
of the threat will be affected by the materiality of the amount and the subjectivity involved in
quantifying it, eg if for loss of profits following business interruption this will be more subjective
than quantification of the value of stolen inventory.
Remember that the decision to prosecute is a matter for the client. Often, clients do not want to
prosecute for fear of damaging their reputation. The forensic accountant can provide the client
with an analysis of all of the facts, but must not make the decision to prosecute (a management
threat to objectivity). The forensic accountant has a duty of confidentiality, unless it is in the
public interest to do so, they must not disclose the fraud to any third party including the police,
without client permission.
www.mdarasa.com
+254708068851

mDarasa Resources
CONTENT
TOPIC 8
17.8 Audit clearance and reporting
 Quality control and peer review

 Reports to those charged with governance
 Reporting on compliance and other information (Chairman’s
statement and directors report)
 Auditors report on financial statements
www.mdarasa.com
+254708068851

mDarasa Resources
TOPIC 8
AUDIT CLEARANCE AND REPORTING
PURPOSES OF THE AUDITOR’S REPORT
The requirements of Companies Act regarding auditors report
The Companies Act cap 486 requires that the auditor of a limited liability company to report to the
members whether the financial statements laid before the AGM show true and fair view of the state of
affairs of the company and comply with the requirements of the companies act. The audit report is
therefore the means by which the auditor reports his opinions as to whether the financial statements show
a true and fair view of the state of affairs. The report is addressed to shareholders.
Section 162(1) of the Companies Act stipulates the statements that should be expressly stated in the
auditor’s report. These are;
- Whether the auditor has obtained all the information and explanation which to the bestof his
knowledge and belief were necessary for audit proposes.
- Whether in his opinion, proper books of accounts have been kept by the company, sofar as it appears
from the examination of those books and proper returns adequate forthe purposes of the audit from
branches not visited by him.
- Whether the company’s balance sheet and profit and loss accounts dealt by the reportare in agreement
with the books of the accounts and returns.
- Whether in his opinion and to the best of his information and according to the explanationsgiven to
him, the financial statements give the information required by the CompaniesAct in the manner so
required and give at rue and fair view.
- In the case of the balance sheet, of the state of affairs of the company as at the end ofthe accounting
period.
- In the case of the profit and loss account, of the state of profit or loss of the companyin the financial
year.
- In the case of a holding company submitting group financial statements whether in hisopinion, the
group financial statements have been prepared in accordance with theprovisions of the Companies
Act so as to give a true and fair view of the state of affairsand profit or loss of the company.
Once the auditor has gathered sufficient appropriate audit evidence on which to base his opinion, he is
expected to put his findings on the true and fairness of the financial statements in a report.
a) Examining, on a test basis, evidence to support the financial statement amounts and disclosures;
b) Assessing the accounting principles used in the preparation of the financial statements;
www.mdarasa.com
+254708068851

mDarasa Resources
c) Assessing the significant estimates made by management in the preparation of the financial
statements; and
d) Evaluating the overall financial statement presentation.
This report is referred to as the auditor’s report. The report is primarily meant for the Shareholders but
can be of benefit to other users of the financial statements as well for example the banks. The wording
and the format of the report is guided by law.
International Standard on Auditing (ISA) 700, Forming an Opinion and Reportingon Financial
Statements
For purposes of the ISAs, the following terms have the meanings attributedbelow:
a) General purpose financial statements – Financial statements prepared in accordance with a general
purpose framework.
b) General purpose framework – A financial reporting framework designed to meet the common
financial information needs of a wide range of users. The financial reporting framework may be a fair
presentation framework or a compliance framework.
The term “fair presentation framework” is used to refer to a financialreporting framework that requires
compliance with the requirementsof the framework and:
i) Acknowledges explicitly or implicitly that, to achieve fair presentation of the financial statements, it
may be necessary for management to provide disclosures beyond those specifically required by the
framework; or
ii) Acknowledges explicitly that it may be necessary for management to depart from a requirement of the
framework to achieve fair presentation of the financial statements. Such departures are expected to be
necessary only in extremely rare circumstances.
iii) The term “compliance framework” is used to refer to a financial reporting framework that requires
compliance with the requirements of the framework, but does not contain the acknowledgements in
(i) or (ii) above.
c) Unmodified opinion – The opinion expressed by the auditor when the auditor concludes that the
financial statements are prepared, in all material respects, in accordance with the applicable financial
Reference to “financial statements” in this ISA means “a complete set of generalpurpose financial
statements, including the related notes.” The related notesordinarily comprise a summary of significant
accounting policies and otherexplanatory information. The requirements of the applicable financial
reportingframework determine the form and content of the financial statements, and whatconstitutes a
complete set of financial statements.
The objectives of the auditor are:

(a) To form an opinion on the financial statements based on an evaluation of the conclusions drawn
from the audit evidence obtained; and
www.mdarasa.com
+254708068851

mDarasa Resources
(b) To express clearly that opinion through a written report that also describes the basis for that
opinion.
Management’s Responsibility for the Financial Statements

- This section of the auditor’s report describes the responsibilities of those in the organization that are
responsible for the preparation of the financial statements.
- The auditor’s report need not refer specifically to “management,” but shall use the term that is
appropriate in the context of the legal framework in the particular jurisdiction. In some jurisdictions,
the appropriate reference may be to those charged with governance.
- The auditor’s report shall include a section with the heading “Management’s [or other appropriate
term] Responsibility for the Financial Statements.”
- The auditor’s report shall describe management’s responsibility for the preparation of the financial
statements. The description shall include an explanation that management is responsible for the
preparation of the financial statements in accordance with the applicable financial reporting
framework, and for such internal control as it determines is necessary to enable the preparation of
financial statements that are free from material misstatement, whether due to fraud or error.
- Where the financial statements are prepared in accordance with a fair presentation framework, the
explanation of management’s responsibility for the financial statements in the auditor’s report shall
refer to “the preparation and fair presentation of these financial statements” or “the preparation of
financial statements that give a true and fair view,” as appropriate in the circumstances.
Supplementary Information Presented with the Financial Statements

- If supplementary information that is not required by the applicable financial reporting framework is
presented with the audited financial statements, the auditor shall evaluate whether such
supplementary information is clearly differentiated from the audited financial statements.
- If such supplementary information is not clearly differentiated from the audited financial statements,
the auditor shall ask management to change how the unaudited supplementary information is
presented.
- If management refuses to do so, the auditor shall explain in the auditor’s report that such
supplementary information has not been audited.
- Supplementary information that is not required by the applicable financial reporting framework but is
nevertheless an integral part of the financial statements because it cannot be clearly differentiated
from the audited financial statements due to its nature and how it is presented shall be covered by the
auditor’s opinion.
ELEMENTS OF THE AUDITOR’S REPORT
Basic elements of auditor’s report
The Companies Act does not stipulate the form the auditor’s report should take. The auditing standards
seek to ensure that the auditor’s report is clear and unambiguous. To this end, it seeks to standardize the
form of the auditor’s report.
It does this by giving the basic elements of the auditor’s report.

i) Appropriate report title
www.mdarasa.com
+254708068851

mDarasa Resources
Auditing standards require that the report be titled and that the title includes the word ‘independent’
e.g. independent auditors report’. The requirement that the title includes the word independent is
intended to convey to users that the audit was unbiased in all aspects.The title should indicate that the
report is by an independent auditor to confirm all the relevant ethical standards have been met
ii) Address
The auditor’s report shall be addressed as required by the circumstances of the engagement. The
report is usually addressed to the company, its stockholders or the board of directors. For practical
reasons, it limits the users of auditor’s report.
iii) Introductory paragraph
The first paragraph has three purposes, fist, it makes a statement that the practice did an audit.
Secondly, it lists all the financial statements that were audited including the balance sheet dates and
accounting periods for the income statement and cash flow statement. The wording of the financial
statements in the report should be identical to those used by management on the financial statements.
Thirdly, the introductory paragraph states that the statements are the responsibility of management
and that the auditor’s responsibility is to express an opinion on the statements based on the audit.
The introductory paragraph in the auditor’s report shall:

- Identify the entity whose financial statements have been audited;
- State that the financial statements have been audited;
- Identify the title of each statement that comprises the financial statements;
- Refer to the summary of significant accounting policies and other explanatory information; and
- Specify the date or period covered by each financial statement comprising the financial
statements.
iv) Scope paragraph
This paragraph is a factual statement about what the auditor did in the audit. This paragraph states
how the audit was planned and performed in accordance with ISAs and states that the audit is
designed to obtain reasonable assurance whether the financial statements are free of material
misstatements.
v) Opinion paragraph
This final paragraph states the auditors conclusions based on the results of the audit. This part of the
report is so important that often the audit report is simply called the auditor’s opinion.
The opinion paragraph is stated as an opinion rather than a statement of absolute fact or a guarantee.
vi) Audit report date

The appropriate date for the report is the one on which the auditor has completed the most important
audit procedures in the field. This date is important to users of financial statements as it indicates the
last day of auditor’s responsibility for review of significant events that have occurred after date of
vii) Name of audit firm
www.mdarasa.com
+254708068851

mDarasa Resources
The firm’s name is used because the entire firm has the legal responsibility to ensure that the quality
of audit meets professional standards.
viii) Management’s Responsibility for the Financial Statements

- This section of the auditor’s report describes the responsibilities of those in the organization that are
responsible for the preparation of the financial statements.
- The auditor’s report need not refer specifically to “management,” but shall use the term that is
appropriate in the context of the legal framework in the particular jurisdiction. In some
jurisdictions, the appropriate reference may be to those charged with governance.
- The auditor’s report shall include a section with the heading “Management’s [or other appropriate
term] Responsibility for the Financial Statements.”
- The auditor’s report shall describe management’s responsibility for the preparation of the financial
statements. The description shall include an explanation that management is responsible for the
preparation of the financial statements in accordance with the applicable financial reporting
framework, and for such internal control as it determines is necessary to enable the preparation of
financial statements that are free from material misstatement, whether due to fraud or error.
explanation of management’s responsibility for the financial statements in the auditor’s report shall
refer to “the preparation and fair presentation of these financial statements” or “the preparation of
financial statements that give a true and fair view,” as appropriate in the circumstances.
ix) Auditor’s Responsibility

- The auditor’s report shall include a section with the heading “Auditor’s Responsibility.”
- The auditor’s report shall state that the responsibility of the auditor is to express an opinion on the
financial statements based on the audit.
- The auditor’s report shall state that the audit was conducted in accordance with International
Standards on Auditing. The auditor’s report shall also explain that those standards require that the
auditor comply with ethical requirements and that the auditor plan and perform the audit to obtain
reasonable assurance about whether the financial statements are free from material misstatement.
- The auditor’s report shall describe an audit by stating that:
a) An audit involves performing procedures to obtain audit evidence about the amounts and
disclosures in the financial statements;
b) The procedures selected depend on the auditor’s judgment, including the assessment of the risks
of material misstatement of the financial statements, whether due to fraud or error. In making
those risk assessments, the auditor considers internal control relevant to the entity’s preparation of
the financial statements in order to design audit procedures that are appropriate in the
circumstances, but not for the purpose of expressing an opinion on the effectiveness of the
entity’s internal control.
- In circumstances when the auditor also has a responsibility to express an opinion on the effectiveness
of internal control in conjunction with the audit of the financial statements, the auditor shall omit the
phrase that the auditor’s consideration of internal control is not for the purpose of expressing an
opinion on the effectiveness of internal control; and
www.mdarasa.com
+254708068851

mDarasa Resources
- An audit also includes evaluating the appropriateness of the accounting policies used and the
reasonableness of accounting estimates made by management, as well as the overall presentation of
the financial statements.
description of the audit in the auditor’s report shall refer to “the entity’s preparation and fair
presentation of the financial statements” or “the entity’s preparation of financial statements that give a
true and fair view,” as appropriate in the circumstances.
- The auditor’s report shall state whether the auditor believes that the audit evidence the auditor has
obtained is sufficient and appropriate to provide a basis for the auditor’s opinion.
x) Auditor’s Opinion
Wording of the auditor’s opinion prescribed by law or regulation

- ISA 210 explains that, in some cases, law or regulation of the relevant jurisdiction prescribes the
wording of the auditor’s report (which in particular includes the auditor’s opinion) in terms that are
significantly different from the requirements of ISAs. In these circumstances, ISA 210 requires the
auditor to evaluate:
(a) Whether users might misunderstand the assurance obtained from the audit of the financial
statements and, if so,
(b) Whether additional explanation in the auditor’s report can mitigate possible misunderstanding.
If the auditor concludes that additional explanation in the auditor’s report cannot mitigate possible
misunderstanding, ISA 210 requires the auditor not to accept the audit engagement, unless required by
law or regulation to do so. In accordance with ISA 210, an audit conducted in accordance with such law
or regulation does not comply with ISAs. Accordingly, the auditor does not include any reference in the
auditor’s report to the audit having been conducted in accordance with International Standards on
Auditing.
“Present fairly, in all material respects” or “give a true and fair view”
- Whether the phrase “present fairly, in all material respects,” or the phrase “give a true and fair view”
is used in any particular jurisdiction is determined by the law or regulation governing the audit of
financial statements in that jurisdiction, or by generally accepted practice in that jurisdiction. Where
law or regulation requires the use of different wording, this does not affect the requirement for the
auditor to evaluate the fair presentation of financial statements prepared in accordance with a fair
presentation framework.
Description of information that the financial statements present

In the case of financial statements prepared in accordance with a fair presentation framework, the
auditor’s opinion states that the financial statements present fairly, in all material respects, or give a true
and fair view of the information that the financial statements are designed to present, for example, in the
case of many general purpose frameworks, the financial position of the entity as at the end of the period
and the entity’s financial performance and cash flows for the period then ended.
www.mdarasa.com
+254708068851

mDarasa Resources
Description of the applicable financial reporting framework and how it may affect the auditor’s
opinion
- The identification of the applicable financial reporting framework in the auditor’s opinion is intended
to advise users of the auditor’s report of the context in which the auditor’s opinion is expressed. The
applicable financial reporting framework is identified in such terms as:
“… in accordance with International Financial Reporting Standards” or
“… in accordance with accounting principles generally accepted in Jurisdiction X …”
- When the applicable financial reporting framework encompasses financial reporting standards and
legal or regulatory requirements, the framework is identified in such terms as “… in accordance with
International Financial Reporting Standards and the requirements of Jurisdiction X Corporations
Act.” ISA 210 deals with circumstances where there are conflicts between the financial reporting
standards and the legislative or regulatory requirements.
- The financial statements may be prepared in accordance with two financial reporting frameworks,
which are therefore both applicable financial reporting frameworks. Accordingly, each framework is
considered separately when forming the auditor’s opinion on the financial statements, and the
auditor’s opinion refers to both frameworks as follows:
a) If the financial statements comply with each of the frameworks individually, two opinions are
expressed: that is, that the financial statements are prepared in accordance with one of the
applicable financial reporting frameworks (for example, the national framework) and an opinion
that the financial statements are prepared in accordance with the other applicable financial
reporting framework (for example, International Financial Reporting Standards). These opinions
may be expressed separately or in a single sentence (for example, the financial statements are
presented fairly, in all material respects, in accordance with accounting principles generally
accepted in Jurisdiction X and with International Financial Reporting Standards).
b) If the financial statements comply with one of the frameworks but fail to comply with the other
framework, an unmodified opinion can be given that the financial statements are prepared in
accordance with the one framework (for example, the national framework) but a modified opinion
given with regard to the other framework (for example, International Financial Reporting
Standards) in accordance with ISA 705.
- The financial statements may represent compliance with the applicable financial reporting framework
and, in addition, disclose the extent of compliance with another financial reporting framework.
- Such supplementary information is covered by the auditor’s opinion as it cannot be clearly
differentiated from the financial statements.
a) If the disclosure as to the compliance with the other framework is misleading, a modified opinion
is expressed in accordance with ISA 705.
b) If the disclosure is not misleading, but the auditor judges it to be of such importance that it is
fundamental to the users’ understanding of the financial statements, an Emphasis of Matter
paragraph is added in accordance with ISA 706, drawing attention to the disclosure.
Other Reporting Responsibilities

www.mdarasa.com
+254708068851

mDarasa Resources
- In some jurisdictions, the auditor may have additional responsibilities to report on other matters that
are supplementary to the auditor’s responsibility under the ISAs to report on the financial statements.
For example, the auditor may be asked to report certain matters if they come to the auditor’s attention
during the course of the audit of the financial statements. Alternatively, the auditor may be asked to
perform and report on additional specified procedures, or to express an opinion on specific matters,
such as the adequacy of accounting books and records. Auditing standards in the specific jurisdiction
often provide guidance on the auditor’s responsibilities with respect to specific additional reporting
responsibilities in that jurisdiction.
- In some cases, the relevant law or regulation may require or permit the auditor to report on these other
responsibilities within the auditor’s report on the financial statements. In other cases, the auditor may
be required or permitted to report on them in a separate report.
- These other reporting responsibilities are addressed in a separate section of the auditor’s report in
order to clearly distinguish them from the auditor’s responsibility under the ISAs to report on the
Auditor’s Report Prescribed by Law or Regulation

- If the auditor is required by law or regulation of a specific jurisdiction to use a specific layout or
wording of the auditor’s report, the auditor’s report shall refer to International Standards on Auditing
only if the auditor’s report includes, at a minimum, each of the following elements
a) A title;
b) An addressee, as required by the circumstances of the engagement;
c) An introductory paragraph that identifies the financial statements audited;
d) A description of the responsibility of management (or other appropriate term, ) for the preparation of
the financial statements;
e) A description of the auditor’s responsibility to express an opinion on the financial statements and the
scope of the audit, that includes:
 A reference to International Standards on Auditing and the law or regulation; and
 A description of an audit in accordance with those standards;
f) An opinion paragraph containing an expression of opinion on the financial statements and a reference
to the applicable financial reporting framework used to prepare the financial statements (including
identifying the jurisdiction of origin of the financial reporting framework that is not International
Financial Reporting Standards or International Public Sector Accounting Standards
g) The auditor’s signature;
h) The date of the auditor’s report; and
i) The auditor’s address.
Auditor’s Report for Audits Conducted in Accordance with Both Auditing Standards of a Specific
Jurisdiction and International Standards on Auditing
- An auditor may be required to conduct an audit in accordance with the auditing standards of a specific
jurisdiction (the “national auditing standards”), but may additionally have complied with the ISAs in
www.mdarasa.com
+254708068851

mDarasa Resources
the conduct of the audit. If this is the case, the auditor’s report may refer to International Standards on
Auditing in addition to the national auditing standards, but the auditor shall do so only if:
a) There is no conflict between the requirements in the national auditing standards and those in ISAs
that would lead the auditor (i) to form a different opinion, or (ii) not to include an Emphasis of
Matter paragraph that, in the particular circumstances, is required by ISAs; and
b) The auditor’s report includes, at a minimum, each of the elements set out in above when the
auditor uses the layout or wording specified by the national auditing standards. Reference to law
or regulation shall be read as reference to the national auditing standards. The auditor’s report
shall thereby identify such national auditing standards.
- When the auditor’s report refers to both the national auditing standards and International Standards on
Auditing, the auditor’s report shall identify the jurisdiction of origin of the national auditing
standards.
TYPES OF AUDIT OPINION

AUDIT OPINION
The auditor’s opinion is normally based on whether the financial statements give a true and fair view (or
are presented fairly, in all material respects) in accordance with the applicable financial reporting
framework and comply with statutory requirements.
The financial reporting framework is determined by IFRS’s, with due regard to local legislation. To advise
the reader of the context in which the auditor’s opinion is expressed, the auditor’s opinion indicates the
framework upon which the financial statements are based. This designation helps the user to better
understand which financial reporting framework was used in preparing the financial statements.
The following are the various types of audit opinions that the auditor can issue:
i) Unqualified opinion.
ii) Modified opinions:
 Emphasis of matter.
 Qualified opinion.
 Disclaimer of opinion.
 Adverse opinion.
These are covered in detail below.
a) Unqualified Opinion
An unqualified opinion should be expressed when the auditor concludes that the financial statements give
a true and fair view in accordance with IFRS and the Kenyan Companies Act. An unqualified opinion also
indicates implicitly that any changes in accounting principles or in the method of their application, and the
effects thereof, have been properly determined and disclosed in the financial statements.
b) Modified Reports
www.mdarasa.com
+254708068851

mDarasa Resources
Matters That Do Not Affect the Auditor’s Opinion
In certain circumstances, an auditor’s report may be modified by adding an emphasis of matter paragraph
to highlight a matter affecting the financial statements, which is included in a note to the financial statements
that more extensively discusses the matter. The emphasis of matter paragraph does not affect the auditor’s
opinion and is normally included after the auditor’s opinion paragraph. The emphasis of matter paragraph
would ordinarily refer to the fact that the auditor’s opinion is not qualified in this respect.
The engagement partner would normally consider including an emphasis of matter paragraph in the
auditor’s report in the following circumstances:
i) When there is a going concern problem; or
ii) When there is a significant uncertainty (other than a going concern problem), the resolution of which
is dependent upon future events and which may affect the financial statements; or
iii) When there is a material inconsistency in other information in documents containing financial
statements (e.g. a directors’ report), and the directors refuse to make an appropriate amendment.
Matters That Affect the Auditor’s Opinion

In certain circumstances, the auditor may not be able to express an unqualified opinion. A qualified opinion
is issued when:
i) There is a limitation on the scope of the auditor’s work (leads to a qualified opinion or disclaimer of
opinion).
ii) There is a disagreement with management regarding the acceptability of the accounting policies
selected, the method of their application or the adequacy of financial statement disclosures (leads to a
qualified opinion or adverse opinion).
As per ISA 701:

 A qualified opinionis expressed when the engagement partner concludes that an unqualified opinion
cannot be expressed but that the effect of any disagreement with management, or limitation on scope
is not so material and pervasive as to require an adverse opinion or a disclaimer of opinion. A qualified
opinion should be expressed as being ‘except for’ the effects of the matter to which the qualification
relates.
 A disclaimer of opinionis expressed when the possible effect of a limitation on scope is so material
and pervasive that the engagement team has not been able to obtain sufficient appropriate audit evidence
and accordingly is unable to express an opinion on the financial statements.
 An adverse opinionis expressed when the effect of a disagreement is so material and pervasive to the
financial statements that the engagement partner concludes that a qualification of the report is not
adequate to disclose the misleading or incomplete nature of the financial statements.
Whenever the auditor expresses an opinion that is other than unqualified, a clear description of all the
substantive reasons should be included in the report and, unless impracticable, a quantification of the
possible effect(s) on the financial statements. This information is normally set out in a separate paragraph
preceding the opinion or disclaimer of opinion and may include a reference to a note to the financial
statements that more extensively discusses the matter.
www.mdarasa.com
+254708068851

mDarasa Resources
Audit Reporting When Disclosure of Material Uncertainty Is Inadequate
The following is an illustration of the relevant paragraphs when a qualified opinion is to be expressed:
i) Basis for Qualified Opinion

The Company’s financing arrangements expire and amounts outstanding are payable on March 19, 20X1.
The Company has been unable to re-negotiate or obtain replacement financing. This situation indicates
the existence of a material uncertainty that may cast significant doubt on the Company’s ability to
continue as a going concern and therefore the Company may be unable to realize its assets and discharge
its liabilities in the normal course of business. The financial statements (and notes thereto) do not fully
disclose this fact.
ii) Qualified Opinion

In our opinion, except for the incomplete disclosure of the information referred to in the Basis for
Qualified Opinion paragraph, the financial statements present fairly, in all material respects (or “give a
true and fair view of”), the financial position of the Company as at December 31, 20X0, and of its
financial performance and its cash flows for the year then ended in accordance with …
The following is an illustration of the relevant paragraphs when an adverse opinion is to be expressed:
iii) Basis for Adverse Opinion

The Company’s financing arrangements expired and the amount outstanding was payable on December
31, 20X0. The Company has been unable to re-negotiate or obtain replacement financing and is
considering filing for bankruptcy. These events indicate a material uncertainty that may cast significant
doubt on the Company’s ability to continue as a going concern and therefore the Company may be unable
to realize its assets and discharge its liabilities in the normal course of business. The financial statements
(and notes thereto) do not disclose this fact.
iv) Adverse Opinion

In our opinion, because of the omission of the information mentioned in the Basis for Adverse Opinion
paragraph, the financial statements do not present fairly (or “give a true and fair view of”) the financial
position of the Company as at December 31, 20X0, and of its financial performance and its cash flows for
the year then ended in accordance with …
Limitation on Scope
A limitation in the scope of the auditor’s work can arise in the following circumstances:
i) When the limitation in scope is imposed by the entity (for example, as a result of the terms of
engagement).
ii) When the limitation on scope is imposed by circumstances (for example, the timing of the auditor’s
appointment is such that the auditor is unable to observe the counting of inventories or when the entity’s
accounting records are inadequate and the auditor is unable to carry out reasonable alternative
procedures to obtain sufficient appropriate audit evidence to support an unqualified opinion).
www.mdarasa.com
+254708068851

mDarasa Resources
When there is a limitation on the scope of the auditor’s work that requires expression of a qualified opinion
or a disclaimer of opinion, the auditor’s report should describe the limitation and indicate the possible
adjustments to the financial statements that might have been determined to be necessary had the limitation
not existed.
Disagreement with Management

Where the disagreement with management is material to the financial statements, the auditor should express
a qualified or an adverse opinion. Examples of disagreements with management are:
i) Disagreement on accounting policies due to inappropriate accounting method (qualified opinion).

ii) Disagreement on accounting policies due to inadequate disclosure (qualified or adverse opinion).
Issuing Financial Statements

The date of issue of the financial statements is the date that the auditor’s report and audited financial
statements are made available to third parties, which may be, in many circumstances, the date that they are
filed with a regulatory authority.
The audited financial statements are ordinarily sent for the directors’ approval after the engagement partner
is satisfied that sufficient and appropriate audit evidence has been obtained to arrive at the conclusion on
whether the financial statements give a true and fair view in accordance with IFRS and the Kenyan
Companies Act.
Signing the Financial Statements

The engagement partner will sign and date the auditor’s report on or after the date on which the financial
statements are signed or approved by the directors. The engagement partner will consider the effect on the
financial statements of all events and transactions that materially affect the financial statements from the
date of conclusion of fieldwork to the date of signing the auditor’s report. The engagement partner will also
ensure that written representation from management on all matters material to the financial statements,
when other sufficient appropriate audit evidence cannot reasonably be expected to exist, has been received
and is dated the same date as the auditor’s report.
www.mdarasa.com
+254708068851

Advanced Auditing &amp; Assurance

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Advanced Auditing &amp; Assurance

Uploaded by

Copyright:

Available Formats

mDarasa Resources

ADVANCED AUDITING & ASSURANCE

CERTIFIED PUBLIC ACCOUNTANT

ADVANCED AUDITING & ASSURANCE

REVISED JULY 2018

ADVANCED AUDITING & ASSURANCE

17.2 Audit framework and regulations

17.3 Professional and ethical considerations

17.4 Management of audit practice

17.5 Audit evaluation and reviews

17.6 Audit related assurance services

ADVANCED AUDITING & ASSURANCE

17.7 Forensic accounting

17.8 Audit clearance and reporting

17.9 Emerging issues and trends

ADVANCED AUDITING & ASSURANCE

 Theconcept of assurance and non-assurance engagements

ADVANCED AUDITING & ASSURANCE

ELEMENTS ASSURANCE ENGAGEMENT.

1. A three-party relationship involving a practitioner, a responsible party, and intended

Appropriate Subject Matter

 Financial performance or conditions

ADVANCED AUDITING & ASSURANCE

An appropriate subject matter is

 Identifiable and capable of consistent evaluation or measurement against the identified

Sufficient Appropriate Evidence

 Sufficiency is the measure of the quantity of evidence

The following are the characteristics of a criteria to be considered suitable:

 Relevance – contribute to conclusions that assist decision-making by the intended users.

ADVANCED AUDITING & ASSURANCE

Types of Assurance Engagements

IMPORTANCE OF ASSURANCE ENGAGEMENTS

1. Potential bias in providing information

LIMITATIONS OF ASSURANCE ENGAGEMENTS

ADVANCED AUDITING & ASSURANCE

LEVELS OF ASSURANCE ENGAGEMENT

A reduction in assurance Sufficient appropriate evidence is

ADVANCED AUDITING & ASSURANCE

An audit is an objective examination and evaluation of the financial statements of an

Definition and Objective of an Assurance Engagement

“Assurance engagement” means an engagement in which a practitioner expresses a conclusion

ADVANCED AUDITING & ASSURANCE

Benchmarks used to evaluate or measure the subject matter

AGREED UPON PROCEDURES

 Agreed upon Procedures

Information prepared in accordance with appropriate criteria.

In an engagement to perform agreed-upon procedures, an auditor is engaged to carry out those

In a compilation engagement, the accountant is engaged to use accounting expertise as opposed to

ADVANCED AUDITING & ASSURANCE

In a compilation engagement, the accountant is engaged to use accounting expertise as opposed to

The need for assurance reports is increasing because for example,

An assurance engagement is an engagement in which the practitioner expresses a conclusion

ISAs, ISREsand ISAE s establish basic elements of assurance reports.

The form of assurance given maybe reasonable assurance or limited assurance.

A reasonable assurance engagement expresses an opinion in a positive form while a limited

ADVANCED AUDITING & ASSURANCE

ADVANCED AUDITING & ASSURANCE

 Objective and general principles

ADVANCED AUDITING & ASSURANCE

An audit is an objective examination and evaluation of the financial statements of an

A. PRIMARY OBJECTIVES OF AUDIT

B. SUBSIDIARY OBJECTIVES OF AUDIT

ADVANCED AUDITING & ASSURANCE

ii. Detection and prevention of frauds

Advanced Auditing & Assurance

Advanced Auditing & Assurance