Professional Documents
Culture Documents
www.mdarasa.com
Mobile Phone Application
+254708068851
SECTION 6
CLASS NOTES
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
CONTENT
TOPIC 1
17.1 Assurance and non-assurance
www.mdarasa.com
Mobile Phone Application
+254708068851
TOPIC 1
ASSURANCE AND NON-ASSURANCE
ASSURANCE AND NON-ASSURANCE CONCEPT
Auditing the independent examination of and expression of opinion on, the financial statements
of an enterprise by an appointed auditor in pursuance of that appointment and in compliance with
any relevant statutory obligation
Auditor—“Auditor” is used to refer to the person or persons conducting the audit, usually the
engagement partner or other members of the engagement team, or, as applicable, the firm. Where
an ISA expressly intends that a requirement or responsibility be fulfilled by the engagement
partner, the term “engagement partner” rather than “auditor” is used. “Engagement partner” and
“firm” are to be read as referring to their public sector equivalents where relevant.
Audit This is the independent investigation into the quality of published accounting information.
Auditing the independent examination of and expression of opinion on, the financial statements
of an enterprise by an appointed auditor in pursuance of that appointment and in compliance with
any relevant statutory obligation
There are five elements that must all be present in order to qualify the engagement as an
assurance engagement. (TSECA)
The subject matter and the subject matter information of an assurance engagement can take many
forms, such as:
Suitable Criteria
www.mdarasa.com
Mobile Phone Application
+254708068851
1. As to level of assurance:
a) Reasonable Assurance
The objective is a reduction in assurance engagement risk to an acceptably low level as the basis
for a positive form of expression of a practitioner’s conclusion. (e.g., audit of historical financial
statements)
b) Limited Assurance
The objective is a reduction in assurance engagement risk to a level that is acceptable in the
circumstances of the engagement, but where the risk is greater that for a reasonable assurance
engagement, as the basis for a negative form of expression of the practitioner’s conclusion. (e.g.,
review of historical financial statements
2. As to structure of engagement:
a) Assertion-based
The evaluation or measurement of the subject matter is performed by the responsible party, and
the subject matter information is in the form of assertion to the intended users.
b) Direct Reporting
The practitioner either directly performs the evaluation or measurement of the subject matter, or
obtains a representation from the responsible party that has performed the evaluation or
measurement that is not available to intended users. The subject matter information is provided
to the intended users in the assurance report.
www.mdarasa.com
Mobile Phone Application
+254708068851
The assurance
Type of
Objective Evidence gathering procedures engagement
engagement
report
Sufficient appropriate evidence is
obtained as part of a systematic
A reduction in assurance assurance engagement process that
engagement risk to an includes:
Description of
acceptably low level in the
the assurance
circumstances of the obtaining an understanding
engagement
Reasonable assurance engagement, as of the assurance engagement
circumstances,
assurance the basis for a positive circumstances
and a positive
engagement form of expression of the assessing risks
form of
auditor’s conclusion. responding to assessed risks
expression of the
Reasonable assurance performing further evidence
conclusion.
means a high but not gathering procedures, and
absolute level of assurance. evaluating the evidence
obtained.
NON-ASSURANCE ENGAGEMENTS
www.mdarasa.com
Mobile Phone Application
+254708068851
1. Agreed-upon procedures
2. Compilations engagements
3. Preparation of Income tax returns where no conclusion conveying assurance is expressed
4. Management advisory services and Consulting
5. Engagement that includes rendering of professional opinions not intended to be an
assurance report
Auditor—“Auditor” is used to refer to the person or persons conducting the audit, usually the
engagement partner or other members of the engagement team, or, as applicable, the firm. Where
an ISA expressly intends that a requirement or responsibility be fulfilled by the engagement
partner, the term “engagement partner” rather than “auditor” is used.
Practitioner:
The person who performs the engagement. It is broader than the term “auditor” which relates
only to practitioners performing audit or review engagements with respect to historical financial
information
Responsible Party:
The person responsible for the subject matter in direct reporting engagement or subject matter
information (the assertion), and may be the subject matter in an assertion-based engagement. The
responsible party may or may not be the party who engages the practitioner or the engaging
party.
Intended Users:
www.mdarasa.com
Mobile Phone Application
+254708068851
Suitable Criteria:
Professional Skepticism:
An attitude that includes a questioning mind, being alert to conditions which may indicate
possible misstatement due to error or fraud, and a critical assessment of evidence.
Non-assurance Engagements
Reviews
The objective of a review of financial statements is to enable an auditor to state whether, on the
basis of procedures which do not provide all the evidence that would be required in an audit,
anything has come to the auditor’s attention that causes the auditor to believe that the
financial statements are not prepared, in all material respects, in accordance with an identified
financial reporting framework. A similar objective applies to the review of financial or other
Agreed-upon Procedures
Compilations
The objective of compilations is to collect, summarize and classify financial information i.e.
using accounting rather than auditing expertise into understandable form e.g. financial
statements
ASSURANCE REPORTS
The need quicker and better information for decision making in increasingly competitive
business environment.
The complexity of systems and the anonymity of the internet present potential barriers to
growth.
The need for independent assurance that decisions are made based on reliable information.
The practitioner provides a written report containing a conclusion that conveys the assurance
obtained about the subject matter information. He or she also considers othe reporting
responsibilities including communicating with those charged with governance.
www.mdarasa.com
Mobile Phone Application
+254708068851
CONTENT
www.mdarasa.com
Mobile Phone Application
+254708068851
TOPIC 2
17.2 Audit framework and regulations
www.mdarasa.com
Mobile Phone Application
+254708068851
TOPIC 2
AUDIT FRAMEWORK AND REGULATIONS
OBJECTIVES AND PRINCIPLES
Auditing the independent examination of and expression of opinion on, the financial statements
of an enterprise by an appointed auditor in pursuance of that appointment and in compliance with
any relevant statutory obligation
Auditor—“Auditor” is used to refer to the person or persons conducting the audit, usually the
engagement partner or other members of the engagement team, or, as applicable, the firm. Where
an ISA expressly intends that a requirement or responsibility be fulfilled by the engagement
partner, the term “engagement partner” rather than “auditor” is used.
The broad regulations that govern the Accounting profession in Kenya are set out in the
Accountants Act, Chapter 531 of the Laws of Kenya.
The act establishes various bodies to regulate the profession in Kenya. These are detailed below
with their major respective functions summarised.
www.mdarasa.com
Mobile Phone Application
+254708068851
Functions:
• Register accountants who are effectively graduates of IAS / IFRSNEB examinations or hold
qualifications recognised by RAB (Section 23 & 24).
• Promote research into the subjects of accountancy and finance and related
matters, publication of books, periodicals, journals and articles;
4. Disciplinary Committee
d) Registration be cancelled;
www.mdarasa.com
Mobile Phone Application
+254708068851
The organisation adopted by most of the large firms in Kenya involves a pyramid structure
that is usually made up as follows:
Partner
Manager
Accountant in Charge
The preface to the International Standards on Quality Control, Auditing, Assurance and Related
Services (International Standards or IAASB’s Standards) is issued to facilitate understanding of
the objectives and operating procedures of the International Auditing and Assurance Standards
Board (IAASB) and the scope and authority of the pronouncements it issues, as set forth in the
IAASB’s Interim Terms of Reference.
The mission of the International Federation of Accountants (IFAC), as set out in its constitution,
is “the worldwide development and enhancement of an accountancy profession with harmonized
standards, able to provide services of consistently high quality in the public interest.”
In pursuing this mission, the IFAC Board has established the IAASB to develop and issue, under
its own authority, high quality standards on auditing, assurance and related services engagements
(IAASB’s Engagement Standards, as defined in paragraph 14),
related Practice Statements and quality control standards for use around the world.
The IAASB’s pronouncements govern audit, assurance and related services engagements that are
conducted in accordance with International Standards.
They do not override the local laws or regulations that govern the audit of historical financial
statements or assurance engagements on other information in a particular country required to be
www.mdarasa.com
Mobile Phone Application
+254708068851
engagement conducted in accordance with local laws or regulations will not automatically comply
with them. A professional accountant should not represent compliance with the IAASB’s
Engagement Standards unless the professional accountant has complied fully with all of those
relevant to the engagement.
The IAASB is committed to the goal of developing a set of International Standards generally
accepted worldwide. To further this goal, the IAASB works cooperatively with national standard
setters, and takes a lead role in joint projects with them, to promote convergence between national
and international standards and achieve acceptance of IAASB’s Standards.
The IAASB is a Board established by IFAC. The members of the IAASB are appointed by the
IFAC Board to serve on the IAASB.
IAASB members act in the common interest of the public at large and the worldwide accountancy
profession. This could result in their taking a position on a matter that is not in
accordance with current practice in their country or firm or not in accordance with the position
taken by those who put them forward for membership of the IAASB. Each IAASB member has
the right to appoint one technical advisor who may participate in the discussions at IAASB
meetings.
IAASB meetings to discuss the development and to approve the issuance of International
Standards, Practice Statements or other papers are open to the public. Agenda papers, including
minutes of the meetings of the IAASB, are published on the IAASB’s website.
International Standards on Auditing (ISAs) are to be applied in the audit of historical financial
information.
www.mdarasa.com
Mobile Phone Application
+254708068851
ISAs, ISREs, ISAEs and ISRSs are collectively referred to as the IAASB’s Engagement
Standards.
International Standards on Quality Control (ISQCs) are to be applied for all services falling
under the IAASB’s Engagement Standards.
The IAASB’s Standards contain basic principles and essential procedures (identified in bold type
lettering) together with related guidance in the form of explanatory and other material, including
appendices. The basic principles and essential procedures are to be understood and applied in the
context of the explanatory and other material that provide guidance for their application. It is
therefore necessary to consider the whole text of a Standard to understand and apply the basic
principles and essential procedures.
The nature of the IAASB’s Standards requires professional accountants to exercise professional
judgment in applying them. In exceptional circumstances, a professional accountant may judge it
necessary to depart from a basic principle or essential procedure of an Engagement Standard to
achieve more effectively the objective of the engagement. When such a situation arises, the
professional accountant should be prepared to justify the departure.
Any limitation of the applicability of a specific International Standard is made clear in the standard.
AUDITORS LIABILITY
Where the auditor’s legal liability falls. We need therefore to refer to decided cased in other
countries. But even in those countries there are in fact very few decided cases against auditors. In
those countries, the vast majority of actions against auditors are settled out of court. This saves
what could otherwise be very expensive court costs. It is also significant to note that this saves
dragging the professional firm's name through the courts and most likely through the
newspapers. Firms are of course anxious to avoid such bad publicity.
It is however generally known that the auditor's liability falls under three specific headings:
(c) Civil and criminal liability under statute law and we will deal with each in turn:
www.mdarasa.com
Mobile Phone Application
+254708068851
(a) he fails to detect fraud or error which he should reasonably have detected;
(b) if he fails to comply with generally accepted auditing standards and practices.
However, it is also generally held that for an auditor to suffer actual financial loss, the following
conditions must be met.
iii. the loss must be as a direct consequence of his reliance on the auditor's report and the
auditors negligence.
Therefore if the auditor fails to detect a fraud which is immaterial to the accounts and unless there
are suspicious circumstances which he had noticed or should reasonably have noticed, it is unlikely
that he will be held negligent.
Even if the fraud was material to the accounts, he may still escape liability if detection could not
reasonably have been achieved using normal audit procedures. It must be admitted however this
is a very dubious area of law.
The auditor has no duty to individual shareholders. A shareholder who makes an investment
decision by relying on the auditor's report and suffers loss cannot claim under the law of
contract. Only if the company as a whole has suffered, can the whole body of shareholders claim
from the auditor.
In a number of cases it appears that claims have arisen as a result of some misunderstanding as to
the degree of responsibility which the accountant was expected to take in giving advice or
expressing an opinion. It is therefore important, to distinguish between disputes arising from
misunderstanding regarding the duties assumed, and negligence in carrying out agreed terms
For a long time liability to third parties existed only in respect to physical injury. Liability for
financial loss is a recent development. Examples of occasions when an accountant may run the
risk of insuring a liability to third parties may include the following:
www.mdarasa.com
Mobile Phone Application
+254708068851
Again, it must be shown that the accountant was negligent, third parties suffered a financial loss,
the financial loss occurred as a result of the accountant's negligence and that the accountant knew
the purpose for which his report or accounts were to be used.
Civil liability: Section 206 of the Companies Act provides that officers of the company and for
these purposes auditors are considered as officers, may be liable for financial damages in respect
of the civil offences of misfeasance and breach of trust. This section which is only relevant to
winding up refers to a situation where officers have misused their position of authority for the
purposes of personal gain.
Criminal liability: Section 46 of the Companies Act states that an auditor shall be criminally
liable if he wilfully makes a materially false statement in any report, certificate, financial statement
etc. Wilfully implies fraudulently and can be difficult to prove. Whereby, it is held that where
an officer of a body corporate with intent to deceive members or creditors, publishes or concurs in
publishing a written statement of account which to his knowledge is or may be misleading, false
or deceptive in a material particular he shall on conviction be liable to imprisonment for a term not
exceeding 7 years.
• Questionable payments;
ILLEGAL ACTS
Auditors may uncover criminal offences committed by a client or an employee of the client. This
puts them in a difficult position, but the auditor should act carefully and correctly and if necessary,
take legal advice. The auditor must not commit a criminal offence himself. It is felt that he would
have committed a criminal offence if:
www.mdarasa.com
Mobile Phone Application
+254708068851
(c) If he agrees with a client to conceal or destroy evidence or mislead the police with
false statements;
(d) If he knows that his client has committed an arrest able offence and tries to impede
his arrest and prosecution. Impede does not include refusing to answer questions or refusing to
produce documents without the client's consent;
(e) If he knows that his client has committed an offence and agreed to accept
consideration to withhold information;
(f) If he knows that the client has committed treason and fails to report the offence to the
proper authority.
When an auditor discovers unlawful acts, usually he is not expected to disclose to the police or
other authorities unless:
ii. That disclosure is compelled by process of law for example, a court order;
iv. The circumstances are such that the auditor has a public duty to disclose, for
example, when the client has committed a serious crime or his act treasonable
CONTENT
www.mdarasa.com
Mobile Phone Application
+254708068851
TOPIC 3
17.3 Professional and ethical considerations
www.mdarasa.com
Mobile Phone Application
+254708068851
TOPIC 3
PROFESSIONAL AND ETHICAL
CONSIDERATIONS
Requirements
The auditor shall comply with relevant ethical requirements, including those pertaining to
independence, relating to financial statement audit engagements.
(a) Integrity;
(b) Objectivity;
Part B of the IESBA Code illustrates how the conceptual framework is to be applied in specific
situations.
www.mdarasa.com
Mobile Phone Application
+254708068851
Fundamental Principles
The IESBA Code of Ethics requires accountants to adhere to five fundamental principles:
Compliance with the fundamental principles may potentially be threatened by a broad range of
circumstances. Many threats fall into the following categories:
a. Self-interest threats, which may occur as a result of the financial or other interests of a
professional accountant or of an immediate or close family" member;
b. Self-review threats, which may occur when a previous judgment needs to be re-valuated
by the professional accountant responsible for that judgment;
c. Advocacy threats, which may occur when a professional accountant promotes a position
or opinion to the point that subsequent objectivity may be compromised;
d. Familiarity threats, which may occur when, because of a close relationship, a professional
accountant becomes too sympathetic to the interests of others; and
e. Intimidation threats, which may occur when a professional accountant may be deterred
from acting objectively by threats, actual or perceived.
Safeguards that may eliminate or reduce such threats to an acceptable level fall into two broad
categories:
www.mdarasa.com
Mobile Phone Application
+254708068851
Safeguards created by the profession, legislation or regulation include, but are not restricted to:
Educational, training and experience requirements for entry into the profession.
Continuing professional development requirements.
Corporate governance regulations.
Professional standards.
Professional or regulatory monitoring and disciplinary procedures.
Externally review by a legally empowered third party of the reports, returns,
communications or information produced by a professional accountant.
Certain safeguards may increase the likelihood of identifying or deterring unethical behavior.
Such safeguards, which may be created by the accounting profession, legislation, regulation or
an employing organization, include, but are not restricted to:
The nature of the safeguards to be applied will vary depending on the circumstances. In
exercising professional judgment, a professional accountant should consider what a reasonable
and informed third party, having knowledge of all relevant information, including the
significance of the threat and the safeguards applied, would conclude to be unacceptable.
ADVERTISING
PUBLICITY
www.mdarasa.com
Mobile Phone Application
+254708068851
AUDIT FEES
General basis on which fees are computed should be set out in the letter of engagement.
Members can charge whatever they consider appropriate. The following factors should be
considered;
A firm may obtain assurance engagement for a fee level that is significantly lower than that charged
by the predecessor firm or quoted by another firm. This creates a self interest threat that will not
be reduced to an acceptable level unless the firm can demonstrate that appropriate time and
qualified staff are assigned to the task and that all applicable assurance standards, guidelines and
quality control procedures are complied with
Contingency fee means that no fee is charged unless a specified finding or result is obtained.
Fess should not be charged on a %’ contingency or similar basis except where it is generally
accepted
Fee quotations - If a fee quotation is not economical, there maybe a self-interest threat. The firm
must be able to demonstrate that appropriate time and qualified staff are assigned to the task and
that all applicable assurance standards guidelines and quality control procedures are being
complied with
www.mdarasa.com
Mobile Phone Application
+254708068851
MONEY LAUNDERING
Money laundering is the process by which funds derived from criminal activity (“dirty money”)
are given the appearance of having been legitimately obtained, through a series of transactions in
which the funds are cleaned. Its purpose is to provide a legitimate cover for the source of the
money.
Money laundering is a global phenomenon that affects all countries to varying degrees. By its
very nature, it is a hidden activity and involves various actor and is a white collar crime.
It is important for auditors conducting forensic audit to understand what money laundering
entails, the International and domestic legal and institutional framework to combat money
laundering.
FORENSIC INVESTIGATION IN ML
Crime investigation mainly involves forensic auditing of accounts and documents, examination
of bank statements and various records and statements filed by the companies or Govt. Agencies.
} Forensic auditing is a technique to legally determine whether accounting transactions are in
consonance with various accounting, auditing and legal requirements and eventually determine
whether any crime has taken place.
PROFESSIONAL SKEPTICISM
The auditor shall plan and perform an audit with professional skepticism recognizing that
circumstances may exist that cause the financial statements to be materially misstated.
Maintaining professional skepticism throughout the audit is necessary if the auditor is, for
example, to reduce the risks of:
www.mdarasa.com
Mobile Phone Application
+254708068851
Professional Judgment
The auditor shall exercise professional judgment in planning and performing an audit of financial
statements.
CONTENT
www.mdarasa.com
Mobile Phone Application
+254708068851
TOPIC 4
17.4 Management of audit practice
www.mdarasa.com
Mobile Phone Application
+254708068851
TOPIC 4
MANAGEMENT OF AUDIT PRACTICE
CLIENT ACCEPTANCE AND RETENTION
The audit acceptance and planning process can be compared to a road map which gives
directions and guidance for the audit team to follow throughout the audit in order to help it reach
the correct final conclusion, i.e. whether the financial statements give a true and fair view of the
position of the company at the end of the accounting period.
The issues and activities that an auditor must consider prior to commencement of the fieldwork of
an audit are of vital importance. These are referred to as the audit acceptance and planning stages.
Identification of these various stages will assist the auditor to recognise key areas of risk and
concerns, which in turn will help the auditor make decisions such as:
The process of audit acceptance, planning and subsequent undertaking and completion of the
audit can be broadly distilled into four phases, namely;
Phase 2 is critical to the success of Phases 3 and 4. This is because if not adequately planned or
an inappropriate strategy is adopted the approach to performing the audit and gathering evidence
may not be suitable, resulting in sufficient evidence not being obtained by the audit team, and an
incorrect audit opinion being issued
www.mdarasa.com
Mobile Phone Application
+254708068851
Audit firms should establish policies and procedures for the acceptance and continuance of client
relationships and specific engagements.
These should be designed to provide the firm with reasonable assurance that it will only
undertake or continue relationships and engagements where the three principles listed above are
met.
The key point is that an audit firm does not want to engage with a client who brings with it
unacceptable levels of risk; thus it is essential that a thorough assessment is made of the
prospective engagement prior to the firm becoming engaged with the client.
Issues to be considered in relation to integrity, competency and ethics that the auditor may have
cause to address, are various. A sample of such issues are outlined below: Integrity of the Client:
Client Reputation
Nature of Client Operations
Attitudes of Key Players (Aggressive Standards Interpretation / internal controls / Low
audit fees / limiting scope of work)
Money Laundering
Outgoing auditors (reason).
Ethical Considerations:
Where issues arise out of any of the above considerations, the firm must conduct appropriate
consultations with the client or third parties. Should the firm then decide to engage with the
www.mdarasa.com
Mobile Phone Application
+254708068851
In the event that no such issues are raised in regards to the client the firm may issue the
engagement letter.
The final decision as to whether to engage with a new client or continue engaging with an
existing client is the responsibility of the audit engagement leader:
“The engagement partner should be satisfied that appropriate procedures regarding the
acceptance and continuance of client relationships and audit engagements have been
followed, and shall determine that conclusions reached in this regard are appropriate” ISA
220 – Quality Control for Audits of Financial Statements Paragraph 12
The auditor and the client should agree terms of the engagement and the terms should be
recorded in writing.
The issuing of an engagement letter is in the interest of both the firm and the client, as it helps
avoid any misunderstandings with respect to the engagement.
The client and the auditor should agree on all terms of the engagement and the signing of the
engagement letter is the recognition of this agreement.
A new engagement letter may not be required each year of a continuing engagement. However,
each year the auditor should consider whether circumstances require the terms of the engagement
to be revised and whether there is a need to remind the client of the existing terms of the
engagement. Alternatively, the client may request a change to the terms of the engagement.
www.mdarasa.com
Mobile Phone Application
+254708068851
The auditor may approach the process by identifying two main areas of planning namely;
This part of the procedure is performed in conjunction with all members / levels of the audit
team and with their experience and competencies in mind
Audit Strategy
There must be consideration of a number of key factors in order to ensure the detailed plan is the
most efficient approach and hence assists in guiding the detailed audit plan. Some key factors
include:
Adequate audit planning should benefit an audit of financial statements in a number of facets,
some of which are listed below:
The auditor must develop an understanding of internal control function within the entity (see ISA
315) by considering the following factors:
www.mdarasa.com
Mobile Phone Application
+254708068851
Updating Materiality
Sample Question
You are planning the audit of Lonco Ltd (Lonco) for the year ended 31 December 20X5. The
company manufactures and sells products made from imported timber.
In recent years, the company has expanded into the manufacture of quality childrens’ garden
swings and jungle gyms which are sold with a 10-year guarantee. Most sales are to domestic
customers, but the company also has a small export market which has grown steadily over the last
few years.
At your planning meeting with the finance director, the following matters were discussed:
www.mdarasa.com
Mobile Phone Application
+254708068851
Operating activities
During the year, the company’s revenue increased by 20% and the gross and operating margins
increased by 5% and 2% respectively. Inventory and trade receivable balances are significantly
higher than the previous year as a result of this increased activity.
Online ordering on the company’s website began in recent years. Internet orders have grown
steadily but still only represent a small percentage of the total of company sales however the
company continues to invest significant sums in the website to maintain its speed and ease of use
for customers.
Payroll
Following the successful implementation of a new computer system two years ago, payroll
processing, which had been outsourced for many years, was brought back in house from 1 March
2013. Management were unhappy with the service provided by the external payroll company,
and cancelled the contract. Additional staff has been recruited to process the payroll.
Managing director
The MD has announced his intention to sell his 100% shareholding in Lonco in order to
concentrate on his other business interests. Negotiations are underway with a potential buyer for
his shares.
Annual financial audits are required for all publicly held firms. Many private firms, especially
those that receive funding from investors, must also undergo a yearly audit. Depending on the
size and complexity of a company, financial audits may take place over several months and cost
a considerable amount of money. An audit tender process begins with a solicitation of bids.
Audit firms provide audit tender offers, submitted according to instructions detailed in the audit
services tender letter or request.
The soliciting firm sends an audit services tender letter to firms asking bids. Conditions are
stipulated in the document include the limit of only one tender per tenderer, the review and
approval process timeline, eligibility and selection criteria. The letter also discusses site visits
and related tender expenses.
www.mdarasa.com
Mobile Phone Application
+254708068851
Preparing Tenders
An audit firm prepares a tender document, which must adhere to certain conditions and contain
certain components as requested by the potential hiring firm. Each process may have its own
requirements, but generally, tenderers should include a draft contract. This contract should
include general conditions and address any special conditions. It should provide an explanation
of proposed terms and include a model of the financial bid for the audit project work.
Submitting Tenders
Audit firms must adhere to a formal tender submission process. The tender must be sealed and
delivered as specified by the potential client. A submission time and a date will be identified in
the invitation letter. Tenderers may submit variants of their proposals, but they must package and
seal them separately, marking them clearly as variants. Tenders received after the stated deadline
are usually not considered. If a tenderer wishes to alter or withdraw its tender, it must provide a
written explanation, delivered in the same way as the original tender.
Evaluating Offers
When the soliciting firm receives tenders, the evaluation process usually remains confidential
until the audit work is awarded. If the soliciting firm is a public entity, the tender offers might be
opened during a public meeting, resulting in a posted summary of the tender details. This could
include tenderers' names, prices, proposal variants and any other information considered
relevant. While the soliciting firm evaluates the offers, it may ask tenderers to provide
clarification on certain points or issues. The tenders will be reviewed on criteria such as
compliance with administrative, eligibility and technical requirements. Tenderers that meet the
technical requirements may be asked to submit additional technical documentation or samples.
Finally, tenders will undergo a financial evaluation where the soliciting firm evaluates the best
financial offer.
Upon selection of a qualified tender, the award will be stated in writing and delivered to the
winning firm. Unsuccessful bidding firms are also notified, usually with details on the winning
bidder, such as proposed price and name of the firm. The notice will also outline why the
unsuccessful bidder was rejected and note the deadline for filing an appeal.
APPOINTMENT OF AUDITORS
- Every company shall at each annual general meeting appoint an auditor or auditors to hold
office from the conclusion of that, until the conclusion of the next, annual general meeting.
- At any annual general meeting a retiring auditor, however appointed, shall be deemed to be
reappointed without any resolution being passed unless –
www.mdarasa.com
Mobile Phone Application
+254708068851
Provided that–
i) the company may at a general meeting remove any such auditors and appoint in their place
any other persons who have been nominated for appointment by any member of the
company and of whose nomination notice has been given to the members of the company
not less than fourteen days before the date of the meeting; and
ii) if the directors fail to exercise their powers under this subsection, the company in general
meeting may appoint the first auditors, and thereupon the said powers of the directors shall
cease.
The directors may fill any casual vacancy in the office of auditor, but while any such vacancy
continues the surviving or continuing auditor or auditors, if any, may act.
Remuneration
The remuneration of the auditors of a company–
i) In the case of an auditor appointed by the directors or by the registrar remuneration may be
fixed by the directors or by the registrar as the case may be;
ii) Subject to note (i) above, shall be fixed by the company in general meeting or in such manner
as the company in general meeting may determine.
www.mdarasa.com
Mobile Phone Application
+254708068851
Provided that note (ii) above shall not apply in the case of a private company.
- References in this subsection to an officer or servant shall be construed as not including
references to an auditor.
- A person shall also not be qualified for appointment as auditor of a company if he is,
disqualified for appointment as auditor of any other body corporate which is that company’s
subsidiary or holding company or a subsidiary of that company’s holding company, or would
be so disqualified if the body corporate were a company.
www.mdarasa.com
Mobile Phone Application
+254708068851
Auditors’ report and right of access to books and to attend and be heard at general
meetings
- The auditors shall make a report to the members on the accounts examined by them, and on
every balance sheet, every profit and loss account and all group accounts laid before the
company in general meeting during their tenure of office.
- The auditors’ report shall be read before the company in general meeting and shall be open to
inspection by any member.
- Every auditor of a company shall have a right of access at all times to the books and accounts
and vouchers of the company, and shall be entitled to require from the officers of the company
such information and explanation as he thinks necessary for the performance of the duties of
the auditors.
- The auditors of a company shall be entitled to attend any general meeting of the company
and to receive all notices of and other communications relating to any general meeting which
any member of the company is entitled to receive and to be heard at any general meeting
which they attend on any part of the business of the meeting which concerns them as
auditors.
PLANNING AN AUDIT
International Standard on Auditing (ISA) 300, Planning an Audit of Financial Statements
Introduction
ISA 300 requires the auditor to plan the audit so that the engagement is performed in an effective
manner. Planning also helps the firm perform the engagement efficiently. Planning involves
establishing and documenting the overall audit strategy for the engagement and developing
and documenting an audit plan, in order to reduce audit risk to an acceptably low level.
www.mdarasa.com
Mobile Phone Application
+254708068851
Planning is not a discrete phase of an audit, but a continual process that often begins shortly after
the completion of the previous audit and continues until the completion of the current audit
engagement.
Planning should in any case start before the accounting year-end to take into account year end
procedures which need to be carried out e.g. attendance at the annual inventory count or
circularisation of receivables. The nature and extent of planning will vary according to the size
and complexity of the entity, previous experience with the entity and changes in circumstances
that occur during the engagement.
Initial engagements
In case of initial engagements, while the planning elements remain the same as for recurring
engagements, the auditor may need to expand the planning activities as the auditor does not
necessarily have the previous experience with the entity that is considered when planning recurring
engagements.
Once the overall audit strategy has been established the auditor can commence the development
of a more detailed audit plan to address the various matters identified in the strategy. Although the
auditor establishes the overall audit strategy before developing the audit plan, the two activities
are not necessarily sequential processes but closely inter-related since changes in one may result
in changes to the other.
In case of audits of smaller entities where the audit is conducted by a very small audit team, the
development of an audit strategy need not be a complex process and a brief memorandum prepared
www.mdarasa.com
Mobile Phone Application
+254708068851
Helping the auditor to devote appropriate attention to important areas of the audit.
Helping the auditor identify and resolve potential problems on a timely basis.
Helping the auditor properly organize and manage the audit engagement so that it is
performed in an effective and efficient manner.
Assisting in the selection of engagement team members with appropriate levels of
capabilities and competence to respond to anticipated risks, and the proper assignment of
work to them.
Facilitating the direction and supervision of engagement team members and the review of
their work.
Assisting, where applicable, in coordination of work done by auditors of components and
experts
The objective of the auditor is to plan the audit so that it will be performed in an effective
manner.
Time Budgeting
Time budgets are an essential tool for monitoring the progress of an engagement, in determining
actual performance against the budget and to assist in future planning of audits.
www.mdarasa.com
Mobile Phone Application
+254708068851
When conducting the audit, the engagement team should aim to keep within the budget in so far
as is possible, but should never compromise the standard of his audit work, to keep within budget.
If it appears that there will be significant discrepancies between the budgeted time and the actual
time, the senior / manager should inform the manager/ partner as soon as possible, particularly
where additional time arises due to the client's shortcomings.
Time summaries should be prepared for all engagements and the total time spent should be
compared with the budgeted time and reasons given for significant variances. A record should be
kept of work which the engagement team have had to complete as a result of client shortcomings,
as a basis for additional charges if necessary.
Requirements
Involvement of Key Engagement Team Members
- The engagement partner and other key members of the engagement team shall be involved
in planning the audit, including planning and participating in the discussion among
engagement team members.
- The involvement of the engagement partner and other key members of the engagement
team in planning the audit draws on their experience and insight, thereby enhancing the
effectiveness and efficiency of the planning process
- Performing the preliminary engagement activities at the beginning of the current audit
engagement assists the auditor in identifying and evaluating events or circumstances that
may adversely affect the auditor’s ability to plan and perform the audit engagement.
- Performing these preliminary engagement activities enables the auditor to plan an audit
engagement for which, for example:
The auditor maintains the necessary independence and ability to perform the engagement.
www.mdarasa.com
Mobile Phone Application
+254708068851
There are no issues with management integrity that may affect the auditor’s willingness to
continue the engagement.
There is no misunderstanding with the client as to the terms of the engagement.
i) Audit plan
ii) Audit programme.
The audit planwill often be prepared by the manager, although preparation of parts or all of it may
be delegated to the senior. In case of high risk audits the partner may also be involved in preparing
the plan, particularly in the areas of materiality, risk assessment and approach to assessed risk and
sample sizes. The plan together with the tailored audit programmes setting out the nature, timing
and extent of the audit procedures to be adopted during the engagement should be completed and
www.mdarasa.com
Mobile Phone Application
+254708068851
In preparing the audit programme, consideration should be given to the specific assessment of risk
and the level of assurance to be provided by substantive procedures.
The use of unedited programmes does not constitute adequate planning as it could expose the
auditor to risks not covered in detail by the programme or result in the auditor carrying out
unnecessary tests thereby resulting in inefficiencies.
Planning Activities
- The auditor shall establish an overall audit strategy that sets the scope, timing and direction
of the audit, and that guides the development of the audit plan.
- In establishing the overall audit strategy, the auditor shall:
The resources to deploy for specific audit areas, such as the use of appropriately
experienced team members for high risk areas or the involvement of experts on complex
matters;
The amount of resources to allocate to specific audit areas, such as the number of team
members assigned to observe the inventory count at material locations, the extent of review
of other auditors’ work in the case of group audits, or the audit budget in hours to allocate
to high risk areas;
When these resources are to be deployed, such as whether at an interim audit stage or at
key cutoff dates; and
How such resources are managed, directed and supervised, such as when team briefing and
debriefing meetings are expected to be held, how engagement partner and manager reviews
are expected to take place (for example, on-site or off-site), and whether to complete
engagement quality control reviews.
The development and documentation of the overall audit strategy sets the scope, timing and
direction of the audit, and guides the development of the more detailed audit plan. It also helps to
ascertain the nature, timing and extent of the resources necessary to perform the engagement. In
developing the audit strategy, the engagement team may consider the experience gained on other
engagements performed for the entity.
The key components of an audit strategy include:
www.mdarasa.com
Mobile Phone Application
+254708068851
Once the overall audit strategy has been established, an audit plan can be developed to address
the various matters identified in the overall audit strategy, taking into account the need to achieve
the audit objectives through the efficient use of the auditor’s resources.
The establishment of the overall audit strategy and the detailed audit plan are not necessarily
discrete or sequential processes, but are closely inter-related since changes in one may result in
consequential changes to the other.
Establishing the overall audit strategy for the audit of a small entity need not be a complex or
time-consuming exercise; it varies according to the size of the entity, the complexity of the audit,
and the size of the engagement team. For example, a brief memorandum prepared at the
completion of the previous audit, based on a review of the working papers and highlighting
issues identified in the audit just completed, updated in the current period based on discussions
with the owner-manager, can serve as the documented audit strategy for the current audit
engagement if it covers the matters.
The auditor shall develop an audit plan that shall include a description of:
www.mdarasa.com
Mobile Phone Application
+254708068851
- The audit plan is more detailed than the overall audit strategy in that it includes the nature,
timing and extent of audit procedures to be performed by engagement team members.
Planning for these audit procedures takes place over the course of the audit as the audit plan
for the engagement develops. For example, planning of the auditor’s risk assessment
procedures occurs early in the audit process. However, planning the nature, timing and extent
of specific further audit procedures depends on the outcome of those risk assessment
procedures. In addition, the auditor may begin the execution of further audit procedures for
some classes of transactions, account balances and disclosures before planning all remaining
further audit procedures.
- The auditor shall update and change the overall audit strategy and the audit plan as necessary
during the course of the audit.
www.mdarasa.com
Mobile Phone Application
+254708068851
Documentation
The auditor shall include in the audit documentation:
a) The overall audit strategy;
b) The audit plan; and
c) Any significant changes made during the audit engagement to the overall audit strategy or
the audit plan, and the reasons for such changes.
The documentation of the overall audit strategy is a record of the key decisions considered
necessary to properly plan the audit and to communicate significant matters to the engagement
team. For example, the auditor may summarize the overall audit strategy in the form of a
memorandum that contains key decisions regarding the overall scope, timing and conduct of the
audit.
The documentation of the audit plan is a record of the planned nature, timing and extent of risk
assessment procedures and further audit procedures at the assertion level in response to the
assessed risks. It also serves as a record of the proper planning of the audit procedures that can
be reviewed and approved prior to their performance. The auditor may use standard audit
programs or audit completion checklists, tailored as needed to reflect the particular engagement
circumstances.
A record of the significant changes to the overall audit strategy and the audit plan, and resulting
changes to the planned nature, timing and extent of audit procedures, explains why the
significant changes were made, and the overall strategy and audit plan finally adopted for the
audit. It also reflects the appropriate response to the significant changes occurring during the
audit.
www.mdarasa.com
Mobile Phone Application
+254708068851
The purpose and objective of planning the audit are the same whether the audit is an initial or
recurring engagement. However, for an initial audit, the auditor may need to expand the planning
activities because the auditor does not ordinarily have the previous experience with the entity
that is considered when planning recurring engagements. For an initial audit engagement,
additional matters the auditor may consider in establishing the overall audit strategy and audit
plan include the following:
Unless prohibited by law or regulation, arrangements to be made with the predecessor
auditor, for example, to review the predecessor auditor’s working papers.
Any major issues (including the application of accounting principles or of auditing and
reporting standards) discussed with management in connection with the initial selection as
auditor, the communication of these matters to those charged with governance and how these
matters affect the overall audit strategy and audit plan.
The audit procedures necessary to obtain sufficient appropriate audit evidence regarding
opening balances.
Other procedures required by the firm’s system of quality control for initial audit
engagements (for example, the firm’s system of quality control may require the involvement
of another partner or senior individual to review the overall audit strategy prior to
commencing significant audit procedures or to review reports prior to their issuance).
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
Any changes to the audit strategy and plan needs to be documented giving reasons for significant
changes and the auditor’s response to the events, conditions or results of audit procedures that
resulted in such changes. The changes need to be discussed and approved by the partner.
In case of smaller entities where the audit is carried out entirely by the engagement partner, the
partner needs to ensure that the audit has been conducted in accordance with ISA’s. In such cases
the partner needs to ensure that he takes an objective view on the appropriateness of the judgements
made in the course of the audit, and where desirable, on complex or unusual issues, the partner
undertakes appropriate consultations.
Objective
The objective of the auditor is to identify and assess the risks of material misstatement, whether
due to fraud or error, at the financial statement and assertion levels, through understanding the
entity and its environment, including the entity’s internal control, thereby providing a basis for
designing and implementing responses to the assessed risks of material misstatement.
Risk assessment procedures are performed at the planning stage of an audit to obtain an
understanding of the entity being audited and to identify any areas of concern which could result
in material misstatements in the financial statements. They allow the auditor to assess the nature,
timing and extent of audit procedures to be performed.
ISA 315 Risk Assessments and Internal Controls states that the auditor should obtain an
understanding of the accounting and internal control systems sufficiently to plan the audit and
develop an effective audit approach. The auditor should use professional judgment to assess
audit risk and to design audit procedures to ensure it is reduced to an acceptably low level.
Sources of audit evidence that can be used as part of risk assessment procedures.
- Inquiries of management
- Prior year financial statement
- Current year management accounts and budgets
www.mdarasa.com
Mobile Phone Application
+254708068851
Definitions
For purposes of the ISAs, the following terms have the meanings attributed below:
a) Assertions – Representations by management, explicit or otherwise, that are embodied in the
financial statements, as used by the auditor to consider the different types of potential
misstatements that may occur.
b) Business risk – A risk resulting from significant conditions, events, circumstances, actions
or inactions that could adversely affect an entity’s ability to achieve its objectives and
execute its strategies, or from the setting of inappropriate objectives and strategies.
c) Internal control – The process designed, implemented and maintained by those charged
with governance, management and other personnel to provide reasonable assurance about the
achievement of an entity’s objectives with regard to reliability of financial reporting,
effectiveness and efficiency of operations, and compliance with applicable laws and
regulations. The term “controls” refers to any aspects of one or more of the components of
internal control.
d) Risk assessment procedures – The audit procedures performed to obtain an understanding
of the entity and its environment, including the entity’s internal control, to identify and assess
the risks of material misstatement, whether due to fraud or error, at the financial statement
and assertion levels.
e) Significant risk – An identified and assessed risk of material misstatement that, in the
auditor’s judgment, requires special audit consideration.
www.mdarasa.com
Mobile Phone Application
+254708068851
The Required Understanding of the Entity and Its Environment, Including the Entity’s
Internal Control
a) Management, with the oversight of those charged with governance, has created and
maintained a culture of honesty and ethical behavior; and
b) The strengths in the control environment elements collectively provide an appropriate
foundation for the other components of internal control, and whether those other components
are not undermined by deficiencies in the control environment.
- The auditor shall obtain an understanding of how the entity communicates financial reporting
roles and responsibilities and significant matters relating to financial reporting, including:
(a) Communications between management and those charged with governance; and
(b) External communications, such as those with regulatory authorities.
Monitoring of controls
- The auditor shall obtain an understanding of the major activities that the entity uses to
monitor internal control relevant to financial reporting, including those related to those
control activities relevant to the audit, and how the entity initiates remedial actions to
deficiencies in its controls.
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
If the auditor has determined that a significant risk exists, the auditor shall obtain an
understanding of the entity’s controls, including control activities, relevant to that risk.
Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate
Audit Evidence
In respect of some risks, the auditor may judge that it is not possible or practicable to obtain
sufficient appropriate audit evidence only from substantive procedures. Such risks may relate to
the inaccurate or incomplete recording of routine and significant classes of transactions or
account balances, the characteristics of which often permit highly automated processing with
little or no manual intervention. In such cases, the entity’s controls over such risks are relevant to
the audit and the auditor shall obtain an understanding of them.
Documentation
The auditor shall include in the audit documentation:
a) The discussion among the engagement team and the significant decisions reached;
b) Key elements of the understanding obtained regarding each of the aspects of the entity and
its environment specified in and of each of the internal control components; the sources of
information from which the understanding was obtained; and the risk assessment
procedures performed;
c) The identified and assessed risks of material misstatement at the financial statement level
and at the assertion level and
d) The risks identified, and related controls about which the auditor has obtained an
understanding,
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
Reviewing information obtained from external sources such as trade and economic
journals; reports by analysts, banks, or rating agencies; or regulatory or financial
publications.
Making inquiries of the entity’s external legal counsel or of valuation experts that the entity
has used.
Inquiries of Management, the Internal Audit Function and Others within the Entity
- Much of the information obtained by the auditor’s inquiries is obtained from management
and those responsible for financial reporting. Information may also be obtained by the
auditor through inquiries with the internal audit function, if the entity has such a function
and others within the entity.
- The auditor may also obtain information, or a different perspective in identifying risks of
material misstatement, through inquiries of others within the entity and other employees
with different levels of authority.
For example:
Inquiries directed towards those charged with governance may help the auditor
understand the environment in which the financial statements are prepared. ISA 260
identifies the importance of effective two-way communication in assisting the auditor to
obtain information from those charged with governance in this regard.
Inquiries of employees involved in initiating, processing or recording complex or unusual
transactions may help the auditor to evaluate the appropriateness of the selection and
application of certain accounting policies.
Inquiries directed toward in-house legal counsel may provide information about such
matters as litigation, compliance with laws and regulations, knowledge of fraud or
suspected fraud affecting the entity, warranties, post-sales obligations, arrangements
(such as joint ventures) with business partners and the meaning of contract terms.
Inquiries directed towards marketing or sales personnel may provide information about
changes in the entity’s marketing strategies, sales trends, or contractual arrangements
with its customers.
Inquiries directed to the risk management function (or those performing such roles) may
provide information about operational and regulatory risks that may affect financial
reporting.
Inquiries directed to information systems personnel may provide information about
system changes, system or control failures, or other information system-related risks.
- As obtaining an understanding of the entity and its environment is a continual, dynamic
process, the auditor’s inquiries may occur throughout the audit engagement.
www.mdarasa.com
Mobile Phone Application
+254708068851
ENGAGEMENT RISK
Engagement risk―This is the risk that the practitioner expresses an inappropriate conclusion
when the subject matter information is materially misstated.
- Engagement risk does not refer to or include the practitioner’s business risks such as loss
from litigation, adverse publicity, or other events arising in connection with a subject matter
information reported on.
- In general, engagement risk can be represented by the following components, although not
all of these components will necessarily be present or significant for all assurance
engagements:
(a) Risks that the practitioner does not directly influence, which may consist of:
(i) The susceptibility of the subject matter information to a material misstatement before
consideration of any related controls (inherent risk); and
(ii) The risk that a material misstatement that occurs in the subject matter information
will not be prevented, or detected and corrected, on a timely basis by the appropriate
party(ies)’s internal control (control risk); and
(b) Risks that the practitioner does directly influence, which may consist of:
(i) The risk that the procedures performed by the practitioner will not detect a material
misstatement (detection risk); and
(ii) In the case of a direct engagement, the risks associated with the practitioner’s
measurement or evaluation of the underlying subject matter against the applicable
criteria.
- The degree to which each of these components is relevant to the engagement is affected by
the engagement circumstances, in particular:
i) The nature of the underlying subject matter and the subject matter information. For
example, the concept of control risk may be more useful when the underlying subject
matter relates to the preparation of information about an entity’s performance than when
it relates to information about the effectiveness of a controls or the existence of a physical
condition.
ii) Whether a reasonable assurance or a limited assurance engagement is being performed.
For example, in limited assurance attestation engagements the practitioner may often
decide to obtain evidence by means other than tests of controls, in which case
consideration of control risk may be less relevant than in a reasonable assurance
attestation engagement on the same subject matter information.
www.mdarasa.com
Mobile Phone Application
+254708068851
Reducing engagement risk to zero is very rarely attainable or cost beneficial and, therefore,
reasonable assurance is less than absolute assurance, as a result of factors such as the following:
The use of selective testing.
The inherent limitations of internal control.
The fact that much of the evidence available to the practitioner is persuasive rather than
conclusive.
The use of professional judgment in gathering and evaluating evidence and forming
conclusions based on that evidence.
In some cases, the characteristics of the underlying subject matter when evaluated or
measured against the applicable criteria.
Significant Risks
Identifying Significant Risks
- Significant risks often relate to significant non-routine transactions or judgmental matters.
Non-routine transactions are transactions that are unusual, due to either size or nature, and
that therefore occur infrequently.
- Judgmental matters may include the development of accounting estimates for which there
is significant measurement uncertainty. Routine, noncomplex transactions that are subject
to systematic processing are less likely to give rise to significant risks.
- Risks of material misstatement may be greater for significant non-routine transactions
arising from matters such as the following:
Greater management intervention to specify the accounting treatment.
Greater manual intervention for data collection and processing.
Complex calculations or accounting principles.
The nature of non-routine transactions, which may make it difficult for the entity to
implement effective controls over the risks.
- Risks of material misstatement may be greater for significant judgmental matters that require
the development of accounting estimates, arising from matters such as the following:
Accounting principles for accounting estimates or revenue recognition may be subject
to differing interpretation.
Required judgment may be subjective or complex, or require assumptions about the
effects of future events, for example, judgment about fair value.
www.mdarasa.com
Mobile Phone Application
+254708068851
Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate
Audit Evidence
- Risks of material misstatement may relate directly to the recording of routine classes of
transactions or account balances, and the preparation of reliable financial statements. Such
risks may include risks of inaccurate or incomplete processing for routine and significant
classes of transactions such as an entity’s revenue, purchases, and cash receipts or cash
payments.
- Where such routine business transactions are subject to highly automated processing with
little or no manual intervention, it may not be possible to perform only substantive
procedures in relation to the risk. For example, the auditor may consider this to be the case in
circumstances where a significant amount of an entity’s information is initiated, recorded,
processed, or reported only in electronic form such as in an integrated system. In such cases:
www.mdarasa.com
Mobile Phone Application
+254708068851
Audit evidence may be available only in electronic form, and its sufficiency and
appropriateness usually depend on the effectiveness of controls over its accuracy and
completeness.
The potential for improper initiation or alteration of information to occur and not be
detected may be greater if appropriate controls are not operating effectively.
Documentation
- The manner in which the requirements are documented is for the auditor to determine using
professional judgment. For example, in audits of small entities the documentation may be
incorporated in the auditor’s documentation of the overall strategy and audit plan.
- Similarly, for example, the results of the risk assessment may be documented separately, or
may be documented as part of the auditor’s documentation of further procedures.
- The form and extent of the documentation is influenced by the nature, size and complexity of
the entity and its internal control, availability of information from the entity and the audit
methodology and technology used in the course of the audit.
- For entities that have uncomplicated businesses and processes relevant to financial reporting,
the documentation may be simple in form and relatively brief. It is not necessary to document
the entirety of the auditor’s understanding of the entity and matters related to it. Key
elements of understanding documented by the auditor include those on which the auditor
based the assessment of the risks of material misstatement.
- The extent of documentation may also reflect the experience and capabilities of the members
of the audit engagement team. Provided the requirements of ISA 230 are always met, an
audit undertaken by an engagement team comprising less experienced individuals may
require more detailed documentation to assist them to obtain an appropriate understanding of
the entity than one that includes experienced individuals.
- For recurring audits, certain documentation may be carried forward, updated as necessary to
reflect changes in the entity’s business or processes.
www.mdarasa.com
Mobile Phone Application
+254708068851
Control Environment
The control environment encompasses the following elements:
(a) Communication and enforcement of integrity and ethical values.
The effectiveness of controls cannot rise above the integrity and ethical values of the people
who create, administer, and monitor them.
Integrity and ethical behaviorsare the product of the entity’s ethical and behavioral standards,
how they are communicated, and how they are reinforced in practice.
The enforcement of integrity and ethical values includes, for example, management actions
to eliminate or mitigate incentives or temptations that might prompt personnel to engage in
dishonest, illegal, or unethical acts. The communication of entity policies on integrity and
ethical values may include the communication of behavioral standards to personnel through
policy statements and codes of conduct and by example.
(b) Commitment to competence. Competence is the knowledge and skills necessary to
accomplish tasks that define the individual’s job.
(c) Participation by those charged with governance. An entity’s control consciousness is
influenced significantly by those charged with governance. The importance of the
responsibilities of those charged with governance is recognized in codes of practice and other
laws and regulations or guidance produced for the benefit of those charged with governance.
Other responsibilities of those charged with governance include oversight of the design and
effective operation of whistle blower procedures and the process for reviewing the
effectiveness of the entity’s internal control.
(d) Management’s philosophy and operating style. Management’s philosophy and operating
style encompass a broad range of characteristics. For example, management’s attitudes and
actions toward financial reporting may manifest themselves through conservative or
aggressive selection from available alternative accounting principles, or conscientiousness
and conservatism with which accounting estimates are developed.
(e) Organizational structure. Establishing a relevant organizational structure includes
considering key areas of authority and responsibility and appropriate lines of reporting. The
appropriateness of an entity’s organizational structure depends, in part, on its size and the
nature of its activities.
(f) Assignment of authority and responsibility. The assignment of authority and responsibility
may include policies relating to appropriate business practices, knowledge and experience of
key personnel, and resources provided for carrying out duties. In addition, it may include
policies and communications directed at ensuring that all personnel understand the entity’s
objectives, know how their individual actions interrelate and contribute to those objectives,
and recognize how and for what they will be held accountable.
(g) Human resource policies and practices. Human resource policies and practices often
demonstrate important matters in relation to the control consciousness of an entity. For
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
Control Activities
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
Monitoring of Controls
- An important management responsibility is to establish and maintain internal control on an
ongoing basis. Management’s monitoring of controls includes considering whether they are
operating as intended and that they are modified as appropriate for changes in conditions.
- Monitoring of controls may include activities such as management’s review of whether bank
reconciliations are being prepared on a timely basis, internal auditors’ evaluation of sales
personnel’s compliance with the entity’s policies on terms of sales contracts, and a legal
department’s oversight of compliance with the entity’s ethical or business practice policies.
Monitoring is done also to ensure that controls continue to operate effectively over time.
- For example, if the timeliness and accuracy of bank reconciliations are not monitored,
personnel are likely to stop preparing them.
- Internal auditors or personnel performing similar functions may contribute to the monitoring
of an entity’s controls through separate evaluations.
- Ordinarily, they regularly provide information about the functioning of internal control,
focusing considerable attention on evaluating the effectiveness of internal control, and
communicate information about strengths and deficiencies in internal control and
recommendations for improving internal control.
- Monitoring activities may include using information from communications from external
parties that may indicate problems or highlight areas in need of improvement. Customers
implicitly corroborate billing data by paying their invoices or complaining about their
charges. In addition, regulators may communicate with the entity concerning matters that
affect the functioning of internal control, for example, communications concerning
examinations by bank regulatory agencies. Also, management may consider communications
relating to internal control from external auditors in performing monitoring activities.
AUDIT RISK
Audit risk refers to the risk that the auditors will express an inappropriate audit opinion when the
financial statements are materially misstated.
Audit risk therefore could be defined as the chance of damage to the audit firm as a result of
giving an opinion that is wrong in some particular. Or put another way, it could be explained as
the possibility that financial statements contain material mis-statements which had escaped
www.mdarasa.com
Mobile Phone Application
+254708068851
It could be looked at also as: the possibility that the auditor may be required to pay damages to
the client or other persons as a consequence of:
Damage to the audit firm or the auditor may be in the form of monetary damages paid to the
complainant as compensation or simply damage to their reputation with a client or the business
community.
All audits involve an element of risk such that however strong the audit evidence and however
careful the auditor, there is always a possibility of an error or a fraud going undetected. It is
generally known that the auditor who organises his office and staff in a competent manner an
follows auditing standards and guidelines is unlikely to be found negligent and to pay damages
as a consequence of fraud or error not being discovered by him.
Audit risks facing the auditor when material assets are stated at fair values instead of historical
costs include:
When the auditor is faced with the normal audit risk, the audit approach adopted is usually one of
reliance on key controls supported by substantive tests, compliance tests and analytical review.
www.mdarasa.com
Mobile Phone Application
+254708068851
In addition to normal risk and higher than normal risk discussed above, the auditor can also be
exposed by sub-standard work such as:
It is essential that an audit firm should organize itself in such a way that it can minimise the risk
of suffering any damage. We can look at these measures from two points of view. Broad
measures taken by the profession as a whole and measures to be taken by the individual auditor
in minimising this audit risk.
This approach requires the auditor to determine what are the very important business risks which
the client faces. This line of approach both helps the client and also enables the auditor to
appreciate and understand his clients business and appreciate all aspects of the business
activities. It is then for the auditor to determine where the risks are likely or unlikely and whether
the risks are likely to produce serious consequences. This enable the audit to be focussed on
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
As should be evident from this summary the business risk approach is a more holistic approach
to the audit. The business risk approach starts at a stage back from the traditional audit risk
model and offers more benefit to auditors and clients alike.
Business Risk results from significant conditions, events, circumstances or actions that could
adversely affect the entity's ability to achieve its objectives and execute its strategies. Even
though such risks are likely to eventually have an impact on an entity's financial statements, not
every business risk will translate directly in a risk of a material misstatement in the financial
statements, which is often referred to as audit risks. There are 3 categories of business risk.
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
Regulatory requirements (a potential related business risk might be, for example, that
there is increased legal exposure).
Current and prospective financing requirements (a potential related business risk might
be, for example, the loss of financing due to the entity’s inability to meet requirements).
Use of IT (a potential related business risk might be, for example, that systems and
processes are incompatible).
The effects of implementing a strategy, particularly any effects that will lead to new
accounting requirements (a potential related business risk might be, for example,
incomplete or improper implementation).
- A business risk may have an immediate consequence for the risk of material misstatement
for classes of transactions, account balances, and disclosures at the assertion level or the
financial statement level. For example, the business risk arising from a contracting customer
base may increase the risk of material misstatement associated with the valuation of
receivables.
- However, the same risk, particularly in combination with a contracting economy, may also
have a longer-term consequence, which the auditor considers when assessing the
appropriateness of the going concern assumption. Whether a business risk may result in a
risk of material misstatement is, therefore, considered in light of the entity’s circumstances.
- Usually, management identifies business risks and develops approaches to address them.
Such a risk assessment process is part of internal control.
1. INSPECTION
a. Documents and records:
While verifying various transactions, the auditor examines the supporting documents and records.
This technique is otherwise called vouching. The purpose of examining the documents and records
is to
www.mdarasa.com
Mobile Phone Application
+254708068851
How for an auditor can rely on the documents depends on the origin (source) of the documents
and the efficiency of the internal control system in operation.
Documents which have their origin in the hands of the third parties and held by third parties are
more reliable than the documents which have their origin in the organization itself and held by the
organization. One can classify the documents into 4 major categories according to their origin and
availability.
1. Documents which have their origin in the hands of the third party and held by them – Most
reliable evidence.
2. Documents which have their origin in the hands of the third party and held by the organization
– More reliable.
3. Documents which have their origin in the hands of the organization and held by the third party
– Reliable.
4. Documents which have the origin in the hands of the organization and held by the organization
– Reliable only if the internal control is effective.
b. Physical Verification
If an item can be measured in physical term, the same may be verified for quantity and quality (if
possible). By physical examination, the auditor ensures the availability of the item. However, the
ownership of the items cannot be verified through this method.
2. OBSERVATION
The auditor observes a particular procedure being carried by the organization. Examples are
observation of the internal control measures that are adopted in transactions involving cash,
procedures followed on receipt or issue of material, etc. The auditor makes his observations to
evaluate the efficiency and effectiveness of the system followed by the organization.
Inquiry: Seeking information from persons belonging to the organization or from outside
organization is called inquiry.
Confirmation: Confirming the information available with the records of the organization or with
the persons mostly from outside the organization through an inquiry is confirmation.
www.mdarasa.com
Mobile Phone Application
+254708068851
4. COMPUTATION
An auditor makes appropriate calculations and verifies the accuracy of the accounting records. For
example, the auditor computes the depreciation to be charged for the year, by taking into
consideration. the value of the asset (cost), the date of purchase, the rate of depreciation, etc., to
verify the accuracy of the depreciation charged by the organization. The auditor also traces a
particular transaction from the origin to check the book keeping procedure.
5. ANALYTICAL PROCEDURES
The purpose of analysis is to ensure consistency of accounting methods and also to evaluate the
efficiency of the management by comparing the results of several years. The several analytical
procedures are
i. Reconciliation
ii. Ratio Analysis; and
iii. Variance Analysis.
The auditor also applies the analytical procedures to help the management in decision making.
Such analytical techniques are
i. Marginal Costing
ii. Standard costing etc.
The auditor studies the nature of the business and also the prevailing circumstances and selects the
techniques to be applied. While conducting the audit, he may change his technique according to
the changes observed in the circumstances. The suitable audit techniques adopted by the auditor
helps him to carry on the audit efficiently.
The auditors must understand the accounting system and control environment in order to
determine
their audit approach.
Internal control is the process designed and effected by those charged with governance,
management,
and other personnel to provide reasonable assurance about the achievement of the entity's
objectives with regard to reliability of financial reporting, effectiveness and efficiency of
www.mdarasa.com
Mobile Phone Application
+254708068851
ISA 315 Identifying and assessing the risks of material misstatement through understanding the
entity and its environment deals with the whole area of controls.
In obtaining an understanding of internal control, the auditor must understand the design of the
internal control and the implementation of that control. In the following sub-sections, we look at
each of the elements of internal control in turn.
Control environment
The control environment is the framework within which controls operate. The control
environment is very much determined by the management of a business.
Control environment includes the governance and management functions and the attitudes,
awareness and actions of those charged with governance and management concerning the entity's
internal control and its importance in the entity.
A strong control environment does not, itself, ensure the effectiveness of the overall internal
control system, but can be a positive factor when assessing the risks of material misstatement. A
weak control environment can undermine the effectiveness of controls.
Aspects of the control environment (such as management attitudes towards control) will
nevertheless be a significant factor in determining how controls operate. Controls are more likely
to operate well in an environment where they are treated as being important. In addition
consideration of the control environment will mean determining whether certain controls
(internal auditors, budgets) actually exist.
ISA 315 states that auditors shall have an understanding of the control environment. As part of
this
understanding, the auditor shall evaluate whether:
www.mdarasa.com
Mobile Phone Application
+254708068851
Management has created and maintained a culture of honesty and ethical behavior
The strengths in the control environment provide an appropriate foundation for the other
components of internal control and whether those components are not undermined by
deficiencies in the control environment
The following illustrates the elements of the control environment that may be relevant when
obtaining an understanding of the control environment.
Communication and enforcement of integrity and ethical values - Essential elements which
influence the effectiveness of the design, administration and monitoring of controls
Organisational structure
The framework within which an entity's activities for achieving its objectives are planned,
executed, controlled and reviewed
The auditor shall assess whether these elements of the control environment have been
www.mdarasa.com
Mobile Phone Application
+254708068851
ISA 315 says the auditor shall obtain an understanding of whether the entity has a process for:
If the entity has established such a process, the auditor shall obtain an understanding of it. If
there is not a process, the auditor shall discuss with management whether relevant business risks
have been identified and how they have been addressed.
The auditor shall obtain an understanding of the information system relevant to financial
reporting
objectives, including the following areas:
The classes of transactions in the entity's operations that are significant to the financial
statements
The procedures, within both IT and manual systems, by which those transactions are
initiated,
recorded, processed, corrected, transferred to the general ledger and reported in the financial
statements
The related accounting records, supporting information, and specific accounts in the financial
statements, in respect of initiating, recording, processing and reporting transactions
How the information system captures events and conditions, other than transactions, that are
significant to the financial statements
The financial reporting process used to prepare the entity's financial statements, including
significant accounting estimates and disclosures
Controls surrounding journal entries, including non-standard journal entries used to record
www.mdarasa.com
Mobile Phone Application
+254708068851
The auditor shall obtain an understanding of how the entity communicates financial reporting
roles and responsibilities and significant matters relating to financial reporting.
Control activities
Control activities are those policies and procedures that help ensure that management directives
are carried out.
ISA 315 states that the auditor shall obtain an understanding of control activities relevant to
the audit and how the entity has responded to risks arising from IT.
Control activities include those activities designed to prevent or to detect and correct errors.
Examples
include activities relating to authorisation, performance reviews, information processing,
physical controls and segregation of duties.
Examples of control activities
Checking the arithmetical accuracy of records - for example checking to see if individual
invoices have been added up correctly.
Maintaining and reviewing control accounts and trial balances - Control accounts bring
together transactions in individual ledgers. Trial balances bring together unusual transactions for
the organisation as a whole. Preparing these can highlight unusual transactions or accounts.
Comparing the results of cash, security and inventory counts with accounting records - For
example, in a physical count of petty cash, the balance shown in the cash book should be the
same as the amount held.
Comparing internal data with external sources of information - For example, comparing
www.mdarasa.com
Mobile Phone Application
+254708068851
Limiting physical access to assets and records - Only authorised personnel should have access
to certain assets (particularly valuable or portable ones)for example, ensuring that the inventory
store is only open when store personnel are there and is otherwise locked
Segregation of duties
Segregation implies a number of people being involved in the accounting process. This makes it
more
difficult for fraudulent transactions to be processed (since a number of people would have to
collude in the fraud), and it is also more difficult for accidental errors to be processed (since the
more people are involved, the more checking there can be). Segregation should take place in
various ways:
a) Segregation of function. The key functions that should be segregated are the carrying out of a
transaction, recording that transaction in the accounting records and maintaining custody of
assets that arise from the transaction.
b) The various steps in carrying out the transaction should also be segregated.
c) The carrying out of various accounting operations should be segregated. For example the
same
staff should not record transactions and carry out the reconciliations at the period-end.
Monitoring of controls
Monitoring of controls is a process to assess the effectiveness of internal control performance
over time.
It includes assessing the design and operation of controls on a timely basis and taking necessary
corrective actions modified for changes in conditions.
The auditor shall obtain an understanding of the major activities that the entity uses to monitor
internal control over financial reporting, including those related to those control activities
relevant to the audit, and how the entity initiates corrective actions to deficiencies in its controls.
If the entity has an internal audit function, the auditor shall obtain an understanding of the nature
of its responsibilities and how it fits in the organisational structure, and the activities
performed/to be
performed.
www.mdarasa.com
Mobile Phone Application
+254708068851
Auditors can have difficulties not because there is a general lack of controls but because the
evidence available as to their operation and the completeness of the records is insufficient.
Segregation of duties will often appear inadequate in enterprises having a small number of staff.
Similarly, because of the scale of the operation, organisation and management controls are likely
to be
rudimentary at best.
The onus is on the proprietor, by virtue of his day-to-day involvement, to compensate for this
lack. This involvement should encompass physical, authorisation, arithmetical and accounting
controls as well as supervision.
However it is important to stress that in a well run small company there will be a system of
internal
control. In any case, all companies must comply with any relevant legislation concerning the
maintenance of a proper accounting system.
Where the manager of a small business is not himself the owner, he may not possess the same
degree of commitment to the running of it as an owner-manager would. In such cases, the
auditors will have to consider the adequacy of controls exercised by the shareholders over the
manager in assessing internal control.
Any internal control system can only provide the directors with reasonable assurance that their
objectives are reached, because of inherent limitations. These include:
These factors demonstrate why auditors cannot obtain all their evidence from tests of the systems
of
internal control. The key factors in the limitations of controls system are human error and
potential for
fraud.
The safeguard of segregation of duties can help deter fraud. However, if employees decide to
perpetrate frauds by collusion, or management commits fraud by overriding systems, the
accounting system will not be able to prevent such frauds.
This is one of the reasons that auditors always need to be alert to the possibility of fraud, the
subject of ISA 240.
The auditors shall assess the adequacy of the systems as a basis for the financial statements and
shall
identify risks of material misstatements to provide a basis for designing and performing further
audit
procedures.
Auditors are only concerned with assessing policies and procedures which are relevant to the
financial
statements. Auditors shall:
Assess the adequacy of the accounting system as a basis for preparing the accounts
Identify the types of potential misstatements that could occur in the accounts
Consider factors that affect the risk of misstatements
Design appropriate audit procedures
We have discussed the process of assessing the risks of material misstatement in previously. The
assessment of the controls of an entity will have an impact on that risk assessment.
Risks arising from poor control environments are unlikely to be confined to particular assertions
in the financial statements, and, if severe, may even raise questions about whether the financial
statements are capable of being audited, that is, if control risk is so high that audit risk cannot be
www.mdarasa.com
Mobile Phone Application
+254708068851
On the other hand, some control procedures may be closely connected to an assertion in financial
statements, for example, controls over the inventory count are closely connected with the
existence and completeness of inventory in the financial statements.
The evaluation of internal control components the controls, that is by controls testing. This is
most likely to be the case in a system which is highly computerised and which does not require
much manual intervention.
The auditors must keep a record of the client's systems which must be updated each year. This
can be
done through the use of narrative notes, flowcharts, questionnaires or checklists.
There are several techniques for recording the assessment of control risk, that is, the system. One
or more of the following may be used depending on the complexity of the system.
Questionnaires
Checklists
Narrative notes
Flowcharts
Whatever method of recording is used, the record will usually be retained on the permanent file
and
updated each year. We will look at the use of questionnaires in a little more detail here. There are
two
types, each with a different purpose.
Internal Control Questionnaires (ICQs) are used to ask whether controls exist which meet
specific control objectives.
Internal Control Evaluation Questionnaires (ICEQs) are used to determine whether there
are controls which prevent or detect specified errors or omissions.
If the auditors believe the system of controls is strong, they may choose to test controls to assess
whether they can rely on the controls having operated effectively.
www.mdarasa.com
Mobile Phone Application
+254708068851
Confirming understanding
In order to confirm their understanding of the control systems, auditors will often carry out walk-
through tests. This is where they pick up a transaction and follow it through the system to see
whether all the controls they anticipate should be in existence were in operation with regard to
that transaction.
Tests of control
Tests of control are tests performed to obtain audit evidence about the effectiveness of the:
Design of the accounting and internal control systems, i.e. whether they are suitably designed to
prevent, or detect and correct, material misstatement at the assertion level; and
Operation of the internal controls throughout the period.
Tests of control are distinguished from substantive tests which are designed to detect material
misstatements in the financial statements.
a) Inspection of documents supporting controls or events to gain audit evidence that internal
controls
have operated properly, e.g. verifying that a transaction has been authorised
b) Inquiries about internal controls which leave no audit trail, e.g. determining who actually
performs each function not merely who is supposed to perform it
c) Reperformance of control procedures, e.g. reconciliation of bank accounts, to ensure they
were
correctly performed by the entity
d) Examination of evidence of management views, e.g. minutes of management meetings
e) Testing of internal controls operating on computerised systems or over the overall IT
functionegaccess controls
f) Observation of controls to consider the manner in which the control is being operated
Auditors should consider:
How controls were applied
The consistency with which they were applied during the period
By whom they were applied
Deviations in the operation of controls (caused by change of staff etc) may increase control
riskandtestsof control may need to be modified to confirm effective operation during and after
any change,
www.mdarasa.com
Mobile Phone Application
+254708068851
In a continuing engagement, the auditor will be aware of the accounting and internal control
systems through work carried out previously but will need to update the knowledge gained and
considerthe need to obtain further audit evidence of any changes in control.
In particular, if controls testing reveal that controls have not operated effectively throughout the
year,theauditor may have to extend substantive testing,
The internal controls in a computerised environment include both manual procedures and
procedures
designed into computer programs. Such control procedures comprise two types of control,
general
controls and application controls.
General IT controls are policies and procedures that relate to many applications and support the
effective functioning of application controls by helping to ensure the continued proper operation
of information systems. They commonly include controls over data center and network
operations, system software acquisition, change and maintenance, access security, and
application system acquisition, development and maintenance.
www.mdarasa.com
Mobile Phone Application
+254708068851
TEST OF CONTROLS
Selling (authorisation)
Goods outwards (custody)
Accounting (recording)
Control objectives
One person is not responsible for taking orders, recording sales and receiving payment.
Recorded sales transactions represent goods shipped.
Goods and services are only supplied to customers with good credit ratings.
Goods and services are provided at authorised prices and on authorised terms.
Customers are encouraged to pay promptly.
Controls
- Segregation of duties
- Sales recorded only with approved sales order form and shipping documentation.
- Accounting for numerical sequences of invoices.
- Monthly customer statements sent out and customer queries and complaints handled
independently.
- Authorisation of credit terms to customers (senior staff authorisation, references/credit
checksfornew customers, regular review of credit limits)
- Authorisation by senior staff required for changes in other customer data such as address etc.
- Orders not accepted unless credit limits reviewed first.
- Authorised price lists and specified terms of trade in place.
Tests of controls
- Observe and evaluate whether proper segregation of duties is operating.
www.mdarasa.com
Mobile Phone Application
+254708068851
Control objectives
- All revenue relating to goods dispatched is recorded.
- All goods and services sold are correctly invoiced.
Controls
- Accounting for numerical sequences of invoices.
- Shipping documentation is matched to sales invoices.
- Sales invoices are reconciled to the daily sales report.
- An open-order file is maintained and reviewed regularly.
Tests of controls
- Review and test entity's procedures for accounting for numerical sequences of invoices.
- Trace a sample of shipping documents to the sales invoices and ledger.
- Review a sample of reconciliations performed.
- Inspect the open- order file for unfilled orders.
Assertion: Accuracy
Control objectives
All sales and adjustments are correctly journalised, summarised and posted to the correct
accounts.
Controls
Sales invoices and matching documents required for all entries.
www.mdarasa.com
Mobile Phone Application
+254708068851
Tests of controls
Vouch recorded sales to supporting documents.
Assertion: Cut-off
Control objectives
Transactions have been recorded in the correct period.
Controls
- All shipping documentation is forwarded to the invoicing section on a daily basis.
- Daily invoicing of goods shipped.
Tests of controls
- Compare dates on sales invoices with dates of corresponding shipping documentation.
- Compare dates on sales invoices with dates recorded in the sales ledger.
Assertion: Classification
Control objectives
All transactions are properly classified in accounts.
Controls
- Chart of accounts in place.
- Codes in place for different types of products or services.
Tests of controls
- Review sales ledger for proper classification.
- Examine a sample of sales invoices for proper classification.
- Test application controls for proper codes.
Control objectives
www.mdarasa.com
Mobile Phone Application
+254708068851
Controls
- Authorisation procedures and policies in place for ordering goods and services.
- Segregation of duties.
- Purchase orders raised for each purchase and authorised by appropriate senior personnel.
- Approved purchase order for each receipt of goods.
- Staff receiving goods and check them against the purchase order.
- Stores clerks sign for goods received.
- Purchase orders and GRNs are matched with the supplies’ invoices
Tests of controls
- Inspect policies and procedures and inquire about them.
- Observe and evaluate segregation of duties.
- Examine a sample of purchase orders to ensure they have been appropriately authorised.
- Review the delegated list of authority for purchases.
- For a sample of orders, examine the goods received note (GRN) and match it to the order.
- Observe receipt of goods by staff to confirm whether the check is done.
- Inspect a sample to confirm whether stores staff undertake this check.
- Examine supporting documentation for a sample of invoices
Assertion: Completeness
Control objectives
Controls
- Purchase orders and GRNs are matched with the suppliers' invoices.
- Periodic accounting for prenumbered GRNs and purchase orders.
- Independent check of amount recorded in the purchase journal.
Tests of control
- Examine supporting documentation for a sample of invoices.
- Review entity's procedures for accounting for prenumbered documents.
- Examine application controls.
- Examine documentation for evidence of this check.
Assertion: Rights and obligations
www.mdarasa.com
Mobile Phone Application
+254708068851
Control objectives
Recorded purchases represent the liabilities of the entity.
Controls
Purchase orders and GRNs are matched with the suppliers' invoices.
Tests of control
Examine supporting documentation for a sample of invoices.
Control objectives
Purchase transactions are correctly recorded in the accounting system.
Controls
- Purchase orders and GRNs are matched- with the suppliers' invoices.
- Mathematical accuracy of the supplier's invoice is verified.
- Amount posted to general ledger is reconciled to the purchases ledger.
- Chart of accounts in place.
Tests of control
- Examine supporting documentation for documentation for a sample of invoices.
- Recalculate the mathematical accuracy of a sample of suppliers' invoices.
- Review reconciliations for evidence of this check.
- Review purchases journal and general ledger for reasonableness.
Assertion: Cut-off
Control objectives
Purchase transactions are recorded in the correct accounting period.
Controls
- All goods received reports forwarded to accounts payable department daily.
- Procedures in place that require recording of purchases as soon as possible after
goods/services received.
Tests of control
- Compare dates on reports to dates on relevant vouchers.
- Compare dates on vouchers with dates they were recorded in the purchases journal
www.mdarasa.com
Mobile Phone Application
+254708068851
Introduction
The inventory system can be very important in an audit because of the high value of inventory or
the complexity of its audit. It is closely connected with the sales and purchases systems covered
in the previous sections.
There are three possible approaches to the audit of inventory and the approach chosen depends
on the control in system in place over inventory.
(a) If the entity has a perpetual inventory system in place where inventory is counted
continuously throughout the year, and therefore a year-end count is not undertaken, a
controls-based approach can be taken if control risk has been assessed as low.
(b) If an inventory count is to be undertaken near the year-end and adjusted by perpetual
inventory records for the year-end value, this approach also requires control risk to be
assessed as low.
(c) If inventory quantities will be determined by an inventory count at the year-end date, a
substantive approach is taken and no reliance is placed on controls.
Control objectives
- All inventory movements are authorised and recorded.
- Inventory included on the statement of financial position physically exists.
Controls
- Pre-numbered documentation such as GDNs and GRNs in use.
- Reconciliations of inventory records with general ledger.
www.mdarasa.com
Mobile Phone Application
+254708068851
- Segregation of duties
- Physical safeguards in place to ensure inventory is not stolen.
- Separate responsibilities for maintenance of records and custodianship.
- Inventory counted regularly.
Tests of control
- Review documentation in use.
- Review a sample of reconciliations to confirm they are performed and then reviewed by an
independent person
- Observe and evaluate proper segregation of duties.
- Review security systems in place (e.g. locked warehouses, CCTV etc).
- Review policies and procedures in place; discuss procedures with relevant staff.
- Review procedures for counting inventory.
- Attend inventory count.
Assertion: Completeness
Control objectives
- All purchases and sales of inventory have been recorded in the accounting system.
Controls
- Procedures in place to include inventory held at third parties and exclude inventory held on
consignment for third parties.
- Reconciliations of accounting records with physical inventory.
Tests of control
- Review entity's procedures relating to consignment inventory.
- Review reconciliations performed and whether reviewed by independent person.
Assertive: Rights and obligations
Control objectives
Inventory records only include items that belong to the entity.
Controls
Procedures in place to include inventory held at third parties and exclude inventory held on
consignment for third parties.
Tests of control
Review entity's procedures relating to consignment inventory.
www.mdarasa.com
Mobile Phone Application
+254708068851
Control objectives
- Inventory quantities have been accurately determined.
- Inventory is properly stated at the lower of cost and net realisable value.
Controls
- Periodic or annual comparison of inventory with amounts shown in continuous (perpetual)
inventory records
- Standard costs reviewed by management.
- Review of cost accumulation and variance reports.
- Inventory managers review inventory regularly to identify slow-moving, obsolete and excess
inventory.
Tests of control
- Review and test entity's procedures for taking physical inventory
- Review and test entity's procedures for developing standard costs.
- Inspect variance reports produced.
- Discuss with inventory managers how this is done.
- Observe the procedure being performed.
Assertive: Cut off
Control objectives
All purchases and sales of inventory are recorded in the correct accounting period.
Controls
- All dispatch documents processed daily to record the dispatch of finished goods.
- All goods inwards reports processed daily to record the receipt of inventory.
- Reconciliations of inventory records with general ledger.
Tests of control
- Inspect documentation to confirm daily processing.
- Inspect documentation to confirm daily processing.
- Review reconciliations performed.
Assertive: Presentation and disclosure assertions
Control objectives
- Inventory transactions and balances are properly identified and classified in the financial
statements.
www.mdarasa.com
Mobile Phone Application
+254708068851
Assertion: Occurrence
Control Objective
- Only valid cash payments are made.
Controls
- Segregation of duties
- Supplier statements independently reviewed and reconciled to trade payable records.
- Monthly bank reconciliations prepared and reviewed.
- Only authorised staff can make electronic cash payments and issue cheques .
- Electronic cash payments and cheques prepared only after all source documents have been
independently approved.
Test of control
- Observe and evaluate proper segregation of duties.
- Review procedures for reconciling supplier statements.
- Review reconciliations to confirm whether undertaken and reviewed.
- Review delegated list of authority for cash payments.
- Inspect relevant documentation for evidence of approval by senior personnel.
Assertion: Completeness
Control objective
- All cash payments that occurred are recorded
www.mdarasa.com
Mobile Phone Application
+254708068851
Control
- Segregation of duties
- Supplier statements
- Independently reviewed and reconciled to trade payable records.
- Monthly bank reconciliations prepared and reviewed.
- Review of cash payments by manager before release.
- Daily cash payments reconciled to posting to payable accounts.
- Use of prenumbered cheques.
Test of control
- Observe and evaluate proper segregation of duties.
- Review procedures for reconciling supplier statements.
- Review reconciliations to confirm whether undertaken and independently reviewed.
- Inspect sample of listings for evidence of senior review.
- Review a sample of reconciliations for evidence that they have been done.
- Examine evidence of use of prenumbered cheques.
The following table sets out the control objectives, controls and possible tests of control over
cash
Control objectives
- Cash payments recorded correctly in the ledger
- Cash payments posted to correct payable accounts and to the general ledger.
Controls
- Reconciliation of daily payments report to electronic cash payment transfers and cheques
issued.
- Supplier statements reconciled to payable accounts regularly.
- Monthly bank reconciliations of bank statements to ledger account. ,
- Supplier statements reconciled to payable accounts regularly.
- Agreement of monthly cash payments journal to general ledger posting
- Payable accounts reconciled to general ledger control account.
Tests of control
- Review reconciliation.
- Review reconciliations for a sample of accounts.
- Review bank reconciliation for evidence it was done and independently reviewed.
- Review reconciliations for a sample of accounts.
- Review postings from journal to general ledger.
www.mdarasa.com
Mobile Phone Application
+254708068851
Assertion: Cut-off
Control objectives
Cash payments are recorded in the correct accounting period.
Controls
Reconciliation of electronic funds transfers and cheques issued with postings to cash payments
journal and payable accounts
Tests of control
Review reconciliation and check it is carried out regularly.
Controls
- Chart of accounts
- Independent approval and review of general ledger account assignment.
Tests of control
- Review cash payments journal to assess reasonableness of charging of accounts.
- Review assignment of general ledger account.
The following are control objectives, controls and possible tests of controls over cash receipts.
Assertion: Occurrence
Control objectives
All valid cash receipts are received and deposited.
Controls
- Segregation of duties
- Use of electronic cash receipts transfer not received or deposited
- Monthly bank reconciliations performed and independently reviewed.
- Use of cash registers or point-of-sale devices.
- Periodic inspections of cash sales procedures.
www.mdarasa.com
Mobile Phone Application
+254708068851
Test of control
- Observe and evaluate proper segregation of duties.
- Examine application controls for electronic cash receipts transfer.
- Review monthly bank reconciliations to confirm performed and reviewed.
- Observe cash sales procedures.
- Inquire of managers about results of inspections.
- Observe mail opening, including endorsement of cheques.
- Observe mail opening procedures.
- Observe preparation of cash receipts' records.
- Review documentation for evidence of independent check.
Assertion:Completeness
Control objectives
All cash receipts received are recorded
Controls
- Segregation of duties
- Use of electronic cash receipts transfer not received or deposited.
- Monthly bank reconciliations performed and independently reviewed.
- Daily cash receipts listing reconciled with posting to customer accounts.
- Customer statements prepared and sent out on a regular basis.
Tests of Controls
- Observe and evaluate proper segregation of duties.
- Examine application controls for electronic cash receipts transfer.
- Review monthly bank reconciliations to confirm performed and reviewed.
- Review reconciliation.
- Inquire of management about handling of customer statements.
- Examine a sample of customers and note frequency of statements.
Control objectives
- Cash receipts recorded at correct amounts.
- Cash receipts posted to correct receivables accounts and to the general ledger.
Control
- Daily remittance report
- Review reconciliations reconciled to control listing of remittance advices.
- Monthly bank statement performed and reviewed independently
- Daily remittance report reconciled, daily with postings to cash, receipts journal and customer
accounts.
- Monthly customer statements sent out.
- Monthly cash receipts journal agreed to general ledger posting
- Receivables ledger reconciled to control account.
Tests of controls
- Review reconciliations for evidence they were performed and independently reviewed.
- Review reconciliations.
- Review entity's procedures for sending out customer statements.
- Review journal and posting to general ledger.
Assertion: Cut-off
Control objectives
Cash receipts are recorded in the correct accounting period.
Control
Bank reconciliation at period-end
Tests of control
Review and test reconciliation
Control objective
Cash receipts are charged to the correct accounts.
Control
Chart of accounts.
Tests of control
- Review cash receipts journal for unusual items.
www.mdarasa.com
Mobile Phone Application
+254708068851
For example, auditor has an engagement with a company to audit the financial statements.
Before signing audit engagement, auditor require to obtain some information about the client, do
the client’s due diligence, and assess whether they should reject or accept the engagement. In this
case if the engagement is ready signed, that mean assessment is already done and accepted.
The documents that auditors use to documents client nature of business, perform client due
diligence, as well as assessment are the example of audit working papers.
Audit working papers also include the words or excel files that auditors used to documents
client’s key internal control over financial reporting, nature of business, as well as audit test’s
working paper. There are many types of audit working papers are listed below.
www.mdarasa.com
Mobile Phone Application
+254708068851
Example:
Here are the example of audit working papers:
Audit documents on client nature of business
Audit documents of team meeting
Evidence of the planning process including audit programs and any changes thereto
Evidence of the auditor’s consideration of the work of internal audit and conclusions reached
Analyses of transactions and balances
Analyses of significant ratios and trends
Identified and assessed risks of material misstatements
A record of the nature, timing, extent and results of audit procedures
Evidence that the work performed was supervised and reviewed
An indication as to who performed the audit procedures and when they were performed
Details of audit procedures applied regarding components whose financial statements are audited
Result of audit testing on depreciation expenses
Result of audit testing on salaries expenses
by another auditor
www.mdarasa.com
Mobile Phone Application
+254708068851
CONTENT
TOPIC 5
17.5 Audit evaluation and reviews
www.mdarasa.com
Mobile Phone Application
+254708068851
TOPIC 5
AUDIT EVALUATION AND REVIEWS
Accuracy. All of the information contained within the financial statements has been
accurately recorded.
Completeness. All of the information that should be disclosed has been included within the
financial statements and accompanying footnotes, so that readers have a complete picture of
the results and financial position of the entity.
Cut-off. Transactions have been compiled into the correct reporting period.
Existence. The information recorded in the financial statements actually occurred during the
year; fraudulent transactions are most likely to violate this assertion.
Rights and obligations. The entity is entitled to the assets it is reporting, and is reporting
all of its obligations as liabilities.
Understandability. The information contained within the financial statements has been
clearly presented, with no intent to obfuscate the results or financial position of the entity.
Valuation. The transactions that are summarized in the financial statements were properly
valued; this is a particular concern when transactions must be either initially or subsequently
recorded at their market value.
www.mdarasa.com
Mobile Phone Application
+254708068851
If audit procedures result in a conclusion that any of the preceding assertions are not correc t,
then the auditors may need to conduct additional audit procedures, or they may not be able
to provide a clean audit opinion at all.
Assertion: Completeness
- Obtain or prepare a summary of tangible non-current assets showing how:
Gross book value
Accumulated depreciation
Net book value reconcile with the opening position.
- Compare non-current assets in the general ledger with the non-current assets register and
obtain explanations for differences.
- For a sample of assets which physically exist agree that they are recorded in the
non-current asset register.
- If a non-current asset register is not kept, obtain a schedule showing the original costs and
present depreciated value of major non-current assets.
- Reconcile the schedule of non-current assets with the general ledger.
Existence
- Confirm that the company physically inspects all items in the non-current asset register each
year.
- Inspect assets, concentrating on high value items and additions in-year.
- Confirm that items inspected:
Exist
Are in use
Are in good condition
Have correct serial numbers
- Review records of income-yielding assets.
- Reconcile opening and closing vehicles by numbers as well as amounts.
www.mdarasa.com
Mobile Phone Application
+254708068851
Valuation
- Verify valuation to valuation certificate.
- Consider reasonableness of valuation, reviewing:
Experience of valuer
Scope of work
Methods and assumptions used
Valuation bases are in line with accounting standards
- Reperform calculation of revaluation surplus.
- Confirm whether valuations of all assets that have been revalued have been updated regularly
(full valuation every five years and an interim valuation in year three generally) by inquiries
of Finance Director and inspection of previous financial statements.
- Inspect draft accounts to check that client has recognised in the statement of comprehensive
income revaluation losses unless there is a credit balance in respect of that asset in equity, in
which case it should be debited to equity to cancel the credit. All revaluation gains should be
credited to equity.
- Review depreciation rates applied in relation to:
Asset lives
Residual values
Replacement policy
Past experience of gains and losses on disposal
Consistency with prior years and accounting policy
Possible obsolescence
- Review non-current assets register to ensure that depreciation has been charged on all assets
with a limited useful life.
- For revalued assets, ensure that the charge for depreciation is based on the revalued amount
by recalculating it for a sample of revalued assets.
- Reperform calculation of depreciation rates to ensure it is correct.
- Compare ratios of depreciation to non-current assets (by category) with:
Previous years
Depreciation policy rates
- Scrutinise draft accounts to ensure that depreciation policies and rates are disclosed in the
accounts.
- Review insurance policies in force for all categories of tangible non-current assets and
consider the adequacy of their insured values and check expiry dates.
Additions
These tests are to confirm rights and obligations, valuation and completeness.
- Verify additions by inspection of architects' certificates, solicitors' completion statements,
suppliers' invoices etc.
- Review capitalisation of expenditure by examining for non-current assets additions and items
in relevant expense categories (repairs, motor expenses, sundry expenses) to ensure that:
- Capital/revenue distinction is correctly drawn
- Capitalisation is in line with consistently applied company policy
- Inspect non-current asset accounts for a sample of purchases to ensure they have been
properly allocated.
- Check purchases have been authorised by directors/senior management by reviewing board
minutes.
- Ensure that appropriate claims have been made for grants, and grants received and receivable
have been received, by inspecting claims documentations and bank statements.
- Check additions have been recorded by scrutinising the non-current asset register and general
ledger.
Disposal
These tests are to confirm rights and Obligations, completeness, occurrence and accuracy.
- Verify disposals with supporting documentation, checking transfer of title, sales price and
dates of completion and payment.
- Recalculate profit or loss on disposal.
- Check that disposals have been authorised by reviewing boards minutes.
- Consider whether proceeds are reasonable.
- If the asset was used as security, ensure release from security has been correctly made.
AUDIT PLAN
Goodwill
- Agree the consideration to sales agreement by inspection.
- Consider whether asset valuation is reasonable.
- Agree that the calculation is correct by recalculation.
- Review the impairment review and discuss with management.
- Ensure valuation of goodwill is reasonable/there has been no impairment not adjusted
through discussion with management.
www.mdarasa.com
Mobile Phone Application
+254708068851
AUDIT OF RECEIVABLES
Receivables are usually audited using a combination of tests of detail and analytical procedures.
The audit of receivables is important as this is likely to be a material area. A combination of
analytical
procedures and tests of detail are used, with sales also being tested in conjunction with trade
receivables.
www.mdarasa.com
Mobile Phone Application
+254708068851
Completeness
- Agree the balance from the individual sales ledger accounts to the aged receivables' listing
and vice versa.
- Match the total of the aged receivables' listing to the sales ledger control account.
- Cast and cross cast the aged trial balance before selecting any samples to test.
- Trace a sample of shipping documentation to sales invoices and into the sales and
receivables' ledger.
- Complete the disclosure checklist to ensure that all the disclosures relevant to receivables
have been made.
- Compare the gross profit percent by product line with the previous year and industry data.
- Compare the level of prepayments to the previous year to ensure the figure is materially
correct and complete.
Existence
- Perform a receivables' circularisation on a sample of year-end trade receivables
- Follow up all balance disagreements and non-replies to the receivables' confirmation,
- Perform alternative procedures for any exceptions and non-replies to the receivables'
confirmation, such as:
- Review after-date cash receipts by inspecting bank statements and cash receipts
documentation.
- Examine the customer's account and customer correspondence to assess whether the balance
outstanding represents specific invoices and confirm their validity.
- Examine the underlying documentation (purchase order, dispatch documentation, duplicate
sales invoice etc).
- Inquire from management explanations for invoices remaining unpaid after subsequent ones
have been paid.
- Observe whether the balance on the account is growing and if so, find out why by discussing
with management.
www.mdarasa.com
Mobile Phone Application
+254708068851
Cut off
- For a sample of sales invoices around the year-end, inspect the dates and compare with the
dates of dispatch and the dates recorded in ledger for application of correct cut-off.
- For sales returns, select a sample of returns documentation around the year-end and trace to
the related credit entries.
- Perform analytical procedures on sales returns, comparing the ratio of sales returns to sales.
- Review material after-date invoices, credit notes and adjustments' ensure that they are
recorded correctly in the relevant financial period
Classification
Take a sample of sales invoices and examine for proper classification into revenue accounts
Accuracy
- For a sample of sales invoices, compare the prices and terms to the authorised price list and
terms of trade documentation
- Test whether discounts have been properly applied by recalculating them for a sample of
invoices
- Test the correct calculation of tax on a sample of invoices
www.mdarasa.com
Mobile Phone Application
+254708068851
Occurrence
For a sample of sales transactions recorded in the ledger, vouch the sales invoice back to
customer orders and dispatch documentation.
Objectives of confirmation
Part of ISA 505 External Confirmation states that, when it is reasonable to expect customers to
respond, the auditors should ordinarily plan to obtain direct confirmation of receivables to
individual entries in an account balance.
The verification of trade receivables by direct confirmation is therefore the normal means of
providing audit evidence to satisfy the objective of checking whether customers exist and owe
bona fide amounts to the company (existence and rights and obligations).
Confirmation will produce for the current audit file a written statement from each respondent that
the
amount owed at the date of the confirmation is correct. This is, prima facie, reliable audit
evidence, being from an independent source and in documentary form. The confirmation of
www.mdarasa.com
Mobile Phone Application
+254708068851
Timing of confirmation
Ideally the confirmation should take place immediately after the year-end and hence cover the
year-end balances to be included in the balance sheet. However, time constraints may make it
impossible to achieve this ideal.
In these circumstances it may be acceptable to carry out the confirmation prior to the year-end
provided that confirmation is no more than three months before the year-end and internal
controls are strong.
Client's mandate
Confirmation is essentially an act of the client, who alone can authorise third parties to divulge
information to the auditors.
The ISA outlines what the auditors' response should be when management refuses permission for
the
auditors to contact third parties for evidence. Note that this applies to all such external
confirmations, not just trade receivables' circularisations.
If management asks the auditor not to seek the confirmation, the auditor should consider if there
are valid grounds for the request and obtain evidence to support this. If the auditor agrees not to
seek external confirmations, other procedures should be carried out to obtain sufficient
appropriate audit evidence. If the auditor does not accept the validity of management's request
and is prevented from undertaking the confirmations, this may impact on the auditor's report.
Under the positive method the customer is requested to confirm the accuracy of the balance
shown or state in what respect he is in disagreement.
Under the negative method the customer is requested to reply only if the amount stated is
disputed.
The positive method is generally preferable as it is designed to encourage definite replies from
those
contacted.
www.mdarasa.com
Mobile Phone Application
+254708068851
The statements will normally be prepared by the client's staff, from which point the auditors, as a
safeguard against the possibility of fraudulent manipulation, must maintain strict control over the
preparation and dispatch of the statements.
Sample Selection
Auditors will normally only contact a sample of accounts receivable. If this sample is to yield a
meaningful result, it must be based upon a complete list of all accounts receivable. In addition,
when constructing the sample, the following classes of account should receive special attention:
- Old unpaid accounts
- Accounts written off during the period under review
- Accounts with credit balances
- Accounts settled by round sum payments
- Accounts with nil balances
- Accounts which have been paid by the date of the examination
Follow-up procedures
Auditors will have to carry out further work in relation to those receivable who:
- Positive and negative confirmation - Disagree with the balance stated
- Negative confirmation – Do not respond
In the case of disagreements, the customer response should have identified specific amounts
which are
disputed
When the positive confirmation method is used the auditors must follow up by all practicable
means those receivables who fail to respond. Second requests should be sent out in the event of
no reply being received within two or three weeks and if necessary this may be followed by
telephoning the customer, with the client's permission.
After two, or even three, attempts to obtain confirmation, a list of the outstanding items will
normally be passed to a responsible company official, preferably independent of the sales
accounting department, who will arrange for them to be investigated
The receivables' confirmation provides good audit evidence of the existence of receivables, but
not
necessarily of their valuation. Therefore, in a question on the audit of receivables, remember to
include other audit procedures such as analytical procedures.
www.mdarasa.com
Mobile Phone Application
+254708068851
BANK
Bank balances are usually confirmed directly with the bank in question.
This type of audit evidence is valuable because it comes directly from an independent source
and, therefore, provides greater assurance of reliability than that obtained solely from the client's
own records.
The bank letter is mentioned as a source of external third party evidence in ISA 505 External
confirmations, and guidance to auditors is provided in IAPS 1000 Inter-bank confirmation
procedures.
Confirmation requests
The bank confirmation letter can be used to ask a variety of questions, including queries about
outstanding interests, contingent liabilities and guarantees.
The auditors should decide from which bank or banks to request confirmation, having regard to
such
matters as size of balance, volume of activity, degree of reliance on internal control, and
materiality
within the context of the financial statements.
The auditors should determine which of the following approaches is the most appropriate in
seeking
confirmation of balances or other information from the bank:
www.mdarasa.com
Mobile Phone Application
+254708068851
Difficulty may be encountered in obtaining a satisfactory response even where the client
company submits information for confirmation to the confirming bank. It is important that a
response is sought for all confirmation requests. Auditors should not usually request a response
only if the information submitted is incorrect or incomplete.
It may also be advisable to request information about nil balances on accounts, and accounts
which were closed in the 12 months prior to the chosen confirmation date. The client entity may
ask for confirmation not only of the balances on accounts but also, where it may be helpful, other
information, such as the maturity and interest terms on loans and overdrafts, unused facilities,
lines of credit/standby facilities, any offset or other rights or encumbrances, and details of any
collateral given or received.
The client entity and its auditors are likely to request confirmation of contingent liabilities, such
as those arising on guarantees, comfort letter, bills and so on.
www.mdarasa.com
Mobile Phone Application
+254708068851
Cut-off
Care must be taken to ensure that there is no window dressing, by auditing cut-off carefully.
Window
dressing in this context is usually manifested as an attempt to overstate the liquidity of the
company by:
a) Keeping the cash book open to take credit for remittances actually received after the year-
end,
thus enhancing the balance at bank and reducing receivables
b) Recording cheques paid in the period under review which are not actually dispatched until
after the year-end, thus decreasing the balance at bank and reducing liabilities
A combination of (a) and (b) can contrive to present an artificially healthy looking current
ratio.
With the possibility of (a) above in mind, where lodgments have not been cleared by the bank
until the new period, the auditors should examine the paying-in slip to ensure that the amounts
were actually paid into the bank on or before the period-end date.
As regards (b) above, where there appears to be a particularly large number of outstanding
cheques at
the year-end, the auditors should check whether these were cleared within a reasonable time in
the new period. If not, this may indicate that dispatch occurred after the year-end.
Remember that the bank confirmation letter contains the balance held by the client at the bank
per the
bank's records. This must be reconciled to the balance held with the bank per the client's records.
CASH
Cash balances should be verified if they are material or irregularities are suspected.
www.mdarasa.com
Mobile Phone Application
+254708068851
Where the auditors determine that cash balances are potentially material they may conduct a cash
count, ideally at the period-end. Rather like attendance at an inventory count, the conduct of the
count falls into three phases: planning, the count itself, and follow-up procedures.
As part of their planning procedures the auditors will need to determine the locations where cash
is held and which of these locations warrant a count.
Planning decisions will need to be recorded on the current audit file including:
- The precise time of the count(s) and location(s)
- The names of the audit staff conducting the counts
- The names of the client staff intending to be present at each location
- Where a location is not visited it may be appropriate to obtain a letter from the client
confirming the balance.
Cash count
The following matters apply to the count itself.
- All cash/petty cash books should be written up to date in ink (or other permanent form) at the
time
of the count.
- All balances must be counted at the same time.
- All negotiable securities must be available and counted at the time the cash balances are
counted.
- At no time should the auditors be left alone with the cash and negotiable securities.
- All cash and securities counted must be recorded on working papers subsequently filed on
the
www.mdarasa.com
Mobile Phone Application
+254708068851
Follow up
- Check certificates of cash-in-hand are obtained as appropriate.
- Verify unbanked cheques/cash receipts have subsequently been paid in and agree to the bank
reconciliation by inspection of the relevant documentation.
- Ensure IOUs and cheques cashed for employees have been reimbursed.
- Check IOUs or cashed cheques outstanding for unreasonable periods of time have been
providedfor.
- Verify the balances as counted are reflected in the accounts (subject to any agreed
amendments because of shortages and so on) by inspection of draft accounts.
Bank balances are usually confirmed directly with the bank in question.
The bank confirmation letter can be used to ask a variety of questions, including queries about
outstanding interests, contingent liabilities and guarantees.
Cash balances should be verified if they are material or irregularities are suspected.
www.mdarasa.com
Mobile Phone Application
+254708068851
AUDIT PROCEDURES
As with accounts receivable, accounts payable are likely to be a material figure in the statement
of financial position of most enterprises.
Auditors should however be particularly aware, when conducting their work on the statement of
financial position, of the possibility of understatement of liabilities to improve liquidity and
profit (by understating the corresponding purchases). The primary objective of their work will
therefore be to ascertain whether liabilities existing at the year-end have been completely and
accurately recorded.
www.mdarasa.com
Mobile Phone Application
+254708068851
Do trade accounts payable represent the bona fide amounts due by the company?
Before we ascertain how the auditors design and conduct their tests with these objectives in
mind, we need to establish the importance of the list of balances.
The following table sets out audit procedures to test trade accounts payables and accruals.
Existence
Vouch selected amounts from the trade accounts payables listing and accruals listing to
supporting documentation such as purchase orders and suppliers' invoices.
Obtain selected suppliers' statements and reconcile these to the relevant suppliers' accounts.
Perform a confirmation of accounts payables for a sample.
Perform analytical procedures comparing current year balances to the previous year to
confirm reasonableness, and also calculating payables' turnover and comparing to the
previous year.
www.mdarasa.com
Mobile Phone Application
+254708068851
Cut-off
For a sample of vouchers, compare the dates with the dates they were recorded in the ledger
for application of correct cut-off.
Test transactions around the year-end to determine whether amounts have been recognised in
the correct financial period.
Perform analytical procedures on purchase returns, comparing the purchase returns as a % of
sales or cost of sales to the previous year.
Accuracy
Recalculate the mathematical accuracy of a sample of suppliers' invoices to confirm the amounts
are correct.
Occurrence
For a sample of vouchers, inspect supporting documentation such as authorised purchase orders.
Where the entity has strong controls in place to ensure that all liabilities are recorded, the
confirmation will focus on large balances.
Where the auditor is concerned about the presence of unrecorded liabilities, regular suppliers
with smallor zero balances on their accounts and a sample of other accounts will be confirmed as
well as large balances.
Auditors use a positive confirmation referred to as a blank or zero-balance confirmation. This
confirmation does not state the balance owed but requires the supplier to declare the amount
owed at the year-end and to provide a detailed statement of the account. When the confirmation
is received back, the amount must be reconciled with the entity's records.
The selection and sending out of accounts payables' confirmations should be controlled using the
same procedures as for the receivables' confirmation that we discussed previously.
Having said this, auditors do still need to be cautious when using them as they may have been
tampered with by the entity. The auditor should not rely on photocopies or faxed statements. If
there is any doubt, the auditor should request a copy directly from the supplier or confirm the
balance with the supplier (see above).
When selecting accounts for testing, the auditor should consider the volume of business during
the year, not the balance outstanding at the year-end, because the risk is understatement of
balances. Most
differences between balances on suppliers' statements and the year-end accounts payables' listing
are
www.mdarasa.com
Mobile Phone Application
+254708068851
We are concerned here with non-current liabilities comprising debentures, loan inventory and
other loans repayable at a date more than one year after the year-end.
Accuracy: whether interest payable has been calculated correctly and included in the correct
accounting period
Classification and understandability: whether long-term loans and interest have been correctly
disclosed in the financial statements
The major complication for the auditors is that debenture and loan agreements frequently contain
conditions with which the company must comply, including restrictions on the company's total
borrowings and adherence with specific borrowing ratios.
Accounting issues
Key terms
A provision is a liability of uncertain timing or amount.
A liability is a present obligation of the entity arising from past events, the settlement of which is
expected to result in an outflow from the entity of resources embodying economic benefits.
An obligating event is an event that creates a legal or constructive obligation that results in an
entity having no realistic alternative to settling that obligation.
www.mdarasa.com
Mobile Phone Application
+254708068851
A contingent asset is a possible asset that arises from past events and whose existence will be
confirmed only by the occurrence or non-occurrence of one or more uncertain future events not
wholly within the control of the entity.
Under IAS 37 Provisions, contingent liabilities and contingent assets, an entity should not
recognise a
contingent asset or a contingent liability. However if it becomes probable that an outflow of
future
economic benefits will be required for a previous contingent liability, a provision should be
recognised.
A contingent asset should not be accounted for unless its realisation is virtually certain; if an
inflow of
economic benefits has become probable, the asset should be disclosed.
Examples of the principal types of contingencies disclosed by companies are:
- Guarantees (for group companies, of staff pension schemes, of completion of contracts)
- Discounted bills of exchange
- Uncalled liabilities on shares or loan inventory
- Lawsuits or claims pending
- Options to purchase assets
The ISA discusses the form the letter to the entity's lawyer should take. 'The letter, which should
be
prepared by management and sent by the auditor, should request the lawyer to communicate
directly with the auditor.
If it is thought unlikely that the lawyer will respond to a general enquiry, the letter should specify
the
following.
(a) A list of litigation and claims
(b) Management's assessment of the outcome of the litigation or claim and its estimate
of the
financial implications, including costs involved
(c) A request that the lawyer confirms the reasonableness of management's assessments
and
provides the auditor with further information if the list is considered by the lawyer
to be incomplete or incorrect
The auditors must consider these matters up to the date of their report and so a further, updating
letter
may be necessary.
A meeting between the auditors and the lawyer may be required, for example where a complex
matter
arises, or where there is a disagreement between management and the lawyer. Such meetings
should take place only with the permission of management, and preferably with a management
representative present.
If management refuses to give the auditor permission to communicate with the lawyers; this may
have an impact on the audit opinion.
www.mdarasa.com
Mobile Phone Application
+254708068851
AUDIT OF PROVISIONS
The following audit plan can be used in the audit of provisions.
www.mdarasa.com
Mobile Phone Application
+254708068851
Issue of Shares
Verify any issue of share capital or other changes during the year with general and board
minutes.
Ensure issue or change is within the terms of the constitution, and directors possess appropriate
authority to issue shares.
Confirm that cash or other consideration has been received or receivable{s) is included as cal/ed-
up share capital not paid.
Transfer of shares
Verify transfers of shares by reference to:
- Correspondence
- Completed and stamped transfer forms
- Cancelled share certificates
- Minutes of directors' meeting
Review the balances on shareholders' accounts in the register of members and the total list with
the amount of issued share capital in the general ledger.
Dividends
- Agree dividends paid and proposed to authority in minute books and check calculation with
total share capital issued to ascertain whether there are any outstanding or unclaimed
dividends.
- Agree dividend payments with documentary evidence (say, the returned dividend warrants).
- Check that dividends do not contravene the distribution provisions of the legislation.
www.mdarasa.com
Mobile Phone Application
+254708068851
Reserves
- Agree movements on reserves to supporting authority
- Ensure that movements on reserves do not contravene the legislation and the company’s
constitution
- Confirm that the company can distinguish distributable reserves from those that are non-
distributable
- Ensure appropriate disclosures of movements on reserves are made in the company’s
accounts by inspection of the financial statements.
Summary
The largest figure in current liabilities will normally be trade accounts payable which are
generally
audited by comparison of suppliers' statements with purchase ledger accounts.
Non-current liabilities are usually authorised by the board and should be well documented.
The accounting treatments for provisions and contingencies are complex and involve judgement
and this can make them difficult to audit.
The main concern with share capital and reserves is that the company has complied with the law
AUDIT OF INVENTORY
Inventory
If inventory is material to the financial statements, the auditor shall obtain sufficient appropriate
audit evidence regarding the existence and condition of inventory by:
a) Attendance at physical inventory counting, unless impracticable, to:
i) Evaluate management’s instructions and procedures for recording and controlling the
results of the entity’s physical inventory counting;
ii) Observe the performance of management’s count procedures;
iii) Inspect the inventory; and
iv) Perform test counts; and
b) Performing audit procedures over the entity’s final inventory records to determine whether
they accurately reflect actual inventory count results.
c) If physical inventory counting is conducted at a date other than the date of the financial
statements, the auditor shall, perform audit procedures to obtain audit evidence about
whether changes in inventory between the count date and the date of the financial statements
are properly recorded.
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
In addition to recording the auditor’s test counts, obtaining copies of management’s completed
physical inventory count records assists the auditor in performing subsequent audit procedures to
determine whether the entity’s final inventory records accurately reflect actual inventory count
results.
www.mdarasa.com
Mobile Phone Application
+254708068851
Physical Inventory Counting Conducted Other than at the Date of the Financial Statements
- For practical reasons, the physical inventory counting may be conducted at a date, or dates,
other than the date of the financial statements. This may be done irrespective of whether
management determines inventory quantities by an annual physical inventory counting or
maintains a perpetual inventory system. In either case, the effectiveness of the design,
implementation and maintenance of controls over changes in inventory determines whether
the conduct of physical inventory counting at a date, or dates, other than the date of the
financial statements is appropriate for audit purposes. ISA 330 establishes requirements and
provides guidance on substantive procedures performed at an interim date.
- Where a perpetual inventory system is maintained, management may perform physical
counts or other tests to ascertain the reliability of inventory quantity information included in
the entity’s perpetual inventory records. In some cases, management or the auditor may
identify differences between the perpetual inventory records and actual physical inventory
quantities on hand; this may indicate that the controls over changes in inventory are not
operating effectively.
- Relevant matters for consideration when designing audit procedures to obtain audit evidence
about whether changes in inventory amounts between the count date, or dates, and the final
inventory records are properly recorded include:
www.mdarasa.com
Mobile Phone Application
+254708068851
Confirmation
ISA 505 establishes requirements and provides guidance for performing external confirmation
procedures.
SUBSEQUENT EVENTS
A subsequent event is an event that occurs after a reporting period, but before the financial
statements for that period have been issued or are available to be issued. Depending on the
situation, such events may or may not require disclosure in an organization's financial
statements.
New events. An event provides new information about conditions that did not exist as of the
balance sheet date.
Generally accepted accounting principles state that the financial statements should include
the effects of all subsequent events that provide additional information about conditions in
existence as of the balance sheet date. This rule requires that all entities evaluate subsequent
events through the date when financial statements are available to be issued, while a public
company should continue to do so through the date when the financial statements are
actually filed with the Securities and Exchange Commission. Examples of situations calling
for the adjustment of financial statements are:
Lawsuit. If events take place before the balance sheet date that trigger a lawsuit, and l awsuit
settlement is a subsequent event, consider adjusting the amount of any contingent
loss already recognized to match the amount of the actual settlement.
Bad debt. If a company issues invoices to a customer before the balance sheet date, and the
customer goes bankrupt as a subsequent event, consider adjusting the allowance for doubtful
accounts to match the amount of receivables that will likely not be collected.
If there are subsequent events that provide new information about conditions that did not
exist as of the balance sheet date, and for which the information arose before the financial
statements were available to be issued or were issued, these events should not be recognized
in the financial statements. Examples of situations that do not trigger an adjustment to the
financial statements if they occur after the balance sheet date but before financial statements
are issued or are available to be issued are:
A business combination
Changes in the value of assets due to changes in exchange rates
Destruction of company assets
Entering into a significant guarantee or commitment
Sale of equity
Settlement of a lawsuit where the events causing the lawsuit arose after the balance sheet
date
www.mdarasa.com
Mobile Phone Application
+254708068851
A company should disclose the date through which there has been an evaluation of
subsequent events, as well as either the date when the financial statements were issued or
when they were available to be issued.
There may be situations where the non-reporting of a subsequent event would result in
misleading financial statements. If so, disclose the nature of the event and an estimate of its
financial effect.
If a business reissues its financial statements, disclose the dates through which it has
evaluated subsequent events, both for the previously issued and revised financial statements.
The recognition of subsequent events in financial statements can be quite subjective in many
instances. Given the amount of time required to revise financial statements at the last
minute, it is worthwhile to strongly consider whether the circumstances of a subsequent
event can be construed as not requiring the revision of financial statements.
There is a danger in inconsistently applying the subsequent event rules, so that similar
events do not always result in the same treatment of the financial statements. Consequently,
it is best to adopt internal rules regarding which events will always lead to the revision of
financial statements; these rules will likely require continual updating, as the business
encounters new subsequent events that had not previously been incorporated into its rules.
ISA 560 (redrafted) outlines the auditor’s responsibility in relation to subsequent events. For the
purposes of ISA 560, subsequent events are those events that occur between the reporting date
and the date of approval of the financial statements and signing of the auditors’ report.
In summary, the auditor should perform audit procedures designed to obtain sufficient
appropriate audit evidence that all events up to the date of the auditors’ report that may require
adjustment of, or disclosure in, the financial statements have been identified.
www.mdarasa.com
Mobile Phone Application
+254708068851
It is widely understood that an audit of an entity’s financial statements often takes place
sometime after the reporting date and during the intervening period, facts could arise that may
affect the financial statements. There is also a relevant International Accounting Standard which
deals with such events, IAS 10 ‘Events after the Reporting Period’.
The audit procedures to be adopted by the auditor where subsequent events are concerned may
give rise to an adjustment to, or the inclusion of a note in, the financial statements. The auditor
will adopt relevant procedures depending on the risk assessment of the client.
GOING CONCERN
Introduction
IAS 1 Presentation of Financial Statements recognizes the going concern assumption as one of the
fundamental assumptions that underlie the periodic financial statements of enterprises.
The meaning of going concern can be said to be that the financial statements assume that the
enterprise will continue in operational existence for the foreseeable future, or put another way the
financial statements assume no intention or necessity to liquidate or curtail significantly the scale
of operation or put more simply that the enterprise can meet its financial obligations as they fall
due.
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
- The auditor’s responsibility is to obtain sufficient appropriate audit evidence about the
appropriateness of management’s use of the going concern assumption in the preparation of
the financial statements and to conclude whether there is a material uncertainty about the
entity’s ability to continue as a going concern. This responsibility exists even if the financial
reporting framework used in the preparation of the financial statements does not include an
explicit requirement for management to make a specific assessment of the entity’s ability to
continue as a going concern.
- However, as described in ISA 200, the potential effects of inherent limitations on the
auditor’s ability to detect material misstatements are greater for future events or conditions
that may cause an entity to cease to continue as a going concern. The auditor cannot predict
such future events or conditions.
- Accordingly, the absence of any reference to going concern uncertainty in an auditor’s report
cannot be viewed as a guarantee as to the entity’s ability to continue as a going concern.
Objectives
The objectives of the auditor are:
a) To obtain sufficient appropriate audit evidence regarding the appropriateness of
management’s use of the going concern assumption in the preparation of the financial
statements;
b) To conclude, based on the audit evidence obtained, whether a material uncertainty exists
related to events or conditions that may cast significant doubt on the entity’s ability to
continue as a going concern; and
c) To determine the implications for the auditor’s report.
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
(a) Adequately describe the principal events or conditions that may cast significant doubt on
the entity’s ability to continue as a going concern and management’s plans to deal with
these events or conditions; and
(b) Disclose clearly that there is a material uncertainty related to events or conditions that
may cast significant doubt on the entity’s ability to continue as a going concern and,
therefore, that it may be unable to realize its assets and discharge its liabilities in the
normal course of business.
- If adequate disclosure is made in the financial statements, the auditor shall express an
unmodified opinion and include an Emphasis in the auditor’s report to:
(a) Highlight the existence of a material uncertainty relating to the event or condition that
may cast significant doubt on the entity’s ability to continue as a going concern; and
www.mdarasa.com
Mobile Phone Application
+254708068851
- If adequate disclosure is not made in the financial statements, the auditor shall express a
qualified opinion or adverse opinion, as appropriate, in accordance with ISA 705
The auditor shall state in the auditor’s report that there is a material uncertainty that may cast
significant doubt about the entity’s ability to continue as a going concern.
If the financial statements have been prepared on a going concern basis but, in the auditor’s
judgment, management’s use of the going concern assumption in the financial statements is
inappropriate, the auditor shall express an adverse opinion.
If management refuses to provide a representation then this constitutes a limitation in scope and
consideration should be given to expressing a qualified opinion or a disclaimer of opinion.
www.mdarasa.com
Mobile Phone Application
+254708068851
Where representations relate to matters that are material to the financial statements, the
engagement team should:
- Seek corroborative audit evidence from sources inside or outside the entity;
- Evaluate the reasonableness of management representations and consistency with other audit
evidence; and
- Consider whether the individuals making the representations are knowledgeable on those
particular matters.
Where other audit evidence could reasonably be expected to be available, management
representations cannot be substituted for that audit evidence. For example, a representation by
www.mdarasa.com
Mobile Phone Application
+254708068851
Where audit evidence is reasonably expected to be available, relating to a matter that is material
to the financial statements, and the engagement team is unable to obtain such evidence,
consideration should be given to modifying the auditor’s report with a limitation of scope
paragraph. This will be the case even if management representation on that particular matter has
been received.
Where management representations are contradicted by other audit evidence, the engagement team
should investigate the circumstances and, if need be, reconsider the reliability of other
representations made by management.
Documentation
In Audit Evidence, documentary evidence is more reliable than oral evidence. Thus, management’s
representations should be obtained in a written form. This also reduces the possibility of
misunderstandings between the engagement team and management.
The basic elements of the management representation letter are:
- It should be addressed to the auditor.
- It is dated the same date as the auditor’s report.
- It is normally signed by members of management who have responsibility for the entity and
its financial aspects (normally the directors), based on the best of their knowledge and belief.
The management letter will normally be a natural by-product of the audit, and the auditor should
incorporate the need to issue the letter in the planning of the audit. The letter should be sent as
soon as possible after completion of the audit procedures giving rise to the need to comment.
Where audit work is carried out in more than one stage it may be appropriate to issue a letter at
the interim audit stage as well as the final audit stage.
www.mdarasa.com
Mobile Phone Application
+254708068851
It is important that the management letter is sent and responded to on a timely basis (at the audit
completion stage) in order to have impact, be effective and acted upon by the client. It is
important to discuss all the points in the letter with management before the letter is issued. Any
significant matters should be brought to management’s attention immediately first verbally
followed up in writing. It is essential that the contents of the letter are considered by the
management. A copy of the letter with replies should be kept on the file. Significant matters
should be followed up after the client’s response by way of discussion or the performance of
system tests. Normally, it is usual for the auditor to review points made in previous years at the
first subsequent audit visit.
When a group of companies is involved, the management of the holding company may want to
be informed of significant points arising in the reports of the management of the subsidiaries.
The auditor must obtain permission from the management of the subsidiary before releasing such
information.
Any report made to management should be regarded as confidential communication. The auditor
should therefore not normally reveal the contents of the report to any third party without the prior
written consent of the management of the company.
In practice, the auditor has little control over what happens to the report once it has been
dispatched.
Occasionally, management may provide third parties e.g. their bankers, with copies of the report.
The auditor can use a disclaimer of liability against foreseen liability to third parties but this may
not give full protection from liability where the auditor knows or ought to know that a report to
management may be passed to a third party who would rely on it.
The Directors
Zawadi Ltd.
Nairobi.
www.mdarasa.com
Mobile Phone Application
+254708068851
This report has been prepared for the sole use of the directors of Upper plc. None of its contents
may be disclosed to third parties without our written consent. Swift and Co assumes no liability
to any other persons.
The matters detailed in this report reflect matters coning to our attention during the course of our
audit. They are not intended to be a comprehensive statement of all weaknesses that may exist or
of all improvements that could be made. We set out below those matters which we consider to be
of fundamental importance. Other matters of lesser significance, but which nevertheless require
your attention, are dealt with in note form.
To reduce the time spent on the audit, and thus the cost to you, all supporting documentation
should agree with the financial statements and statutory disclosure information would be
assembled prior to our examination.
Appendix
Zawadi Ltd. – year ended 31 December 2007
Weaknesses:
Lack of control exercised over computer processing.
Implications
The completeness, accuracy and validity of the accounting records may be undermined.
Recommendations:
(i) Authorization of input especially journals not arising from books of prime entry.
(ii) Batch controls using registers over all input in terms of value and number of
documents/transactions processed.
(iii) Use of hash totals
(iv) Management control over master file amendments
(v) Reconciliation to control accounts
www.mdarasa.com
Mobile Phone Application
+254708068851
(b) Payroll
Weaknesses
No evidence of approval
Implications
Unauthorized changes may occur
Recommendations
Management should evidence their approval of the payroll, changes in rates of pay and the
employment of new staff.
(c) Inventory
Weaknesses
• Lack of physical and financial control over times of inventory
• Cut off errors were discovered for widgets dispatched prior to the year end but not invoiced
• Overhead allocation in valuation of widgets lacked support
Implications
• Inventory could be misappropriated
• The year-end inventory figure could be misstated
Recommendations
(i) A simple system of perpetual inventory should be implemented at each location.
This should be used to check for the dispatch and receipt of inventory and would provide good
overall control to enable a comparison of:
- Expected use to actual by comparison with orders, and
- Book inventory to actual after regular inventory checks
(ii) Improvements should be made to the system of control to facilitate a review of the
dispatches at the year end to ensure that a proper cutoff is achieved.
(iii) The valuation of widgets depends on the estimated throughout during the year.
It is important that the number of widgets produced is properly recorded and that
consideration is given to normal production levels to allow compliance with accounting
standards.
www.mdarasa.com
Mobile Phone Application
+254708068851
Recommendations
(i) A register should be introduced to record all assets at cost together with associated
depreciation
(ii) In previous year’s capital additions, notably the improvements to the leasehold premises
have been written off. Also, assets scrapped have not been written off. The effect of this
cancels out and therefore we have not proposed an adjustment to opening figures. A
capitalization should be laid down and adhered to.
(iii) A register would enable the identification of fully depreciated assets and allow them to be
excluded from the deprecation calculations.
Weaknesses
• Lack of proper allocation of costs
• Lack of supporting documents
• Lack of control over cheque books
• Unauthorized charges
• Poor control over unrecorded liabilities
Implications
• Purchases in the accounts may be misstated
• Payables may be understated if unrecorded liabilities are not controlled
Recommendations
i) All charges incurred should be allocated to the relevant cost centres to promote
accountability of these centers.
www.mdarasa.com
Mobile Phone Application
+254708068851
GROUP AUDITS
Group audits are audits of financial statements that include the financial information of more
than one component.
Group audit: The audit of group financial statements.
Group financial statements: Group financial statements are financial statements that
include the financial information of more than one component. “Group financial
statements” also refers to combined financial statements aggregating the financial
information of components that are under common control.
Component: A component is an entity or business activity for which group or
component management prepares financial information that is required to be included in
the group financial statements. A component may include, but is not limited to,
subsidiaries, geographical locations, divisions, investments, products or services,
functions, processes, or component units of state or local governments.
ISA 600 (revised and redrafted), special considerations – audits of group financial
statements (including the work of component auditors)
Definitions
The group auditor is responsible for providing the audit opinion on the group financial
statements. Components of the group financial statements can include subsidiaries, associates,
joint ventures, and branches. The components may be audited by the group auditor, but may
instead be audited by a different firm of auditors known as the ‘component auditors’, also known
as the ‘other auditor’. The term component auditor is introduced by the revised and redrafted ISA
600. This article focuses on the objectives and responsibilities of the group auditor.
www.mdarasa.com
Mobile Phone Application
+254708068851
The group auditor should determine the nature of the work necessary, and whether the work
should be carried out by the group auditor or the component auditor.
Having taken the actions outlined above, the group auditor should now have obtained sufficient
evidence to show that the individual company financial statements are free from material
misstatement, and are a sound basis for the preparation of the consolidated financial statements.
www.mdarasa.com
Mobile Phone Application
+254708068851
The group auditor must have a sound knowledge of the relevant financial reporting standards,
which include:
IFRS 3, Business Combinations
IAS 28, Investments in Associates
IAS 31, Interests in Joint Ventures
IAS 32, Financial Instruments: Presentation
IAS 39, Financial Instruments: Recognition and Measurement.
Candidates are advised that, for the purposes of study for Paper P7, they must be very familiar
with the above financial reporting standards. Particularly important are the accounting
regulations relating to subsidiaries regarding goodwill, inter-company transactions, and fair value
adjustments, as well as the financial reporting implications on the acquisition and disposal of a
subsidiary. Candidates must also be aware of the principles of accounting for associates, joint
ventures, and foreign subsidiaries.
It is also important to remember that the parent company’s individual financial statements will
contain balances and transactions pertinent to the components of the group. The parent
company’s statement of financial position (balance sheet) will carry the investments as non-
www.mdarasa.com
Mobile Phone Application
+254708068851
Joint auditing
A joint audit is when two audit firms are appointed to jointly provide an audit opinion on a set of
financial statements. This is becoming increasingly common, especially in group audits, where a
component may be audited by both the group auditor and another auditor. The main benefit of
this type of arrangement is that when a new component is acquired by the group, for example the
acquisition of a new subsidiary, it is advantageous to keep the subsidiary’s existing audit firm,
which will have built up considerable knowledge and experience of the business of the
component. However, the group auditor will also need to build up knowledge of the new
subsidiary’s business, and also become familiar with the audit methods and procedures used by
the other auditor. One way for this to happen is for the group auditor to be appointed, along with
the other auditor, to jointly provide the audit opinion on the individual financial statements of the
subsidiary. The two firms will work together to plan the audit, gather evidence, review the work
done, and to finally provide the opinion.
Other benefits from a joint audit may include better availability of resources and the provision of
a higher quality audit, as there will be access to staff from both firms of auditors. The inclusion
of members of staff from the group audit firm within the audit team of the subsidiary should also
improve the efficiency of the audit of the consolidation process.
However, it may be difficult for the two firms to work together if they use different audit
methods and it may take time to develop a ‘joint audit’ approach. There will also be cost
implications for the client, as it will presumably be more expensive to use two firms of auditors
to provide an audit opinion instead of one.
Joint auditing has been the subject of some debate within the profession in recent times. This is
largely because it is seen as a way for small and medium-sized audit firms to continue to be
involved in the audit of their client once the client has been acquired by another company. Prior
to the emergence of the joint audit, it would have been most likely for the existing auditor
www.mdarasa.com
Mobile Phone Application
+254708068851
Conclusion
Group audits raise a variety of issues. The group structure can be complex and the existence of
numerous components within the group means that there may be several firms of auditors
involved. The group auditor must ensure that the group audit is carefully planned and that
communications with other auditors are made early in the audit process. The group auditor needs
to gather two types of evidence. Evidence regarding individual components of the group may be
gathered using a joint audit arrangement, though this is not without disadvantages. Evidence on
the consolidation process must be thorough, and planned with regard to numerous complex
financial reporting standards.
ANALYTICAL REVIEW
If sales increase by 20% during the review period, then accounts receivable should increase by a
similar amount. If the proportional change in receivables is greater than the increase in sales, this
could be caused by several issues, such as a reduced collections effort or extending credit to
lower-quality customers. In both cases, a larger reserve for bad debts is indicated.
If 10% of the inventory has been declared obsolete in the past three years, then the obsolescence
charge for the current year should be about the same. If the actual amount of this charge is lower
than 10%, one might suspect that there is unidentified obsolete inventory still in stock.
If there has been a change in an expense account of greater than 25% and more than $5,000 in
the past year, investigate the reason for the change.
www.mdarasa.com
Mobile Phone Application
+254708068851
Analytical reviews can be quite useful for spotlighting general areas in which financial
statements are incorrect or where transactions have been mis-classified. Once the analysis
identifies areas of concern, the auditor must conduct a further investigation in order to pinpoint
the source of the underlying problem.
ANALYTICAL TESTS
It is a procedure evaluating data relationships to derive substantive audit evidence. It identifies
areas requiring additional audit attention. For example, auditors would compare actual financial
statement figures against their professional expectations and the firm's experience. Discrepancies
are noted and investigated. A comparison may also be made between figures of competing firms
and industry norms. Further, financial information can be compared to nonfinancial information,
where appropriate.
An example is the relationship between sales and number of employees. Analytical tests can be
conducted in measures other than dollars, if desired, such as in physical quantities and ratio
percentages.
To assist the auditor in planning the nature, timing and extend of other audit procedures
As substantive procedures when their use can be more effective or efficient than tests of
details in reducing detection risk for specific financial statement assertion
As an overall review of the financial statements in the final review stage of the audit
BANK AUDITING
Bank auditing is the procedure of reviewing the services and procedures adopted by banks and
other financial institutions. It is a routine procedure that all financial services entities must
undergo in order to ensure that they are in compliance with industry standards and jurisdictional
regulations.
Banks are central to the nation’s financial system because, by receiving deposits and distributing
loans, they circulate money. This makes stable and efficient banks essential to the economy.
Bank auditors, therefore, evaluate financial information for accuracy and perform procedures
that determine if management controls are effective. The public can rely on the banking system
because of these audit activities
Key Areas
Auditors define your bank’s key areas depending on factors such as the services it offers,
systems it runs and the risk of fraud or misstatement these systems pose. They examine all the
earning streams, including interest income, and the recording mechanisms. They also audit all
www.mdarasa.com
Mobile Phone Application
+254708068851
expense streams, including interest, human resources and regulatory expenses and their
recording mechanisms. Items that have an element of human judgment, such as provision for bad
debts or asset capitalization, also attract the auditors’ attention. Other significant areas include
key assets and liabilities, such as government grants, tax assets or loans.
Test of Details
Test of details is a substantive audit procedure that auditors carry out when they think that the
risk of misstatement at the assertion level is substantial. While auditing your bank, auditors
usually assume loans are risky. This is because the more loans the bank issues, the more interest
it earns. Therefore, as a test of detail, auditors send out confirmation letters to customers who
borrowed from your bank. These borrowers respond to the letters, confirming their balances and
interest due. Recalculations and physical inspection are among the other tests of details that
auditors use. These tests are evidence that the information is legitimate.
Substantive Analytics
While auditing your bank’s financial statements, auditors apply a second type of substantive
procedure, the substantive analytics. While performing this analysis they try to find existing
plausible relationships among financial data. For example, if your bank’s lending is increasing,
auditors expect to find a corresponding increase in interest income. If they don’t find this
increase in interest, they look for and try to identify, calculate and corroborate reasonable factors
contributing to this situation.
Test of Controls
Usually, when risk of material misstatement isn’t high, auditors rely on a test of controls and
substantive analytics for their opinion. Tests of controls are procedures that auditors perform to
determine how effectively management or system controls function. Their goal is to find
significant control weaknesses if they exist. For example, auditors check whether your bank’s
system correctly calculates interest and principal. They also check to see if appropriate bank
employees with applicable authorization approve them.
INSURANCE AUDIT
Insurance Companies
Authoritative documents include:
The Insurance Act
The Companies Act
IFRS 4 Insurance Contracts
www.mdarasa.com
Mobile Phone Application
+254708068851
Insurance companies like banks are also subject to special exempting provisions in the
Companies Act and in the Insurance Act. Unlike banks, not only do they take advantage of
the special provision but are in fact required by the Commissioner to take advantage of the
provisions. The auditor therefore, in practice gives two audit reports for an insurance company
and is also required to sign various reports that are submitted to the Commissioner of
Insurance. The insurance company prepares statutory accounts which are audited in the
normal way and a true and fair view report given and these are submitted to the members in
the normal way and adopted and dividends paid on their strength. The Commissioner then
requires accounts to be prepared in accordance with insurance regulations taking advantage of
creating secret reserves. These are also audited and reported on accordingly by the auditor but
not in true and fair view terms but rather by simply stating compliance with the insurance act.
(a) Ascertainment of debtors and creditors. Insurance companies do not maintain their
personal ledgers in such a way as to produce directly a separate list of debtors and creditors.
Their ledgers instead reflect the section of the market from which the business originates e.g.
broker, reinsurer, direct policy holder etc, hence it is quite possible that both debtor and creditor
balances will exist in one ledger sometimes for the same person. The legal position with regard
to right of set off between debit and credit balances with the same person is not clear. From a
professional point of view the auditor must ensure therefore that the company adopts a
consistence approach in establishing the separate amounts of debtors and creditors.
(b) Unearned premiums: This represents the appropriate portion of a premium received during
the year under review but is applicable to later accounting periods. Once again, a consistent
approach should be adopted and the accounts should declare the basis selected by the insurance
company under the heading of accounting policies. The most common basis adopted for
annual premiums is the 24th basis.
(c) Expired risks: This represents the carry forward of provisions to the next accounting period
in circumstances where it appears that insurance business undertaken in the period under
review is unprofitable. This makes it similar to the provision on long term contracts in the
construction industry. The audit difficulty is that a considerable element of adjustment enters
the computation of such risks, the issue is for the auditor to form an opinion on the need for
such a provision and if one exists whether the sum provided is adequate.
www.mdarasa.com
Mobile Phone Application
+254708068851
i. Those which have been notified and agreed but are still outstanding at the balance
sheet date
ii. Those which have been notified before, but not yet agreed at the balance sheet date
and
iii. Those which have arisen but have not yet been notified to the company by the
balance sheet date.
A good deal of estimation is needed with regard to category (ii) and (iii) above. The audit
procedures therefore would invariably include, review of the claims files in order to appraise
the company's estimates. We must also compare the average cost of outstanding claims for
each class of business with current experience and finally the auditor should examine statistical
elements comparing past estimates with actual results.
Co-operative Societies
An audit in this case is carried out as a normal audit except you should note that the auditor is
appointed by the Commissioner of Co-operatives and although he reports to the members the
accounts must be registered with the Commissioner. Of special note is that he is required to carry
out special investigations on the bad debts provision to determine its adequacy and on the good debts
he has to confirm their recoverability.
Building Societies
Building Societies are organisations which exist to offer a savings and investment medium to
the public and to lend to individuals money to enable them buy their own houses taking as
security the deeds of the houses. They are not limited companies but are run by a board of
directors elected by the investors and permanent staff. There are strong similarities in the
legislation covering building societies and that covering companies.
It shall be the duty of the auditors of a building society to carry out such investigations as will enable
them to form an opinion as to the following matter.
Examination of deeds
• Ensure that the mortgage is in the name shown in the advance records;
• That there is a document of title to the property under mortgage and that the society's
lawyers have been satisfied as to the borrower's title;
• The amount of the advance as stated in the mortgage deed is not less than that shown on the
advance records;
• The mortgage deed is stamped, properly signed, witnessed and is prima facie in order;
• The property is adequately insured, the premium is paid up to date and the society's interest
as mortgage is endorsed in the insurance policy.
o There should be proper custody of unused share and deposit pass book, receipt forms
and share certificates;
www.mdarasa.com
Mobile Phone Application
+254708068851
Cash
Possibility of error and misappropriation always accompany the handling of cash. Building societies
transactions to a large extent are in cash. This however does not involve audit considerations which
differ in principle from those encountered in any other business. So there should be surprise cash
counts and any discrepancies should be investigated in detail.
Window Dressing
Auditors should examine transactions which have the effect of showing as at the balance sheet date
a state of affairs particularly the society's liquidity which is materially better than it was during the
year and shortly after. Of particular attention are:
1. Large deposits received shortly before the year end and repaid shortly after;
2. Large mortgage repayments received shortly before the year end and re-advanced on the
same property shortly after;
3. Unusual delay until after the year end in making payments in accordance with
applications received for withdrawals of shares or deposits;
4. An abnormal year end accumulation of commitments for advances followed by the
making of the advances shortly after the year end;
5. The significance of items in the bank reconciliation statements.
Not only does the auditor report to the members on the financial statements, he is also supposed
to give a report to the registrar of societies to accompany the annual return.
3. Investments: Many charities have investments and these are verified in the normal way
of verifying in investments.
The audit report is usually qualified on grounds that it is not possible because of the nature of the
www.mdarasa.com
Mobile Phone Application
+254708068851
Pension Funds
Pension funds are set up by companies or other organizations:
i. Examining the trust deed that set up the fund and ensuring that its provisions have
been correctly carried out;
ii. Verifying that there is proper control over the transactions of the fund;
iii. Verifying the portfolio of investments. All changes should be authorised by
trustee minutes and all income must be received;
iv. Verify that the funds are sufficient to meet its future commitments. These are
www.mdarasa.com
Mobile Phone Application
+254708068851
Advocates
The statutory provision regulating the handling of client's monies are covered in the advocate's
act.
Purpose of the rules:
• To require a lawyer to keep client's money separate from his own money;
• To ensure that a lawyer keeps adequate records of his transactions so that his books show
money received and paid and balance held on account of each client;
• To ensure that one client's money is clearly distinguished from that of other clients and from
any other money passing through the lawyer's accounts.
1. Ascertain from the lawyer particulars of all bank accounts kept or operated by the lawyer
in connection with his practice.
2. Examine the book keeping system in every office of the lawyer to see that the system
complies with the following requirements:
www.mdarasa.com
Mobile Phone Application
+254708068851
1. To extend his enquiries beyond the information contained in the relevant documents as
supplemented by such information and explanations as he may obtain from the lawyer.
2. To enquire into stocks shares other securities or documents of title held by the lawyer
on behalf of clients.
3. To consider whether the books of accounts of the lawyer were properly written up in
accordance with the rules at any other time than at which his examination took place.
www.mdarasa.com
Mobile Phone Application
+254708068851
CONTENT
TOPIC 6
17.6 Audit related assurance services
www.mdarasa.com
Mobile Phone Application
+254708068851
TOPIC 6
AUDIT RELATED ASSURANCE SERVICES
DUE DILIGENCE
Due diligence is an investigation or audit of a potential investment or product to confirm all
facts, such as reviewing all financial records, plus anything else deemed material. It refers to the
care a reasonable person should take before entering into an agreement or a
financial transaction with another party. Due diligence can also refer to the investigation a seller
does of a buyer; items that may be considered are whether the buyer has adequate resources to
complete the purchase, as well as other elements that would affect the acquired entity or the
seller after the sale has been completed.
Conducting a due diligence audit lets you know in advance if a business is worth an investment
of your time and money. Reviewing the financial and corporate documents gives you a complete
picture of the company, and you can hire a professional business appraiser to help you with this
task. You have a set deadline to get out of the contract if your due diligence finds something
materially wrong with the business. Because the seller is providing you with private corporate
and financial information, be prepared to sign a nondisclosure or confidentiality agreement
before receiving the documents.
The seller should provide you with audited financial statements and copies of bank statements
for the business checking, savings and investment accounts for the past three years. Ask for
copies of credit and loan agreements, notes payable and any liens that have been filed against the
company. You’ll also want copies of vendor and supplier contracts, the accounts receivable, an
accounts receivable aging spreadsheet and accounts written off as uncollectable. Get copies of all
income tax records for the past seven years to be sure there are no outstanding taxes or ongoing
IRS collection activities.
Visit the Business Location
What looks good on paper may not be so impressive when seen in person. Plan to make at least
one trip to inspect the business premises. Look at the overall condition of the building inside and
out. Bring along a list of the fixed assets and equipment, inventory and supplies, office furniture
www.mdarasa.com
Mobile Phone Application
+254708068851
and fixtures the business owns. Verify that what’s on the list is physically there, functioning and
in good condition. Be sure to get copies of current business licenses and operating permits.
Employee wages and benefits are a substantial business expense. Along with monthly payroll
information, you’ll want to know about employer-sponsored retirement plans, health insurance
benefits and employee vacation and leave policies. Determine if there are any employee
agreements or contracts in force. The employee handbook should be current and in compliance
with federal and state employment laws. Verify the identity of key employees along with their
payment and benefit package. If key employees have left the company, ensure that they signed a
noncompete agreement or nondisclosure agreement.
Products, Services and Competitors
If sales or services are the lifeblood of the business, you’ll want to know how many products or
services the business provides along with how the selling price is determined. You need to know
how the products and services stack up against the competitors. Ask the seller how he sets his
products or services apart from his competitors to attract and retain customers. Compare the
financial ratios against industry norms to get an idea of how the business stacks up. If the
business is involved in an environmentally sensitive industry such as dry cleaning or gasoline
sales, be sure any regulatory concerns or issues are resolved.
AUDIT COMMITTEES
An audit committee is one of the major operating committees of a company's board of
directors that is in charge of overseeing financial reporting and disclosure.
The main objectives usually associated with audit committees include;
i. Increasing public confidence in the creditability and objectivity of published
financial information including unaudited interim statements
ii. Assisting directors (particularly non executive directors) in meeting their
responsibilities in respect of financial reporting
iii. Strengthening the independent position of a company’s external auditor by
providing an additional channel of communication.
www.mdarasa.com
Mobile Phone Application
+254708068851
A particular role is to assist in the communication process between the board and the auditors
throughout the medium of the non-executive directors and it provides a useful way of assisting
the latter in the discharge of their duties.
• The audit function may become more independent as there will be a quasi-independent
body between the board and the auditors. It may paradoxically improve communications
between auditor and board;
• Improvement in the quality of the accounting and auditing functions. A continuous review
of the functions of financial management and internal and external audit will inevitably
result in higher status to the practitioners and superior performance.
www.mdarasa.com
Mobile Phone Application
+254708068851
Corporate governance is the system by which organisations are directed and controlled. It
encompasses the relationship between the board of directors, shareholders and other
stakeholders, and the effects on corporate strategy and performance. Corporate governance is
important because it looks at how these decision makers act, how they can or should be
monitored, and how they can be held to account for their decisions and actions.
The published audited financial statements and related information are therefore of key
importance. They will usually be the main information set to which shareholders and other
stakeholders have access and this is why having credible financial statements supported by the
auditor’s opinion is crucial.
www.mdarasa.com
Mobile Phone Application
+254708068851
Effectiveness
The board and its committees should have the appropriate balance of skills, experience,
independence and knowledge of the company to enable them to discharge their respective duties
and responsibilities effectively.
There should be a formal, rigorous and transparent procedure for the appointment of new
directors to the board. All directors should receive induction on joining the board and should
regularly update and refresh their skills and knowledge.
All directors should be submitted for re-election at regular intervals, subject to continued
satisfactory performance.
Accountability
The board should present a balanced and understandable assessment of the company’s position
and prospects. For UK companies, this is also required by the Companies Act 2006, which
requires that the directors disclose a business review as part of the directors’ report to be
included in the financial statements.
The board should maintain sound risk management and internal control systems. The board
should establish formal and transparent arrangements for considering how they should apply the
corporate reporting and risk management and internal control principles and for maintaining an
appropriate relationship with the company’s auditor.
Remuneration
Levels of remuneration should be sufficient to attract, retain and motivate directors of the quality
required to run the company successfully, but a company should avoid paying more than is
necessary for this purpose. A significant proportion of executive directors’ remuneration should
be structured so as to link rewards to corporate and individual performance.
www.mdarasa.com
Mobile Phone Application
+254708068851
Internal audit has two key roles to play in relation to organisational risk management:
- Ensuring the company's risk management system operates effectively
- Ensuring that strategies implemented in respect of business risks operate effectively
Internal audit may assist in the development of systems. However, its key role will be in
monitoring the overall process and in providing assurance that the systems which the
departments have designed meet objectives and operate effectively.
It is important that the internal audit department retains its objectivity towards these aspects of its
role,
which is another reason why internal audit would generally not be involved in the assessment of
risks and the design of the system.
Internal auditors are employed by the organisation and this can impair their independence and
objectivity and ability to report fraud/error to senior management because of perceived threats to
their continued employment within the company.
To ensure transparency, best practice indicates that the internal audit function should have a dual
reporting relationship, i.e. report both to management and those charged with governance (the
www.mdarasa.com
Mobile Phone Application
+254708068851
This results in a serious conflict, limits the scope and compromises the effectiveness of the
internal audit function.
Internal auditors are not required to be professionally qualified (as accountants are) and so there
may be limitations in their knowledge and technical expertise
2. Dynamic business
Due to changes in technology a number of companies have become so dynamic such that their
controls are updated on a continuous basis and this calls for constant feed back on those controls
that necessitate updating. This meant that, to cope with these demands companies had to
improvise and use expert advice, which was available from the Internal Auditor.
4. Competition
Under perfect competition companies can only survive if they are operationally efficient and this
calls for stronger controls and cost effectiveness.
5. Evolution of IT
Of late many companies have computerised their operations and controls. There is need therefore
for continuous review of the operation of controls over these computerized systems.
This International Standard on Auditing (ISA) deals with the external auditor’s responsibilities if
using the work of the internal audit function in obtaining audit evidence.
Relationship between the Internal Audit Function and the External Auditor
www.mdarasa.com
Mobile Phone Application
+254708068851
Irrespective of the degree of autonomy and objectivity of the internal audit function, such
function is not independent of the entity as is required of the external auditor when expressing an
opinion on financial statements. The external auditor has sole responsibility for the audit opinion
expressed, and that responsibility is not reduced by the external auditor’s use of the work of the
internal auditors.
Documentation
If the external auditor uses specific work of the internal auditors, the external auditor shall
include in the audit documentation the conclusions reached regarding the evaluation of the
adequacy of the work of the internal auditors, and the audit procedures performed by the external
auditor on that work.
www.mdarasa.com
Mobile Phone Application
+254708068851
Scope of this ISA {International Standard on Auditing (ISA) 610 (Revised), Using the Work of
Internal Auditors}
- The entity’s internal audit function is likely to be relevant to the audit if the nature of the
internal audit function’s responsibilities and activities are related to the entity’s financial
reporting, and the auditor expects to use the work of the internal auditors to modify the
nature or timing, or reduce the extent, of audit procedures to be performed.
- Carrying out procedures in accordance with this ISA may cause the external auditor to re-
evaluate the external auditor’s assessment of the risks of material misstatement.
Consequently, this may affect the external auditor’s determination of the relevance of the
internal audit function to the audit.
- Similarly, the external auditor may decide not to otherwise use the work of the internal
auditors to affect the nature, timing or extent of the external auditor’s procedures. In such
circumstances, the external auditor’s further application of this ISA may not be necessary.
www.mdarasa.com
Mobile Phone Application
+254708068851
Determining Whether and to What Extent to Use the Work of the Internal Auditors
Whether the Work of the Internal Auditors is likely to be Adequate for Purposes of the
Audit
Factors that may affect the external auditor’s determination of whether the work of the internal
auditors is likely to be adequate for the purposes of the audit include:
Objectivity
The status of the internal audit function within the entity and the effect such status has on the
ability of the internal auditors to be objective.
Whether the internal audit function reports to those charged with governance or an officer
with appropriate authority, and whether the internal auditors have direct access to those
charged with governance.
Whether the internal auditors are free of any conflicting responsibilities.
Whether those charged with governance oversee employment decisions related to the internal
audit function.
Whether there are any constraints or restrictions placed on the internal audit function by
management or those charged with governance.
Whether, and to what extent, management acts on the recommendations of the internal audit
function, and how such action is evidenced.
Technical competence
Whether the internal auditors are members of relevant professional bodies.
Whether the internal auditors have adequate technical training and proficiency as internal
auditors.
Whether there are established policies for hiring and training internal auditors.
Communication
Communication between the external auditor and the internal auditors may be most effective
when the internal auditors are free to communicate openly with the external auditors, and:
www.mdarasa.com
Mobile Phone Application
+254708068851
Planned Effect of the Work of the Internal Auditors on the Nature, Timing or Extent of the
External Auditor’s Procedures
Where the work of the internal auditors is to be a factor in determining the nature, timing or
extent of the external auditor’s procedures, it may be useful to agree in advance the following
matters with the internal auditors:
The timing of such work;
The extent of audit coverage;
Materiality for the financial statements as a whole (and, if applicable, materiality level or
levels for particular classes of transactions, account balances or disclosures), and
performance materiality;
Proposed methods of item selection;
Documentation of the work performed; and
Review and reporting procedures.
The nature, timing and extent of the audit procedures performed on specific work of the internal
auditors will depend on the external auditor’s assessment of the risk of material misstatement,
the evaluation of the internal audit function, and the evaluation of the specific work of the
internal auditors. Such audit procedures may include:
Examination of items already examined by the internal auditors;
Examination of other similar items; and
Observation of procedures performed by the internal auditors.
www.mdarasa.com
Mobile Phone Application
+254708068851
Objectives
The objectives of the external auditor, where the entity has an internal audit function and the
external auditor expects to use the work of the function to modify the nature or timing, or reduce
the extent, of audit procedures to be performed directly by the external auditor are:
a) To determine whether the work of the internal audit function can be used, and if so, in which
areas and to what extent; and having made that determination:
b) If using the work of the internal audit function, to determine whether that work is adequate
for purposes of the audit.
Determining Whether, in Which Areas, and to What Extent the Work of the Internal Audit
Function Can Be Used
The external auditor shall not use the work of the internal audit function if the external auditor
determines that:
a) The function’s organizational status and relevant policies and procedures do not adequately
support the objectivity of internal auditors;
b) The function lacks sufficient competence; or
c) The function does not apply a systematic and disciplined approach, including quality control.
As a basis for determining the areas and the extent to which the work of the internal audit
function can be used, the external auditor shall consider the nature and scope of the work that has
been performed, or is planned to be performed, by the internal audit function and its relevance to
the external auditor’s overall audit strategy and audit plan.
www.mdarasa.com
Mobile Phone Application
+254708068851
The external auditor shall make all significant judgments in the audit engagement and, to prevent
undue use of the work of the internal audit function, shall plan to use less of the work of the
function and perform more of the work directly:
(a) The more judgment is involved in:
i) Planning and performing relevant audit procedures; and
ii) Evaluating the audit evidence gathered;
(b) The higher the assessed risk of material misstatement at the assertion level, with special
consideration given to risks identified as significant;
(c) The less the internal audit function’s organizational status and relevant policies and
procedures adequately support the objectivity of the internal auditors; and
(d) The lower the levels of competence of the internal audit function.
- The external auditor shall also evaluate whether, in aggregate, using the work of the internal
audit function to the extent planned would still result in the external auditor being sufficiently
involved in the audit, given the external auditor’s sole responsibility for the audit opinion
expressed.
- The external auditor shall, in communicating with those charged with governance an
overview of the planned scope and timing of the audit communicate how the external auditor
has planned to use the work of the internal audit function.
- If the external auditor plans to use the work of the internal audit function, the external auditor
shall discuss the planned use of its work with the function as a basis for coordinating their
respective activities.
- The external auditor shall read the reports of the internal audit function relating to the work
of the function that the external auditor plans to use to obtain an understanding of the nature
and extent of audit procedures it performed and the related findings.
- The external auditor shall perform sufficient audit procedures on the body of work of the
internal audit function as a whole that the external auditor plans to use to determine its
adequacy for purposes of the audit, including evaluating whether:
a) The work of the function had been properly planned, performed, supervised, reviewed
and documented;
b) Sufficient appropriate evidence had been obtained to enable the function to draw
reasonable conclusions; and
c) Conclusions reached are appropriate in the circumstances and the reports prepared by the
function are consistent with the results of the work performed.
- The nature and extent of the external auditor’s audit procedures shall be responsive to the
external auditor’s evaluation of:
www.mdarasa.com
Mobile Phone Application
+254708068851
- The external auditor shall also evaluate whether the external auditor’s conclusions
regarding the internal audit function and the determination of the nature and extent of use
of the work of the function for purposes of the audit
Documentation
If the external auditor uses the work of the internal audit function, the external auditor shall
include in the audit documentation:
(a) The evaluation of:
i) Whether the function’s organizational status and relevant policies and procedures
adequately support the objectivity of the internal auditors;
ii) The level of competence of the function; and
iii) Whether the function applies a systematic and disciplined approach, including quality
control;
(b) The nature and extent of the work used and the basis for that decision; and
(c) The audit procedures performed by the external auditor to evaluate the adequacy of the work
used.
The objectives and scope of internal audit functions typically include assurance and consulting
activities designed to evaluate and improve the effectiveness of the entity’s governance
processes, risk management and internal control such as the following:
www.mdarasa.com
Mobile Phone Application
+254708068851
With the current trend in technological changes auditors need to be updated in system use to
make their work easier. This means that the auditor has to device new means of carrying out an
audit in a computerized environment. He also needs to understand how the controls work in such
a system.
KEY TERMS
Transaction Files: Are the equivalent of journals such as the sales journal or the purchases
journal or the cashbook.
Programs are the instructions telling the computer how each type of transaction is to be
processed.
Test data are designed to test the performance of the clients programs.
Exam Context
As the world embraces the emerging technological changes, so does the audit profession.
Bearing this in mind, questions bordering on the application of information technology will be
common in the exam. The questions that are likely to appear are the ones that deal with the
impact Information technology has had on audit.
Introduction
In the business environment today and in today’s world, there has been an irreversible push for
companies to automate their systems and their way of doing business so as to be competitive.
The push for companies to embrace the new technological changes has come with new
challenges for the audit environment. Unlike before where most systems were manual and the
procedures carried out by the auditor’s were tailor made for them, most company systems today
are automated. This means that the auditor has to device new means of carrying out an audit in a
computerized environment. He also needs to understand how the controls work in such a system.
www.mdarasa.com
Mobile Phone Application
+254708068851
i) Input devices. These include keyboards, optical readers, and bar code scanners.
ii) Processing devices. These are the computers themselves. i.e. CPU
iii) Storages devices include hard disk, diskettes and magnetic tapes.
iv) Output devices. These include the visual display unit (VDU) and printers.
The computer software consists of programs and operating systems.
Programs are the instructions telling the computer how each type of transaction is to
beprocessed. These instructions include routines of checking and controlling data, matching data
with master files and performing mathematical operations on data. E.g. for sales transactions,
matching routines will enable the computer to identify the right sales price from the sales master
file and the right customer from debtors master file. Mathematical routines will include
calculating the total debtor’s amount and updating customer’s balance in the debtors’ master file.
Operating system relates to a series of related programs to provide instructions as to what files
are required to be on-line, what output devices are required to be ready and what additional file
need to be created for further processing. E.g. with a batch of sales transactions, the sales price
file and debtor’s file need to be on-line. The printer must be loaded with blank invoice forms and
the totals must be retained for posting to the sales and debtors control accounts in the general
ledger master file.
An operating system will provide details of further processing runs within the system. So, for
example, in sales these will include updating the general ledger, processing cash receipts and
credit notes to the debtor’s file, printing out monthly statements and printing out analysis of due
accounts for credit control purposes.
In a batch processing system, the operating system may consist of a set of instructions provided
to the operator but increasingly the operating system is part of the computer software such
www.mdarasa.com
Mobile Phone Application
+254708068851
COMPUTER FILES
These are equivalent of books and records in a manual system and are described as either
transaction files or master files.
a) Transaction files.
These are equivalent of journal such as sales journal, the purchases journal or the cash book.
They contain details of individual transactions, but unlike books, a transaction file is not a
cumulative record. A separate file is set up for each batch. Thus in real time systems, a
transaction file is not necessary, but good systems will always create a transaction file for control
purposes to provide a security back up, incase of errors or computer malfunctions during
processing data to master file.
b) Master files.
These contain what is referred as standing data. They may be the equivalent of ledgers but may
also contain semi permanent data needed to process transactions. E.g. a debtor’s master file the
equivalent of debtor’s ledger but will also include data that in a manual system may be kept
separately such as invoicing address, discount terms and credit limits, even non accounting data
as cumulative sales to specific customers.
When master files are updated by processing them against a transaction file, the entire contents
of the file are usually re-written in a separate location so that after processing, the two files can
be compared and the difference agreed to the total of the transaction file. Any errors in updating
the master file will thus be detected and the process repeated. In practice, the old copy of the
master file and transaction file will be retained until the master file is updated again. This is the
grandfather-father-son approach. If the current master file is corrupted or lost due to machine or
operator error, previous versions provide back up from which the master file can be re-created.
Master files holding semi permanent data would in the case of debtor’s system include current
sales price list and in the case of personnel department, a personnel file giving details of wage
rates, authorized deductions and cumulative record of amounts paid to date for purpose of
providing tax certificates.
A special class of transactions includes those of amending standing data held in master files such
as sales price or wage rate. These transactions require special consideration because an error in
such data held in a master file will cause errors in all transactions processed against the master
www.mdarasa.com
Mobile Phone Application
+254708068851
Traditional batch processing has the advantage that the data can be subjected to checks for
validity, accuracy and completeness before it is processed. But for organizations that need
information on strict time scale, this type of processing is unacceptable. This has led to the
development of on-line and real time systems and the number is growing particularly in airline
offices, banks and other financial institutions. The auditor’s duties do not change but his audit
techniques must change.
The key features of these systems are that they are based on the use of a remote terminal which is
just a VDU and a keyboard. These terminals will be scattered within the user department and
have access to the central computer store. The problem for the auditor arises from the fact that
master files held in the central computer store may be read and updated by the remote terminals
without an adequate audit trail. Necessary precautions have to be made therefore to ensure that
these terminals are used in a controlled way by authorized personnel only.
- Hardware constraints e.g. necessitating the use of a key of magnetic strip badge or card to
engage a terminal or placing the terminal in allocation to which access is carefully restricted
and which is constantly monitored by closed circuit television surveillance systems.
- The allocation of identification numbers to authorized terminal operators. With or without
the use of passwords, these are checked by the main frame computer against stored records of
authorized numbers or passwords.
- Using operator characteristics such as voice, fingerprints and hand geometry (finger length
ratios) as a means of identification by the mainframe computer.
- Restricting the access to particular programs or master files in the mainframe computer to
designated terminals.
- In top security systems, the authority to allocate authorities such as determination of
passwords and nominating selected terminals should be restricted to senior personnel other
than intended users.
- A special file maybe maintained in the central processor which records every occasion on
which access is made by particular terminals and operators to the central programs and files.
This log will be printed out on regular basis or on request by personnel with appropriate
authority.
What differentiate on-line system from real time system is that the on-line system has a buffer
store where input data is held by the central processor before accessing the master files. This
www.mdarasa.com
Mobile Phone Application
+254708068851
With real systems however, action at the terminal causes an immediate response in the central
processor where the terminal is on-line. Security against unauthorized access and input is even
more important in real time systems because the effect of the input is that it instantaneously
updates the file held in the central processor and any edit checks on the input are likely to be
under the control of the terminal operators themselves. In view of these control problems, most
real time systems incorporate additional controls over the scrutiny of the master file.
In planning the audit, the auditor should consider how the presence of computerized information
systems may affect client’s accounting and internal control system and the conduct of the audit.
This is because computerized information systems have unique features compared to manual
systems and require inbuilt adequate controls to ensure that the accounting system can be relied
upon for complete and accurate accounting records. These features include;
1. General controls.
These relate to the environment within which the computer based systems are developed,
maintained and operated aimed at providing reasonable assurance that the overall objectives of
internal controls are achieved e.g. completeness, accuracy and validity of financial information
The objective of the general controls is to ensure the proper development and implementation of
applications and the integrity of program files and information. These controls could either be
manual or programmed and are classified into;
The organization should set up a steering committee composed of senior management and high
level representatives of system users who should the development and implementation of the
new system.
Management should approve specifications of the new system after the steering committee has
assessed the user needs. Before the new system is commissioned for use, appropriate testing
should be carried out to ensure that both the hardware and the application programs are operating
effectively. The testing will provide assurance that the new system is reliable.
The information technology manager, user department and the appropriate management level
should give appropriate approval of new system before being placed under operation and after
reviewing completeness of system documentation and results of its testing.
General IT controls that relate to some or all applications are usually interdependent controls, i.e.
their
operation is often essential to the effectiveness of application controls. As application controls
may be
useless when general controls are ineffective, it will be more efficient to review the design of
general IT controls first, before reviewing the application controls.
www.mdarasa.com
Mobile Phone Application
+254708068851
Once changes have been made, appropriate testing should be carried out to ensure that the
modified system is reliable.
The system documentation should then be amended to reflect the changes and appropriate
approval obtained for the modified system to start running.
System documentation
This involves putting together information that supports and explains computer applications. The
documentation provides details of capability of the system and how it is operated.
System documentation is important in conducting user training and also enables the management
to effectively review the system by considering whether appropriate controls have been put in
place during system development.
Parallel running
Before switching to the new system, the whole system should be tested by running it alongside
the old system for a specified period. This is important because it provides user with the
opportunity to familiarize themselves with the new system before it is fully implemented and
ensures that the new system is reliable and data is correctly carried forward from the old to the
new system.
www.mdarasa.com
Mobile Phone Application
+254708068851
b) Access controls.
The success of computerized information systems is largely dependent on the accuracy, validity
and credibility of the data processed by the system. Access controls to computer hardware,
software and data files is therefore vital.
Access controls provide assurance that only authorized individuals use the system and that the
usage is for authorized purposes only.
Access may be restricted to specified persons, files, functions or computer devices. This can be
achieved using both physical and programmed controls. Examples of access controls include;
- Physical restriction of access to computer facilities to specified persons only e.g. file servers
should be maintained in a secure location where access is granted to only specified persons.
- Controls over computers stored in the user department could be improved by making sure
that vital data on programs are not left running when the computer is left unattended.
- Passwords should be used by all staff when accessing computer facilities.
- Passwords should be changed regularly and access to password data held in a computer
system should be subject to stringent controls. This will ensure that some users do not gain
access to other people’s passwords.
- In granting user rights within the system, there should be appropriate segregation of duties to
ensure that rights granted are not excessive. e.g. a user should not have right to post data and
also make amendments on the same data.
- When designing the user rights, sensitive data and programs should only be accessible to few
individuals. In other cases, some files should be designed as ‘read only’ to avoid
unauthorized amendments.
- Programs and data that do not need to be online should be stored in secure locations.
- A system’s access log to record all attempts to log in the system should be maintained.
This would record name of user, data accessed or entered, time of log in and mode of access.
- When transmitting data over communication lines, it should be encrypted to make it difficult
for persons with access to communication lines from being able to modify the contents.
- There should be automatic log off i.e. the disconnection of active data terminal to prevent
viewing of sensitive data on unattended terminals.
Controls to ensure continuity of operation
- Storing extra copies of programs and data files off-site
- Protection of equipment against fire and other hazards
- Back-up power sources
- Disaster recovery procedures e.g. availability of back-up computer facilities.
- Maintenance agreements and insurance
www.mdarasa.com
Mobile Phone Application
+254708068851
The recovery plan should create back up or duplicate copies of important data files and programs
which should be stored off site.
The recovery plan should also be tested on regular basis to ensure that it indeed works. Other
issues that should be addressed include:
- Undertaking protection measures against natural disasters such as setting up computer rooms
in areas protected from floods and fitted with smoke or fire detectors.
- There should be standby equipment to revert to incase of computer breakdown.
There should be adequate virus detection. Procedures for dealing with virus infection are.
- Establishing a formal security policy which requires only clean and certified copies of
software are installed and checking data introduced from external sources for viruses.
- The company can also install antivirus software.
- Clean back up should be maintained and there should be adequate segregation of duties such
that people with powers and knowledge in making amendments to the application programs
should not have the responsibility for initiation and processing transactions and even making
amendments to existing data.
Controls to prevent wrong programs or files being used
- Operation controls over programs
- Libraries of programs
- Proper job scheduling
Application control
The purpose of application controls is to establish specific control procedures over the
accounting
applications in order to provide reasonable assurance that all transactions are authorised and
recorded,
and are processed completely, accurately and on a timely basis. Application controls include the
following.
1. Input controls.
2. Processing controls.
3. Output controls
4. Controls over master files and standby data
However, some of the controls management implement would cut across the four categories
mentioned above. E.g. some edit checks could provide comfort over the completeness and
accuracy of the input data by the way the data is processed and output information obtained and
also provide protection over standby data.
Input controls.
Most errors in data processed by computerized information systems can be traced to errors made
when the data was being input into the system. Controls over input fulfill the following
objectives.
- Completeness of input. This ensures that all transactions that took place have been processed.
- Accuracy. This ensures that the recorded transactions have been captured accurately.
- Validity. This ensures that only valid or genuine transactions appropriately authorized have
been
- Recorded. It also ensures credibility and reliability of recorded transactions.
Control over input: completeness
- Manual or programmed agreement of control totals
- Document counts
- One-to-one checking of processed output to source documents
- Programmed matching of input to an expected input control file
- Procedures over resubmission of rejected controls
Programmes to check data fields (for example value, reference number, date) on input
transactions for plausibility:
www.mdarasa.com
Mobile Phone Application
+254708068851
Authorised
Input by authorised personnel
Field checks - These controls check that all data fields required to process the transactions have
been filled with correct information. The controls also ensure accuracy of processed data and its
completeness because transactions cannot be properly processed if necessary data is missing.
Valid character checks-These check that data fields are filled with data of the correct type. E.g.
that amounts column is filled with numerical variables. This also ensures correctness of input
data.
Reasonableness or limit checks - These verify that data falls within predetermined reasonable
limits. E.g. if the authorized discount is 10%, the system would seek to verify that no customer is
awarded discounts beyond this limit without approved authorization. These controls ensure
accuracy and validity of the input data.
Master file checks - These verify that the codes used in processing transactions match with
those from master files. E.g. that customer identification code keyed in matches with what is on
sales master file.
These controls ensure that data is processed against correct master file.
Document count - This agrees number of input records if what is expected as per batch control.
www.mdarasa.com
Mobile Phone Application
+254708068851
Sign checks-These ensure that data has been keyed in with correct arithmetic sign. E.g. a
positive sign for debit entry and a negative sign for credit entry. The objective is to check
validity and accuracy of the processed data.
Zero balance checks - These verify that for every transaction process, debit entries equal
creditentries and any mismatches found are reported through an exception report. This control
ensuresaccuracy of input data.
Generation of exception reports to capture transactions that have been rejected for failing various
control checks.
Measures to ensure that the reasons behind rejected transactions are investigated and corrective
action taken.
There may be need for manual controls to for instance, a check to reveal that all purchase orders
have been appropriately authorized before a transaction is submitted for processing.
Processing controls
These controls seek to ensure that transactions are processed by the right programs and against
the correct master files. They also seek to ensure that data is not lost, duplicated or altered during
processing and that errors are identified ad corrected.
Some of the controls in input could help in meeting the above objectives of processing controls.
Physical file identification procedures -This is in form of labels which are physically attached
to files or diskettes to ensure right files are used during processing of transactions.
Sequence tests over pre-numbered documents-This ensures that all transactions are being
processed. Comparing the contents in files before and after processing a transaction to ensure
that the expected processing results have been achieved.
Zero balance checks that add up debits and credits of the transactions posted to ensure that the
result is zero as an indication that double entry has been completed.
An audit trail should be created through use of input and output control logs and maintenance of
transaction listing. This trail will facilitate an attempt to trace a transaction as a way of verifying
that it has been correctly processed.
www.mdarasa.com
Mobile Phone Application
+254708068851
Output controls.
Others include
- Similar controls to input must be in place when input is completed, for example, batch
reconciliations.
- Screen warnings can prevent people logging out before processing is complete
- Cyclical reviews of all master files and standing data
- Record counts (number of documents processed) and hash totals (for example, the total of all
the payroll numbers) used when master files are used to ensure no deletions
- Controls over the deletion of accounts that have no current balance
- Controls over input, processing, data files and output may be carried out by IT personnel,
users of the system, a separate control group and may be programmed into application
software. The auditors may wish to test the following application controls.
Cyclical reviews of all master files and standing data
Standing data refers to the data that is required during processing of the transactions but which
does not vary or change with every transaction. E.g. customer details such as name and address
do not change with every transaction although they are required in processing every transaction
with the customer.
www.mdarasa.com
Mobile Phone Application
+254708068851
- Restrictive access to standing data and ensuring that only few individuals have the user rights
within the system to make adjustments to the standing data.
- Before any changes are made to the standing data, appropriate authorization should be
obtained. E.g. before any changes are made on selling prices in the master file, appropriate
authorization should be obtained from the responsible officials.
- Once amendments have been made on standing data, a print out should be obtained from the
system such that an independent person can verify that the correct amendments have been
made.
- Where necessary, the organization should print out all the standing data and an independent
check be carried out to verify that this data is accurate and complete.
- An exception report should be generated on a regular basis providing details of any
unauthorized amendments made on standing data.
- One-to-one checking
- Record counts (number of documents processed) and hash totals (for example, the total of all
the payroll numbers) used when mast; files are used to ensure no deletions
- Controls over the deletion of accounts that have no current balance
- Controls over input, processing, data files and output may be carried out by IT personnel
users of the system, a separate control group and may be programmed into application
software. The auditors may wish to test the following application controls.
Testing the internal controls in a computerized environment
The auditor tests the internal controls when he wishes to place reliance on the controls to
determine whether the accounting records are reliable.
A computerized information system may differ from a manual system by having both manual
and programmed controls. The manual controls are tested in exactly the same way as in a manual
system. The programmed controlled in the following ways:
- By examination of exception reports and rejection reports. But there is no assurance that the
items on the exception reports were the only exceptions or that they actually met the
parameters set by the management. The auditor must seek for ways to test the performance of
the programs by auditing.
- Use of CAATs (computer assisted audit techniques). Test data is mainly applied intesting
computerized information systems.
Programmed control procedures
In the case of certain computer systems, the auditor may find that it is not possible or, in some
cases, not practical to test controls by examining only user controls or the system's output. The
www.mdarasa.com
Mobile Phone Application
+254708068851
As we have already noted, general IT controls may have a pervasive effect on the processing of
transactions in application systems. If these general controls are not effective, there may be a risk
that
misstatements occur and go undetected in the application systems. Although weaknesses in
general IT
controls may preclude testing certain IT application controls, it is possible that manual
procedures
exercised by users may provide effective control at the application levelfocus
The examiner expects you to be comfortable with a computerised scenario so it's important that
you
understand the use of IT controls within an organisation.
Summary
The auditors must understand the accounting system and control environment in order to
determine their audit approach.
The auditors shall assess the adequacy of the systems as a basis for the financial statements
and shall identify risks of material misstatements to provide a basis for designing and
performing further audit procedures.
The auditors must keep a record of the client's systems which must be updated each year.
This can be done through the use of narrative notes, flowcharts, questionnaires or checklists.
If the auditors believe the system of controls is strong, they may choose to test controls to
assess whether they can rely on the controls having operated effectively.
There are special considerations for auditors when a system is computerised. IT controls
comprise
general and application controls.
- Read magnetic files and to extract specified information from the files.
- To carry out audit work on the contents of the files.
- In the selection of representative or randomly chosen transactions or items for audittests.
- The scrutiny of files and selection of exceptional items for testing
- Comparison of two files and printing out the difference e.g. payrolls at two selecteddates.
- Preparing exception reports e.g. overdue debts.
- Stratification of data such as stock items or debtors with a view to examine only thematerial
items.
- Carrying out detailed tests and calculations
- Verifying data such as stock or fixed assets at the interim stage and then comparingthe
examined file with the end file so that only changed items need to be examined atthe final
audit.
The Control file
When auditing computerized information systems, it will be found that much reliance is placed
within the system upon standard forms and documentation in general, as well as upon strict
adherence to procedures laid down. This is no surprise, of course, since the ultimate constraining
factor in the system is the computers own capability and all users are competitors for its time. It
is therefore important that an audit control file be built as part of working papers and the auditor
must that he is on the distribution list for notifications of all new procedures, documents and
system changes in general.
www.mdarasa.com
Mobile Phone Application
+254708068851
- Copies of all the forms which source documents might take and details of the checksthat
have been carried out to ensure their accuracy.
- Details of physical controls over source documents as well as of the nature of anycontrol
totals of numbers, quantities or values including the names of persons keepingthese controls.
- Full description of how the source documents are to be converted into input media andthe
checking of control procedures.
- A detailed account of the clerical, procedural and systems development controlscontained in
the system. e.g. separation of programs from operators and separation ofcontrols over assets
from records relating to the assets.
- The arrangements for retaining source documents and input media for suitable periods.
- This is of great importance as they may be required for reconstructing stored files inevent of
error or mishap.
- A detailed flow diagram of what takes place during each routine processing run.
- Details of all tapes and discs in use including their layout, labeling, storage and
retentionarrangements.
- Copies of all the forms which output documents might take and details of their sortingand
checking.
- The auditor’s comments on the effectiveness of the controls.
Internal controls over computer processing include both manual procedures and procedures built
into the computer programs.
- The use of computers does not affect the auditor’s primary responsibility of reporting onthe
accounts but the way in which the auditor carries out his substantive and
complianceprocedures to arrive, at his opinion will be considerably different.
- The objectives of application controls which may be manual or programmed are toensure the
completeness and accuracy of the accounting records and the validity of theentries made
therein resulting from both manual and programmed processing.
- There are basically two techniques available to the auditor for auditing through thecomputer.
These are a use of test data and the use of computer audit programs.
- Substantive testing of computer records is possible and necessary. The extent dependson the
degree of reliance the auditor has placed on the internal controls
When auditing Electronic data processing systems, it will be found that much reliance is placed
within the system upon standard forms and documentation in general, as well as upon strict
adherence to procedures laid down. This is no surprise, of course, since the ultimate constraining
factor in the system is the computer’s own capability, and all users are competitors for its time. It
is therefore important that an audit control file be built up as part of the working papers, and the
auditor should ensure that he is on the distribution list for notifications of all new procedures,
www.mdarasa.com
Mobile Phone Application
+254708068851
(a) Copies of all the forms which source documents might take, and details of the checks that
have been carried out to ensure their accuracy.
(b) Details of physical control over source documents, as well as of the nature of any control
totals of numbers, quantities or values, including the names of the persons keeping these
controls.
(c) Full description of how the source documents are to be converted into input media, and the
checking and control procedures.
(d) A detailed account of the clerical, procedural and systems development controls contained in
the system (e.g. separation of programmers from operators; separation of control of assets
from records relating thereto).
(e) The arrangements for retaining source documents and input media for suitable periods.
(f) This is of great importance, as they may be required for reconstructing stored files in the
event of error or mishap.
(g) A detailed flow diagram of what takes place during each routine processing run.
(h) Details of all tapes and discs in use, including their layout, labelling, storage andretention
arrangements.
(i) Copies of all the forms which output documents might take, and details of their subsequent
sorting and checking.
(j) The auditor’s own comments on the effectiveness of the controls
www.mdarasa.com
Mobile Phone Application
+254708068851
This means examining evidence for all items in the financial statements without getting
immersed in the details of the computerized information system. The benefits of this approach
are that it saves time and its justification is that computers are 100% accurate in processing
transactions and therefore material processing errors simply do not occur.
The draw back of this approach is that once an application is programmed to process an item
incorrectly, then it processes exactly as programmed indefinitely. However, major frauds and
error or system failures should be picked up in the assets and liabilities verification e.g. if
processing of sales is incorrect, verification of debtors can uncover the error. Also an analysis of
gross profit margins will help discover any errors in sales. This approach is suitable for small
businesses but largely unsuitable for large scale entities.
When it is possible to relate on a one to one basis, the original input to the final output or to put it
another way, where the audit trail is always preserved than the presence of the computer has
minimal effect on the auditor’s work, and in that case it is possible to ignore what goes on in the
computer and concentrate audit tests on the completeness, accuracy, validity on the input and the
output, without paying any due concern to how that output has been processed. Where there is
super abundance of documentation and the output is as detailed and complete as in any manual
system and where the trail from beginning to end is complete so that all documents can be
identified and vouched and totally cross referenced, then the execution of normal audit tests on
records which are computer produced but which are nevertheless as complete as above then this
type of auditing is called auditing around the machine. In this case, the machine is viewed as
simply an instrument through which conventional records are produced. This approach is much
criticised because:
i) Doing so accurately;
ii) Printing all the exception which exists;
iii) Are authorised programs as opposed to dummy programs specially created for a fraudulent
purpose or out of date programs accidentally taken from the library and;
iv) That they contain programs control parameters which do in fact meet the company’s genuine
internal control requirements.
So although it may be reasonable for management to have faith in their systems and programs,
such faith on the part of the auditor would be completely misplaced and may reflect very
adversely on his duty of care. This is the first situation on the loss of audit trail.
The other situation where loss of audit trail is noted where the computer generates, totals,
analyses and balances without printing out details. It therefore becomes necessary for the auditor
to find a way to audit through the computer rather than around it. But before we go on to that, the
loss of audit train can be overcome as follows:
a) We can have special print outs for auditors, remember the need to be consulted at the design
stage.
b) Inclusive audit facility: This means putting in the programs special audit instructions that
enable the computer to carry out some audit tests and produce print outs specially for the
auditor.
c) Clerical recreation: Given unlimited time and man power, maintain the possibility to recreate
manually the audit trail. This would obviously be a very tedious exercise.
d) Total testing and comparison: It is possible to compare results with other data, budgets,
previous periods and industry averages.
e) Alternative tests: We can perform stock takes, debtors’ circularisation and examination of the
condition of fixed assets.
f) We can use test packs to verify program performance.
AUDITING THROUGH THE COMPUTER
There are two basic techniques available to the auditor for auditing through the computer. These
are use of test data and use of computer audit programs which are also called CAATs (computer
assisted audit techniques).
i) Test data
These are designed to test the performance of client’s programs. What it involves is for the
auditor either using dummy data or live data for processing to manually work out the expected
result using the logic of the program. This is then run on the computer using the program and the
www.mdarasa.com
Mobile Phone Application
+254708068851
Advantages
1. Examination of data is more rapid;
www.mdarasa.com
Mobile Phone Application
+254708068851
Applications of auditing procedures using the computer as an audit tool (also known as CAATs).
In the most general terms, CAATTs can refer to any computer program utilized to improve the
audit process. Generally, however, it is used to refer to any data extraction and analysis software.
This would include programs such as spreadsheets (e.g. Excel), databases (e.g. Access),
statistical analysis (e.g. SAS), business intelligence (e.g. Crystal Reports and Business Objects),
etc.
There are, however, companies that have developed dedicated specialized data analytic software
specifically for auditors.
Computer-assisted audit techniques (CAATs) are the applications of auditing procedures using
the computer as an audit tool.
www.mdarasa.com
Mobile Phone Application
+254708068851
The overall objectives and scope of an audit do not change when an audit is conducted in a
computerisedenvironment. However, the application of auditing procedures may require auditors
to consider techniques that use the computer as an audit tool. These uses of the computer for
audit work are known as computer-assisted audit techniques (CAATs).
Circumstances when the use of CAATS when performing audit procedures would be
necessary
i) When the company has recently installed a new computer system
ii) when software has been changed in the past year
iii) When standard software allows the company to change the programs or add procedures
iv) When there is a significant loss of audit trail in the computer system
v) When the auditor has identified weaknesses in the company accounting software
CAATs may be used in performing various auditing procedures, including the following.
- Tests of details of transactions and balances
- Analytical review procedures
- Tests of computer information system controls
The major steps to be undertaken by the auditors in the application of a CAAT are as follows.
- Set the objective of the CAAT application
- Determine the content and accessibility of the entity's files
Define the transaction types to be tested
- Define the procedures to be performed on the data
Define the output requirements
- Identify the audit and computer personnel who may participate in the design and application
of the CAAT
www.mdarasa.com
Mobile Phone Application
+254708068851
There are two particularly common types of CAAT, audit software and test data.
Use of computers on audits is common practice. The examiner expects you to consider the
computer
aspects of auditing as a matter of course. Therefore in answering questions on obtaining
evidence,
remember to include reference to CAATs if they seem relevant.
AUDIT SOFTWARE
Audit software consists of computer programs used by the auditors, as part of their auditing
procedures, to process data of audit significance from the entity's accounting system. It may
consist of generalised audit software or custom audit software, Audit software is used for
substantive procedures.
Generalised audit software allows auditors to perform tests on computer files and databases, such
as reading and extracting data from a client's systems for further testing; selecting data that meets
certain
criteria, performing arithmetic calculations on data, facilitating audit sampling and producing
documents and reports.
Custom Audit software is written by auditors for specific tasks when generalised audit software
cannot be used
The following provides some examples of the use of audit software in the course of an audit.
www.mdarasa.com
Mobile Phone Application
+254708068851
TEST DATA
Test data techniques are used in conducting audit procedures by entering data (eg a sample of
transactions) into an entity's computer system, and comparing the results obtained with pre-
determined results. Test data is used for tests of controls.
Examples include:
(a) Test data used to test specific controls in computer programs such as on-line password and
data
access controls.
(b) Test transactions selected from previously processed transactions or created by the auditors
to test
specific processing characteristics of an entity's computer system. Such transactions are
generally processed separately from the entity's normal processing, Test data can for example
be
used to check the controls that prevent the processing of invalid data by entering data with
say a
non-existent customer code or worth an unreasonable amount, or a transaction which may if
processed break customer credit limits.
(c) Test transactions used in an integrated test facility. This is where a 'dummy' unit (e.g. a
department
or employee) is established, and to which test transactions are posted during the normal
processing cycle.
A significant problem with test data is that any resulting corruption of data files has to be
corrected. This is difficult with modern real-time systems, which often have built-in (and highly
desirable) controls to ensure that data entered cannot be easily removed without leaving a mark.
Other problems with test data are that it only tests the operation of the system at a single point of
time,
and auditors are only testing controls in the programs being run and controls which they know
about. The problems involved mean that test data is being used less as a CAAT.
Analytical Procedures
- Analytical procedures performed as risk assessment procedures may identify aspects of the
entity of which the auditor was unaware and may assist in assessing the risks of material
misstatement in order to provide a basis for designing and implementing responses to the
assessed risks. Analytical procedures performed as risk assessment procedures may include
both financial and non-financial information, for example, the relationship between sales and
square footage of selling space or volume of goods sold.
- Analytical procedures may help identify the existence of unusual transactions or events, and
amounts, ratios, and trends that might indicate matters that have audit implications. Unusual
or unexpected relationships that are identified may assist the auditor in identifying risks of
material misstatement, especially risks of material misstatement due to fraud.
- However, when such analytical procedures use data aggregated at a high level (which may be
the situation with analytical procedures performed as risk assessment procedures), the results
of those analytical procedures only provide a broad initial indication about whether a
material misstatement may exist. Accordingly, in such cases, consideration of other
information that has been gathered when identifying the risks of material misstatement
together with the results of such analytical procedures may assist the auditor in understanding
and evaluating the results of the analytical procedures.
www.mdarasa.com
Mobile Phone Application
+254708068851
CONTENT
TOPIC 7
17.7 Forensic accounting
www.mdarasa.com
Mobile Phone Application
+254708068851
TOPIC 7
FORENSIC ACCOUNTING
FORENSIC ACCOUNTING
Forensic accounting is defined as "the application of investigative and analytical skills for the
purpose of resolving financial issues in a manner that meets standards required by courts of law.
Forensic accountants apply special skills in accounting, auditing, finance, quantitative methods,
certain areas of the law, research and investigative skills to collect, analyze and evaluate
evidential matter and to interpret and communicate findings."[4]
Forensic accounting is the term used to describe the type of engagement. It is the whole process
of carrying out a forensic investigation, including preparing an expert’s report or witness
statement, and potentially acting as an expert witness in legal proceedings.
Forensic investigation is a part of a forensic accounting engagement. Forensic investigation is the
process of gathering evidence so that the expert’s report or witness statement can be prepared. It
includes forensic auditing, but incorporates a much broader range of investigative techniques,
such as interviewing witnesses and suspects, imaging or recovering computer files including
emails, physical searches of premises etc.
Forensic auditing is the application of traditional auditing procedures and techniques in order to
gather evidence as part of the forensic investigation.
APPLICATION
The major applications of forensic accounting include fraud investigations, negligence cases and
insurance claims.
An insurance claim would require determination of how much the client should claim from the
insurer.
STEP 1
The first step would be a detailed review of the insurance policy to determine ‘coverage’, ie what
is insured and any clauses that might restrict the amount that can be claimed or invalidate the
claim.
STEP 1
The second step would be to gather evidence to quantify the loss, ie the amount to be claimed.
Insurance claims might include claims following misappropriation of assets, ie theft of goods or
money. In such cases, the forensic accountant will review inventory or cash records and details
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
The potential forensic accounting expert witness should keep the following in mind the
following requirements:
In many trials, including those involving fraud, there may be forensic accounting expert
witnesses brought by both sides of the case. Representing the actual “innocent” party in the case
is not a guarantee that the expert witness for the opposition cannot hurt your case. The next part
of this series will delve further into the skills and background a forensic accounting expert
witness may bring to the table.
The various forms of evidence that can be used during a criminal trial are
Documentary evidence
www.mdarasa.com
Mobile Phone Application
+254708068851
Real evidence
Real evidence is an object which, upon proper identification, becomes, of itself, evidence.
If the evidence is properly identified and relevant and if there is no other rule of evidence that
excludes it as evidence, it will be included as an exhibit that will be duly labelled and numbered
and available for the court to inspect.
Electronic Evidence
It is stated that a data message that was made by a person during the ordinary course of their
business, or a certified copy thereof, is admissible as evidence
Difference between the audit report and a forensic accounting expert report
A forensic accounting report differs considerably from an audit report. The audit report contains
audit opinions that are issued under International Financial Reporting Standards (IFRS), while
the forensic accounting report is not constrained by the required language of a governing
standard and forensic reports differ from one investigation to another, and one firm to another,
depending on the client‘s needs.
The following table illustrates the difference between auditing and a forensic accounting
investigation
AUDIT FORENSIC
ACCOUNTING
INVESTIGATION
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
CONTENT
TOPIC 8
17.8 Audit clearance and reporting
www.mdarasa.com
Mobile Phone Application
+254708068851
TOPIC 8
AUDIT CLEARANCE AND REPORTING
PURPOSES OF THE AUDITOR’S REPORT
The requirements of Companies Act regarding auditors report
The Companies Act cap 486 requires that the auditor of a limited liability company to report to the
members whether the financial statements laid before the AGM show true and fair view of the state of
affairs of the company and comply with the requirements of the companies act. The audit report is
therefore the means by which the auditor reports his opinions as to whether the financial statements show
a true and fair view of the state of affairs. The report is addressed to shareholders.
Section 162(1) of the Companies Act stipulates the statements that should be expressly stated in the
auditor’s report. These are;
- Whether the auditor has obtained all the information and explanation which to the bestof his
knowledge and belief were necessary for audit proposes.
- Whether in his opinion, proper books of accounts have been kept by the company, sofar as it appears
from the examination of those books and proper returns adequate forthe purposes of the audit from
branches not visited by him.
- Whether the company’s balance sheet and profit and loss accounts dealt by the reportare in agreement
with the books of the accounts and returns.
- Whether in his opinion and to the best of his information and according to the explanationsgiven to
him, the financial statements give the information required by the CompaniesAct in the manner so
required and give at rue and fair view.
- In the case of the balance sheet, of the state of affairs of the company as at the end ofthe accounting
period.
- In the case of the profit and loss account, of the state of profit or loss of the companyin the financial
year.
- In the case of a holding company submitting group financial statements whether in hisopinion, the
group financial statements have been prepared in accordance with theprovisions of the Companies
Act so as to give a true and fair view of the state of affairsand profit or loss of the company.
Once the auditor has gathered sufficient appropriate audit evidence on which to base his opinion, he is
expected to put his findings on the true and fairness of the financial statements in a report.
a) Examining, on a test basis, evidence to support the financial statement amounts and disclosures;
b) Assessing the accounting principles used in the preparation of the financial statements;
www.mdarasa.com
Mobile Phone Application
+254708068851
This report is referred to as the auditor’s report. The report is primarily meant for the Shareholders but
can be of benefit to other users of the financial statements as well for example the banks. The wording
and the format of the report is guided by law.
International Standard on Auditing (ISA) 700, Forming an Opinion and Reportingon Financial
Statements
For purposes of the ISAs, the following terms have the meanings attributedbelow:
a) General purpose financial statements – Financial statements prepared in accordance with a general
purpose framework.
b) General purpose framework – A financial reporting framework designed to meet the common
financial information needs of a wide range of users. The financial reporting framework may be a fair
presentation framework or a compliance framework.
The term “fair presentation framework” is used to refer to a financialreporting framework that requires
compliance with the requirementsof the framework and:
i) Acknowledges explicitly or implicitly that, to achieve fair presentation of the financial statements, it
may be necessary for management to provide disclosures beyond those specifically required by the
framework; or
ii) Acknowledges explicitly that it may be necessary for management to depart from a requirement of the
framework to achieve fair presentation of the financial statements. Such departures are expected to be
necessary only in extremely rare circumstances.
iii) The term “compliance framework” is used to refer to a financial reporting framework that requires
compliance with the requirements of the framework, but does not contain the acknowledgements in
(i) or (ii) above.
c) Unmodified opinion – The opinion expressed by the auditor when the auditor concludes that the
financial statements are prepared, in all material respects, in accordance with the applicable financial
reporting framework.
Reference to “financial statements” in this ISA means “a complete set of generalpurpose financial
statements, including the related notes.” The related notesordinarily comprise a summary of significant
accounting policies and otherexplanatory information. The requirements of the applicable financial
reportingframework determine the form and content of the financial statements, and whatconstitutes a
complete set of financial statements.
www.mdarasa.com
Mobile Phone Application
+254708068851
v) Opinion paragraph
This final paragraph states the auditors conclusions based on the results of the audit. This part of the
report is so important that often the audit report is simply called the auditor’s opinion.
The opinion paragraph is stated as an opinion rather than a statement of absolute fact or a guarantee.
www.mdarasa.com
Mobile Phone Application
+254708068851
www.mdarasa.com
Mobile Phone Application
+254708068851
x) Auditor’s Opinion
(a) Whether users might misunderstand the assurance obtained from the audit of the financial
statements and, if so,
(b) Whether additional explanation in the auditor’s report can mitigate possible misunderstanding.
If the auditor concludes that additional explanation in the auditor’s report cannot mitigate possible
misunderstanding, ISA 210 requires the auditor not to accept the audit engagement, unless required by
law or regulation to do so. In accordance with ISA 210, an audit conducted in accordance with such law
or regulation does not comply with ISAs. Accordingly, the auditor does not include any reference in the
auditor’s report to the audit having been conducted in accordance with International Standards on
Auditing.
“Present fairly, in all material respects” or “give a true and fair view”
- Whether the phrase “present fairly, in all material respects,” or the phrase “give a true and fair view”
is used in any particular jurisdiction is determined by the law or regulation governing the audit of
financial statements in that jurisdiction, or by generally accepted practice in that jurisdiction. Where
law or regulation requires the use of different wording, this does not affect the requirement for the
auditor to evaluate the fair presentation of financial statements prepared in accordance with a fair
presentation framework.
www.mdarasa.com
Mobile Phone Application
+254708068851
Description of the applicable financial reporting framework and how it may affect the auditor’s
opinion
- The identification of the applicable financial reporting framework in the auditor’s opinion is intended
to advise users of the auditor’s report of the context in which the auditor’s opinion is expressed. The
applicable financial reporting framework is identified in such terms as:
“… in accordance with International Financial Reporting Standards” or
“… in accordance with accounting principles generally accepted in Jurisdiction X …”
- When the applicable financial reporting framework encompasses financial reporting standards and
legal or regulatory requirements, the framework is identified in such terms as “… in accordance with
International Financial Reporting Standards and the requirements of Jurisdiction X Corporations
Act.” ISA 210 deals with circumstances where there are conflicts between the financial reporting
standards and the legislative or regulatory requirements.
- The financial statements may be prepared in accordance with two financial reporting frameworks,
which are therefore both applicable financial reporting frameworks. Accordingly, each framework is
considered separately when forming the auditor’s opinion on the financial statements, and the
auditor’s opinion refers to both frameworks as follows:
a) If the financial statements comply with each of the frameworks individually, two opinions are
expressed: that is, that the financial statements are prepared in accordance with one of the
applicable financial reporting frameworks (for example, the national framework) and an opinion
that the financial statements are prepared in accordance with the other applicable financial
reporting framework (for example, International Financial Reporting Standards). These opinions
may be expressed separately or in a single sentence (for example, the financial statements are
presented fairly, in all material respects, in accordance with accounting principles generally
accepted in Jurisdiction X and with International Financial Reporting Standards).
b) If the financial statements comply with one of the frameworks but fail to comply with the other
framework, an unmodified opinion can be given that the financial statements are prepared in
accordance with the one framework (for example, the national framework) but a modified opinion
given with regard to the other framework (for example, International Financial Reporting
Standards) in accordance with ISA 705.
- The financial statements may represent compliance with the applicable financial reporting framework
and, in addition, disclose the extent of compliance with another financial reporting framework.
- Such supplementary information is covered by the auditor’s opinion as it cannot be clearly
differentiated from the financial statements.
a) If the disclosure as to the compliance with the other framework is misleading, a modified opinion
is expressed in accordance with ISA 705.
b) If the disclosure is not misleading, but the auditor judges it to be of such importance that it is
fundamental to the users’ understanding of the financial statements, an Emphasis of Matter
paragraph is added in accordance with ISA 706, drawing attention to the disclosure.
a) A title;
b) An addressee, as required by the circumstances of the engagement;
c) An introductory paragraph that identifies the financial statements audited;
d) A description of the responsibility of management (or other appropriate term, ) for the preparation of
the financial statements;
e) A description of the auditor’s responsibility to express an opinion on the financial statements and the
scope of the audit, that includes:
A reference to International Standards on Auditing and the law or regulation; and
A description of an audit in accordance with those standards;
f) An opinion paragraph containing an expression of opinion on the financial statements and a reference
to the applicable financial reporting framework used to prepare the financial statements (including
identifying the jurisdiction of origin of the financial reporting framework that is not International
Financial Reporting Standards or International Public Sector Accounting Standards
g) The auditor’s signature;
h) The date of the auditor’s report; and
i) The auditor’s address.
Auditor’s Report for Audits Conducted in Accordance with Both Auditing Standards of a Specific
Jurisdiction and International Standards on Auditing
- An auditor may be required to conduct an audit in accordance with the auditing standards of a specific
jurisdiction (the “national auditing standards”), but may additionally have complied with the ISAs in
www.mdarasa.com
Mobile Phone Application
+254708068851
a) There is no conflict between the requirements in the national auditing standards and those in ISAs
that would lead the auditor (i) to form a different opinion, or (ii) not to include an Emphasis of
Matter paragraph that, in the particular circumstances, is required by ISAs; and
b) The auditor’s report includes, at a minimum, each of the elements set out in above when the
auditor uses the layout or wording specified by the national auditing standards. Reference to law
or regulation shall be read as reference to the national auditing standards. The auditor’s report
shall thereby identify such national auditing standards.
- When the auditor’s report refers to both the national auditing standards and International Standards on
Auditing, the auditor’s report shall identify the jurisdiction of origin of the national auditing
standards.
The financial reporting framework is determined by IFRS’s, with due regard to local legislation. To advise
the reader of the context in which the auditor’s opinion is expressed, the auditor’s opinion indicates the
framework upon which the financial statements are based. This designation helps the user to better
understand which financial reporting framework was used in preparing the financial statements.
The following are the various types of audit opinions that the auditor can issue:
i) Unqualified opinion.
ii) Modified opinions:
Emphasis of matter.
Qualified opinion.
Disclaimer of opinion.
Adverse opinion.
These are covered in detail below.
a) Unqualified Opinion
An unqualified opinion should be expressed when the auditor concludes that the financial statements give
a true and fair view in accordance with IFRS and the Kenyan Companies Act. An unqualified opinion also
indicates implicitly that any changes in accounting principles or in the method of their application, and the
effects thereof, have been properly determined and disclosed in the financial statements.
b) Modified Reports
www.mdarasa.com
Mobile Phone Application
+254708068851
Whenever the auditor expresses an opinion that is other than unqualified, a clear description of all the
substantive reasons should be included in the report and, unless impracticable, a quantification of the
possible effect(s) on the financial statements. This information is normally set out in a separate paragraph
preceding the opinion or disclaimer of opinion and may include a reference to a note to the financial
statements that more extensively discusses the matter.
www.mdarasa.com
Mobile Phone Application
+254708068851
The following is an illustration of the relevant paragraphs when an adverse opinion is to be expressed:
Limitation on Scope
A limitation in the scope of the auditor’s work can arise in the following circumstances:
i) When the limitation in scope is imposed by the entity (for example, as a result of the terms of
engagement).
ii) When the limitation on scope is imposed by circumstances (for example, the timing of the auditor’s
appointment is such that the auditor is unable to observe the counting of inventories or when the entity’s
accounting records are inadequate and the auditor is unable to carry out reasonable alternative
procedures to obtain sufficient appropriate audit evidence to support an unqualified opinion).
www.mdarasa.com
Mobile Phone Application
+254708068851
When there is a limitation on the scope of the auditor’s work that requires expression of a qualified opinion
or a disclaimer of opinion, the auditor’s report should describe the limitation and indicate the possible
adjustments to the financial statements that might have been determined to be necessary had the limitation
not existed.
www.mdarasa.com
Mobile Phone Application
+254708068851