CHAPTER 1

Overview, History, and Overall Objectives

of Auditing

1.1   General
The word “audit” comes from the Latin word audire, which means “to
hear”. The ancient “audit-checking” activities can be traced back to
ancient civilizations, such as of China, Egypt, and Greece. The ancient
checking activities found in Greece (around 350 B.C.) appear to be
closest to the present-day auditing.1 Auditing is a systematic process of
objectively obtaining and evaluating the evidence regarding assertions
about economic actions and events to ascertain the degree of corre-
spondence between the assertions and established criteria and communi-
cating the results to interested users.2 The role assured by audit firms is
crucial to our financial markets. Information is the lifeblood of the mar-
ket. For the market to operate efficiently—indeed, for it to operate at
all—information must have some measure of reliability. Investor confi-
dence is bolstered by the knowledge that public financial statements have
been subjected to the rigors of independent and objective investigation
and analysis.3

1 LEE Teck-Heang, Azham Md. Ali (2008): The Evolution of Auditing: An Analysis of the

Historical Development, Journal of Modern Auditing and Accounting, Volume 4, No. 12, p. 2.
2 American Accounting Association Committee on Basic Auditing Concepts (1973): A

Statement of Basic Auditing Concepts, American Accounting Association (Sarasota, FL).

3 American Institute of Certified Public Accountants, Code of Professional Conduct,

Paragraph 53, at http://www.aicpa.org.

© The Author(s) 2018 3

F. I. Lessambo, Auditing, Assurance Services, and Forensics,
https://doi.org/10.1007/978-3-319-90521-1_1
4  F. I. LESSAMBO

1.2  Attestations and Assurance Services

1.2.1   Attestation Services

Attestation involves an engagement resulting in the issuance of a report
on subject matter or an assertion about the subject matter that is the
responsibility of another party. Attestation services include: (i) audit,
(ii) internal control over financial statements, (iii) review, (iv) informa-
tion technology, and (v) others.4 There are four types of audit services:

• Operational audit

Operational Audit is a systematic review of effectiveness, efficiency,

and economy of operation. Operational audit is a future-oriented, sys-
tematic, and independent evaluation of organizational activities. The
process is very similar to the processes for other forms of audits, such
as the financial audit, but the operational audit process is a much more
in-depth review of the business. It usually does not focus on a sin-
gle department or project, because each department plays a role in the
overall operational process and is interconnected. It aims to determine
whether the internal controls of the business (i.e., policies and proce-
dures) are sufficient to produce an optimum level of efficiency and effec-
tiveness. Operational audit is often praised as a process which provides a
company with objective opinions enabling it to generate quicker produc-
tion or sales turnaround, better allocation of costs, improved control sys-
tems, the location of areas of delay and an overall streamlined workflow.
However, like any audit process, operational audit can be time-consum-
ing and costly.

• Compliance audit5

A compliance audit is a comprehensive review of an organization’s

adherence to regulatory guidelines. Independent accounting, security,
or IT consultants evaluate the strength and thoroughness of compliance

4 Include services such as compliance with trading policies and procedures, environmen-

tal audit. They can be extended to include assurance services, such as internal audit sup-
port, agreed upon procedures, and IT consulting.
5 AU Section 801.
 1  OVERVIEW, HISTORY, AND OVERALL OBJECTIVES OF AUDITING  5

preparations. A compliance audit is based on the premise that manage-

ment is responsible for the entity’s compliance with compliance require-
ments. Management’s responsibility for the entity’s compliance with
compliance requirements includes the following:

a. Identifying the entity’s government programs and understanding

and complying with the compliance requirements
b. Establishing and maintaining effective controls that provide rea-
sonable assurance that the entity administers government programs
in compliance with the compliance requirements
c. Evaluating and monitoring the entity’s compliance with the com-
pliance requirements
d. Taking corrective action when instances of noncompliance are
identified, including corrective action on audit findings of the
compliance audit.

The auditor’s objectives in a compliance audit are to: (a) obtain suffi-
cient appropriate audit evidence to form an opinion and report at the
level specified in the governmental audit requirement on whether the
entity complied in all material respects with the applicable compliance
requirements; and (b) identify audit and reporting requirements specified
in the governmental audit requirement that are supplementary to GAAS
and Government Auditing Standards, if any, and perform procedures to
address those requirements.
The auditor should determine which of those government programs
and compliance requirements to test in accordance with the govern-
mental audit requirement. The auditor should assess the risks of material
noncompliance whether due to fraud or error for each applicable com-
pliance requirement and should consider whether any of those risks are
pervasive to the entity’s compliance because they may affect the entity’s
compliance with many compliance requirements. The auditor should
report noncompliance as well as other matters that are required to be
reported by the governmental audit requirement in the manner specified
by the governmental audit requirement.

• Financial statement audit

A financial statement audit is the examination of an entity’s financial

statements and accompanying disclosures by an independent auditor.
6  F. I. LESSAMBO

The result of this examination is a report by the auditor, attesting to

the fairness of presentation of the financial statements and related dis-
closures. It aims to add credibility to the reported financial position and
performance of a business, and is required for all publicly traded enti-
ties. The audit process is based upon management assertions. The audi-
tor may base his or her work on financial statement assertions that differ
from those in this standard if the assertions are sufficient for the auditor
to identify the types of potential misstatements and to respond appropri-
ately to the risks of material misstatement in each significant account and
disclosure that has a reasonable possibility of containing misstatements
that would cause the financial statements to be materially misstated, indi-
vidually or in combination with other misstatements. Those assertions
can be classified into the following categories:

1. Existence or occurrence—Assets or liabilities of the company exist

at a given date, and recorded transactions have occurred during a
given period.
2. Completeness—All transactions and accounts that should be pre-
sented in the financial statements are so included.
3. Valuation or allocation—Asset, liability, equity, revenue, and
expense components have been included in the financial statements
at appropriate amounts.
4. Rights and obligations—The company holds or controls rights to
the assets, and liabilities are obligations of the company at a given
date.
5. Presentation and disclosure—The components of the financial
statements are properly classified, described, and disclosed.

1.2.2   Assurance Services

Assurance services are independent professional services that improve
the quality of information, or its context, for decision makers. Assurance
services include many areas of information, including nonfinancial areas.
They may include process documentation, control testing, development
of entity-level and activity level controls and documentation review, or an
agreed-upon procedure, or IT assurances.
The needs of for assurance and related services on various types of
financial information often are addressed through assurance and related
 1  OVERVIEW, HISTORY, AND OVERALL OBJECTIVES OF AUDITING  7

services (other than audits) and through combinations of services that

satisfy a particular entity’s specific needs.6

1.3  Audit Objectives
The objectives of the audit have also evolved through time from the
detection of fraud to its by prevention through adequate safeguards and
principles.7 An audit function plays a critical role in maintaining the wel-
fare and stability of the society.8 Today, it is well accepted that the role
or function of an audit consists of providing credibility to the financial
statements prepared and released by company managers for their share-
holders, including the detection, the report, as well as the assessment of
the business’ risks.

1.4   Overall Objectives9

The overall objectives of the auditor, in conducting an audit of financial
statements, are:

• To obtain reasonable assurance about whether the financial state-

ments as a whole are free from material misstatement, whether due
to fraud or error, thereby enabling the auditor to express an opinion
on whether the financial statements are presented fairly, in all mate-
rial respects, in accordance with an applicable financial reporting
framework; and
• To report on the financial statements, and communicate as required
by GAAS, in accordance with the auditor’s findings.

In all cases when reasonable assurance cannot be obtained and a qual-

ified opinion in the auditor’s report is insufficient in the circumstances

6 IAASB (March 2010): Assurance and Related Services on Financial Statements Other

Than Audits, p. 2.
7 Yolanda and Cathy (2010): Developments in Auditing and Assurance, Corporate

Financial Reporting, NJ, p. 93.

8 LEE Teck-Heang, Azham Md. Ali (2008): The Evolution of Auditing: An Analysis of

the Historical Development, Journal of Modern Auditing and Accounting, Volume 4, No.
12, p. 1.
9 AU 200.
8  F. I. LESSAMBO

for purposes of reporting to the intended users of the financial state-

ments, GAAS require that the auditor disclaim an opinion or withdraw
from the engagement, whenever withdrawal is possible under applica-
ble law or regulation. The auditor’s opinion on the financial statements
addresses whether the financial statements are presented fairly, in all
material respects, in accordance with the applicable financial reporting
framework. Such an opinion is common to all audits of financial state-
ments. The auditor’s opinion, therefore, does not assure, for example,
the future viability of the entity nor the efficiency or effectiveness with
which management has conducted the affairs of the entity. In some cir-
cumstances, however, applicable law or regulation may require auditors
to provide opinions on other specific matters, such as the effectiveness
of internal control. Although GAAS include requirements and regarding
such matters to the extent that they are relevant to forming an opinion
on the financial statements, the auditor would be required to undertake
further work if the auditor had additional responsibilities to provide such
opinions.
The requirements for audits of the financial statements of governmen-
tal entities may be broader than those of other entities. As a result, the
premise, relating to management’s responsibilities, on which an audit
of the financial statements of a governmental entity is conducted, may
include additional responsibilities, such as the responsibility for the exe-
cution of transactions and events in accordance with law, regulation, or
other authority (Fig. 1.1).

1.5  Reasonable Assurance
Reasonable assurance refers to the auditor’s degree of satisfaction that
the evidence obtained during the performance of the audit supports the
assertions embodied in the financial statements. The auditor’s standard
report on the audit of financial statements explicitly asserts in the scope
paragraph that the audit was conducted in accordance with professional
standards and states that “those standards require that we plan and per-
form the audit to obtain reasonable assurance about whether the financial
statements are free of material misstatement.” The exercise of due pro-
fessional care allows the auditor to obtain reasonable assurance that the
financial statements are free of material misstatement, whether caused by
error or fraud. Absolute assurance is not attainable because of the nature
of the audit evidence and the characteristics of fraud. Therefore, an audit
 1  OVERVIEW, HISTORY, AND OVERALL OBJECTIVES OF AUDITING  9

Fig. 1.1  Relationship between audits, attestations services, and assurances

(Source The Author)

conducted in accordance with generally accepted auditing standards may

not detect a material misstatement.10
PCAOB Auditing Standard No. 2, paragraph 17 describes reasonable
assurance as follows:

Management’s assessment of the effectiveness of internal control over

financial reporting is expressed at the level of reasonable assurance …
Reasonable assurance includes the understanding that there is a remote
likelihood that material misstatements will not be prevented or detected
on a timely basis. Although not absolute assurance, reasonable assurance is,
nevertheless, a high level of assurance.11

10 AU Section 230.10.
11 PCAOB Auditing Standard No. 2, An Audit of Internal Control Over Financial
Reporting Performed in Conjunction With an Audit of Financial Statements.
10  F. I. LESSAMBO

1.6  Terms Engagement12
The objective of the auditor is to accept an audit engagement for a new
or existing audit client only when the basis upon which it is to be per-
formed has been agreed upon through: (a) establishing whether the pre-
conditions for an audit are present and (b) confirming that a common
understanding of the terms of the audit engagement exists between the
auditor and management and, when appropriate, those charged with
governance.
The auditor should agree upon the terms of the audit engagement
with management or those charged with governance, as appropriate. The
agreed-upon terms of the audit engagement should be documented in
an audit engagement letter or other suitable form of written agreement
and should include the following:

• The objective and scope of the audit of the financial statements

• The responsibilities of the auditor
• The responsibilities of management
• A statement that because of the inherent limitations of an audit,
together with the inherent limitations of internal control, an una-
voidable risk exists that some material misstatements may not be
detected, even though the audit is properly planned and performed
in accordance with GAAS
• Identification of the applicable financial reporting framework for the
preparation of the financial statements
• Reference to the expected form and content of any reports to be
issued by the auditor and a statement that circumstances may arise
in which a report may differ from its expected form and content

Before accepting an engagement for an initial audit, including a re-audit

engagement, the auditor should request management to authorize the
predecessor auditor to respond fully to the auditor’s inquiries regarding
matters that will assist the auditor in determining whether to accept the
engagement. If management refuses to authorize the predecessor auditor
to respond, or limits the response, the auditor should inquire about the
reasons and consider the implications of that refusal in deciding whether
to accept the engagement. The auditor should evaluate the predecessor

12 AU 210.
 1  OVERVIEW, HISTORY, AND OVERALL OBJECTIVES OF AUDITING  11

auditor’s response, or consider the implications if the predecessor auditor

provides no response or a limited response, in determining whether to
accept the engagement.
On recurring audits, the auditor should assess whether circumstances
require the terms of the audit engagement to be revised. If the audi-
tor concludes that the terms of the preceding engagement need not be
revised for the current engagement, the auditor should remind manage-
ment of the terms of the engagement, and the reminder should be doc-
umented. The auditor should not agree to a change in the terms of the
audit engagement when no reasonable justification for doing so exists.
If, prior to completing the audit engagement, the auditor is requested
to change the audit engagement to an engagement for which the auditor
obtains a lower level of assurance, the auditor should determine whether
reasonable justification for doing so exists. If the terms of the audit
engagement are changed, the auditor and management should agree on
and document the new terms of the engagement in an engagement let-
ter or other suitable form of written agreement. If the auditor concludes
that no reasonable justification for a change of the terms of the audit
engagement exists and is not permitted by management to continue the
original audit engagement, the auditor should:

• withdraw from the audit engagement when possible under applica-

ble law or regulation,
• communicate the circumstances to those charged with governance,
and
• determine whether any obligation, either legal, contractual, or oth-
erwise, exists to report the circumstances to other parties, such as
owners, or regulators.

Example of an Audit Engagement Letter

[The objective and scope of the audit]
You 2 have requested that we audit the financial statements of ABC
Company, which comprise the balance sheet as of December 31,
20XX, and the related statements of income, changes in stockhold-
ers’ equity, and cash flows for the year then ended, and the related
notes to the financial statements. We are pleased to confirm our
acceptance and our understanding of this audit engagement by
12  F. I. LESSAMBO

means of this letter. Our audit will be conducted with the objective
of our expressing an opinion on the financial statements.
[The responsibilities of the auditor]

We will conduct our audit in accordance with auditing standards

generally accepted in the United States of America (GAAS). Those
standards require that we plan and perform the audit to obtain rea-
sonable assurance about whether the financial statements are free
from material misstatement. An audit involves performing proce-
dures to obtain audit evidence about the amounts and disclosures
in the financial statements. The procedures selected depend on the
auditor’s judgment, including the assessment of the risks of mate-
rial misstatement of the financial statements, whether due to fraud
or error. An audit also includes evaluating the appropriateness of
accounting policies used and the reasonableness of significant
accounting estimates made by management, as well as evaluating
the overall presentation of the financial statements.
Because of the inherent limitations of an audit, together with the
inherent limitations of internal control, an unavoidable risk that
some material misstatements may not be detected exists, even
though the audit is properly planned and performed in accordance
with GAAS.
In making our risk assessments, we consider internal control rele-
vant to the entity’s preparation and fair presentation of the financial
statements in order to design audit procedures that are appropriate
in the circumstances but not for the purpose of expressing an opin-
ion on the effectiveness of the entity’s internal control. However,
we will communicate to you in writing concerning any significant
deficiencies or material weaknesses in internal control relevant to
the audit of the financial statements that we have identified during
the audit.
 1  OVERVIEW, HISTORY, AND OVERALL OBJECTIVES OF AUDITING  13

[The responsibilities of management and identification of the applica-

ble financial reporting framework]
Our audit will be conducted on the basis that [management and,
when appropriate, those charged with governance] 3 acknowledge
and understand that they have responsibility
a. for the preparation and fair presentation of the financial state-
ments in accordance with accounting principles generally
accepted in the United States of America;
b. for the design, implementation, and maintenance of inter-
nal control relevant to the preparation and fair presentation of
financial statements that are free from material misstatement,
whether due to fraud or error; and
c. to provide us with
(i) access to all information of which [management] is aware
that is relevant to the preparation and fair presentation of
the financial statements such as records, documentation,
and other matters;
(ii) additional information that we may request from [manage-
ment] for the purpose of the audit; and
(iii) unrestricted access to persons within the entity from whom
we determine it necessary to obtain audit evidence.
As part of our audit process, we will request from [management
and, when appropriate, those charged with governance], written
confirmation concerning representations made to us in connection
with the audit.
[Other relevant information]
[Insert other information, such as fee arrangements, billings, and
other specific terms, as appropriate.]
[Reporting]

[Insert appropriate reference to the expected form and content of the

auditor’s report. Example follows:]
14  F. I. LESSAMBO

We will issue a written report upon completion of our audit of

ABC Company’s financial statements. Our report will be addressed
to the board of directors of ABC Company. We cannot pro-
vide assurance that an unmodified opinion will be expressed.
Circumstances may arise in which it is necessary for us to mod-
ify our opinion, add an emphasis-of-matter or other-matter para-
graph(s), or withdraw from the engagement.
We also will issue a written report on [Insert appropriate reference
to other auditor’s reports expected to be issued.] upon completion
of our audit.
Please sign and return the attached copy of this letter to indicate
your acknowledgment of, and agreement with, the arrangements
for our audit of the financial statements including our respective
responsibilities.

1.7   Quality Control of Engagement13

Quality control systems, policies, and procedures are the responsibil-
ity of the audit firm. Under QC section 10, A Firm’s System of Quality
Control, the firm has an obligation to establish and maintain a system
of quality control to provide it with reasonable assurance that (a) the
firm and its personnel comply with professional standards and applica-
ble legal and regulatory requirements and (b) reports issued by the firm
are appropriate in the circumstances. Engagement teams have a responsi-
bility to implement quality control procedures that are applicable to the
audit engagement and provide the firm with relevant information to ena-
ble the functioning of that part of the firm’s system of quality control
relating to independence. Engagement teams are entitled to rely on the
firm’s system of quality control, unless the engagement partner deter-
mines that it is inappropriate to do so based on the information pro-
vided by the firm or other parties. The engagement partner may use the

13 AU 220.
 1  OVERVIEW, HISTORY, AND OVERALL OBJECTIVES OF AUDITING  15

assistance of other members of the engagement team or other personnel

within the firm in meeting the requirements under QC section 10. These
requirements do not relieve other members of the engagement team of
any of their professional responsibilities.

Appendix
– Auditor Independence: Evidence on the Joint Effects of Auditor
Tenure and Non-audit Fees, by Ferdinand A. Gul, Bikki L. Jaggi,
and Gopal V. Krishnan; AUDITING: A Journal of Practice &
Theory, November 2006, Vol. 25, No. 2, pp. 1–23.

Practice
Question 1
Docilo LLC is an audit firm based in Tarrytown, NY. Docilo has
accepted a new engagement to perform audit services for Danger T, Inc.
The auditor professional responsibilities is to:

(a) The client only

(b) The state of New York
(c) The public
(d) The client, the public, and the shareholders

Question 2
Management’s responsibility for the entity’s compliance with compli-
ance requirements includes the following:

(a) Identifying the entity’s government programs and understanding

and complying with the compliance requirements
(b) Establishing and maintaining effective controls that provide rea-
sonable assurance that the entity administers government pro-
grams in compliance with the compliance requirements
(c) Evaluating and monitoring the entity’s compliance with the com-
pliance requirements
(d) Taking corrective action when instances of noncompliance are
identified, including corrective action on audit findings of the
compliance audit
(e) All of the above
16  F. I. LESSAMBO

Question 3
The following are types of assurance services with the exception of:

(a) Training engagement
(b) Due diligence engagement
(c) Compliance engagement
(d) Financial engagement

Question 4
The following are types of assurance services with the exception of:

(a) Legal counsel engagement

(b) Facilitation engagement
(c) Advice engagement
(d) System security engagement

Question 5
An accountant’s objective of a review of the financial statements of a
non-issuer (nonpublic company) is to provide what type of assurance?

(a) Absolute assurance
(b) Limited assurance
(c) No assurance
(d) Reasonable assurance