Professional Documents
Culture Documents
Audit
Audit
SESSION I
Introduction - This introductory part deals with setting the congenial climate of learning
and teaching by assisting participants to know one another. This is a familiarization
process to make starting easier.
Breaking the Ice - Adult educators and prominent trainers suggest that instructors should
not immediately get into the subject matter of the course before” breaking the ice”. This
means that trainees need knowing their instructors and trainee colleagues to make the
learning environment conducive and easier. Instructors may introduce themselves and
ask each trainee to introduce himself/herself and where he/she came from and what
his/her responsibilities, at the work place, are. In brief, this session is intended to help
trainees share personal information about one another and thereby get to know better
facilitate exchange of ideas.
Learning Contract - Training facilitators and adult educators, generally, agree that the
learning community distinguishes itself by the prevalence of trust, openness, and
collaboration. Learning demands that each individual be willing to try new behaviour,
to give and receive constructive feedback and to actively engage into the learning
process. The instructor (the facilitator) has much to do with creating the conditions
necessary for such a „community” to develop and evolve.
The norm of such a community demands that instructors and participants share equally
the responsibility for success, with all group members willing to lead and to follow when
the need arises. This methodology assists to assess and determine the quality of the
learning environment and the interaction among participants.
Having created the appropriate environment, the possible next factor to consider, at this
stage, is to define the sessions‟ learning objective(s) and ascertain what is to be gained at
the end of each session. We have to recall, again, that, although the success of the entire
course will be a shared responsibility, the learning process is largely controlled by the
participants (learners). Hence, the learning process is enhanced when learners have the
opportunity to participate in the planning process; but there should be a clear definition
and understanding of roles and responsibilities of the instructors and learners in the
learning process.
Bases and Authority
Learning Objectives;
To assist participants to:
1 Know the origin of the Training Module (T.M.)
2 Create awareness about the ownership and use right
3 Know the purpose of T. M.
4 Know the sources of authority and responsibilities of the owner.
a. This Training Module is based on the Internal Audit Manual issued by the
Ministry of Finance and Economic Development (MoFED) in accordance
with the power given to it by the Financial Administration Proclamation
No.57/1996 (Art. 68), the Financial Regulation No. 17/1997 of the Council
of Ministers and the directives issued by MoFED itself under the
authorities of these legislations.
b. The Module is to be used for training of internal audit staff and other
pertinent personnel of public bodies as defined in the audit manual.
c. The Module is expected to serve two purposes. In the first place, it is
expected to impart knowledge and skill of the methodology of transfer of
training skill to future trainers. Secondly, it is also expected to furnish
appropriate training materials based on MoFED‟s audit procedural manual
and other enhanced, professional reference materials.
This Training Module is the property of MoFED and in the event of any need of
clarification(s) or question(s) on the Module or any part thereof, it has to be referred to
the Ministry. The Module or any part of it cannot, therefore be used for any
commercial benefit without obtaining express permission by the Ministry.
The word audit is derived from the Latin word audire which means to hear. This
derivation refers to the shareholders attendance of external auditors reports which, in
effect, started only at the advent of the 19 century. But, we know that some type of
auditing existed long before 1494 when Luca Pacioli published his principles of double-
entry bookkeeping system in Venice.
SESSION II
The early concept of auditing, referred to can only be construed as internal auditing,
because the development of external audit in its modern sense is quite a later vintage
associated with the development of shareholding and joint-stock companies. Historical
evidences reveal that ancient kings and rich noblemen appointed some of their trusted
officials to exercise checks on the people whom they put in charge of collecting and
safekeeping revenues from their estates and to report to them in the event of any
irregularities.
This practice can be said to have the nature of internal auditing in the sense that those
who were appointed to check on the regularity of revenue collection and the
safeguarding of the proceeds were people from the same organization and in the service
of the institution as people in charge of the collection and recording functions. It is
evident therefore, that internal auditing was in practice much earlier than external
audit. In spite of its earlier existence, however, internal auditing did not emerge as a
recognized field of professional practice until the 1940s when two factors influenced its
development as a distinguished profession.
In the first place, the rapid development and sophistication of business, government
services and the development of statutory audit brought about strengthened demand
on management and board to ensure that assets are properly safeguarded, results are
consistent with established objectives, program and operational goals are achieved as
planned. In order to ensure this, management needed the services of internal auditors
who could provide with assurance services to keep their houses in order before the
coming of statutory auditors.
The second factor, which became a potent force in the development of the internal
auditing profession is the establishment of the IIA in 1941 in New York. Although
membership grew very fast (from 24 in 1941 to 1018 in 1947), the first official
pronouncement of the Institute, the Statement of Responsibilities of Internal Auditing
was issued in 1947. The purpose was to establish a set of guidelines that defined the
proper role and responsibilities of the internal auditing function within an organization
at the time. In this first statement of responsibilities the authors seem predominantly
concerned with accounting and financial controls.
After 1947 the Statements of Responsibilities have been revised six times up to the
current period. These revisions consisted of those of 1957 which expanded the role,
while that of 1971 gave equal concern to every significant aspect of an organization‟s
operations, including efficiency, effectiveness, and compliance. The next revisions
were effected in 1976, 1981, 1990 and 1999 in response to internal auditing operating
environment and paradigm shifts in corporate businesses management and attendant
emphasis on the quality and effectiveness of internal controls as well as the issuance of
new protective legislating by governments and other regulatory bodies.
Internal auditing continues to develop and emerge both in the public and private
sectors; with this development came new procedures and practices. The challenges in
the field of internal auditing reflect the emergent challenges in the concept and
techniques of business management and government service delivery. New approach
in global competition, down-sizing, business process re-engineering, security, advances
in technology have created the challenges of developing new and more relevant
approaches in the concept and practice of internal auditing.
Over the last 60 years, in developed countries, internal auditing has undergone
profound organizational and technical changes. Up to the first half of the 20 th century
the practice of internal auditing consisted of ascertaining compliances with accounting
and operational procedures, verification of accuracy of calculation, protection of assets
from theft and fraud. The methods involved 100 percent checking of transactions by
means of vouching.
In today‟s constructive approach, the modern internal auditor seeks to add value by
laying emphasis on improving procedures and policies through reduced costs, increased
bottom line and better services to users. As a result, senior management and the board
increased their reliance on the internal audit to improve the organization‟s operation
and to systematically evaluate the management or organizational risks, controls and
governance processes which are essential factors in the achievement of objectives.
It is quite easy to see how much internal auditing has changed to adapt itself to the
needs of modern day business environment.
The history of the development of internal auditing in Ethiopia dates back to about the
middle of the 1940s just about the time when internal audit was evolving as an
organized profession in the Untied States. Internal audit in Ethiopia, had its early
legislative root in the Constitution of 1923 which authorized the establishment of an
“Audit Commission” (Articles 34); and the Audit Commission itself was established
much later by Proclamation 69/1944 to audit the accounts of the Ministry of Finance.
The same Proclamation mandated the then Ministry of Finance to audit other
budgetary institutions as a measure of internal control over the financial operations of
the budgetary institutions. It appears that this early practice of internal auditing as per
Procl. 69/1944 was, in fact, to be the root of what the Inspection Department of the
Ministry of Finance and Economic Development (MoFED) continued to perform to this
day, until the recent reorganization.
The latter part of the 1940s witnessed the establishment of internal audit functions in
key public sector institutions such as the national defense, education, road
construction, and other non-budgetary public sectors, which included the Ethiopian
Airlines, Telecommunication and the financial sector consisting of the modern layer of
the Ethiopian economy. These institutions in one way or the other had external links
or financing operations, which created awareness of the need for internal controls to
sectarian appropriate financial management and to safeguard organizational assets.
The period of the early 1950s, marked the introduction of a budgetary system in
government. The commencement of an annual public budget in 1955 for the first time
in the history of the country ushered in a system of financial administration based on
the annual budget with all its attendant requirements for strengthened internal control
in the budgetary agencies. This entailed the formation of internal audit as an integral
apart of the budgetary internal control system.
The establishment at the time of the Addis Ababa Commercial School and the Addis
Ababa University College supplied with limited but better informed manpower, for
some key institutions in the economy.
In order to assess the state of internal auditing in the country as a basis for further
action to strengthen the function, a survey was conducted by the Office of the Auditor
General in 1991. The main purposes were to determine the service quality,
methodology and educational and skill content as well as organizational structure of
internal auditing. The survey was carried out by means of questionnaires developed by
an ad hoc committee.
Although the questions were widely distributed the analysis was based on the 362
responses obtained from 312 different ministries, government departments and 50
public enterprises. In other words, 86% of the responses were obtained from public
bodies.
The survey indicated that there was a serious lack of internal audit education and
training. An accounting background has been seen as the most important requirement
for entry into the internal auditing work. Such a requirement, however, does not
provide internal auditors with the knowledge of adequate analytical tools necessary for
carrying out their professional responsibilities. Hence the findings of the survey at the
time indicated that the scope and professional content of internal auditing work was
severely limited to:
1 Low-level financial and compliance audits,
2 Pre-audit
3 Non-audit work such as witnessing the hand-over of stores, cash and
personnel transfers
The prevalence of such limited scope of work of internal auditing was attributed to a
number factors, which included:
1 The low level education, training and experience of internal auditors
2 The lack of management awareness about the functions and contributions of
internal auditing
3 The prevalence of weak internal control systems in organizations in which
internal audit is an integral part.
4 The absence of a professional organization to cater for the professional
development of internal auditing in the country for a long time.
Presently, Government has taken the initiative to improve upon some of the above
enumerated weaknesses and to reorganize and strengthen the internal auditing practice
both in public bodies and fully and/or partially Government owned enterprises; to this
effect, not only did Government provide for the necessary legislative framework by the
Financial Administration Proclamation of the Federal Government (Proclamation
57/1996) and the Council of Ministers Regulation (Regulation No. 17/1997) as well as
directives issued by MoFED but also taking measures to reorganize and strengthen
internal auditing in these organizations.
Need to Adopt the Professional Practice Framework of the Institute of Internal Auditors (IIA)
Based on the general contents of the Ministry of Finance and Economic Development
(MoFED) Procedural Audit Manual, the T.M. has adopted the Professional Practice
Framework of the IIA in developing and structuring the T.M. The rationale for this
can be the fact that:
SESSION III
The Professional Practice Framework
The optional elements of the Framework include: the Practice Advisories and the
Development and Practice Aid. Practice Advisories (PAs) are enunciations, which are
strongly recommended and endorsed by the IIA, but they are not mandatory. PAs
assist in the interpretation and explanation of the Standards or their applications in
particular internal auditing environments. They may also consist of guidance coming
from some standards setting bodies accepted and adopted by the various IIA working
committees.
Since the knowledge and practice of modern day internal auditing has to be based on
the above described guidance contained in the Internal Auditing Practice Framework,
these guidance must be construed as the basis and the center-piece of the Training
Module; because other internal auditing tasks have to be based on these guidance.
Hence internal auditors have to have the proper understanding and knowledge of these
guidance before they are able to perform and render modern day audit services. It is,
therefore important that these parts of the TM properly details out and elaborates each
one of, at least, the mandatory guidance.
Internal Auditing is defined by IIA as “an independent and objective assurance and
consulting activity designed to add value and improve an organization‟s operations. It
helps an organization accomplish its objectives by bringing in a systematic and
disciplined approach to evaluate the effectiveness of risk management, control and
governance process”.
Learning Objectives
1 Understand the meaning and functions of internal auditing (IA). Internal audit
theory practice and the guidance given in the Standards as well as the Code of
Ethics emanate from the definition.
2 Help learners to understand internal audit as an assurance and consulting
service.
In explaining the tenets of this most recent definition, the instructor (facilitator) is
expected to ensure that trainees understand the meaning and significance of the
following important concepts and phrases embodied in the definition:
7 Objective Activity: the definitions, which existed before this, described internal
auditing (IA) as “as an independent function established within an
organization”. The present definition chooses “activity” over “function”, and
eliminates the phrase “within an organization”. Activity is a more detailed
responsibility carried out by the individual auditor who may be outside the
organization contracted by the organization to provide an internal audit service.
In doing so the new definition has allowed outsourcing for those who seek
quality internal audit service where they are unable to place reliance on internal
skills.
It should also be noted that, the definition adds “objective” instead of the more
restrictive word “independence” in order to allow auditors to be more responsive to
their customers. In accordance with the Guidance Task Force of the IIA, the auditor
adds value through his or her objective analysis and recommendation for improvement.
Hence, objectivity can be considered a defining characteristic of the profession. The
reference to “independence” was retained, but not in the effort to limit who could
provide internal audit services and what those services could be. Instead,
independence in the new definition reflects the audit activity‟s “freedom to determine
audit or assurance scope and to perform the appropriate scope of work” (Christy
Chapman and Urton Anderson).
9 Adding value and Improving: In the past, the fact that internal auditing should
render visible benefit was not always emphasized. Now it is clearly stated that
added benefit or value is no longer an option for most audit shops. In fact
management expects and demands all functions to create visible value. While
all audits are expected to benefit the organizations by informing management of
the status and reliability of their control structures, the value of this was not
always adequately perceived. By expressly stating, in the definition, that
internal auditing is designed to “add value and improve”, the profession
underscores its commitment to give organizations value-adding services.
10 Considering the whole organization: the long held thought that the objective of
internal auditing is to "assist members of the organization in the effective
discharge of their responsibilities" has now changed. The current definition lifts
the focus of internal auditing from the individual to the organizational level.
The present day internal auditing is charged with the duty of helping the
organization accomplish its overall objectives. Such a mandate requires auditors
to understand the goals and processes of the organization and to view problems
and their solutions from a much broader perspective than that resulting from
single, functional view point.
11 Improve the effectiveness of Risk Management, Control and Governance
Processes: on the definition that existed before the current one, internal audits
were characterized by the "analyses, appraisals, recommendations, counsel and
information concerning the activities being reviewed" and by their capabilities
to promote "effective control at reasonable cost".
The current definition, by stating that internal auditors are to evaluate and improve the
effectiveness of risk management, control, and governance processes, presents a much
broader view of the working domain of the internal auditor. In accordance with the
current definition, one is expected to understand that controls only exist to help the
organization manage its risk and promote effective governance processes. It would
appear, therefore internal auditors are charged with a much broader and more involved
role to play in the organization.
SESSION IV
INTRODUCTION TO THE STANDARDS AND THE ATTRIBUTE
STANDARDS
This module contains only one session divided into the following two parts:
1 Introduction to the Standards for the Professional Practice of Internal
Auditing; and,
2 The Attribute Standards.
Introduction
The Internal Audit Standards of Public Bodies of the Government of Ethiopia are
contained in the Audit Procedural Manual issued by the MoFED (as is stated in the
Manual Pages 16-37). The Manual also states that the Standards reflect the Standards
for the Professional Practice of Internal Auditing issued by the Institute of Internal
Auditors (The IIA Incorporated). However, a close look indicates that there are some
serious lacuna of omissions and misstatements that this Training Module has to rectify
in the course of the preparation of the course materials on the Standards. This Module
has, in fact, adopted the new Standards of the IIA, which came into force in January
2002.
Internal audit work is performed in different countries varying in legal and cultural
environment; within organizations that vary in purpose, size, and structure; by persons
within or outside the organization. Obviously, these differences may affect the practice
of internal auditing in each environment. Consequently, the need to follow the
Standards for the Professional Practice of Internal Auditing becomes essential if the
responsibilities of internal auditors are to be fulfilled.
The MoFED Internal Audit Manual acknowledges only two types of Standards i.e., the
Attribute Standards and the Performance Standards. But according to the IIA Practice
Framework there are three types of Standards namely, Attribute, Performance and
Implementation Standards. As Implementation Standards are presented in a super
imposed manner on the first two, it may not have been clear to the authors of the
Manual. Therefore, this does not seem to be a deliberate omission on the part of the
preparers.
The layout and the structure of the Standards in the MoFED Manual also differ from
that of the latest IIA Standards. The Attribute Standards are serialized from 100 to 400
whereas the Performance Standards cover form 500 to 1300. Attribute Standards in the
IIA Professional Practice Framework (the PPF) consists of 1000 series and the
Performance Standards 2000, and Implementation Standards. The Attribute Standards
address the attributes or the characteristics of organizations and/or individuals
performing internal audit activities and provide quality criteria against which the
performance of these services can be measured. The Attribute and Performance
Standards apply to internal auditing services in general. The Implementation Standards
apply the Attribute and Performance Standards to specific types of engagements (for
instance, compliance audits, fraud investigations, etc.).
Quite apart from the various omissions, and other shortcomings, the Internal Audit
Standards of the Public Bodies contained in the MoFED Manual seem to be adopted
from the IIA Standards published in 1975. However, these Standards have been
thoroughly revised and adopted in 1999 and operationalized in January 2002. The
revised IIA Standards envisaged very significant changes both in content and structure.
It is agreed with pertinent MoFED officials to base the Standards to be adopted in this
Training Module on the revised latest one.
Attribute Standards
The Attribute Standards contain four main Standards, ten sub-Standards which in turn
are divided into 13 Implementation Standards and other sub-divisions the details of
which can be seen in the treatment of the Attribute Standards in the following part of
the Module:
1000 Purpose, Authority, and Responsibility
1100 Independence and Objectivity
1200 Proficiency and Due Professional Care
1300 Quality Assurance and Improvement.
These are the general standards of the Attributes series, which are divided into
descending details. As the devil is in the detailed, instructors and trainees are advised
to master the detailed standards in order to comply with the Standards and carry out
their responsibilities effectively.
The purpose, Authority, and Responsibility of the Public Body‟s internal auditing
activity should be clearly and formally defined in a Charter, consistent with the
Standards and approved by the Head of the Public Body or by the Board if applicable.
In these Standards “Charter” may be construed to mean any official document issued by
the Public Body, giving recognition to the function, authority and responsibility of the
internal auditing service. It may be an organization chart of the Public Body in which
the functions, authorities and responsibilities of the internal auditing department or
division or service is officially embodied and recognized.
The internal audit activity (internal audit unit) should be independent, and internal
auditors should be objective in performing their work.
It is important that both instructors and trainees should clearly understand the nature
of this Standard and they should be careful not to be misled by the MoFED Procedural
Manual, which misconstrued the nature of this Standard.
It this Standard the concept and the word independence is applicable to the internal
audit organization only and not to the individual auditor to whom objectivity is
applicable. Independence is the attribute of the internal audit organization which
should enable the internal audit organization to have unlimited scope of work,
determine the methodology and the manner of carrying it out. The Standard
recognizes that individual auditors are employees of the organization and while
performing their duties they are governed by rules, regulation and guidelines of the
organization but when carrying out their professional duties the Standards requires
them to be objective.
The Chief Audit Executive (the Head of the Internal Audit unit) should report
to a level within the organization that allows the Internal Audit department
(unit, division) to fulfill its responsibilities.
In the Ethiopian circumstances, this Standard requires that the Head of the
Internal Audit of a Public Body should report to the Head of the Public Body.
As to why it should be so is specified in the following Implementation Standard
1110-A1.
4 Audit organizations in Public Bodies should make sure that the results of
internal audit work is reviewed before audit reports are issued in order
to provide reasonable assurance that the work was carried out
objectively.
In applying this Standard it is suggested that auditors in Public Body should try
to follow the following guidelines and explanations.
The Standard also requires that internal auditors should not assume operating
responsibilities. If senior management directs internal auditors to perform non-
audit work, it should be understood that they are not functioning as internal
auditors. Sometimes Heads of Public Bodies may direct auditors to perform
non-audit duties that may impair objectivity such as performing pre-audit,
preparation of bank reconciliation; in such a case, the Internal Audit Head
should inform the Head of the Public Body that these activities are not audit
activities, and therefore, audit-related conclusions should not be expected to be
drawn.
1210 Proficiency
Internal auditors should possess the knowledge, skills, and other competencies
needed to perform their individual responsibilities. The internal audit
organization collectively should possess or obtain the knowledge, skills, and
other competencies needed to perform its responsibilities.
8 Tax fraud.
C. In the same view one can consider fraud perpetrated to the detriment of the
organization. This has generally to do with the direct or indirect benefit of
an employee, outside individual, or another organization. Some instances
are:
D. There are four main phases in considering fraud audit. These phases consist
of deterrence, detection, investigation and prosecution. Deterrence of fraud
consists of those actions taken to discourage the commitment (perpetration)
of fraud and limit the exposure if fraud does occur. The important
mechanism for deterring fraud is control. Primary responsibility for
establishing and maintaining control rest with the management.
E. Internal auditors are responsible for assisting in the determination of fraud
by examining and evaluating the adequacy and the effectiveness of the
system of internal control, commensurate with the extent of the potential
exposure/ risk in the various components/ segments of the organization‟s
operations. In carrying out this responsibility, internal auditors should, for
instance, determine:
1. The organizational environment fosters control consciousness.
2. Realistic organizational goals and objectives are set.
H. When conducting fraud investigation (if they do), internal auditors should:
Assess the probable level, the extent of complicity in the fraud
within the organization. This can be critical to ensure that
the internal auditor avoids providing information to or
obtaining misleading information from persons who may be
involved.
Internal auditors should apply the care and skill expected of a reasonably
prudent and competent internal auditor. Due professional care does not imply
infallibility.
A. Internal auditors of Public Bodies should be aware that they are responsible
for continuing their professional education in order to maintain their
proficiency. They should keep informed about improvements and current
developments in internal audit Standards, procedures, and techniques.
Continuing education may be obtained through membership and
participation in professional societies; attendance at conferences, seminars,
college courses and in-house training programs; and participation in
research projects.
B. Internal auditors are encouraged to demonstrate their proficiency by
obtaining appropriate professional certification, such as the Certified
Internal Auditors designation and other designations offered by the
Institute of Internal Auditors.
C. Internal auditors of Public Bodies with professional certifications should
obtain sufficient continuing professional education to satisfy requirements
related to the professional certification held.
The Chief of Internal Auditing should develop and maintain a quality assurance
and improvement program that covers all aspects of the internal audit
department and continually monitor its effectiveness. The program should be
designed to help the internal auditing department add value and improve the
organization‟s operations and to provide assurance that the internal audit
department is in conformity with the Standards and the Code of Ethics.
The internal audit activity (organization) should adopt a process to monitor and
assess the overall effectiveness of the quality program. The process should
include both internal and external assessments.
The Chief of the Internal Audit department should communicate the results of
the external assessment to the Head of the Public Body. Internal auditors of
Public Bodies should consider the following suggestions when reporting on the
quality program:
2 The Head of the audit organization should prepare a written action plan
in response to the significant comments and recommendations contained
in the report of the external assessment. The Head also has the
responsibility for appropriate follow-up.
SESSION V
PERFORMANCE STANDARDS
The Chief Audit Executive (Internal Audit Head) should effectively manage the
internal audit unit to ensure it adds value to the Public Body.
The internal audit head is responsible for properly managing the internal audit
unit so that:
2010 Planning
The Chief Audit Executive (the Chief Internal Auditor) should establish risk-based
plans to determine the priorities of the internal audit activity (unit) consistent with the
Public Body‟s goals.
The goals of the internal auditing unit should be capable of being accomplished
within specified operating plans and budgets and, to the extent possible, should
be measurable. They should be accompanied by measurement criteria and
targeted dates of accomplishment.
Matters that the Public Body‟s internal auditors should consider in establishing
engagement (unit) or schedule priorities include:
This particular Assurance Implementation Standard deals with the linkage of the audit
plan to risk and exposures. The Public Body‟s risk strategy (if there is any) should be
reflected in the design of internal audit activity‟s plan. It is important that a
coordinated approach should be applied to leverage synergies between the
organization‟s risk management and the internal audit process. Internal auditors in
Public Bodies should also advise their organizations to develop risk management and
internal audit process. Internal auditors in Public Bodies should also advise their
organizations to develop risk management strategies where they do not exist. The
internal audit unit‟s audit plan should be designed based on an assessment of risk and
exposures that may affect the Public Body. Ultimately, the audit objective is to provide
management with information to mitigate the negative effects associated with
accomplishing the Public Body‟s objectives. The degree or materiality of exposure can
be viewed as risk mitigated by establishing control activities.
The Chief Audit Executives or the Heads of Internal Auditing in Public Bodies should
communicate internal audit‟s plans, and resource requirements, including significant
interim changes in the plan, to senior management and to the Heads of Public Bodies
for review and approval. The Chief Internal Auditor should also communicate the
impacts of resource limitations.
In the exercise of their duties in accordance with the requirements of this Standard,
internal auditors of Public Bodies should consider the following important points that
may add value to their communication efforts:
The Chief Internal Auditor should submit annually to the Head of
the Public Body for his/ her information and approval, a summary of
the internal audit unit‟s work schedule, staffing plan, and financial
budget. The Head of the audit unit should also submit all significant
interim changes and reasons thereof for approval and information.
Engagement work schedules, staffing plans, and financial budgets
should inform the Head of the Public Body of the scope of internal
audit work and of any limitation placed on that scope.
The Chief Internal Auditor should ensure that internal audit resources are appropriate,
sufficient, and effectively deployed to achieve the approved plan. In performing their
duties according to the requirements of this Standard, internal auditors should
consider:
Staffing plans and financial budgets, including the number of auditors and
the knowledge, skills and other competencies required to perform their
work, should be determined from engagement work schedules,
administrative activities, education and training requirements, and audit
research and development efforts.
The chief internal auditor should establish a program for selecting and
developing the human resources of the internal audit unit. His program
should provide for:
- Developing written job description for each level of the audit staff;
The Chief Audit Executive should establish policies and procedures to guide the
internal audit activity. In complying with the requirement of this Standard, the Public
Body‟s internal auditors should consider the following suggestions when establishing
policies and procedures:
The form and content of written policies and procedures should be appropriate to the
size and structure of the internal audit unit/department and the complexity of its work.
Formal administrative and technical audit manuals may not be needed by all internal
audit entities. A small internal audit unit may be managed informally. Its audit staff
may normally be directed and controlled through daily, close supervision and written
memoranda. In a large internal audit unit/department, more formal and
comprehensive policies and procedures are essential to guide the audit staff in the
consistent compliance with the internal audit unit‟s standards of performance.
Quite apart from the foregoing suggestions, internal auditors in Public Bodies are
expected to apply relevant parts of the Internal Audit Manual developed by MoFED
along side this Training Module.
2050 Coordination
The Chief Audit Executive or the Chief Internal Auditor should share information and
coordinate activities with other internal and external providers of relevant assurance
and consulting services to ensure proper coverage and minimize duplication of efforts.
The Chief Internal Auditor should report periodically to the Head of the Public Body
on the internal audit unit‟s purpose, authority, responsibility and performance relative
to its plan. Reporting should also include significant risk exposures and control issues,
corporate governance issues, and other matters needed or requested by the Head of the
Public Body.
Auditors reporting to the Heads of Public Bodies consistent with the Standards should
also consider the following suggestions when reporting:
The Chief Internal Auditor should submit activity reports to the Head of the
Public Body at least annually. Activity reports should highlight significant
audit observations and recommendations and should inform the Head of the
Public Body of any significant deviations from approved audit work
schedules, staffing plans, and financial budget, and the reasons for them.
Significant audit observations are those conditions that, in the judgment of
the Chief Internal Auditor, could adversely affect the organization.
Significant audit observations may include conditions dealing with
irregularities, illegal acts, errors, inefficiency, waste, ineffectiveness,
conflicts of interest, and control weaknesses.
The internal audit activity (the internal audit unit) evaluates and contributes to the
improvement of risk management, control and governance systems. These contracted
versions of the Standard do not present adequate details for sufficient understanding of
the Standards. Therefore, internal auditors should consider the following suggestions
when evaluating the nature of the internal audit unit‟s work.
operations, functions, and activities within the organization are subject to the
internal auditors‟ evaluations. The comprehensive scope of work of internal
auditing should provide reasonable assurance that management‟s:
The internal audit activity (the internal audit unit) should assist the organization by
identifying and evaluating significant exposures to risk and contributing to
improvements of risk management and control systems.
Based on this Standard, internal auditors may be charged with the responsibility of
providing assurance to management and the Heads of Public Bodies on the adequacy of
the organization‟s risk management processes. This responsibility would require the
auditor to formulate an opinion on whether the organization‟s risk management
processes are sufficient to protect the assets, reputation and ongoing operations of the
organization. The guidance to this Standard tries to elaborate on the risk management
objectives that the auditor should consider in formulating an opinion on the adequacy
of the organizations‟ risk management process. The following paragraphs provide
greater details on risk management responsibilities:
and effective. Internal auditors should assist the Heads of Public Bodies
by examining, evaluating, reporting, and recommending improvements
on the adequacy and effectiveness of the Public Bodies‟ risk management
processes. Public Bodies are responsible for their organization‟s risk
management and control processes. However, internal auditors acting in
consulting role can assist the Public Bodies in identifying, evaluating and
implementing risk management methodologies and controls to address
those risks.
2110.A1 Internal audit activity (internal audit unit) should monitor and
evaluate the effectiveness of the organization‟s risk
management system.
Internal audit units in Public Bodies should monitor and evaluate the
effectiveness of the Public Bodies risk management systems and report their
findings to the Heads of the Public Bodies along with appropriate
recommendations.
2110.A2 The internal audit activity (the internal audit unit) should
evaluate risk exposures relating to the organization‟s
governance, operations and information system, regarding
the:
- Reliability and integrity of financial and operational
information.
- Effectiveness and efficiency of operations.
- Safeguarding of assets.
- Compliance with laws, regulations, and contracts.
The internal audit activity (the internal audit unit) should assist the organization in
maintaining effective controls by evaluating their effectiveness and efficiency and by
promoting continuous improvement.
2120.A1 Based on the results of the risk assessment, the internal audit
activity (the internal audit unit) should evaluate the adequacy
and effectiveness of controls encompassing the organization‟s
governance, operations, and information systems. This should
include:
- Reliability and integrity of the financial and
operational information.
- Effectiveness and efficiency of operations.
- Safeguarding of assets.
- Compliance with laws, regulations, and contracts.
Auditors of Public Bodies should consider the following explanatory guidance when
implementing and complying with this Assurance Implementation Standard and also
while assessing the effectiveness of a Public Body‟s systems of internal controls,
formulating an opinion thereon, and reporting the opinion/ judgment to the Head of
the Public Body. The audit work performed during the year should obtain sufficient
information to enable an evaluation of the system of controls and the formulation of an
opinion. Auditors of Public Bodies may also find the following detailed guidance
useful for appropriate implementation of the Standard:
Heads of Public Bodies normally expect that the Chief Internal Auditors
will perform sufficient audit work and gather other available
information during the year to form a judgment about the adequacy and
effectiveness of the control processes. The Chief Internal Auditors of
Public Bodies should communicate that overall judgment about the
organization‟s system of control to the Heads of Public Bodies.
Internal auditors of Public Bodies are expected to verify that the Public Bodies have
established operating and program goals and objectives to assist the attainment of the
overall objectives and goals of the Public Bodies and ascertain whether they conform to
those of the Public Bodies.
Internal auditors of Public Bodies should review operations and programs to ascertain
the extent to which results are consistent with established goals and objectives to
determine whether operations and programs are being implemented or performed as
intended and communicate the results of their finding to the Heads of Public Bodies
with ensuing recommendations for appropriate actions if necessary.
If internal auditors of Public Bodies engage themselves in consulting activities they are
required by this consulting Implementation Standard to address controls relevant to
the objectives of the engagement that they are undertaking and they are advised to be
alert to identify any significant control weaknesses.
2130 Governance
The internal audit activity should contribute to the organization‟s governance process
by evaluating and improving the process through which (1) values and goals are
established and communicated, (2) the accomplishment of goals is monitored, (3)
accountability is ensured, and (4) value are preserved.
Auditors of Public Bodies are aware that their organizations‟ use various legal forms,
structures, strategies, and procedures to ensure good governance, which consists of:
- Compliance with society‟s legal and regulatory rules;
- Reporting fully and truthfully to those to whom the Public Body has to
report and to the general public to ensure accountability for its decisions,
actions, conduct, and performance.
The Heads of the Public Bodies and their senior management staff are responsible and
accountable for the effectiveness of the governance process.
Internal auditors and the internal audit unit should take an active role in support of the
ethical culture within the organization and the skills to be effective advocate of ethical
conduct. They often have the competence and capacity to appeal to the Head of the
Public Body, the management group and other employees to comply with the legal,
ethical and societal responsibilities of their organization. Thus, at a minimum, the
internal audit unit should periodically assess the state of the ethical climate of the
Public Body and the effectiveness of its strategies, tactics, communications, and other
processes in achieving the desired level of legal and ethical compliance.
Quite apart from consideration of the foregoing factors, the internal auditor is
responsible for planning and conducting the engagement assignment, subject to the
supervisory review and approval. The engagement program should:
- Document the internal auditor‟s procedures for collecting, analyzing,
interpreting, and documenting information during the engagement.
- Set forth the scope and degree of testing required for achieving the
engagement objectives in each phase of the engagement.
The Head of Internal Audit (Chief Audit Executive) is responsible for determining
how, when, and to whom engagement results will be communicated. This
determination should be documented and communicated to management, to the extent
deemed necessary, during the planning phase of the engagement. Subsequent changes
which affect the timing or reporting of engagement results should also be
communicated to management, if deemed practical.
All those in management who need to know about the engagement should be
informed. Meetings should be held with management responsible for the activity
being audited. A summary of matters discussed at meetings and any conclusions
reached should be prepared, distributed to individuals, as appropriate, and retained in
the engagement working papers. Topics of discussion may include:
- Planned engagement objectives and scope of work.
- State of the work and operations of the activities being reviewed, including
recent changes in management or major systems.
The engagement‟s objectives should address the risks, controls, and governance
processes associated with the activities under review. The engagement objectives
should reflect the results of the risk assessment.
To perform risk assessment, background information should be obtained about the
activities to be reviewed. A review of background information should be performed to
determine the impact on the engagement, such information may include:
- Objectives and goals.
The established scope should be sufficient to satisfy the objectives of the engagement
(audit).
- The number and experience level of the internal audit staff who should be
evaluated based on the nature and complexity of the engagement
assignment, time constraints, and available resources.
- Knowledge, skills, and other competencies of the internal audit staff, which
should be considered in selecting internal auditors for performing the
engagement.
Internal auditors should develop work programs that achieve engagement objectives.
These work programs should be recorded.
In obtaining approval of the audit work plan, such plans should be approved in writing
by the Chief Internal Auditor or appropriately designated person prior to the
commencement of engagement work. Adjustments to engagement work plan should
be approved in a timely manner. Initially, approval may be obtained orally, if factors
or situations do not allow obtaining written approval prior to commencing audit work.
Internal auditors should identify, analyze, evaluate, and record sufficient information
to achieve the engagement‟s objectives.
Internal auditors should identify sufficient, reliable, relevant and useful information to
achieve the engagement‟s objectives analyses and evaluation.
Pertaining to identification of information, auditors of public bodies may find it useful
to consider the following:
Information should be collected on all matters related to the engagement
(audit) objectives and scope of work. Internal auditors use analytical
audit procedures when identifying and examining information.
Analytical audit procedures are performed by studying and comparing
relationships among both financial and non-financial information. The
application of analytical audit procedures for identifying information to
be examined is based on the premise that, in the absence of known
Analytical audit procedures provide internal auditors with an efficient and effective
means of assessing and evaluating information collected in an engagement. The
assessment results from information with expectations identified or developed by the
internal auditor. Analytical audit procedures are useful in identifying, among other
things:
- Differences that are not expected;
- Potential errors;
- The precision with which the results of analytical audit procedures can
be predicted.
Internal auditors should record relevant information to support the conclusions and
engagement results.
In accordance with this Standard, auditors of Public Bodies should record relevant
information to support their audit conclusions and results. Audit working papers that
document the audit should be prepared by the internal auditors in Public Bodies and
reviewed by the management of the internal audit unit or senior auditor authorized by
same. The working papers should record the information obtained and the analysis
made, and should support the bases for the observations and recommendations to be
reported. Audit working papers generally:
The organization, design and content of engagement working papers will depend on
the nature of the engagement. Working papers for an audit should documents the
following aspects of the engagement process:
- Planning;
- The examination and evaluation of the adequacy, and effectiveness of the
system of internal control;
- The engagement procedures performed and the information obtained, and
conclusions reached;
- Review;
- Communication (Reporting);
- Follow-up.
Audit working papers should be complete and include support for engagement
conclusions reached. Among other things, audit working papers may include:
Engagement working papers may be in a form of paper, tapes, disks, diskettes, films or
other media. If engagement working papers are in the form of media other than paper,
consideration should be given to generating backup copies.
The Chief Internal Auditor should establish working papers policies for the various
types of engagements performed; standardized audit working papers such as
questionnaires and audit programs may improve the efficiency of an engagement and
facilitate the delegation of engagement work. Some engagement working papers may
be categorized as permanent or carry-forward engagement files. These files generally
contain information of continuing importance.
- Each engagement working paper should identify the engagement and describe
the contents or purpose of the working paper;
- Each engagement working paper should be signed (or initialed) and dated by
the internal auditor performing the audit work;
Internal auditors of Public Bodies should be aware that engagement working papers are
the property of the Public Body concerned. Engagement working paper files should
generally remain under the control of the internal audit unit and should be accessible
only to authorized personnel. Management and other members of the organization
may request access to engagement working papers. Such access may be necessary to
substantiate or explain engagement observations and recommendations or to utilize
engagement documentation for other business purposes. These requests for access
should be subject to the approval of the Chief of the Internal Audit unit.
It is a common practice for internal and external auditors to grant access to each other‟s
audit working papers.
Access to audit working papers by external auditors should be subject to the approval
of the Head of the Internal Audit unit. There are circumstances, where, parties outside
the organization, other than external auditors, request access to audit working papers
and reports. Prior to releasing such documentation, the Chief Internal Auditor should
obtain the approval of senior management and/or legal counsel as appropriate.
Internal audit unit in Public Bodies, consistent with this Standard, should create a
mechanism to develop appropriate system of engagement supervision to properly
achieve their audit objectives and ensure the quality of internal audit and to enhance
the education and experience of internal audit staff.
The Chief Internal Auditor is responsible for assuring that appropriate audit
supervision is provided; supervision is a process that begins with planning and
continues throughout the examination, evaluation, communication, and follow-up
phases of the audit; supervision includes:
- Ensuring that the auditor assigned possess the requisite knowledge, skills, and
other competencies to perform the audit.
- Seeing that the approved audit program is carried out unless changes are both
justified and authorized.
All internal audit assignments, whether performed by order the internal audit unit,
remain the responsibility of the Chief Internal Auditor. The Chief Internal Auditor is
responsible for all significant professional judgment made in the planning,
examination, evaluation, reporting, and follow-up phases of the audit. The Chief
Internal Auditor should adopt suitable means to ensure that this responsibility is met.
All audit working papers should be reviewed to ensure that they properly support the
audit report and that all necessary audit procedures have been performed. Evidence of
supervisory review should consist of the reviewer initialing and dating each working
paper after it is reviewed. Other review techniques that provide evidence of
supervisory review include completing an audit working paper review checklist and/or
preparing a memorandum specifying the nature, extent, and results or the review.
Reviewers may make a written record (review notes) of questions arising from the
review process. When clearing review notes, care should be taken to ensure that the
working papers provide adequate evidence that questions raised during the review
have been resolved. Acceptable alternatives with respect to disposition of review notes
are as follow:
- Retain review notes as a record of the questions raised by the reviewer and all
steps taken in their resolution.
- Discard the review notes after the questions raised have been resolved and the
appropriate engagement working papers have been amended to provide the
additional information requested.
SESSION VI
REPORTING STANDARDS
Despite the fact that the format and content of the audit‟s final communication may
vary by organization or type of audit, they should contain, at a minimum, the purpose,
scope, and the results of the audit.
Audit final report may, generally, include background information and summaries.
Background information may identify the organization units and activities reviewed
and provide relevant explanatory information. It may also include the status of
observations, conclusions, and recommendations from prior reports and an indication
of whether the report covers a scheduled or is responding to a request. If summary is
attached, it should be ascertained that it represents a balanced view of the content of
the audit report.
Purpose statements should describe the audit objectives and may, if required, inform
the reader why the audit was conducted and what it was expected to achieve.
Scope statements should identify the audited activities and include, if necessary,
supportive information such as time period reviewed. Related activities not reviewed
should be identified if required to delineate the boundaries of the audit. The nature
and extent of audit work performed should also be described.
A signed report should be issued after the audit is completed; summary reports
highlighting audit result maybe appropriate for level of management above the audit
client. They may be issued separately from or in conjunction with the final report.
The term signed means that the authorized internal auditor‟s name should be manually
signed in the report. Alternatively, the signature may appear on a cover letter. The
internal auditor authorized to sign the report should be designated by the Chief
Internal Auditor. If audit reports are signed by electronic means, a signed version of
the report should kept on file by the internal audit unit.
Auditors in Public Bodies are expected to observe these attributes of quality reports
when preparing engagement communications. These attributes can be clarified as
follows:
Accurate reports are free from errors and distortions and are faithful to
the underlying facts. The manner in which the data and evidence is
gathered, evaluated, and summarized for presentation should be done
with care and precision.
Objective reports are fair, impartial, and unbiased and are the result of a
fair-minded and balanced assessment of all relevant facts and
circumstances. Observations, conclusions, and recommendations should
If a final report contains a significant error or omission, the Chief Internal Auditor
should communicate corrected information to all individuals who received the original
communication. In this Standard an error is defined as an unintentional misstatement
or omission of significant information in the final audit report.
When noncompliance with the Standards impacts a specific audit, the report of the
result should disclose the:
- Standard(s) with which full compliance was not achieved;
- Reason(s) for noncompliance; and,
- Impacts(s) for noncompliance on the audit.
If any internal audit unit in a Public Body, in any particular audit engagement, does
not comply with the Standard for the Professional Practice of Internal Audit, the
internal audit unit should disclose in its audit report the:
Standard(s) with which compliance has not been achieved;
Reason(s) for not complying; and,
What impact(s) non-compliance will entail on the audit.
The Chief Audit Executive should disseminate the results to appropriate individuals.
2440.A1 The Chief Audit Executive is responsible for communicating the
final results to individuals who can ensure that the results are
given due consideration. In Pubic Bodies, the Chief Internal
Auditor has to submit the audit report to the Head of the
Public Body at least annually. Individual audit reports have to
be submitted to the appropriate audit client with a copy, if
deemed necessary, to the Head of the Public Body. Internal
auditors of Public Bodies should discuss conclusions and
recommendations with appropriate levels of management
before issuing final audit reports.
Despite the fact that the level of participants in the discussion and reviews may vary by
organization and by the nature of the report, they will generally include those
individuals who are knowledgeable of detailed operations and those who can authorize
the implementation of corrective action.
The Chief Internal Auditor or a competent individual designated by him should review
and approve the final audit report before issuance and should decide to whom the
report will be distributed. The Chief Internal Auditor or a designate should approve
and may sign all final reports. If specific circumstances warrant, consideration should
be given to having the auditor-in-change, supervisor, or lead auditor sign the report as
a representative of the Chief Internal Auditor.
Final audit report should be distributed to those members of the organization who are
able to ensure that audit reports are given due consideration. This means that the
report should go to those who are in a position to take corrective actions or ensure that
corrective actions are taken. Final audit report should reach the management of the
activity under review.
The Chief Audit Executive should establish and maintain a system to monitor the
disposition of results communicated to management.
The Chief Internal Auditor should establish monitoring procedures to include the
following:
- A time frame within which management‟s response to audit observations and
recommendation is required;
- The degree of effort and cost needed to correct the reported condition.
- The impact that may result should the corrective action is taken.
There may also be time where the Chief Internal Auditor judges that management‟s
oral or written response shows that action already taken is sufficient when weighed
against the relative importance of the audit observations or recommendations. On such
circumstances, follow-up may be performed as part of the next audit.
Internal auditors should ascertain that the actions taken on audit observations and
recommendations remedy the underlying conditions.
The Chief Internal Auditor is responsible for scheduling follow-up activities as part of
developing audit work schedules. Scheduling of follow-up should be based on the risk
and exposure involved, as well as the degree of difficulty and the significance of timing
in implementing corrective action.
2500.C1 The internal audit unit should monitor the deposition of results
of consulting work to the extent agreed upon with the client.
Internal auditors should be aware that the results of consulting work engagement need
follow-up to ensure the implementation of recommended actions.
When the Chief Audit Executive believes that senior management has accepted a level
of residual risk that is unacceptable to the organization, the Chief Audit Executive
should discuss the matter with senior management. If the decision regarding residual
risk is not resolved, the Chief Audit Executive and senior management should report
the matter to higher oversight authority for resolution.
SESSION VII
CODE OF ETHICS
Professional Code of Ethics is one of the three mandatory elements of the Professional
Practice of Framework of Internal Auditing.
What is ethics?
Ethics is a branch of philosophy dealing with a systematic study of reflective choice of
the standards of right and wrong by which it is to be guided and of the good toward
which it may ultimately be directed (Weelwn‟ght). ????
A problem situation crops up while you are subjected to making choice among
alternative actions and the right choice is not absolutely clear. An ethical problem
situation is a problem situation on which the choice of alternative actions affects the
well-being of other persons either individually or collectively.
(b) Ethical behaviour is that which conforms to rules and moral principles.
- Code of Professional Ethics is able to provide some direct solutions that may not
be available from general ethics theory;
The clients must place their trust on the ethical behaviour the professional. This trust
is enhanced when the professional is required to take oath or pledge to serve the public
honestly and diligently and to be governed by strict rules of ethical behaviour. Trust is
increased if the seeker of professional services can believe that those professionals who
violate their Code of Ethics will be taken to task by their peers.
For internal auditors who are members of the Institute of Internal Auditors, the
Ethiopian Chapter (IIA/EC) breaches of the Code of Ethics will be evaluated and
administered according to administrative guidelines to be issued by the Ministry of
Finance and Economic Development (MoFED) which will be consistent with
guidelines to be developed by IIA/EC based on The IIA Bylaws and Administrative
guidelines. This Module has adopted the following Code of Ethics issued by IIA
without any modification or change.
Principles
Internal auditors are expected to apply and uphold the following principles:
Integrity
The integrity of internal auditors establishes trust and thus provides the basis for
reliance on the internal audit professional‟s judgment.
Objectivity
Internal auditors exhibit the highest level of professional objectivity in gathering,
evaluating, and communicating information about the activity or process being
examined. Internal auditors make a balanced assessment of all the relevant
circumstances and are not unduly influenced by their own interest or by others in
forming judgments.
Confidentially
Internal auditors respect the value and ownership of information they receive and do
not disclose information without appropriate authority unless there is a legal or
professional obligation to do so.
Competency
Internal auditors apply the knowledge, skills and experience needed in the
performance of internal audit services.
Rules of Conduct
1. Integrity
Internal auditors:
1.1. Shall perform their work with honesty, diligence, and responsibility.
1.2. Shall observe the law and make disclosures expected by the law and the
profession.
1.3. Shall not knowingly be a party to any illegal activity, or engage in acts that are
discreditable to the profession of internal auditing or to the organization.
1.4 Shall respect and contribute to the legitimate and ethical objectives of
organization.
2. Objectivity
Internal auditors:
2.1. Shall not participate in any activity or relationship that may impair or be
presumed to impair their unbiased assessment. This participation includes
those activities or relationship that may be in conflict with the interests of the
organization.
2.2. Shall not accept anything that may impair or be presumed to impair their
professional judgment.
2.3. Shall disclose all material facts known to them that, if not disclosed, may
distort the reporting of activities under review.
3. Confidentiality
Internal auditors:
3.1. Shall be prudent in the use and protection of information acquired in the
course of their duties.
3.2. Shall not use information for any personal gain nor in any manner that would
be contrary to the law or detrimental to the legitimate and ethical objectives of
the organization.
4. Competency
Internal auditors:
4.1. Shall engage only in those services for which they have the necessary
knowledge, skills and experience.
4.2. Shall perform internal auditing services in accordance with the Standards for
the Professional Practice of Internal Auditing.
4.3. Shall continually improve their proficiency and the effectiveness and quality of
their services.
SESSION VIII
INTERNAL CONTROL SYSTEM
Session Overview
So far, in the previous modules, we have discussed the concept of auditing,
Ethiopian Internal Auditing Standards and Professional Ethics as well as the Code
To comply with this Standard and as an essential step of determining the audit
approach to be adopted the internal auditor should understand the internal control
system and be able to evaluate the effectiveness and adequacy of the internal
control system. In this Session we shall discuss and understand what an internal
control system is all about. In the next Session we shall dwell upon the subject of
evaluating an internal control system.
Controls do not exist in isolation but are an integral part of the whole
management process. Once controls are put into operation, they should be
subject to continuous or periodic review. Controls are introduced to achieve
certain specified objectives set by management, as there is no point in
introducing a control if there is no known objective. It is management‟s duty to
introduce controls and monitor the operation of these controls to ensure that
they are continuing to meet the original objective. The process of setting
objectives, selecting appropriate controls to meet these objectives, monitoring
results, etc., is known as the control process. The process can be classified into
various stages.
The second stage is the design and implementation of measures to achieve the
objectives. Management selects the appropriate measures which it considers
will achieve the objective in the most economic, efficient and effective manner.
These measures are then implemented.
The third stage is measuring results. The results of the control measures have to
be measured to see whether they have met the objectives and achieved the
target set. To compare to the standard or expected result management must
establish procedures to collect the needed information.
In the fourth stage, the actual results achieved are compared to the standard.
This gives a measure of how well the objective has been achieved. A
management decision is required as to whether the actual results are acceptable
or not. If the actual results are not acceptable, the next stage will be
undertaken.
unrealistic, the measures taken may have been inappropriate or not properly
carried out or implemented.
At stage seven, action is taken based on the decision reached at stage six.
At the last stage, there is a need for continuing appraisal in order to ensure that
the original measures are still effective or the new decisions implemented are
producing acceptable results. This appraisal should continue until the objective
is attained or abandoned.
The two types of internal controls are not mutually exclusive as some of the
methods and procedures in financial controls may also be involved in
management controls. For example, sales and cost records classified by products
may be used both for financial control purposes and for making management
decisions about product pricing.
Physical controls: These are concerned with the custody of assets and
involve procedures and security measures designed to ensure that
access to assets is limited to authorized personnel.
Internal controls may also be classified by way of the control objective. The
control objective is the purpose for which controls have been designed. These
controls can be categorized in four areas:
3) The "tone at the top" (i.e. management's philosophy and operating style)
which reflects,
A supportive attitude towards internal control at all times,
independence, competence and leading by example;
5) Human resource policies and practices, which include hiring and staffing,
orientation, training (formal and on-the-job) and education, evaluating and
counseling and providing and compensating.
Risk Assessment
Having set clear objectives and established an effective control environment an
assessment of the risks facing the organization as it seeks to achieve its mission
and objectives provides the basis for developing an appropriate response to risk.
Risk assessment is the process of identifying and analyzing relevant risks to the
achievement of the organization's objectives and determining the appropriate
response. This implies:
Control Activities
The third component, control activities is the major strategy for mitigating risk.
Control activities are the preventive and/or detective internal control measures
taken. Corrective actions are a necessary complement to internal control
activities in order to achieve the objectives.
Control activities occur through out the organization, at all levels and in all
functions. They include the following range of detective and preventive control
activities, for example:
1 Authorization and approval procedures:
Authorizing and executing transaction events are only done by
persons acting within the scope of their authorities. Authorization is
the principal means of ensuring that only valid transactions and events
are initiated as intended by management. Authorization procedures,
which should be documented and clearly communicated to managers
and employees, should include the specific conditions and terms under
which authorizations are to be made.
4 Verifications:
Transactions and significant events are verified before and after
processing, e.g. when goods are delivered, the number of goods
supplied is verified with the number of goods ordered. When
supplier's invoice is received the number of goods received is verified.
The inventory can also be verified by stocktaking.
5 Reconciliation:
Records are reconciled with the appropriate documents on a regular
basis, e.g. the accounting records relating to bank accounts are
reconciled with the corresponding bank statements.
(4) System software controls limit and monitor access to the powerful
programs and sensitive files that control the computer hardware and
secure applications supported by the system.
Exercise 8-1
Internal Control System
Purpose:
To describe the components of internal control system and explain the
relationships between the components
Instructions
1. Perform the exercise individually.
As a senior internal auditor, you have been asked by the Chief Internal Auditor
to prepare a presentation for the audit staff meeting in order to discuss about the
components of internal control system and the relationship between the
components as well as the general objectives of internal control system. In your
presentation you have to address the following points:
a. The components of internal control.
Required
Describe in detail the points you should make in your presentation.
Allotted time: 30 min.
SESSION IX
Evaluating Internal Controls
Session Overview
In the previous module, we have defined internal control system and discussed
the five components of internal control in order to properly understand and
ascertain an internal control system. In accordance with the International
Standards for the Professional Practice of Internal Auditing under paragraph
2120 the Internal Audit Activity should assist the organization in maintaining
effective controls by evaluating their effectiveness and efficiency and by
promoting continuous improvement. Internal auditors should, therefore,
evaluate the internal control system of the Public Body under audit. The
purpose here is not only to assist the Public Body to maintain an effective
internal control system but also to determine the audit approach to be adopted.
This involves:
Identifying existing controls, documenting their characteristics
and identifying areas not covered by controls;
Understanding the purposes of existing controls;
Establishing criteria in order to determine the adequacy of
internal controls;
Testing controls to check whether they operate effectively;
Reporting to management about the effectiveness of the
operation of controls;
Recommending remedial actions to improve internal controls
where necessary.
The purpose here is to provide the necessary assurance to management that
controls are adequate in principle and practice.
The most important criteria for evaluating controls, among others, are
relevance, cost of operation (both direct and indirect) feasibility, and
effectiveness in meeting control objectives, complexity/ simplicity and
adequacy.
There are various tools used to ascertain and evaluate internal control system
among which Internal Control Questionnaires (ICQs), Internal Control
Evaluation Questionnaires (ICEQs) and flow charts are considered here.
ICQs are used to assess whether controls exist which meet specific control
objectives. The major question which ICQs are designed to answer is "how
good is the system of controls?" Where strengths are identified, the internal
auditor has to undertake tests of control in the relevant area. If, however,
weaknesses are discovered the internal auditor should ask what errors or
irregularities could be possible as a result of those weaknesses.
Although there are different forms of ICQs in practice, they mainly comprise a
list of questions designed to determine whether effective controls are
implemented. Since it is the primary purpose of an ICQ to evaluate the system
rather than narrate it, one of the most effective ways of designing the
questionnaires is to phrase the questions so that all the answers can be given as
"YES" or "NO". A "NO" answer indicates a weakness in the system while a
"YES" answer indicates the existence of the control subject to verification and
testing. Examples of ICQs are given in Annex XIX-XXVII of Internal Audit
Manual.
One of the strengths of ICQs is that they facilitate the orderly evaluation of
controls present in a system. A weakness of ICQs is that they can promote a
somewhat standardized approach to evaluation. Thus answering the question
becomes an end in itself rather than being a means to an end. The auditors are
concerned whether the controls do or do not prevent the possibility of the
occurrence of material errors. This is not always easy to determine with an ICQ
where the questions are of equal weight. In many systems a particular "No"
answer (say referring to a lack of segregation of duties) may cancel the value of a
string of "Yes" answer. Each situation must be judged on its own merit and,
therefore, despite the fact that ICQs are of a standard format, they should be
used with imagination. As using ICQs is a responsible task which needs skills,
the evaluation should be performed by a senior member of the audit team.
Flow Charts
A flow chart is a pictorial or diagrammatic representation of the flow of
transaction, which may vary depending upon the system used is manual or
computerized. The flow of documentation is actually ascertained in correct
sequence from initiation of a transaction to its final entry in the books. Flow
charts are particularly recommended for analyzing complex systems into their
component parts thereby revealing gaps and weaknesses in the system.
Tests of controls
Ascertaining and evaluating the internal control system by using various
techniques such as ICQs, ICEQs and flow charts does not
necessarily mean the system operates effectively and consistently in practice.
This has to be verified by undertaking tests of controls by using sampling
techniques.
External auditors are more concerned with substantive tests because they need
to express an opinion on the reliability of the financial statements. Internal
auditors on the other hand are more concerned with compliance tests as they
have the responsibility to advise the Head of the Public Body about the
adequacy of internal controls.
The key to this choice is the ability to distinguish what is relevant and
important from what is not. In deciding what is relevant and important the
following may be considered:
The amounts and types of assets held by the Public Body (for instance if the
Public Body holds large inventories or uses a large fleet of vehicles these
may be the focus of compliance tests).
The areas of greatest risk (this is partly a reflection of the amounts of money
involved as already discussed, but the choice is also influenced by the
possible extent of losses. An indicator might be losses, frauds, etc.
uncovered by previous audits or by other means. The auditor has to gain
some idea of the probability of loss and combine it with an idea of the
amounts of money/ resources, which may be vulnerable to loss.)
The areas where the management considers itself most vulnerable to loss,
abuse, etc.
Procurement (this is inherently an area of high risk. The auditor must assess
the importance of procurement relative to other activities of the Public
Body. If procurement is important, the audit will have to reflect this).
Using criteria of this sort, the auditor should be able to explain why particular
controls are to be checked intensively and why others are to be checked less
intensively.
On the one hand, more cases will give greater certainty about findings; on the
other, the larger the number of cases examined the higher the cost. Let us take
for example an examination of vehicle logbooks. Ninety per cent of logbooks
have been examined and audit findings established. What will be the likely
effect on audit findings, if the final 10% are checked? If the characteristics,
which are the subject of audit are evenly distributed throughout the universe of
logbooks, the likely effect will approach zero. But if the logbooks in the final
10% of cases are quite different from the other logbooks (e.g. they are the
logbooks of vehicles allocated to managers), the effect on audit findings could be
considerable.
Audit sampling
The internal auditor can arrive at valid conclusion using audit sampling. „Audit
sampling‟ means the application of audit procedures to less than 100% of the
items within an account balance or class of transactions to enable auditors to
obtain and evaluate audit evidence about some characteristics of the items
selected in order to form or assist in forming a conclusion concerning the
population which makes up the account balance or class or transactions.
Sample size
When determining sample sizes, internal auditors should consider sampling risk
and the extent to which they expect to find errors. Sampling risk arises from
the possibility that internal auditors‟ conclusion, based on a sample, may be
different from the conclusion that would be reached if the entire population
were subjected to the same audit test.
Sampling risk can be contrasted with non-sampling risk which arises when
internal auditors use any audit procedures. Non-sampling risk arises because,
for example, most audit evidence is persuasive rather than conclusive, or
internal auditors might use inappropriate procedures or might misinterpret
evidence and thus fail to recognize an error or irregularity. Internal auditors
should attempt to reduce non-sample risk to a negligible level by appropriate
planning, direction, supervision and review.
While there are a number of selection methods, three methods commonly used
are:
Random selection, which ensures that all items in the population have
an equal chance of selection, for example by use of random number
tables;
Systematic selection, which involves selecting items using a constant
interval between selections, the first interval having a random start.
When using systematic selection, internal auditors ensure that the
population is not structured in such a manner that the sampling interval
corresponds with a particular pattern in the population; and,
Haphazard selection, which may be an acceptable alternative to
random selection provided internal auditors are satisfied that the sample
is representative of the entire population. This method requires care to
guard against making a selection which is biased, for example towards
items which are easily located, as they may not be representative.
It does not follow that internal control systems are ineffective, just because
errors have been detected in them. A judgment is needed on the significance of
errors and their frequency before any judgment can be made. For example, the
signatures on purchase orders have been wrong for several months because of
absence and temporary replacement of the concerned member of staff, without
any change in authorized signatories. There is certainly a control weakness (not
The internal auditor should consider the above situations and advise
management accordingly.
Internal auditors should raise the alarm only when the alarm needs to be raised.
This requires judgment on the significance of the errors and their frequency as
pointed out earlier. The nature of the alarm has to be proportionate to the
severity of the problems discovered. Internal auditors have to exercise
objectivity, tact and maturity in helping managers to understand the nature and
severity of their internal control problems, and in advising on appropriate
remedies.
Session Summary
The most important points we have discussed during this session are the
following: -
There are three types of tools for evaluating internal control - ICQs,
ICEQs, and flowcharts
After the auditor has established the strength and weakness of the
internal control he has to undertake tests of controls in order to
establish whether the controls are in use/ in practice and are working
Since it is extremely costly to undertake 100% testing, the internal auditor can
arrive at valid conclusion using audit sampling. To use sampling, the internal
auditor should carefully design the sample, determine the sample size, select the
sampled items, test the sampled items and evaluate the result of the items tested.
Exercise 9-1
Purpose:
To understand how to evaluate internal controls and identify control
weaknesses.
Instructions:
1. Participants will be assigned in groups.
The procurement section, on receipt of the demand voucher, will buy and
supply the material. They do this by obtaining competitive quotations from
various suppliers and inviting tenders from such suppliers. Tender committee
authority must be obtained for purchases exceeding Birr 30,000 in value. When
tender committee authority is obtained to purchase from a certain supplier, the
procurement section will then raise an order in triplicate and send two copies of
the order to the approved supplier. The procurement section for records
purposes retains one copy of the order. The principal procurement officer signs
the order. Before the order is submitted to the supplier, details of the order are
entered in a register of commitments kept by the procurement section for
purposes of budgetary control. Details entered in the commitment register are
the order number, the name of the supplier, the estimated value of the order
and the balance available for spending after taking the order into account.
When the supplier delivers materials, the goods are sent directly to the
construction or maintenance unit accompanied by a delivery note, which does
not give any indication as to the cost of materials supplied. Anyone at the
construction/ maintenance unit can receive the materials.
Some time after the materials are supplied, the supplier will send an invoice to
the ERA's accounts department raising charges for the materials. A clerk in the
accounts department will obtain a copy of the order and match it with the
invoice. If satisfied, the clerk will raise a payment voucher in favour of the
supplier and attach the order and the supplier's invoice to the payment voucher.
The clerk will then hand over the payment voucher to a senior clerk who will
certify that the payment voucher is correct in respect of what was ordered and
supplied as well as the cost and expenditure classification. The senior clerk will
also ensure that all the Tender Committee members are present.
Once the senior clerk has certified the payment voucher, it will be handed over
to the accountant who will confirm the availability of funds on the budget and
pass the voucher for payment.
Once the voucher has been passed for payment, a clerk will enter the voucher
on a batch/ pre-list and submit the voucher to the Central Payments‟ Office
where a cheque will be written and sent to the supplier named on the payment
voucher. The Central Payments‟ Office will generate a printout, which acts as
an expenditure ledger for the ERA, will debit the expenditure code and update
both the expenditure and balance left on the budget.
Once every month the accountant reconciles the commitment register with the
expenditure printout to ensure expenditure paid went through the commitment
register and thus originated from the ERA.
SESSION X
Audit Approaches
Session Overview
In the last two Sessions we have discussed internal control system and how we
evaluate internal controls. The main purpose of ascertaining and evaluating
internal controls is to determine the audit approach to be adopted in the actual
audit. Our main discussion in this Session, therefore, is how internal auditors
determine the audit approach.
Session objective
Through lecture, discussion and exercise, participants will be able to understand
how to determine the audit approach to be adopted during the audit.
Introduction
The history of auditing shows a gradual change over time, as different
approaches to auditing emerged including:
The vouching approach;
The system based approach;
The risk based systematic approach.
Under the vouching concept of audit the apparently extensive coverage was
exceptionally shallow, being confined to one "horizontal plane" of entries all of
an identical nature. Tests at any particular stage were unrelated to any other
state. For example, auditors may vouch a vast number of day book entries
against supplier's invoices (all tests being in the same "plane", hence the term
"horizontal"), without considering the need to test these entries against
purchase orders or any other documents related "vertically".
Each transaction or event is considered on its own as unrelated phenomena and
checked for its validity. The defects of this approach are readily evident:
It would be, in the majority of cases, extremely time-consuming as
well as being extremely costly.
It would prove little about 'Completeness' of financial records since
the internal auditor would only be checking transactions or events
which are disclosed.
All transactions or events, however insignificant, have an equal
opportunity of audit, which results in audit of trivial matters but
leaves significant matters un-audited.
The events/ transactions, which are subject to audit, are treated as
unrelated phenomena, not as components of systems.
The results of audit findings tell us how many transactions etc. were
found to be defective and the types of defect found, but tell us
nothing about the systems which were "responsible" for the errors.
With the mushrooming of large groups of companies and conglomerates and the
defects of the vouching approach, it soon became obvious that auditors would
have to adopt a far more scientific approach to their work if they were to justify
the relatively small number of audit tests carried out in relation to the
enormous growth in the volume of transactions. This led to the emergence of
the Systems Based Approach to auditing.
In the system based approach, the internal auditor examines and tests the Public
Body's internal control systems to see whether they are appropriate and
effective for the Public Body to achieve its objective. The system of internal
control in force determines the nature, the extent and the timing of subsequent
audit tests to be executed.
Generally, in a system based approach a much smaller number of audit tests are
required to be carried out in relation to the enormous volume of transactions
and in contrast to the extensive coverage under the traditional vouching
approach to audit. The justification for the relatively smaller number of audit
tests lies in the auditor placing reliance on the control in the "system".
Objectives
Inputs
Processes
Outputs
Objectives
Objectives are statements of what is to be achieved. Each system within the
Public Body has its own objectives:
a) Procurement systems are to procure items of adequate quality at
lowest cost.
Different systems should be coherent and mutually supportive (e.g. payroll and
accounting). However, where objectives are contradictory this may not be
possible (e.g. cost reduction may not be compatible with achieving maximum
impact). Heads of Public Bodies may need to think more about systems and
their objectives, as simply complying with regulations is only part of their job.
Inputs
Inputs are the resources used by the system (e.g. salaries are paid to secure the
services of staff). Inputs may include staff time, materials, services, supplies,
information and so on.
Processes
Processing is the conversion of inputs to produce outputs. Public Bodies have
numerous processes (e.g. authorization actions, purchasing supplies, issuing
inventory, controlling the quality of work, etc.).
Outputs
Outputs are the products, effects and achievements of a system which result
from the processing of inputs. Some outputs are intermediate (e.g. invoices
paid, staff recruited, suppliers evaluated, stores items issued). Others are final
(e.g. services rendered to clients). Outputs are affected by quality factors such
as their timeliness, suitability and usefulness and the degree to which they are
adapted to the needs of clients.
Controls
Controls are actions taken or procedures established by management to ensure
that outputs meet the objectives of the entity. Examples include authorizations,
inspections, physical checks, documentary checks, reviews of performance, and
reviews of the quality of the services supplied.
Identify and agree the objectives of the system with managers.
The objective of systems should be consistent with the aims and objectives of
the Public Body as a whole. In most cases, the internal auditor may have to
identify the system objective from scratch because of absence of written
instructions. Here are some commonly found systems with a description of
their objectives:
Procurement system – procuring the right quality and quantity of items at the
right time, and reasonable cost, form the most appropriate source.
The Internal Auditor should have full understanding but should be wary of the
danger of drawing flowcharts, which are not needed. The auditor's written
narrative should cover the system and its components. The notes can form the
basis for a flowchart. The notes should be clearly structured so that others can
understand them.
Finally, the internal auditor is required to report the weaknesses in the internal
control, the conclusions reached and recommendations made for improvements.
lead to high costs, which may not be commensurate with the advantage
accruing to the Organization, namely, the prevention of possible loss arising
from the operation of the relevant control.
The evaluation of internal controls is a complex task calling for great skill. Each
Organization will have different internal control requirements and any given
control level may be achieved in a variety of ways. There appears to be no
definite standard against which to judge what appropriate and effective internal
control is.
Critics of the system based audit approach have pointed out that is cold and
clinical and ignores what is generally referred to as "management style". That
the application of this approach is common to all types of management; it does
not recognize the underlying philosophy and motivation of the management.
In recent years, a further evolution has taken place. The great wave of litigation
charges against external auditors coupled with soaring audit costs have led
individual audit firms to develop systems of quality control and also research
into new methods of auditing. Recognition of the need to improve the
excellence of audit together with emphasis on reduction in unproductive time
spent on audit has led to the emergency of risk based auditing.
Risk
Risk refers to the possibility of a system having so poor internal control that the
Public Body does not achieve its objectives effectively and efficiently. The
effect of risk can involve:
Failure to adhere to Public Body's policies, plans, and procedures, or
not complying with Government's laws and regulations;
Risk factors
Risk factors are the criteria used to identify the relative significance of, and the
likelihood that, conditions and/or events may occur that could adversely affect
the Public Body. The risk factors utilized should be sufficient to provide a
comprehensive risk assessment.
The Head of Internal Audit may decide to weigh the risk factors to determine
their relative significance. The weighing of risk factors reflects the Head's
judgment of the relative impact that it may have on selecting a system for an
audit. This section is not intended to prescribe a rigid process that specifies how
risk assessment must be conducted. However, steps of risk assessment and
example of calculation of the Risk Index are provided in Annex I in the Internal
Audit Manual.
Risk assessment
Risk assessment is a systematic process for assessing and integrating professional
judgments of the probable adverse conditions and/or events. Risk assessment
process is crucial to the development of effective audit work schedule. In
developing an audit work schedule, the Head of Internal Audit should allocate
the resources of the internal audit department in a manner that gives
appropriate consideration to the various risks confronting the Public Body. The
Head should generally assign higher audit priorities to systems with higher
risks.
The Head of Internal Audit can obtain information from a variety of sources for
the risk assessment process. Such sources include:
The approach focuses the audit on the high risk areas which are
material to the Public Body;
The approach tends to make the Head of the internal audit and senior
internal auditors much more involved in the planning stage of an audit
assignment.
The stages
The objective of the internal auditor of DPPC under risk based audit will be to
help the management achieve the above objectives by identifying the risks that
may hider the achievement and by making sure that there are adequate internal
controls necessary to mitigate the risks.
Let us take the third objective of DPPC and see how we can conduct the detail
audit. The third objective is to ensue that necessary assistances arrive to the
victims of disasters in time. This could mean many things:
Identifying where and when assistance is needed, what type of assistance
and in what quantity it is needed,
Securing the assistances from donors or through purchase,
Delivering the assistance to the location of the victims.
Assuming that the first two issues are covered, let us deal with the third issue.
Let us simplify that delivery of assistance means importing food from the USA
through Djibouti to, say southern region of the country. DPPC has to do this to
effectively so that the assistance could reach the victims in time and no loss of
life would occur. The risks that may hamper DPPC from achieving this
objective could be:
1. Ships may not be obtained in time to carry the food from USA ports,
2. DPPC has insufficient number of trucks to deliver the food from port to the
assistance place,
3. The trucks may broke down when the transportation starts,
4. Truck drivers may leave jobs,
5. The road to the place of assistance may not be good, and
6. Adequate information is not there as to where food is required most
urgently.
The internal controls necessary to ensure that the above problems would not be
faced are:
1. Determine shipping lines, which carry goods from USA ports to the
East Africa ports or to Djibouti,
2. Buy additional trucks or identify transport operators who have
capacity to transport food quickly,
3. Ensure that all the trucks are maintained in time and they can be
used when ever they are needed,
4. Make sure that drivers are satisfied in their jobs and the many of
them would not leave the job at a time.
5. Make sure that all roads are maintained after the rainy season ends.
6. Make sure that regular reports are received from Kebeles, through
Woredas, Zones and Regions.
The above-indicated risks can be prioritised. The auditor can discuss with the
management and other concerned staff members, refer to various documents to
prioritise the risks. The auditor can also use his knowledge. Once the risks are
prioritised; an audit topic can be identified and can be carried out. For example
the auditor can establish that the significant risk in the case of DPPC is to obtain
adequate information as to where food is required most urgently.
The internal control that should be in place to mitigate this risk is already
identified. The information on the number of needy must come regularly from
the Kebeles. The Kebele should report to the Woreda, the Woreda should report
to the Zone, the Zone should report to the Region and the Region should report
to the DPPC. A responsible person in the DPPC has to compile the data and
present timely information to the management.
The auditor has to ensure the adequacy of this control. If there is a need for
additional controls to be introduced or if there are unnecessary controls to be
avoided, the auditor has to identify and report to the management for action. In
the above example, the information flow from Kebele to Woreda to Zone to
Region and to DPPC might appear lengthy. If there is a way to send report
direct from Kebele to DPPC, the process would be much faster. If this is a viable
solution the auditor should suggest that in his report.
1. The master list of the tax payers may not be found up to date with the
necessary details like the address of the tax payers, the nature of the
business, etc,
2. The tax payers may not be willing to correctly declare their profit and
pay the tax on it,
3. The system of profit tax collection does not take into account the cash
flow position of the taxpayer.
4. FIRA has no adequate & capable staff to assess the tax,
The internal controls necessary to ensure that the above significant risks are
under control are:
1. The master list of tax payer is regularly updated,
2. Tax payers are persuaded to pay the correct tax,
3. Taxpayers are consulted as to when they prefer to pay tax,
4. Continues staff employment and training is in place.
The next step is to prioritise the risks based on information collected from
management, other concerned staff and from reviewing documents. In our
example, let as say that the risk that should be dealt with is the risk that
taxpayers may not be willing to correctly declare their profit and pay the tax on
it. If the internal auditor decides to choose this as his audit topic, the following
can be done:
Break the internal control necessary into more detailed internal controls. The
objective of the internal control associated with this risk is to persuade
taxpayers to declare the correct profit and pay tax on it. How can this be
achieved? This can be through:
1. Teaching the tax payers about the benefits and obligations of paying taxes,
2. Reducing the tax rates,
3. The Government indicating its accountability to the tax payers, by investing
the tax payers money into visible projects,
4. Improving the service giving procedures.
The internal auditor can now collect evidence that the above controls are in
place and are effective. The auditor can use various methods of evidence
collection including those already described. The auditor can take a sample of
taxpayers and gather their opinion about say the tax rate and the service
provision.
As in all audits, the final step is to draft reports, discuss with the concerned
officers and finally present to the management for action.
Session summary
There are three approaches to auditing:
1. The Vouching Approach;
The first is based on the concept of vouching in which entries in the accounting
records are checked against appropriate vouchers such as purchase orders, goods
received notes, purchase invoices, etc. This approach is time consuming, as it is
transaction oriented and has no relation with the system.
The Systems Based Approach, on the other hand, involves seeking reasonable
assurance as to the accuracy and completeness of the accounts by the system of
internal control and when justified placing reliance on the system and carrying
out appropriate level of substantive testing
Risk Based Auditing refers to the development of auditing techniques
responsive to risk factors in an audit. The auditors apply judgment to determine
what level of risk pertains to different system in the audit area and devise
appropriate audit test. This approach should ensure that the greatest audit to be
directed to the riskiest areas; so that the chance of detecting errors and
irregularities is improved and time is not spent unnecessarily on testing "safe"
areas.
Exercise 10-1
Audit Approaches
Instructions to the participants
Purpose:
To understand the difference between the various audit approaches and explain
the advantages and disadvantages of each approach.
Instructions
You have been assigned as a team leader to undertake the audit of the Central
Statistical Office‟s accounts for the year ending Sene 30, 1996 (Eth. Cal). The
team has to decide the audit approach to be adopted during the audit. You have
to convince the team members which approach among the Vouching, the
Systems Based and the Risk Based is appropriate in the circumstances.
Required
Describe in detail the points you should raise to convince the team members in
the selection of the audit approach.
SESSION XI
PLANNING AND CONTROLLING INTERNAL AUDIT
Session Overview
The audit process is composed of three phases:
- the Planning phase;
- the Audit Execution or the Performance phase; and,
- the Reporting and Follow up phase.
In addition, under the same paragraph internal auditors should develop and
record a plan for each engagement, including the scope, objective, timing and
recording allocation, which means that individual audit assignment should be
thoroughly planned before the execution of the audit engagement.
Session Objective
Through lecture, discussion and exercises participants will understand how to
prepare strategic and operational audit schedules and how to plan and control
individual audit engagements.
PLANNING
Introduction
Planning is an essential element in the audit process. This section deals with
the aspects of planning, the level of plans involved, their preparation and
characteristics in general. The responsibility of planning the audit lies with the
Head of the Internal Audit department. Audits require adequate planning for a
variety of reasons.
Strategic plan
The first level of planning is the preparation of the strategic plan, the duration
of which is set to be 5 years. The necessary criteria for the preparation of a
strategic plan differ from one audit approach to the other. It, therefore, appears
useful to mention the basic criteria for the preparation of strategic plan at
different approaches for internal auditors in order that they can apply them in
line with their stages of development. It follows that in the Vouching
(traditional) Audit Approach, the internal auditor intends to check all
documentary evidences of an entity as far as possible. In the Systems Based
Audit Approach, the intention was changed to evaluation of the internal control
of all systems of the entity. In the emergence of the Risk Based Systematic
Audit Approach, the internal auditor commences to prepare a strategic plan in
which the risk materiality of the systems is ranked and the scheduling together
with the resources required is determined.
In the Systems Based Audit Approach, the internal auditor evaluates the
internal control systems of an entity by giving equal weight to all systems. In
this approach, a much smaller number of tests are required to be carried out in
contrast to the extensive coverage under the traditional Vouching Audit
Approach. The level of testing under this approach would be primarily guided
by two determining factors which are the frequency with which a control is
performed and the type of test. The more frequently the control is performed
the more it will need to be tested. Testing which requires re-performance
would necessitate substantially lower level of tests than testing which requires
examination of evidence.
The important characteristic of the strategic plan prepared under the Risk Based
Systematic Approach is that it should be made on the basis of risk and
materiality assessment with a view to systematically prioritize audit work. The
strategic plan prepared under all approaches has the following characteristics:
It should be developed to meet the needs of the Public Body i.e. it
should be value adding;
It should be flexible for subsequent improvements and reviews;
It should establish long term resource and skill requirement and
allocation issues;
Therefore, the annual plan should be kept under review to identify and reflect
changing priorities, resource allocations, timing issues and other emerging audit
needs. The annual plan should sufficiently set out the details of the assignments
so that management understands the purpose and scope of the assignments. The
plan should establish resource and skill requirements and set relative priorities
for each assignment. It thus matches available resources and the audit
assignments.
the planning of each individual audit assignment based on the approved annual
audit plan.
On the basis of the strategic plan and especially the annual plan the detailed
plan is prepared. It includes:
Other requirements of the audit, such as the audit period covered and estimated
completion dates, should be determined. The final audit report format should
be considered, since proper planning at this stage facilitates writing the final
audit report.
Audit objectives and procedures should address the risks associated with
the system under audit. The Risk Based Systematic Approach to internal
audit is discussed in Module IV Session X.
The quality of the audit can also be ensured through quality assurance programs
such as internal reviews and external reviews. Internal reviews can be
undertaken by competent senior auditors in terms of verifying the degree of
compliance with internal audit standards. Similarly external review by outside
independent bodies such as external auditors can help identify weaknesses of
the internal audit department and suggestion for improvement.
Exercise 11-1
PLANNING AND CONTROLLING INTERNAL AUDIT
Instruction to participants
Instructions
You have been assigned as the Chief Internal Auditor of the Ministry of Mines in
Ginbot, 1997 (Eth. cal). One of your main tasks is to prepare a strategic audit plan
covering the next five years.
Required
Explain by way of raising important points how you are going to prepare the
strategic audit plan for the Ministry.
Exercise 11-2
PLANNING AND CONTROLLING INTERNAL AUDIT
Instruction to Participants
Purpose – to explain how individual audit plans are prepared.
Instructions
1. Perform this exercise in groups.
You have been assigned as a team leader to audit purchasing and stores. As a
team leader you have to explain to the team members how the team should
prepare the individual audit plan.
Required
Describe in detail the points you should make in your explanation.
SESSION XII
PERFORMING THE AUDIT
Session Overview
The second phase of the audit process is the execution phase or performing the
audit. This involves the implementation of the audit procedures, gathering
audit evidence and documenting audit findings, in order to achieve the
engagement or audit objectives in accordance with the IIA Standard. Under
paragraph 2300 of the IIA Standards, internal auditors should identify, evaluate
and record sufficient information to achieve the engagement objectives.
It is important that the auditor has a clear understanding of the audit program
before implementing the audit procedures. The audit supervisor has the duty to
explain the audit program to the audit team before an audit assignment is taken.
Adequate supervision should also be provided during the process of execution.
Session Objective
Through lecture, discussion and exercise, participants will be able to determine
the type of audit evidences and techniques necessary to execute the audit
program in accordance with the IIA Audit Standards.
Audit evidence
Audit evidence is information that forms the foundation, which supports the
audit findings and the audit opinion contained in the audit report. It includes
documents and accounting records underlying the financial statements and all
other information, which is pertinent to the auditor's examination.
In accordance with the IIA Standards paragraph 2310 internal auditors should
identify sufficient, reliable, relevant and useful information to achieve the audit
objectives. Sufficient information is factual, adequate and convincing so that a
prudent, informed person would reach the same conclusion as the auditor.
Competent information is reliable and the best attainable through the use of
appropriate auditing techniques. Relevant information supports audit
observations and recommendations and is consistent with the objectives of the
audit.
Audit Completion
At the end of the field audit, a summary of the results of the internal auditors
work is made and the achievement of the audit objective is evaluated. Once the
audit findings are documented, the internal auditor needs to evaluate the
findings as a basis for reaching a conclusion on the audit objectives.
Whether the summary of the audit findings is complete and accurate and
consistent with the details in the working papers.
The extent to which points raised in the last audit reports have been
attended to.
The accuracy and validity of audit recommendations to be made.
Whether the different parts of the financial statements and the related
ledger accounts are consistent with one another and with matters stated in
the draft audit report.
Whether the draft audit report requires amendment in view of the
discussion held with auditees.
Whether the final audit report has been completed and in accordance with
approved format and standard.
Session Summary
In this Session we have discussed how we perform the audit during the
execution phase of the audit process. The main purpose is to identify, evaluate
and record sufficient information to achieve the audit objectives.
We have defined audit evidence and identified sources of audit evidence
including auditor‟s direct knowledge, external evidence, internal evidence and
corroborative evidence.
To qualify information as acceptable audit evidence, it has to be sufficient,
relevant, reliable and timely.
Audit procedures should be implemented in accordance with the audit
programme. In this respect, there are several techniques or methods used to
gather various types of audit evidence.
At the end of the field audit, a summary of the results of the internal audit work
is made and the achievement of the audit objectives determined through audit
completion procedures.
Exercise 12-1
Audit Techniques
Instructions to participants
Purpose:
To identify appropriate audit techniques when performing various tests.
Instructions:
Working individually, fill in the appropriate audit technique beside each sample
test given below.
SESSION XIII
Documenting Internal Audit
Session Overview
In this Session, participants will be exposed to audit documentation, which is
essential in all steps of the audit process. The International Standard for the
Professional Practice of Internal uditing paragraph 2330 states that internal
auditors should record relevant information to support the conclusions and
engagement results. The intention of this module, therefore, is to enable
participants acquire general knowledge about audit documentation.
Session objective
Through lectures, discussions and exercises, participants will be able to explain
to the internal auditor how he documents the audit process.
Documentation
Documentation is a process of recording, assembling and organizing knowledge.
In relation to auditing this knowledge is the evidence compiled in working
papers supporting audit assertions.
Working papers are the records kept by the auditor of the audit procedures
applied, the tests performed, the information obtained and the pertinent
conclusions reached in the audit engagement. Working papers should include
all the information necessary to conduct the examination adequately and
provide support for the audit report.
Objectives of Documentation
Specific objectives of documenting the internal audit assignments:
Provides a historical record of the information collected during the
conduct of audits.
Provides a record of the audit tasks performed.
Identifies audit objectives and methods chosen as a basis for planning
future audits and for review purposes.
Allows an audit supervisor or manager to make an interim review of
what has been done during the audit to date.
Allows an audit supervisor or manager to carry out final assessment
of the validity of draft audit conclusions before they are expressed as
audit findings.
Provides support for audit findings and evidence of compliance with
the internal audit standards.
Establishes a record for the purposes of peer review.
Provides a framework for further review in cases where management
disagrees with audit findings and the audit methods and conclusions
have to be reassessed.
Provides a framework of control whereby delegated work is
monitored.
Principles of Documentation
Good documentation is achieved by implementing the following principles:
d) Completeness
The audit papers should be complete in the sense of covering the whole audit,
the tests carried out, the meetings held, the queries raised, management
responses and the draft conclusions reached.
f) Confidentiality
Audit working papers are in principle confidential. The Head of the Internal
Audit unit may decide to share audit working papers, only if there is good
reason. If the external auditor or the Ministry of Finance and Economic
Development requests access, this is good reason in itself. If, in the case of
fraud, the police or a court of law requests information, the Head of Internal
Audit will comply. When access is requested, the circumstances, reasons,
persons with whom information was shared and the information shared should
be recorded in permanent files. It should be noted that principle of
confidentiality prevents the sharing of audit information with third parties (e.g.
suppliers). As audit working papers are confidential, measures should be taken
to restrict access to them.
Planning;
Examination and evaluation of the adequacy and effectiveness of
the system of internal control;
The auditing procedures performed, the information obtained and
the conclusions reached;
Review;
Reporting;
Follow-up; and,
Governance and organizational aspects.
These and other aspects of documentation should be kept in an orderly and
organized manner in two files: Permanent File and Current File.
Permanent File
Permanent file is used for retaining key information of continuing audit
relevance, which changes little from year to year. It contains data of historical
or continuing nature pertinent to the audit. The permanent file typically
includes:
Extracts or copies of the Public Body‟s documents that deal with the
organizational aspects. It includes organization structure (chart);
organizational history detailing authority and duty;
Current Files
The current files include all working papers applicable to the year under audit.
They contain relevant information of the audit for the current year. Their
contents include:
General information – This information is current information that is
of a general nature rather than dealing with specific issues. This
includes such items as audit planning memos, abstracts or copies of
minutes or contracts or agreements not included in permanent files,
notes on discussion with management, working paper review
a) Each working paper should be properly identified with such information as:
The name of the Public Body being examined;
The title or description of the content or purpose of the working
paper;
The period covered by the audit;
The preparer and reviewer with respective dates of preparation and
review;
The index code.
b) Each working paper should be signed (or initialed) by the preparer and the
reviewer.
c) Each working paper should be properly indexed and cross-referenced to aid
in organizing and filing. Indexing is done at the front of each paper using
combination of letters and whereby if lead schedules are given a letter, e.g.
"A" then for supporting schedule a suffix indicating the sequence in the file
---------------------------------------Ministry of Finance & Economic Development 191
Internal Audit Training Manual-----------------------------------------------------------------
is added e.g., "A1". Cross referencing between lead schedules and supporting
schedules or between two supporting schedules should be done in a logical
and consistent manner. Please refer to Annex XII in the Internal Audit
Manual for the relationship of working papers, indexing and cross-
referencing.
d) Each working paper should include sufficient information to fulfill the
objectives for which it was designed.
e) Completed working papers must clearly indicate the audit work performed
including sampling methods and samples selected. This is accomplished in
three ways:
By a written statement in a form of memorandum;
By initialing the audit procedures in the audit program;
By notations on working paper or directly on working paper schedules.
Notation on working paper are accomplished by use of "tick marks"
which are symbols written adjacent to the details on the body of the
schedule. These notations must be clearly explained at the bottom of the
working paper.
To help clear understanding of what working papers are and to give practical
example, model Permanent File and Current File are given. The Permanent File
and Current File index given in annex X of the Audit Manual are simplified as
The indexes are given as a standard to be used by all the Public Bodies. The
index is used as a checklist for the auditor to ensure that working papers are
complete. The auditor shall collect audit evidences for each item described in
the index. The standard index shall also help the internal audit department
Head and the Inspection Department of MoFED to go through the working
papers smoothly.
Annex X
PF I ORGANIZATIONAL INFORMATION
PF II 1 Accounting policies
PF II 2 Systems documentation forms (system notes, flow charts)
PF II 3 Internal Control Questionnaires
PF II 4 Internal Control Evaluations
PF II 5 Risk Assessment Index
PF II 6 Specimen of Documents (Vouchers)
PF III 1 Directives
PF III 2 Rules, Regulations
PF III 3 Internal Instructions
PF III 4 Official Rates (Price lists)
---------------------------------------Ministry of Finance & Economic Development 193
Internal Audit Training Manual-----------------------------------------------------------------
PF VI CORRESPONDENCE
Each of the major sections of the Permanent File is identified by unique roman
numbers. The contents are given serial numbers in subscript starting from the
first. So in PF V, important memorandums are filed. The first item is contracts.
This is given PFV1... If contract is only one page, PFV1 is the index to be given to
it. If there is more than one page, the subsequent pages will be identified by an
English alphabet. Therefore, the second page will be PFV 1 a. New items that
the auditor needs to file in the Permanent File can be added in the relevant
section indicated above or a new category shall be added. But this may be made
in consultation with the internal audit department Head and the Inspection
Department of MoFED.
Annex X
I AUDIT REPORTS
I1 Final Audit Reports
I2 Report on Internal Control
I3 Ad-hoc Reports
I4 Interim Reports
I5 Draft Reports
II GENERAL INFORMATION
II 1 Matters for Attention: Auditor Follow-up, Management Action, etc.
II 2 Summary of Findings
II 3 Discussion with Management: Comments, Responses, etc.
II 4 Extracts of Minutes (management, audit committee)
II 5 Review and Check Lists (review notes, check lists)
II 6 Audit Time Summary and Budget
II 7 Important Memorandum
III GENERAL AUDIT PROCEDURE
III 1 Audit Planning
III 2 Audit Programs
III 3 Other Planning Issues
I Cash on hand
J Cash at bank in foreign currency
K Cash at bank
TESTS OF INTERNAL CONTROL
TC I Receipts
TC II Disbursements
TC III Procurement
TC IV Payroll
TC V Stock/Inventory
TC VI Fixed Assets
TC VII Computer Audit
The above index is used for financial audit. Again all Public Bodies should use
the index uniformly. Computer audit is usually done as part of financial audit. If
an extensive audit is required, it can be separately done. The index for such
extensive and separate test could be similar to the one shown below for special
audits.
The above lay out of the index follows the lay out of the Trial Balance given in
the FGE accounting system. Each section identified by A – K shall have
standard schedules known as lead schedule (the summary schedule that will be
filed at the top), summary of findings related to that particular section,
supporting schedules, and query (questions) sheet wherein all questions raised
during the audit are recorded. The question sheet should show the replies
obtained from the department audited. If satisfactory replies are obtained, a line
will be drawn across the question. Those points for which adequate replies are
not obtained shall be transferred to the summary of findings. The schedules for
test of control are more or less similar. The lead schedule for test of control shall
describe the objective of test, the sample selection method, list of samples
selected, findings, and conclusions.
Annex. X
A Final report
B Draft report
C Planning of the audit & questionnaires (including the description
of the Public Body & the activity or department to be audited)
D Memorandum (instruction given to the audit department,
instruction given to the audit team, term of reference for the
audit, correspondence with the audited department,
correspondence with MoFED, minutes of meetings with the
department audited, etc.)
E Copies of important documents (Construction contracts,
consultancy contracts, proclamations, guidelines, policies, etc.)
F Summary of Findings
G Support Schedules
H Queries/notes
Special audits are special for each Public Body. The special audits might even
differ from assignment to assignment. Hence, it is not possible to establish
standard schedule to be used by all the Public Bodies for all special audits. The
above index is only a guideline. The auditor can modify the index to suit the
specific audit under consideration.
Session Summary
Working papers should document all the three phases of internal auditing -
planning, execution, reporting and follow-up.
Working papers files are classified into Permanent and Current Files.
Permanent Files include information of continuing audit importance while
Current Files include all working paper applicable to the year under audit.
Working papers are the property of the Public Body under the custody of the
Internal Audit Department. Access to the working paper can be given by the
Head of the Internal Audit Department subject to approval by the Head of the
Public Body.
EXERCISE 13-1
Purpose and Advantages of Documentation
Instruction to the Participants
Purpose:
To point out the purpose and advantages of documentation.
Instructions:
1. Perform this exercise in small groups.
2. Take about 5 minutes to go through the information given below
and come up with any points that need clarification.
3. Complete the required task.
4. Select a spokesperson to present the answers.
5. Suggested solutions will be handed out and discussed.
Internal Auditors should document the audit work. Share your views and
experience by discussing about the benefits and main objectives of documenting
audit work.
Write down the benefits and main purposes of documenting audit work.
EXERCISE 13-2
Ownership, Security and Storage of Documents
Purpose:
To clarify ownership and security of working papers.
Instructions:
1. Read the discussion quiz below.
2. Be prepared to give your views for discussion with the class.
Alemu and Ahmed who are audit trainees have a discussion concerning audit
files. Alemu makes the following statements.
Audit working papers are the property of the internal auditor, who may destroy
the files, sell them or give them away. Members of the staff and third parties
have free access to the working papers.
Required:
Review the comments made by Alemu above. Do you agree with them? Discuss
each statement with your group and be prepared to discuss in the full class
session.
EXERCISE 13-3
Use and handling of Working Papers
Instructions to the Participants
Purpose:
To explain the types of working paper files, ownership, security and storage of
working papers.
Instructions:
1. Perform this exercise individually.
2. Take about 5 minutes to go through the information below and come
up with any points that need clarification.
3. Complete the required task.
4. Hand in your answer sheet for evaluation.
5. Suggested solutions will be handed out and discussed.
You are a senior internal auditor, you have been asked by the Chief Internal
Auditor to prepare a presentation for a staff meeting to discuss about working
papers. In your presentation you are to address the following points:
Required:
Describe in detail the points that you should make in your presentation.
Allotted time: 45 minutes
SESSION XIV
REPORTING AUDIT FINDINGS
Session Overview
Reporting is the third phase of the audit process. The first and second phases
are planning and execution, respectively. The most important aspect of any
audit is reporting as an audit not reported and actions not taken on findings and
recommendations is a waste of resources utilized during the audit. It is,
therefore, essential that the internal auditor should report at the end of the
audit. Accordingly, the Intentional Standards for the Professional Practice of
Internal Auditing requires under article 2,400 that internal auditors should
communicate the engagement results. This Session is devoted to reporting audit
findings.
Session objective
At the end of the Session participants will be able to understand the
requirement of reporting audit findings through lecture, discussion and
exercises.
Audit findings;
Characteristics of effective audit reports;
Contents and formats of audit reports;
Steps in the preparation of audit reports;
Stages of audit reports;
Follow-up.
Audit findings
Audit findings are much more than simple opinions. The audit process is a time
taking careful process for building up very specific information, as it must result
in reliable and relevant information, sufficient to support reasonable
conclusions. A reasonable conclusion is one, which is objective and fully
supported by the evidence. An auditor using the same audit methodology could
repeat the audit and arrive at the same conclusion.
Audit findings emerge by a process of comparing “what should be” with “what
is”. This provides to the internal auditor a foundation on which to build the
report. When conditions meet the criteria, acknowledgement in the audit
report of satisfactory performance may be appropriate. Findings should be based
on the following attributes:
Cause: The reason for the difference between the expected and actual
conditions (why the difference exists).
A process is needed for developing conclusions and testing their strength before
they are embodied in audit findings. This may involve:
Developing audit interim conclusions by auditors in charge as the
audit is in progress.
Discussing these interim conclusions by the Head of Internal Audit
(and giving guidance on their validity and indicating whether more
evidence is needed to substantiate them).
Auditors drafting their final conclusions at the end of their audits.
Head of Internal Audit carrying out further evaluation of the validity
of conclusions.
Redrafting these conclusions as audit findings.
Busy people who have to read many reports on a lot of subjects and who
do not want to plough through a lot of detail before reaching key
conclusions.
Not familiar with auditing terminology or processes.
Less interested in processes than in findings.
Much more interested in significant matters than trivial ones.
These presumed characteristics are the key to writing effective audit reports. An
effective audit report is one, which is objective, clear, concise, constructive and
timely.
Although audit report formats and contents may vary, they should at least,
contain the purpose, scope, and results of the audit.
Purpose statements should describe the audit objectives and may,
where necessary, inform the reader why the audit was conducted and
what it was expected to achieve.
Scope statements should identify the audit activities and include,
where appropriate, supportive information such as time period
audited. Related activities not audited should be identified, if
necessary, to delineate the boundaries of the audit. The nature and
extent of auditing performed should also be described.
Results may include findings, conclusions (opinions), and
recommendations.
Findings are pertinent statements of fact. Those findings, which are
necessary to support or prevent misunderstanding of the internal
auditor‟s conclusions and recommendations, should be included in
the final audit report. Less significant information or findings may
be communicated orally or through informal correspondence.
Conclusions (opinions) are the internal auditor‟s evaluations of the
effects of the findings on the activities reviewed. They usually put
the findings in perspective based upon their overall implications.
Audit conclusions, if included in the audit report, should be clearly
identified as such. Conclusions may encompass the entire scope of an
audit or specific aspects. They may cover but are not limited to
whether operating or program objectives and goals conform with
those of the Public Body, whether the Public Body‟s objectives and
goals are being met, and whether the activity under review is
functioning as intended.
---------------------------------------Ministry of Finance & Economic Development 207
Internal Audit Training Manual-----------------------------------------------------------------
It is the responsibility of the Head of Internal audit to ensure that audit reports
reach high standards of relevance and readability. The Head should examine all
draft audit conclusions for relevance, robustness, proficiency of language,
clarity, tactfulness, helpfulness and positive tone. The last three are important,
as effective audit reports should not alienate the reader. The reader should be
treated as a friend rather than an enemy. After all, if the ultimate usefulness of
audit is effective remedial action, it is wise to treat those responsible for such
actions with respect. The idea is to help them, not to embarrass or anger them.
The internal auditor should hold Exit Conference to discuss conclusions and
report recommendations at appropriate level of management before issuing the
final report. The discussion will help to ensure that there have been no
misunderstandings of facts by providing the opportunity for the auditee to
clarify specific items and to express views on the findings, conclusions, and
recommendations. Although the level of participants in the discussion may
vary by Public Body and by the nature of the report, they will generally include
those individuals who are knowledgeable of detailed operations and those who
can authorize the implementation of corrective action.
Formal audit reports are not the only way (and certainly not the most effective
way) of reporting audit results to management. Auditors should think of
additional ways of bringing their work to the attention of management.
Material can be presented orally in seminars, workshops, meetings, briefings
and one-to-one sessions and in a variety of formats ranging from presentations
on what management needs to know, management tools, principles and
concepts, advice on best practice, recommendations and actual audit findings.
Internal audit reports are sent to the management of the Public Body for the
following reasons:
To ensure that audit findings are known to management.
To prevent the Head of the Public Body from keeping audit findings
secret from his management team.
To ensure that significant matters resulting from audit receive collective
management attention.
Follow-up
In accordance with IIA Standard paragraph 2500-AI the Chief Audit Executive
should establish a follow-up process to monitor and ensure that management
actions have been effectively implemented or that senior management has
accepted the risk of not taking action. It is, therefore, the responsibility of the
Chief Internal Auditor in particular and the internal auditors in general to
maintain a follow-up process to assure that proper action has been taken on the
recommendations contained in the internal audit report. Such follow-up
procedure should include a follow-up policy whereby:
There must be ground rules for follow-up leaving plenty of room for
staff initiative. Effective follow-up need to be tailored to particular
recommendations and the results they seek.
Session summary
The most important aspect of any auditing is reporting since an audit not
reported and consequently action not taken on findings and recommendation is
a waste of resources utilized during the audit.
Audit findings should be developed by comparing “what should be” with “what
is” through the process, i.e. the elements of a deficient finding: criteria,
condition, cause, effect, conclusion and recommendation.
An effective audit report is one which addresses the needs of readers. The
report should be objective, clear, concise, constructive and timely.
Although the format and content of audit reports may vary, they should at least
contain the purpose, scope and the result of the audit.
The internal auditor should hold exit conference to discuss audit findings,
conclusions and recommendation at appropriate level of management before
issuing the final audit report.
Exercise 14-1
Writing an audit report
Purpose:
To draft an audit report
Instructions:
1. Refer to the copy of a sample audit report on the next page.
Exercise 14-1
Audit Report
NON COMPLIANCE
Non compliance with Treasury Restriction note. An amount of Birr 1,000,000
was transferred from Installation costs to Telecommunication and other
equipment with prior Treasury Authority, in violation of restrictive note.
Please ensure compliance with restrictive notes before making budget transfers.
ORGANIZATION CHART
To our knowledge the Ministry does not have an official detailed organization
chart for responsibility centers and approved by responsible officers.
DELEGATION OF AUTHORITY
The delegations of authority contained in the policies and procedures manual
are not followed, as it would seem that the limits are too much for some
positions. Further, the delegation of authority chart does not bear the Vice
Minister's approval.
Management should review the existing situation and make the necessary
changes to the present delegation of authority chart so that it may be updated.
Further, this chart should be approved by the Vice Minister.
BUDGET CONTROL
Tefera Abebe
Chief Internal Auditor
SESSION XV
INTRODUCTION
There is an agreement that the manner the internal audit activity is carried out
in the Government offices will be substantially changed. This is purely reflected
in the two documents prepared by the Inspection Department of the Ministry of
Finance and Economic Development (MoFED), namely the MoFED Internal
Audit Activity Reform document and Study on the structure of the Internal
Audit Activity in Government offices.
From now on, the Internal Audit Activity in the Government offices will
perform POST AUDIT. The purpose of post audit, as concerns the financial
audit, is to check the reliability of the financial statements, and the financial
and internal control systems on the basis of which those financial statements are
prepared.
The financial statements of those Government offices which have gone through
the reform are prepared following the MODIFIED CASH BASIS OF
ACCOUNTING, using double entry bookkeeping, as described in the Federal
Government of Ethiopia Accounting System (FGE accounting system). Those
Government offices, which are yet to undertake the reform, will eventually
start applying this accounting system. It is, therefore, very important to describe
the accounting system briefly before embarking on the discussion of the
detailed audit procedures to be applied at the time of post audit.
Since double entry bookkeeping is used, the total debits should equal the total
credits or the difference between the debits and the credits must be zero. Using
the permanent account balances, a basic equation to test the equality of debits
and credits can be given as:
In its abbreviated format, the Monthly Trial Balance looks like the following:
The accounting system that enables the preparation of the monthly reports is
discussed in the following paragraphs. It should be noted that monthly reports
are the basis for the preparation of quarterly (three months reports together), six-
monthly (six-months reports together) and annual (twelve months reports
together) reports.
1. The accounting cycle starts when payment for goods and/or services is
effected; cash is collected or when non-cash transactions (e.g.: donation
in kind) occur.
5. The balance of the ledgers maintained in the previous step will then be
taken to the Monthly Trial Balances.
ME/HE/Q32
TRANSACTIONS REGISTER
ME/HE/Q43
LEDGER CARD
REPORTS SUCH AS
REVENUE/ASSISTANCE
/ LOAN REPORT
TRIAL BALANCE
The FGE accounting system also introduces budgetary control by using Budget
Ledger Cards. This is a columnar card showing the approved budget,
additions/reductions to the approved budget, revised budget, payments received
for budgeted expenditure, amount remaining to be requested, commitments and
balance in the revised budget that is not committed. The Budget section will
maintain the card. Budget Ledger Cards shall be opened for each item of
budgeted expenditure. Transactions affecting that item of expenditure shall be
posted to the card.
In the following sections, financial audit procedures for each of the items
indicated in the Trial Balance shall be dealt with in detail.
SESSION XVI
RECEIPTS (REVENUE)
Learning Objective
At the end of this section, we shall be able:
1 To understand the definition of receipts as given in the FGE
Accounting System Manual,
Basic concepts
Receipts are money received via the official Cash Receipt of the FGE. Receipt
includes income from the service provided by the Public Body, income from
goods sold, recovery of previously extended loan to employees, etc. Receipt
includes the official income of the Public Body but is not limited to it.
According to the FGE Accounting System, there are three categories of receipts.
These are Item of Domestic Revenue, External Assistance and External Loans.
Domestic revenue is from tax revenue (tax on income, profit and capital gains,
excise tax on locally manufactured goods, VAT on locally produced goods, Turn
Over Tax, Stamp sales and duty, Custom duty on imported goods, Excise tax on
imported goods, VAT on imported goods and Export duties), from non-tax
revenue (administrative fees and charges, sales of public goods and services,
Government investment income, extraordinary and miscellaneous income and
contribution to pension fund) and from capital revenue such as privatization
proceeds.
External Assistance and External Loan are receipts obtained from foreign
sources to pay for Administrative and General Projects, Economic Projects,
Social Projects or any other legal project.
The source document to recognize cash receipts by any Public Body from any of
the above sources is Receipt Voucher. This voucher is of two kinds, one for
receipts in Birr (ME/HE/Q1) and the other for receipts in foreign currency
(ME/HE/Q2). “For any sum of money collected on behalf of the Federal
Government of Ethiopia, a serially numbered, official receipt of the Ministry of
Finance and Economic Development (MoFED) shall be issued.”
The monthly financial report that goes to MoFED shall include the receipts
made by the Public Body. The total to date of such receipts appears on the
Monthly Trial Balance. The breakdown for that total is given in the
Revenue/Assistance/Loan Report by account. As for other items in the Trial
Balance, a Ledger Card is maintained for each account appearing in the report.
If subsidiary ledger is needed, that is also maintained.
Procedures
The audit objectives of checking revenue are:
YTD receivables
Account code Debit Credit
Once the correctness of the total of the report and its agreement with the
balance in the Trial Balance is checked, the auditor will ask for the ledger of
each of the accounts and check agreement of the ledger balance with the
payables reports and ask into any variations between the two. The figures in the
report are extracted from the ledgers.
The auditor can see which items need closer check. For example, in the above
report the auditor can ask as to why revenue from tax on wages and salaries for
the three months of 1997 budget year (Hamle, Nehasse & Meskerem) is only
Birr 10,000. Such questions are raised by the auditor because of his prior
knowledge of Public Body. The tax revenue the auditor expects could be, say,
Birr 100,000 per month. The total for the three months had to be Birr 300,000.
The auditor should seek explanation for that. The answer to the question could
be that income tax was wrongly posted to, say, excise tax account or even to
salary expense account. The auditor should then propose correction to be made
in the report.
The next step is to select some of the accounts in the report. Selection could be
based on the materiality of the balance. In the above example, Excise tax on
sugar and VAT on soft drinks are material that they should be selected for
checking so that the auditor can make sure that the total income is accurately
reported. But other selection methods could also be employed. For example, if
the auditor is doing his audit every three months, he can select one of the items
based on materiality now. But next time, the item that is not tested now can be
selected even if it is not material.
For each account selected, the auditor will take out the ledger, check the total
and scrutinize it. By scrutinizing, the auditor can check abnormal transactions,
transactions without reference to supporting documents (receipt vouchers, etc)
or other incomplete transactions, which should be questioned. Adequate
explanations should be obtained to the questions raised.
From the ledger card, the auditor will select transactions with big Birr amounts
and transactions, which the auditor needs to check in detail. As a rule of thumb,
the auditor can select those big amounts making up 50% of the total ledger
balance.
Each of the selected items will be checked with the supporting documents.
Supporting documents to be checked vary according to which income it tested
and from Public Body to Public Body. In the Ministry of Revenue, receipts are
mainly collection of different taxes. The documents to be verified are those
related to the tax assessment. For example, customs duty is supported by
customs declarations and the related import documents. The basic law to refer
to is the Customs Duty Proclamation & Regulations including amendments. The
Ministry of Information collects Television license fee. Hence the auditor in
that Ministry refers to the documents relevant to the verification of that
income. It is not possible to list all the documents to be verified when auditing
revenue. But the general approach to the examination of the receipt is the same
regardless of the nature of the revenue. The Internal Audit Head is responsible
to inform the Auditors under his supervision, which documents to verify.
The amounts checked need to be recorded in the Current Audit file. For
example if VAT on Soft Drinks is selected for checking, the working paper
would look like:
A
MoR Initial Date
VAT on soft Drinks Prepared by KK 02/03/05
Collection from Moha Soft Drink Factory – Hamle 1996 RV 0000100 V200, 000 00
Collection from Coca Cola Factory – Hamle 1996 RV 0000200 V150,000 00
Collection from Moha Soft Drink Factory – Nehasse 1996 RV 0000300 V250,000 00
Collection from Coca Cola Factory – Nehasse 1996 RV 0000400 V300,000 00
Collection from Moha Soft Drink Factory – Meskerem 1997 RV 0000600 V250,000 00
Collection from Coca Cola Factory – Meskerem 1997 RV 0000750 V350,000 00
1,500,000 00
Work done: Checked
V = checked with receipt voucher, VAT declaration of
the taxpayer, approval of the tax payable amount.
The audit procedure to test revenue from External Assistance and Loan is the
same as above except that the receipt to be checked might be Foreign Currency
Receipt Voucher and the supporting documents are agreements signed between
the Public Body and the provider of the assistance or the loan.
Summary
The receipts of different Public Bodies are different. In terms of audit, however,
the procedures to be applied are the same except that the supporting documents
and the Proclamations, Regulations, Guidelines that will be examined are
different. In the FGE Accounting System, the vouchers and records given are
similar for all Public Bodies.
Exercise –16 -1
Please identify one type of receipt in your organization and discuss what
supporting documents are expected to support the receipts. Which
Proclamation, Regulation or Guideline is relevant to the receipt?
SESSION XVII
EXPENDITURES
Learning Objectives
When we have completed our study of this Section, we should be able to
understand and apply the following:
Basic Concepts
Expenditures are basically of two types – capital expenditures and recurrent or
revenue expenditures. The Federal Government of Ethiopia‟s budget (for
instance, Proclamation No. 282/2002, 1995 (E.C.) Fiscal Year Budget
Proclamation) is also accordingly divided with subdivisions under each
category.
Capital expenditure has been generally defined as “an outlay for the acquisition
of or improvement to fixed assets, and includes expenditures made for
consultancy services.” (Article 2 (3) of Proclamation No. 57/1996, Federal
Government of Ethiopian Financial Administration Proclamation).
Control over overspending is the responsibility of those who are allotted with
the budget. For the control over overspending to be effective, information on
budget, amounts utilized, unexpended and unencumbered balances should
regularly be communicated to those concerned. This falls under what is called
„responsibility accounting‟.
Illegal expenditures can be viewed as those, which have exceeded the approved
budget or appropriations. The person who has incurred the expenditure has
done outside of his authority if he overspent and therefore, the act becomes
illegal. The other is incurring expenditure for which there were no budgets or
appropriations. Thus, it is obvious that there is no authority to incur the
expenditure and therefore, this also becomes illegal.
The use of proper methods and procedures is a part of a good internal control
system. As part of the control system of the FGE, the Budget Ledger Cards are
used for budgetary control purposes and these records have to be consulted
before expenditures are incurred.
The other control is the coding of the expenditures so that they are recorded in
the proper accounting system. These are the responsibilities of the accountant.
Check, on a sample basis, that payments are made in compliance with the
relevant Government directives; to do so, firstly determine the total population
of the payment vouchers used during the year under review. Secondly, apply
say, random and stratified sampling method in order to determine the sample
size that is expected to be representative of the population.
Example: Assume that the total numbers of Payment Vouchers used in a given
period to be audited were 2550, and assume also that 25 vouchers are sufficient
number to be chosen to test control, then under systematic sampling method
every 102nd (i.e. 2550 vouchers divided by the sample of 25) voucher is selected
for the test required.
1. Ensure that all the particulars including the budget and account code
numbers to be used in identifying the expenditures for posting to the
appropriate accounts are properly filled out on the Payment Vouchers
selected;
2. Check that every payment effected is before hand verified by Budget section
to ensure compliance with budgetary rules;
3. Ensure that all payments are approved within the limits of authority vested
on each officer;
4. Ensure that cheques are completely filled out and signed by those in
authority; ensure also that cheque stubs are signed by the signatories with
the complete particulars being filled out thereon;
5. Ensure that invoice amounts are not split into smaller portions to
circumvent regulations on limits of signatory powers;
6. Check the recording to the Transactions Register and then the postings to
the ledger cards.
(a) Obtain the Trial Balance and the Expenditure schedules for the
period of audit and trace the figures to the General and Subsidiary
ledger cards to ensure agreement;
(b) Once the correctness of the total and its agreement with the Trial
Balance is checked, the auditor will secure the ledger cards and check
agreement of the above balances with the balances in the ledger
cards; if differences are noticed he should enquire before he proceeds
with his audit work;
(c) The next step is to scrutinize the expenditure report by just looking
at the report in order to identify any odd or unusual items before
applying audit procedures.
The auditor can then determine which of the items of expenditures need a
closer check. For instance, from the example Expenditure Report given below,
the auditor may ask questions as to why Postage, telephone, etc., Local and
Foreign per diem and traveling expenditures showed huge balances. He will
look into these expenditures to identify and justify the reasons through a
detailed review. (See the Example given below.)
(d) The next step is to select from among the subsidiary ledger accounts
from both capital and recurrent expenditure categories based on the
amounts involved. Usually at least the amount constituting 50% of
the total is presumed to represent the balance for testing. Where
sampling technique is used it may not be necessary to verify to such an
extent.
(e) For each account selected, the auditor will check the correctness of
the totals of the ledgers and scrutinize. The auditor can then check
abnormal transactions, transactions without reference to supporting
documents (Payment Vouchers, etc.) or other incomplete
transactions, which should be questioned. Adequate explanations
should be obtained for these.
(f) The total of the subsidiary ledgers balances should agree with the
total of the control account. The selection indicated above need also
be made from the subsidiary ledgers.
(g) In addition to the samples selected for testing, the auditor will also
select transactions with big Birr amounts for further detail checking.
As a rule of thumb, the auditor usually selects those big amounts
making up 50% of the total ledger balances. Where sampling
technique is used it may not be necessary to verify to such an extent.
(h) Each of the selected items will be checked against the supporting
documents.
The amounts checked shall be documented and the schedules filed in the
current audit file.
The internal auditor should note that the audit procedures given in the Manual
are not exhaustive but are meant to serve only as a guide. Therefore, the
internal auditor is advised to refer to other relevant directives and documents.
Among the directives that he should refer to is the detailed Procedural Manual
of the Treasury Department of the Ministry of Finance and Economic
Development (MoFED) and ensure compliance with such directives.
Example: Assume you are given the following Expenditure Report of a small
Public Body for the year ended Sene 30, 1996:
YTD
Expenditure
Account description Debit
The internal auditor should prepare or secure the necessary schedules, list out
the items selected and tested, the works done, including a summary of the audit
objectives, the findings and conclusions. He should file these schedules and
other relevant audit working papers under the relevant section of the Current
Working Papers file; the Lead Schedule, Summary of Findings, Supporting
Schedules and Queries/ Notes and the test of internal control should also be
filed under the appropriate sections.
Exercise 17-1
Self-Testing Questions (Class discussion)
1. How are expenditures defined and what are are the significances of
such definitions? Explain and justify.
2. What are the distinctions between expenditures and expenses?
3. Do purchases of fixed assets fall under expenditures or expenses?
4. What types of controls are required for ensuring compliance of the
Public Body‟s operations with policies, laws and regulations?
5. Distinguish among internal control systems and audit procedures in
relation to audit of expenditures.
6. Explain the difference between disbursements and expenditures.
Exercise 17-2
Problem
An extract of the major expenditures balances from the Budget Ledger Cards for
approved budget for 1996 EC and the General/ Subsidiary Ledger Cards of a
Public Body are presented as follows:
1 Annual Budget and Actual Recurrent Expenditure
Budget Actual
Birr Birr
Salaries and wages 78,700 87,600
Per diem and traveling, local 45,500 50,000
Per diem and traveling, foreign 75,500 75,500
Printing and stationery 45,388 38,000
Repair and maintenance of motor 25,000 15,000
vehicles
Repair and maintenance of Building 16,700 20,000
Fuel and lubricants 34,200 30,000
Postage, telephone, etc. 70,000 72,500
Miscellaneous expenses 44,400 53,490
Your audit of the major over expenditures and the unutilized balances in respect
of external travel and repair and maintenance of Building showed the following:
1. CPV No. 00056 dated Hamle 30, 1995 for Birr 15,500 representing
salary payment for Hamle was wrongly coded and recorded as
miscellaneous expenses. On the other hand, an amount of Birr 7,500 paid
by CPV No. 00020 dated Hamle 15, 1995 for Miscellaneous Expenses
previously taken as Per diem and traveling expenses, local was adjusted
by JV No. 006 dated Hamle 26, 1995 to Salaries and Wages rather than to
the appropriate account.
26/11/95 Per diem and Travel expense, local, of Ato Abebe JV # 05 3,050
Senbeto as per his travel expense settlement
report
Per diem and Travel expense of W/o. Yeshiwork
8/1/96 Akalu and other employees as per their travel JV # 15 4,450
expense settlement reports
Travel advance taken by Ato Solomon Taye for his
15/3/96 trip to various places in Oromiya Region JV # 24 5,500
Per diem and travel expenses of Dr. Assamnew
2/5/96 Gezahegn and his group members as per their travel JV # 35 7,450
expenses settlement reports
Foreign Per diem and Travel expense of Ato
14/9/96 Assegahegn Bonger and W/ro Hawi Mohammed ( on JV #123 10,200
a one week visit to India )
15/10/96 Foreign travel cost of W/o/ Yeshiwork Abebe to CPV # 0150 12,000
Malaysia for one week
Instruction: As the Head of the Internal Audit Section you are required to review the above
case, prepare the necessary Working Papers and report your findings to the Head
of the Public Body.
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Name of Public Body __________________
Audit Area __________________________
Budget Year ________________
General Procedures
1. Review previous year audit working
papers.
2. Review the updating of the permanent
file.
3. Fill in the internal control
questionnaire.
4. Draw or update flow chart or system
notes.
5. Evaluate the appropriateness and
effectiveness of the control system.
Specific Procedures
SESSION XVIII
TRANSFERS
Learning Objectives
The objective of this section is:
1. To provide the definition of transfers in the FGE accounting system;
Basic concepts
Transfers are movements of cash or non-cash transactions between MoFED and
Public Bodies. Cash sent to a Public Body to cover its salary expense is transfer
from MoFED. Likewise cash sent to MoFED by the Public Body is transfer to
MoFED. In the Public Body‟s account, transfer from MoFED is recorded as
credit. Transfer to MoFED is recorded as debit.
Transfer can be non-cash. When salary is transferred to a Public Body, only the
net amount that will be paid to employees is transferred. There is no need to
transfer the tax and pension contribution to the Public Body. However, the total
salary expense of the Public Body is the gross amount. To record this gross
amount in its accounts, the Public Body has to record the tax and pension
amount as non-cash transfer. For example, if the salary expense for the month
of Hidar 1997 in Ministry of Health is Birr 500,000 and the income tax is Birr
100,000, Ministry of Health will receive the net amount of Birr 400,000 from
MoFED. Hence the Birr 400,000 is cash transfer and Birr 100,000 is non-cash
transfer.
Transfers are temporary accounts as they are closed at the end of the year. This
is because the same transfer is recorded by both MoFED and the Public Body
but on opposite sides of the account. When MoFED transfers a certain amount,
it treats it as receivable from the Public Body. The Public Body records the same
amount as payable to MoFED. At the end of the budget year, when the MoFED
closes its accounts, the two cancel each other and the balance becomes zero.
Procedures
The audit objective of checking transfers is to ascertain that the balances have
arisen from cash and non-cash transfers from MoFED, to MoFED or from or to
another Public Body.
When auditing transfers, the auditor has to follow the following procedures:
1. Obtain copy of the monthly Trial Balance that was sent to MoFED;
YTD receivables
Account code Debit Credit
4001 Recurrent salary & allowance 100,000
4002 Recurrent operating expense 300,000
4003 Capital salary & allowance 150,000
4051 Recurrent salary & allowance: non-cash 20,000
4052 Recurrent operating expenditure: non-cash 90,000
4053 Capital salary & allowance: non-cash 30,000
4001 4002
Date Debit Credit Date Debit Credit
Salary for Tikimt 1997 25/2/97 80,000
Operating expense 2/2/97 150,000
Operating expense 17/2/97 150,000
Total 80,000 300,000
Net activity 80,000 300,000
BOM Balance 20,000 _____-
EOM Balance 100,000 300,000
4. Once the correctness of the total and the agreement of Part two with
Part one of the report and, similarly, agreement of Part one with the
balance in the Trial Balance is checked, the auditor will ask for the
ledger of each of the accounts and check agreement of the ledger
balance with the Transfer Reports and ask into any variations
between the two. The figures in the report are extracted from the
ledgers.
5. The next step is to scrutinize both Part one and Part two of the
Transfer reports. Scrutinizing means just looking at the report
without applying any additional audit procedure.
The auditor can see which items need closer check. For example, it is
obvious that salary is to be transferred from MoFED. The Public Body has to
see it as payable. In Part two of the report, what is expected is a credit
balance. Any debit balance needs, therefore, closer check.
6. The next step is to select some of the items from the Transfer
Reports. Selection should be from both cash and non-cash transfers
categories. Some of the transfer accounts are easy to check. For
example, transfer for salary should be easy to check. The auditor
knows what the monthly salary of the Public Body amounts to. If
the balance shown in the Transfer Report agrees to what he knows,
then there is no need to make detail check. The auditor can then
select other major balances or balances on which the auditor has
question, which he needs to make further tests to form his opinion
about the accuracy of the reported balance. It is recommended that
the auditor has to check at least 50% of the balances.
7. For each account selected, the auditor will take out the ledger, check
the total and scrutinize it. By scrutinizing, the auditor can check
abnormal transactions, transactions without reference to supporting
documents (payment vouchers, etc.) or other incomplete
transactions, which should be questioned. In addition, the detail in
the ledger selected should be the same as the detail in the Transfer
Report Part Two. The auditor needs to obtain adequate explanations
for the questions he raises.
8. From the ledger card, the auditor will select transactions with big
Birr amounts and transactions, which the auditor needs to check in
detail. As a rule of thumb, the auditor can select those big amounts
making up 50% of the total ledger balance.
10. The amounts checked need to be recorded in the current audit file.
For example if there is a transfer of Birr 80,000, as indicated above,
to cover salary of Tikimt 1997 and if MoFED has withheld Birr
10,000 income tax on the salary, the auditor can prepare his working
paper as follows:
D1
MoFED Initial Date
Transfer Prepared by KK 18/03/05
D2
MoFED Initial Date
Transfer Prepared by KK 18/03/05
When checking transfers, the auditor should bear in mind that the amount
recorded, as transfer in the Public Body‟s account should have the same but
opposite balances with the balance recorded by MoFED as transfer to that
Public Body. The auditor may ask the MoFED to tell him the balance of the
transfer. If the two are not the same, then the auditor needs to investigate the
difference.
Summary
Transfers are of two categories. The types of transfer are many. The audit
procedures for the transfers are the same. The tests the auditor is making and
the type of documents the auditor is referring to could be different according to
the nature of the transfer. The auditor will describe the documents checked and
might also question the adequacy of those documents as supporting documents
for transfers. The auditor should also apply his knowledge and earlier
experience when checking transfer balances.
2. Describe the audit procedures that you will follow to check the accuracy of
such transfers.
1. The MoFED internal auditor is checking the transfer account balance on the
consolidated report at the end of Hidar 1997. He found a debit balance of Birr
150,000 on this consolidated account.
a. Do you think the auditor can say the balance is correct or not before
he makes any checking?
b. What do you think would be the appropriate steps to check where the
errors occur?
SESSION XIX
RECEIVABLES
Learning Objective
Basic concepts
According to the FGE accounting system, receivable is defined as any amount
expected to be collected by MoFED or a Public Body from another Public Body,
non-governmental organizations or individuals. Included in this category is
cash shortage to be collected from cashiers; advances to contractors, consultants
and suppliers; and advance made to Public Bodies by MoFED.
Procedures
The audit objective of checking receivables is to ascertain that the balances have
arisen from genuine transactions.
When auditing receivables, the auditor has to follow the following procedures:
1. Obtain copy of the monthly Trial Balance that was sent to MoFED;
3. Check the correctness of the total of the Receivables Report and agreement
of the total with the figure shown in the Trial Balance;
YTD receivables
Account code Debit Credit
4201 Suspense 10,000
4202 Cash shortage 50
4252 Advance to consultants 15,000
4253 Advance to suppliers 200,000
4273 Individuals & private organizations 30,000
4274 Others 150 _____
4. Once the correctness of the total and its agreement with the balance in the
Trial Balance is checked, the auditor will ask for the ledger of each of the
accounts and check agreement of the ledger balance with the receivable
report and ask into any variations between the two. The figures in the report
are extracted from the ledgers.
5. The next step is to scrutinize the receivables report. Scrutinizing means just
looking at the report without applying any additional audit procedure.
The auditor can see which items need closer check. For example, in the above report
the auditor can raise a question as to why Advance to consultants has a credit balance.
Normally receivables have debit balances. Credit balance means that there is some
error that needs additional checking.
Items like cash shortage are not normal transactions. Hence regardless of the amount,
such items need to be checked. Cash shortage could have arisen because of failure of
internal control. The auditor has to study the reason and give appropriate
recommendations to the management.
6. The auditor can look into subsequent period records such as the
Transactions Register to find out if the receivable balance is already
collected subsequently. If collection is made subsequent to the period under
audit, the auditor can be sure that the reported balance is genuine.
7. The next step is to select some of the items, in addition to those unique
items explained above, based on the amount involved. Usually at least the
amount constituting 50% of the total balance is checked. In the above case,
the net balance is Birr 225,200. If the auditor checks about Birr 125,000 or
more, he can form an opinion about the fairness of the total amount. In the
receivable report above, advance to contractors is the biggest balance that
should be selected. Other accounts as mentioned in previous steps need also
be selected for the reason discussed in the previous step.
8. For each account selected, the auditor will take out the ledger, check the
total and scrutinize it. By scrutinizing, the auditor can check abnormal
transactions, transactions without reference to supporting documents
(payment vouchers, etc.) or other incomplete transactions, which should be
questioned. Adequate explanations should be obtained to the questions
raised.
9. From the ledger card, the auditor will select transactions with big Birr
amounts and transactions, which the auditor needs to check in detail. As a
rule of thumb, the auditor can select those big amounts making up 50% of
the total ledger balance.
10. Most of the accounts indicated in the Receivables Report are control
accounts. There could be subsidiary ledgers. For example, if the advance to
contractors account is the sum of advances to more than one contractor,
each contractor will have his own subsidiary ledger. The total of the
subsidiary ledgers balances should agree with the total of the control
account. The selection indicated in step 9 need also be made from the
subsidiary ledgers.
11. Each of the selected items will be checked with the supporting documents
bearing in mind that documents generated externally are more reliable than
documents generated internally. In the case of the advance to supplier, for
example, the auditor need to obtain the contract signed with the supplier to
see if the authorized officer has signed it. The auditor has to check the
selection procedure by looking into the bid file. This has to be checked
against the procurement procedures. The mode of payment need also be
checked with the provisions of the contract. The tests the auditor can make
are numerous that it is not possible to list all of them. The auditor, in some
cases, may even approach the supplier to obtain direct confirmation of
balances, checking of genuineness of addresses, etc. The auditor need to use
his experience to raise as many questions as possible to cover all the tests
needed.
12. The amounts checked need to be recorded in the current audit file. For
example, if the advance to contractors ledger mentioned above has one
transaction, the auditor might prepare his working paper as follows:
E1
MoFED Initial Date
Advance to contractors Prepared by KK 02/03/05
Summary
The important controls that the auditor should look into when checking
receivables include maintenance of control ledgers independent of subsidiary
ledgers and reconciliation of subsidiary ledger balances with control ledger
balances regularly. Receivable balances that remain for more than a reasonable
period should be questioned.
1. In your respective office, what kinds of receivables are there? What are the
documents supporting them?
2. Are there receivable balances in the offices that are using single entry
accounting?
Exercises 19-2
Problem
1. Assume that you are auditing the accounts of Ministry of Education for the
month of Tikimt 1997. You found one of the significant receivable balances
to check is advance to consultant. You noted that the Ministry has signed a
contract with PP Consultants for the development of a certain curriculum.
The contract was signed in 1996 budget year. The contract amount was for
Birr One million. An advance of 25% was paid in 1996. The second payment
of 50% was paid in Tikimt 1997. No other payment was made.
SESSION XX
PAYABLES
Learning Objectives
The objective of this section is:
1. To provide the definition of payables in the FGE accounting system;
Basic concepts
Payables are financial obligations to be paid in the future date in connection
with services or goods or money received now. Payables can be categorized into
two. Short tem payables are those that will be paid in the next twelve months.
Long-term payables are those that will be paid after a year.
In the FGE accounting system, payables are classified into two. The short-terms
are those that will be paid in the next budget year. This includes payables
arising from receipt of goods and services; payables among Public Bodies, to or
by Regions and to employees; short-term domestic loan taken by the
Government; deposits received that will be paid when certain conditions are
fulfilled (like court deposit); and retentions from payments to contractors. Long-
term payables are those that will not be paid in the next budget year. Foreign
loan is one of the significant long-term payables.
Procedures
The audit objective of checking payable is to ascertain that all payables are
properly and fully accounted for and that the recorded liabilities are valid.
When auditing payables, the auditor has to follow the following procedures:
1. Obtain copy of the monthly Trial Balance that was sent to MoFED;
3. Check the correctness of the total of the Payables Report and agreement
of the total with the figure shown in the Trial Balance;
YTD receivables
Account code Debit Credit
4. Once the correctness of the total and its agreement with the balance in
the Trial Balance is checked, the auditor will ask for the ledger of each of
the accounts and check agreement of the ledger balance with the
Payables Reports and ask into any variations between the two. The
figures in the report are extracted from the ledgers.
The auditor can see which items need closer check. For example, in the
above report the auditor can raise a question as to why sundry creditors
account has a debit balance. Normally payable accounts have credit
balances. Debit balance means that there is some error than need
additional checking.
6. The next step is to select some of the items in each category based on the
amount involved. Usually at least the amount constituting 50% of the
total balance is checked. In the above case, the net balance is Birr
217,500. If the auditor checks about Birr 117,000 or more but from each
category of payables, he can form an opinion about the fairness of the
total amount. The categories, as can be seen from FGE Chart of
Accounts, are payables (Account No. 5000-5019), payables among Public
Bodies (Account No. 5020-5039), Government payables (Account No.
5040-5049), deposits (Account No. 5050-5059) and retention (Account
No. 5060-5069).
7. For each account selected, the auditor will take out the ledger, check the
total and scrutinize it. By scrutinizing, the auditor can check abnormal
transactions, transactions without reference to supporting documents
(payment vouchers, etc.) or other incomplete transactions, which should
be questioned. Adequate explanations should be obtained to the
questions raised.
9. From the ledger card, the auditor will select transactions with big Birr
amounts and transactions, which the auditor needs to check in detail. As
a rule of thumb, the auditor can select those big amounts making up 50%
of the total ledger balance.
10. Each of the selected items will be checked with the supporting
documents. Let us look at the nature of payables in each category and the
supporting documents that will be checked:
10.2.2. Due to MoFED for SSDP, for staff, for recurrent and
capital expenditures from next year‟s budget – include
amounts collected from MoFED on account of the
following year‟s budget to cover salary and allowances,
recurrent and capital expenditures. This is equivalent
to transfers and hence supporting documents that are
seen when transfers are checked will be seen.
10.3. DEPOSITS
11. The amounts checked need to be recorded in the current audit file. For
example, if the auditor selects retention on contract account, the
working paper looks like the following:
F1
MOE Initial Date
Retention on contract Prepared by KK 02/03/05
Summary
The important controls that the auditor should look into when checking
payables include maintenance of control ledgers independent of subsidiary
ledgers and reconciliation of subsidiary ledger balances with control ledger
balances regularly.
The basic audit procedures to be applied in checking payable balances are those
explained above. As long as the auditor follows that direction, the documents to
be verified will differ from account to account and from Public Body to Public
Body. For example, the value of construction contract above for which open bid
is necessary might differ according to the requirements in the procurement
manuals of the Public Bodies.
1. How does an internal auditor of a Public Body using the cash basis of
accounting audit payables?
2. Describe the supporting documents that you would check when auditing Grace
Period Payables,
3. Describe the supporting documents that you would check when auditing
Customs deposits,
Problem
1. Assume that you are auditing the accounts of the Ministry of Health for the first
three months of 1997 budget year. The Trial Balance produced for the month of
Meskerem 1997 shows a payable balance of Birr 1,000,000. You asked for the
payable report and you learnt that the major balance was Birr 700,000 retention on
contract. You decided to examine this account. You asked for the subsidiary ledgers
and one of the ledgers was in the name of Sunshine Construction. The balance is
Birr 500,000. Of this balance, Birr 200,000 was balance brought forward from the
pervious budget period. There was one payment made in Nehasse 1996 through
Payment Certificate No 2. Retention is 10% of the payment. The contract amount is
Birr 5 million. The contractor has given 6% rebate.
Required: -
a) Describe the audit procedures you will be following for this particular test.
SESSION XXI
LETTERS OF CREDIT
Learning Objectives
The objective of this section is:
1. To provide the definition of Letters of Credit in the FGE Accounting
System;
Basic concepts
Procedures
According to the Letter of Credit procedures of the Treasury Department of
MoFED, Public Bodies have to make a request for the opening of Letter of
Credit. The amount in the request for Letter of Credit has to be in agreement
with the amount in the Proforma Invoice of the suppler, the minutes of the bid
committee and Bank permit. Availability of budget is checked. The Letter of
Credit is approved by the responsible officials and finally transferred to the
Bank for payment.
1. Obtain copy of the monthly Trial Balance that was sent to MoFED;
Summary
The auditor should note that Letters of Credit is directly related with purchases.
He should plan to avoid duplication of work. If transactions are tested under
procurement test, then the auditor should only check the correctness of the
ledger and posting of transactions from the Transactions Register to ledger and
then to Trial Balance.
Learning Objectives
The objective of this section is:
1. To provide the definition of Net Asset/ Equity in the FGE Accounting
System;
2. To briefly show how the Net Asset/ Equity balance is arrived at;
Basic concepts
Net Asset/ Equity is the difference between total assets less payables and Letters
of Credit. This account does not usually arise from cash payment or cash receipt
transactions. It does not arise as a result of non-cash transfers either. It is used to
keep the difference between the revenue received in a period and the total
expenditures incurred in that period. A Public Body might not spend all the
money it has collected in a certain period. When transferring the balance of
revenue and expenditure to the Trial Balance, the two will not be equal. But
under the Modified Cash Basis of Accounting, the debit and credit sides of the
Trial Balance should be equal. To create that equality, the difference should be
reflected as Net Asset/ Equity.
Procedures
Unlike other accounts, there is no need to develop detailed audit procedures for
the audit of Net Asset/ Equity because, the balance is checked when checking
the other accounts that give rise to that balance.
SESSION XXII
CASH ON HAND AND CASH AT BANK
Learning Objectives:
When we have completed our study of this Section, we should be able to
understand about the following:
Basic Concepts
The definition of Cash given in the Internal Audit Manual is as follows:
A phrase „Cash and cash equivalents‟ is also used in the FGE Accounting Systems
Manual when talking about cash. And these include:
We can divide the audit procedures for Cash and Bank into the Validation Audit
Procedures and Test of Control Procedures.
The Validation Audit Procedures may only be concerned with the verification
that:
The Test of Control, on the other hand, concerns taking samples of transactions
and testing the effectiveness of the existent system of control to prevent
misappropriation, overspending of Budget appropriation, unwise or
inappropriate spending, and ensuring that laid down controls, methods and
procedures are working. Accordingly, samples of vouchers (transactions) are
taken from among the population of vouchers for testing purposes.
The audit procedures to be followed in order to test control over cash on hand
are as follows:
Generally, the control objectives for cash include that the collection of all cash
are made only against official receipts vouchers and payments are made only for
the Public Body‟s objectives against authorization and proper documentation;
and that the transactions are recorded into the books of accounts promptly and
accurately.
The audit of cash on hand with petty cash included commences with the
evaluation of the internal control system using Internal Control Questionnaires
(ICQs) or Internal Control Evaluation Questionnaires (ICEQs). (See Annex XIX
and XXVIII of the Internal Audit Manual.)
Under the validation procedures, the internal auditor may conduct surprise cash
count to ensure existence of the cash and to a limited extent verify whether or
not the internal control system laid down by management is functioning
properly; by doing so he checks that:
1 All paid but not yet replenished petty cash vouchers are consistently
approved by a responsible person and supported by sufficient
pertinent documents. If there are vouchers that are not approved,
they should be listed down with the necessary detail on a schedule.
The other audit procedures that the internal auditor should follow under the Test
of Control include the following:
1.1 The cashier‟s honesty and the degree of risk involved is assessed;
1.4 The cashiers possess the education and training relevant to their
functions;
1.6 All cashiers are provided with secure places and cash safe boxes for
the cash they handle;
1.7 Strict control is exercised over used and unused receipt vouchers in
the custody of the cashiers (and also in the hands of those who keep
the vouchers);
1.9 Cash collectors have handed over all their cash collections to the
main cashier intact and on time; and that the amounts are
reconciled against the summaries of the collection documents/ cash
receipt vouchers;
1.10 Cash and cheque collection summaries are prepared; and test
checked against the cash receipts vouchers;
(i) Check agreement of each cash balance in the Trial Balance with each
of the General and Subsidiary Ledger Accounts;
(j) Ascertain that the cash balances are also in agreement with the cash
books;
(k) Ascertain the cash centers and the cashiers handling the cash;
(l) Ascertain that the petty cash funds are kept on the imprest system;
this could be achieved by selecting some replenishments that were
made during the period/ year under review and checking that the
replenishments were made only when the cash balances became low
and as provided in the directives/ guidelines;
(m) Ascertain that the cash on hand balances which include cash
collections and petty cash funds are confirmed by actual physical
count;
(n) Make counts of all the cash in the hands of the cashiers and
reconcile against the cash books and the ledger account balances
which must be written up-to-date; watch out for items such as
bounced cheques during the cash count; (see Procedures 6.28 under
Section II, Cash and Bank Balances in the Internal Audit Manual);
(o) When cash funds are to be counted ensure that simultaneous control
is exercised over all cash and other items of a cash nature in order to
prevent transfers from one fund to another to cover up shortages;
after the contents of each cash box, safe, etc. have been counted, each
item may be released to the cashier. Cash should preferably be
counted after the close of business hours in order to expedite the
audit operations;
(q) Seal the cash safe and break the seal as required;
(r) List out the documents for un-deposited cash and cash items and
reconcile with the funds counted to ensure agreement; trace these
funds to the bank statements to determine that the monies are
deposited intact subsequently;
(The Cash Count Form, Annex XVII – 1 in the Internal Audit Manual or similar
forms could be used for the purpose of cash count. The Suspense Payment
Vouchers held as part of cash on hand should also be listed out under the
Suspense Account – Count Sheet, Annex XVII – 2. Cut-off documents – dates,
numbers, particulars, and amounts on the last Cash Receipts Vouchers, Payment
Vouchers, Cheques, and all cash related documents with pre-numbers should be
listed out and signed for.)
(s) Check arithmetical accuracy of the accounting records;
(t) Follow the procedures in the Internal Audit Manual in respect of the
verification of petty cash balance and suspense payment vouchers;
(see Procedures 6.3 and 6.4 under Section II, Cash and Bank Balances
in the Internal Audit Manual);
The validation and test of control procedures for Bank are in general similar.
Validation concerns verifying existence and correctness of the Bank balance and
ownership thereof. As explained earlier, we take the balance at face value
without any measurement consideration – for instance, decline in purchasing
power. The test of control is the testing of the effectiveness of the system of
control through selection of a sample of transactions and documents from
among a population of vouchers.
Last but not least, the internal auditor should prepare or secure the necessary
schedules, list out the items selected and tested, the works done, including a
summary of the audit objectives, the findings and conclusions. He should file
these schedules and papers under the relevant section of the Current Working
Papers file. The Lead Schedule, Summary of Findings, Supporting Schedules and
Queries/ Notes and the test of internal control should also be filed accordingly.
An Audit Program (Annex XV to the Internal Audit Manual) and the detailed
procedures for the audit of cash and bank transactions are also given in the
Internal Audit Manual. It is also important for the internal auditor to refer to
other relevant directives and documents such as the detailed Procedural Manual
of the Treasury Department of the Ministry of Finance and Economic
Development (MoFED) issued in Megabit 1993.
Example: Assume that you have audited the Cash and Bank balances of the
Ministry of Education as of Tikimt 30, 1997 which are in agreement with the
Trial Balance submitted to MoFED, the ledger accounts and the cash books and
also with the physical counts and Bank Reconciliation Statements. The
schedules for these items under reference letter I (with sub-schedules – some
sub-schedules are not given) may look like the following (the figures given and
the names of persons are hypothetical.):
Sch. Ref. I
Initial Date
Prepared by AT 05/03/97
Reviewed by TH 15/03/97
Name of Public Body:___Ministry of Education_______
Audit Area: Cash on Hand and at Bank_______
Period/ Budget Year:__as on Tikimt 30, 1997
Cash at Bank:
- With National Bank of Ethiopia I9 BR 1,000,000 00
Total of Cash on Hand and at Bank 1,150,000 00
C
Work done:
TC = Test Counted, Main Cash, See Sch. I 4. ; Agreed with
General and Subsidiary Ledger s.
BR = Checked Bank Reconciliation Statement.
C = Checked casts (addition).
Findings:
1. A transfer of Birr 500,000 on Tikimt 30, 1997 from the
Central Treasury was not recorded since the advice did not
arrive on time. We have checked that the amount is
subsequently documented and recorded.
Conclusions:
In my opinion, based on the tests conducted, the above
balances are fairly stated.
Sch. Ref. I1
Initial Date
Prepared by AT 05/03/97
Reviewed by TH 15/03/97
Name of Public Body:__Ministry _of Education______
Audit Area: :___Cash on Hand_- main cash______
Period/ Budget Year:__as on Tikimt 30, 1997
Main cash:
Cashier 1 – Ato Bekele Kebede I 2 OC 10,000 00
Cashier 2 – Ato Getachew Abay I 3 OC 15,000 00
Cashier 3 – Ato Belaineh Abebe I 4 C 75,000 00
100,000 00
C
To Sch. I
Work done:
C = Cash counted and agreed with the General and
Subsidiary Ledgers, and Cash Book;
OC = Obtained Cash Certificates for cash that was not
counted.
C = Checked casts (addition).
Conclusions:
In my opinion, based on the tests conducted, the above
balances are fairly stated.
Initials Date
Prepared by AT 05/03/97
Reviewed by TH 15/03/97
Name of Public Body MOFED
1. LOCAL CURRENCY
1.2 Cheques
Cheque No. Date of Issuance Payee Amount
AEB 150256 25.02.97 ACB Trading Co., Deposit 25,000 00
-
Total of cheques 25,000 00
2. FOREIGN CURRENCY
Denomination Quantity Amount
SUMMARY OF COUNTS
BIRR
Local Currency (Notes and Coins) 45,000.00
CHEQUES 25,000.00
Other documents with money value 5,000.00
From I 4 75,000.00
To Sch. I 1
Sch. Ref. I5
Initial Date
Prepared by AT 05/03/97
Reviewed by TH 15/03/97
Name of Public Body:__Ministry _of Education______
Audit Area: :___Cash on Hand_- petty cash______
Period/ Budget Year:__as on Tikimt 30, 1997
Main cash:
Cashier 1 – Ato Hunegnaw Bikila I6 OC 10,000 00
Cashier 2 – Ato Belay Abay I7 OC 10,000 00
Cashier 3 – Ato Abebe Belaineh and others I8 OC 30,000 00
50,000 00
C
To Sch. I
Work done:
C = Agreed with the General and
Subsidiary Ledgers, and Cash Book;
OC = Obtained Cash Certificates for cash that was not
counted.
C = Checked casts (addition).
Conclusions:
In my opinion, based on the tests conducted, the above
balances are fairly stated.
Sch. Ref. I 9
Initial Date
Prepared by AT 05/03/97
Reviewed by TH 15/03/97
Name of Public Body:___MoFED_______
Audit Area: :___Cash at Bank_______
Period/ Budget Year:__as on Tikimt 30, 1997
To Sch. I
Work done:
BR = Checked Bank Reconciliation Statement.
Findings:
1. A transfer of Birr 500,000 on Tikimt 30, 1997 from
the Central Treasury was not recorded since the
advice did not arrive on time. We have checked
that the amount is subsequently documented and
recorded.
2. Balance per Ledger Birr 1,000,000
Add: Transfer, Not
Recorded in Ledger 500,000
Adjusted Balance 1,500,000 (see Sch.I 8.)
Conclusions:
Except for the above point, in may opinion, the Bank
Balance is fairly stated.
Sch. Ref. I 10
Initial Date
Prepared by AT 05/03/97
Reviewed by TH 15/03/97
Name of Public Body:___MoFED_______
Audit Area: :___Cash at Bank_______
Period/ Budget Year:__as on Tikimt 30, 1997
Birr Birr
Balance per Bank Statement, Tikimt 30, 1,450,100
Add: Deposits in transit:
Date Ck. No.
25/02/97 110,000
27/02/97 55,000
25,000
1,615,100
Deduct: Outstanding checks:
15/01/97 AZA 600606 15,000
12/02/97 AZE 101025 11,500
20/02/97 AZE 101215 12,500
22/02/97 AZE 101227 59,600
22/02/97 AZE 101240 6,500
22/02/97 AZE 101245 10,000
115,100
Adjusted Bank Balance, Tikimt 30, 1,500,000
To I 1
Exercise 22-1
Self-Testing Questions (Class discussion)
1. What is Cash made up of?
2. Distinguish between the functions of the Accountant and the Cashier of
a Public Body.
3. What is an ICQ and how does it differ from an Audit Program or
Procedures?
4. What are the objectives of cash audit?
5. What do you understand by the imprest system of petty cash? Do you
know of any other petty cash system?
6. What do understand by the “eye of the needle” when we talk about cash?
7. What is the significance of Bank Reconciliation Statement?
Time allowed: 15minutes
Exercise 22-2
Ato Dibiku is the Accountant of a Public Body. He held this position for the last 10 years.
He keeps the cheque books and prepares the cheques and is the co- signatory of the Bank
account. The check signing letter gave him the authority to sign checks for amounts up to
Birr 5,000 and required the signature of the Head of the Public Body for amounts above in
excess. Ato Dibiku decided to do without the Head of the Public Body by splitting payment
requests so that they all fell within his signing authority. The reason he gave was that most of
the time the Head was away attending urgent meetings and therefore, those who request for
payments should be served soon and doing so will improve the image of the Public Body as
this expedites the work. He felt also that this is what is required of public servants in
accordance with the civil service reform program. He also said that cheque handling should be
the sole territory of accountants even though the directives say otherwise since such works are
sensitive and even confidential business. The Head of the Public Body was a bit confused but
accepted the idea for the time being.
Ato Dibiku continued writing and issuing the checks and preparing the bank reconciliation
statement himself. Although the Public Body has a permanently employed cashier, he
sometimes collects money against cash receipts voucher he kept and deposits such collection
himself. He said he did this to compensate for the cashier‟s down time. The cashier he said is a
good person and deserves his support. He sometimes does not write out the cash receipts
because some of the people do not ask for receipts. But he later on copies from the notes of
such cash collection he kept with him. He gives the amount he collected along with the cash
receipts voucher for recording and for deposit of the money into the Bank.
He closes the accounts of the Public Body every month. He works late at night to complete
the job. He is proud of his energy and hard work and believes that he excels all his peer
groups, if not, accountants of his generation in such matters.
The Head of the Public Body was not comfortable with the way the financial activities are
conducted and calls upon you, the internal auditor to review the financial system and provide
him with a recommendation.
Instructions:
1. Which internal control procedures of the Internal Audit Manual would you employ
to evaluate the internal control system?
2. Identify key internal control weaknesses, if any, pertaining to the financial activities
of Public Body.
3. Prepare and present a short report to the Head of the Public Body showing your
findings and recommendations.
Exercise 22-3
The Accountant of Ministry of Education received the Bank Statement from the National
Bank of Ethiopia for the month of Yekatit 1997 E.C. and reconciled the balance with that
shown in the General Ledger as on Yekatit 30. The Bank Account No. is Gov. X 201420.
1. There was a budget transfer of Birr 500,000 for the month from the Ministry of
Finance and Economic Development (MoFED) per the request of the Public
Body. The amount is shown as receipt in transit on the reconciliation statement
because the Accountant failed to collect the Bank Advice.
2. There was a deposit into the Bank of Birr 15,000 on Tahsas 1, 1997 which is
outstanding since three months. It happened that this represented a duplicate
deposit slip.
3. There was also a collection of cash of Birr 15,000. The Cashier prepared a
deposit slip on Yekatit 27, but did not deposit it until after Yeaktit 30, 1997. The
amount is shown as reconciling item in the Bank Reconciliation Statement.
4. A check for Birr 10,000 (Check No. AF 500606) issued on Tahsas 15, 1997 was
replaced in Tir 1997. The latter check was cleared, but the first check is still
shown as reconciling item in the Bank Reconciliation Statement.
6. In addition, the balances per Bank Statement and the General Ledger as on
Yekatit 30, 1997 are the following:
Ministry of Education
National Bank of Ethiopia
A/C. No. Gov. X 201420.
Bank Reconciliation Statement for the Month of Yekatit 1997
Birr Birr
Balance per Bank Statement, Yekatit 30, 566,100
Add: Deposits in transit:
Date Ck. No.
01/04/97 15,000
27/06/97 15,000
30,000
596,100
Deduct: Outstanding checks:
15/04/97 AF 500606 10,000
25/05/97 AZ 100205 1,500
20/06/97 AZ 100215 12,500
22/06/97 AZ 100225 9,600
22/06/97 AZ 100235 2,500
22/06/97 AZ 100240 10,000
46,100
Adjusted Bank Balance, Yekatit 30, 550,000
SESSION XX
RECEIPTS
Learning Objective
At the end of this section, we shall be able:
1. To understand the purpose of the records available in the FGE
Accounting system;
2. To understand the method of sample selection for depth test;
3. To understand the general procedures for the Internal Control Test over
cash receipts.
Basic concepts
It is already discussed that the official Receipt Voucher of MoFED should be
used for the collection of every sum on behalf of the Federal Government. The
cash collection made in this way shall be recorded in the Receipts Cash Book
provided in the FGE Accounting system. This cashbook is different from a petty
cash book. The book is used to record all receipts other than from the
accountant of the Public Body for petty cash replenishment purpose. At the end
of each day, the cashier shall deposit the money collected during the day. The
deposit shall be recorded on the book so that the net total shall become zero.
The copies of the receipts and the deposit slip are presented to the accountant.
The accountant shall post the cash receipts and the deposit slip to the
Transaction Register.
Internal control over cash receipt is given in section III of the Audit Manual.
However, as cash is a very sensitive item, the following additional items need to
be considered:
Procedures
The audit objectives of test of internal control over cash are:
1 All cash collected is fully and accurately accounted for;
The procedures that will be applied in the test of control over cash receipts are:
1. The auditor should determine the population (the number of vouchers
used during the period to be audited). The auditor should check that the
first voucher used is next to the voucher used in the previous period and
the Pads used during the audit period are in strict numerical sequence. He
should then take the last number of the Receipt Voucher for the period he
wanted to audit.
3. Using the vouchers selected, the auditor checks the accuracy of the
collected amount with the source and other documents such as
Proclamations, Regulations, Directives, Approved Budget of the year,
Agreement signed with donors, etc.
4. Check that all cash receipts are recorded in the Receipts Cash Book and
that the collections are deposited to the Bank intact and promptly.
7. Document all the work done on a working paper. The working paper
should cover the following:
Take for example, the above-discussed case of the Ministry of Information. The
working paper would look like the following:
Ministry of Information
Internal Control Test on Receipts
For the three months from Tikimt to Tahassas 1997
As per my discussion with the Internal Audit Head W/o XXX, we have agreed to test 10% of the Receipt
Vouchers. We selected 10% because we have tested the control in the near past. The control was satisfactory at
that time.
Work done
Checked that the cashier and the recipient sign each voucher,
Checked the source of income and that income is appropriately calculated and received as per
proclamation No XXX,
Checked that all the second copies are handed over to the accounts in time,
Checked that collections are not used to pay advances or other payments and that they are deposited to
Bank intact and in the morning of the next working day,
Checked that receipt vouchers are cross reference with deposit slips.
Checked posting of receipts to Transactions Register and then to ledgers.
Findings
1. Finding: The amount of cash collection per day on average is Birr 150,000. Deposit is usually made on
the next working day. However, the cashier room was not reinforced by Iron grill.
Implication: The room can be easily broken and burglars can easily reach the cash.
Management Response: They have a plan to reinforce it. They are awaiting approval of budget.
Conclusion
Except for the finding mentioned above, the internal control over receipts is adequate.
Sequence test
This test is useful to check the serial usage of documents like Receipt Voucher,
Receipt of Articles or Property Received and Receipt of Articles or Property
Issued. If the vouchers are not used in strict numerical sequence, the auditor
should get satisfactory explanation for that.
Sequence test can be done using a “sequence test sheet”. This sheet can be easily
produced on Microsoft Excel. The format for the sequence sheet is as shown on
the next page. The numbers can be extended as needed.
What the auditor should do is mark the first voucher number on the sequence
sheet together with the date of the receipt. Then he cancels each correctly used
voucher using diagonal line. If a voucher is “VOID”, the auditor will put a mark
like “V” in front of the voucher number. After the checking is completed, the
auditor summarizes those vouchers which were not cancelled or not “VOID”.
He should get adequate explanation as to why Receipts Pads were not used in
their numerical sequence. He should also ask why some vouchers are not used
or “VOID” is not written on the face of void vouchers.
1 21 41 61 N81 101
2 22 42 62 N82 102
3 23 43 63 N83 103
4 24 44 64 84 104
5 25 45 65 85 123505
30/2/97
56 26 46 V66 86 106
7 27 47 67 87 107
8 28 48 68 88 108
9 29 49 69 89 109
10 30 50 70 90 110
11 31 51 71 91 111
12 32 52 72 92 112
13 33 53 73 93 113
14 34 54 74 94 114
15 35 55 75 95 115
1/2/97
16 36 123456 76 96 116
17 37 57 V77 97 117
18 38 58 V78 98 118
19 39 59 N79 99 119
20 40 60 N80 100 120
Work done:
/ = Numerical sequence checked.
V = Void receipts - the original is attached with the carbon copies and “VOID” is
written on the face of the vouchers.
N=Vouchers not used in Tikimt 1997.
As some of the vouchers were not used in their numerical sequence the auditor
has to write his finding as follows:
2. Finding: Receipts vouchers numbers 123479 to 123483 were not used in Tikimt 1997 in
which month receipts before that and receipts after that were used.
Management Response: The cashier erroneously did not use those receipt vouchers.
Recommendation: The cashier should be told to use the vouchers in strict sequential
order. The accountant has also a responsibility to check proper usage of receipts.
Sampling
State Audit Population Sample
Performed Size Size Budget Year _______________
2 Posting
1. Check posting of the collection transactions
to the Transactions Register.
2. Check additions of the Transactions
Register.
3. Check posting to the appropriate ledger
account.
3 Controls
1. Check that Cash Receipts are kept properly
by the responsible section.
2. Check number of Cash Receipts pads
printed (received) during the year with the
printer‟s receipts (transmittal letter/ Receipt
of Articles or Property Issued) and check
recording to the register of Receipts.
3. Scrutinize the register of Receipts to check
that new pads are issued in strict numerical
sequence.
4. Physically check unused Receipts pads on
hand and agree with register.
Summary
Cash collection is one of the sensitive areas of audit. The auditor should not
believe that merely counting cash and reconciling it with the cashiers‟ records
or the total of the receipts is adequate. Yes, the counted cash could agree with
the total of the receipts or the total of the register/book. The question that
remains is, was the income collected appropriately in accordance with the rates
provided in the Proclamations, regulations, guidelines, etc? Was the income
fully accounted for?
Systematic auditing following the procedures outlined in this section could help
answering most of the questions. In using the procedures to a particular
circumstance and in adding new necessary procedures, the auditor should use
his experience and knowledge of the activity to be audited.
---------------------------------------Ministry of Finance & Economic Development 293
Internal Audit Training Manual-----------------------------------------------------------------
1. You are the auditor of Ministry of Transport & Communication. You heard that
the cashier is lending money to outsiders at exorbitant rate. What would you do
to deal with it?
2. You are the auditor of Ministry of Revenue. While assessing the tax of one of
the taxpayers, the auditors could not agree with the taxpayer as he is asked to
pay more tax. The taxpayer is saying that he has paid the tax and should not be
asked again. You are asked to look into the issue. What do you think could be
the possible reasons? What would you do to investigate the case?
SESSION XXIV
PROCUREMENT
Learning Objective:
At the end of this section, we shall be able:
1 To understand the definition of procurement and the categories of
procurement methods as provided in Proclamation No 430/2005,
Determining Procedures of Public Procurement and Establishing its
Supervisory Agency Proclamation;
2 To understand the cycle of procurement as relevant to the understating of
internal control over purchase;
3 To understand the method of sample selection for depth test;
4 To understand the general procedures for the Internal Control Test over
procurement.
Basic concepts
Procurement is defined as “the purchasing, hiring or obtaining by any other
contractual means of goods, works and services”. According to this definition,
the general reference to procurements as goods and services is modified. Service
is broken down into works and services. Work is intended to include such
services as construction, reconstruction, demolition, repair or renovation of
building, road or structure while services is defined as any other services that
may not be classified as goods or works.
The Proclamation has provided for the controls that should be observed when
procuring goods, services and works. It is also stated that the Ministry of
Finance and Economic Development (MoFED) is authorized to issue
procurement directives for implementation of the Proclamation. The internal
auditor has to understand the provisions of the Proclamation, the directive and
other guidelines that will be issued, and use them when performing audits of
procurement.
Six methods of purchasing are identified in the Proclamation. These are Open
Bidding, Restricted Tendering, Direct Procurement, Request for Proposal
(Services), Request for Quotations (Goods), and Two–stage Bidding. In this
section of the Training Manual, only the techniques of auditing procurements
are dealt with, as the approach is more or less similar to any method of
purchase.
Model 20
Request of stock
by departments
Stock Model 22
available Yes Receipt of Articles
? or Property Issued
No
Purchase
Process starts
Model 70 C
Stock card
Sampling
Under System Based audit, the auditors need to select the sample of transactions
to be audited in a systematic way. The idea is that if the sample selected is a
representative of the entire transactions, the work the auditor does is
significantly reduced and yet he can come up with a sound conclusion about the
system of internal control. Under Vouching, the auditor may select a block of
transactions (e.g.: three months‟ purchase). This type of selection is not
preferred because the number of transactions selected for audit is unnecessarily
high and may not be representative of the transactions that occurred in the
period of audit.
What the auditor should do to increase the accuracy of the samples is to discuss
with the purchase department‟s representative and to review the purchase
register maintained by the department to stratify the purchases by method and
type. Assume that the 2,000 vouchers are made up of the following:
Types of purchases
Method of procurement Goods Works Services Total
All types of purchases are now identified and sample can be taken from each
category of purchase. This enables the auditor to test the internal control on all
sorts of purchases.
The sample to be selected shall follow the same pattern as the data in the above
table. The number of sample to be selected should not be too large to be almost
equal to the total population. It should not also be too small that it is not a
representative of the population. We suggest that if the auditor has already
tested purchases in the previous period of audit and has come up with no
material findings, he can reduce the sample size. On the other hand, if he is
suspicious about the strength of the internal control or if it is the first time
audit, the sample size should be sufficient enough to give him confidence that
he has made adequate test of the control. The Internal Audit head should decide
the sample size based on his knowledge of the system and the preliminary
assessment made on the system such as internal control questionnaire. In this
case, if the auditor wants to test 10% of the items, he has to test 200 items. The
selection of the sample will be as follows:
Types of purchases
Method of procurement Goods Works Services Total
118 39 43 200
The total population is 2000. The sample selected is 200. The interval to be used
in taking the sample items will, therefore, be 10 (i.e. 2000/200). The auditor will
then select the first item in each category randomly and then every 10 th item
will systematically be selected. The sample selected in this way should not be
changed once selected to avoid subjectivity.
As can be seen above, the auditor shall test at least one transaction from every
category of purchase. This makes his test all-inclusive. The sample enables him
to complete the audit in a short time (quick win). The conclusion on the system
will be more reliable than under the traditional approach.
Procedures
The audit objectives of test of internal control over procurement are:
Only goods and services required by the Public Body are ordered and
such orders are subject to proper checking and approval procedures;
All goods and services received are as per the contracts of purchase or as
per the purchase order;
The procedures that will be applied in the test of control over procurement are:
The auditor should also attend the meetings of the purchase committee in
his capacity as observer (not a member of the committee) to see the fairness
of the conduct of business. If the auditor wants to make comment on any
aspect of the process, he shall make it in writing to the Head of the Public
Body. The Head of the Public Body can give appropriate instructions to the
Purchase Committee to correct the errors made or to give explanations on
the decisions it has made.
2. For the purchase transactions selected, the auditor shall check compliance
with the Proclamation, the directives and guidelines. He also checks the
completeness of the documentation as follows:
a. For each selected transaction, ensure that the purchase was made on the
basis of requisitions from the user department and that such requisitions
are duly authorized;
b. For each purchase of goods, obtain the copy of the Receipt for Articles or
Property Received and compare with the detail in the contract signed
with the supplier and the supplier invoice to ascertain the goods received
are those ordered. The auditor should give due attention to technical
specifications as for the quantity of the items received. For example in
the case of pharmaceutical purchase, the auditor should check the expiry
date of items received with the specification given on orders. In the
purchase of computers, the capacity and other technical specifications
should be checked with the order. The auditor can use specialist service
when checking such specifications.
d. For each purchase of services, check the output of the consultant, such as
final reports, and recommendation for payment by the user department.
Take for example, the above-discussed case of the Ministry of Agriculture and Rural
Development. The working paper would look like the following:
He showed me from the purchase order register that 2,000 purchase transactions were
concluded in the year. The summary of the transactions by method and type is as follows:
Types of purchases
Method of procurement Goods Works Services Total
As I have agreed with the head of the Internal Audit, Ato XXX, to test 10% of the
transactions, I have selected the sample as shown in the following table:
Types of purchases
Method of procurement Goods Works Services Total
118 39 43 200
Work done
Purchase requisition were checked,
Invitation for bid, minutes of the purchase committee, approval of the Head of the
Public Body checked,
Contracts signed with the suppliers checked,
Goods receiving vouchers were compared with the contract,
Output of the consultants and recommendation of the user department checked,
Posting of goods receiving vouchers to Model 70A & C checked,
Posting of Payment Vouchers and Journal Vouchers to Transaction Register and then
to ledgers checked.
Findings
1. Finding: Contrary to Article 31 (1) of Proclamation No 430/2005, invitation to bid for
the purchase of works was announced only on Addis Lisan. Refer contract No W1/96.
Implication: Purchases were not conducted in accordance with the law and the
Ministry might have been at a disadvantage.
Conclusion
Except for the finding mentioned above, the internal control over purchase is adequate.
Audit program
Sample audit program for purchase is given below:
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Name of Public Body __________________
Audit Area __________________________
Budget Year ________________
Sampling
State Audit Population Sample
Performed Size Size Budget Year _______________
Summary
As the significant amount of the public fund allocated to a Public Body goes to
the purchase of Goods, Works and Services, the auditor is required to frequently
test the efficiency and effectiveness of the internal control system over
purchase.
Procurement is also largely related to the objective of the Public Body. For
example, Ministry of Health is required to make sure that there is sufficient
quantity and quality of medicine in the country. Ministry of Agriculture should
make sure that agricultural inputs exist in sufficient quantity and at the right
time. The Internal Auditors of these Public Bodies should, therefore, make sure
that the internal control is strong enough to provide management of the Public
Bodies assurance that the right quantity and quality of supplies are purchased
following the provisions of the Proclamation and the relevant directives.
Exercise 24-1
Assume that you are the Internal Auditor of the Ministry of Education. In you
annual plan for 1997, one of the internal controls to be tested is procurement.
You have planned to start the audit of the first six months of 1997 budget year
today. You discussed with the purchase department and you noted that there
were 3,000 purchase transactions in the first six months. The transactions were
made in the following manner:
Required: In your discussion with the Internal Audit Department Head, you
decided to test 10% of the total transactions. Calculate the sample you are going
to select. Present it in a table.
SESSION XXV
PAYROLL
Learning Objectives
When we have completed our study of this Section, we should be able to
understand and apply the following:
2 That only net amounts after all legitimate deductions are paid to the
rightful owners for services actually rendered;
4 That the expenditure is properly coded and recorded in the accounts and
reported in the Monthly and Annual Trial Balance.
Procedures
The audit procedures to be followed in order to test control over payroll are as
follows:
1. Select, say one month‟s payroll and secure the personal files and
attendance sheets of selected employees from the personnel section and
carry out the following steps:
1.1. List out the employees and their basic salary selected from the payroll
for testing;
1.2. Extract the relevant data and information from the files such as letters
of engagement, letters of resignation, notification letter of salary
scale, and documents related to special deductible items;
1.3. Ensure that all appropriate information and documents are sent to
the payroll section for the preparation of the payroll;
1.4. Ascertain that employees‟ personal files are kept in the custody of the
personnel section by persons who are not connected with the payroll
function;
1.5. Test the accuracy of attendance sheets (or similar documents for
those under contract) and that they have been approved by
appropriate officials who are not connected with the payroll function;
1.6. Test that overtimes and other benefits are signed for approval by the
immediate supervisors of the employees concerned who are not at all
connected with the payroll function;
1.7. Test that the payroll clerk does not have access to employees‟
personal files;
1.8. Ascertain that the gross pays and deductions such as income tax,
pension and advances and loans are correct and supported with
adequate documentation; and that the computations are also correct;
verify that concerned persons have signed signifying to that effect;
1.9. Test check the correctness of monthly payroll reconciliation.
1.10. Ensure that the audit covers all workers for whom regular payrolls
are not prepared;
1.11. Observe the payment of salaries and record your observations;
1.12. Conduct surprise count of the payroll fund and reconcile with the
entries in the cashbook to ensure the accuracy of the count against
the balance. The procedures and the forms described under Cash and
Bank could be applied and used;
1.13. Check the coding of the payroll and the accuracy of the recording;
trace the entries to the Transaction Register; and the postings to the
General and Subsidiary Ledger Cards;
1.14. Obtain and check against the Budget Ledger Card for salaries and
allowances and trace to ensure that satisfactory budgetary control was
exercised.
The above may not an exhaustive list of the audit procedures that the internal
auditor should follow as concerns the audit of payroll. Therefore, the internal
auditor is advised to refer to other relevant directives and documents such as the
detailed Procedural Manual of the Treasury Department of the Ministry of
Finance and Economic Development (MoFED) issued in Megabit 1993. The
internal auditor should ensure compliance with such directives.
The internal auditor should prepare the necessary schedules, which contain the
salaries, and allowances, the items selected and tested, the works done,
including a summary of the audit objectives, the findings and conclusions. He
should file these schedules and other relevant audit working papers under the
relevant section of the Current Working Papers file; the Lead Schedule,
Summary of Findings, Supporting Schedules and Queries/ Notes and the test of
internal control being also filed under the appropriate sections of the working
papers.
Exercise 25-1
Self-Testing Questions (Class discussion)
Initials Date
Prepared by
Reviewed by
Not
No. Questions Yes No applicable Comments
1 Are personnel records (files) maintained for all employees?
2 Is personnel section responsible for the proper custody of
personnel records?
3 Do personnel files provide up-to-date information of each
and every employee's salaries and related benefits?
4 Is there separate control system for recording annual leave
entitlement, accrual and payment?
5 Is budget constraint considered before new employment,
additional benefit and salary increment is proposed, etc?
6 Is payroll section notified in writing of every change that
should be reflected in payroll?
7 Are payroll sheets prepared, checked and approved by
different responsible persons before payment is made?
8 Do all employees who receive their salaries always sign on
the proper space of payroll sheets?
9 Are delegations for salary payments supported with official
authorization?
10 Are salary advances and loans paid and repaid according to
existing laws and regulations?
11 Are payroll expenditure and deduction posted to proper
accounts?
12 Is one month‟s expenditure compared against another to
identify causes of differences and take the necessary steps
accordingly?
13 Are salaries and allowances paid out of capital budget fully
capitalized in respective capital expenditure account?
14 Is payroll generally subject to civil service regulations?
Initials Date
Prepared by
Reviewed by
Criteria
1 Are responsibilities for supervision and time-
keeping functions adequately segregated from
personnel, payroll processing, disbursement, and
general ledger functions?
2 Is there a clearly defined procedure for:
Time keeping and attendance records?
Review for completeness and for the
employee's supervisor's approval of
time cards or other time reports?
Authorizing, approving, and recording
vacations, holidays, and sick leave?
B Is there reasonable assurance that employees are
paid the correct amount? Consider:
Criteria
1 Are responsibilities for supervision and time-
keeping functions adequately segregated from
personnel, payroll processing, disbursement,
and general ledger functions?
2 Is one-month‟s expenditure compared against
another to identify causes of differences and take
the necessary steps accordingly?
Criteria
1 Are responsibilities for supervision and time-
keeping functions adequately segregated from
personnel, payroll processing, disbursement, and
general ledger functions?
Criteria
1 Are responsibilities for the payroll processing
function adequately segregated from the general
ledger function?
2 Are payroll expenditure and deduction posted to
proper accounts?
3 Are there adequate account coding procedures for
classification of employee compensation and
benefit costs, so that costs are recorded in the
proper general ledger account?
4 Is there adequate procedure for proper recording
or disclosure of accrued liabilities for unpaid
employee compensation and benefit costs?
SESSION XXVI
STOCKS
Learning Objectives
When we have completed our study of this Section, we should be able to
understand about the following:
Definition of stocks
Stock items represent very many items held in the stores and include,
depending on the type of Public Body, food items, spare parts, medicine and
medical supplies, fuel and lubricants, stationery and office supplies, fixed assets
pending delivery to users and various other items. Stock items are normally
consumed or used within an accounting cycle or fiscal year. The stocks in the
custody of a Public Body also include various goods awaiting disposal.
Audit Objectives
The objectives of examining stocks include:
The first of the above three objectives do not at present apply since the FGE
accounting system does not recognize value of stock items as assets in the
accounts and in the financial statements.
Audit procedures
The audit of stock items commences with the evaluation of the internal control
system using Internal Control Questionnaires (ICQs) or Internal Control
Evaluation Questionnaires (ICEQs). (See Annex XXI and XXVIII of the Internal
Audit Manual.)
The audit procedures for stock can be divided into Validation and Test of
Control Procedures.
The Test of Control concerns testing of the effectiveness of the existent system
of control to prevent misappropriation, overspending of Budget appropriation,
unwise or inappropriate spending, and ensuring that laid down control methods
and procedures are working. Accordingly, samples of vouchers (transactions)
are taken from among the population of vouchers for testing purposes.
A general guide Audit Program (Annex XIV) and the detailed audit procedures
for the audit of stocks (for validation and test of control) are also given in the
Internal Audit Manual.
When auditing stocks, the internal auditor should follow the following steps:
1. Review and evaluate the internal control system through the ICQs of
ICEQs;
4. Check the arithmetical accuracy of the stock reports which show the
stock movements (i.e. the beginning stock, receipts and issues during the
month, and the final balance to be carried forward to the next period, all
in quantities as well as in values on the First In First Out stock valuation
basis);
5. Obtain the stock records – the stock register book and the bin cards and
ascertain that the stock quantities and values in the stock reports are
agreement with the stock records;
6. Select items from the stock reports and related documents (such as
requisitions, minutes, tender documents, proforma invoices, purchase
orders, invoices, goods received notes and stores issue vouchers) on a
sample basis and verify that:
o Stock items are received against goods receiving and issued against
issuing documents; that the movement of Stock items is properly
recorded in the stock records; that proper storage and security system
exists; and that the existence and conditions of the stock items is
ascertained through monthly and yearly physical counts;
o The stock register and the bin cards are properly balanced;
o The physical stocks against the balances in the stock records are
checked;
7. Observe some of the physical counts that are made every month and also
as at the end of the year and reconcile with the stock records ensuring
that the following steps are followed:
Mark and record the cut off date on the last used pages of
the stock register books, stock cards, goods receiving and
issuing documents before the count starts and ensure that
the responsible persons have also signed;
Ensure that the physical count is taken in accordance with
the stock count procedures instructions; if the count takes
longer time ensure that the stores are sealed when the
count is not proceeding; the seal should only be broken in
the presence of all persons who signed on the sealing
document;
Recount to confirm correctness of count where differences
are observed with the stores records;
Ensure that damaged, obsolete, broken or slow-moving
stock items are identified;
Ensure compliance with stock count instructions;
Ascertain that goods belonging to third parties are
segregated from other stock items.
The above procedures may not be exhaustive. Therefore, the internal auditor is
advised to refer to other relevant directives and documents such as the detailed
Procedural Manual of the Treasury Department of the Ministry of Finance and
Economic Development (MoFED) issued in Megabit 1993 and Directives No. 1
and 6 of 1991 E.C. regarding property administration and ensure compliance
therewith.
The internal auditor should prepare or secure the necessary schedules, list out
the items selected and tested, the works done, including a summary of the audit
objectives, the findings and conclusions. He should file these schedules and
papers under the relevant section of the Current Working Papers file. Though
stock does not form a part of the accounts, the Lead Schedule, Summary of
Findings, Supporting Schedules and Queries/ Notes and the test of internal
control should be filed accordingly.
On completion of the audit of stocks, the Head of the Internal Audit section
should report his findings in an acceptable format.
EXAMPLE: Assume that the stock balances per stock register and the bin cards
were in agreement with the physical counts and amount to the following
figures. The schedule of stock on hand with the schedule reference letter B
(with sub-schedules B1 and others for stock reports obtained from the
department concerned and checked) may look like the following (the figures are
as given.):
Initial Date
Prepared by AT 05/03/97
Reviewed by TH 15/03/97
Name of Public Body:___MoFED_______
Audit Area: :___Stocks_(Test checked)______
Period/ Budget Year:__as on Tikimt 30, 1997
Quantity
Unit of Sch. per stock Quantity Unit Cost Total
Type of stock items measure Ref. records per count Differences Birr Cost Birr
Office equipment:
- Photocopiers (type, etc. identified) Pcs. B10 30 30 -
Work done:
Findings:
(1) The Dell Computers was issued under doc. No. 20 dated 23/02/97 but was not posted and deducted from the stock records.
Now recorded, checked.
(2) The LCD Projector found in excess was issued but returned because some part was found broken; pending repairs; the item
was recorded in a separate stock record. Traced to the record.
Remarks:
The unit and total costs are to be computed only for information purposes; the stock Birr balances do not form a part of the
financial reports until the Modified Cash Basis of Accounting under adoption by the Ethiopian Government becomes fully
operational.
Conclusion:
In my opinion, based on the tests conducted, the above balances are fairly stated.
Suppose the stock balances form a part of the financial reports of the Public
Body when the Modified Cash Basis of Accounting gets into full swing, then
your approach to auditing will have to be adjusted accordingly. Now assume
that you are auditing the stock records of the Ministry of Education and that
you have obtained all the stock balances per the stock records which are also in
agreement with the physical counts and tie up both with the Trial Balance
which must agree with the balances in the General and Subsidiary Ledger
Accounts. The schedule of stock balances with the schedule reference say,
letter B (with sub-schedules, most sub-schedules are not given)) may look like
the following (the figures are taken as given.)
Sch. Ref. B
Initial Date
Prepared by AT 05/03/97
Reviewed by TH 15/03/97
Name of Public Body:___MoFED_______
Audit Area: :___Stocks_______
Period/ Budget Year:__as on Tikimt 30, 1997
Work done:
C = Test counted and agreed with the stock records;
T = Checked existence, condition, ownership (ownership titles), and valuation (at cost on a FIFO basis);
B = Balances agreed with the Ledgers and the Trial Balance.
V = Test vouched for pricing at cost of purchase and/ or valuation by professional valuers and found to be
in order.
C = Checked casts and cross casts (addition, etc.) (See sub-schedules.)
T/B and B/S = Trial Balance and Balance Sheet.
Findings:
(1) The Dell Computers was issued under doc. No. 20 dated 23/02/97 but was not posted and deducted from
the stock records. Now recorded, checked.
(2) The LCD Projector found in excess was issued but returned because some part was found broken;
pending repairs; the item was recorded in a separate stock record. Traced to the record.
Conclusions: Except for the above points, in my opinion, the stock figures are fairly stated.
Sch. Ref. B1
Initial Date
Prepared by AT 05/03/97
Reviewed by TH 15/03/97
Name of Public Body:___MoFED_______
Audit Area: :___Stocks_______
Period/ Budget Year:__as on Tikimt 30, 1997
Exercise 26-1
Self-Testing Questions (Class discussion)
1. Why is the audit of stock so important? Explain and justify.
2. What are the audit objectives of stocks?
3. What are the internal control systems of stores? What are their significance
in the audit of stocks?
4. Distinguish among internal control systems and audit procedures in relation
to stores.
5. Some people argue that following the standard audit procedures given in the
Audit Manual curtails initiative of the internal auditor. Discuss.
Exercise 26-2
Problem 1 (group work)
The Property Administration Section Head had some knowledge of the steps that are
required for annual stock taking and accordingly, prepared procedures and circulated
to the concerned sections. User departments had also been advised to submit and take
out their requirements in advance of the count date. Accordingly, the persons
submitted authorized requisitions and signed the stores issue vouchers as having
received the items on the understanding that the storekeeper keeps the items until they
collect them at a later date. The storekeeper, however, forgot to appropriate the items
from the stocks. The clerks had posted all goods received notes and the stores issue
vouchers to the stores records.
The physical count proceeded according to schedule and it was noted that all the items
counted agreed with the balances shown both on the stock register and the bin cards.
Instruction: As the Head of the Internal Audit Section you are required to review the
above case in the light of good internal control system and report your
findings to the Head of the Public Body.
Exercise 26-3
Problem 2 (group work)
The stock count reports and the balances on the stock register and the bin cards
contain the following information as on Meskerem 30, 1996:
No. Items Stock register Bin cards Physical count
1 Photocopy paper type „x‟ (of 12 reams
per carton Cn) 116 Cn 118 Cn 118 Cn
2 Laptop computers 20 pcs 15 pcs 14 pcs
3 Photocopiers brand „y‟ 15 pcs 20 pcs 14 pcs
4 Photocopy paper type „z‟ (of 12 reams
per carton Cn) 400 Cn 398 Cn 398 Cn
SESSION XXVII
FIXED ASSETS
Learning Objectives
When we have completed our study of this Section, we should be able to
understand and apply the following:
Basic Concepts
Fixed asset is defined as „tangible asset costing Birr 200 or more that is in
operational use and that has a useful economic life of more than one year such
as furniture, computers, heavy equipment, vehicles, ships and aircraft,
buildings, roads, sewers, bridges, irrigation systems, dam.‟ (Article 2 (12) of
Council of Ministers Regulation No. 17/1997).
The audit objectives in the verification of fixed assets in short are the following:
The audit procedures for fixed assets are in general similar to the procedures for
other items.
The audit of fixed assets involves the examination of fixed assets records and
evidences such as contracts, invoices, and receipt documents.
Regarding proposed acquisitions of fixed assets some of the questions that may
need to be answered are the following:
- Will the acquisition of new fixed assets improve the efficiency of the
Public Body in achieving its objectives?
- What will the acquisition of the new fixed assets cost the Public Body
and what will the savings be in terms of finances?
- How many years will the new fixed asset serve at a lower running and
maintenance cost and when should it be replaced or disposed of?
Audit procedures
The audit of fixed assets commences with the evaluation of the internal control
system using Internal Control Questionnaires (ICQs) or Internal Control
A general guide Audit Program (Annex XIV) and the detailed audit procedures
for the audit of fixed assets are also given in the Internal Audit Manual.
5. Ensure that custodian and record keeping functions of fixed assets are
distinct;
The above procedures may not be exhaustive. Therefore, the internal auditor is
advised to refer to other relevant directives and documents such as the detailed
Procedural Manual of the Treasury Department of the Ministry of Finance and
Economic Development (MoFED) issued in Megabit 1993 and Directives No. 1
and 6 of 1991 E.C. regarding property administration and ensure compliance
therewith.
The internal auditor should prepare or secure the necessary schedules, list out
the items selected and tested, the works done, including a summary of the audit
objectives, the findings and conclusions. He should file these schedules and
papers under the relevant section of the Current Working Papers file. Though
fixed assets do not form a part of the accounts, the Lead Schedule, Summary of
Findings, Supporting Schedules and Queries/ Notes and the test of internal
control should be filed accordingly.
When the present accounting system in respect of fixed assets becomes fully
operational, the value shall be those extracted from the General and Subsidiary
Ledgers to the Trial Balance and then to the Balance Sheet of the Public Body as
confirmed by physical counts at least on rotation basis.
EXAMPLE: Assume that you are auditing the fixed assets records of the
Ministry of Education and that you have obtained all the fixed assets balances
per the fixed assets register and the individual ledger cards which are in
agreement with the physical counts (the valuation has been omitted for the time
being since it does not form a part of the financial reports at present. In the
future, when the Modified Cash Basis of Accounting becomes fully operational,
however, the amount will be a part of the financial reports. Then verification of
the valuation will be important consideration.) The schedule of fixed assets
(with and without value) with the schedule reference, say the letter D (with
sub-schedules) may look like the following (the figures are as given.):
Quantity
Unit of Sch. per stock Quantity Unit Cost Birr Total
Type of stock items measure Ref. records per count Differences Cost Birr
Buildings D1 C -
Motor vehicles D2 C -
Computers and accessories:
- Desk top Computers complete (Dell) Pcs. D3 20 C 20 -
- Printers (hp LaserJet 1150) Pcs. D3 15 C 15 -
- LCD Projectors (type identified) Pcs. D4 10 C 10 -
Office equipment:
- Photocopiers (type, etc. identified) Pcs. D10 30 C 30 -
Work done:
C = Test counted and agreed with the stock records;
S = Took the above items as samples and traced a random sample of 10 receiving and 10 issuing documents out of populations respectively of
100, 150, 100, 125, 175, and 200 items.
V = Test vouched for pricing at cost of purchase and found in order.
C = Checked casts and cross casts (addition, etc.) (See sub-schedules.)
Findings:
(1) The Buildings were not given tag numbers although they could be identified by locations.
An old building in Nefas Silk area has not been occupied for a long time for fear that it may fall off. Requires to be checked.
(2) One of the LCD Projectors requires to be repaired.
(3) Five of the photocopiers are out of use for a long time. No spare parts could be found for their repair. Need to be scrapped off.
Remarks:
The unit and total costs are to be computed only for information purposes; the fixed assets Birr balances do not form a part of the financial
reports until the Modified Cash Basis of Accounting under adoption by the Ethiopian Government becomes fully operational.
Conclusions:
In my opinion, the above matters and the rest of the fixed assets items require to be examined by a team of experts to ascertain their
conditions and use. Then appropriate actions such as adequate maintenance, disposal, tagging, etc. require to be done.
Suppose the fixed assets form a part of the financial reports of the Public Body
when the Modified Cash Basis of Accounting gets into full swing, then your
approach to auditing will have to be adjusted accordingly. Now assume that
you are auditing the fixed assets records of the Ministry of Education and that
you have obtained all the fixed assets balances per the fixed assets registers and
the individual ledger cards which are also in agreement with the physical
counts and tie up both with the Trial Balance which must agree with the
balances in the General and Subsidiary Ledger Accounts. The schedule of fixed
assets with the schedule reference say, letter D (with sub-schedules) may look
like the following (the figures are taken as given.):
Work done:
C = Test counted and agreed with the fixed assets records;
T = Checked existence, condition, ownership (ownership titles), and valuation;
B = Balances agreed with the Ledgers and the Trial Balance.
V = Test vouched for pricing at cost of purchase and/ or valuation by professional valuers and found to
be in order.
C = Checked casts and cross casts (addition, etc.) (See sub-schedules.)
T/B and B/S = Trial Balance and Balance Sheet.
Findings:
(1) The Buildings were not given tag numbers although they could be identified by locations.
An old building in Nefas Silk area has not been occupied for a long time for fear that it may fall off.
Requires to be checked.
(2) One of the LCD Projector requires to be repaired.
(3) Five of the photocopiers are out of use for a long time. No spare parts could be found for their repair.
Need to be scrapped off.
(4) Depreciation was not provided for these assets in accordance with Government policy.
Conclusions:
In my opinion, the above matters and the rest of the fixed assets items require to be examined by a team
of experts to ascertain their conditions and use. Then appropriate actions such as adequate maintenance,
disposal, tagging, etc. require to be done. Otherwise, the valuation is fairly stated.
Initial Date
Prepared by AT 05/03/97
Reviewed by TH 15/03/97
Name of Public Body:___Ministry of Education_______
Audit Area: :___Fixed Assets - Buildings_______
Period/ Budget Year:__as on Tikimt 30, 1997
Sch. Ref. D7
Initial Date
Prepared by AT 05/03/97
Reviewed by TH 15/03/97
Name of Public Body:___Ministry of Education_______
Audit Area: :___Fixed Assets – Motor Vehicles, at cost and
valuation
Period/ Budget Year:__as on Tikimt 30, 1997
To D
Exercise 27-1
Self-Testing Questions (Class discussion)
Exercise 27-2
Problems (group work)
Assume that you are now engaged in the audit of the fixed assets. You have
gone through the required audit procedures explained above and have
summarized your findings as follows:
1) No identification tag number was given to every fixed asset owned by the
Public Body. As a result, you could not verify the physical existence of the
assets.
2) Although year-end fixed assets count is made every year, the count is not
reconciled with the fixed assets‟ record (register and individual cards)
balances.
3) One of the recently constructed stores, which was transferred to fixed asset,
has started cracking. When you checked the documents related with the
construction, you learnt that provisional acceptance was under way.
4) The ownership booklets of some of the motor vehicles were not made
available for verification. You have also learnt that no procedure has yet
been put in place in order to ensure that all of the motor vehicles are to be
serviced.
5) Although there are so many fixed assets in the compound that are not
currently being used, no effort has so far been made to review their
conditions for the necessary actions including their disposal.
Instruction: As the Head of the Internal Audit Section you are required to
review the above case and report your findings to the Head of the
Public Body.
Initials Date
Prepared by
Reviewed by
Name of Public Body ____________________________________
Audit Area ____________________________________
Budget year _____________________
Not
No. Questions Yes No applicable Comments
1 Are different staff members engaged in the
purchase of fixed assets, keeping custody of fixed
assets before being issued for use, and recording
their movements?
2 Is there any assigned section or body to follow-up
foreign purchase?
3 Is there a mechanism to prevent the purchase of
more quantity of fixed assets than required?
4 Are goods receiving notes issued upon receipt of
all acquisitions of fixed assets?
5 Is the store-keeper forced to raise goods receiving
notes without getting a chance to see the fixed
asset physically?
6 Are fixed assets issued without the authorization
of a designated official?
7 Does each fixed asset have its own identification
number?
8 Is there fixed assets register for proper recording
and controlling of the movement of fixed assets?
9 Is there a strong control mechanism to ensure that
fixed assets are not exposed to theft or damage?
10 Is there annual physical count of fixed assets and
the count compared against the balance in the
fixed assets register?
11 Is physical count of fixed assets undertaken in the
presence of the storekeeper and by staffs assigned
from other section?
12 Is the result of fixed assets physical count reported
to the Head of Public Body?
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Sampling
State Audit Population Sample
Performed Size Size Budget Year _______________
General Procedures
1. Review previous year audit working papers.
2. Review the updating of the permanent file.
3. Fill in the internal control questionnaire.
4. Draw or update flow chart or system notes.
5. Evaluate the appropriateness and effectiveness
of the control system.
6. Conduct a „walk through‟ test to confirm the
control system.
7. Review internal and external reports.
Specific Procedures
The specific audit procedures to be carried out
are given on PP 133 to 135 of the Internal
Audit Manual.
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Name of Public Body __________________
Audit Area __________________________
Budget Year ________________
TEST REF
CONTROL OBJECTIVE TEST OF CONTROL REF. FINDING
TEST REF
CONTROL OBJECTIVE TEST OF CONTROL REF. FINDING
SESSION XXVIII
FRAUD AND INVESTIGATION
Learning Objectives
When we have completed our study of this Section, we should be able to
understand about the following:
The definition and significance of fraud and the types of fraud;
The major causes and characteristics of fraud;
Fraud control – detection and prevention or deterrence;
High risk areas for fraud;
Fraud warning signs;
The audit and investigation objectives of fraud; that fraud
investigation is a specialist area of great concern;
The internal control system for the detection, prevention or
deterrence or minimization of fraud;
The audit and investigation procedures to be applied concerning
fraud.
Definition of Fraud
“Fraud” generally involves an act of deception, bribery, forgery, extortion, theft,
misappropriation, false representation, conspiracy, corruption, collusion,
embezzlement, or concealment of material facts. Fraud may be committed by an
individual, a group of individuals, or by one or more organizations. Fraud is a
violation of trust that, in general, refers to an intentional act committed to
secure personal or business advantage.
Types of Fraud
Fraud can be classified in different ways. There are internal and external frauds.
What these mean is explained below:
There are also other types of fraud – the corporate fraud, for instance, which is
of three types, viz.:
This type of fraud is committed by employees who are not directors or senior
management members and is usually undertaken for personal gain against the
Public Body. When the fraud involves senior management it is done on a
massive scale.
This type of fraud is different from the ones described above. It involves the
misappropriation of third party‟s assets and/ or through the provision of false
information to a third party presumed to be done in the best interests of the
Public Body, for example, false representations to the tax authorities to
minimize the Public Body‟s tax liabilities.
The following are some areas which may give rise to suspicion of management
fraud:
Staff turnover especially of finance and key positions;
There are also other types of fraud, for instance, Contract fraud, connected with
contracts with third parties - falsifying the contents and the amounts in the
contracts to obtain undue advantages. There is also Computer fraud.
The major causes of fraud can be grouped under three headings - poor internal
control, collusion between/ among workers and the environment in which the
Public Body works.
Safeguarding of assets concerns the safeguarding the entity‟s assets from loss or
misuse.
Management Control is the process of assuring that resources are obtained and
used effectively and efficiently in the accomplishment of the Public Body‟s
objectives. The process is ongoing as long as the Public Body exists as an
ongoing operation.
The other matter concerns the environment in which the Public Body works.
Some environments where internal controls are loose could be conducive as
breeding grounds for fraud.
If the internal control system is poor the possibilities of fraud occurrence will be
high.
It is said that prevention is better than cure. The first attempt of management
and the internal auditor should, therefore, be on the prevention of fraud.
Instituting the necessary cost effective control mechanism acts as a deterrent for
fraud. The control mechanism include matters such as fostering control
consciousness, setting realistic Public Body goals and objectives, creating clear
communication channels that provide management with adequate and reliable
information, and establishing and maintaining appropriate authorization
policies for transactions.
The management and the internal auditor should be aware that cash receipts
(the documents and the cash itself), stocks, purchases, payroll, receivables and
payables are among high-risk areas for fraud.
Altered, forged and missing cash receipts, unexplained shortages, and using one
day‟s collection to cover up a previous day‟s unaccounted for collection are
some examples concerning cash receipts.
Receiving inferior qualities of goods for the price of better qualities and sharing
the resulting difference in prices with vendors, removing items from cartons of
incoming and outgoing shipments, declaring that items are received while that
is not true, throwing items through the fence for latter pick up, carrying the
same types of commodities on shelves at different unit prices (under the FIFO
inventory valuation method, for instance), and reporting of stolen stocks as
existent when in fact they do not exist in stores are all examples of fraud
involving stocks.
Inflating hours worked and also not reporting absences; fictitious/ dummy
employees on payroll; unreported terminations of employment or transfers; and
unauthorized advances to employees are examples of payroll fraud.
There are fraud-warning signs that the Head of the Public Body and the internal
auditor should be aware of. Weak internal controls, unethical leadership, lack of
fraud policy, lack of effective internal auditing function, control by a single
person over key functions, inadequate screening of job applications, vendors or
contractors are some examples of fraud warning signs.
The internal auditor has the responsibility for examining and evaluating the
adequacy and effectiveness of the internal control system in relation to the
Public Body‟s operations. The internal auditor should, therefore, determine if:
1. The Public Body‟s goals and objectives have been clearly and
realistically set;
If the internal auditor suspects that fraud has occurred, he should advise the
Head of the Public Body about it and recommend on the necessary investigation
to be carried out.
Some of the ways that the internal auditor can become aware of the possibility
of fraud in the Public Body include information coming from within or outside
of the Public Body and/ or as a result of the internal auditor‟s own assessment of
the adequacy of the internal control system or while conducting his normal
audit procedures.
When the internal auditor becomes aware of alleged fraud, he should decide on
the measures he has to take, of course, on the authorization of the Head of the
Public Body. He should take the following steps:
One of the tools that the internal auditor could use in his fraud examination is
the fraud assessment interview. He could prepare the questions, with adequate
review and approval of the Head of the Public Body, in order to compile
necessary information on possible fraud to help him in his audit and
investigation of the Public Body‟s operations. Examples of some of the questions
that could be posed are given at the end of this Session.
There are also questions under the heading Fraud Investigation Standards given
as Annex XXV to the Internal Audit Manual.
Examples of fraud:
Exercise 28-1
Self-Testing Questions (Class discussion)
1. What is fraud? Explain and justify. Distinguish between fraud and error;
and also audit and investigation.
2. What types of fraud do you generally recognize? Explain and justify.
3. What are the major causes of fraud? Discuss the high-risk areas of fraud.
4. What indicators lead to the recognition of fraud warning signs?
5. Why do internal auditors fail to detect fraud?
Sch. Ref.
Initials Date
Prepared by
Reviewed by
SESSION XXIX
PERFORMANCE AUDIT (VALUE FOR MONEY AUDIT - VFM)
Definition of Performance Audit and Value for Money
It is important that any Public Body should ensure that optimal VFM is
achieved from the resources provided. The term “value for money” refers to the
way in which resources (financial, human or physical) have been allocated and
utilized by the Public Body.
1 The Economic test could be the tendering, contract and project control
procedures to establish how far the hospital and associated facilities had
been built to specification, on time and at lowest achievable cost or
within approved cost limits.
2 The Efficiency test could be to check how facilities such as wards, beds,
operating theatres and equipment are utilized.
Performance Audit differs from Financial Audit in that the former examines
whether the Public Body has done the right thing and done so in the correct
and least expensive way. It considers whether the Public Body has achieved its
goals economically, efficiently and effectively in utilizing its resources.
Financial Audit is concerned with examination of the transactions relating to
expenditure and receipts and with the form and content of the accounts.
6 Ensuring that valid and reliable data are obtained, maintained and
disclosed accurately in annual reports and other documents.
3 Improving efficiency,
7 Developing policy,
The Public Body might be criticized for serious waste and extravagance,
improper expenditure, inefficiency, ineffectiveness or weaknesses in control or
non-compliance with laws and regulations. The auditor needs to check whether
the criticism of the Public Body is justified, examining causes for deficiencies or
weaknesses and considering action taken or needed to introduce improvements.
Example: Finding out why a certain contractor for building a school was
selected where the cost is much higher than other contractors who competed
for the same contract.
These are done as part of the normal Performance Audit. There is no need to
have complaints by interested parties. The audits are performed to get assurance
that major projects are performing as planed and, if there are weaknesses, to
draw attention to material weaknesses in control or achievement and their
consequences.
b) Examination
c) Reporting
6 Agreeing the findings and clearance of the reports with the audited
department or section or project,
7 Finalizing and publishing of the reports and their presentation to the Head
of the Public Body and the Inspection Department of MoFED,
Auditors need means of measuring the performance of the areas subject to audit.
It is essential to establish suitable criteria for performance measurement when
planning an audit. Criteria are reasonable and attainable standards of
performance against which the performance of the department/ section audited
will be measured. Without suitable and acceptable criteria determined in
advance, much effort could be wasted, conclusions may be difficult to reach and
agreement on the findings may not be easily reached with the
department/section. The audit criteria should be:
4 Organizational arrangements,
5 Accountability relationships,
2 Stores management,
Sources of information:
1 Proclamations, laws, policies, guidelines, etc,
9 Media coverage.
Preliminary Study
Before going into the detailed planning of the Performance Audit, preliminary
study is needed to ensure that the areas of audit identified during the strategic
planning are still relevant and there is a need to audit those areas in detail. The
preliminary study shall state how the work should continue. It shall also
recommend specific objectives and tasks for the detailed audit of the selected
areas.
The preliminary study involves examination and analysis of the Public Body‟s
papers, local and foreign visits as necessary and discussions with appropriate
staff in the Public Body. Experts‟ advice may also be required where the audit
area is a professional area, such as IT or engineering. The preliminary study
should address the points shown below:
2 The nature, extent and availability of audit evidence required and how it
will be collected,
3 The approach and techniques which will be used to analyze the data,
7 Number of employees,
11 Its location,
3 At what cost?
If the auditor tries to obtain answer for the following questions, he can identify
important issues to be covered during his performance audit:
Audit Plan
To proceed with the detailed audit, one of the basic tools necessary is the audit
plan. The audit plan should be prepared in writing and should be documented
in the Performance Audit Working Paper. The Performance Audit team, in
consultation with the Head of the Audit Department and other higher officers,
should prepare the audit plan. The audit plan should cover the following:
1 The audit objectives,
Audit Objectives
To reach at a conclusion at the end of the Performance Audit exercise, clear and
specific audit objectives need to be developed for each audit. What is expected is
that for each and every audit objective, there will be, at the end of the audit, a
conclusion. Audit objectives are normally expressed in terms of what questions
the audit is expected to answer about the performance of an activity, such as
results achieved, or the economy or efficiency of resource utilization.
Audit Scope
Audit scope is audit boundary. The auditor needs to define what he will cover
in his audit of a specific area. Audit scope refers to the framework, boundary,
limit, subject and nature of the audit. In establishing audit scope, the auditor
should consider whether the topic is within its mandate, whether the audit will
cover significant issues that are likely to add value and be of interest to
management and the ability of the audit team to carry out the audit in
accordance with the required professional standards.
Audit Criteria
Auditors need a means of measuring the performance of the activity subject to
audit. The standards used for this purpose are referred to as audit criteria. These
are reasonable and attainable standards of performance and control against
which the economy, efficiency and effectiveness of the activity can be
evaluated. Primary sources of audit criteria include the controls, standards,
measures, results, commitments and targets adopted by the Public Body itself or
imposed by legislative bodies. The auditor should review these criteria to assess
their relevance to the audit to ensure that they are reasonable and complete.
Where the Public Body‟s own measures are found to be suitable, they can be
adopted as audit criteria. If not acceptable, criteria may be obtained from the
law, regulations, and standards developed by other bodies.
6 Could the activity be carried out at less cost without affecting efficiency
or effectiveness?
Performance Audit reports should be kept brief, and should bring out only the
most important matters. A strong, clear report structure, covering the main
issues needs to be developed. The language used must be simple, direct and
unambiguous. The report should concentrate on the reasons why things are
done, how well they are controlled and the VFM achieved, rather than on their
descriptions. The auditor should use clear evidence and well chosen examples to
strengthen the messages in the reports.
5 Objectives and Scope of the Review: The report should clearly state the
objectives and scope of the audit.
6 Timing: The report should indicate the period of time for which audit is
done.
7 Audit Criteria: The report should explain the basis for measuring
performance and the source of the criteria.
Exercise 29-1
In a group of ten, discuss on the following, take note, elect presenter, and present to the class.
1. Efficiency has improved when the unit cost of teaching children or providing
hospital treatment has been reduced over time; or where more children have been
taught or hospital beds provided, without additional resources. (Discuss)
SESSION XXX
PROJECT AND CONTRACT AUDIT
Learning Objectives:
When we have completed our study of this Section, we should be able to
understand about the following:
The definition of projects and contracts and related audits;
The funding modalities;
Basic bid documents and processes;
The audit objectives projects‟ and contracts‟ expenditures;
The internal control system in relation to projects and contracts;
The audit procedures to be applied in the examination of projects‟ and
contracts‟ expenditures.
Introduction
This Session of the internal audit training covers two topics – project and
contract audits. Project and contract audits are a specialist area of audit -
Compliance and Performance Audit. This should not, however, imply that such
audits are not undertaken when conducting normal audit.
A contract, under the present Session, concerns agreements with contractors for
the provision of services and construction of buildings, roads, dams, water wells
and others.
The term counter part funds are also referred to in the Audit Manual. Counter
part funds are created by means of payments into a special account of the
equivalent value in local currency from the proceeds of the sale of commodities
or foreign currencies that were provided by grants or loans.
Funding Modalities
The two major types of donor funding to the Government are the bilateral and
the multilateral funding.
Funding or disbursement modalities specify how funds flow from the donors to
the Federal Government of Ethiopia (FGE) and/or to the relevant Public Body
and/ or to the Regional States (RS). They also specify the flow of reports to the
donors and to the FGE on the spending of the funds.
Channel I – This includes Aid and Loan funds that flow through the MoFED or
its equivalent in the RS; and the reporting system has to follow the same
upward channel.
Under this channel, the initial fund recipient is the MoFED which then
disburses the funds to those Public Bodies that are eligible to receive and use the
fund.
Within Channel I there are two sub-channels – Channel I „A‟ for funding to
Budgetary Institutions (BIs) or Public Bodies for general budgetary support; and
Channel I „B‟ for funding BIs or Public Bodies for specific programs and projects.
Channel III – Under this channel, the donors directly control all grant funds.
The donors maintain their own bank accounts, pay directly to contractors
and/or suppliers as when requested to do so by the fund recipients.
The bid should be announced through the appropriate media and the proposals
received from potential suppliers. The bid documents received are then opened
in the presence of bidders or their representatives and compared for compliance
with the tender documents, and finally, the one who satisfied the requirements
is selected.
Sometimes after sales service and support is considered. Finally, the contract is
signed with the winners.
Economy is doing things cheap; efficiency doing things in the right way and
effectiveness doing the right things, which is, achieving objectives.
The audit objectives with respect to projects, contracts and donors‟ and counter
part funds, therefore, are as follows:
Audit procedures
The audit of projects and contracts funded by donors‟ grants and loans and the
Ethiopian Government budget should commence with the evaluation of the
internal control system using Internal Control Questionnaires (ICQs) or
Internal Control Evaluation Questionnaires (ICEQs). (See examples in the
Internal Audit Manual.)
distinction between the two procedures, but have been presented so hereunder
following the Internal Audit Manual):
9.1 Ensure that the sales have realized higher prices in accordance
with relevant Government policies and guidelines;
9.2 Ensure that official receipt vouchers are issued to acknowledge
the collection of the cash from the sales;
10. Obtain copies of approved budgets and Budget Ledger Cards for comparison
with the expenditures incurred for the projects;
11. Vouch a sample or all of the expenditures depending on the volume of
transactions against the documents that support the expenditures starting
from the invitation for tender, as the case may be, to the execution of the
projects and the budgets;
12. Ensure that the payments are approved and are executed in accordance with
the approved budget;
13. Check that the expenditures are properly coded and accordingly recorded in
the accounting records;
14. Where separate cash and bank accounts are maintained apply the audit
procedures described under „Cash and Bank Balances‟;
15. Check that the progress of the work is properly supervised and closely
monitored;
16. Ensure compliance of performance with plans and that the reporting
requirements are also discharged;
17. Check with the view to prevent or deter the occurrence of fraud; and
investigate any fraud with the approval of the Head of the Public Body.
B. Contract audit
5.3 Bid documents are clear and complete; tenders are advertised or re-
advertised or otherwise communicated to bidders so that they are
given fair chance to participate in the bids;
5.4 There are no chances for submission of tender documents after the bid
closing dates;
5.5 Bids are collected, recorded and kept under the responsibility of a
designated officer; then tender envelopes are all opened in the
5.6 Those involved in tendering and also the participants declare that
there is „no conflict of interest‟;
5.7 Loss, waste and extravagance are prevented and hence savings or
improved controls are encouraged during the prevalence of the
contract;
5.8 The works are measured and compared against planned costs, budgets
and variations, if any, are authorized before hand; and payments (not
overpayments) are effected in accordance with the measurements,
work certificates and satisfactory work accomplishment and the terms
of the agreements;
5.13 Check for fraud with the view to prevent or deter the occurrence;
and investigate with the approval of the Head of the Public Body
where fraud is detected.
The above procedures may not be exhaustive. Therefore, the internal auditor is
advised to refer to other relevant directives and documents issued by the
MoFED and the Public Body concerned.
SESSION XXXI
COMPUTER AUDIT
Learning Objective
At the end of this section, you will appreciate:
1 What we mean by computer audit,
Basic concepts
Use of computer is not limited to accounting purposes. Computers in a Public
Body might be used for different purposes. For example, in Central Statistical
Authority all statistical data is kept on computer files. Similarly, other Public
Bodies such as Investment Authority, Ethiopian Mapping Authority, and
Ethiopian Radio & Television Organization use computers for non-financial
purposes. As we have said that the role of the internal auditor is to assist the
management in meeting the objectives of the Public Body, audit of computers in
the Public Bodies should encompass all such computers and computer systems.
The internal auditor should be concerned about the security of data in those
computers and backup files.
with the people who specify, develop, test, manage, administer, use and abuse
the computer systems. Computer auditing is also known as IS, IT or ICT
auditing and systems auditing.
a) Audit during the system design phase - is needed for two major reasons.
First, by changing the system to incorporate required controls after the
system has been implemented could be expensive. Hence, the auditor
can participate during the design phase and give his comments on the
design. Second, it is often difficult, if not impossible, for the IT auditor to
understand a system that has taken several thousand hours to design and
implement on the basis of a periodic review. If the auditor is involved
during the design, he could have adequate understanding of the system.
Auditing around the computer system might have been sufficient in the past.
Nowadays the computer systems are becoming more complex as described
above. The auditor would be obliged to use computers in his computer audit.
There are three ways in which the auditor decides on the use of computers to
perform audit procedures:
1. Processing the auditor‟s test data on the client‟s system as part of tests of
internal controls - the objective of test data approach is to determine
whether the client‟s computer program can correctly handle valid and
invalid transactions as they arise. The auditor develops different types of
transactions that are processed under his own control using the Public
Body‟s application systems on the Public Body‟s hardware. The auditor‟s
test data must include both valid and invalid transactions in order to
determine whether the Public Body‟s application software will react
properly to different kinds of data. Since the auditor has complete
knowledge of the errors that exist in the test data, it is possible for him to
check whether the Public Body‟s system has properly processed the
input. The auditor does this by examining the error listing and the details
of the output resulting from the test data.
E.G: For instance, assume an auditor is testing the effectiveness of a Public
Body‟s payroll internal controls. It is not possible for an employee to work
for 1,000 hours in a month. The auditor prepares a payroll transaction with
1,000 hours for each month and processes it through the Public Body‟s
system. If the controls are effective, the Public Body‟s system should not
process that transaction. The error listing should, therefore, indicate that the
number of hours exceeds the limit.
2. Testing the records maintained by the computer as a means of verifying
the Public Body‟s financial statements – the auditor can use specifically
developed software to test the records of the Public Body. He applies the
normal audit procedures that are used in auditing but he does not ask for
print outs of registers, ledgers and other records.
3. Using the computer to perform audit tasks independent of the Public
Body‟s records – this is a more recent development. It is now common for
auditors to use laptop personal computers (PC) as an audit tool. By using
PCs the auditor can perform many audit tasks such as analytical
procedures and working paper preparations. Data are entered into the PC
by the auditor and subsequently used by him for analysis and
summarization. For example, the Public Body‟s Trial Balance can be input
into the PC and use these data to perform analytical procedures.
Procedures
The computer audit procedures to be followed can be categorized into the
following five headings:
1. Preliminary Review Phase - is the first step in computer audit. It involves
reviewing the system, its hardware and software. This is preliminary in
nature and the objective is to obtain the necessary details on how to go
ahead in the audit. The evidence collection during this preliminary
phase is primarily done through observation, interviews, and the review
of available documentation.
3. Compliance Testing Phase – under this phase, the auditor determines the
operating efficiency, effectiveness and reliability of the system. At this
the auditor checks the existence of the internal controls using different
methods. One of the methods is using test data as described above.
Summary
In the Public Bodies, not all internal auditors are using computers. Some do not
have computers and are not also trained. Those trained are using the computer
in a limited way. They might use it to write their reports but, during our
assessment interview, we learnt that even report writing is done by secretaries.
Thus, application of full computer (IT) audit at present might not be thinkable
as the internal auditors in the Public Bodies are not computer experts. It is,
however, possible to perform some important procedures until it is decided to
go into full-fledged computer audit.
Under administrative controls, the auditors can at least check that there are
adequate security measures to protect computers on which important
applications are run. Physical securities include protection against flood, theft,
fire, and power interruptions. The condition of the room in which the
computer is kept, restriction of entry to the computer room to unauthorized
personnel and use of password are some of the controls that should be in place
and that can easily be verified by the internal auditor. The auditor can also
make sure that computer files are kept in duplicate; at least one copy of which
should be kept outside the premises of the Public Body as disaster recovery
measure.
The auditors of the Public Bodies can then report their findings to the
department concerned and, when there are serious failures, to the top
management. If the auditor of a Public Body feels that there is a need for a more
detailed computer audit, he should bring this to the attention of the top
management so that hiring professional IT auditors might be considered.
Discuss the use of computers by the different departments in your office and
identify which of the applications are important to the achievement of the
Public Body‟s objective. Have you been involved in computer audit in you
office?
SESSION XXXII
SOCIAL AND ENVIRONMENTAL AUDIT
Learning Objective
At the end of this section, you will appreciate:
1 The relevance of Environmental Audit for Public Bodies,
Basic concepts
Social auditing is a process that enables an organization to assess and
demonstrate its social, economic, and environmental benefits and limitations. It
is a way of measuring the extent to which an organization lives up to the shared
values and objectives it has committed itself to. As stated in the Internal Audit
Manual, Environmental Audit is an audit which confirms the degree of
compliance with both internally and externally determined emission and
pollution standards.
A Public Body has a legal responsibility to assess its activities, identify those
activities having impact on environment and take adequate action to protect the
environment. Failure to do so might cause damage to the public and the Public
Body might be held responsible for its action.
The role of the internal auditors in this respect is to discuss with senior
management to identify activities in the Public Body that may, if not properly
managed, cause environmental pollution. A good example in the Ministry of
Agriculture and Rural Development could be pesticides. These chemicals should
be preserved in a proper way and, if there is a need to dispose them of, should
be disposed of in a proper way. In identifying the appropriate procedures to deal
with environmental issues, we suggest that the management and the internal
auditor have to consult Environmental Protection Authority.
Procedures
The Objective of Environmental Audit is:
2. The auditor will continue to discuss with the department heads and
other officers identified to have knowledge of the activity or the item
with potential environmental problem;
Summary
Environmental Audit is a new area of audit. It is not yet well developed. The
purpose of this section is to indicate how the internal auditor helps the
management and how the internal auditor protects the Public Body from any
damage that might be caused because of failure to put appropriate procedures in
place to deal with activities or items that might cause environmental pollution.
We should not forget that failure to observe environmental rules might bring
financial liability to the Public Body. This in turn will have an impact on the
Financial Audit to be performed. If there is a penalty levied due to the failure,
the auditor might want to test the source of fund to cover the payment, the
approval of the payment, and the accuracy of the recorded liability.
1. What type of activities and what type of stock items might cause
environmental problems in your Public Body?