Audit

Internal Audit Training Manual-----------------------------------------------------------------
I. INTRODUCTION AND GENERAL BACKGROUND
This Module covers the following three sessions:
SESSION I
Introduction - This introductory part deals with setting the congenial climate of learning
and teaching by assisting participants to know one another. This is a familiarization
process to make starting easier.
Breaking the Ice - Adult educators and prominent trainers suggest that instructors should
not immediately get into the subject matter of the course before” breaking the ice”. This
means that trainees need knowing their instructors and trainee colleagues to make the
learning environment conducive and easier. Instructors may introduce themselves and
ask each trainee to introduce himself/herself and where he/she came from and what
his/her responsibilities, at the work place, are. In brief, this session is intended to help
trainees share personal information about one another and thereby get to know better
facilitate exchange of ideas.
Learning Contract - Training facilitators and adult educators, generally, agree that the
learning community distinguishes itself by the prevalence of trust, openness, and
collaboration. Learning demands that each individual be willing to try new behaviour,
to give and receive constructive feedback and to actively engage into the learning
process. The instructor (the facilitator) has much to do with creating the conditions
necessary for such a „community” to develop and evolve.
The norm of such a community demands that instructors and participants share equally
the responsibility for success, with all group members willing to lead and to follow when
the need arises. This methodology assists to assess and determine the quality of the
learning environment and the interaction among participants.
---------------------------------------Ministry of Finance & Economic Development 1

Having created the appropriate environment, the possible next factor to consider, at this
stage, is to define the sessions‟ learning objective(s) and ascertain what is to be gained at
the end of each session. We have to recall, again, that, although the success of the entire
course will be a shared responsibility, the learning process is largely controlled by the
participants (learners). Hence, the learning process is enhanced when learners have the
opportunity to participate in the planning process; but there should be a clear definition
and understanding of roles and responsibilities of the instructors and learners in the
learning process.
Bases and Authority
Learning Objectives;
To assist participants to:
1 Know the origin of the Training Module (T.M.)
2 Create awareness about the ownership and use right
3 Know the purpose of T. M.
4 Know the sources of authority and responsibilities of the owner.
a. This Training Module is based on the Internal Audit Manual issued by the
Ministry of Finance and Economic Development (MoFED) in accordance
with the power given to it by the Financial Administration Proclamation
No.57/1996 (Art. 68), the Financial Regulation No. 17/1997 of the Council
of Ministers and the directives issued by MoFED itself under the
authorities of these legislations.
b. The Module is to be used for training of internal audit staff and other
pertinent personnel of public bodies as defined in the audit manual.
c. The Module is expected to serve two purposes. In the first place, it is
expected to impart knowledge and skill of the methodology of transfer of
training skill to future trainers. Secondly, it is also expected to furnish
appropriate training materials based on MoFED‟s audit procedural manual
and other enhanced, professional reference materials.

This Training Module is the property of MoFED and in the event of any need of
clarification(s) or question(s) on the Module or any part thereof, it has to be referred to
the Ministry. The Module or any part of it cannot, therefore be used for any
commercial benefit without obtaining express permission by the Ministry.
The General Concept of Auditing
It is useful for participants to have a general understanding of auditing as whole, before

they are introduced to internal auditing as a separate professional field of study. In a
generic sense auditing (external and internal), involves a critical examination and
verification of accounts and other performance processes for the purpose of
ascertaining the true and correct positions and results of operations of organizations-
private or public.
The word audit is derived from the Latin word audire which means to hear. This
derivation refers to the shareholders attendance of external auditors reports which, in
effect, started only at the advent of the 19 century. But, we know that some type of
auditing existed long before 1494 when Luca Pacioli published his principles of double-
entry bookkeeping system in Venice.

SESSION II
Historical Development of Internal Auditing
The learning objective:

1 Enrich the knowledge and understating,
2 Have the knowledge and understating of development through which modern
day internal audit passed through,
3 Know the rationale for change in the body knowledge of internal audit.
The early concept of auditing, referred to can only be construed as internal auditing,
because the development of external audit in its modern sense is quite a later vintage
associated with the development of shareholding and joint-stock companies. Historical
evidences reveal that ancient kings and rich noblemen appointed some of their trusted
officials to exercise checks on the people whom they put in charge of collecting and
safekeeping revenues from their estates and to report to them in the event of any
irregularities.
This practice can be said to have the nature of internal auditing in the sense that those
who were appointed to check on the regularity of revenue collection and the
safeguarding of the proceeds were people from the same organization and in the service
of the institution as people in charge of the collection and recording functions. It is
evident therefore, that internal auditing was in practice much earlier than external
audit. In spite of its earlier existence, however, internal auditing did not emerge as a
recognized field of professional practice until the 1940s when two factors influenced its
development as a distinguished profession.
In the first place, the rapid development and sophistication of business, government
services and the development of statutory audit brought about strengthened demand

on management and board to ensure that assets are properly safeguarded, results are
consistent with established objectives, program and operational goals are achieved as
planned. In order to ensure this, management needed the services of internal auditors
who could provide with assurance services to keep their houses in order before the
coming of statutory auditors.
The second factor, which became a potent force in the development of the internal
auditing profession is the establishment of the IIA in 1941 in New York. Although
membership grew very fast (from 24 in 1941 to 1018 in 1947), the first official
pronouncement of the Institute, the Statement of Responsibilities of Internal Auditing
was issued in 1947. The purpose was to establish a set of guidelines that defined the
proper role and responsibilities of the internal auditing function within an organization
at the time. In this first statement of responsibilities the authors seem predominantly
concerned with accounting and financial controls.
After 1947 the Statements of Responsibilities have been revised six times up to the
current period. These revisions consisted of those of 1957 which expanded the role,
while that of 1971 gave equal concern to every significant aspect of an organization‟s
operations, including efficiency, effectiveness, and compliance. The next revisions
were effected in 1976, 1981, 1990 and 1999 in response to internal auditing operating
environment and paradigm shifts in corporate businesses management and attendant
emphasis on the quality and effectiveness of internal controls as well as the issuance of
new protective legislating by governments and other regulatory bodies.
Internal auditing continues to develop and emerge both in the public and private
sectors; with this development came new procedures and practices. The challenges in
the field of internal auditing reflect the emergent challenges in the concept and
techniques of business management and government service delivery. New approach
in global competition, down-sizing, business process re-engineering, security, advances

in technology have created the challenges of developing new and more relevant
approaches in the concept and practice of internal auditing.
Over the last 60 years, in developed countries, internal auditing has undergone
profound organizational and technical changes. Up to the first half of the 20 th century
the practice of internal auditing consisted of ascertaining compliances with accounting
and operational procedures, verification of accuracy of calculation, protection of assets
from theft and fraud. The methods involved 100 percent checking of transactions by
means of vouching.
In today‟s constructive approach, the modern internal auditor seeks to add value by
laying emphasis on improving procedures and policies through reduced costs, increased
bottom line and better services to users. As a result, senior management and the board
increased their reliance on the internal audit to improve the organization‟s operation
and to systematically evaluate the management or organizational risks, controls and
governance processes which are essential factors in the achievement of objectives.
It is quite easy to see how much internal auditing has changed to adapt itself to the
needs of modern day business environment.
Internal Auditing in Ethiopia
The history of the development of internal auditing in Ethiopia dates back to about the
middle of the 1940s just about the time when internal audit was evolving as an
organized profession in the Untied States. Internal audit in Ethiopia, had its early
legislative root in the Constitution of 1923 which authorized the establishment of an
“Audit Commission” (Articles 34); and the Audit Commission itself was established
much later by Proclamation 69/1944 to audit the accounts of the Ministry of Finance.

The same Proclamation mandated the then Ministry of Finance to audit other
budgetary institutions as a measure of internal control over the financial operations of
the budgetary institutions. It appears that this early practice of internal auditing as per
Procl. 69/1944 was, in fact, to be the root of what the Inspection Department of the
Ministry of Finance and Economic Development (MoFED) continued to perform to this
day, until the recent reorganization.
The latter part of the 1940s witnessed the establishment of internal audit functions in
key public sector institutions such as the national defense, education, road
construction, and other non-budgetary public sectors, which included the Ethiopian
Airlines, Telecommunication and the financial sector consisting of the modern layer of
the Ethiopian economy. These institutions in one way or the other had external links
or financing operations, which created awareness of the need for internal controls to
sectarian appropriate financial management and to safeguard organizational assets.
The period of the early 1950s, marked the introduction of a budgetary system in
government. The commencement of an annual public budget in 1955 for the first time
in the history of the country ushered in a system of financial administration based on
the annual budget with all its attendant requirements for strengthened internal control
in the budgetary agencies. This entailed the formation of internal audit as an integral
apart of the budgetary internal control system.
The establishment at the time of the Addis Ababa Commercial School and the Addis
Ababa University College supplied with limited but better informed manpower, for
some key institutions in the economy.

The Scope and Practice of Internal Auditing in Ethiopia
In order to assess the state of internal auditing in the country as a basis for further
action to strengthen the function, a survey was conducted by the Office of the Auditor
General in 1991. The main purposes were to determine the service quality,
methodology and educational and skill content as well as organizational structure of
internal auditing. The survey was carried out by means of questionnaires developed by
an ad hoc committee.
Although the questions were widely distributed the analysis was based on the 362
responses obtained from 312 different ministries, government departments and 50
public enterprises. In other words, 86% of the responses were obtained from public
bodies.
The survey indicated that there was a serious lack of internal audit education and
training. An accounting background has been seen as the most important requirement
for entry into the internal auditing work. Such a requirement, however, does not
provide internal auditors with the knowledge of adequate analytical tools necessary for
carrying out their professional responsibilities. Hence the findings of the survey at the
time indicated that the scope and professional content of internal auditing work was
severely limited to:
1 Low-level financial and compliance audits,
2 Pre-audit
3 Non-audit work such as witnessing the hand-over of stores, cash and
personnel transfers

The prevalence of such limited scope of work of internal auditing was attributed to a
number factors, which included:
1 The low level education, training and experience of internal auditors
2 The lack of management awareness about the functions and contributions of
internal auditing
3 The prevalence of weak internal control systems in organizations in which
internal audit is an integral part.
4 The absence of a professional organization to cater for the professional
development of internal auditing in the country for a long time.
Presently, Government has taken the initiative to improve upon some of the above
enumerated weaknesses and to reorganize and strengthen the internal auditing practice
both in public bodies and fully and/or partially Government owned enterprises; to this
effect, not only did Government provide for the necessary legislative framework by the
Financial Administration Proclamation of the Federal Government (Proclamation
57/1996) and the Council of Ministers Regulation (Regulation No. 17/1997) as well as
directives issued by MoFED but also taking measures to reorganize and strengthen
internal auditing in these organizations.
Need to Adopt the Professional Practice Framework of the Institute of Internal Auditors (IIA)
Based on the general contents of the Ministry of Finance and Economic Development
(MoFED) Procedural Audit Manual, the T.M. has adopted the Professional Practice
Framework of the IIA in developing and structuring the T.M. The rationale for this
can be the fact that:
1 The framework consists of a common body of knowledge most thoroughly

researched, authoritative and globally accepted for the training and
practice of internal auditing;
2 The MoFED Manual has already tried to adapt some of the contents;

3 Internal Audit studies, qualification exams are based on the contents of

this Framework and this would assist Ethiopian candidates to familiarize
themselves with the basic materials.
4 The Framework is made up of best practice guides for modern day internal
auditing profession and it is expected that any development and
modernization of internal auditing should be based on this Framework.

SESSION III
The Professional Practice Framework
Definition: It is a framework of best practice guidance containing an assemblage of

internal auditing literature that informs internal auditing professionals what
is required of them and how they are expected to perform their work to
meet the requirements of their professional responsibilities. The
Framework embodies the entire core elements of the profession of internal
auditing, as it should be practiced. Thus, it furnishes “… a consistent,
organized method of looking at the fundamental principles and procedures
that make internal auditing a unique, disciplined, and systematic activity”
(Christy Chapman, Urtou Anderson).
Contents: The Framework contains mandatory and optional elements. The

mandatory elements have to be followed by all IIA members, Certified
Internal Auditors and anyone purporting to provide internal audit services.
The elements in this category consist of the official definition of Internal
Auditing, the Code of Ethics and the Standards for the Professional Practice
of Internal Auditing. These enunciations define the characteristics,
procedures, and activities that are considered essential to the professional
practice of internal auditing.
The optional elements of the Framework include: the Practice Advisories and the
Development and Practice Aid. Practice Advisories (PAs) are enunciations, which are
strongly recommended and endorsed by the IIA, but they are not mandatory. PAs
assist in the interpretation and explanation of the Standards or their applications in
particular internal auditing environments. They may also consist of guidance coming
from some standards setting bodies accepted and adopted by the various IIA working
committees.

Development and Practice Aids are made up of a variety of materials, including

research studies, books, seminars, conferences, and other outputs and services. These
are important supporting materials either developed or endorsed by the IIA, and they
usually describe best practices or furnish information and ideas for appropriately
implementing the Standards and Practice Advisories.
Since the knowledge and practice of modern day internal auditing has to be based on
the above described guidance contained in the Internal Auditing Practice Framework,
these guidance must be construed as the basis and the center-piece of the Training
Module; because other internal auditing tasks have to be based on these guidance.
Hence internal auditors have to have the proper understanding and knowledge of these
guidance before they are able to perform and render modern day audit services. It is,
therefore important that these parts of the TM properly details out and elaborates each
one of, at least, the mandatory guidance.
The Definition of Internal Auditing (IA)
Internal Auditing is defined by IIA as “an independent and objective assurance and
consulting activity designed to add value and improve an organization‟s operations. It
helps an organization accomplish its objectives by bringing in a systematic and
disciplined approach to evaluate the effectiveness of risk management, control and
governance process”.
Learning Objectives
1 Understand the meaning and functions of internal auditing (IA). Internal audit
theory practice and the guidance given in the Standards as well as the Code of
Ethics emanate from the definition.
2 Help learners to understand internal audit as an assurance and consulting
service.

3 Assist trainees to understand internal auditing as “an independent and objective

activity”.
4 To make trainees conscious that value adding is underscored.
5 To create awareness that, IA is charged with helping the whole organization in
achieving its overall objectives.
6 To help participants (trainees) understand that modern IA is elevated to a new
height of gauging the effectiveness of management in managing risk, control
and governance processes.
In explaining the tenets of this most recent definition, the instructor (facilitator) is
expected to ensure that trainees understand the meaning and significance of the
following important concepts and phrases embodied in the definition:
7 Objective Activity: the definitions, which existed before this, described internal
auditing (IA) as “as an independent function established within an
organization”. The present definition chooses “activity” over “function”, and
eliminates the phrase “within an organization”. Activity is a more detailed
responsibility carried out by the individual auditor who may be outside the
organization contracted by the organization to provide an internal audit service.
In doing so the new definition has allowed outsourcing for those who seek
quality internal audit service where they are unable to place reliance on internal
skills.
It should also be noted that, the definition adds “objective” instead of the more
restrictive word “independence” in order to allow auditors to be more responsive to
their customers. In accordance with the Guidance Task Force of the IIA, the auditor
adds value through his or her objective analysis and recommendation for improvement.
Hence, objectivity can be considered a defining characteristic of the profession. The
reference to “independence” was retained, but not in the effort to limit who could

provide internal audit services and what those services could be. Instead,
independence in the new definition reflects the audit activity‟s “freedom to determine
audit or assurance scope and to perform the appropriate scope of work” (Christy
Chapman and Urton Anderson).
8 Assurance and consulting: Past definitions which characterized internal auditing

as “an appraisal function” did not accurately reflect the types of service most
audit offices provided to-day, nor did it allow for internal auditing‟s increasingly
expansive and influential role in organizations. Emphasis on assurance and
consulting work provide the new definition to convey a more proactive,
customer-driven approach to play significant roles in control, risk management
and governance processes of organizations.
9 Adding value and Improving: In the past, the fact that internal auditing should
render visible benefit was not always emphasized. Now it is clearly stated that
added benefit or value is no longer an option for most audit shops. In fact
management expects and demands all functions to create visible value. While
all audits are expected to benefit the organizations by informing management of
the status and reliability of their control structures, the value of this was not
always adequately perceived. By expressly stating, in the definition, that
internal auditing is designed to “add value and improve”, the profession
underscores its commitment to give organizations value-adding services.
10 Considering the whole organization: the long held thought that the objective of
internal auditing is to "assist members of the organization in the effective
discharge of their responsibilities" has now changed. The current definition lifts
the focus of internal auditing from the individual to the organizational level.
The present day internal auditing is charged with the duty of helping the
organization accomplish its overall objectives. Such a mandate requires auditors

to understand the goals and processes of the organization and to view problems
and their solutions from a much broader perspective than that resulting from
single, functional view point.
11 Improve the effectiveness of Risk Management, Control and Governance
Processes: on the definition that existed before the current one, internal audits
were characterized by the "analyses, appraisals, recommendations, counsel and
information concerning the activities being reviewed" and by their capabilities
to promote "effective control at reasonable cost".
The current definition, by stating that internal auditors are to evaluate and improve the
effectiveness of risk management, control, and governance processes, presents a much
broader view of the working domain of the internal auditor. In accordance with the
current definition, one is expected to understand that controls only exist to help the
organization manage its risk and promote effective governance processes. It would
appear, therefore internal auditors are charged with a much broader and more involved
role to play in the organization.

II. INTERNAL AUDITING STANDARDS OF PUBLIC BODIES OF THE

GOVERNMENT OF ETHIOPIA
SESSION IV
INTRODUCTION TO THE STANDARDS AND THE ATTRIBUTE
STANDARDS
This module contains only one session divided into the following two parts:
1 Introduction to the Standards for the Professional Practice of Internal
Auditing; and,
2 The Attribute Standards.
Introduction
The Internal Audit Standards of Public Bodies of the Government of Ethiopia are
contained in the Audit Procedural Manual issued by the MoFED (as is stated in the
Manual Pages 16-37). The Manual also states that the Standards reflect the Standards
for the Professional Practice of Internal Auditing issued by the Institute of Internal
Auditors (The IIA Incorporated). However, a close look indicates that there are some
serious lacuna of omissions and misstatements that this Training Module has to rectify
in the course of the preparation of the course materials on the Standards. This Module
has, in fact, adopted the new Standards of the IIA, which came into force in January
2002.
Internal audit work is performed in different countries varying in legal and cultural
environment; within organizations that vary in purpose, size, and structure; by persons
within or outside the organization. Obviously, these differences may affect the practice
of internal auditing in each environment. Consequently, the need to follow the
Standards for the Professional Practice of Internal Auditing becomes essential if the
responsibilities of internal auditors are to be fulfilled.

The purpose of the Standards can be:

1 To provide a framework for performing and promoting a broad range of
value-added internal audit activities.
2 Delineate basic principle that represents the practice of internal auditing, as
it should be.
3 Establish the basis for the measurement of internal audit programme.
4 Forster improved organizational processes and operations.
The MoFED Internal Audit Manual acknowledges only two types of Standards i.e., the
Attribute Standards and the Performance Standards. But according to the IIA Practice
Framework there are three types of Standards namely, Attribute, Performance and
Implementation Standards. As Implementation Standards are presented in a super
imposed manner on the first two, it may not have been clear to the authors of the
Manual. Therefore, this does not seem to be a deliberate omission on the part of the
preparers.
The layout and the structure of the Standards in the MoFED Manual also differ from
that of the latest IIA Standards. The Attribute Standards are serialized from 100 to 400
whereas the Performance Standards cover form 500 to 1300. Attribute Standards in the
IIA Professional Practice Framework (the PPF) consists of 1000 series and the
Performance Standards 2000, and Implementation Standards. The Attribute Standards
address the attributes or the characteristics of organizations and/or individuals
performing internal audit activities and provide quality criteria against which the
performance of these services can be measured. The Attribute and Performance
Standards apply to internal auditing services in general. The Implementation Standards
apply the Attribute and Performance Standards to specific types of engagements (for
instance, compliance audits, fraud investigations, etc.).

Quite apart from the various omissions, and other shortcomings, the Internal Audit
Standards of the Public Bodies contained in the MoFED Manual seem to be adopted
from the IIA Standards published in 1975. However, these Standards have been
thoroughly revised and adopted in 1999 and operationalized in January 2002. The
revised IIA Standards envisaged very significant changes both in content and structure.
It is agreed with pertinent MoFED officials to base the Standards to be adopted in this
Training Module on the revised latest one.
Attribute Standards
The Attribute Standards contain four main Standards, ten sub-Standards which in turn
are divided into 13 Implementation Standards and other sub-divisions the details of
which can be seen in the treatment of the Attribute Standards in the following part of
the Module:
1000 Purpose, Authority, and Responsibility
1100 Independence and Objectivity
1200 Proficiency and Due Professional Care
1300 Quality Assurance and Improvement.
These are the general standards of the Attributes series, which are divided into
descending details. As the devil is in the detailed, instructors and trainees are advised
to master the detailed standards in order to comply with the Standards and carry out
their responsibilities effectively.
1000 Purpose, Authority, and Reasonability
The purpose, Authority, and Responsibility of the Public Body‟s internal auditing
activity should be clearly and formally defined in a Charter, consistent with the
Standards and approved by the Head of the Public Body or by the Board if applicable.

In these Standards “Charter” may be construed to mean any official document issued by
the Public Body, giving recognition to the function, authority and responsibility of the
internal auditing service. It may be an organization chart of the Public Body in which
the functions, authorities and responsibilities of the internal auditing department or
division or service is officially embodied and recognized.
1000.A1 The nature of assurance (audit) services provided to the organization

should be defined in the Audit Charter. If assurances are to be
provided to parties outside the organization, the nature of these
assurances should also be defined in the audit charter.
In accordance with this assurance (audit) Implementation Standards if

the internal audit unit is expected to provide audit services to
organization(s) outside the Public Body, this should be indicated in its
Charter and the type of audit service should also be expressed; an
example of this may be audit quality review, compliance audit, etc.
1000.C1 The nature of consulting services should be defined in the Audit

Charter. This Standard requires that if the audit unit is envisaged to
provide consultancy service in its Charter then the nature of this
consultancy service should be specified in its Charter, for instance, the
unit may engage in developing internal audit training material or review
of the organization‟s structure of an internal audit department of the
Public Body.
1100 Independence and Objectivity
The internal audit activity (internal audit unit) should be independent, and internal
auditors should be objective in performing their work.

It is important that both instructors and trainees should clearly understand the nature
of this Standard and they should be careful not to be misled by the MoFED Procedural
Manual, which misconstrued the nature of this Standard.
It this Standard the concept and the word independence is applicable to the internal
audit organization only and not to the individual auditor to whom objectivity is
applicable. Independence is the attribute of the internal audit organization which
should enable the internal audit organization to have unlimited scope of work,
determine the methodology and the manner of carrying it out. The Standard
recognizes that individual auditors are employees of the organization and while
performing their duties they are governed by rules, regulation and guidelines of the
organization but when carrying out their professional duties the Standards requires
them to be objective.
1110 Organizational Independence
The Chief Audit Executive (the Head of the Internal Audit unit) should report
to a level within the organization that allows the Internal Audit department
(unit, division) to fulfill its responsibilities.
In the Ethiopian circumstances, this Standard requires that the Head of the
Internal Audit of a Public Body should report to the Head of the Public Body.
As to why it should be so is specified in the following Implementation Standard
1110-A1.
1110-A1 The internal audit activity should be free from interference in

determining the scope of internal auditing, performing work,
and communicating results.

Internal audit units in Public Bodies should be free to

determine the scope of internal auditing, and performing their
work. In a Public Body, there must be a free access to
information for internal audit in performing their audit
duties. Sometime auditees may ask why particular
information is required and what its relevance to the audit is.
Disclosing the reasons depends on the circumstances
surrounding the audit engagement. Existence of significant
irregularities may dictate not to adopt cooperative
environment. However, this has to be determined by the
Head of the audit unit in the light of the prevailing
circumstances.
1120 – Individual Objectivity

Internal auditors should have an impartial, unbiased attitude and avoid conflicts
of interest.
In complying with the Standards or evaluating individual objectivity, auditors
of Public Bodies are expected to consider the following five points:
1 Auditors should maintain an independent mental attitude in performing

their audit work. They are not expected to subordinate their judgment
on audit matters to that of others.
2 The principle of objectivity dictates that internal auditors perform their

audit work in such a way that they have an honest belief in their work
product and that no material quality compromises are made. Any
auditor in a Public Body should not be placed in a situation in which he
believes he is unable to make objective professional judgment.

3 Internal audit organizations in Public Body ought to carry out staff

assignments in such a way that potential and actual conflicts of interest
and bias are avoided. The Head of the Internal Audit department or unit
should periodically receive from his internal audit staff information
concerning potential conflicts of interest and bias. In order to avoid
conflicts of interest and quality compromises Internal Audit Heads
should rotate assignments of auditors whenever practicable to do so.
4 Audit organizations in Public Bodies should make sure that the results of
internal audit work is reviewed before audit reports are issued in order
to provide reasonable assurance that the work was carried out
objectively.
5 Although auditors in Public Bodies may be aware, the principles of

individual objectivity require that it should be expressly stated that it is
unethical for an internal auditor to accept a fee or a gift from an
employee, client, customer, supplier or a business associate. Doing such
a thing may create an appearance that the auditor‟s objectivity has been
impaired. It should also be understood that the appearance that
objectivity has been impaired may apply to current and future
engagements conducted by the auditor. Auditors should know that the
Standard does not allow the receipt of fees or gifts by justifying by the
status of audit engagements. The receipt of promotional items (for
instance, pens, calendars and the like), which are available to the general
public at minimal value, should not be thought to hinder internal
auditors‟ professional judgments. Internal auditors should report the
offer of all material gifts or fee immediately to their supervisors.

1130 Impairment to Independence or Objectivity
If independence or objectivity is impaired in fact or in appearance the details of

the impairment should be disclosed to appropriate parties. The nature of the
disclosure will depend on the nature of the impairment.
In applying this Standard it is suggested that auditors in Public Body should try
to follow the following guidelines and explanations.
1 If they face situations in which a conflict of interest or bias is present

or may reasonably be inferred internal auditors should report to the
Head of Internal Audit.
2 Auditors in Public Bodies have to know that scope impairment or
limitation is a restriction placed upon the internal audit organization
to bar the organization from accomplishing its objectives and plans.
Auditors have also to know that scope limitations may include but
not limited to:
o Scope defined in the organization chart and job
description.
o Internal audit organization‟s access to records, personnel,
and physical properties relevant to the performance of
audit.
o Approved audit work schedule.
o Performance of necessary audit procedures.
o Approved staffing plan and financial budget.
3 Internal auditors of Public Bodies should report any scope
limitations, in writing to the Head of the Public Body.

1130.A1 Internal auditors should refrain from assessing specific

operations for which they were previously responsible;
objectivity is presumed to be impaired if an auditor provides
assurance (audit) services for an activity for which the auditor
had responsibility in the previous year.
In Ethiopia, sometimes auditors are transferred from various non-audit posts to
the audit unit. Because of the lack of awareness about issues raised by this
particular Implementation Standard, the transferred personnel is assigned to
audit tasks for which they were responsible before they came to the audit unit;
it is required that at least a year has to elapse in their new position before they
audit their activities of the previous post. This Standard states that objectivity is
presumed to be impaired if any auditor provides audit (assurance) services for an
activity for which the auditor had responsibility in the previous year.
Therefore, auditors of Public Bodies should beware of accepting audit
assignments pertaining to their previous responsibilities before they spend at
least a year in the audit department or unit.
The Standard also requires that internal auditors should not assume operating
responsibilities. If senior management directs internal auditors to perform non-
audit work, it should be understood that they are not functioning as internal
auditors. Sometimes Heads of Public Bodies may direct auditors to perform
non-audit duties that may impair objectivity such as performing pre-audit,
preparation of bank reconciliation; in such a case, the Internal Audit Head
should inform the Head of the Public Body that these activities are not audit
activities, and therefore, audit-related conclusions should not be expected to be
drawn.

However, notwithstanding the preceding paragraphs, the internal auditor‟s

objectivity is not impaired when the auditor recommends standards of control
for system or reviews procedures before they are implemented. The auditor‟s
objectivity is considered to be impaired if the auditors designs, installs, drafts
procedures for, or operates such systems.
1130.A2 Assurance engagements for functions over which the Chief

Audit Executive has responsibility should be overseen by a
party outside the internal audit activity.
Audit pertaining to the responsibilities of the Chief of internal auditing
organization should be supervised by a party outside the internal audit
organization.
1130.C1 Internal auditors may provide consulting services relating to

operations for which they had previous responsibilities. This
does not entail any impairment of objectivity.
1130.C2 If internal auditors have potential impairments to independence

or objectivity relating to proposed consulting services,
disclosure should be made to the engagement client prior to
accepting the engagement.
1200 Proficiency and Due Professional Care
Engagement should be performed with proficiency and due professional care.

According to the requirement of this Standard, auditors in Public Body and
elsewhere must be aware that:

 Professional proficiency is the responsibility of both the Head of

the Internal Audit and each internal auditor. However, the Head
of the Internal Audit should ensure that staff assigned to each
audit collectively possesses the necessary knowledge, skills, and
other competencies to conduct the audit properly.
 Internal auditors should comply with professional standards of
conduct. The Institute of Internal Auditors‟ Code of Ethics goes
beyond the definition of Internal Auditing to include two very
important elements:
o Principles that are relevant to the profession and practice

of internal auditing: integrity, objectivity, confidentiality
and competency, and
o Rules of conduct that describe behaviour norms expected
of internal auditors. These rules are an aid to interpreting
the principles into practical applications and are intended
to guide the ethical conduct of internal auditors.
1210 Proficiency
Internal auditors should possess the knowledge, skills, and other competencies
needed to perform their individual responsibilities. The internal audit
organization collectively should possess or obtain the knowledge, skills, and
other competencies needed to perform its responsibilities.
 Internal auditors of Public Bodies should individually possess certain

knowledge, skills, and other competencies:
 Proficiency in accounting principles and techniques is required of

auditors who work extensively with financial records and reports.

 An understanding of management principles is required to

recognize and evaluate the materiality and significance of
deviations from good practices. An understanding means the
ability to apply broad knowledge to situations likely to be faced,
to recognize or distinguish significant deviations, and to be able
to carry out the research necessary to arrive at reasonable
solutions.
 An appreciation is required of the fundamentals of subjects such
as accounting, economics, commercial law, taxation, finance,
quantitative methods and information technology. An
appreciation means the ability to recognize the existence of
problems or potential problems and to determine the further
research to be undertaken or the assistance to be obtained.
 Internal auditor in public bodies should be skilled in dealing with people
and in communicating effectively. Auditors of public bodies should also
understand human relations and maintain satisfactory relationship with
auditees.
 Internal auditors in the service of public bodies should be skilled in oral
and written communication so that they can clearly and effectively
convey such matters as audit objectives, evaluations, conclusions and
recommendations.
 Head of Public Body‟s Internal Audit should establish suitable criteria of
education and experience for filling internal audit positions, giving due
consideration to scope of work and level of responsibility. Reasonable
assurance should be obtained as to each prospective auditor‟s
qualification and proficiency.
 The internal audit staff in the organization should collectively possess the
knowledge and skills essential to the practice of the profession within
the organization.

1210.A1 The Chief Internal Auditor of a Public Body should obtain

competent advice and assistance, if the internal audit staff
lacks the knowledge, skills, or other competencies needed to
perform all or part of the audit engagement.
In the present circumstances of internal audit in Ethiopia, it may be difficult for
the internal auditing unit in Public Body to out-source the audit work.
However, this Implementation Standard require that the internal auditing
department or unit should have employees or use outside service providers who
are qualified in disciplines such as accounting, auditing, economics, finance,
statistics, information technology, engineering, taxation, law, environmental
affairs, and such other areas as needed to meet the internal audit department‟s
or unit‟s responsibilities. It should be noted, however that each member of the
audit organization need not be qualified in all disciplines.
1210.A2 The internal auditor should have sufficient knowledge to

identify the indicators of fraud but is not expected to have the
expertise of a person whose primary responsibility is detecting
and investigating fraud.
A. In the context of this Assurance Implementation Standard auditors of Public

Bodies should know, in the first place that fraud encompasses an array of
irregularities and illegal acts characterized by intentional deception. It can
be committed for the benefit of or to the detriment of the organization and
by person outside or inside of the organization, as can be elaborated in the
following paragraphs.

B. Fraud designed to benefit the organization generally produces such benefit

by exploiting an unfair or dishonest advantage that may also deceive an
outside party. Perpetrators of such frauds usually accrue (gain) an indirect
benefit. Instances of frauds designed to benefit the organization include:
1 Sale or assignment of fictitious or misrepresented assets.
2 Improper payments such as illegal political contributions, bribes,

kickbacks, and payoffs to Government officials, intermediaries of
Government officials, customers or suppliers.
3 Intentional, improper representation or valuation of transactions,

assets, liabilities, or income.
4 Intentional, improper transfer pricing (e.g. valuation of goods

exchanged between related organizations). By purposely
structuring pricing techniques improperly, management can
improve the operating results of an organization involved in the
transaction to the detriment of the other organization.
5 Intentional, improper related-party transactions in which one

party receives some benefit not obtainable in an arm‟s length
transaction.
6 Intentional failure to record or disclose significant information to

improve the financial picture of the organization to outside
parties.
7 Prohibited business activities such as those that violate

Government statutes, rules, regulations or contracts.
8 Tax fraud.
C. In the same view one can consider fraud perpetrated to the detriment of the
organization. This has generally to do with the direct or indirect benefit of
an employee, outside individual, or another organization. Some instances
are:

1. Acceptance of bribes or kickbacks.
2. Diversion to an employee or outsider of a potentially profitable

transaction that would normally generate profit for the
organization.
3. Embezzlement, as typified by the misappropriation of money or

property, and falsification of financial records to cover up the
fact, thus making detection difficult.
4. Intentional concealment or misrepresentation of events or data.
5. Claims submitted for services or goods not actually provided to

the organization.
D. There are four main phases in considering fraud audit. These phases consist
of deterrence, detection, investigation and prosecution. Deterrence of fraud
consists of those actions taken to discourage the commitment (perpetration)
of fraud and limit the exposure if fraud does occur. The important
mechanism for deterring fraud is control. Primary responsibility for
establishing and maintaining control rest with the management.
E. Internal auditors are responsible for assisting in the determination of fraud
by examining and evaluating the adequacy and the effectiveness of the
system of internal control, commensurate with the extent of the potential
exposure/ risk in the various components/ segments of the organization‟s
operations. In carrying out this responsibility, internal auditors should, for
instance, determine:
1. The organizational environment fosters control consciousness.
2. Realistic organizational goals and objectives are set.
3. Written policies (e. g. Code of Conduct) exist that describe

prohibited activities and the action required whenever violations
are discovered.
4. Appropriate authorization policies for transactions are established
and maintained.

5. Policies, practices, procedures, reports, and other mechanisms are

developed to monitor activities and safeguards assets, particularly
in high-risk areas.
6. Communication channels provide management with adequate
and reliable information.
7. Recommendations need to be made for the establishment or
enhancement of cost-effective controls to help deter fraud.
F. When an internal auditor suspects or detects wrongdoing, the appropriate

authorities within the organization should be informed. The internal
auditor may recommend whatever investigation is considered necessary in
the circumstances. Thereafter, the auditor should follow up to see that the
internal audit department„s or unit‟s responsibilities have been fulfilled.
G. Investigation of fraud consists of performing extended procedures necessary

to determine whether fraud, as suggested by the indicators, has occurred. It
includes gathering sufficient information about the specific details of a
discovered fraud. Internal auditors, lawyers, investigators, security
personnel, and other specialists from inside or outside the organization are
the parties that usually conduct or participate in fraud investigation.
H. When conducting fraud investigation (if they do), internal auditors should:
 Assess the probable level, the extent of complicity in the fraud
within the organization. This can be critical to ensure that
the internal auditor avoids providing information to or
obtaining misleading information from persons who may be
involved.
 Determine the knowledge, skills and other competencies

needed to carry out the investigation effectively. An
assessment of the qualifications and the skill of internal
auditors and of the specialists available to participate in the
investigation should be performed to ensure that engagements
are conducted by individuals having appropriate types and
levels of technical expertise. This should include assurance on

such matters as professional certifications, licenses,

reputation, and the fact that there is no relationship to those
being investigated or any of the employees or management of
the organization.
 Design procedures to follow in attempting to identify the

perpetrators, extent of the fraud, the techniques used and
cause of the fraud.
 Coordinate activities with management personnel, legal

counsel, and other specialists as appropriate throughout the
course of the investigation.
 Be cognizant of the rights of alleged perpetrators and

personnel within the scope of the investigation and the
reputation of the organization itself.
I. Once the fraud investigation is concluded, internal auditors should assess

the facts known in order to:
 Determine if controls need to be implemented or
strengthened to reduce future vulnerability.
 Design engagement tests to help disclose the possibility of

similar fraud occurring in the future.
 Help meet internal auditor‟s responsibility to maintain

sufficient knowledge of fraud and thereby be able to identify
future indicators of fraud.
J. Reporting of fraud consists of the various oral or written, interim or final

communication to management regarding the status and results of fraud
investigation. The Chief Internal Auditor has the responsibility to report
immediately any incident of significant fraud to senior management, the
Head or Deputy Head of the Public Body. Sufficient investigation should be
in place to establish with reasonable certainty that a fraud has occurred
before any fraud reporting is made. A preliminary or final report may be
desirable at the conclusion of detection phase. The report should include
the internal auditor‟s conclusion as to whether sufficient information exists

to conduct a full investigation. It should also summarize observations and

recommendations that serve as the basis for such decision. A written report
may follow any oral briefing made to management and the Head of the
Public Body or the Deputy Head in the former‟s absence to document the
findings.
K. Detection of fraud consists of identifying indicators of fraud sufficient to

warrant recommending an investigation. These indicators may arise as a
result of controls established by management, tests conducted by the
auditors, and other sources both within and outside the organization.
L. In conducting engagements (audits), the internal auditor‟s responsibilities in

detecting fraud are to:
 Have sufficient knowledge of fraud to be able to identify
indicators that fraud may have been committed. This
knowledge includes the characteristics of fraud, the
techniques used to commit fraud and the types of fraud
associated with the activities reviewed.
 Be alert to opportunities, such as control weaknesses that

could allow fraud, if significant control weakness are detected;
additional tests conducted by internal auditors should include
tests directed towards identification of other indicators of
fraud. Some examples of indictors are unauthorized
transactions, override of controls, unexplained pricing
exceptions unusually large product losses. Internal auditors
should recognize that the presence of more than one indicator
at any one time increases the probability that fraud may have
occurred.
 Evaluate the indicators that fraud may have been committed

and decide whether any further action is necessary or
whether an investigation should be recommended.

 Notify the appropriate authorities within the organization if a

determination is made that there are sufficient indicators of
the commission of the fraud to recommend an investigation.
M. Internal auditors are not expected to have knowledge equivalent to that of

the person whose primary responsibility is detecting and investigating
fraud. Also, audit procedures alone, even when carried out with due
professional care, do not guarantee that fraud will be detected.
1210.A2 The internal auditor should have sufficient knowledge to

identify the indicators of fraud but is not expected to have the
expertise of the person whose primary responsibility is
detecting and investigating fraud.
A. In the application of this Assurance Implementation Standard management

and the internal audit department of Public Bodies, should be aware that
each one of them has differing roles with respect to fraud detection. The
normal course of work for internal audit department is to provide an
independent appraisal, examination, and evaluation of an organization‟s
activities as a service to the organization. The objective of internal auditing
in fraud detection is to assist members of the organization in the effective
discharge of their responsibilities by furnishing them with analyses,
appraisal, recommendations, counsel, and information concerning the
activities reviewed. The engagement (audit) objective includes promoting
effective control at a reasonable cost.
B. Management has a responsibility to establish and maintain an effective

control system at a reasonable cost. To the degree that fraud may be present
in activities covered in the normal course of work as defined above, internal
auditors have a responsibility to exercise “due professional care” as

specifically defined in Standard - 1220 with respect to fraud detection.

Internal auditors should have sufficient knowledge of fraud to identify the
indicators that fraud may have been committed, be alert to opportunities
that could allow fraud, evaluate the need for additional investigation, and
notify the appropriate authorities.
C. A well-designed internal controls system should not be conducive to fraud.

Tests conducted by auditors along with reasonable controls established by
management, improve the likelihood that any existing fraud indicators will
be detected and considered for further investigation.
1220 - Due Professional Care
Internal auditors should apply the care and skill expected of a reasonably
prudent and competent internal auditor. Due professional care does not imply
infallibility.
A. In applying or in evaluating the application of this Standard, internal

auditors of Public Bodies should be cognizant of the fact that due
professional care calls for the application of the care and skill expected of a
reasonably prudent and competent internal auditor in the same or similar
circumstances. Professional care should therefore, be appropriate to the
complexities of the engagement (audit) being performed. In exercising due
professional care, internal auditors should be alert to the possibility of
intentional wrongdoing, errors and omissions, inefficiency, waste,
ineffectiveness, and conflicts of interest. They should also be alert to those
conditions and activities where irregularities are most likely to occur. In
addition, they should identify inadequate controls and recommend
improvements to promote compliance with acceptable procedures and
practices.

B. Due care implies reasonable care and competence, not infallibility or

extraordinary performance. Due care requires the auditor to conduct
examinations and verifications to a reasonable extent, but does not require
detailed reviews of all transactions. Accordingly, internal auditors cannot
give absolute assurance that non-compliance or irregularities do not exist.
Nevertheless, the possibility of material irregularities or noncompliance
should be considered whenever an internal auditor undertakes an internal
audit assignment.
1230 Continuing Professional Development
Internal auditors should enhance their knowledge, skills and other

competencies through continuing professional development.
A. Internal auditors of Public Bodies should be aware that they are responsible
for continuing their professional education in order to maintain their
proficiency. They should keep informed about improvements and current
developments in internal audit Standards, procedures, and techniques.
Continuing education may be obtained through membership and
participation in professional societies; attendance at conferences, seminars,
college courses and in-house training programs; and participation in
research projects.
B. Internal auditors are encouraged to demonstrate their proficiency by
obtaining appropriate professional certification, such as the Certified
Internal Auditors designation and other designations offered by the
Institute of Internal Auditors.
C. Internal auditors of Public Bodies with professional certifications should
obtain sufficient continuing professional education to satisfy requirements
related to the professional certification held.

D. Internal auditors not presently holding appropriate certifications are

encouraged to pursue an education program that supports efforts to obtain
professional certification.
1300 Quality Assurance and Improvement Program
The Chief of Internal Auditing should develop and maintain a quality assurance
and improvement program that covers all aspects of the internal audit
department and continually monitor its effectiveness. The program should be
designed to help the internal auditing department add value and improve the
organization‟s operations and to provide assurance that the internal audit
department is in conformity with the Standards and the Code of Ethics.
1310 Quality Program Assessments
The internal audit activity (organization) should adopt a process to monitor and
assess the overall effectiveness of the quality program. The process should
include both internal and external assessments.
1 The responsibility for implementing quality programs of internal auditing

in Public Bodies rests with the Head of Internal Audit department (unit).
He or she is responsible for implementing processes that are designed to
provide reasonable assurance to the various stakeholders of the internal
audit unit that it:
 Performs in accordance with its establishing Charter (mandate),

which should be consistent with the Standards for the
Professional Practice of Internal Auditing and the Code of Ethics.
 Operates in an effective and efficient manner, and,

 Is perceived by those stakeholders as adding value and improving

the organization‟s operations. These processes should include
appropriate supervision, periodic internal assessments and
ongoing monitoring of quality assessments and periodic
external assessments.
 Monitoring Quality Programs: Monitoring should include ongoing
measurements and analyses of performance indicators.
 Assessing Quality Program: Assessment should evaluate and
conclude on the quality of the internal audit activity and lead to
recommendations for appropriate improvements.
 Assessment of quality programs should include evaluation of:
- Compliance with the Standards and Code of Ethics;
- Adequacy of the internal audit unit‟s mandate (Charter),

goals, objectives, policies, and procedures.
- Contribution to the organization‟s risk management,
control, and governance processes.
- Compliance with the applicable laws, regulations and
Government or industry standards.
- Effectiveness of continuous improvement activities and
adoption of best practices, and,
- Whether the audit activity adds value and improves the
organization‟s operations.
1311- Internal Assessments
Internal quality assessments should include:
 Ongoing reviews of the performance of the internal audit unit;

and,

 Periodic reviews performed through self-assessment or by other

persons in the organization, with knowledge of internal audit
practices and the Standards.
1312 - External Assessments
External assessments, such as Quality Assurance Reviews, should be conducted

at least once every five years by a qualified and independent reviewer or review
team from outside the organization. Internal audit units in Public Bodies can be
reviewed by qualified individuals or teams of internal auditors outside the
organization. Reviews can also be conducted by qualified external auditors.
External assessments of an internal audit unit should appraise and express an
opinion as to the internal audit unit‟s compliance with the Standards for the
Professional Practice of Internal Auditing and, as appropriate, should include
recommendations for improvement.
The organization that is performing the external assessment, the members of the
review team, and any other individuals also participating in the assessment
should be free from any obligation to, or interest in, the organization that is the
subject of the review or its personnel. Individuals, who are in another
department of that organization, although organizationally separate from the
internal audit department, are not considered independent for purposes of
conducting an external assessment.
Reciprocal peer review arrangements between three or more organizations can

be structured in a manner that alleviates independence concern. However,
reciprocal peer reviews between two organizations generally should not be
performed.

In matters of external review, integrity requires the review team to be honest

and cordial within the constraints of confidentiality. Service and public trust
should not be subordinated to personal gain and advantage. Objectivity is a
state of mind and a quality that lends value to the review team‟s services. The
principle of objectivity imposes the obligation to be impartial, intellectually
honest, and free of conflict of interest.
On completion of the review, a formal communication or a report should be

provided to the Head of the Public Body.
1320 Reporting on the Quality Program
The Chief of the Internal Audit department should communicate the results of
the external assessment to the Head of the Public Body. Internal auditors of
Public Bodies should consider the following suggestions when reporting on the
quality program:
1 Upon completion of an external assessment, the review team should

issue a formal report containing an opinion on the internal audit
organization‟s compliance with the Standards. The report should also
address compliance with the internal audit organization‟s mandate
(Charter) and other applicable Standards and include appropriate
recommendations for improvement. The report should be addressed to
the person or organization requesting the assessment.
2 The Head of the audit organization should prepare a written action plan
in response to the significant comments and recommendations contained
in the report of the external assessment. The Head also has the
responsibility for appropriate follow-up.

3 Internal auditors of Public Bodies need to understand that in

professional internal auditing, the evaluation of compliance with the
Standards is a critical component of an external assessment. On the
other hand, the review team should also acknowledge the Standards in
order to evaluate and give opinion on the audit organization‟s
compliance with the Standards.
1330 Use of “Conducted in Accordance with the Standards”
Internal auditors are encouraged to report that activities are “conducted in

accordance with the Standards for the Professional Practice of Internal
Auditing”. However, internal auditors may use the statement only if the
assessments of the quality improvement program demonstrate that the internal
audit unit/ department is in compliance with the Standards.

III. THE PERFORMANCE STANDARDS AND THE PROFESSIONAL

CODE OF ETHICS
SESSION V
PERFORMANCE STANDARDS
2000 Managing the Internal Audit Activity (Department or Unit)
The Chief Audit Executive (Internal Audit Head) should effectively manage the
internal audit unit to ensure it adds value to the Public Body.
Internal auditors of Public Bodies should consider the following suggestions in

connection with managing the internal audit department or unit:
 The internal audit head is responsible for properly managing the internal audit
unit so that:
1 Audit work fulfills the general purposes and responsibilities described in

the Charter (internal audit mandate), approved by senior management
and accepted by the Head the Public Body.
2 Resources of the internal audit unit are efficiently and effectively

employed.
3 Audit work conforms to the Standards for the Professional Practice of

Internal Auditing.
2010 Planning
The Chief Audit Executive (the Chief Internal Auditor) should establish risk-based
plans to determine the priorities of the internal audit activity (unit) consistent with the
Public Body‟s goals.

2010.A1 The internal audit activity‟s (unit‟s) plan of engagements should

be based on a risk assessment, undertaken at least annually.
The input of senior management and the Head of the Public
Body should be considered in this process.
Public Bodies‟ internal auditors in compiling with this Assurance Implementation

Standard should consider the following suggestions when planning the internal audit
activity (audit unit):
 Planning for the internal audit unit (activity) should be consistent with its
Charter (mandate) and with the goals of the Public Body. The planning process
involves establishing:
- Goals;
- Engagement (audit) work schedules;
- Staffing plans and financial budget;
- Activity reports.
 The goals of the internal auditing unit should be capable of being accomplished
within specified operating plans and budgets and, to the extent possible, should
be measurable. They should be accompanied by measurement criteria and
targeted dates of accomplishment.
 Engagement (audit) work schedules include:

- What activities are to be performed;
- When they will be performed; and,
- The estimated time required, taking into account the scope of the
engagement work plan and the nature and extent of related work
performed by others.

 Matters that the Public Body‟s internal auditors should consider in establishing
engagement (unit) or schedule priorities include:
- The dates and results of the last engagements;

- Up-dated assessments of risks and effectiveness of risk
management and control process;
- Requests by senior management, audit committee, if any,
and governing body;
- Current issues relating to organizational governance;
- Major changes in business, services, operations, programs,
systems and controls;
- Opportunities to achieve operating benefits; and,
- Changes to and capabilities of the audit staff. The work
schedules should be sufficiently flexible to cover
unanticipated demands on the internal audit unit.
2010.A2 Planning - The Chief Audit Executive (Internal Audit Head)

should establish risk-based plans to determine the priorities of
the internal audit, consistent with the Public Boy‟s goals.
This particular Assurance Implementation Standard deals with the linkage of the audit
plan to risk and exposures. The Public Body‟s risk strategy (if there is any) should be
reflected in the design of internal audit activity‟s plan. It is important that a
coordinated approach should be applied to leverage synergies between the
organization‟s risk management and the internal audit process. Internal auditors in
Public Bodies should also advise their organizations to develop risk management and
internal audit process. Internal auditors in Public Bodies should also advise their
organizations to develop risk management strategies where they do not exist. The
internal audit unit‟s audit plan should be designed based on an assessment of risk and
exposures that may affect the Public Body. Ultimately, the audit objective is to provide
management with information to mitigate the negative effects associated with
accomplishing the Public Body‟s objectives. The degree or materiality of exposure can
be viewed as risk mitigated by establishing control activities.

2010.C1 The Head of Internal Auditing should consider accepting

proposed consulting engagements based on the engagements
potential to improve management of risks, add value, and
improve the organization‟s operations. Those engagements
that have been accepted should be included in the plan.
When carrying out consulting work the internal audit unit
needs to take adequate care to avoid breaches of principles
and safeguards embodied in the Standards and the Codes of
Ethics concerning impairments to independence and
objectivity.
2020 Communication and Approval
The Chief Audit Executives or the Heads of Internal Auditing in Public Bodies should
communicate internal audit‟s plans, and resource requirements, including significant
interim changes in the plan, to senior management and to the Heads of Public Bodies
for review and approval. The Chief Internal Auditor should also communicate the
impacts of resource limitations.
In the exercise of their duties in accordance with the requirements of this Standard,
internal auditors of Public Bodies should consider the following important points that
may add value to their communication efforts:
 The Chief Internal Auditor should submit annually to the Head of
the Public Body for his/ her information and approval, a summary of
the internal audit unit‟s work schedule, staffing plan, and financial
budget. The Head of the audit unit should also submit all significant
interim changes and reasons thereof for approval and information.
Engagement work schedules, staffing plans, and financial budgets
should inform the Head of the Public Body of the scope of internal
audit work and of any limitation placed on that scope.

 The approved work schedule, staffing plan and financial budget,

along with all significant interim changes, should contain sufficient
information to enable the Head of the Public Body and supervising
authority in the Ministry of Finance and Economic Development
(MoFED) to ascertain whether the internal audit unit‟s objectives and
plans support those of the Public Body‟s and that of the Head of the
Public Body as well as that of MoFED.
2030 Resource Management
The Chief Internal Auditor should ensure that internal audit resources are appropriate,
sufficient, and effectively deployed to achieve the approved plan. In performing their
duties according to the requirements of this Standard, internal auditors should
consider:
 Staffing plans and financial budgets, including the number of auditors and
the knowledge, skills and other competencies required to perform their
work, should be determined from engagement work schedules,
administrative activities, education and training requirements, and audit
research and development efforts.
 The chief internal auditor should establish a program for selecting and
developing the human resources of the internal audit unit. His program
should provide for:
- Developing written job description for each level of the audit staff;
- Selecting qualified and competent individuals;
- Training and providing continuing educational opportunities for

each internal auditor;
- Appraising each internal auditor‟s performance at least annually;

- Providing counsel to internal auditors on their performance and

professional development.
2040 Policies and Procedures
The Chief Audit Executive should establish policies and procedures to guide the
internal audit activity. In complying with the requirement of this Standard, the Public
Body‟s internal auditors should consider the following suggestions when establishing
policies and procedures:
The form and content of written policies and procedures should be appropriate to the
size and structure of the internal audit unit/department and the complexity of its work.
Formal administrative and technical audit manuals may not be needed by all internal
audit entities. A small internal audit unit may be managed informally. Its audit staff
may normally be directed and controlled through daily, close supervision and written
memoranda. In a large internal audit unit/department, more formal and
comprehensive policies and procedures are essential to guide the audit staff in the
consistent compliance with the internal audit unit‟s standards of performance.
Quite apart from the foregoing suggestions, internal auditors in Public Bodies are
expected to apply relevant parts of the Internal Audit Manual developed by MoFED
along side this Training Module.
2050 Coordination
The Chief Audit Executive or the Chief Internal Auditor should share information and
coordinate activities with other internal and external providers of relevant assurance
and consulting services to ensure proper coverage and minimize duplication of efforts.

In complying with and implementing these Standards internal auditors of Public

Bodies should consider the following suggestion when coordinating activities with
other providers of relevant assurance and consulting services:
 Internal and external audit work must be coordinated to ensure adequate
audit coverage and to minimize duplication of efforts. The scope of
internal audit work encompasses a systematic and disciplined approach to
evaluate and improve the effectiveness of risk management, control and
governance processes. On the other hand, the work of the external
auditor is to design and perform examination to obtain sufficient evidential
matter to support his opinion on the overall fairness of the annual
financial statements. The scope of the work of external auditors is
determined by their professional Standards, and they are responsible for
judging the adequacy of procedures performed and evidence obtained for
purposes of expressing their opinion on the annual financial statements.
 Oversight of the work of external auditors, including coordination with

the internal audit unit, is generally the responsibility of the Heads of
Public Bodies. Actual coordination should be the responsibility of the
Chief of Internal Audit. The Chief Internal Auditor will require the
support of the Head of Public Body to achieve effective coordination of the
audit work.
2060 Reporting to the Head of the Public Body
The Chief Internal Auditor should report periodically to the Head of the Public Body
on the internal audit unit‟s purpose, authority, responsibility and performance relative
to its plan. Reporting should also include significant risk exposures and control issues,
corporate governance issues, and other matters needed or requested by the Head of the
Public Body.

Auditors reporting to the Heads of Public Bodies consistent with the Standards should
also consider the following suggestions when reporting:
 The Chief Internal Auditor should submit activity reports to the Head of the
Public Body at least annually. Activity reports should highlight significant
audit observations and recommendations and should inform the Head of the
Public Body of any significant deviations from approved audit work
schedules, staffing plans, and financial budget, and the reasons for them.
 Significant audit observations are those conditions that, in the judgment of
the Chief Internal Auditor, could adversely affect the organization.
Significant audit observations may include conditions dealing with
irregularities, illegal acts, errors, inefficiency, waste, ineffectiveness,
conflicts of interest, and control weaknesses.
2100 Nature of Work
The internal audit activity (the internal audit unit) evaluates and contributes to the
improvement of risk management, control and governance systems. These contracted
versions of the Standard do not present adequate details for sufficient understanding of
the Standards. Therefore, internal auditors should consider the following suggestions
when evaluating the nature of the internal audit unit‟s work.
 The scope of the internal audit work encompasses a systematic disciplined

approach for evaluating and improving the adequacy and effectiveness of risk
management, control, and governance processes and the quality of performance
in carrying out assigned responsibilities. The purpose of evaluating the
adequacy of the organization‟s existing risk management, control, and
governance processes is to provide reasonable assurance that these processes are
functioning as intended and will enable the organization‟s objectives and goals
to be met and to provide recommendations for improving the organization‟s

operations, in terms of both efficient and effective performance. Senior

management and the Heads of Public Bodies might also provide general
direction as to the scope of work and the activities to be audited.
 Adequacy of risk management, control, and governance process is present if

management has planned and designed them in a manner, which provides
reasonable assurance that the organization‟s objectives and goals will be
achieved efficiently and economically. Efficient performance accomplishes
objectives and goals in an accurate, timely and economical manner. Economical
performance accomplishes objectives and goals with minimum use of resources
(i.e. cost) commensurate with the risk exposure. Reasonable assurance is
provided if the most cost effective measures are taken in the design and
implementation stages to reduce risks and restrict expected deviations to a
tolerable level. Thus, the design process begins with the establishment of
objectives and goals. This is followed by connecting or interrelating concepts,
parts, activities, and people in such a manner as to operate together to achieve
the established objectives and goals.
 Effectiveness of risk management, control, and governance process is present if

management directs processes in such a way as to provide reasonable assurance
that the organization‟s objectives and goals will be achieved. In addition to
achieving the objectives and planned activities, management directs by
authorizing activities and transactions, monitoring resulting performance, and
verifying that the organization‟s processes are operating as designed.
 In general, management is responsible for the sustainability of the whole

organization and accountability for the organization‟s actions, conduct
performance to the owner, other stakeholders, regulators, and the general

public. Specifically, the primary objectives of the overall management processes

are to achieve:
- Relevant, reliable, and credible financial and operating
information.
- Effective and efficient use of the organization‟s resources.
- Safeguarding of the organization‟s assets.
- Compliance with laws, regulations, ethical and operational

norms, and contracts.
- Identification of risk exposures and the use of effective

strategies to control them.
- Established objectives and goals for operations or programs.
 Management plans, organizes, and directs the performance of sufficient

actions to provide reasonable assurance that objectives and goals will be
achieved. Management periodically reviews its objectives and goals and
modifies its processes to accommodate changes in internal and external
conditions. Management also establishes and maintains the organization‟s
culture, including an ethical climate that fosters control.
 Control is any action taken by management to enhance the likelihood that

established objectives and goals will be achieved. Controls may be preventive
(to deter undesirable events from occurring), detective (to detect and correct
undesirable events which have occurred) or directive (to cause or encourage a
desirable event to occur). The concept of a system of control is the integrated
collections of control components and activities that are used by an
organization to achieve its objectives and goals.
 Internal auditors‟ evaluations, in the aggregate, provide information to

appraise the overall management process. All working systems, processes,

operations, functions, and activities within the organization are subject to the
internal auditors‟ evaluations. The comprehensive scope of work of internal
auditing should provide reasonable assurance that management‟s:
- Risk management system is effective;
- Systems of internal control is effective and efficient;
- Governance process is effective by establishing and preserving

values, setting goals, monitoring activities and performance, and
defining the measures of accountability.
2110 Risk Management
The internal audit activity (the internal audit unit) should assist the organization by
identifying and evaluating significant exposures to risk and contributing to
improvements of risk management and control systems.
Based on this Standard, internal auditors may be charged with the responsibility of
providing assurance to management and the Heads of Public Bodies on the adequacy of
the organization‟s risk management processes. This responsibility would require the
auditor to formulate an opinion on whether the organization‟s risk management
processes are sufficient to protect the assets, reputation and ongoing operations of the
organization. The guidance to this Standard tries to elaborate on the risk management
objectives that the auditor should consider in formulating an opinion on the adequacy
of the organizations‟ risk management process. The following paragraphs provide
greater details on risk management responsibilities:
 Risk management is a key responsibility of management to achieve its

organizational objectives; management should ensure that risk
management processes are in place and properly functioning. Heads of
Public Bodies have an oversight role to determine that appropriate risk
management processes are in place and that these processes are adequate

and effective. Internal auditors should assist the Heads of Public Bodies
by examining, evaluating, reporting, and recommending improvements
on the adequacy and effectiveness of the Public Bodies‟ risk management
processes. Public Bodies are responsible for their organization‟s risk
management and control processes. However, internal auditors acting in
consulting role can assist the Public Bodies in identifying, evaluating and
implementing risk management methodologies and controls to address
those risks.
2110.A1 Internal audit activity (internal audit unit) should monitor and
evaluate the effectiveness of the organization‟s risk
management system.
Internal audit units in Public Bodies should monitor and evaluate the
effectiveness of the Public Bodies risk management systems and report their
findings to the Heads of the Public Bodies along with appropriate
recommendations.
2110.A2 The internal audit activity (the internal audit unit) should
evaluate risk exposures relating to the organization‟s
governance, operations and information system, regarding
the:
- Reliability and integrity of financial and operational
information.
- Effectiveness and efficiency of operations.
- Safeguarding of assets.
- Compliance with laws, regulations, and contracts.
2110.C1 During consulting engagements, internal auditors should

address risk consistent with the engagement‟s objectives and
should be alert about the existence of other significant risks.

2110.C2 Internal auditors should incorporate knowledge of risks gained

from consulting engagements into the process of identifying
and evaluating significant risk exposures of the organizations.
2120 Control
The internal audit activity (the internal audit unit) should assist the organization in
maintaining effective controls by evaluating their effectiveness and efficiency and by
promoting continuous improvement.
2120.A1 Based on the results of the risk assessment, the internal audit
activity (the internal audit unit) should evaluate the adequacy
and effectiveness of controls encompassing the organization‟s
governance, operations, and information systems. This should
include:
- Reliability and integrity of the financial and
operational information.
- Effectiveness and efficiency of operations.
- Safeguarding of assets.
- Compliance with laws, regulations, and contracts.
Auditors of Public Bodies should consider the following explanatory guidance when
implementing and complying with this Assurance Implementation Standard and also
while assessing the effectiveness of a Public Body‟s systems of internal controls,
formulating an opinion thereon, and reporting the opinion/ judgment to the Head of
the Public Body. The audit work performed during the year should obtain sufficient
information to enable an evaluation of the system of controls and the formulation of an
opinion. Auditors of Public Bodies may also find the following detailed guidance
useful for appropriate implementation of the Standard:

 One of the tasks of the Heads of Public Bodies is to establish and

maintain the Public Body‟s governance processes and obtain assurance
concerning the effectiveness of risk management and control processes.
The role of the management of Public Body is to oversee the
establishment, administration, and assessment of the system of risk
management and control processes. The purpose of that multifaceted
system of control process is to support people of the organization in the
management of risks and achievement of the established and
communicated objectives of the Public Body. More specifically, those
control processes are expected to ensure, among other things, that the
following conditions exist:
- Financial and operational information is reliable and
possesses integrity.
- Operations are performed efficiently and achieve effective
results.
- Assets are safeguarded.
- Actions and decisions of the Public Body are in
compliance with laws, regulations, guidelines, and
contracts.
 Among the responsibilities of the Public Body‟s management is the

assessment of the control processes in their respective areas. Internal
and external auditors provide varying degrees of assurances about the
state of effectiveness of the risk management and control processes in
select activities and functions of the organization.

 Heads of Public Bodies normally expect that the Chief Internal Auditors
will perform sufficient audit work and gather other available
information during the year to form a judgment about the adequacy and
effectiveness of the control processes. The Chief Internal Auditors of
Public Bodies should communicate that overall judgment about the
organization‟s system of control to the Heads of Public Bodies.
2120.A2 Internal auditors should ascertain the extent to which operating

and program goals and objectives have been established and
conform to those of the organization.
Internal auditors of Public Bodies are expected to verify that the Public Bodies have
established operating and program goals and objectives to assist the attainment of the
overall objectives and goals of the Public Bodies and ascertain whether they conform to
those of the Public Bodies.
2120.A3 Internal auditors should review operations and programs to

ascertain the extent to which results are consistent with
established goals and objectives to determine whether
operations and programs are being implemented or performed
as intended.
Internal auditors of Public Bodies should review operations and programs to ascertain
the extent to which results are consistent with established goals and objectives to
determine whether operations and programs are being implemented or performed as
intended and communicate the results of their finding to the Heads of Public Bodies
with ensuing recommendations for appropriate actions if necessary.

2120.A4 Adequate criteria are needed to evaluate controls. Internal

auditors should ascertain the extent to which management
has established adequate criteria to determine whether
objectives and goals have been accomplished. If adequate,
internal auditors should use such criteria in their evaluation.
If inadequate, internal auditors should work with
management to develop appropriate evaluation criteria.
Internal auditors of Public Bodies, to understand the tenets of the message of this
Assurance Implementation Standard properly they should consider the following
suggestions when evaluating control criteria:
 Internal auditors should evaluate the established operating targets and

expectations and should determine whether those operating standards
are acceptable and being met. When such management targets and
criteria are vague, authoritative interpretation should be sought. If
internal auditors are required to interpret or select operating standards
they should seek agreement with the management of the Public Bodies
on the criteria needed to measure operating performance.
2120.C1 During consulting engagements, internal auditors should

address controls consistent with the engagement‟s objectives
and should be alert to the existence of any significant control
weaknesses.
If internal auditors of Public Bodies engage themselves in consulting activities they are
required by this consulting Implementation Standard to address controls relevant to
the objectives of the engagement that they are undertaking and they are advised to be
alert to identify any significant control weaknesses.

2120.C2 Internal auditors should incorporate knowledge of controls

gained from consulting engagements into the process of
identifying and evaluating significant risk exposures of the
organization.
Auditors of Public Bodies who are able to engage in consulting activities may gain
knowledge of controls because of their engagements in consulting. This knowledge
should be put to use in the process of identifying and evaluating significant risk
exposures of the relative Public Body.
2130 Governance
The internal audit activity should contribute to the organization‟s governance process
by evaluating and improving the process through which (1) values and goals are
established and communicated, (2) the accomplishment of goals is monitored, (3)
accountability is ensured, and (4) value are preserved.
2130.A1 Internal auditors should review operations and programs to

ensure consistency with organizational values.
Public Bodies‟ internal auditors should be able to review operations and programs to
ensure that performance is not out of line with organizational values and culture
embodied in the organizational governance process.
The importance of organizational culture needs to be underscored in establishing the

ethical climate. Professional internal audit literature:
- Describes the nature of the governance process,
- Links it to the ethical culture of the organization,
- States that all people associated with the organization, specifically

internal auditors, should assume the role of the ethics‟ advocates, and,
- Lists the characteristics of enhanced ethical culture.

Auditors of Public Bodies are aware that their organizations‟ use various legal forms,
structures, strategies, and procedures to ensure good governance, which consists of:
- Compliance with society‟s legal and regulatory rules;
- Satisfaction of generally accepted norms, ethical precepts, and social

expectations of society;
- The provision of overall benefit to society and enhancement of the

interest of the specific stakeholders in both the long and short-term; and,
- Reporting fully and truthfully to those to whom the Public Body has to
report and to the general public to ensure accountability for its decisions,
actions, conduct, and performance.
The Heads of the Public Bodies and their senior management staff are responsible and
accountable for the effectiveness of the governance process.
An organization‟s governance practices reflect a unique and ever-changing culture that

affects roles, specifies behaviour, sets goals and strategies, measures performance, and
defines the terms of accountability. That culture impacts the values, roles and
behaviour that will be articulated and tolerated by the organization and determines
how sensitive – thoughtful or indifferent – the Public Body is in meeting its
responsibilities to society. Thus, how effective the overall governance process is in
performing its expected function is largely dependent on the organization‟s culture.
Internal auditors and the internal audit unit should take an active role in support of the
ethical culture within the organization and the skills to be effective advocate of ethical
conduct. They often have the competence and capacity to appeal to the Head of the
Public Body, the management group and other employees to comply with the legal,
ethical and societal responsibilities of their organization. Thus, at a minimum, the
internal audit unit should periodically assess the state of the ethical climate of the
Public Body and the effectiveness of its strategies, tactics, communications, and other
processes in achieving the desired level of legal and ethical compliance.

2130.C1 Consulting engagement objectives should be consistent with the

overall values and goals of the organization.
Internal auditors in Public Bodies should ensure that any performance consultancy
engagement objective is properly aligned with the overall values and goals of the
Public Body.
2200 Engagement Planning
Internal auditors should develop and record a plan for engagement.
2201 Planning Considerations
In planning the engagement, internal auditors should consider:

a) The objectives of the activity being reviewed and the means by which the
activity controls its performance.
b) The significant risks to the activity, its objectives, resources and operations and
the means by which the potential impact of risk is kept to an acceptable level.
c) The adequacy and effectiveness of the activity‟s risk management and control
system compared to relevant control frameworks or models.
d) The opportunities to make significant improvements to the activity‟s risk
management and control systems.
Quite apart from consideration of the foregoing factors, the internal auditor is
responsible for planning and conducting the engagement assignment, subject to the
supervisory review and approval. The engagement program should:
- Document the internal auditor‟s procedures for collecting, analyzing,
interpreting, and documenting information during the engagement.
- State the objectives of the engagement.
- Set forth the scope and degree of testing required for achieving the
engagement objectives in each phase of the engagement.

- Identify technical aspects, risks, processes, and transactions that should

be examined.
- State the nature and extent of testing required.
- Be prepared prior to the commencement of engagement work and

modified, as appropriate, during the course of the engagement.
The Head of Internal Audit (Chief Audit Executive) is responsible for determining
how, when, and to whom engagement results will be communicated. This
determination should be documented and communicated to management, to the extent
deemed necessary, during the planning phase of the engagement. Subsequent changes
which affect the timing or reporting of engagement results should also be
communicated to management, if deemed practical.
All those in management who need to know about the engagement should be
informed. Meetings should be held with management responsible for the activity
being audited. A summary of matters discussed at meetings and any conclusions
reached should be prepared, distributed to individuals, as appropriate, and retained in
the engagement working papers. Topics of discussion may include:
- Planned engagement objectives and scope of work.
- The timing of engagement work.
- Internal auditors assigned to the engagement.
- The process of communicating throughout the engagement, including the

methods, timeframes, and individuals who will be responsible.
- State of the work and operations of the activities being reviewed, including
recent changes in management or major systems.
- Concerns or any requests of management.
- Matters of particular interest or concern to the internal auditor.
- Description of the internal audit unit‟s reporting procedures and follow-up

process.

2201.C1 Internal auditors should establish an understanding with

consulting engagement clients about objectives, scope,
respective responsibilities, and other clients‟ expectations. For
significant engagements, this understanding should be
documented.
If auditors in Public Bodies engage in consulting work they should establish
understating with their clients about the objectives, scope and respective
responsibilities, and other clients‟ expectations. If such engagements are significant
enough, then the understanding should be documented.
2210 Engagement objectives
The engagement‟s objectives should address the risks, controls, and governance
processes associated with the activities under review. The engagement objectives
should reflect the results of the risk assessment.
To perform risk assessment, background information should be obtained about the
activities to be reviewed. A review of background information should be performed to
determine the impact on the engagement, such information may include:
- Objectives and goals.
- Policies, plans, procedures, laws, regulations, and contracts, which could

have a significant impact on operations and reports.
- Organizational information, e.g., number and names of employees, key

employees, job descriptions, and details about recent changes in the
organization, including major systems changes.
- Budget information, operating result of applicable financial data of the

activity to be reviewed.
- Prior engagement working papers.
- Results of other engagements, including the work of external auditors

completed or in the process.
- Correspondence files to determine potential significant engagement

issues.

- Authoritative and technical literature appropriate to the activity.
If appropriate, a survey should be conducted to become familiar with the activities,

risks, and controls, to identify areas for engagement emphasis, and to invite comments
and suggestions from the auditor. A survey is a process for gathering information,
without detailed verification, on the activity being examined. The main purposes are
to:
- Understand the activity under review.
- Identify significant areas warranting special emphasis.
- Obtain information for use in performing the engagement.
- Determine whether further auditing is necessary.
2210.A2 The internal auditor should consider the probability of

significant errors, irregularities, non-compliance, and other
exposures when developing the engagement (audit)
objectives.
When developing engagement objectives, internal auditors of Public Bodies are
required by this Assurance Implementation Standard to consider the probability of
fraud being committed.
2210.C1 Consulting engagement objectives should address, risks,

controls, and governance processes to the extent agreed upon
with the client.
If the internal auditors of Public Bodies engage in consulting work they are required to
appropriately address in their engagement objectives matters pertaining to risks,
controls and governances processes to the extent agreed with the engagement client.
2220 Engagement Scope
The established scope should be sufficient to satisfy the objectives of the engagement
(audit).

2220.A1 The scope of the engagement should include consideration of

relevant systems, records, personnel, and physical properties,
including those under the control of third parties.
Internal auditors of Public Bodies should, in compliance with this Assurance

Implementation Standard, determine the audit scope in such a manner as it would
enable them to cover relevant systems, records, personnel and physical property,
including those under the control of third parties.
2220.C1 In performing consulting engagements, internal auditors should

ensure that the scope of the engagement is sufficient to
address the agreed upon objectives. If internal auditors
develop reservations about the scope during the engagement
this reservation should be discussed with the client to
determine whether to continue with the engagement. If the
internal auditors of Public Bodies determine to perform
consulting engagements, they should ensure that the scope of
the engagement is sufficient to address the agreed upon
objectives. If they have doubts about the sufficiency of the
scope of work to adequately address the agreed upon
consulting objectives they should proceed with the
engagement.
2230 Engagements Resource Allocation
Internal auditors should determine appropriate resources to achieve engagement

objectives. Staffing should be based on an evaluation of the nature and complexity of
each engagement, time constraints, and available resources. Internal auditors of Public
Bodies, in determining the resources necessary to perform an engagement, should
evaluate the following important factors:

- The number and experience level of the internal audit staff who should be
evaluated based on the nature and complexity of the engagement
assignment, time constraints, and available resources.
- Knowledge, skills, and other competencies of the internal audit staff, which
should be considered in selecting internal auditors for performing the
engagement.
- Training needs of internal auditors, which should be considered, since each

engagement serves as a basis for meeting developmental needs of the
internal audit unit.
- Consideration of the use of external resources in cases where additional

knowledge, skills and other competencies are needed.
2240 Engagement Work Program
Internal auditors should develop work programs that achieve engagement objectives.
These work programs should be recorded.
It is advised that engagement procedures, including the testing and sampling

techniques employed, should be selected in advance, where practical, and expanded or
altered if circumstances warrant.
The process of collecting, analyzing, interpreting, and documenting information should

be supervised to provide reasonable assurance that the auditor‟s objectivity is
maintained and engagement goals are met.
2240.A1 Work programs should establish the procedures for identifying,

analyzing, evaluating, and recording information during the
engagement. The work program should be approved prior to
the commencement of work, and any adjustments approved
promptly.

In obtaining approval of the audit work plan, such plans should be approved in writing
by the Chief Internal Auditor or appropriately designated person prior to the
commencement of engagement work. Adjustments to engagement work plan should
be approved in a timely manner. Initially, approval may be obtained orally, if factors
or situations do not allow obtaining written approval prior to commencing audit work.
2240.C1 Work Programs for consulting engagements may vary in form

and content depending upon the nature of the engagement.
Based on this Consulting Implementation Standard, if internal auditors of Public Bodies

are able and wish to perform consulting engagements they have to develop appropriate
work programs suitable to the nature and content of the consulting engagement.
2300 Performing the Engagement
Internal auditors should identify, analyze, evaluate, and record sufficient information
to achieve the engagement‟s objectives.
2310 Identifying Information
Internal auditors should identify sufficient, reliable, relevant and useful information to
achieve the engagement‟s objectives analyses and evaluation.
Pertaining to identification of information, auditors of public bodies may find it useful
to consider the following:
 Information should be collected on all matters related to the engagement
(audit) objectives and scope of work. Internal auditors use analytical
audit procedures when identifying and examining information.
Analytical audit procedures are performed by studying and comparing
relationships among both financial and non-financial information. The
application of analytical audit procedures for identifying information to
be examined is based on the premise that, in the absence of known

conditions to the contrary, relationships among information may

reasonably be expected to exist and continue. Instances of contrary
conditions include unusual or non-relating transactions or events;
accounting, organizational, operational, environmental, and
technological changes; inefficiencies; ineffectiveness; errors;
irregularities; or illegal acts; due to the nature of public sector audit, and
the lack of appropriate audit skill extensive resort to the methods of
analytical audit procedures may be expected in internal audits of Public
Bodies at the present time.
 Information should be sufficient, competent, relevant, and useful to
provide a sound basis for audit observations and recommendations;
sufficient information is factual, adequate, convincing so that a prudent,
informed person would reach the same conclusion as the auditor.
Competent information is reliable and the best attainable through the
use of appropriate engagement (audit) techniques. Relevant information
supports engagement observations and recommendations and is
consistent with the objectives for the engagement. Useful information
helps the organization achieve its goals.
2320 Analysis and Evaluation
Internal auditors should base conclusions and engagement results on appropriate

analyses and evaluation. In the present day realities of Public Bodies, internal auditor‟s
audit skills need up-grading as a matter of priority. This Standard anticipates the
application of analytical audit procedures, analysis and evaluating information.
Analytical audit procedures provide internal auditors with an efficient and effective
means of assessing and evaluating information collected in an engagement. The
assessment results from information with expectations identified or developed by the

internal auditor. Analytical audit procedures are useful in identifying, among other
things:
- Differences that are not expected;
- The absence of differences when they are expected;
- Potential errors;
- Potential irregularities and illegal acts;
- Other unusual or non-recurring transactions or events.
Analytical audit procedures may include:
- Comparison of current period information with similar information of prior

periods.
- Comparison of current period information with budgets or forecasts.
- Study of relationships among elements of information (for instance,

fluctuation in recorded interest expense compared to changes in related debt
balances).
- Comparison of information with similar information for other

organizational units.
- Comparison of information with similar information for the industry in

which the organization operates.
Analytical audit procedure may be performed using monetary amounts, physical

quantities, ratios or percentages. Specific analytical audit procedures include but are
not limited to:
Ratio, trend, regression analysis, reasonableness tests, period to period comparisons,

comparison with budgets, forecasts, and external economic information.
Analytical audit procedures assist internal auditors in identifying conditions, which

may require subsequent engagement procedures. Internal auditors should use

analytical audit procedures in planning the engagement in accordance with the

guidelines contained in Standard 2200. Analytical audit procedures should also be used
during the engagement to examine and evaluate information to support engagement
results. Internal auditors should consider the factors listed below in determining the
extent to which analytical audit procedures should be used. After evaluating these
factors, internal auditors should consider and use of additional audit procedures, as
necessary to achieve the engagement objectives. The factors to be considered by
internal auditors include:
- The significance of the area being examined.
- The adequacy of the system of internal control.
- The availability and reliability of financial and non-financial

information.
- The precision with which the results of analytical audit procedures can
be predicted.
- The availability and comparability of information regarding the industry

in which the organization operates.
- The extent to which other engagement procedures provide support for

engagement results.
When analytical audit procedures identify unexpected results or relationships, internal

auditors should examine and evaluate such results or relationships. The examination
and evaluation of unexpected results or relationships from applying analytical audit
procedures should include inquiries of management and the application of other
engagement procedures until internal auditors are satisfied that the results or
relationship are sufficiently explained. Unexplained results or relationships from
applying analytical audit procedures may be indicative of an illegal act. Results or
relations from applying analytical audit procedures that are not sufficiently explained
should be communicated to the appropriate levels of management. Internal auditors
may recommend appropriate course of action, depending on the situation.

2330 Recording Information
Internal auditors should record relevant information to support the conclusions and
engagement results.
In accordance with this Standard, auditors of Public Bodies should record relevant
information to support their audit conclusions and results. Audit working papers that
document the audit should be prepared by the internal auditors in Public Bodies and
reviewed by the management of the internal audit unit or senior auditor authorized by
same. The working papers should record the information obtained and the analysis
made, and should support the bases for the observations and recommendations to be
reported. Audit working papers generally:
- Provide the principal support for audit reports;

- Aid in the planning performance and review of audits;
- Document whether the audit objectives were achieved;
- Facilitate third party reviews;
- Provide a basis for evaluating the internal audit unit‟s quality program;
- Provide support in circumstances such as insurance claims, fraud cases, and
lawsuits;
- Aid in the professional development of the internal audit staff;
- Demonstrate the internal audit unit‟s compliance with the Standard for the
Professional Practice of Internal Auditing.
The organization, design and content of engagement working papers will depend on
the nature of the engagement. Working papers for an audit should documents the
following aspects of the engagement process:
- Planning;
- The examination and evaluation of the adequacy, and effectiveness of the
system of internal control;
- The engagement procedures performed and the information obtained, and
conclusions reached;
- Review;
- Communication (Reporting);
- Follow-up.

Audit working papers should be complete and include support for engagement
conclusions reached. Among other things, audit working papers may include:
- Planning documents and engagement (audit) programs;

- Control questionnaires, flowcharts, checklists and narratives;
- Notes/ memorandum resulting from interviews;
- Organizational data, such as organizational charts and job descriptions;
- Copies of important contracts and agreements;
- Information about operating and financial policies;
- Results of control evaluations;
- Letter of confirmation and representation;
- Analysis and tests of transactions, processes, and account balances;
- Results of analytical audit procedures;
- The engagement‟s final communications and management‟s responses;
- Engagement correspondence if it documents engagement conclusion
reached.
Engagement working papers may be in a form of paper, tapes, disks, diskettes, films or
other media. If engagement working papers are in the form of media other than paper,
consideration should be given to generating backup copies.
If internal auditors are reporting on financial information, the engagement working

papers should document whether the accounting records agree or reconcile with such
financial information.
The Chief Internal Auditor should establish working papers policies for the various
types of engagements performed; standardized audit working papers such as
questionnaires and audit programs may improve the efficiency of an engagement and
facilitate the delegation of engagement work. Some engagement working papers may
be categorized as permanent or carry-forward engagement files. These files generally
contain information of continuing importance.
The following are typical engagement working papers preparation techniques

recommended in internal auditing professional literature:

- Each engagement working paper should identify the engagement and describe
the contents or purpose of the working paper;
- Each engagement working paper should be signed (or initialed) and dated by
the internal auditor performing the audit work;
- Each engagement working paper should contain an index or reference number;
- Audit verification symbols (tick marks) should be explained;
- Sources of data should be clearly identified.
2330.A1 The Chief Audit Executive (Chief Internal Auditor) should

control access to engagement records. The Chief Audit
Executive should obtain the approval of senior management
and/ or legal counsel prior to releasing such records to
external parties, as appropriate.
Internal auditors of Public Bodies should be aware that engagement working papers are
the property of the Public Body concerned. Engagement working paper files should
generally remain under the control of the internal audit unit and should be accessible
only to authorized personnel. Management and other members of the organization
may request access to engagement working papers. Such access may be necessary to
substantiate or explain engagement observations and recommendations or to utilize
engagement documentation for other business purposes. These requests for access
should be subject to the approval of the Chief of the Internal Audit unit.
It is a common practice for internal and external auditors to grant access to each other‟s
audit working papers.
Access to audit working papers by external auditors should be subject to the approval
of the Head of the Internal Audit unit. There are circumstances, where, parties outside
the organization, other than external auditors, request access to audit working papers
and reports. Prior to releasing such documentation, the Chief Internal Auditor should
obtain the approval of senior management and/or legal counsel as appropriate.

2330.A2 The Chief Audit Executive should develop retention

requirements for engagement records. These retention
requirements should be consistent with the organization‟s
guidelines and any pertinent regulatory or other
requirements.
Retention requirements of engagement records of internal audit units of Public Bodies
should be consistent with the requirements determined by the Financial Law and
Regulation of the Federal Government. Hence the Chief Internal Auditors of Public
Bodies should develop retention requirements of engagement records consistent with
the Financial Regulation No. 17/1997 of the Council of Ministers, Article 88 and 89.
Record retention requirements should be designed to include all engagement records,
regardless of the format in which records are stored.
2330.C1 The Chief Audit Executive (Chief Internal Auditor) should

develop policies governing the custody and retention of
engagement records, as well as their release to internal and
external parties. These policies should be consistent with the
organization‟s guidelines and any pertinent regulatory or
other requirements.
If internal auditors of Public Bodies perform any consulting engagements, this
Consulting Implementation Standard requires that the Chief Internal Auditor develop
policies pertaining to the custody, release and retention of engagement records and
these policies be consistent with the guidelines issued by the Public Body and other
oversight and regulatory bodies.
2340 Engagement Supervision
Engagement should be properly supervised to ensure that objectives are achieved,

quality is assured, and staff is developed.

Internal audit unit in Public Bodies, consistent with this Standard, should create a
mechanism to develop appropriate system of engagement supervision to properly
achieve their audit objectives and ensure the quality of internal audit and to enhance
the education and experience of internal audit staff.
The Chief Internal Auditor is responsible for assuring that appropriate audit
supervision is provided; supervision is a process that begins with planning and
continues throughout the examination, evaluation, communication, and follow-up
phases of the audit; supervision includes:
- Ensuring that the auditor assigned possess the requisite knowledge, skills, and
other competencies to perform the audit.
- Providing appropriate instructions during the planning of the audit and

approving the audit program.
- Seeing that the approved audit program is carried out unless changes are both
justified and authorized.
- Determining that audit working papers adequately support the audit

observations, conclusions and recommendations.
- Ensuring that audit objective are achieved.
- Providing opportunities for developing internal auditors‟ knowledge, skills and

other competencies.
Appropriate evidence of supervision should be documented and retained. The extent

of supervision required will depend on the proficiency and experience of internal
auditors and the complexity of the audit. The Chief Internal Auditor has the overall
responsibility for review but may designate appropriately experienced members of the
internal audit unit to perform the review. Appropriately experienced internal auditors
may be utilized to review the work of other less experienced internal auditors.

All internal audit assignments, whether performed by order the internal audit unit,
remain the responsibility of the Chief Internal Auditor. The Chief Internal Auditor is
responsible for all significant professional judgment made in the planning,
examination, evaluation, reporting, and follow-up phases of the audit. The Chief
Internal Auditor should adopt suitable means to ensure that this responsibility is met.
Suitable means include policies and procedures designed to:

- Minimize the risk that professional judgments may be made by internal auditors
or others performing work for the internal audit unit that are inconsistent with
the professional judgment of the Chief Internal Auditor such that a significant
adverse effect on the audit could result.
- Resolve differences in professional judgment between the Chief Internal

Auditor and internal audit staff members over significant issues relating to the
audit.
Such means may include:

a) A discussion of pertinent facts;
b) Further inquiry and/or research; and,
c) Documentation and disposition of the differing view points in the audit

working papers. In the case of a difference in professional judgment over an
ethical issue, suitable means may include referral of the issue to those
individuals in the organization having responsibility over ethical matters.
Supervision extends to staff training and development, employee performance

evaluation, time and expense control, and similar administrative areas.
All audit working papers should be reviewed to ensure that they properly support the
audit report and that all necessary audit procedures have been performed. Evidence of
supervisory review should consist of the reviewer initialing and dating each working
paper after it is reviewed. Other review techniques that provide evidence of
supervisory review include completing an audit working paper review checklist and/or
preparing a memorandum specifying the nature, extent, and results or the review.

Reviewers may make a written record (review notes) of questions arising from the
review process. When clearing review notes, care should be taken to ensure that the
working papers provide adequate evidence that questions raised during the review
have been resolved. Acceptable alternatives with respect to disposition of review notes
are as follow:
- Retain review notes as a record of the questions raised by the reviewer and all
steps taken in their resolution.
- Discard the review notes after the questions raised have been resolved and the
appropriate engagement working papers have been amended to provide the
additional information requested.

SESSION VI
REPORTING STANDARDS
2400 Communicating Results

Internal auditors should communicate the engagement results properly.
2410 Criteria for Communicating
Communication should include the engagement‟s objectives and scope as well as

applicable conclusions, recommendations and action plans.
2410.A1 The final communication of results should, when appropriate

contain the internal auditor‟s overall opinion.
Consistent with this Reporting Implementation Standard, Public Bodies‟ internal
auditors should submit audit reports promptly, and their reports should include the
audit objectives, scope of work as well as applicable conclusions, recommendations and
follow-up plans.
Despite the fact that the format and content of the audit‟s final communication may
vary by organization or type of audit, they should contain, at a minimum, the purpose,
scope, and the results of the audit.
Audit final report may, generally, include background information and summaries.
Background information may identify the organization units and activities reviewed
and provide relevant explanatory information. It may also include the status of
observations, conclusions, and recommendations from prior reports and an indication
of whether the report covers a scheduled or is responding to a request. If summary is
attached, it should be ascertained that it represents a balanced view of the content of
the audit report.

Purpose statements should describe the audit objectives and may, if required, inform
the reader why the audit was conducted and what it was expected to achieve.
Scope statements should identify the audited activities and include, if necessary,
supportive information such as time period reviewed. Related activities not reviewed
should be identified if required to delineate the boundaries of the audit. The nature
and extent of audit work performed should also be described.
Results should include observations, conclusions (opinions), recommendations, and

action plans.
Observations are pertinent statements of fact. Those observations necessary to support

or prevent misunderstanding of the internal auditors‟ conclusions and
recommendations should be included in the final audit reports. Less significant
observations maybe reported informally.
Audit observations and recommendations emerge by a process of comparing what

should be with what is. Whether or not there is a difference, the internal auditor has a
foundation on which to build the report. When condition meets the criteria,
acknowledgement in the audit report of satisfactory performance may be appropriate.
Observations and recommendation should be based on the following attributes:
Criteria: The standard, measure or expectations used in making an

evaluation and/or verification (what should exist).
Condition: The factual evidence that the internal auditor found in the course
of the examination (what does exist).
Cause: The reason for the difference between the criteria and condition or
between the expected and the actual condition (what difference
exists).
Effect: The risk or exposure the organization and/or others encounter
because the condition is not consistent with the criteria (the impact
of the difference). In determining the degree of risk or exposure,

internal auditors should consider the effect their audit observations,

and recommendations may have on the organization‟s operations and
financial statements.
Observations and recommendations may also include audit client accomplishments,

related issues, and supportive information if not included elsewhere. Conclusions
(opinions) are the internal auditor‟s evaluation of the effects of the observations and
recommendations on the activities reviewed. They usually put the observations and
recommendations in perspective based upon their overall implications. Audit
conclusions, if included in the audit report, should be clearly identified as such.
Conclusions may encompass the entire scope of an audit or specific aspects. They may
cover, but are not limited to, whether operating or program objectives and goals
conform to those of the organization; whether the organization‟s objectives and goals
are being met and whether the activity under review is functioning as intended. Audit
reports can be final or interim. Interim reports may be written or oral and may be
transmitted formally or informally. Interim reports may be used to communicate
information that requires immediate attention, to communicate a change in audit scope
for the activity under review or to keep management informed about audit progress
when audit extends over a long period. The use of interim report does not diminish
or eliminate the need for a final report.
A signed report should be issued after the audit is completed; summary reports
highlighting audit result maybe appropriate for level of management above the audit
client. They may be issued separately from or in conjunction with the final report.
The term signed means that the authorized internal auditor‟s name should be manually
signed in the report. Alternatively, the signature may appear on a cover letter. The
internal auditor authorized to sign the report should be designated by the Chief
Internal Auditor. If audit reports are signed by electronic means, a signed version of
the report should kept on file by the internal audit unit.

2410.A2 Engagement Communication should acknowledge satisfactory

performance.
Audit client accomplishments, in terms of improvements since the last audit or the
establishment of well-controlled operations, may be included in the audit final reports.
This information may be necessary to fairly present the existing conditions and to
provide a proper perspective and appropriate balance to the audit final report.
2410.C1 Communication of the progress, and results of consulting

engagements will vary in form and content depending upon
the nature of the engagement and the needs of the client.
2420 Quality of Communications
Communications should be accurate, objective, clear, concise, constructive, complete,

and timely.
Auditors in Public Bodies are expected to observe these attributes of quality reports
when preparing engagement communications. These attributes can be clarified as
follows:
 Accurate reports are free from errors and distortions and are faithful to
the underlying facts. The manner in which the data and evidence is
gathered, evaluated, and summarized for presentation should be done
with care and precision.
 Objective reports are fair, impartial, and unbiased and are the result of a
fair-minded and balanced assessment of all relevant facts and
circumstances. Observations, conclusions, and recommendations should

be derived and expressed without prejudice, partisanship, personal

interest, and the undue influence of others.
 Clear communications (reports) are easily understood and logical.
Clarity can be improved by avoiding unnecessary technical language and
providing all significant and relevant information.
 Concise reports are to the point and avoid unnecessary elaboration,
superfluous details, redundancy, and wordiness. They are created by a
persistent practice of revising and editing a presentation. The goal is that
each thought will be meaningful but succinct.
 Constructive reports are helpful to the audit client and the organization
and lead to improvements where needed. The content and tone of the
presentation should be useful, positive, and well-meaning and contribute
to the objectives of the organization.
 Complete reports are lacking nothing that is essential to the target
audience and include all significant and relevant information and
observations to support conclusions and recommendations.
 Timely reports are well-timed, opportune, and expedient for careful
consideration by those who may act on the recommendations. The
timing of the presentation of audit results should be set without undue
delay and with a degree of urgency to enable prompt, effective action.
2421 Errors and Omissions
If a final report contains a significant error or omission, the Chief Internal Auditor
should communicate corrected information to all individuals who received the original
communication. In this Standard an error is defined as an unintentional misstatement
or omission of significant information in the final audit report.
2430 Engagement disclosure of Non compliance with the Standards

When noncompliance with the Standards impacts a specific audit, the report of the
result should disclose the:
- Standard(s) with which full compliance was not achieved;
- Reason(s) for noncompliance; and,
- Impacts(s) for noncompliance on the audit.
If any internal audit unit in a Public Body, in any particular audit engagement, does
not comply with the Standard for the Professional Practice of Internal Audit, the
internal audit unit should disclose in its audit report the:
 Standard(s) with which compliance has not been achieved;
 Reason(s) for not complying; and,
 What impact(s) non-compliance will entail on the audit.
2440 Disseminating Results
The Chief Audit Executive should disseminate the results to appropriate individuals.
2440.A1 The Chief Audit Executive is responsible for communicating the
final results to individuals who can ensure that the results are
given due consideration. In Pubic Bodies, the Chief Internal
Auditor has to submit the audit report to the Head of the
Public Body at least annually. Individual audit reports have to
be submitted to the appropriate audit client with a copy, if
deemed necessary, to the Head of the Public Body. Internal
auditors of Public Bodies should discuss conclusions and
recommendations with appropriate levels of management
before issuing final audit reports.
Discussions of conclusions and recommendations are usually accomplished during the

course of the audit and/or at post-audit meetings (exit conferences). Another
technique is the review of draft audit issues, observations, and recommendations by
management of the internal audit unit. These discussions and reviews help ensure that

there have been no misunderstandings or misrepresentation of facts by providing the

opportunity for the audit client to clarify specific items and express views on the
observations, conclusions and recommendations.
Despite the fact that the level of participants in the discussion and reviews may vary by
organization and by the nature of the report, they will generally include those
individuals who are knowledgeable of detailed operations and those who can authorize
the implementation of corrective action.
The Chief Internal Auditor or a competent individual designated by him should review
and approve the final audit report before issuance and should decide to whom the
report will be distributed. The Chief Internal Auditor or a designate should approve
and may sign all final reports. If specific circumstances warrant, consideration should
be given to having the auditor-in-change, supervisor, or lead auditor sign the report as
a representative of the Chief Internal Auditor.
Final audit report should be distributed to those members of the organization who are
able to ensure that audit reports are given due consideration. This means that the
report should go to those who are in a position to take corrective actions or ensure that
corrective actions are taken. Final audit report should reach the management of the
activity under review.
2440.C1 The Chief Internal Auditor is responsible for submitting the

final report of consulting engagement to clients.
If auditors of Public Bodies perform consulting engagements, the Chief Internal
Auditor has the duty to submit final reports to the consulting clients.
2440.C2 During consulting engagements, risk management, control, and

governance issues may be identified; whenever these issues

are significant to the organization, they should be reported to

the Head of the organization.
2500 Monitoring Progress
The Chief Audit Executive should establish and maintain a system to monitor the
disposition of results communicated to management.
The Chief Internal Auditor should establish monitoring procedures to include the
following:
- A time frame within which management‟s response to audit observations and
recommendation is required;
- An evaluation of management‟s response;
- Verification of the response (if warranted);
- A follow –up review (if appropriate);
- A communication‟s procedure for unsatisfactory responses/ actions, including

the assumption of risk, to the appropriate level of management.
Some reported observations and recommendations should be so significant as to require

immediate action by management. These conditions should be monitored by the
internal audit unit until corrected because of the effect they may have on the
organization.
Techniques used to effectively monitor progress may include:

- Addressing audit observations and recommendations to the appropriate levels of
management responsible for taking corrective action.
- Receiving and evaluating management responses to audit observations and

recommendations during the audit or within a reasonable time period after the
audit reports are submitted. Responses are more useful if they include sufficient
information for the Chief Internal Auditor to evaluate the adequacy and
timeliness of corrective action.

- Receiving period of updates from management in order to evaluate the states of

management‟s efforts to correct previously reported conditions.
- Receiving and evaluating information from other organizational units assigned

responsibility for procedures of a follow-up or corrective nature. ??????
- Reporting to senior management or Heads of Public Bodies on the status of

responses to audit observations and recommendations.
2500.A1 The Chief Audit Executive should establish a follow-up process

to monitor and ensure that management actions have been
effectively implemented or that senior management has
accepted the risk of not taking action.
Internal auditors should determine that corrective action was taken and is achieving
the desired results, or that senior management or Head of the Public Body has assumed
the risk of not taking corrective action on reported observations.
Follow-up by internal auditors is defined as a process by which they determine the

adequacy, effectiveness, and timeliness of actions taken by management on reported
audit observations and recommendations, including those made by external auditors
and others.
Responsibility for follow-up should be defined in the internal audit unit‟s written
Charter. The nature, timing and extent of follow-up should be determined by the
Chief Internal Auditor. Factors that should be considered in determining appropriate
follow-up procedures are:
- The significance of the reported observations or recommendation.
- The degree of effort and cost needed to correct the reported condition.
- The impact that may result should the corrective action is taken.
- Complexity of the corrective action.
- The time period involved.

There may also be time where the Chief Internal Auditor judges that management‟s
oral or written response shows that action already taken is sufficient when weighed
against the relative importance of the audit observations or recommendations. On such
circumstances, follow-up may be performed as part of the next audit.
Internal auditors should ascertain that the actions taken on audit observations and
recommendations remedy the underlying conditions.
The Chief Internal Auditor is responsible for scheduling follow-up activities as part of
developing audit work schedules. Scheduling of follow-up should be based on the risk
and exposure involved, as well as the degree of difficulty and the significance of timing
in implementing corrective action.
2500.C1 The internal audit unit should monitor the deposition of results
of consulting work to the extent agreed upon with the client.
Internal auditors should be aware that the results of consulting work engagement need
follow-up to ensure the implementation of recommended actions.
2600 Management Acceptance of Risk
When the Chief Audit Executive believes that senior management has accepted a level
of residual risk that is unacceptable to the organization, the Chief Audit Executive
should discuss the matter with senior management. If the decision regarding residual
risk is not resolved, the Chief Audit Executive and senior management should report
the matter to higher oversight authority for resolution.
Management is responsible for deciding the appropriate action to be taken in response

to reported audit observations, and recommendations. The Chief Internal Auditor is
responsible for assessing such management action for the timely resolution of the
matters reported as audit observations and recommendations. In deciding the extent of

follow-up, internal auditors should consider procedures of follow-up nature performed

by others in the organization.
As stated in section 2060 of the standards paragraph 3 of Practice Advisory 2060-1,

senior management may decide to assume the risk of not correcting the reported
condition because of cost or other considerations. The Head of the Public Body should
be informed of senior management„s decision on all significant audit observations and
recommendations.

SESSION VII
CODE OF ETHICS
Professional Code of Ethics is one of the three mandatory elements of the Professional
Practice of Framework of Internal Auditing.
What is ethics?
Ethics is a branch of philosophy dealing with a systematic study of reflective choice of
the standards of right and wrong by which it is to be guided and of the good toward
which it may ultimately be directed (Weelwn‟ght). ????
This definition contains three key elements

(a) Ethics involves questions requiring reflective choice (decision problem);
(b) Ethics involves guides of right and wrong (moral principles);
(c) Ethics is concerned with values (good) inherent in ethical decision.
What is ethical problem?
A problem situation crops up while you are subjected to making choice among
alternative actions and the right choice is not absolutely clear. An ethical problem
situation is a problem situation on which the choice of alternative actions affects the
well-being of other persons either individually or collectively.
What is ethical behavior?
There are two standard philosophical answers to this question:

(a) Ethical behaviour is that which produces the greatest good and principles.

(b) Ethical behaviour is that which conforms to rules and moral principles.
Why does an individual or group need code of ethical conduct?

Because:
- Code serves a useful purpose as a reference and a benchmark;
- Code makes explicit some of the criteria for conduct to a profession;
- Code of Professional Ethics is able to provide some direct solutions that may not
be available from general ethics theory;
- An individual is better able to know what the profession expects;
- A code is a public declaration of principled conduct; and,
- It is a means of facilitating enforcement of standards of conduct.
Professional Code of Ethics:

Professional Code of Ethics is involved as a result of the special relationships between
members of the learned professionals and their clients; professional practitioners do not
keep those they serve at arms length.
The clients must place their trust on the ethical behaviour the professional. This trust
is enhanced when the professional is required to take oath or pledge to serve the public
honestly and diligently and to be governed by strict rules of ethical behaviour. Trust is
increased if the seeker of professional services can believe that those professionals who
violate their Code of Ethics will be taken to task by their peers.
Thus, any discipline aspiring to rise to professionalism, a Code of Ethics, enforced by a

professional body, adds validity to the claim of professionalism. Thus a Code of Ethics
is necessary and appropriate for the profession of internal auditing, founded as it is on
the trust placed in its objective assurance about risk management, control and

governance as reflected in the Definition of Internal Auditing. The Institute‟s Code of

Ethics, however, extends beyond the Definition of Internal Auditing to include two
essential components:
1. Principles that are relevant to the profession and practice of internal auditing;
2. Rules of Conduct that describe behaviour norms expected of internal auditors.

These rules are an aid to interpreting the practical application of the principles
into practical applications and are intended to guide the ethical conduct of
internal auditors.
Applicability and Enforcement

This Code of Ethics applies to both individual internal auditors and units and
organizations providing internal auditing services.
For internal auditors who are members of the Institute of Internal Auditors, the
Ethiopian Chapter (IIA/EC) breaches of the Code of Ethics will be evaluated and
administered according to administrative guidelines to be issued by the Ministry of
Finance and Economic Development (MoFED) which will be consistent with
guidelines to be developed by IIA/EC based on The IIA Bylaws and Administrative
guidelines. This Module has adopted the following Code of Ethics issued by IIA
without any modification or change.
Principles
Internal auditors are expected to apply and uphold the following principles:
Integrity
The integrity of internal auditors establishes trust and thus provides the basis for
reliance on the internal audit professional‟s judgment.
Objectivity
Internal auditors exhibit the highest level of professional objectivity in gathering,
evaluating, and communicating information about the activity or process being
examined. Internal auditors make a balanced assessment of all the relevant

circumstances and are not unduly influenced by their own interest or by others in
forming judgments.
Confidentially
Internal auditors respect the value and ownership of information they receive and do
not disclose information without appropriate authority unless there is a legal or
professional obligation to do so.
Competency
Internal auditors apply the knowledge, skills and experience needed in the
performance of internal audit services.
Rules of Conduct
1. Integrity
Internal auditors:
1.1. Shall perform their work with honesty, diligence, and responsibility.
1.2. Shall observe the law and make disclosures expected by the law and the
profession.
1.3. Shall not knowingly be a party to any illegal activity, or engage in acts that are
discreditable to the profession of internal auditing or to the organization.
1.4 Shall respect and contribute to the legitimate and ethical objectives of
organization.
2. Objectivity
Internal auditors:
2.1. Shall not participate in any activity or relationship that may impair or be
presumed to impair their unbiased assessment. This participation includes
those activities or relationship that may be in conflict with the interests of the
organization.

2.2. Shall not accept anything that may impair or be presumed to impair their
professional judgment.
2.3. Shall disclose all material facts known to them that, if not disclosed, may
distort the reporting of activities under review.
3. Confidentiality
Internal auditors:
3.1. Shall be prudent in the use and protection of information acquired in the
course of their duties.
3.2. Shall not use information for any personal gain nor in any manner that would
be contrary to the law or detrimental to the legitimate and ethical objectives of
the organization.
4. Competency
Internal auditors:
4.1. Shall engage only in those services for which they have the necessary
knowledge, skills and experience.
4.2. Shall perform internal auditing services in accordance with the Standards for
the Professional Practice of Internal Auditing.
4.3. Shall continually improve their proficiency and the effectiveness and quality of
their services.
IV. INTERNAL CONTROL SYSTEM
SESSION VIII
INTERNAL CONTROL SYSTEM
Session Overview
So far, in the previous modules, we have discussed the concept of auditing,
Ethiopian Internal Auditing Standards and Professional Ethics as well as the Code

of Conduct. In the Ethiopian Internal Auditing Standards the relevant standard

regarding internal control system is paragraph 2120: “the internal audit activity
should assist the Public Body in maintaining effective controls by evaluating their
effectiveness and efficiency and by promoting continuous improvement.”
To comply with this Standard and as an essential step of determining the audit
approach to be adopted the internal auditor should understand the internal control
system and be able to evaluate the effectiveness and adequacy of the internal
control system. In this Session we shall discuss and understand what an internal
control system is all about. In the next Session we shall dwell upon the subject of
evaluating an internal control system.
Session Learning Objective

Through lecture, discussion and exercise participants will be able to describe and
understand an internal control system.
Main points To Be Discussed
The following are key areas to be discussed:
- Definition of internal control system;

- The control process;
- Types and classifications of controls;
- Components of an internal control system;
- The impact of computers on the internal control system; and,
- Limitations of internal control.
Definition of Internal Control System

Control may be defined as “any action taken by management to enhance the
likelihood that established objectives and goals will be achieved.”
The International Organization of Supreme Audit Institutions (INTOSAI)

defines internal control as “an integral process that is effected by an entity‟s

management and personnel, designed to address risks and to provide reasonable

assurance that in the pursuit of the entity‟s mission, the following general
objectives will be achieved:
 Executing orderly, ethical, economical, efficient and

effective operations;
 Fulfilling accountability obligations;
 Complying with applicable laws and obligations;
 Safeguarding resources against theft, misuse and damage.
It is worth understanding the key elements in the above definition of internal
control:
 An integral process: internal control is not one event or

circumstance, but a series of actions that reaches an entity‟s
activities which occur throughout an entity‟s operation on an
ongoing basis;
 Effected by management and personnel: people are what make
internal control work. It is accomplished by individuals within an
organization by what they do and say. In other words, internal
control is effected by people;
 In pursuit of the entity‟s mission: any organization is primarily
concerned with the achievement of its mission;
 To address risks: whatever the mission maybe its achievement will
face all types of risks. The task of management is to identify and
respond to these risks in order to maximize the likelihood of
achieving the entity‟s mission;
 Provides reasonable assurance: no matter how well designed and
operated, internal control cannot provide management absolute
assurance regarding the achievement of general objectives.
Instead, a “reasonable” level of assurance is attainable;

 Achievement of objectives: internal control is geared to the

achievement of a separate but interrelated series of general
objectives:
- Executing orderly, ethical, economical, efficient and effective
operation;
- Orderly means in a well-organized way, methodical;
- Ethical relates to moral principles. Ethical behavior nowadays
is emphasized in the prevention and detection of fraud and
corruption;
- Economical means being not wasteful or extravagant in terms
of getting the right amount of resources at the right quantity
and quality, delivered at the right time and place, at the
lowest cost;
- Efficient refers to the relationship between the resources
used and the outputs produced to achieve the objectives. It
means the minimum resource inputs to achieve a given
quantity and quality of outputs, or a maximum output with a
given quality quantity of resource inputs;
- Effective refers to the accomplishment of objectives or the
extent to which the outcome of an activity matches the
objective or the intended effects of that activity.
 Fulfilling accountability obligations: accountability is the process
whereby public service organization and individuals within them
are held responsible for their decisions and actions.
 Complying with laws and regulations: organizations particularly
public organizations are required to follow many laws and
regulations.
 Safeguarding resources against loss, misuse and damages: This is to
stress the significance of safeguarding resources in the public sector.

In the Ethiopian context, based on the above definition of internal control we

can define internal control system as all policies and procedures adopted by the
Head of a Public Body to assist in the achievement of its objectives ensuring as
far as practicable the orderly, economical, efficient and effective conduct of its
operations including:
 Adherence to internal policies, rules and regulations;

 The safeguarding of assets;
 The prevention and detection of fraud and errors;
 The accuracy and completeness of the accounting records;
 The timely preparation of reliable financial and management
information.
THE CONTROL PROCESS
Controls do not exist in isolation but are an integral part of the whole
management process. Once controls are put into operation, they should be
subject to continuous or periodic review. Controls are introduced to achieve
certain specified objectives set by management, as there is no point in
introducing a control if there is no known objective. It is management‟s duty to
introduce controls and monitor the operation of these controls to ensure that
they are continuing to meet the original objective. The process of setting
objectives, selecting appropriate controls to meet these objectives, monitoring
results, etc., is known as the control process. The process can be classified into
various stages.

Stages in the Control Process
The first stage is the determination of objectives by management. Lower level

objectives should fit in the organization‟s overall objectives. Those being
controlled should be aware of the objectives so that they will be able to
appreciate the need for control. The objectives can be quantified or expressed
in qualitative terms; for example units to be produced or authorization of all
orders placed. This sets a standard against which to measure the actual result.
The second stage is the design and implementation of measures to achieve the
objectives. Management selects the appropriate measures which it considers
will achieve the objective in the most economic, efficient and effective manner.
These measures are then implemented.
The third stage is measuring results. The results of the control measures have to
be measured to see whether they have met the objectives and achieved the
target set. To compare to the standard or expected result management must
establish procedures to collect the needed information.
In the fourth stage, the actual results achieved are compared to the standard.
This gives a measure of how well the objective has been achieved. A
management decision is required as to whether the actual results are acceptable
or not. If the actual results are not acceptable, the next stage will be
undertaken.
In the fifth stage, analysis of causes of differences should be made in order to

determine why the standard was not achieved. There could be several reasons
why the standard was not attained. For example, the standard may have been

unrealistic, the measures taken may have been inappropriate or not properly
carried out or implemented.
The sixth stage is the determination of appropriate managerial action. Here,

management must decide what action to take depending upon the results at
stage five above. The action that may be taken could be:
1. Continue with the measures hoping it may eventually work;

2. Change the way the measures are operated;
3. Introduce new or additional measures;
4. Abandon the objective or make the standard more realistic.
At stage seven, action is taken based on the decision reached at stage six.
At the last stage, there is a need for continuing appraisal in order to ensure that
the original measures are still effective or the new decisions implemented are
producing acceptable results. This appraisal should continue until the objective
is attained or abandoned.
TYPES AND CLASSIFICATIONS OF CONTROLS

In general, there are two types of internal control within an organization:
financial control and management control. Financial controls are primarily
concerned with budgetary controls and internal controls regarding procedures
to insure the accuracy and reliability of accounting records/ data and to
safeguard assets. Management control, on the other hand, is concerned with
the plan of organization and all of the coordinate methods and measures
adopted within a business to promote operational efficiency and encourage
adherence to prescribed managerial policies.

The two types of internal controls are not mutually exclusive as some of the
methods and procedures in financial controls may also be involved in
management controls. For example, sales and cost records classified by products
may be used both for financial control purposes and for making management
decisions about product pricing.
Controls can also be classified functionally as follows:

 Organizational controls Public Bodies should have a plan of their
organization, defining duties and responsibilities and identifying lines
of reporting for all operations. The delegation of authority should be
clearly defined. As part of the organizational controls emphasis should
be given to the separation of those responsibilities or duties which
would enable one individual to record and process a complete
transaction. Such controls reduce the risk of intentional manipulation
and unintentional errors. Functions, which should be separated as a
minimum, include authorization, execution, operation, custody and
recording.
 Accounting controls: these are the controls within the accounting

function employed to ensure that transactions are correctly recorded
and processed after proper authorization. Such controls include
verifying the arithmetical accuracy, checking totals, reconciliations,
maintenance of control accounts, subsidiary ledgers and trial balances
and proper documentation of all transactions.
 Physical controls: These are concerned with the custody of assets and
involve procedures and security measures designed to ensure that
access to assets is limited to authorized personnel.

 Personnel control: there should be procedures to ensure that

personnel have knowledge and skills commensurate with their
assigned responsibilities. This is essential as proper functioning of any
system depends on the competence and integrity of those operating it.
The qualifications, selection and training as well as character
assessment of staff to be recruited are important aspects to be
considered in setting personnel control system.
 Basic controls: These include controls regarding the system of

documentation, controls over original document such as receipt
vouchers, sales invoices, etc., in terms of pre-numbering them serially
and supervisory control regarding the supervision by responsible
officials of the day to day operations and related documentation.
Internal controls may also be classified by way of the control objective. The
control objective is the purpose for which controls have been designed. These
controls can be categorized in four areas:
 Directive controls which cause or encourage a desirable event to

occur (for example, establishing a procedure for an operation);
 Preventive controls which deter undesirable event (for example
segregation of duties and requirements for authorization);
 Detective controls which detect undesirable events which have
already occurred (for example, supervision and reviews);
 Corrective controls which correct errors that have been detected (for
example, collecting over payment to vendors, dismissing incompetent
personnel, etc.)

Components of Internal Control

Internal control consists of five interrelated components:
 Control environment;
 Risk assessment;
 Control activities;
 Information and communication; and,
 Monitoring.
Internal control is designed to provide reasonable assurance that the

organization's general objectives are being achieved. Although general control
objectives may vary from organization to organization the most important are
accountability and reporting; compliance with laws and regulations; orderly,
ethical, economical, efficient and effective operations; and safeguarding
resources. Therefore, clear objectives are a prerequisite for an effective internal
control process.
The Control Environment

The control environment is the tone of the organization influencing the control
consciousness of its staff. It is the foundation of the entire internal control
system. It provides the discipline and structure as well as the climate, which
influences the overall quality of internal control. It has overall influences on
how strategy and objectives are established, and control activities are structured.
Elements of the control environment are:
1) The personal and professional integrity and ethical values of management

and staff, including a supportive attitude toward internal control at all times
throughout the organization;

2) Commitment to competence: This includes the level of knowledge and skill

needed to help ensure orderly, ethical, economical, efficient and effective
performance, as well as a good understanding of individual responsibilities
with respect to internal control,
3) The "tone at the top" (i.e. management's philosophy and operating style)
which reflects,
 A supportive attitude towards internal control at all times,
independence, competence and leading by example;
 A code of conduct set out by management, and counseling and

performance appraisals that support the internal control objectives
and, in particular, that of ethical operations.
4) Organization structure including
 Assignment of authority and responsibility;
 Empowerment and accountability,
 Appropriate line of reporting.
5) Human resource policies and practices, which include hiring and staffing,
orientation, training (formal and on-the-job) and education, evaluating and
counseling and providing and compensating.
Risk Assessment
Having set clear objectives and established an effective control environment an
assessment of the risks facing the organization as it seeks to achieve its mission
and objectives provides the basis for developing an appropriate response to risk.
Risk assessment is the process of identifying and analyzing relevant risks to the
achievement of the organization's objectives and determining the appropriate
response. This implies:

1) Risk identification, which is related to the objective of the organization

and in a comprehensive manner to include all risks of internal and
external sources as well as possibilities of fraud and corruption.
2) Risk evaluation in terms of estimating the significance of risk and
assessing the likelihood of the risk occurrence, the objective being to
inform management about areas of risk where action needs to be taken
considering their relative priority.
3) Assessment of the risk appetite of the organization where risk appetite

means the amount of risk to which the organization is prepared to be
exposed to before it judges action to be necessary.
4) Development of responses whereby there are four types: transfer,
tolerance, treatment or termination of which risk treatment is the most
relevant because effective internal control is the major mechanism to treat
risk.
Risk assessment should be ongoing interactive process as governmental,
economic industry, regulatory and operating conditions are in constant change.
Control Activities
The third component, control activities is the major strategy for mitigating risk.
Control activities are the preventive and/or detective internal control measures
taken. Corrective actions are a necessary complement to internal control
activities in order to achieve the objectives.
To be effective, control activities must be appropriate, function consistently

according to plan throughout the period and be cost-effective, comprehensive,
reasonable and directly relate to the control objectives.

Control activities occur through out the organization, at all levels and in all
functions. They include the following range of detective and preventive control
activities, for example:
1 Authorization and approval procedures:
Authorizing and executing transaction events are only done by
persons acting within the scope of their authorities. Authorization is
the principal means of ensuring that only valid transactions and events
are initiated as intended by management. Authorization procedures,
which should be documented and clearly communicated to managers
and employees, should include the specific conditions and terms under
which authorizations are to be made.
2 Segregation of duties (authorizing, custodianship, processing, recording,

reviewing):
To reduce the risk of error, wastes, or wrongful acts and the risk of not
detecting such problems, no single individual or team should control
all key stages of a transaction or event. Rather, duties and
responsibilities should be assigned systematically to a number of
individuals to ensure that effective checks and balances exist. Key
duties include authorizing and recording transactions, custodianship,
processing and reviewing or auditing transactions.
3 Controls over access to records:
Access to resources and records is limited to authorized individuals
who are accountable for the custody and/or use of the resources.
Accountability for custody is evidenced by the existence of receipts,
inventories, or other records assigning custody and recording the
transfer of custody. Restricting access to resources reduces the risk of
authorized use or loss to the Government and helps achieve
management directives.

4 Verifications:
Transactions and significant events are verified before and after
processing, e.g. when goods are delivered, the number of goods
supplied is verified with the number of goods ordered. When
supplier's invoice is received the number of goods received is verified.
The inventory can also be verified by stocktaking.
5 Reconciliation:
Records are reconciled with the appropriate documents on a regular
basis, e.g. the accounting records relating to bank accounts are
reconciled with the corresponding bank statements.
6 Review of operating performance:

 Operating performance is reviewed against a set of standards on a
regular basis, assessing effectiveness and efficiency. If
performance reviews determine that actual accomplishment do
not meet established objectives or standards, the processes and
activities established to achieve the objectives should be reviewed
to determine if improvements are needed.
 Review of operations, processes and activities of operations,
processes and activities should be periodically reviewed to ensure
that they are in compliance with current regulations, policies,
procedures or other requirements.
 Supervision (assigning, reviewing and approving guidance and
training): competent supervision helps to ensure that internal
control objectives are achieved. Assigning, reviewing and
approving an employees work includes:

- Clearly communicating the duties, responsibilities and

accountabilities assigned to each staff member;
- Systematically reviewing each member's work to the
extent possible;
- Approving work at critical points to ensure that it flows as
intended.
 A supervisor's delegation of work should not reduce the
supervisor's accountability for these responsibilities and duties.
Supervisors also provide their subordinates with the necessary
guidance and training to help ensure that errors, waste, and
wrongful acts are minimized, and that management directives are
understood and achieved.
Information and Communication
The fourth component of internal control is information and communication.

Effective information and communication is vital for an organization to run and
control its operations.
Information and communication are essential to the realization of all the

internal control objectives. For example, the objectives of fulfilling
accountability obligations can be achieved by developing and maintaining
reliable and relevant financial and non-financial information and
communicating this information by means of full disclosure in timely reports.
Information and communications related to the organization's performance will

create the possibility to evaluate the orderliness, ethicality, economy and
efficiency and effectiveness of operations.

Information is needed at all levels of the organization in order to have effective

internal control and achieve the organization's objectives. Therefore, pertinent
and relevant information should be identified, captured and communicated in a
form and time frame that enables people to carry out their internal control and
other responsibilities.
Management's ability to make appropriate decisions is effected by the quality of

information, which implies that the information is appropriate, timely, current,
accurate and accessible.
Monitoring
Monitoring is the fifth and final component. Since internal control is a dynamic
process that has to be adapted continuously to the risks and changes an
organization faces, monitoring of the internal control system is necessary to
help ensure that internal control remains turned to the changed objectives,
environment, resources and risks.
Monitoring can be done on an ongoing basis or through separate evaluations.
Ongoing monitoring of internal control occurs in the course of normal,
recurring operations of an organization. It is performed continually and is
ingrained in the organization's operations. As a result, it is more effective than
separate evaluation as corrective actions are taken immediately while separate
evaluations take place after the fact.
Monitoring should also include policies and procedures aimed at ensuring the
findings of audits and other reviews are adequately and promptly resolved.
Relationships of Objectives and Components

There is a direct relationship between the general objectives, which represent
what an entity strives to achieve, and the internal control components, which
represent what is needed to achieve the general objective. The relationship is
depicted in a three-dimensional matrix, in the shape of a cube.

The four general objectives - accountability (and reporting), compliance (with

laws and regulations), (orderly, ethical, economical, efficient and effective)
operations and safeguarding resources - are represented by the vertical columns,
the five components are represented by horizontal rows, and the organization
or entity and its departments are depicted by the third dimension of the matrix.
Each component row “cuts across” and applies to all four general objectives. For
example, financial and non-financial data generated from internal and external
sources, which belong to the information and communication component, are
needed to manage operations, report and fulfill accountability purposes, and
comply with applicable laws.
Similarly, looking at the general objectives, all five components are relevant to
each objective. Taking one objective, such as effectiveness and efficiency of
operations, it is clear that all five components are applicable and important to its
achievement.
Internal control is not only relevant to an entire organization but also to an

individual department. This relationship is depicted by the third dimension,
which represents entire organizations, entities and departments. Thus, one can
focus on any of the matrix's cells. See matrix at the end of this session.
The Impact of Computers on Internal Control Systems:

The use of automated system to process information introduces several risks that
need to be considered by the organization. These risks come from, among other
things, uniform processing of transactions, increased potential for undetected
errors, existence, completeness and volume of audit trails, the nature of the
hardware and software used; and recording unusual or non-routine transactions.
For example, an inherent risk from the uniform processing of transactions is
that any error arising from computer programming problems will occur
consistently with similar transactions. It is, therefore, essential that internal

auditors understand the impact of computers on internal control systems and

the measures that should be taken to maintain an effective internal control
system in a computer environment.
Effective computer controls can provide management with reasonable assurance

that information processed by its system meets desired control objectives, such
as ensuring the completeness, timeliness, and validity of data and preserving its
integrity. Computer controls consist of two broad groupings: general controls
and application controls.
General controls:
General controls are the structure, policies and procedures that apply to all or
large segment of an organization‟s information systems such as mainframe,
minicomputer, network and end-use environments and help ensure their proper
operation. They create the environment in which application systems and
controls operate.
The major categories of general controls are:
(1) Entity wide security program planning and management provide a
framework and continuing cycle of activity for managing risk,
developing security policies, assigning responsibilities, and
monitoring the adequacy of the entity's computer-related controls.
(2) Access controls limit or detect access to computer resources (data,
programs, equipment, and facilities), thereby protecting these
resources against unauthorized modification, loss, and disclosure.
Access controls include both physical and logical controls.
(3) Controls on the development, maintenance and change of application
software prevent unauthorized programs or modifications to existing
programs.

(4) System software controls limit and monitor access to the powerful
programs and sensitive files that control the computer hardware and
secure applications supported by the system.
(5) Segregation of duties implies that policies, procedures and an

organizational structure are established to prevent one individual
from controlling all key aspects of computer-related operations and
thereby conducting unauthorized actions or gaining unauthorized
access to assets or records.
(6) Service continuity controls help to ensure that when unexpected
events occur, critical operations continue without interruption and/
or critical and sensitive data are promptly protected.
Application controls
Application controls are the structure, policies, and procedures that apply to
separate, individual application systems such as accounts payable, inventory,
payroll, grants, or loans and are designed to cover the processing of data within
specific applications software. These controls are generally designed to prevent,
detect, and correct errors and irregularities as information flows through
information systems.
Application controls and the manner in which information flows through

information systems can be categorized into three phases of a processing cycle:
1 Input: data are authorized, converted to an automated form, and entered

into the application in an accurate, complete, and timely manner;
2 Processing: data are properly processed by the computer and files are
updated correctly; and,

3 Output: files and reports generated by the application reflect transactions

or events that actually occurred and accurately reflect the results of
processing, and reports are controlled and distributed to the authorized
users.
Application controls may also be categorized by the kinds of control objective

they relate to, including whether transactions and information are authorized,
complete, accurate and valid. Authorization controls concern the validity of
transactions and help ensure transactions represent events that actually
occurred during a given period. Completeness controls relate to whether all
valid transactions are recorded and properly classified. Accuracy controls
address whether transactions are recorded correctly and all the data elements
are accurate. Controls over the integrity of processing and data files, if
deficient, could nullify each of the above-mentioned application controls and
allow the occurrence of unauthorized transactions, as well as contribute to
incomplete and inaccurate data. Application controls include programmed
control activities, of computer-generated output, such as automated edits, and
manual follow-up of computer-generated output, such as reviews of reports
identifying rejected or unusual items.
Limitations of Internal Control Systems

An effective system of internal control reduces the probability of not achieving
the control objectives. However, because of various limitations, internal control
fails to operate as intended. The following are some of the limitations:
- Management override of control systems;
- Abuse of authorization responsibilities;
- Collusion between two or more members of the staff;

- Collusion with interests of outside parties;

- Fraud;
- Systems which present obvious opportunities for abuse;
- Failure of top management to act decisively on
- Breaches of internal control system;
- Destruction of evidences by those responsible for abuse;
- The need to design and operate an internal control system in a cost-
effective manner. Thus some controls may not be instituted just
because they are not cost effective.
Session Summary
In this Session we have

 Defined control, internal control and internal control system;
 Identified different ways of classifying internal control;
 Discussed the general objectives and related components of internal
control and their relationships;
 Discussed the impacts of computers on the internal control system and
described the necessary controls in terms of general controls and
application controls;
 Identified some of the limitations of internal control.

Exercise 8-1
Internal Control System
Purpose:
To describe the components of internal control system and explain the
relationships between the components
Instructions
1. Perform the exercise individually.
2. Read the information given below.
3. Complete the required tasks.
4. Hand in your answer sheet for evaluation.
5. Suggested solution will be handed out and discussed.
As a senior internal auditor, you have been asked by the Chief Internal Auditor
to prepare a presentation for the audit staff meeting in order to discuss about the
components of internal control system and the relationship between the
components as well as the general objectives of internal control system. In your
presentation you have to address the following points:
a. The components of internal control.
b. Their interrelationship between the general objectives and the

components.
Required
Describe in detail the points you should make in your presentation.
Allotted time: 30 min.

SESSION IX
Evaluating Internal Controls
Session Overview
In the previous module, we have defined internal control system and discussed
the five components of internal control in order to properly understand and
ascertain an internal control system. In accordance with the International
Standards for the Professional Practice of Internal Auditing under paragraph
2120 the Internal Audit Activity should assist the organization in maintaining
effective controls by evaluating their effectiveness and efficiency and by
promoting continuous improvement. Internal auditors should, therefore,
evaluate the internal control system of the Public Body under audit. The
purpose here is not only to assist the Public Body to maintain an effective
internal control system but also to determine the audit approach to be adopted.
Session Learning Objective

Through lecture, discussion and exercise participants will be able to understand
how to assess and evaluate internal control system of a public body under audit.
Key Points to be Covered

 Tools for evaluating internal control.
 Control Tests .
 Audit sampling.
Tools for Evaluating Internal Controls

Evaluating and reporting on internal controls in order to recommend
improvement is the main responsibility of internal auditors although internal
auditors have to assess the effectiveness of the internal control system before
they determine the audit approach of a particular audit.

This involves:
 Identifying existing controls, documenting their characteristics
and identifying areas not covered by controls;
 Understanding the purposes of existing controls;
 Establishing criteria in order to determine the adequacy of
internal controls;
 Testing controls to check whether they operate effectively;
 Reporting to management about the effectiveness of the
operation of controls;
 Recommending remedial actions to improve internal controls
where necessary.
The purpose here is to provide the necessary assurance to management that
controls are adequate in principle and practice.
For the purpose of determining the audit approach to be adopted during an

audit the internal auditor evaluates the internal control system to determine the
extent of reliance.
The most important criteria for evaluating controls, among others, are
relevance, cost of operation (both direct and indirect) feasibility, and
effectiveness in meeting control objectives, complexity/ simplicity and
adequacy.
There are various tools used to ascertain and evaluate internal control system
among which Internal Control Questionnaires (ICQs), Internal Control
Evaluation Questionnaires (ICEQs) and flow charts are considered here.

Internal Control Questionnaires (ICQs)
ICQs are used to assess whether controls exist which meet specific control
objectives. The major question which ICQs are designed to answer is "how
good is the system of controls?" Where strengths are identified, the internal
auditor has to undertake tests of control in the relevant area. If, however,
weaknesses are discovered the internal auditor should ask what errors or
irregularities could be possible as a result of those weaknesses.
Although there are different forms of ICQs in practice, they mainly comprise a
list of questions designed to determine whether effective controls are
implemented. Since it is the primary purpose of an ICQ to evaluate the system
rather than narrate it, one of the most effective ways of designing the
questionnaires is to phrase the questions so that all the answers can be given as
"YES" or "NO". A "NO" answer indicates a weakness in the system while a
"YES" answer indicates the existence of the control subject to verification and
testing. Examples of ICQs are given in Annex XIX-XXVII of Internal Audit
Manual.
One of the strengths of ICQs is that they facilitate the orderly evaluation of
controls present in a system. A weakness of ICQs is that they can promote a
somewhat standardized approach to evaluation. Thus answering the question
becomes an end in itself rather than being a means to an end. The auditors are
concerned whether the controls do or do not prevent the possibility of the
occurrence of material errors. This is not always easy to determine with an ICQ
where the questions are of equal weight. In many systems a particular "No"
answer (say referring to a lack of segregation of duties) may cancel the value of a

string of "Yes" answer. Each situation must be judged on its own merit and,
therefore, despite the fact that ICQs are of a standard format, they should be
used with imagination. As using ICQs is a responsible task which needs skills,
the evaluation should be performed by a senior member of the audit team.
Internal Control Evaluation Questionnaires (ICEQS)

Internal Control Evaluation Questionnaires (ICEQS) are used to determine
whether there are controls, which prevent or detect specified errors or
omissions. This is an evaluation technique more concerned with assessing
whether specific errors (or irregularities) are possible rather than establishing
whether certain effective controls are present. This is achieved by reducing the
control criteria for each transaction stream down to a handful of key questions
(or control questions) whose characteristic is that they concentrate on the
significant errors or commission that could occur at each phase of the
appropriate cycle if controls are weak. Each key control question is supported
by detailed control points to be considered in relation to key control question
for the system. An example of ICEQS is given in annex XXVIII of the Internal
Audit Manual.
Flow Charts
A flow chart is a pictorial or diagrammatic representation of the flow of
transaction, which may vary depending upon the system used is manual or
computerized. The flow of documentation is actually ascertained in correct
sequence from initiation of a transaction to its final entry in the books. Flow
charts are particularly recommended for analyzing complex systems into their
component parts thereby revealing gaps and weaknesses in the system.

Tests of controls
Ascertaining and evaluating the internal control system by using various
techniques such as ICQs, ICEQs and flow charts does not
necessarily mean the system operates effectively and consistently in practice.
This has to be verified by undertaking tests of controls by using sampling
techniques.
There are two types of tests of controls:
 Substantive tests to check whether the output of a system is correct, for

example, to verify whether the balances in the financial statements are
compiled from the accounting records.
 Compliance tests to check whether the controls have been effectively

complied with in practice throughout the period.
External auditors are more concerned with substantive tests because they need
to express an opinion on the reliability of the financial statements. Internal
auditors on the other hand are more concerned with compliance tests as they
have the responsibility to advise the Head of the Public Body about the
adequacy of internal controls.
Compliance testing presents four major issues:

 What controls are to be checked.
 What types of compliance tests are to be carried out.
 How much compliance testing is to be carried out.
 Determining the impact of errors, etc. on the effectiveness of

controls.

What controls to check

This is probably the most important part of compliance testing. The auditor
must understand the entity, which is to be audited - its structure, location,
staffing, operational procedures, resources, responsibilities, objectives and
controls. The auditor must also understand that the resources available for
carrying out the audit are limited. As a result, the fact that a choice is needed
(of what controls to check) becomes more obvious.
The key to this choice is the ability to distinguish what is relevant and
important from what is not. In deciding what is relevant and important the
following may be considered:
 The amount of money involved; (for instance if 80% of expenditure is made

up of 30 large transactions and the other 20% of 4,000 transactions, a good
audit coverage could be obtained by auditing all the 30 large transactions
and a sample of the 4,000 small transactions. It would cover more than the
80% of the expenditures in value, but a much smaller proportion by number
of transactions checked).
 The major responsibilities of the Public Body (for instance if the

responsibilities of the Public Body lie in three main areas) assuming:
a. 60% of the expenditure;
b. 30% of the expenditure and
c. the rest, the resources available for audit could be allocated in

similar proportions and this would lead to controls being
checked throughout the entity taking into consideration
materiality.

 The amounts and types of assets held by the Public Body (for instance if the
Public Body holds large inventories or uses a large fleet of vehicles these
may be the focus of compliance tests).
 The areas of greatest risk (this is partly a reflection of the amounts of money
involved as already discussed, but the choice is also influenced by the
possible extent of losses. An indicator might be losses, frauds, etc.
uncovered by previous audits or by other means. The auditor has to gain
some idea of the probability of loss and combine it with an idea of the
amounts of money/ resources, which may be vulnerable to loss.)
 The areas where the management considers itself most vulnerable to loss,
abuse, etc.
 Procurement (this is inherently an area of high risk. The auditor must assess
the importance of procurement relative to other activities of the Public
Body. If procurement is important, the audit will have to reflect this).
 The strength of internal control systems as revealed by previous audits

(identified weaknesses will be the focus of tests of controls).
Using criteria of this sort, the auditor should be able to explain why particular
controls are to be checked intensively and why others are to be checked less
intensively.

What types of compliance test to carry out?

The following are the major types of compliance tests, the first being by far the
most prevalent and in the majority of cases, the most important:
 Verification of documents - Each process leaves a documentary trail. This

can be followed for similar transactions (e.g. all purchase invoices) or it can
be followed throughout the entire history of a transaction (e.g. all purchases
covering order, delivery, entry into stores, payable amount and payment and
issue from stores). Possible verification techniques include: vouching
(checking all the relevant details of sampled documents); confirmation by
third parties (for example checking amounts payable to suppliers, or cash
book transactions against bank statements); comparison of similar
transactions (for example checking of a series of documents for similar
signatures).
 Observation - Sometimes documentary evidence is missing or actual

procedures differ from official instructions. Observation supplements
verification of documents. It is necessary for example in counting physical
inventory and the payment of wages when payment is made in notes and
coins. It can also be used to see how safes and secure areas are managed and
how documents are kept.
 Enquiry/ interview - Actual procedures may differ from designed

procedures. Enquiry may be necessary to find out how staff members
interpret and implement controls and necessary actions. Enquiry and
interview throw important light on informal as well as formal procedures.

 Re-performance - It may be possible to set up dummy transactions and to

test how transactions are in fact handled. This allows comparison between
controls as designed and controls in operation. Alternatively, a task that has
been verified as part of a system of internal control may be re-verified by
the auditor (for example checking the correctness of bank reconciliation).
How much compliance testing to carry out

One hundred per cent checking is impossible because of limited audit resources.
Selection is therefore necessary. The main selection criteria are:
  Size of transaction (i.e. monetary amount).
 Risk to the entity.
 Importance to management.
 “Sensitivity” or nature of the transaction (i.e. particular transactions
such as entertaining expenses may be quite small but still important
due to their sensitivity).
Let us assume that we employ only one of the above criteria (size of monetary
amount) and that the audit concerns physical controls on the acquisition of
materials to be used in construction contracts; the decision on compliance
testing might be as follows:
Purchase amount % of cases

in „000 Birr to be examined
1-5 5
6-10 10
10-25 25
25-50 50
Over 50 100
The result of this is that the intensity of compliance testing is related directly to
the amounts of money involved.

On the one hand, more cases will give greater certainty about findings; on the
other, the larger the number of cases examined the higher the cost. Let us take
for example an examination of vehicle logbooks. Ninety per cent of logbooks
have been examined and audit findings established. What will be the likely
effect on audit findings, if the final 10% are checked? If the characteristics,
which are the subject of audit are evenly distributed throughout the universe of
logbooks, the likely effect will approach zero. But if the logbooks in the final
10% of cases are quite different from the other logbooks (e.g. they are the
logbooks of vehicles allocated to managers), the effect on audit findings could be
considerable.
If information systems are computerized (depending on the adequacy of these

systems) the population of transactions subject to audit and their key
characteristics can be downloaded to the auditor‟s computer and manipulated so
that sampling can take place. However, many systems lack the capacity for this.
The auditor is left with less than ideal sampling methods: judgmental sampling
and stratified sampling. Provided that sampling follows the basic criteria
explained in paragraph 10 above, it will result in selective compliance checks
proportionate to the risk, and this is what is needed.
Audit sampling
The internal auditor can arrive at valid conclusion using audit sampling. „Audit
sampling‟ means the application of audit procedures to less than 100% of the
items within an account balance or class of transactions to enable auditors to
obtain and evaluate audit evidence about some characteristics of the items
selected in order to form or assist in forming a conclusion concerning the
population which makes up the account balance or class or transactions.

It is important to recognize that certain testing procedures do not come within

the definition of sampling. Tests performed on 100% of the items within a
population do not involve sampling. Likewise, applying audit procedures to all
items within a population which have a particular characteristic (for example all
items over a certain amount) does not qualify as audit sampling with respect to
the portion of the population examined, nor with regard to the population as a
whole, since the items were not selected from the total population on a basis
that was expected to be representative.
Design of the sample

When designing the size and structure of an audit sample, auditors should
consider the specific internal control objectives, the nature of the population
from which they wish to take a sample, and the sampling and selection
methods. When audit sampling is appropriate, considerations or other
characteristics relating to the evidence assists internal auditors in defining what
constitutes an error and what population to use for procedures; auditors may be
concerned with matters such as whether an invoice was clerically checked and
properly approved.
To assist in the efficient and effective design of the sample, stratification may be
appropriate. Stratification is the process of dividing a population into sub-
populations, each of which is a group of sampling units, which have similar
characteristics (often monetary value). The strata are explicitly defined so that
each sampling unit can belong to only one stratum. This process can be used to
reduce the variability of the items within each stratum. Stratification therefore
enables auditors to direct audit effort towards the items, which, for example,
contain the greatest.

Sample size
When determining sample sizes, internal auditors should consider sampling risk
and the extent to which they expect to find errors. Sampling risk arises from
the possibility that internal auditors‟ conclusion, based on a sample, may be
different from the conclusion that would be reached if the entire population
were subjected to the same audit test.
Sampling risk can be contrasted with non-sampling risk which arises when
internal auditors use any audit procedures. Non-sampling risk arises because,
for example, most audit evidence is persuasive rather than conclusive, or
internal auditors might use inappropriate procedures or might misinterpret
evidence and thus fail to recognize an error or irregularity. Internal auditors
should attempt to reduce non-sample risk to a negligible level by appropriate
planning, direction, supervision and review.
If internal auditors expect errors to be present in the population, a larger sample

than when no error is expected generally has to be examined. The size and
frequency of errors is important in assessing the sample size. Large sample sizes
arise, for the same overall error, if there are a few large errors compared to
where there are many small ones. Smaller sample sizes result when the
population is expected to be error free. If the expected error rate is high then
sampling may not be appropriate. In determining the expected error in a
population, auditors consider such matters as the size and frequency of errors
identified in previous audits, changes in the Public Body‟s procedures and
evidence available from other procedures.

Selection of the sample

Internal auditors should select sample items in such a way that the sample can
be expected to be representative of the population in respect of the
characteristics being tested. For a sample to be representative of the population,
all items in the population are required to have an equal or known probability
of being selected.
While there are a number of selection methods, three methods commonly used
are:
 Random selection, which ensures that all items in the population have
an equal chance of selection, for example by use of random number
tables;
 Systematic selection, which involves selecting items using a constant
interval between selections, the first interval having a random start.
When using systematic selection, internal auditors ensure that the
population is not structured in such a manner that the sampling interval
corresponds with a particular pattern in the population; and,
 Haphazard selection, which may be an acceptable alternative to
random selection provided internal auditors are satisfied that the sample
is representative of the entire population. This method requires care to
guard against making a selection which is biased, for example towards
items which are easily located, as they may not be representative.
It does not follow that internal control systems are ineffective, just because
errors have been detected in them. A judgment is needed on the significance of
errors and their frequency before any judgment can be made. For example, the
signatures on purchase orders have been wrong for several months because of
absence and temporary replacement of the concerned member of staff, without
any change in authorized signatories. There is certainly a control weakness (not

updating authorized signatories) but it may not be a serious weakness (for

example if no adverse consequences could be detected because other
compensating controls were working).
Internal auditors therefore need to understand fully the implications of errors

discovered. One way to do this is to assess:
 The severity and frequency of errors discovered.
 Their impact on the integrity of the internal control system.
 The actual evidence of loss, wastage, abuse, etc.
 Whether internal control systems are at real risk.
The internal auditor should consider the above situations and advise
management accordingly.
Internal auditors should raise the alarm only when the alarm needs to be raised.
This requires judgment on the significance of the errors and their frequency as
pointed out earlier. The nature of the alarm has to be proportionate to the
severity of the problems discovered. Internal auditors have to exercise
objectivity, tact and maturity in helping managers to understand the nature and
severity of their internal control problems, and in advising on appropriate
remedies.
Session Summary
The most important points we have discussed during this session are the
following: -
 There are three types of tools for evaluating internal control - ICQs,
ICEQs, and flowcharts
 After the auditor has established the strength and weakness of the
internal control he has to undertake tests of controls in order to
establish whether the controls are in use/ in practice and are working

as designed. These tests of controls are classified as substantive tests

and compliance tests. Substantive tests are mostly used by external
auditors for financial statement audits while compliance tests are
used by internal auditors in order to advise management about the
adequacy of the internal controls
 During compliance tests, internal auditors have to resolve four major
issues:
- What controls are to be checked;
- What type of compliance tests are to be carried out;
- How much compliance tests should be carried out; and,
- How to determine the impact of errors, irregularities, etc, on
the effectiveness of controls.
Since it is extremely costly to undertake 100% testing, the internal auditor can
arrive at valid conclusion using audit sampling. To use sampling, the internal
auditor should carefully design the sample, determine the sample size, select the
sampled items, test the sampled items and evaluate the result of the items tested.

Exercise 9-1
Purpose:
To understand how to evaluate internal controls and identify control
weaknesses.
Instructions:
1. Participants will be assigned in groups.
2. Ethiopian Road Authority (ERA) is responsible for road

construction and maintenance throughout the country. It
therefore, incurs a lot of expenditure on these activities.
3. Below is an outline system description of the expenditure cycle.
4. Read the outline system description and identify the following:
a) Key controls in the system;
b) Main processing procedures;
c) Any control weaknesses.
Outline System Description: Ethiopian Road Authority: Expenditure Cycle.

Any road construction/maintenance unit requiring any materials will raise an
internal demand voucher in duplicate and forward a copy of the demand
voucher to the procurement section. Any member of the workforce signs the
demand voucher. However, each construction or maintenance unit has a
supervisor who is in charge of the unit.
The procurement section, on receipt of the demand voucher, will buy and
supply the material. They do this by obtaining competitive quotations from
various suppliers and inviting tenders from such suppliers. Tender committee

authority must be obtained for purchases exceeding Birr 30,000 in value. When
tender committee authority is obtained to purchase from a certain supplier, the
procurement section will then raise an order in triplicate and send two copies of
the order to the approved supplier. The procurement section for records
purposes retains one copy of the order. The principal procurement officer signs
the order. Before the order is submitted to the supplier, details of the order are
entered in a register of commitments kept by the procurement section for
purposes of budgetary control. Details entered in the commitment register are
the order number, the name of the supplier, the estimated value of the order
and the balance available for spending after taking the order into account.
When the supplier delivers materials, the goods are sent directly to the
construction or maintenance unit accompanied by a delivery note, which does
not give any indication as to the cost of materials supplied. Anyone at the
construction/ maintenance unit can receive the materials.
Some time after the materials are supplied, the supplier will send an invoice to
the ERA's accounts department raising charges for the materials. A clerk in the
accounts department will obtain a copy of the order and match it with the
invoice. If satisfied, the clerk will raise a payment voucher in favour of the
supplier and attach the order and the supplier's invoice to the payment voucher.
The clerk will then hand over the payment voucher to a senior clerk who will
certify that the payment voucher is correct in respect of what was ordered and
supplied as well as the cost and expenditure classification. The senior clerk will
also ensure that all the Tender Committee members are present.
Once the senior clerk has certified the payment voucher, it will be handed over
to the accountant who will confirm the availability of funds on the budget and
pass the voucher for payment.

Once the voucher has been passed for payment, a clerk will enter the voucher
on a batch/ pre-list and submit the voucher to the Central Payments‟ Office
where a cheque will be written and sent to the supplier named on the payment
voucher. The Central Payments‟ Office will generate a printout, which acts as
an expenditure ledger for the ERA, will debit the expenditure code and update
both the expenditure and balance left on the budget.
Once every month the accountant reconciles the commitment register with the
expenditure printout to ensure expenditure paid went through the commitment
register and thus originated from the ERA.
Time Allotted: 45 Minutes.

SESSION X
Audit Approaches
Session Overview
In the last two Sessions we have discussed internal control system and how we
evaluate internal controls. The main purpose of ascertaining and evaluating
internal controls is to determine the audit approach to be adopted in the actual
audit. Our main discussion in this Session, therefore, is how internal auditors
determine the audit approach.
Session objective
Through lecture, discussion and exercise, participants will be able to understand
how to determine the audit approach to be adopted during the audit.
Main topics to be covered:

 The vouching audit approach;
 The system based audit approach;
 The risk based audit approach.
Introduction
The history of auditing shows a gradual change over time, as different
approaches to auditing emerged including:
 The vouching approach;
 The system based approach;
 The risk based systematic approach.
The vouching approach

The initial stage of audit was primarily based on the concept of vouching. This
approach involved the checking of entries in the accounting records with the
appropriate vouchers, i.e. the documentary evidence. It was very common for

the auditor to check in detail a substantial portion of all documentary evidences

before concluding the audit. For instance, audit programmes under the
vouching concept of audit would normally specify rigidly predetermined testing
volumes unrelated to the particular situation such as "vouch three months
purchase invoices".
Under the vouching concept of audit the apparently extensive coverage was
exceptionally shallow, being confined to one "horizontal plane" of entries all of
an identical nature. Tests at any particular stage were unrelated to any other
state. For example, auditors may vouch a vast number of day book entries
against supplier's invoices (all tests being in the same "plane", hence the term
"horizontal"), without considering the need to test these entries against
purchase orders or any other documents related "vertically".
Each transaction or event is considered on its own as unrelated phenomena and
checked for its validity. The defects of this approach are readily evident:
 It would be, in the majority of cases, extremely time-consuming as
well as being extremely costly.
 It would prove little about 'Completeness' of financial records since
the internal auditor would only be checking transactions or events
which are disclosed.
 All transactions or events, however insignificant, have an equal
opportunity of audit, which results in audit of trivial matters but
leaves significant matters un-audited.
 The events/ transactions, which are subject to audit, are treated as
unrelated phenomena, not as components of systems.
 The results of audit findings tell us how many transactions etc. were
found to be defective and the types of defect found, but tell us
nothing about the systems which were "responsible" for the errors.

 Gives no assurance that major systems are working as intended.
With the mushrooming of large groups of companies and conglomerates and the
defects of the vouching approach, it soon became obvious that auditors would
have to adopt a far more scientific approach to their work if they were to justify
the relatively small number of audit tests carried out in relation to the
enormous growth in the volume of transactions. This led to the emergence of
the Systems Based Approach to auditing.
The System Based Approach

The system based audit approach rightly incorporates the principle that the
nature and depth of audit tests should take into account the extent to which the
system of internal control in operation "audits itself".
In the system based approach, the internal auditor examines and tests the Public
Body's internal control systems to see whether they are appropriate and
effective for the Public Body to achieve its objective. The system of internal
control in force determines the nature, the extent and the timing of subsequent
audit tests to be executed.
Generally, in a system based approach a much smaller number of audit tests are
required to be carried out in relation to the enormous volume of transactions
and in contrast to the extensive coverage under the traditional vouching
approach to audit. The justification for the relatively smaller number of audit
tests lies in the auditor placing reliance on the control in the "system".

Procedures of the system based approach

The system base approach is a procedure whereby the internal auditors identify,
ascertain, record and confirm the system of Public Body‟s operations and
establish the objective of the control designed in the system and evaluate the
appropriateness and effectiveness of the control in achieving the objective of the
system.
A system is defined by the Institute of Internal Auditors as "an arrangement, set

or collection of concepts, parts, activities and/or people that are connected or
inter-related to achieve objectives and goals". A Public Body has systems for
managing personnel, recording and reporting financial data, acquiring inputs
from suppliers, etc. Each system is made up of a number of smaller components
(procedures, steps, checks, reviews, reports, decisions, etc.). Clearly, a system is
as good as its components, and will not achieve its objectives unless the
components are properly linked and controlled.
The systems components

Systems vary in nature and purpose (systems for procurement, inventory,
recruitment, accounting, etc.). Systems are designed and their operations
monitored in order to enable the organization to meet its objectives. Resources
(inputs) are processed to provide results (outputs) in accordance with
predetermined purposes (objectives). Systems can be thought of as having five
basic components:

Objectives
Inputs
Processes
Outputs
Objectives
Objectives are statements of what is to be achieved. Each system within the
Public Body has its own objectives:
a) Procurement systems are to procure items of adequate quality at
lowest cost.
b) Financial reporting systems are to inform decision makers of essential

facts about the financial performance and status of the entity.
c) Stores systems are to control their receipts and issuances, to make

them available in relation to need and to protect the items held.
Different systems should be coherent and mutually supportive (e.g. payroll and
accounting). However, where objectives are contradictory this may not be
possible (e.g. cost reduction may not be compatible with achieving maximum
impact). Heads of Public Bodies may need to think more about systems and
their objectives, as simply complying with regulations is only part of their job.
Inputs
Inputs are the resources used by the system (e.g. salaries are paid to secure the
services of staff). Inputs may include staff time, materials, services, supplies,
information and so on.

Processes
Processing is the conversion of inputs to produce outputs. Public Bodies have
numerous processes (e.g. authorization actions, purchasing supplies, issuing
inventory, controlling the quality of work, etc.).
Outputs
Outputs are the products, effects and achievements of a system which result
from the processing of inputs. Some outputs are intermediate (e.g. invoices
paid, staff recruited, suppliers evaluated, stores items issued). Others are final
(e.g. services rendered to clients). Outputs are affected by quality factors such
as their timeliness, suitability and usefulness and the degree to which they are
adapted to the needs of clients.
Controls
Controls are actions taken or procedures established by management to ensure
that outputs meet the objectives of the entity. Examples include authorizations,
inspections, physical checks, documentary checks, reviews of performance, and
reviews of the quality of the services supplied.
Understanding the systems

Internal Auditors must fully understand the systems that they audit. They gain
the necessary understanding in four ways:
 By ascertaining the system. This is the step where the Internal
Auditor researches the system by examining various reference
materials;
 By recording the system that they have ascertained. This involves

using suitable techniques, both written and diagrammatic, to assist
the Internal Auditors to understand the system as a whole and the
elements within it;
 By confirming that the understanding of the Internal Auditor is

correct; and,
 By establishing the objectives of each of the system's internal

controls.
Each of these aspects will be examined in this Section.
Ascertaining the system

The main components of systems have already been outlined. To ascertain
systems, the internal auditor has a large range of sources (e.g. staff directive,
organization chart, financial regulation, budget document, etc.). In practice, the
internal auditor should refer to all relevant and reliable sources as possible. The
following approach is recommended:
 Identify and agree the objectives of the system with managers.
 Obtain as much relevant and reliable written information

regarding the system as is possible
 Carry out interviews with relevant managers and staff

members to confirm understanding.
The objective of systems should be consistent with the aims and objectives of
the Public Body as a whole. In most cases, the internal auditor may have to
identify the system objective from scratch because of absence of written
instructions. Here are some commonly found systems with a description of
their objectives:
 Procurement system – procuring the right quality and quantity of items at the
right time, and reasonable cost, form the most appropriate source.
 Financial reporting system – to effectively produce financial statements

required by the Ministry of Finance and Economic Development (MoFED) on
behalf of the Government and donors on time and with no material errors.

Interviewing managers and staff members helps the internal auditor to

understand how the systems work in practice. Interviews can be undertaken
formally or informally. However they are undertaken they should be:
 Planned in advance;
 Conducted professionally; and,
 The findings summarized and agreed with the interviewee.
Conclusions made on the basis of interviews may sometimes be unreliable

unless crosschecked against other information (such as the outcome of other
interviews).
Recording the system

The internal auditor should record the system and how it works. There are two
principal ways of recording the system:
 Written narrative notes of the system and its components.
 A diagrammatic flowchart of the system.
The Internal Auditor should have full understanding but should be wary of the
danger of drawing flowcharts, which are not needed. The auditor's written
narrative should cover the system and its components. The notes can form the
basis for a flowchart. The notes should be clearly structured so that others can
understand them.
Flowcharting is the accepted method of recording systems and internal controls.

When the internal auditor prepares flowcharts, they should be based on
narrative notes. Well-written flowcharts are designed to leave no doubts as to
the nature of the system recorded. The main advantages of using flowcharts
are:
 The system is presented in a logical sequence, rather than in
discrete and unrelated elements;

 The interrelationships within the system becomes clear;
 The flowchart enables the system to be understood quickly;
 The flowchart serves as a permanent record and can be easily

verified or updated as necessary.
Confirming the system

At this stage, the systems will probably have been recorded on the basis of a
verbal description provided by management. However, the tendency is to
describe the systems, as they should operate, rather than how they actually
operate in practice. It is only human nature to cut corners, but often this
weakens the controls, which have been built into systems.
To overcome this, it is necessary, having recorded the system, to select sample

of transactions and to conduct a "walk through test". A walk-through test
involves tracing one or more transactions through the accounting system and
observing the application of relevant aspects of the internal control system. In
this way any departures can be identified and recorded. Thus, an accurate
picture can be obtained of how the systems work in practice.
Establishing the control objectives of the system

The internal auditor should establish the objectives of the systems recorded to
ensure that the control objectives are appropriate. Control objectives should be
specific so that it is possible to evaluate whether or not they are being achieved.
Consequently, generalizations such as "to ensure that support services are
adequate" should be kept to a minimum. Control objectives should reveal the
purpose of the control, not the means used to carry it out or the control itself.
Internal controls and their evaluations are discussed more fully in the next two
sections.

Evaluate the controls

Methods of evaluating internal control systems by questionnaire and flowcharts
have obvious limitations. The former does not discriminate between different
controls in terms of importance; neither do they specify objectives for the
system as a whole. A flowchart depicts a system but is neutral as regards its
evaluation. The internal auditor can form an opinion by looking at a flowchart
but it will not be a structured assessment and will vary according to the
experience of the internal auditor. The outcome of this stage is to find out
whether internal check and other control factors exist. It is also important to
identify any weakness in controls due to absence of internal check and other
control factors. At the same time, it may be possible to locate inefficient or
unnecessary procedures. Evaluations of Internal Controls are discussed in
Session IX in detail.
Conclusion and report

Based on the result of the evaluation of internal control system the internal
auditor can reach conclusions whether the current system is efficient and
effective in achieving the Public Body's stated objectives. Furthermore, the
internal auditor should give recommendations on those internal control systems
areas where weaknesses are observed and improvement is needed.
Finally, the internal auditor is required to report the weaknesses in the internal
control, the conclusions reached and recommendations made for improvements.
Weakness of the system based audit approach

It is axiomatic that controls in any organization should be commensurate with
its risks because, excessive controls result in unnecessary costs whereas
inadequate controls lead to unacceptable exposures. Excessive controls would

lead to high costs, which may not be commensurate with the advantage
accruing to the Organization, namely, the prevention of possible loss arising
from the operation of the relevant control.
The evaluation of internal controls is a complex task calling for great skill. Each
Organization will have different internal control requirements and any given
control level may be achieved in a variety of ways. There appears to be no
definite standard against which to judge what appropriate and effective internal
control is.
It is important to recognize that management may circumvent or override

internal controls. It is critically important to recognize that illegal and
improper activities can and will occur regardless of the strength of internal
controls, because no system has yet been devised that can withstand collusive
behavior or circumvention by management.
There are inherent limitations on the effectiveness of any system of internal

control. No system of internal control, however elaborate, can by itself
guarantee efficient administration and completeness and accuracy of the
records; nor can it be proof against fraudulent collusion, especially on the part
of those holding positions of authority or trust. In particular, internal controls
that depend on segregation of duties can be avoided by collusion. The internal
controls that depend on authorization can be abused by the person in whom the
authority is vested.
Critics of the system based audit approach have pointed out that is cold and
clinical and ignores what is generally referred to as "management style". That
the application of this approach is common to all types of management; it does
not recognize the underlying philosophy and motivation of the management.

In recent years, a further evolution has taken place. The great wave of litigation
charges against external auditors coupled with soaring audit costs have led
individual audit firms to develop systems of quality control and also research
into new methods of auditing. Recognition of the need to improve the
excellence of audit together with emphasis on reduction in unproductive time
spent on audit has led to the emergency of risk based auditing.
Risk based systematic approach

The risk based systematic approach to auditing is the most effective of all the
other approaches. It requires the internal auditor to assess the relative
vulnerabilities of the systems and identify those systems, which are more risky
than the others and should, therefore, be audited sooner and more often. This
approach includes identification of the system (which is covered under System
Based Approach above), identification of relevant risk factors, and assessment of
their relative significance.
Risk
Risk refers to the possibility of a system having so poor internal control that the
Public Body does not achieve its objectives effectively and efficiently. The
effect of risk can involve:
 Failure to adhere to Public Body's policies, plans, and procedures, or
not complying with Government's laws and regulations;
 An erroneous decision from using incorrect, untimely, incomplete, or

otherwise misleading information;
 Acquiring resources uneconomically or using them inefficiently or

ineffectively;
 Failure to adequately safeguard assets of the Public Body;

 Failure to accomplish established objectives and goals for operations or

programs.
Risk factors
Risk factors are the criteria used to identify the relative significance of, and the
likelihood that, conditions and/or events may occur that could adversely affect
the Public Body. The risk factors utilized should be sufficient to provide a
comprehensive risk assessment.
Risk factors may include:

 Adequacy and effectiveness of the system of internal control.
 Competence, adequacy, and integrity of personnel.
 Asset size, liquidity, or transaction volume.
 Complexity or volatility of activities.
 Geographical dispersion of operations.
 Organizational, operational, or economic changes.
 Acceptance of audit findings and corrective action taken.
The Head of Internal Audit may decide to weigh the risk factors to determine
their relative significance. The weighing of risk factors reflects the Head's
judgment of the relative impact that it may have on selecting a system for an
audit. This section is not intended to prescribe a rigid process that specifies how
risk assessment must be conducted. However, steps of risk assessment and
example of calculation of the Risk Index are provided in Annex I in the Internal
Audit Manual.

Risk assessment
Risk assessment is a systematic process for assessing and integrating professional
judgments of the probable adverse conditions and/or events. Risk assessment
process is crucial to the development of effective audit work schedule. In
developing an audit work schedule, the Head of Internal Audit should allocate
the resources of the internal audit department in a manner that gives
appropriate consideration to the various risks confronting the Public Body. The
Head should generally assign higher audit priorities to systems with higher
risks.
The Head of Internal Audit can obtain information from a variety of sources for
the risk assessment process. Such sources include:
 Discussion with the management of the Public Body;
 Discussion with external auditors;
 Consideration of applicable Government laws and regulations;
 Review of prior audits.
Audit priorities determined through the risk assessment process may be

reviewed and updated continuously. There should be a periodic assessment of
the effect of any major changes of the system or related risk factor, which have
occurred since the audit work schedule was prepared.
To summarize, internal auditors using the risk based systematic approach

should: -
 Identify and record the objectives of the system, risks and controls;
 Establish the congruence of the objectives with higher level

corporate objectives;

 Evaluate management's risk analysis, taking account of their

acceptance of specific risks;
 Evaluate the controls to decide whether or not they are appropriate

and can be reasonably relied upon to achieve their objectives;
 Systematically assess the probable exposure of the Public Body by

taking into account the risk factor;
 Identify instances of over control;
 Determine an appropriate strategy to test the effectiveness of risk

management and controls;
 Arrive at conclusions and report, making recommendations as

necessary and providing an opinion on the effectiveness of risk
management and control in the audited area.
Advantages of the risk based systematic approach include:

 The systematic assessment of risk of the public body enables the
internal auditor to have a profound knowledge of the Public Body;
 The approach focuses the audit on the high risk areas which are
material to the Public Body;
 The approach tends to make the Head of the internal audit and senior
internal auditors much more involved in the planning stage of an audit
assignment.
To summarize, the development of auditing can be traced from the traditional

Vouching Approach to the System Based Approach and then to the Risk Based
Approach each of which is not at the exclusion of the other. The System Based
Approach contains the concept of vouching, but in digestible portion, just as the
Risk Based Approach contains one of the inputs of the System Based Approach,
the evaluation of the internal control system.

How to conduct risk based auditing – Example

Risk based auditing is very modern audit approach which is not yet well
developed. Although what the internal auditors are expected to apply is system-
based audit, the following practical example is given to enhance their
appreciation of the approach and their understanding of risk.
The stages
Risk based auditing involves two major steps:

1. Find out what the risks are.
2. Carry out work in order to assure the management that these risks are
being mitigated to an acceptable level. This stage has three parts:
i) Split the work necessary into audit assignments,
ii) Decide what audits are necessary to provide the required
assurance – an audit plan.
iii) Carry out the audits.
Identification of significant risks

Risk identification can be made through three ways:
1. Interview - the senior management members of the public body as to
what they think the significant risks are,
2. Risk workshop - conducting a meeting of the management members and
other important staff members of the public body who are expected to
have knowledge of the risks. It is a brain storming session where in a list
of risks can be identified.
3. Accounts, previous reports and minutes of management meeting – review
of the accounts of the public body, the external and internal auditors
reports and minutes of meetings can help identify a number of risks.

Example one - Disaster Prevention and Preparedness Commission

The objectives of Disaster Prevention and Preparedness Commission (DPPC)
are:
 Prevent disasters by way of removing the basic causes thereof (i.e.

Prevention),
 Build, in advance, the capacity necessary to alleviate the extent of
damages that could be caused by disasters (i.e. Preparedness),
 Ensure the timely arrival of necessary assistance to victims of
disasters (i.e. Response).
The objective of the internal auditor of DPPC under risk based audit will be to
help the management achieve the above objectives by identifying the risks that
may hider the achievement and by making sure that there are adequate internal
controls necessary to mitigate the risks.
Let us take the third objective of DPPC and see how we can conduct the detail
audit. The third objective is to ensue that necessary assistances arrive to the
victims of disasters in time. This could mean many things:
 Identifying where and when assistance is needed, what type of assistance
and in what quantity it is needed,
 Securing the assistances from donors or through purchase,
 Delivering the assistance to the location of the victims.
Assuming that the first two issues are covered, let us deal with the third issue.
Let us simplify that delivery of assistance means importing food from the USA
through Djibouti to, say southern region of the country. DPPC has to do this to
effectively so that the assistance could reach the victims in time and no loss of
life would occur. The risks that may hamper DPPC from achieving this
objective could be:

1. Ships may not be obtained in time to carry the food from USA ports,
2. DPPC has insufficient number of trucks to deliver the food from port to the
assistance place,
3. The trucks may broke down when the transportation starts,
4. Truck drivers may leave jobs,
5. The road to the place of assistance may not be good, and
6. Adequate information is not there as to where food is required most
urgently.
The internal controls necessary to ensure that the above problems would not be
faced are:
1. Determine shipping lines, which carry goods from USA ports to the
East Africa ports or to Djibouti,
2. Buy additional trucks or identify transport operators who have
capacity to transport food quickly,
3. Ensure that all the trucks are maintained in time and they can be
used when ever they are needed,
4. Make sure that drivers are satisfied in their jobs and the many of
them would not leave the job at a time.
5. Make sure that all roads are maintained after the rainy season ends.
6. Make sure that regular reports are received from Kebeles, through
Woredas, Zones and Regions.
The above-indicated risks can be prioritised. The auditor can discuss with the
management and other concerned staff members, refer to various documents to
prioritise the risks. The auditor can also use his knowledge. Once the risks are
prioritised; an audit topic can be identified and can be carried out. For example
the auditor can establish that the significant risk in the case of DPPC is to obtain
adequate information as to where food is required most urgently.

The internal control that should be in place to mitigate this risk is already
identified. The information on the number of needy must come regularly from
the Kebeles. The Kebele should report to the Woreda, the Woreda should report
to the Zone, the Zone should report to the Region and the Region should report
to the DPPC. A responsible person in the DPPC has to compile the data and
present timely information to the management.
The auditor has to ensure the adequacy of this control. If there is a need for
additional controls to be introduced or if there are unnecessary controls to be
avoided, the auditor has to identify and report to the management for action. In
the above example, the information flow from Kebele to Woreda to Zone to
Region and to DPPC might appear lengthy. If there is a way to send report
direct from Kebele to DPPC, the process would be much faster. If this is a viable
solution the auditor should suggest that in his report.
Example two – Ministry of Revenue

Objective:
“The objective of the Ministry shall be to facilitate conditions for the systematic,
efficient and timely collection of Government revenue and to direct their collection.”
As we know, the Ministry of Revenue has three organizations under it each of

which deal with different types of revenue. These are the Federal Inland
Revenue Administration, the Ethiopian Customs Authority and the National
Lottery Administration. If we take the Federal Inland Revenue Administration
(FIRA), we can learn that this organ is responsible for the collection of tax from
different sources. It collects Profit tax, VAT from Companies and other taxes
such as revenue stamp. Let us take the profit tax collection aspect and see it in
terms of the objective of the Ministry of Revenue.

Facilitating conditions for the systematic, efficient and timely collection of

Government revenue is the main objective of the Ministry. One of the revenues
to be collected is profit tax of the Companies. Let us start identifying the
significant risks that may hinder the Ministry to systematically, efficiently and
timely collect the profit tax.
The significant risks could be:
1. The master list of the tax payers may not be found up to date with the
necessary details like the address of the tax payers, the nature of the
business, etc,
2. The tax payers may not be willing to correctly declare their profit and
pay the tax on it,
3. The system of profit tax collection does not take into account the cash
flow position of the taxpayer.
4. FIRA has no adequate & capable staff to assess the tax,
The internal controls necessary to ensure that the above significant risks are
under control are:
1. The master list of tax payer is regularly updated,
2. Tax payers are persuaded to pay the correct tax,
3. Taxpayers are consulted as to when they prefer to pay tax,
4. Continues staff employment and training is in place.
The next step is to prioritise the risks based on information collected from
management, other concerned staff and from reviewing documents. In our
example, let as say that the risk that should be dealt with is the risk that
taxpayers may not be willing to correctly declare their profit and pay the tax on
it. If the internal auditor decides to choose this as his audit topic, the following
can be done:

Break the internal control necessary into more detailed internal controls. The
objective of the internal control associated with this risk is to persuade
taxpayers to declare the correct profit and pay tax on it. How can this be
achieved? This can be through:
1. Teaching the tax payers about the benefits and obligations of paying taxes,
2. Reducing the tax rates,
3. The Government indicating its accountability to the tax payers, by investing
the tax payers money into visible projects,
4. Improving the service giving procedures.
The internal auditor can now collect evidence that the above controls are in
place and are effective. The auditor can use various methods of evidence
collection including those already described. The auditor can take a sample of
taxpayers and gather their opinion about say the tax rate and the service
provision.
As in all audits, the final step is to draft reports, discuss with the concerned
officers and finally present to the management for action.
Session summary
There are three approaches to auditing:
1. The Vouching Approach;
2. The Systems Based Approach;
3. The Risk Based Approach.
The first is based on the concept of vouching in which entries in the accounting
records are checked against appropriate vouchers such as purchase orders, goods
received notes, purchase invoices, etc. This approach is time consuming, as it is
transaction oriented and has no relation with the system.

The Systems Based Approach, on the other hand, involves seeking reasonable
assurance as to the accuracy and completeness of the accounts by the system of
internal control and when justified placing reliance on the system and carrying
out appropriate level of substantive testing
Risk Based Auditing refers to the development of auditing techniques
responsive to risk factors in an audit. The auditors apply judgment to determine
what level of risk pertains to different system in the audit area and devise
appropriate audit test. This approach should ensure that the greatest audit to be
directed to the riskiest areas; so that the chance of detecting errors and
irregularities is improved and time is not spent unnecessarily on testing "safe"
areas.

Exercise 10-1
Audit Approaches
Instructions to the participants
Purpose:
To understand the difference between the various audit approaches and explain
the advantages and disadvantages of each approach.
Instructions
i. Perform the exercise individually;
ii. Read the information below;
iii. Complete the required task;
iv. Hand in your answer sheet for evaluation;
v. Suggested solution will be handed and discussed.
You have been assigned as a team leader to undertake the audit of the Central
Statistical Office‟s accounts for the year ending Sene 30, 1996 (Eth. Cal). The
team has to decide the audit approach to be adopted during the audit. You have
to convince the team members which approach among the Vouching, the
Systems Based and the Risk Based is appropriate in the circumstances.
Required
Describe in detail the points you should raise to convince the team members in
the selection of the audit approach.
Allotted time: 30 Minutes.

SESSION XI
PLANNING AND CONTROLLING INTERNAL AUDIT
Session Overview
The audit process is composed of three phases:
- the Planning phase;
- the Audit Execution or the Performance phase; and,
- the Reporting and Follow up phase.
In this Session we shall concentrate on the Planning phase.
The International Standards for the Professional Practice of Internal Auditing

under paragraph 2200 requires that the Chief Audit Executive should establish
risk based plans to determine the priorities of the internal audit activity,
consistent with the organization‟s goals. This means that the Head of the Public
Body should prepare strategic and operational plans based on risk assessment of
the Public Body under audit.
In addition, under the same paragraph internal auditors should develop and
record a plan for each engagement, including the scope, objective, timing and
recording allocation, which means that individual audit assignment should be
thoroughly planned before the execution of the audit engagement.
Moreover, individual auditors should be properly controlled. Under paragraph

2340 engagements should be properly supervised to ensure objectives are
achieved, quality is assured, and staff is developed.
Therefore, the objective of this Session is to help participants understand how to

prepare strategic audit schedules and how to plan and control individual audit
engagements.

Session Objective
Through lecture, discussion and exercises participants will understand how to
prepare strategic and operational audit schedules and how to plan and control
individual audit engagements.
Main topics covered:

i. Strategic plans;
ii. Annual plans;
iii. Planning audit assignments;
iv. Supervision of Audit assignments;
v. Quality Reviews of Audit Assignments.
PLANNING
Introduction
Planning is an essential element in the audit process. This section deals with
the aspects of planning, the level of plans involved, their preparation and
characteristics in general. The responsibility of planning the audit lies with the
Head of the Internal Audit department. Audits require adequate planning for a
variety of reasons.
The major ones include:

 It helps to define the objectives and scope of the audit.
 It provides a basis for allocating adequate resources in terms of human
and other resources.
 It provides a base line for assessing, monitoring and controlling the
progress of each audit.
 It enables the audit to be carried out more efficiently and effectively.

Planning is not simply a process of scheduling a set of mechanistic audit

operations. It involves in general establishing objectives, understanding
systems, prioritizing the audit works including extent of work (deciding on
auditable activity or area based on risk assessment), determining resource
allocation and other issues. The Internal Audit Standard of Government of
Ethiopia deals with, in detail, the planning aspects of the internal audit. It
requires the preparation of:
 Strategic plan – usually the 5-year plan.
 Periodic plan - the annual plan.
 Planning of individual audit assignments.
Strategic plan
The first level of planning is the preparation of the strategic plan, the duration
of which is set to be 5 years. The necessary criteria for the preparation of a
strategic plan differ from one audit approach to the other. It, therefore, appears
useful to mention the basic criteria for the preparation of strategic plan at
different approaches for internal auditors in order that they can apply them in
line with their stages of development. It follows that in the Vouching
(traditional) Audit Approach, the internal auditor intends to check all
documentary evidences of an entity as far as possible. In the Systems Based
Audit Approach, the intention was changed to evaluation of the internal control
of all systems of the entity. In the emergence of the Risk Based Systematic
Audit Approach, the internal auditor commences to prepare a strategic plan in
which the risk materiality of the systems is ranked and the scheduling together
with the resources required is determined.

In the Vouching (traditional audit approach), the internal auditor checks in

detail a substantial proportion of all documentary evidences before reaching his
conclusion. When it becomes impossible to check all documentary evidences
due to the volume of transactions, the internal auditor designs audit
programmes which normally specify rigidly predetermined testing volumes
unrelated to the particular situation such as “vouch three months of purchase
invoices.”
In the Systems Based Audit Approach, the internal auditor evaluates the
internal control systems of an entity by giving equal weight to all systems. In
this approach, a much smaller number of tests are required to be carried out in
contrast to the extensive coverage under the traditional Vouching Audit
Approach. The level of testing under this approach would be primarily guided
by two determining factors which are the frequency with which a control is
performed and the type of test. The more frequently the control is performed
the more it will need to be tested. Testing which requires re-performance
would necessitate substantially lower level of tests than testing which requires
examination of evidence.
The important characteristic of the strategic plan prepared under the Risk Based
Systematic Approach is that it should be made on the basis of risk and
materiality assessment with a view to systematically prioritize audit work. The
strategic plan prepared under all approaches has the following characteristics:
 It should be developed to meet the needs of the Public Body i.e. it
should be value adding;
 It should be flexible for subsequent improvements and reviews;
 It should establish long term resource and skill requirement and
allocation issues;

 It should describe major audit assignments and overall audit

techniques selected;
 It should provide basis for other levels of planning.
Preparation of strategic plans

Internal auditors should approach the preparation of strategic plan as follows:
 Identifying and understanding of the systems of the Public Body, its
operations and environments in general; and auditable activities;
 Assessing the risks and materiality issues involved in those systems
using risk factors and ranking of those systems based on the
assessment. This will enable the auditor to prioritize between
systems and identify vulnerable /riskier/ systems with the objective
of auditing them sooner and more often;
 Once the risk materiality is assessed and ranked, the next step is
determining the audit of the auditable activities and their frequency,
timing, type and nature of audits and audit techniques to be followed,
and other issues;
 Determining the long-term resources needed to achieve the strategic
plan with regard to adequacy of staffing both in quantity and quality.
Long term knowledge upgrading such as training should be addressed
to increase the quality of staff. Consideration of the use of experts of
both internal and external sources, where required, should be
planned as well.
Periodic plan - Annual plan

The strategic plan is then used as a basis to prepare periodic work plans. The
annual plan is prepared by the Head of the Internal Audit in consultation with
the audit staff by breaking down the strategic plan into audit periods i.e. usually
a year and is put forward to management of the Public Body for approval. The

Performances Internal Audit Standard of Government of Ethiopia deals with the

development of periodic audit plans. The objective of this plan is to implement
the strategy by detailing it further within the period (a year). It also puts
emphasis on resource allocation. In translating the 5-year plan into the annual
plans, care should be taken as to whether the assumptions and judgments that
underpin the 5-year plan are still valid. The following points thus have to be
considered in this regard:
 Risk assessment and prioritization is still valid (for risk based

systematic approach);
 Changes in the activities and system of the Public Body;
 Changes in the resources availability;
 Any audit works brought forward (not carried out) in previous year;
 Emerging audit needs like newly established activities and systems,
areas seen by management requiring attention, activities where there
have been allegations of wrongdoing or inefficiency, etc.
Therefore, the annual plan should be kept under review to identify and reflect
changing priorities, resource allocations, timing issues and other emerging audit
needs. The annual plan should sufficiently set out the details of the assignments
so that management understands the purpose and scope of the assignments. The
plan should establish resource and skill requirements and set relative priorities
for each assignment. It thus matches available resources and the audit
assignments.

Preparation of annual plans

The following steps are taken to prepare the annual audit plan:
 Taking into account of the re-appraisal of risk assessment and
prioritization, select appropriate audit assignments and respective audit
techniques for the period under review (one year);
 Assess the total time required for each audit assignment and the total
time available in the period;
 Schedule the audit assignments into weeks considering reporting
requirements. The format could be in charts (gant chart), or notes;
 Determining communication of audit results - reporting requirements:
This involves identification of users, the manner of reporting and the
frequency and timing of reporting;
 Review staff and other resources allocations over the period of audit
assignments taking into account:
- The quantity and experience level of staff;

- The nature and complexity of the audit assignment;
- The time constraints;
- The knowledge, skill and discipline of the staff;
- Other issues such as consideration of use of external resource in
instances where additional knowledge, skill and disciplines are
needed, training study time, leave period and other
commitments, etc.
After considering the above and other issues that could influence audit
assignments, the periodic/annual/ audit plan is prepared and forwarded to
management or Audit Committee for approval. This process allows the
management or the Audit Committee to review the plan to place emphasis upon
areas that may be of particular interest. The next step in the planning process is

the planning of each individual audit assignment based on the approved annual
audit plan.
Planning Audit Assignments

For every audit assignment a detailed plan of work should be prepared. The
plan should establish detailed objectives of the assignment, resources
requirement, outputs, target dates and other issues. The plans have to be
discussed with Head of the Public Body or Audit Committee and agreed upon.
This enables to take into account any concerns of the Head of Public Body and
Audit Committee over policies, procedures and operations in the relevant audit
area.
On the basis of the strategic plan and especially the annual plan the detailed
plan is prepared. It includes:
 The scope, objectives, extent and priority of audit work depending on

risk assessments;
 The schedule and timing (starting and finishing dates) and reporting
issues as well (when, how, to whom);
 Detailed staff and resource allocation for each aspect of the audit
assignment: This includes the number, experience level, knowledge and
skill level of staff;
 The need for expertise from external /internal sources;
 Narration of special aspect of audit to be carried out (as needed);
 Documents that ascertain that an understanding is reached concerning
the operations/activities to be audited;
 An audit program;
 Documents of review of plans by management;
 Other issues as relevant.

Preparation of Audit Assignment Plans

Obtaining background information about the activities to be audited.
A review of background information should be performed to determine the

impact on the audit. Such items include:
 Mission statements, goals, and plans.
 Organizational information, e.g. number and names of employees, key
employees, job descriptions, policy and procedure manuals, and details
about recent changes in the organization, including major system
changes.
 Budget information, operating results, and financial data of the activity
to be audited.
 Prior audit working papers.
 Results of other audits, including the work of external auditors,
completed or in process.
 Correspondence files to determine potential significant audit issues.
 Authoritative and technical literature appropriate to the activity.
Other requirements of the audit, such as the audit period covered and estimated
completion dates, should be determined. The final audit report format should
be considered, since proper planning at this stage facilitates writing the final
audit report.
Establishing audit objectives and scope of work

 Audit objectives are broad statements developed by internal auditors and
define intended audit accomplishments. Audit procedures are the means
to attain audit objectives. Audit objectives and procedures, taken
together, define the scope of the internal auditor‟s work.

 Audit objectives and procedures should address the risks associated with
the system under audit. The Risk Based Systematic Approach to internal
audit is discussed in Module IV Session X.
Writing the audit program

To achieve audit objectives of each assignment, it is essential to develop an audit
program. It is the link between the survey and the actual audit work. Audit
program serves as a guide for the actual audit and provides a means of
monitoring and controlling the progress and completion of the audit. It also
helps as a basis for assigning each aspect of the audit assignment. In addition, it
provides a record of the work done.
Audit programs should:

- Document the internal auditor‟s procedures for collecting, analyzing,
interpreting, and documenting information during the audit.
- State the objectives of the audit.
- Set forth the scope and degree of testing required in achieving the audit
objectives in each phase of the audit.
- State the nature and extent of testing required.
- Be prepared prior to the commencement of audit work and modified, as
appropriate, during the course of the audit.
Communicating with all who need to know about the audit

The Head of Internal Audit is responsible for determining how, when, and to
whom audit results will be communicated. This determination should be
documented and communicated to management, to the extent deemed practical,
during the planning phase of the audit. Subsequent changes, which affect the
timing or reporting of audit results, should also be communicated to
management, if appropriate.

An Entry Conference should be held with management or Audit Committee

responsible for the activity being examined. Topics of discussion may include:
 Planned audit objectives and scope of work.

 The timing of audit work.
 Internal auditors assigned to the audit.
 The process of communicating throughout the audit, including the
methods, time frames, and individuals who will be responsible.
 Business conditions and operations of the activity being audited,
including recent changes in management or major systems.
 Concerns or any requests of management.
 Matters of particular interest or concern to the internal auditor.
 Description of the internal auditing department‟s reporting procedures
and follow up process.
A summary of matters discussed at meetings and any conclusions reached

should be prepared, distributed to individuals, as appropriate, and retained in
the audit working papers.
Obtaining approval of the audit work plan

 Audit work plans should be approved in writing by the management or
Audit Committee of internal audit prior to the commencement of audit
work.
 Adjustments to audit work plans should be approved in a timely manner.
Initially, approval may be obtained orally, if factors preclude obtaining
written approval prior to commencing audit work.

Controlling Audit Assignments

Any internal audit has objectives, and to ensure that its objectives are achieved,
the work should be controlled at each level of the audit to ensure that a
continuously effective level of performance that complies with standards is
being maintained. This is the scope of quality assurance dealt with in
Performance Standard No. 1300 of the Internal Audit Standard of Government
of Ethiopia. It involves the management of audit assignment in aspects of
supervision and review to assure the quality of the work.
Supervision of Audit Assignment

The overall management supervision of audit assignments should be
continuously carried out to monitor progress and assess quality of work and
coach staff. Supervision should include:
 Ensuring compliance with internal auditing standards, the Public Body‟s
policies and audit plans and programs.
 Reviewing the allocation of work tasks based on the experience, training
and proficiency of staff. It extends to providing training and skills
upgrading courses.
 Ensuring adequate planning and providing suitable instructions and
briefings to audit staff at the outset of an audit.
 Approving audit objectives and work plans.
 Ensuring that audits are conducted as planned or that variations are
approved.
 Ensuring that appropriate audit techniques are used.
 Ensuring that full and adequate working papers are maintained that
properly document the work carried out and the conclusions arrived at

along with recommendations which are adequately supported by

relevant evidences.
 Maintaining a system of review along with quality control procedures
whereby a senior member reviews the work of each member of the
assigned audit staff.
 Using audit completion check lists to ensure that important issues are not
overlooked.
 Maintaining employee performance evaluations based on predetermined
performance measures and criteria.
Quality Reviews of Audit Assignment

Another aspect of quality assurance is review. Quality reviews should be
performed by both internal and external parties to appraise the quality of the
audit assignments that are carried out as well as ongoing assignments, so as to
take corrective measures on time, and to appraise the efficiency and
effectiveness of the staff engaged in the audit assignment and to provide
guidance for future audit assignments.
Internal Quality Review

An experienced member of the internal audit function should undertake this
type of review. The review should indicate the degree of compliances with
Internal Audit Standards, policies, plans and guidelines. In addition, it should
show the effectiveness and efficiency of the audit assignment and the audit staff.
It should also provide for recommendations for improvements.
Internal Reviews should appraise:

 The quality of audit works from planning to conclusion of the audit.
 The quality of supervision.

 Compliance with standards, policies and plans, procedure manuals

and guidelines.
 The achievement of performance standards/indicators.
The reviews could be undertaken at three stages of the audit process:

 At the planning stage – to ensure that the audit assignment is
adequately planned with satisfactory quality.
 During the audit (interim review) – to ensure that the audit is
progressing in a manner of satisfactory quality, to identify where
changes are required and review other issues like manpower
allocation, etc.
 At the completion stage – to ensure that the audit has been
satisfactorily performed in all aspects.
These reviews should be documented and kept in working papers. See attached
review sheets under annex VI - VIII in the Internal Audit Manual.
External Quality Review

This review is undertaken by persons who are independent of the Public Body.
The review is carried out to assess the performance of Internal Audit
Departments. As it is stated in the Internal Audit Standard of Public Bodies of
Government of Ethiopia such reviews should be conducted within a reasonable
period of time depending on various issues.
External quality review should appraise:

 The terms of reference of the internal audit function.
 The independence and objectivity of internal audit.
 The efficiency and effectiveness of the approach in formulating the
audit strategy and plans.

 The quality of audit work by selecting sample audit assignments. The

review here includes all aspects of the audit process i.e., from
planning to conclusion.
 Compliance with Internal Auditing Standards, policies, plans and
procedure manuals.
 Achievement of performance standards/indicators.
Session Summary
The Head of the Internal Audit of the Public Body should prepare a strategic
audit plan covering a period of five years. Priority areas should be determined
based on identification of relevant risk factors and risk assessment of the relative
importance of the risk factors in terms of high, medium and low risk areas.
Once the long range strategic plan is prepared, operational annual audit plan
can be easily prepared out of the strategic plan taking into consideration current
situations including changes which need to be reflected in the plan.
Each audit assignment or engagement should be thoroughly planned including:
 Establishing the objectives and scope of the audit;

 Obtaining background information;
 Determining the resources necessary the perform the audit;
 Communicating with the auditees performing a preliminary survey;
 Writing the audit program;
 Communication of audit results;
 Obtain approval of the audit plan.
In order to control audit assignments, individual audits should be supervised at

each level of the audit in order to ensure quality and professional level of
performance.

The quality of the audit can also be ensured through quality assurance programs
such as internal reviews and external reviews. Internal reviews can be
undertaken by competent senior auditors in terms of verifying the degree of
compliance with internal audit standards. Similarly external review by outside
independent bodies such as external auditors can help identify weaknesses of
the internal audit department and suggestion for improvement.

Exercise 11-1
Instruction to participants
Purpose – to explain method of preparing a strategic audit schedule.
Instructions
1. Perform this exercise in group.

2. Read the information below.
3. Complete the required task.
4. Choose a spokesperson to present the result of the group in plenary.
You have been assigned as the Chief Internal Auditor of the Ministry of Mines in
Ginbot, 1997 (Eth. cal). One of your main tasks is to prepare a strategic audit plan
covering the next five years.
Required
Explain by way of raising important points how you are going to prepare the
strategic audit plan for the Ministry.
Time allowed: 30 minutes

Exercise 11-2
Instruction to Participants
Purpose – to explain how individual audit plans are prepared.
Instructions
1. Perform this exercise in groups.
2. Read the information below.
5. Suggested solutions will be handed out and discussed.
You have been assigned as a team leader to audit purchasing and stores. As a
team leader you have to explain to the team members how the team should
prepare the individual audit plan.
Required
Describe in detail the points you should make in your explanation.
Time allotted: 20 minutes

SESSION XII
PERFORMING THE AUDIT
Session Overview
The second phase of the audit process is the execution phase or performing the
audit. This involves the implementation of the audit procedures, gathering
audit evidence and documenting audit findings, in order to achieve the
engagement or audit objectives in accordance with the IIA Standard. Under
paragraph 2300 of the IIA Standards, internal auditors should identify, evaluate
and record sufficient information to achieve the engagement objectives.
It is important that the auditor has a clear understanding of the audit program
before implementing the audit procedures. The audit supervisor has the duty to
explain the audit program to the audit team before an audit assignment is taken.
Adequate supervision should also be provided during the process of execution.
Session Objective
Through lecture, discussion and exercise, participants will be able to determine
the type of audit evidences and techniques necessary to execute the audit
program in accordance with the IIA Audit Standards.
Major topics discussed

1 Audit Evidence.
2 Sources of audit evidence.
3 Quality of audit evidence.
4 Implementation of Audit Procedures.
5 Materiality during audit execution.
6 Audit completion.

Audit evidence
Audit evidence is information that forms the foundation, which supports the
audit findings and the audit opinion contained in the audit report. It includes
documents and accounting records underlying the financial statements and all
other information, which is pertinent to the auditor's examination.
In accordance with the IIA Standards paragraph 2310 internal auditors should
identify sufficient, reliable, relevant and useful information to achieve the audit
objectives. Sufficient information is factual, adequate and convincing so that a
prudent, informed person would reach the same conclusion as the auditor.
Competent information is reliable and the best attainable through the use of
appropriate auditing techniques. Relevant information supports audit
observations and recommendations and is consistent with the objectives of the
audit.
Sources of Audit Evidence

There are four sources of audit evidence:
 Auditor's direct knowledge.

 External Evidence.
 Internal Evidence.
 Corroborative Evidence.
Auditor's direct evidence is the most reliable source of evidence and when
available, it should be preferred to other sources. The auditor acquires direct
knowledge through physical inspection, observation and re-performance.
External evidence is less reliable than auditor's direct evidence. It originates

from sources outside the organization being audited. The evidence gathered
from such sources can be:

 Written testimonies or representations such as confirmation of accounts

receivable and bank accounts.
 Representations or statements made by third parties directly to the auditor.
 Externally prepared documentary evidence such as invoices and bank
statements.
Internal Evidence is evidence obtained from within the department under
audit. This evidence may consist of documentary evidence such as payment
vouchers, accounting records and reports, oral or written representation of
employees and management. Internal Evidence is less reliable than external
evidence and the auditor's direct knowledge.
Corroborative evidence is represented by consistency of the relationship

between different accounting figures, ratios, trends and the correlation of
information obtained through analytical auditing techniques. For example, the
concurrence of physical taking with the balance recorded in perpetual
inventory records gives of evidence of a far more persuasive nature of total
inventory than evidence obtained from physical stock taking or perpetual
inventory records alone.
Quality of Audit Evidence

In order for the auditor to make sound judgments and conclusions about the
fairness of the accounting information presented by the organization under
audit, sufficient, competent and relevant evidence must be gathered.
Sufficiency, competence and relevance are some of the determinants of the
persuasiveness of the evidence collected. One other determinant of
persuasiveness that is also considered along with the three aforementioned is
timeliness. These determinants or qualities of evidence are explained as follows:

 Sufficiency - refers to the quantity of evidence obtained. Sufficiency

is one of the main qualities to be determined when calculating a
sample size. The determination of the sample size to select, as the
Session on sample size has highlighted, involves not just how many
items (vouchers) to select but also what items to select for examination.
The quantity of evidence to select will also depend, among other
factors, on the auditor‟s expectations of errors and the auditor's
assessment of the effectiveness of the client's internal control structure.
 Relevance - audit evidence must relate to the general audit objectives
for it to be relevant. Audit evidence may be relevant to one objective
but not to another. For example, if the auditor obtains bank
confirmation letters which satisfy the existence and/or measurement
objectives, the evidence so gathered would not be appropriate to satisfy
the occurrence objective. In the latter case, the evidence gathered
through bank confirmation is not relevant to the occurrence objective.
However, audit evidence may satisfy more than one audit objective as
in the former case.
 Reliability (Competence) – is the trustworthiness of evidence. The
two terms are sometimes used interchangeably. The reliability of audit
evidence depends on the following factors:
(a) Independence of provider – evidence obtained from within the
organization being audited is less reliable than that obtained from
sources outside the organization.
(b) Effectiveness of Internal Control Structure – When the internal
controls of the organization being audited are effective, the
evidence gathered is more reliable than when the controls are
weak.

(c) Auditor's direct knowledge – evidence gathered directly by the

auditor is more reliable than information obtained indirectly.
(d) Qualifications of individuals providing the information –
evidences are less reliable if the individual providing the
information is not qualified. For example, examination of an
inventory of diamonds by an auditor who is not trained to
distinguish between diamonds and glass would not provide
reliable evidence of the value and existence of the diamonds.
(e) Degree of objectivity – evidence that requires considerable
judgment to determine whether it is correct is not as reliable as
objective evidence. For example, confirmation of bank balances
or physical count of cash (objective evidence) is more reliable
than confirmation by the client's lawyers of the likely outcome of
outstanding lawsuits against the client.
 Timeliness of audit evidence refers to either when the evidence is
collected or the period covered by the audit depending on whether
evidence is being gathered for the balance sheet or income statement.
 For balance sheet items, evidence should be collected as near
to the balance sheet date as possible. For example, the
auditor's count of cash on the balance sheet date would be
more persuasive than if the count was made two months
earlier.
 For income statements, the period covered is important. For
example, testing throughout the year is better than testing a
limited period within the year.

Implementation of Audit Procedures

Implementation of audit procedures refers to the actual testing or gathering of
audit evidence. Several techniques or methods are used to gather the various
types of audit evidence. The following techniques are used in collecting audit
evidence.
 Observation - which uses the senses to assess certain activities; for example,
observing inventory stock taking to assess whether employees are following
instructions.
 Confirmation involves receipt of a written or oral response from an
independent third party, for example confirmations of bank balances.
 Inquiries of client could be written based on oral information from the
client. Examples of this technique include internal control questionnaires or
asking employees if certain procedures are being followed.
 Re-performance or mechanical accuracy involves rechecking computations
for arithmetic accuracy or re-performing accounting routines.
 Documentation or vouching involves agreeing amounts of two or more
different documents, for example, agreeing amounts on purchase orders to
supplier invoices and receiving reports.
 Physical examination is an inspection or counting by the auditor of tangible
assets e.g., cash, inventory, etc.
 Scrutiny or scanning is a searching review of data in order to locate
significant items that require further investigation, e.g., scrutiny of the
general ledger for unusual or unexpectedly high or low values, etc.
 Inspection is the examination of documents other than source documents for
a transaction, e.g., inspection of lease agreements, or legal advisor's letter
reporting on a land purchase.

 Analysis is the subdivision of balances in accounting records and reports into

logical components, e.g., analysis of repairs and maintenance accounts.
 Correlation with related information is the establishment of consistency of

relationships which contributes to achieving a given verification objective,
e.g., analytical review procedures on gross profit and inventory.
While testing or gathering evidence, the auditor may find more errors than
were expected. In such a situation, the auditor should first determine what
caused the errors and then use his judgment to determine whether to carry out
more tests. How much more testing should be done will vary and depend on
the circumstances; and this decision is left to the auditor's judgment. It is
advisable however, to inform audit supervisors of such circumstances. It is
important to clarify that the sample size determined at the planning stage as a
result of the evaluation of internal controls and expected errors, is not fixed, but
an estimate. If, at the testing stage, the auditor finds more errors than were
expected or that the internal controls are not working as effectively as
previously determined, then the sample size may need to be increased.
Materiality during Audit Execution

During audit execution, it is important to determine materiality levels of
evidences. Materiality can be considered from three points of view - materiality
by amount, materiality in general context and materiality by nature.
 Materiality by amount is an arbitrary determination whereby more
than, for example, 5% in errors considered material.
 Material in general context is the determination of materiality by
considering the sum total of individual errors which are not material
may be material.

 Material by nature is a situation whereby although the amount may

not be significant but the nature of the finding, for example,
misappropriating a small amount of fund for personal use may be
material.
Audit Completion
At the end of the field audit, a summary of the results of the internal auditors
work is made and the achievement of the audit objective is evaluated. Once the
audit findings are documented, the internal auditor needs to evaluate the
findings as a basis for reaching a conclusion on the audit objectives.
This entails several steps:

 Review of the updated permanent audit file.
 Review of the current audit working papers.
 Clearance of any remaining audit queries.
 Review of the summary of audit findings.
 Review of the actions taken on recommendations contained in the
previous audit report.
 Review of the Exit Conference notes.
 Review of the draft audit report.
 Compilation and review of audit check list.
Significant matters for attention during audit completion include:

 Whether the audit working papers are neat, complete, indexed and
referenced, and cross referred.
 Whether all audit programmes have been fully covered and all audit queries
are fully disposed of.

 Whether the summary of the audit findings is complete and accurate and
consistent with the details in the working papers.
 The extent to which points raised in the last audit reports have been
attended to.
 The accuracy and validity of audit recommendations to be made.
 Whether the different parts of the financial statements and the related
ledger accounts are consistent with one another and with matters stated in
the draft audit report.
 Whether the draft audit report requires amendment in view of the
discussion held with auditees.
 Whether the final audit report has been completed and in accordance with
approved format and standard.
Session Summary
In this Session we have discussed how we perform the audit during the
execution phase of the audit process. The main purpose is to identify, evaluate
and record sufficient information to achieve the audit objectives.
We have defined audit evidence and identified sources of audit evidence
including auditor‟s direct knowledge, external evidence, internal evidence and
corroborative evidence.
To qualify information as acceptable audit evidence, it has to be sufficient,
relevant, reliable and timely.
Audit procedures should be implemented in accordance with the audit
programme. In this respect, there are several techniques or methods used to
gather various types of audit evidence.

Internal auditors should consider materiality in determining the level of

evidence. This includes materiality by amount, materiality in general context
and materiality by nature.
At the end of the field audit, a summary of the results of the internal audit work
is made and the achievement of the audit objectives determined through audit
completion procedures.

Exercise 12-1
Audit Techniques
Instructions to participants
Purpose:
To identify appropriate audit techniques when performing various tests.
Instructions:
Working individually, fill in the appropriate audit technique beside each sample
test given below.
Audit Procedure Audit Technique

1. Check that Treasury approval where required, has been
obtained. -------------------
2. Compare amounts on purchase invoices and shipping

documents. -------------------
3. Check calculation of payments. -------------------

4. Check that payments are correctly coded. -------------------
5. Review posting treatment of payments on account to
ensure clearance. -------------------
6. Reconcile the gross total to the ledger. -------------------
7. Review large and unusual or exceptional items. --------------------
8. Perform analytical review procedures on gross profit
and inventory. --------------------
9. Review insurance policy documents --------------------
9. Review the details of sample purchase invoices and
consider ????? --------------------
10. Whether they may represent improper charges --------------------

SESSION XIII
Documenting Internal Audit
Session Overview
In this Session, participants will be exposed to audit documentation, which is
essential in all steps of the audit process. The International Standard for the
Professional Practice of Internal uditing paragraph 2330 states that internal
auditors should record relevant information to support the conclusions and
engagement results. The intention of this module, therefore, is to enable
participants acquire general knowledge about audit documentation.
Session objective
Through lectures, discussions and exercises, participants will be able to explain
to the internal auditor how he documents the audit process.
Main points to be discussed:

 Meaning of documentation.
 Objectives of documentation.
 Principles of documentation.
 Content of working papers.
 Types of working paper files.
 Preparation and review of working papers.
 Retention and custody of working papers.
Documentation
Documentation is a process of recording, assembling and organizing knowledge.
In relation to auditing this knowledge is the evidence compiled in working
papers supporting audit assertions.

Working papers are the records kept by the auditor of the audit procedures
applied, the tests performed, the information obtained and the pertinent
conclusions reached in the audit engagement. Working papers should include
all the information necessary to conduct the examination adequately and
provide support for the audit report.
Objectives of Documentation
Specific objectives of documenting the internal audit assignments:
 Provides a historical record of the information collected during the
conduct of audits.
 Provides a record of the audit tasks performed.
 Identifies audit objectives and methods chosen as a basis for planning
future audits and for review purposes.
 Allows an audit supervisor or manager to make an interim review of
what has been done during the audit to date.
 Allows an audit supervisor or manager to carry out final assessment
of the validity of draft audit conclusions before they are expressed as
audit findings.
 Provides support for audit findings and evidence of compliance with
the internal audit standards.
 Establishes a record for the purposes of peer review.
 Provides a framework for further review in cases where management
disagrees with audit findings and the audit methods and conclusions
have to be reassessed.
 Provides a framework of control whereby delegated work is
monitored.

Principles of Documentation
Good documentation is achieved by implementing the following principles:
a) Consistency and Standardization

When carrying out audits, internal auditors should use consistent reporting
methods. Consistency is achieved by using the standard formats appearing in
the Internal Audit Manual. Completing the recommended formats will make
documentation easier to understand and review. For instance, if an auditor
takes over a work that has been started by another auditor, the use of
standardized formats will promote continuity. However, practical experience
may dictate the need for amendment of standard formats. Moreover, the
auditor could use additional formats as necessary.
b) Accuracy and Timeliness

Documentation should accurately reflect the tests planned, the tests carried out
and the result of these tests. There should also be documents that show the
timing of the work carried out.
c) Clarity and Conciseness

The aim is to provide working papers that will make it easy to understand the
way the audit was carried out. For this, the working papers should be well
organized and cross-referenced with clear and concise language and structure.
The information recorded should be sufficient for the purposes of subsequent
review by someone other than the responsible auditor.
d) Completeness
The audit papers should be complete in the sense of covering the whole audit,
the tests carried out, the meetings held, the queries raised, management
responses and the draft conclusions reached.

e) Authorship and Review

Audit papers should reveal who carried out each piece of work. In addition,
working papers should be reviewed. Information regarding the identity of
reviewers and their instructions/advice should be documented.
f) Confidentiality
Audit working papers are in principle confidential. The Head of the Internal
Audit unit may decide to share audit working papers, only if there is good
reason. If the external auditor or the Ministry of Finance and Economic
Development requests access, this is good reason in itself. If, in the case of
fraud, the police or a court of law requests information, the Head of Internal
Audit will comply. When access is requested, the circumstances, reasons,
persons with whom information was shared and the information shared should
be recorded in permanent files. It should be noted that principle of
confidentiality prevents the sharing of audit information with third parties (e.g.
suppliers). As audit working papers are confidential, measures should be taken
to restrict access to them.
Content of Working Papers

In accordance with paragraph 2330 of the IIA Standards, working papers should
contain the following aspects of the audit process:
 Planning;
 Examination and evaluation of the adequacy and effectiveness of
the system of internal control;
 The auditing procedures performed, the information obtained and
the conclusions reached;

 Review;
 Reporting;
 Follow-up; and,
 Governance and organizational aspects.
These and other aspects of documentation should be kept in an orderly and
organized manner in two files: Permanent File and Current File.
Permanent File
Permanent file is used for retaining key information of continuing audit
relevance, which changes little from year to year. It contains data of historical
or continuing nature pertinent to the audit. The permanent file typically
includes:
 Extracts or copies of the Public Body‟s documents that deal with the
organizational aspects. It includes organization structure (chart);
organizational history detailing authority and duty;
 Proclamations dealing with establishment, organizational authority

and responsibility, job descriptions and general organizational issues
and other documents showing how the Public Body is organized,
sub-divided, managed, staffed and directed;
 Information related to the understanding of the accounting system,

internal control structure and assessment of control risk. This
includes accounting policies, flow charts, internal control
questionnaires or internal control/evaluation, manuals,
organizational chart, systems descriptions and notes along with
specimen of documents, and other information on internal control
and accounting system;

 Information relating to understanding the rules and regulations

pertaining to activities within the Public Body. This is with respect
to directives, statement of policies, rules, regulations, proclamations,
internal instructions and manuals;
 The results of previous years' audit. This includes previous audit

findings, management actions and follow-up, weak areas, outstanding
audit queries, and matters deserving continuous follow-up;
 Other relevant information of continuing nature. For instance,

details of contracts, committee members (e.g. tender committee), key
personnel who authorize various types of decisions, details of projects
being implemented along with agreements, all bank accounts,
signatories, authority limits, safes, stores and other information like
plans, etc.
 Correspondence with the Head of the Public Body, Audit Committee

and outside parties concerning various issues. Note that a separate
file could be maintained for all correspondence depending on the
size, frequency and necessity.
Current Files
The current files include all working papers applicable to the year under audit.
They contain relevant information of the audit for the current year. Their
contents include:
 General information – This information is current information that is
of a general nature rather than dealing with specific issues. This
includes such items as audit planning memos, abstracts or copies of
minutes or contracts or agreements not included in permanent files,
notes on discussion with management, working paper review

comments, check lists, time summaries and comparison with budget,

financial statements, etc.
 Audit report – This is the final output of the audit process. It

includes the final and draft version.
 Audit program, which is initialed when each procedure is performed.

It is reviewed and approved. It is cross-referenced with each section
of the audit procedures.
 Financials Statements – This is relevant in financial audit.
 Trial balance – list of accounts with their balance supporting

financial statements. This is relevant in financial audit.
 Schedules and working papers prepared by the internal auditor in

performing certain audit procedure. There are lead schedules that
support the items in the trial balance. Lead schedules could also be
summaries of certain audit procedure (especially in the case of audit
other than financial audit). Supporting schedules are detail
schedules. There are many types or forms of schedules. The major
ones are:
- Analysis – shows the activity (entries) in an account. It

includes opening balances, description of sample,
transactions tested, summary of those not tested, ending
balances, sampling method, etc.
- Examinations of supporting document – These are various

schedules that show detail tests performed.
- Reconciliation of amounts – that support a specific amount

and is normally expected to tie the amount recorded in
financial statement or auditee record to other sources of
information, e.g. bank reconciliation.

- Information supporting schedules e.g. notes.
- Queries of the auditors along with responses.
- Documentation – documents from both internal and

external sources.
- Listings – List of items, balances, etc.
Preparation of working papers

An important aspect with respect to documentation of audit work is the
preparation of working papers (schedules). The Performance Standard 2330 of
the Internal Audit Standard advocates the use of standardized policies and
procedures in this regard. It also mentions some techniques or essential
characteristics that should prevail in working papers. Although the design
depends on the objectives and activities involved, certain common points or
characteristics should be given due regard. These are:
a) Each working paper should be properly identified with such information as:
 The name of the Public Body being examined;
 The title or description of the content or purpose of the working
paper;
 The period covered by the audit;
 The preparer and reviewer with respective dates of preparation and
review;
 The index code.
b) Each working paper should be signed (or initialed) by the preparer and the
reviewer.
c) Each working paper should be properly indexed and cross-referenced to aid
in organizing and filing. Indexing is done at the front of each paper using
combination of letters and whereby if lead schedules are given a letter, e.g.
"A" then for supporting schedule a suffix indicating the sequence in the file
is added e.g., "A1". Cross referencing between lead schedules and supporting
schedules or between two supporting schedules should be done in a logical
and consistent manner. Please refer to Annex XII in the Internal Audit
Manual for the relationship of working papers, indexing and cross-
referencing.
d) Each working paper should include sufficient information to fulfill the
objectives for which it was designed.
e) Completed working papers must clearly indicate the audit work performed
including sampling methods and samples selected. This is accomplished in
three ways:
 By a written statement in a form of memorandum;
 By initialing the audit procedures in the audit program;
 By notations on working paper or directly on working paper schedules.
Notation on working paper are accomplished by use of "tick marks"
which are symbols written adjacent to the details on the body of the
schedule. These notations must be clearly explained at the bottom of the
working paper.
f) The conclusions that were reached along with the respective

recommendations about the segment of the audit under consideration
should be plainly stated.
Organization/structure of working papers

The documents in working paper should be organized or structured in a manner
that enhances efficiency and facilitates accessibility.
To help clear understanding of what working papers are and to give practical
example, model Permanent File and Current File are given. The Permanent File
and Current File index given in annex X of the Audit Manual are simplified as
follows to make them user-friendly.

The indexes are given as a standard to be used by all the Public Bodies. The
index is used as a checklist for the auditor to ensure that working papers are
complete. The auditor shall collect audit evidences for each item described in
the index. The standard index shall also help the internal audit department
Head and the Inspection Department of MoFED to go through the working
papers smoothly.
Annex X
PERMANENT FILE INDEX
PUBLIC BODY ___________________________
PF I ORGANIZATIONAL INFORMATION
PF I 1 Nature of the Public Body: history, establishment, etc.

PF I 2 Objectives
PF I 3 Organizational structure (chart)
PF I 4 Job description
PF I 5 Staffing
PF II 7.1.1 ACCOUNTING SYSTEM AND INTERNAL CONTROL

STRUCTURE
PF II 1 Accounting policies
PF II 2 Systems documentation forms (system notes, flow charts)
PF II 3 Internal Control Questionnaires
PF II 4 Internal Control Evaluations
PF II 5 Risk Assessment Index
PF II 6 Specimen of Documents (Vouchers)
PF III RULES AND REGULATIONS
PF III 1 Directives
PF III 2 Rules, Regulations
PF III 3 Internal Instructions
PF III 4 Official Rates (Price lists)
PF IV PREVIOUS YEAR AUDIT HISTORY
PF IV 1 History of Audit Report - Findings

PF IV 2 Management Action
PF IV 3 Outstanding Queries
PF IV 4 Matters Deserving Attention and Follow-up.
7.2 PF V IMPORTANT MEMORANDUM
PF V 1 Contracts - Project Agreements, Other Contracts, etc.

PF V 2 Committee members
PF V 3 Key Personnel: Signatories, Authority Limits, etc.
PF V 4 Bank Accounts number
PF VI CORRESPONDENCE
Each of the major sections of the Permanent File is identified by unique roman
numbers. The contents are given serial numbers in subscript starting from the
first. So in PF V, important memorandums are filed. The first item is contracts.
This is given PFV1... If contract is only one page, PFV1 is the index to be given to
it. If there is more than one page, the subsequent pages will be identified by an
English alphabet. Therefore, the second page will be PFV 1 a. New items that
the auditor needs to file in the Permanent File can be added in the relevant
section indicated above or a new category shall be added. But this may be made
in consultation with the internal audit department Head and the Inspection
Department of MoFED.

Annex X
CURRENT FILE INDEX
PUBLIC BODY ___________________________
PERIOD OF AUDIT _______________________
I AUDIT REPORTS
I1 Final Audit Reports
I2 Report on Internal Control
I3 Ad-hoc Reports
I4 Interim Reports
I5 Draft Reports
II GENERAL INFORMATION
II 1 Matters for Attention: Auditor Follow-up, Management Action, etc.
II 2 Summary of Findings
II 3 Discussion with Management: Comments, Responses, etc.
II 4 Extracts of Minutes (management, audit committee)
II 5 Review and Check Lists (review notes, check lists)
II 6 Audit Time Summary and Budget
II 7 Important Memorandum
III GENERAL AUDIT PROCEDURE
III 1 Audit Planning
III 2 Audit Programs
III 3 Other Planning Issues
IV DRAFT FINANCIAL STATEMENTS

IV 1 Trial balances for each month covered by the audit, receivable
report, payable report, revenue report, expenditures report, etc.
TB TRIAL BALANCE
A Revenue/Assistance/Loan
B Expenditures: Recurrent
C Expenditures: Capital
D Transfers
E Receivables
F Payables
G Letters of Credit
H Net Assets/Equity

I Cash on hand
J Cash at bank in foreign currency
K Cash at bank
TESTS OF INTERNAL CONTROL
TC I Receipts
TC II Disbursements
TC III Procurement
TC IV Payroll
TC V Stock/Inventory
TC VI Fixed Assets
TC VII Computer Audit
The above index is used for financial audit. Again all Public Bodies should use
the index uniformly. Computer audit is usually done as part of financial audit. If
an extensive audit is required, it can be separately done. The index for such
extensive and separate test could be similar to the one shown below for special
audits.
The above lay out of the index follows the lay out of the Trial Balance given in
the FGE accounting system. Each section identified by A – K shall have
standard schedules known as lead schedule (the summary schedule that will be
filed at the top), summary of findings related to that particular section,
supporting schedules, and query (questions) sheet wherein all questions raised
during the audit are recorded. The question sheet should show the replies
obtained from the department audited. If satisfactory replies are obtained, a line
will be drawn across the question. Those points for which adequate replies are
not obtained shall be transferred to the summary of findings. The schedules for
test of control are more or less similar. The lead schedule for test of control shall
describe the objective of test, the sample selection method, list of samples
selected, findings, and conclusions.

Annex. X
SPECIAL AUDIT INDEX
PUBLIC BODY _______________________________

TYPE OF AUDIT _____________________________
PERIOD COVERED ___________________________
A Final report
B Draft report
C Planning of the audit & questionnaires (including the description
of the Public Body & the activity or department to be audited)
D Memorandum (instruction given to the audit department,
instruction given to the audit team, term of reference for the
audit, correspondence with the audited department,
correspondence with MoFED, minutes of meetings with the
department audited, etc.)
E Copies of important documents (Construction contracts,
consultancy contracts, proclamations, guidelines, policies, etc.)
F Summary of Findings
G Support Schedules
H Queries/notes
Special audits are special for each Public Body. The special audits might even
differ from assignment to assignment. Hence, it is not possible to establish
standard schedule to be used by all the Public Bodies for all special audits. The
above index is only a guideline. The auditor can modify the index to suit the
specific audit under consideration.

Review of working papers

Audit working papers should be reviewed to ensure that they properly support
the audit report and that all necessary auditing procedures have been
performed. Evidence of the supervisory review should be documented in the
working paper. The Head of the Internal Audit or designated senior auditor has
the responsibility for review. Generally, review has to be conducted at a level
of responsibility higher than that of the preparer of the working paper.
Evidence of review consists of the reviewer initialing and dating the working
paper after it is reviewed. It could also consist of completing a working paper
review checklist and/or preparing a memorandum stating the nature, extent and
result of the review. In addition, reviewers may also make a written record
(review notes) of questions arising from the review process, which should be
satisfactorily resolved.
Retention of working papers

In order to comply with the Financial Regulation No. 17/1997, records should
be retained for a minimum of ten years. It should be noted that Permanent
Files should be retained permanently.
Ownership and custody of working papers

Working papers are the property of the Public Body and remain under the
custody of the Internal Audit Department. The Head of the Public Body may
request access to the working paper in which case the Head of Internal Audit
approves the issue. Where parties outside the Public Body request the working
papers, the Head of the Public Body should approve the request.

Session Summary
The overall objective of documentation is to assist the internal auditor in

providing reasonable assurance that an adequate audit was conducted in
accordance with International Standards for the Practice of Internal Auditing.
Good documentation can be achieved when work papers are prepared in a
consistent and standardized manner, accurately and on time. They should also
be clear and concise.
Working papers should document all the three phases of internal auditing -
planning, execution, reporting and follow-up.
Working papers files are classified into Permanent and Current Files.
Permanent Files include information of continuing audit importance while
Current Files include all working paper applicable to the year under audit.
Working papers should be retained for 10 years in accordance with Financial

Regulation No 17/97.
Working papers are the property of the Public Body under the custody of the
Internal Audit Department. Access to the working paper can be given by the
Head of the Internal Audit Department subject to approval by the Head of the
Public Body.

EXERCISE 13-1
Purpose and Advantages of Documentation
Instruction to the Participants
Purpose:
To point out the purpose and advantages of documentation.
Instructions:
1. Perform this exercise in small groups.
2. Take about 5 minutes to go through the information given below
and come up with any points that need clarification.
4. Select a spokesperson to present the answers.
Internal Auditors should document the audit work. Share your views and
experience by discussing about the benefits and main objectives of documenting
audit work.
Write down the benefits and main purposes of documenting audit work.
Allotted time: 10 minutes

EXERCISE 13-2
Ownership, Security and Storage of Documents
Purpose:
To clarify ownership and security of working papers.
Instructions:
1. Read the discussion quiz below.
2. Be prepared to give your views for discussion with the class.
Alemu and Ahmed who are audit trainees have a discussion concerning audit
files. Alemu makes the following statements.
Audit working papers are the property of the internal auditor, who may destroy
the files, sell them or give them away. Members of the staff and third parties
have free access to the working papers.
Required:
Review the comments made by Alemu above. Do you agree with them? Discuss
each statement with your group and be prepared to discuss in the full class
session.
Time allotted: 15 minutes

EXERCISE 13-3
Use and handling of Working Papers
Instructions to the Participants
Purpose:
To explain the types of working paper files, ownership, security and storage of
working papers.
Instructions:
1. Perform this exercise individually.
2. Take about 5 minutes to go through the information below and come
up with any points that need clarification.
You are a senior internal auditor, you have been asked by the Chief Internal
Auditor to prepare a presentation for a staff meeting to discuss about working
papers. In your presentation you are to address the following points:
a. Main purposes of documenting audit work.

b. Types of working paper files and documentation contained in each
file.
c. Ownership, security and storage of working papers files.
Required:
Describe in detail the points that you should make in your presentation.
Allotted time: 45 minutes

SESSION XIV
REPORTING AUDIT FINDINGS
Session Overview
Reporting is the third phase of the audit process. The first and second phases
are planning and execution, respectively. The most important aspect of any
audit is reporting as an audit not reported and actions not taken on findings and
recommendations is a waste of resources utilized during the audit. It is,
therefore, essential that the internal auditor should report at the end of the
audit. Accordingly, the Intentional Standards for the Professional Practice of
Internal Auditing requires under article 2,400 that internal auditors should
communicate the engagement results. This Session is devoted to reporting audit
findings.
Session objective
At the end of the Session participants will be able to understand the
requirement of reporting audit findings through lecture, discussion and
exercises.
Main topics covered
 Audit findings;
 Characteristics of effective audit reports;
 Contents and formats of audit reports;
 Steps in the preparation of audit reports;
 Stages of audit reports;
 Follow-up.

Internal auditors report their findings and recommendations in a formal way.

Audit findings are the outcome of the audit. The value of auditing can be
judged by the quality, relevance, timeliness and reliability of audit findings and
the deterrent effect that audit creates. Here, we are concerned only with audit
findings and the way they are reported.
Audit findings
Audit findings are much more than simple opinions. The audit process is a time
taking careful process for building up very specific information, as it must result
in reliable and relevant information, sufficient to support reasonable
conclusions. A reasonable conclusion is one, which is objective and fully
supported by the evidence. An auditor using the same audit methodology could
repeat the audit and arrive at the same conclusion.
Audit findings emerge by a process of comparing “what should be” with “what
is”. This provides to the internal auditor a foundation on which to build the
report. When conditions meet the criteria, acknowledgement in the audit
report of satisfactory performance may be appropriate. Findings should be based
on the following attributes:
 Criteria: The policies, procedures, directives, regulations, laws, standards,

measures, or expectations in making an evaluation and/or verification
(what should exist).
 Condition: The factual evidence which the internal auditor found in the
course of the examination (what does exist).
If there is a difference between the expected and actual conditions, then:

Cause: The reason for the difference between the expected and actual
conditions (why the difference exists).
Effect: The risk or exposure the auditee organization and/or others

encounter because the condition is not the same as the criteria (the
impact of the difference).
The Head of Internal Audit is employed for his/her expertise and experience. A
critical element of this is judging the adequacy of information gathered through
the audit process as a basis for arriving at conclusions.
A process is needed for developing conclusions and testing their strength before
they are embodied in audit findings. This may involve:
 Developing audit interim conclusions by auditors in charge as the
audit is in progress.
 Discussing these interim conclusions by the Head of Internal Audit
(and giving guidance on their validity and indicating whether more
evidence is needed to substantiate them).
 Auditors drafting their final conclusions at the end of their audits.
 Head of Internal Audit carrying out further evaluation of the validity
of conclusions.
 Redrafting these conclusions as audit findings.
Validity of the audit findings is an important over-riding consideration. But

when it comes to reporting, other concerns are also of great importance. Audit
reports are intended to be read. So it is important to consider the needs of
readers. The main readers are the Heads of the Public Bodies. We presume that
they are:

 Busy people who have to read many reports on a lot of subjects and who
do not want to plough through a lot of detail before reaching key
conclusions.
 Not familiar with auditing terminology or processes.
 Less interested in processes than in findings.
 Much more interested in significant matters than trivial ones.
Characteristics of effective audit reports
These presumed characteristics are the key to writing effective audit reports. An
effective audit report is one, which is objective, clear, concise, constructive and
timely.
 Objective reports are factual, unbiased, and free from distortion.

Findings, conclusions, and recommendations should be included
without prejudice.
 Clear reports are easily understood and logical. Clarity can be
improved by avoiding unnecessary technical language and providing
sufficient supportive information.
 Concise reports are to the point and avoid unnecessary detail. They
express findings completely in the fewest possible words.
 Constructive reports are those which, as a result of their content and
tone, help the organization to make the necessary improvements
where needed.
 Timely reports are those, which are issued without undue delay and
enable prompt and effective action to be taken.

Content and format of audit reports
Although audit report formats and contents may vary, they should at least,
contain the purpose, scope, and results of the audit.
 Purpose statements should describe the audit objectives and may,
where necessary, inform the reader why the audit was conducted and
what it was expected to achieve.
 Scope statements should identify the audit activities and include,
where appropriate, supportive information such as time period
audited. Related activities not audited should be identified, if
necessary, to delineate the boundaries of the audit. The nature and
extent of auditing performed should also be described.
 Results may include findings, conclusions (opinions), and
recommendations.
 Findings are pertinent statements of fact. Those findings, which are
necessary to support or prevent misunderstanding of the internal
auditor‟s conclusions and recommendations, should be included in
the final audit report. Less significant information or findings may
be communicated orally or through informal correspondence.
 Conclusions (opinions) are the internal auditor‟s evaluations of the
effects of the findings on the activities reviewed. They usually put
the findings in perspective based upon their overall implications.
Audit conclusions, if included in the audit report, should be clearly
identified as such. Conclusions may encompass the entire scope of an
audit or specific aspects. They may cover but are not limited to
whether operating or program objectives and goals conform with
those of the Public Body, whether the Public Body‟s objectives and
goals are being met, and whether the activity under review is
functioning as intended.
 Recommendations are based on the internal auditor‟s findings and

conclusion. They call for action to correct existing conditions or
improve operations. Recommendations may suggest approaches to
correcting or enhancing performance as a guide for management in
achieving desired result. Recommendations may be general or
specific. For example, under some circumstances, it may be desirable
to recommend a general course of action and specific suggestions for
implementation. In other circumstances, it may be appropriate only
to suggest further investigation or study.
An example of audit report is provided in Annex IX in the Internal Audit

Manual.
Steps in the preparation of audit repot
The preparation of audit reports requires considerable care and thought.

Therefore, the following steps are suggested:
1) Knowing the purpose of the report;
2) Planning the report (prepare an outline);
3) Gathering data to be included in the report including evidences
supported by working papers;
4) Sorting the date to fit in the outline;
5) Writing the first draft;
6) Discussion with the auditee so that issues considered not important
can be dropped and the report concentrates on significant matters;
7) Editing the final report.

One of the conspicuous weaknesses of auditors is their inability to write

effective audit reports; so this aspect requires attention and effort. When
writing their reports, internal auditors should bear in mind that there is no
report that cannot be improved; however, it may have to be rewritten many
times.
It is the responsibility of the Head of Internal audit to ensure that audit reports
reach high standards of relevance and readability. The Head should examine all
draft audit conclusions for relevance, robustness, proficiency of language,
clarity, tactfulness, helpfulness and positive tone. The last three are important,
as effective audit reports should not alienate the reader. The reader should be
treated as a friend rather than an enemy. After all, if the ultimate usefulness of
audit is effective remedial action, it is wise to treat those responsible for such
actions with respect. The idea is to help them, not to embarrass or anger them.
Stages of audit reports
Writing audit reports entail drafting, redrafting, discussing, eliminating

redundant information, and so on. It requires patience and care. But this
process is worthwhile at the end of the day as it guarantees that internal audit
reports will be read and understood.
Audit reports go through several stages:

 Report of conclusions by the auditor in charge of an audit (interim);
 Draft report of audit findings submitted by the Head of Internal
Audit to the Head of the Public Body for discussion (interim);
 Final report of audit findings formally submitted to the Head of the
Public Body.

The internal auditor should hold Exit Conference to discuss conclusions and
report recommendations at appropriate level of management before issuing the
final report. The discussion will help to ensure that there have been no
misunderstandings of facts by providing the opportunity for the auditee to
clarify specific items and to express views on the findings, conclusions, and
recommendations. Although the level of participants in the discussion may
vary by Public Body and by the nature of the report, they will generally include
those individuals who are knowledgeable of detailed operations and those who
can authorize the implementation of corrective action.
Heads of Internal Audit units must ensure that:

 For every completed audit, a final audit report is submitted to the Head
of Public Body in a timely manner.
 For every year there is a brief annual report showing the audits carried
out during the year, the auditor‟s general opinions on the status of
internal control systems and the manner in which management has
followed up on audit findings.
The annual report is submitted to the Head of the Public Body with copies to
the Audit Committee and the Ministry of Finance and Economic Development.
Formal audit reports are not the only way (and certainly not the most effective
way) of reporting audit results to management. Auditors should think of
additional ways of bringing their work to the attention of management.
Material can be presented orally in seminars, workshops, meetings, briefings
and one-to-one sessions and in a variety of formats ranging from presentations
on what management needs to know, management tools, principles and
concepts, advice on best practice, recommendations and actual audit findings.

Internal audit reports are sent to the management of the Public Body for the
following reasons:
 To ensure that audit findings are known to management.
 To prevent the Head of the Public Body from keeping audit findings
secret from his management team.
 To ensure that significant matters resulting from audit receive collective
management attention.
Follow-up
In accordance with IIA Standard paragraph 2500-AI the Chief Audit Executive
should establish a follow-up process to monitor and ensure that management
actions have been effectively implemented or that senior management has
accepted the risk of not taking action. It is, therefore, the responsibility of the
Chief Internal Auditor in particular and the internal auditors in general to
maintain a follow-up process to assure that proper action has been taken on the
recommendations contained in the internal audit report. Such follow-up
procedure should include a follow-up policy whereby:
 Individual responsibility is defined. Generally, staff responsible for

the audit work is responsible for follow-up. If staff responsible goes to
other assignments other auditor can be assigned for continuing
follow-up.
 There must be ground rules for follow-up leaving plenty of room for
staff initiative. Effective follow-up need to be tailored to particular
recommendations and the results they seek.
 It should ensure that all recommendations are followed up.

Session summary
The most important aspect of any auditing is reporting since an audit not
reported and consequently action not taken on findings and recommendation is
a waste of resources utilized during the audit.
Audit findings should be developed by comparing “what should be” with “what
is” through the process, i.e. the elements of a deficient finding: criteria,
condition, cause, effect, conclusion and recommendation.
An effective audit report is one which addresses the needs of readers. The
report should be objective, clear, concise, constructive and timely.
Although the format and content of audit reports may vary, they should at least
contain the purpose, scope and the result of the audit.
The internal auditor should hold exit conference to discuss audit findings,
conclusions and recommendation at appropriate level of management before
issuing the final audit report.
The Chief Internal Auditor should establish a follow-up procedure to ensure

that appropriate actions are taken on the recommendations included in the
audit report.

Exercise 14-1
Writing an audit report
Purpose:
To draft an audit report
Instructions:
1. Refer to the copy of a sample audit report on the next page.
2. Identify deficiencies in the audit report.
3. Record the deficiencies on a piece of paper.
4. Redraft the audit report.
Allotted time: 20 minutes.

Exercise 14-1
Audit Report
The Vice Minister 12 November 2004

Ministry of Transport and Energy
P.O. Box 31086
Addis Ababa.
AUDIT REPORT FOR THE YEAR ENDED 31st AUGUST, 2004
NON COMPLIANCE
Non compliance with Treasury Restriction note. An amount of Birr 1,000,000
was transferred from Installation costs to Telecommunication and other
equipment with prior Treasury Authority, in violation of restrictive note.
Please ensure compliance with restrictive notes before making budget transfers.
ORGANIZATION CHART
To our knowledge the Ministry does not have an official detailed organization
chart for responsibility centers and approved by responsible officers.
DELEGATION OF AUTHORITY
The delegations of authority contained in the policies and procedures manual
are not followed, as it would seem that the limits are too much for some
positions. Further, the delegation of authority chart does not bear the Vice
Minister's approval.
Management should review the existing situation and make the necessary
changes to the present delegation of authority chart so that it may be updated.
Further, this chart should be approved by the Vice Minister.

BUDGET CONTROL
The Ministry incurred unauthorized excess expenditure of Birr 12,000,000. This

amounts to an increase of 116% compared to the previous year's excess. This is
indicative of persistent poor budget control.
It is recommended that proper budgetary procedure should be instituted so that

the Ministry operates within budgeted funds.
Tefera Abebe
Chief Internal Auditor

V. PROCEDURAL GUIDANCE ON FINANCIAL AUDITS
SUBSTANTIVE TEST PROCEDURES
SESSION XV
INTRODUCTION
There is an agreement that the manner the internal audit activity is carried out
in the Government offices will be substantially changed. This is purely reflected
in the two documents prepared by the Inspection Department of the Ministry of
Finance and Economic Development (MoFED), namely the MoFED Internal
Audit Activity Reform document and Study on the structure of the Internal
Audit Activity in Government offices.
From now on, the Internal Audit Activity in the Government offices will
perform POST AUDIT. The purpose of post audit, as concerns the financial
audit, is to check the reliability of the financial statements, and the financial
and internal control systems on the basis of which those financial statements are
prepared.
The financial statements of those Government offices which have gone through
the reform are prepared following the MODIFIED CASH BASIS OF
ACCOUNTING, using double entry bookkeeping, as described in the Federal
Government of Ethiopia Accounting System (FGE accounting system). Those
Government offices, which are yet to undertake the reform, will eventually
start applying this accounting system. It is, therefore, very important to describe
the accounting system briefly before embarking on the discussion of the
detailed audit procedures to be applied at the time of post audit.

THE FEDERAL GOVERNMENT OF ETHIOPIA ACCOUNTING SYSTEM

The Modified Cash Basis of Accounting is made up of temporary and permanent
accounts. Permanent accounts are cash, cash equivalents, receivables, payables,
letters of credit and net assets/equity. Revenue and expenditures are called
temporary accounts. At the end of each period, the temporary accounts have to
be closed to the permanent accounts. The difference between revenue and
expenditure will be transferred to net assets/equity account through a process
known as closing of accounts. Hence, after the accounts are closed, only the
permanent accounts will have balances.
Since double entry bookkeeping is used, the total debits should equal the total
credits or the difference between the debits and the credits must be zero. Using
the permanent account balances, a basic equation to test the equality of debits
and credits can be given as:
Cash + Cash Equivalents + Receivables = Payables + Letters of credits + Net

assets/Equity
A Public Body is required to send monthly reports to MoFED explaining how it

has spent the budgets appropriated to it. The monthly report is given in the
form of Monthly Trial Balance together with the supporting schedules. These
schedules, i.e., Capital Expenditure Report, Transfer Report, Receivables Report,
and Payables Report provide details of the figures given in the Trial Balance.
In its abbreviated format, the Monthly Trial Balance looks like the following:

ACCOUNT DESCRIPTION DEBIT CREDIT

Revenues/Assistance/Loan: (From Revenue/Assistance/Loan Report) XXXX
Expenditures:
Recurrent expenditure (Total of Recurrent Expenditure Reports) XXXX
Capital expenditure (Total of Capital Expenditure Reports) XXXX
Transfers: (from Transfer Report) XXXX
Receivables: (from Receivables Report) XXXX
Payables: (from payables Report) XXXX
Letters of Credit: (by account code-from General Ledger) XXXX
Net Assets/Equity (form General Ledger) XXXX
Cash & Cash Equivalents (by account code-from General Ledger)
Cash on hand XXXX
Cash at bank in foreign currency XXXX
Cash at bank XXXX
TOTAL XXXX XXXX
In the case of post audit using System Based Audit Approach, the Internal
Auditor is expected to give assurance to the management of the Public Body
that the figures included in the monthly Trial Balances are correct. To give his
opinion on the correctness of the figures included in the monthly Trial Balance,
the auditor has to perform financial audit procedures as explained in the
following sections of the manual.
The accounting system that enables the preparation of the monthly reports is
discussed in the following paragraphs. It should be noted that monthly reports
are the basis for the preparation of quarterly (three months reports together), six-
monthly (six-months reports together) and annual (twelve months reports
together) reports.
1. The accounting cycle starts when payment for goods and/or services is
effected; cash is collected or when non-cash transactions (e.g.: donation
in kind) occur.
2. The transaction taking place need to be captured using source

documents. The usual source documents are Cash Receipts when cash is
collected, Payment Vouchers when payments are made in cash or by
check, and Journal Vouchers when non-cash transactions occur.

3. The transaction captured in the source documents need to be

systematically recorded so that the summarizing, analysing and reporting
aspects of accounting can start. Transaction Register shall be used to
perform this task.
4. The next step is to systematically summarize the transactions recorded
by account type, i.e., cash, receivables, expenditures, etc. Ledger is used
to help this. So the responsible accountant has to post the transactions
from Transactions Register to Ledgers.
5. The balance of the ledgers maintained in the previous step will then be
taken to the Monthly Trial Balances.
The above steps can be presented diagrammatically as follows:
ME/HE/Q1 ME/HE/Q13 ME/HE/Q22

Cash Receipts Payment Journal
Vouchers Vouchers Voucher
ME/HE/Q32
TRANSACTIONS REGISTER
ME/HE/Q43
LEDGER CARD
REPORTS SUCH AS
REVENUE/ASSISTANCE
/ LOAN REPORT
TRIAL BALANCE
Figure 1 FGE Accounting system

The FGE accounting system also introduces budgetary control by using Budget
Ledger Cards. This is a columnar card showing the approved budget,
additions/reductions to the approved budget, revised budget, payments received
for budgeted expenditure, amount remaining to be requested, commitments and
balance in the revised budget that is not committed. The Budget section will
maintain the card. Budget Ledger Cards shall be opened for each item of
budgeted expenditure. Transactions affecting that item of expenditure shall be
posted to the card.
In the following sections, financial audit procedures for each of the items
indicated in the Trial Balance shall be dealt with in detail.

SESSION XVI
RECEIPTS (REVENUE)
Learning Objective
At the end of this section, we shall be able:
1 To understand the definition of receipts as given in the FGE
Accounting System Manual,
2 To briefly show how the Revenue/Assistance/Loan Report is

maintained and how it is linked with the Trial Balance;
3 To explain the substantive audit procedures that will be applied in

checking the accuracy of the receipt from Revenue/Assistance/Loan
balance in the Trial Balance.
Basic concepts
Receipts are money received via the official Cash Receipt of the FGE. Receipt
includes income from the service provided by the Public Body, income from
goods sold, recovery of previously extended loan to employees, etc. Receipt
includes the official income of the Public Body but is not limited to it.
According to the FGE Accounting System, there are three categories of receipts.
These are Item of Domestic Revenue, External Assistance and External Loans.
Domestic revenue is from tax revenue (tax on income, profit and capital gains,
excise tax on locally manufactured goods, VAT on locally produced goods, Turn
Over Tax, Stamp sales and duty, Custom duty on imported goods, Excise tax on
imported goods, VAT on imported goods and Export duties), from non-tax
revenue (administrative fees and charges, sales of public goods and services,
Government investment income, extraordinary and miscellaneous income and
contribution to pension fund) and from capital revenue such as privatization
proceeds.

External Assistance and External Loan are receipts obtained from foreign
sources to pay for Administrative and General Projects, Economic Projects,
Social Projects or any other legal project.
The source document to recognize cash receipts by any Public Body from any of
the above sources is Receipt Voucher. This voucher is of two kinds, one for
receipts in Birr (ME/HE/Q1) and the other for receipts in foreign currency
(ME/HE/Q2). “For any sum of money collected on behalf of the Federal
Government of Ethiopia, a serially numbered, official receipt of the Ministry of
Finance and Economic Development (MoFED) shall be issued.”
The monthly financial report that goes to MoFED shall include the receipts
made by the Public Body. The total to date of such receipts appears on the
Monthly Trial Balance. The breakdown for that total is given in the
Revenue/Assistance/Loan Report by account. As for other items in the Trial
Balance, a Ledger Card is maintained for each account appearing in the report.
If subsidiary ledger is needed, that is also maintained.
Procedures
The audit objectives of checking revenue are:
1 To ascertain that revenues are collected using the official rates

applicable to the revenue,
2 To ascertain that foreign assistance and loan reflected in the
accounts are based on agreements signed by appropriate official,
3 To ascertain that revenue is recognized in the period it is collected,
4 To ascertain that revenue is properly recorded in the records of the
Public Body.
The steps to be followed when performing substantive test of revenue are as

follows:
1. Obtain copy of the monthly Trial Balance that was sent to MoFED;

2. Obtain the Revenue/Assistance/Loan Report attached to the Trial

Balance;
3. Check the correctness of the total of the Revenue/Assistance/Loan

Report and agreement of the total with the figure shown in the Trial
Balance;
Example: - Assume the following Revenue/Assistance/Loan Report is prepared

by Ministry of Revenue for the month of Meskerem 1997.
YTD receivables
Account code Debit Credit
1101 Tax on wages and salaries 10,000

1201 Excise tax on Sugar 2,000,000
1224 VAT on soft drinks 1,500,000
1251 Service sales tax on consultancy 600,000
1301 Custom duty Motor vehicle and accessories 700,000
Total (to Trial Balance) 4,810,000
Once the correctness of the total of the report and its agreement with the
balance in the Trial Balance is checked, the auditor will ask for the ledger of
each of the accounts and check agreement of the ledger balance with the
payables reports and ask into any variations between the two. The figures in the
report are extracted from the ledgers.
The next step is to scrutinize the Revenue/Assistance/Loan report. Scrutinizing

means just looking at the report without applying any additional audit
procedure.
The auditor can see which items need closer check. For example, in the above
report the auditor can ask as to why revenue from tax on wages and salaries for
the three months of 1997 budget year (Hamle, Nehasse & Meskerem) is only

Birr 10,000. Such questions are raised by the auditor because of his prior
knowledge of Public Body. The tax revenue the auditor expects could be, say,
Birr 100,000 per month. The total for the three months had to be Birr 300,000.
The auditor should seek explanation for that. The answer to the question could
be that income tax was wrongly posted to, say, excise tax account or even to
salary expense account. The auditor should then propose correction to be made
in the report.
The next step is to select some of the accounts in the report. Selection could be
based on the materiality of the balance. In the above example, Excise tax on
sugar and VAT on soft drinks are material that they should be selected for
checking so that the auditor can make sure that the total income is accurately
reported. But other selection methods could also be employed. For example, if
the auditor is doing his audit every three months, he can select one of the items
based on materiality now. But next time, the item that is not tested now can be
selected even if it is not material.
For each account selected, the auditor will take out the ledger, check the total
and scrutinize it. By scrutinizing, the auditor can check abnormal transactions,
transactions without reference to supporting documents (receipt vouchers, etc)
or other incomplete transactions, which should be questioned. Adequate
explanations should be obtained to the questions raised.
From the ledger card, the auditor will select transactions with big Birr amounts
and transactions, which the auditor needs to check in detail. As a rule of thumb,
the auditor can select those big amounts making up 50% of the total ledger
balance.
Each of the selected items will be checked with the supporting documents.
Supporting documents to be checked vary according to which income it tested

and from Public Body to Public Body. In the Ministry of Revenue, receipts are
mainly collection of different taxes. The documents to be verified are those
related to the tax assessment. For example, customs duty is supported by
customs declarations and the related import documents. The basic law to refer
to is the Customs Duty Proclamation & Regulations including amendments. The
Ministry of Information collects Television license fee. Hence the auditor in
that Ministry refers to the documents relevant to the verification of that
income. It is not possible to list all the documents to be verified when auditing
revenue. But the general approach to the examination of the receipt is the same
regardless of the nature of the revenue. The Internal Audit Head is responsible
to inform the Auditors under his supervision, which documents to verify.
The amounts checked need to be recorded in the Current Audit file. For
example if VAT on Soft Drinks is selected for checking, the working paper
would look like:
A
MoR Initial Date
VAT on soft Drinks Prepared by KK 02/03/05
For the three months up to Meskerem 1997 Reviewed by JJ 05/03/05
Description Reference Amount
Collection from Moha Soft Drink Factory – Hamle 1996 RV 0000100 V200, 000 00
Collection from Coca Cola Factory – Hamle 1996 RV 0000200 V150,000 00
Collection from Moha Soft Drink Factory – Nehasse 1996 RV 0000300 V250,000 00
Collection from Coca Cola Factory – Nehasse 1996 RV 0000400 V300,000 00
Collection from Moha Soft Drink Factory – Meskerem 1997 RV 0000600 V250,000 00
Collection from Coca Cola Factory – Meskerem 1997 RV 0000750 V350,000 00
1,500,000 00
Work done: Checked
V = checked with receipt voucher, VAT declaration of
the taxpayer, approval of the tax payable amount.

The audit procedure to test revenue from External Assistance and Loan is the
same as above except that the receipt to be checked might be Foreign Currency
Receipt Voucher and the supporting documents are agreements signed between
the Public Body and the provider of the assistance or the loan.
Summary
The receipts of different Public Bodies are different. In terms of audit, however,
the procedures to be applied are the same except that the supporting documents
and the Proclamations, Regulations, Guidelines that will be examined are
different. In the FGE Accounting System, the vouchers and records given are
similar for all Public Bodies.
The Internal Audit Head is responsible to identify the documents to be tested,

the Proclamations, Regulations, Guidelines to refer to and to add to the above
outlined basic audit procedures depending on the nature of the receipts in that
particular Public Body. This should not be left to junior auditors, as they do not
have extensive experience like that of the Head.

Exercise –16 -1
This is a discussion exercise to be worked out in-groups of five.
Please identify one type of receipt in your organization and discuss what
supporting documents are expected to support the receipts. Which
Proclamation, Regulation or Guideline is relevant to the receipt?
Time allowed: 25minutes

SESSION XVII
EXPENDITURES
Learning Objectives
When we have completed our study of this Section, we should be able to
understand and apply the following:
 The definition and significance of expenditures;

 The audit objectives of expenditures;
 The internal control system;
 The audit procedures to be applied in the audit of expenditures.
Basic Concepts
Expenditures are basically of two types – capital expenditures and recurrent or
revenue expenditures. The Federal Government of Ethiopia‟s budget (for
instance, Proclamation No. 282/2002, 1995 (E.C.) Fiscal Year Budget
Proclamation) is also accordingly divided with subdivisions under each
category.
Capital expenditure has been generally defined as “an outlay for the acquisition
of or improvement to fixed assets, and includes expenditures made for
consultancy services.” (Article 2 (3) of Proclamation No. 57/1996, Federal
Government of Ethiopian Financial Administration Proclamation).
Specific definitions are also given in Article (3) of Council of Ministers

Regulations No. 17/1997 as follows:
(a) The acquisition, reclamation, enhancement or laying out of land
exclusive of roads, buildings or other structures;
(b) The acquisition, construction or replacement of roads, buildings and
other structures;
(c) The acquisition, installation or replacement of movable or
immovable plant, machinery and apparatus, vehicles and vessels;

(d) The making of advances, grants or other financial assistance to any

person towards expenditure incurred by him/her on the matters
mentioned in paragraph (a) to (c) above or in the acquisition of
investments; and,
(e) The acquisition of share capital or loan capital in any body corporate;
(f) Any associated consultancy costs of the above.”
Recurrent expenditure is any expenditure that fall outside of Capital

expenditure. All other administrative and defense expenditure and debt
servicing are recurrent expenditure. Recurrent expenditures, which are also
referred to as non-developmental expenditure, are intended for continuing the
existing flow of goods and services and for maintaining the capital of the
country intact. (Public Finance and Tax Planning by Alka Gupta, Anmol
Publications Pvt. Ltd., New Delhi, 2001).
Audit Objectives of Expenditures
The audit objectives of expenditures whether it is for capital or recurrent

expenditures should deal with the following two aspects:
 To test control - to ensure that the Public Body's policies and

procedures are adhered to and respective laws and regulations are
complied with;
 To substantiate payments by checking that they are made for actual

goods and services received and whether there are pertinent and
adequate supporting documents.
Controlling expenditure is the primary responsibility of the Head of the Public

Body. To discharge this responsibility, the Head should, therefore, establish
necessary internal control system.
The types of controls necessary to ensure compliance of the Public Body‟s

operation with the policies, laws and regulations and directives include the
following:

 Prevention of misappropriation of public funds;

 Prevention of overspending of Budget appropriations;
 Prevention of unwise or inappropriate expenditures;
 Prevention of expenditures for illegal purposes; and,
 Ensuring the use of proper control methods and procedures.
Control of misappropriation of funds can be exercised through a combination of

operational procedures, „pre-audit‟ or internal check steps by the accountant,
and post audit both by the internal auditor and the external independent
auditor.
Control over overspending is the responsibility of those who are allotted with
the budget. For the control over overspending to be effective, information on
budget, amounts utilized, unexpended and unencumbered balances should
regularly be communicated to those concerned. This falls under what is called
„responsibility accounting‟.
Control over unwise or inappropriate expenditures is done through reviewing

documents such as budgets, purchase requisitions, commitments, and also
questioning the Head of the department who initiated the expenditures to be
incurred. The request to incur the expenditure could be legal, but the question
that must be asked and answered is whether it is wise and/ or appropriate to pay
for the expenditure
Illegal expenditures can be viewed as those, which have exceeded the approved
budget or appropriations. The person who has incurred the expenditure has
done outside of his authority if he overspent and therefore, the act becomes
illegal. The other is incurring expenditure for which there were no budgets or
appropriations. Thus, it is obvious that there is no authority to incur the
expenditure and therefore, this also becomes illegal.

The use of proper methods and procedures is a part of a good internal control
system. As part of the control system of the FGE, the Budget Ledger Cards are
used for budgetary control purposes and these records have to be consulted
before expenditures are incurred.
The other control is the coding of the expenditures so that they are recorded in
the proper accounting system. These are the responsibilities of the accountant.
The audit procedures to be followed in order to test control over payments

are as follows:
Check, on a sample basis, that payments are made in compliance with the
relevant Government directives; to do so, firstly determine the total population
of the payment vouchers used during the year under review. Secondly, apply
say, random and stratified sampling method in order to determine the sample
size that is expected to be representative of the population.
Example: Assume that the total numbers of Payment Vouchers used in a given
period to be audited were 2550, and assume also that 25 vouchers are sufficient
number to be chosen to test control, then under systematic sampling method
every 102nd (i.e. 2550 vouchers divided by the sample of 25) voucher is selected
for the test required.
1. Ensure that all the particulars including the budget and account code
numbers to be used in identifying the expenditures for posting to the
appropriate accounts are properly filled out on the Payment Vouchers
selected;
2. Check that every payment effected is before hand verified by Budget section
to ensure compliance with budgetary rules;
3. Ensure that all payments are approved within the limits of authority vested
on each officer;

4. Ensure that cheques are completely filled out and signed by those in
authority; ensure also that cheque stubs are signed by the signatories with
the complete particulars being filled out thereon;
5. Ensure that invoice amounts are not split into smaller portions to
circumvent regulations on limits of signatory powers;
6. Check the recording to the Transactions Register and then the postings to
the ledger cards.
The audit procedures to be followed in order to verify the correctness of the

recurrent and capital expenditure balances are as follows:
(a) Obtain the Trial Balance and the Expenditure schedules for the
period of audit and trace the figures to the General and Subsidiary
ledger cards to ensure agreement;
(b) Once the correctness of the total and its agreement with the Trial
Balance is checked, the auditor will secure the ledger cards and check
agreement of the above balances with the balances in the ledger
cards; if differences are noticed he should enquire before he proceeds
with his audit work;
(c) The next step is to scrutinize the expenditure report by just looking
at the report in order to identify any odd or unusual items before
applying audit procedures.
The auditor can then determine which of the items of expenditures need a
closer check. For instance, from the example Expenditure Report given below,
the auditor may ask questions as to why Postage, telephone, etc., Local and
Foreign per diem and traveling expenditures showed huge balances. He will
look into these expenditures to identify and justify the reasons through a
detailed review. (See the Example given below.)
(d) The next step is to select from among the subsidiary ledger accounts
from both capital and recurrent expenditure categories based on the
amounts involved. Usually at least the amount constituting 50% of
the total is presumed to represent the balance for testing. Where
sampling technique is used it may not be necessary to verify to such an
extent.

(e) For each account selected, the auditor will check the correctness of
the totals of the ledgers and scrutinize. The auditor can then check
abnormal transactions, transactions without reference to supporting
documents (Payment Vouchers, etc.) or other incomplete
transactions, which should be questioned. Adequate explanations
should be obtained for these.
(f) The total of the subsidiary ledgers balances should agree with the
total of the control account. The selection indicated above need also
be made from the subsidiary ledgers.
(g) In addition to the samples selected for testing, the auditor will also
select transactions with big Birr amounts for further detail checking.
As a rule of thumb, the auditor usually selects those big amounts
making up 50% of the total ledger balances. Where sampling
technique is used it may not be necessary to verify to such an extent.
(h) Each of the selected items will be checked against the supporting
documents.
Consider the nature of expenditures in each category and the supporting

documents that will be checked as follows:
1. If we are dealing with receipt of goods, the supporting documents

that are at least to be checked are purchase orders, bid analysis,
minutes of bid committee, approval of the selection of supplier,
goods receiving documents, and the Journal Vouchers used to
capture the transactions. Other additional evidences may be checked
as necessary.
2. If we are dealing with receipts of services, the supporting documents

which are more or less the same as for the receipt of goods may
include request for the purchase of the services, bid announcement,
suppliers evaluation and selection documents, approval of the
purchase, evidence of performance of the service and such other
documents depending on the nature of the service shall be checked.
The amounts checked shall be documented and the schedules filed in the
current audit file.
In respect of current period acquisitions, select and examine a sample of

invoices and contracts to ensure that:

1 The purchases are supported by approved budget;

2 Supporting documents for the purchase such as stores requisitions,
purchase requisitions, purchase orders and goods receiving
documents are all in order;
3 The acquisition is authorized and comply with the Procurement
Proclamation, rules, regulations and directives;
4 The items are received by goods receiving documents and issued for
use against issuing documents;
5 The documents and records should all be the originals and not
photocopies;
6 The items are immediately recorded in the stores records and are
given tag numbers when issued; and where the items represent fixed
assets, that the items are recorded in the fixed assets register and the
personal ledger cards maintained in the names of the users;
The internal auditor should note that the audit procedures given in the Manual
are not exhaustive but are meant to serve only as a guide. Therefore, the
internal auditor is advised to refer to other relevant directives and documents.
Among the directives that he should refer to is the detailed Procedural Manual
of the Treasury Department of the Ministry of Finance and Economic
Development (MoFED) and ensure compliance with such directives.
Example: Assume you are given the following Expenditure Report of a small
Public Body for the year ended Sene 30, 1996:

YTD
Expenditure
Account description Debit
Salaries and wages 50,000

Per diem and traveling, local 70,000
Per diem and traveling, foreign 80,000
Printing and stationery 25,000
Repair and maintenance of motor vehicles 2,000
Repair and maintenance of Building 3,500
Fuel and lubricants 10,000
Postage, telephone, etc. 125,000
Total (to Trial Balance) 365,500
The internal auditor should prepare or secure the necessary schedules, list out
the items selected and tested, the works done, including a summary of the audit
objectives, the findings and conclusions. He should file these schedules and
other relevant audit working papers under the relevant section of the Current
Working Papers file; the Lead Schedule, Summary of Findings, Supporting
Schedules and Queries/ Notes and the test of internal control should also be
filed under the appropriate sections.

Exercise 17-1
Self-Testing Questions (Class discussion)
1. How are expenditures defined and what are are the significances of
such definitions? Explain and justify.
2. What are the distinctions between expenditures and expenses?
3. Do purchases of fixed assets fall under expenditures or expenses?
4. What types of controls are required for ensuring compliance of the
Public Body‟s operations with policies, laws and regulations?
5. Distinguish among internal control systems and audit procedures in
relation to audit of expenditures.
6. Explain the difference between disbursements and expenditures.
Exercise 17-2
Problem
An extract of the major expenditures balances from the Budget Ledger Cards for
approved budget for 1996 EC and the General/ Subsidiary Ledger Cards of a
Public Body are presented as follows:
1 Annual Budget and Actual Recurrent Expenditure
Budget Actual
Birr Birr
Salaries and wages 78,700 87,600
Per diem and traveling, local 45,500 50,000
Per diem and traveling, foreign 75,500 75,500
Printing and stationery 45,388 38,000
Repair and maintenance of motor 25,000 15,000
vehicles
Repair and maintenance of Building 16,700 20,000
Fuel and lubricants 34,200 30,000
Postage, telephone, etc. 70,000 72,500
Miscellaneous expenses 44,400 53,490
Your audit of the major over expenditures and the unutilized balances in respect
of external travel and repair and maintenance of Building showed the following:

1. CPV No. 00056 dated Hamle 30, 1995 for Birr 15,500 representing
salary payment for Hamle was wrongly coded and recorded as
miscellaneous expenses. On the other hand, an amount of Birr 7,500 paid
by CPV No. 00020 dated Hamle 15, 1995 for Miscellaneous Expenses
previously taken as Per diem and traveling expenses, local was adjusted
by JV No. 006 dated Hamle 26, 1995 to Salaries and Wages rather than to
the appropriate account.
2. Salaries and wages included payments of Birr 23,500 under various

CPVs to employees for whom no budgetary allocations were provided at
the outset.
3. An analysis of „Per diem and traveling expenses, local‟ provided the

following:
Date Particulars Doc. Ref. Birr
26/11/95 Per diem and Travel expense, local, of Ato Abebe JV # 05 3,050
Senbeto as per his travel expense settlement
report
Per diem and Travel expense of W/o. Yeshiwork
8/1/96 Akalu and other employees as per their travel JV # 15 4,450
expense settlement reports
Travel advance taken by Ato Solomon Taye for his
15/3/96 trip to various places in Oromiya Region JV # 24 5,500
Per diem and travel expenses of Dr. Assamnew
2/5/96 Gezahegn and his group members as per their travel JV # 35 7,450
expenses settlement reports
Foreign Per diem and Travel expense of Ato
14/9/96 Assegahegn Bonger and W/ro Hawi Mohammed ( on JV #123 10,200
a one week visit to India )
15/10/96 Foreign travel cost of W/o/ Yeshiwork Abebe to CPV # 0150 12,000
Malaysia for one week
Instruction: As the Head of the Internal Audit Section you are required to review the above
case, prepare the necessary Working Papers and report your findings to the Head
of the Public Body.

THE FEDERAL DEMOCRATIC REPUBLIC OF ETHIOPIA

MINISTRY OF FINANCE AND ECONOMIC DEVELOPMENT
SAMPLE AUDIT PROGRAMME FOR EXPENDITURES
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Name of Public Body __________________
Audit Area __________________________
Budget Year ________________
State Audit Sampling

Performed Population Size Sample Size Budget Year _______________
1.
2. Estimated Time ______________
3. Actual Time ______________
4. Difference _______________
5. (If significant, give reasons on last
page of this form)
Audit Procedures to be Ref Name of Initial of

No. Performed No. Auditor Auditor Remarks
Audit Objectives
1. To test control - to ensure that
management's policies and procedures
are adhered to and respective laws and
regulations are complied with.
2. To substantiate payments by checking
that they are made for actual goods and
services received and whether there
are pertinent supporting documents.
General Procedures
1. Review previous year audit working
papers.
2. Review the updating of the permanent
file.
3. Fill in the internal control
questionnaire.
4. Draw or update flow chart or system
notes.
5. Evaluate the appropriateness and
effectiveness of the control system.


SAMPLE AUDIT PROGRAMME FOR EXPENDITURES (continued)

No. Performed No. Auditor Auditor Remark
General Procedures
6. Conduct a „walk through‟ test to
confirm the control system.
7. Review internal and external reports.
Specific Procedures
 To test control on Petty Cash

payments:
1 Determine the number of
replenishments made during the whole
year;
2 Select a sample of replenishments and
ensure that:
- Payments are made in accordance
with laws, regulations and
Government directives;
- Every petty cash voucher is verified
by budget section;
- cashier, financial officer and
designated officials have signed on
all petty cash vouchers;
- the word "Paid" is marked on all
documents attached with the petty
cash voucher;
- all payments are within the limit
established;
- petty cash vouchers are properly
coded and posted to proper ledger card;
- petty cash summaries are reviewed
properly.
 To test control on Cheque

payments:
1 Determine the total population of
payment vouchers used during the
whole year;


SAMPLE AUDIT PROGRAMME FOR EXPENDITURES (continued)

2 Select a sample of payments and
ensure that:
- Note: Procedures for petty cash are
also valid for check payments, as
appropriate.
- Cheque stubs are signed by cheque
signatories and date, amount and
purpose of payment are filled there
on.
 To test control on Cheque
payments (cont‟d):
- Signatures are the same as
specimen signatures in permanent
file.
- Cheque numbers are cross referred
to payment vouchers
- Large sums were not split to
circumvent regulations on limiting
signatory powers.
 Substantive tests on balances

of subsidiary ledgers
1 Select certain subsidiary ledger
balances from both the recurrent
and capital expenditures:
- Check the mathematical accuracy
of the balances;
- Ascertain that all transactions are
authorized;
- Compare actual expenditures
against the (revised) budget;

SESSION XVIII
TRANSFERS
Learning Objectives
The objective of this section is:
1. To provide the definition of transfers in the FGE accounting system;
2. To briefly show how the transfers report is maintained and how it is

linked with the Trial Balance;
3. To explain the substantive audit procedures that will be applied in

checking the accuracy of the transfers balance in the Trial Balance.
Basic concepts
Transfers are movements of cash or non-cash transactions between MoFED and
Public Bodies. Cash sent to a Public Body to cover its salary expense is transfer
from MoFED. Likewise cash sent to MoFED by the Public Body is transfer to
MoFED. In the Public Body‟s account, transfer from MoFED is recorded as
credit. Transfer to MoFED is recorded as debit.
Transfer can be non-cash. When salary is transferred to a Public Body, only the
net amount that will be paid to employees is transferred. There is no need to
transfer the tax and pension contribution to the Public Body. However, the total
salary expense of the Public Body is the gross amount. To record this gross
amount in its accounts, the Public Body has to record the tax and pension
amount as non-cash transfer. For example, if the salary expense for the month
of Hidar 1997 in Ministry of Health is Birr 500,000 and the income tax is Birr
100,000, Ministry of Health will receive the net amount of Birr 400,000 from
MoFED. Hence the Birr 400,000 is cash transfer and Birr 100,000 is non-cash
transfer.

Transfers are temporary accounts as they are closed at the end of the year. This
is because the same transfer is recorded by both MoFED and the Public Body
but on opposite sides of the account. When MoFED transfers a certain amount,
it treats it as receivable from the Public Body. The Public Body records the same
amount as payable to MoFED. At the end of the budget year, when the MoFED
closes its accounts, the two cancel each other and the balance becomes zero.
Procedures
The audit objective of checking transfers is to ascertain that the balances have
arisen from cash and non-cash transfers from MoFED, to MoFED or from or to
another Public Body.
When auditing transfers, the auditor has to follow the following procedures:
2. Obtain the Transfers Report attached to the Trial Balance. Transfer

reports are two. Part one, just like the Receivable Report,
summarizes transfer account balances from the General Ledger. Part
two provides information on each cash transfer from or to MoFED.
3. Check the correctness of the total of the Transfer Reports of both

Part-one and Part-two and agreement of the total with the figure
shown in the Trial Balance;
Example: - Assume the following Transfers Report: Part one
YTD receivables
4001 Recurrent salary & allowance 100,000
4002 Recurrent operating expense 300,000
4003 Capital salary & allowance 150,000
4051 Recurrent salary & allowance: non-cash 20,000
4052 Recurrent operating expenditure: non-cash 90,000
4053 Capital salary & allowance: non-cash 30,000
Total (to Trial Balance) 690,000

Transfer Report Part Two may partially appear as follows:
4001 4002
Date Debit Credit Date Debit Credit
Salary for Tikimt 1997 25/2/97 80,000
Operating expense 2/2/97 150,000
Operating expense 17/2/97 150,000
Total 80,000 300,000
Net activity 80,000 300,000
BOM Balance 20,000 _____-
EOM Balance 100,000 300,000
4. Once the correctness of the total and the agreement of Part two with
Part one of the report and, similarly, agreement of Part one with the
balance in the Trial Balance is checked, the auditor will ask for the
ledger of each of the accounts and check agreement of the ledger
balance with the Transfer Reports and ask into any variations
between the two. The figures in the report are extracted from the
ledgers.
5. The next step is to scrutinize both Part one and Part two of the
Transfer reports. Scrutinizing means just looking at the report
without applying any additional audit procedure.
The auditor can see which items need closer check. For example, it is
obvious that salary is to be transferred from MoFED. The Public Body has to
see it as payable. In Part two of the report, what is expected is a credit
balance. Any debit balance needs, therefore, closer check.
6. The next step is to select some of the items from the Transfer
Reports. Selection should be from both cash and non-cash transfers
categories. Some of the transfer accounts are easy to check. For
example, transfer for salary should be easy to check. The auditor
knows what the monthly salary of the Public Body amounts to. If
the balance shown in the Transfer Report agrees to what he knows,
then there is no need to make detail check. The auditor can then
select other major balances or balances on which the auditor has
question, which he needs to make further tests to form his opinion
about the accuracy of the reported balance. It is recommended that
the auditor has to check at least 50% of the balances.

7. For each account selected, the auditor will take out the ledger, check
the total and scrutinize it. By scrutinizing, the auditor can check
abnormal transactions, transactions without reference to supporting
documents (payment vouchers, etc.) or other incomplete
transactions, which should be questioned. In addition, the detail in
the ledger selected should be the same as the detail in the Transfer
Report Part Two. The auditor needs to obtain adequate explanations
for the questions he raises.
8. From the ledger card, the auditor will select transactions with big
Birr amounts and transactions, which the auditor needs to check in
detail. As a rule of thumb, the auditor can select those big amounts
making up 50% of the total ledger balance.
9. Each of the selected items will be checked with the supporting

documents bearing in mind that documents generated externally are
more reliable than documents generated internally. Transfers are
usually supported by letter of request written to the MoFED,
MoFEDs letter to inform transfer, bank transfer documents or
Payment Vouchers of MoFED and bank advices and/or receipts of
the Public Body. In addition to these, the auditor has to obtain the
approved budget of the Public Body and compare the transfer
amount and pattern with the approved budget. The budget ledger
card needs to be checked to see the approved budget is correctly
posted to the ledger and that the transfer amount is recorded in the
ledger.
For non-cash transfers, the supporting document would be the letters as

mentioned above and the Journal Voucher used to recognize the transfer.
The non-cash transfer has to be checked against the approved budget and
the entry in the ledger card.
10. The amounts checked need to be recorded in the current audit file.
For example if there is a transfer of Birr 80,000, as indicated above,
to cover salary of Tikimt 1997 and if MoFED has withheld Birr
10,000 income tax on the salary, the auditor can prepare his working
paper as follows:

D1
MoFED Initial Date
Transfer Prepared by KK 18/03/05
For the month of Tikimt 1997 Reviewed by JJ 20/03/05

Transfer from MoFED on 25/2/97 being salary of Tikimt
1997. Refer MoFED‟s letter reference No MF/02/03 dated
23/2/97 and bank transfer advice dated 24/2/97. RV 100004 TV80, 000 00
Work done: Checked

V = checked with authorized letters, bank advice,
receipt.
T = Traced to approved budget summary & budget
ledger card.
D2
MoFED Initial Date
Transfer Prepared by KK 18/03/05

Non-cash transfer from MoFED on 25/2/97 being income tax
on salary of Tikimt 1997. Refer MoFED‟s letter reference No
MF/02/03 dated 23/2/97 and Receipt voucher No 2222. JV 10006 TV10, 000 00
Work done: Checked

V = checked with authorized letters & receipt voucher of
MoFED and Journal Voucher.
T = Traced to approved budget summary & budget ledger
card.
When checking transfers, the auditor should bear in mind that the amount
recorded, as transfer in the Public Body‟s account should have the same but
opposite balances with the balance recorded by MoFED as transfer to that
Public Body. The auditor may ask the MoFED to tell him the balance of the
transfer. If the two are not the same, then the auditor needs to investigate the
difference.

Summary
Transfers are of two categories. The types of transfer are many. The audit
procedures for the transfers are the same. The tests the auditor is making and
the type of documents the auditor is referring to could be different according to
the nature of the transfer. The auditor will describe the documents checked and
might also question the adequacy of those documents as supporting documents
for transfers. The auditor should also apply his knowledge and earlier
experience when checking transfer balances.

Exercise 18-1 (Class discussion)
1. Give examples of transfers that you have come across.
2. Describe the audit procedures that you will follow to check the accuracy of
such transfers.

Exercise 18-2
Problem (Class discussion)
1. The MoFED internal auditor is checking the transfer account balance on the
consolidated report at the end of Hidar 1997. He found a debit balance of Birr
150,000 on this consolidated account.
a. Do you think the auditor can say the balance is correct or not before
he makes any checking?
b. What do you think would be the appropriate steps to check where the
errors occur?

SESSION XIX
RECEIVABLES
Learning Objective

1. To provide the definition of receivables in the FGE accounting
system;
2. To briefly show how the receivables report is maintained and how it

is linked with the Trial Balance;

checking the correctness of the receivable balance in the Trial
Balance.
Basic concepts
According to the FGE accounting system, receivable is defined as any amount
expected to be collected by MoFED or a Public Body from another Public Body,
non-governmental organizations or individuals. Included in this category is
cash shortage to be collected from cashiers; advances to contractors, consultants
and suppliers; and advance made to Public Bodies by MoFED.
Procedures
The audit objective of checking receivables is to ascertain that the balances have
arisen from genuine transactions.
When auditing receivables, the auditor has to follow the following procedures:
2. Obtain the Receivables Report attached to the Trial Balance;

3. Check the correctness of the total of the Receivables Report and agreement
of the total with the figure shown in the Trial Balance;
Example: - Assume the following Receivables Report
YTD receivables
4201 Suspense 10,000
4202 Cash shortage 50
4252 Advance to consultants 15,000
4253 Advance to suppliers 200,000
4273 Individuals & private organizations 30,000
4274 Others 150 _____
Total (to Trial Balance) 240,200 15,000
4. Once the correctness of the total and its agreement with the balance in the
Trial Balance is checked, the auditor will ask for the ledger of each of the
accounts and check agreement of the ledger balance with the receivable
report and ask into any variations between the two. The figures in the report
are extracted from the ledgers.
5. The next step is to scrutinize the receivables report. Scrutinizing means just
looking at the report without applying any additional audit procedure.
The auditor can see which items need closer check. For example, in the above report
the auditor can raise a question as to why Advance to consultants has a credit balance.
Normally receivables have debit balances. Credit balance means that there is some
error that needs additional checking.
Items like cash shortage are not normal transactions. Hence regardless of the amount,
such items need to be checked. Cash shortage could have arisen because of failure of
internal control. The auditor has to study the reason and give appropriate
recommendations to the management.
“Others” are usually checked to see what is included in them.
6. The auditor can look into subsequent period records such as the
Transactions Register to find out if the receivable balance is already
collected subsequently. If collection is made subsequent to the period under
audit, the auditor can be sure that the reported balance is genuine.

7. The next step is to select some of the items, in addition to those unique
items explained above, based on the amount involved. Usually at least the
amount constituting 50% of the total balance is checked. In the above case,
the net balance is Birr 225,200. If the auditor checks about Birr 125,000 or
more, he can form an opinion about the fairness of the total amount. In the
receivable report above, advance to contractors is the biggest balance that
should be selected. Other accounts as mentioned in previous steps need also
be selected for the reason discussed in the previous step.
8. For each account selected, the auditor will take out the ledger, check the
total and scrutinize it. By scrutinizing, the auditor can check abnormal
transactions, transactions without reference to supporting documents
(payment vouchers, etc.) or other incomplete transactions, which should be
questioned. Adequate explanations should be obtained to the questions
raised.
9. From the ledger card, the auditor will select transactions with big Birr
amounts and transactions, which the auditor needs to check in detail. As a
rule of thumb, the auditor can select those big amounts making up 50% of
the total ledger balance.
10. Most of the accounts indicated in the Receivables Report are control
accounts. There could be subsidiary ledgers. For example, if the advance to
contractors account is the sum of advances to more than one contractor,
each contractor will have his own subsidiary ledger. The total of the
subsidiary ledgers balances should agree with the total of the control
account. The selection indicated in step 9 need also be made from the
subsidiary ledgers.
11. Each of the selected items will be checked with the supporting documents
bearing in mind that documents generated externally are more reliable than
documents generated internally. In the case of the advance to supplier, for
example, the auditor need to obtain the contract signed with the supplier to
see if the authorized officer has signed it. The auditor has to check the
selection procedure by looking into the bid file. This has to be checked
against the procurement procedures. The mode of payment need also be
checked with the provisions of the contract. The tests the auditor can make
are numerous that it is not possible to list all of them. The auditor, in some
cases, may even approach the supplier to obtain direct confirmation of
balances, checking of genuineness of addresses, etc. The auditor need to use
his experience to raise as many questions as possible to cover all the tests
needed.

12. The amounts checked need to be recorded in the current audit file. For
example, if the advance to contractors ledger mentioned above has one
transaction, the auditor might prepare his working paper as follows:
E1
MoFED Initial Date
Advance to contractors Prepared by KK 02/03/05
For the month of Meskerem 1997 Reviewed by JJ 05/03/05

25% advance payment to XYZ PLC for the supply of
stationery. Contract was signed on Meskerem 5, 1997. The
total contract amount is Birr 800,000. 75% will be paid
when the company fully supplies the stationeries. PV 100003 V200,000 00
Work done: Checked

V = checked with payment voucher, contract; bid
committee minutes, approval of the minister.
Summary
The important controls that the auditor should look into when checking
receivables include maintenance of control ledgers independent of subsidiary
ledgers and reconciliation of subsidiary ledger balances with control ledger
balances regularly. Receivable balances that remain for more than a reasonable
period should be questioned.
As discussed above, the nature of transactions to be classified as receivables are

different. However, almost the same audit procedures will be applied to all
receivable balances. The approach to checking of the balances is the same
regardless of the nature of the account. Specific procedures might be added or
omitted when checking different balances. For example, there is no contract to
be checked when checking advance to employees.

Exercises 19-1 (Class discussion)
1. In your respective office, what kinds of receivables are there? What are the
documents supporting them?
2. Are there receivable balances in the offices that are using single entry
accounting?
Exercises 19-2
Problem
1. Assume that you are auditing the accounts of Ministry of Education for the
month of Tikimt 1997. You found one of the significant receivable balances
to check is advance to consultant. You noted that the Ministry has signed a
contract with PP Consultants for the development of a certain curriculum.
The contract was signed in 1996 budget year. The contract amount was for
Birr One million. An advance of 25% was paid in 1996. The second payment
of 50% was paid in Tikimt 1997. No other payment was made.
Required: - Prepare a working paper for the transaction.

SESSION XX
PAYABLES
Learning Objectives
1. To provide the definition of payables in the FGE accounting system;
2. To briefly show how the payables report is maintained and how it is

linked with the Trial Balance;
12 To explain the substantive audit procedures that will be applied in

checking the accuracy of the payables balance in the Trial Balance.
Basic concepts
Payables are financial obligations to be paid in the future date in connection
with services or goods or money received now. Payables can be categorized into
two. Short tem payables are those that will be paid in the next twelve months.
Long-term payables are those that will be paid after a year.
In the FGE accounting system, payables are classified into two. The short-terms
are those that will be paid in the next budget year. This includes payables
arising from receipt of goods and services; payables among Public Bodies, to or
by Regions and to employees; short-term domestic loan taken by the
Government; deposits received that will be paid when certain conditions are
fulfilled (like court deposit); and retentions from payments to contractors. Long-
term payables are those that will not be paid in the next budget year. Foreign
loan is one of the significant long-term payables.

Procedures
The audit objective of checking payable is to ascertain that all payables are
properly and fully accounted for and that the recorded liabilities are valid.
When auditing payables, the auditor has to follow the following procedures:
2. Obtain the Payables Report attached to the Trial Balance;
3. Check the correctness of the total of the Payables Report and agreement
of the total with the figure shown in the Trial Balance;
Example: - Assume the following Payables Report
YTD receivables
5001 Grace period payable 50,000

5002 Sundry creditors 10,000
5003 Pension contributions payable 20,000
5004 Salary payable 25,000
5021 Due to staff 2,000
5027 Other payables 3,500
5051 Custom deposits 10,000
5061 Retention on contract _____ 117,000
Total (to Trial Balance) 10,000 227,500
4. Once the correctness of the total and its agreement with the balance in
the Trial Balance is checked, the auditor will ask for the ledger of each of
the accounts and check agreement of the ledger balance with the
Payables Reports and ask into any variations between the two. The
figures in the report are extracted from the ledgers.
5. The next step is to scrutinize the Payables Report. Scrutinizing means

just looking at the report without applying any additional audit
procedure.

The auditor can see which items need closer check. For example, in the
above report the auditor can raise a question as to why sundry creditors
account has a debit balance. Normally payable accounts have credit
balances. Debit balance means that there is some error than need
additional checking.
6. The next step is to select some of the items in each category based on the
amount involved. Usually at least the amount constituting 50% of the
total balance is checked. In the above case, the net balance is Birr
217,500. If the auditor checks about Birr 117,000 or more but from each
category of payables, he can form an opinion about the fairness of the
total amount. The categories, as can be seen from FGE Chart of
Accounts, are payables (Account No. 5000-5019), payables among Public
Bodies (Account No. 5020-5039), Government payables (Account No.
5040-5049), deposits (Account No. 5050-5059) and retention (Account
No. 5060-5069).
7. For each account selected, the auditor will take out the ledger, check the
total and scrutinize it. By scrutinizing, the auditor can check abnormal
transactions, transactions without reference to supporting documents
(payment vouchers, etc.) or other incomplete transactions, which should
be questioned. Adequate explanations should be obtained to the
questions raised.
8. Most of the accounts indicated in the Payables Report are control

accounts. There could be subsidiary ledgers. For example, if the retention
on contract account is the sum of retentions from more than one
contractor, each contractor will have his own subsidiary ledger. The
total of the subsidiary ledgers balances should agree with the total of the
control account. The selection indicated in step 7 need also be made
from the subsidiary ledgers.
amounts and transactions, which the auditor needs to check in detail. As
a rule of thumb, the auditor can select those big amounts making up 50%
of the total ledger balance.
10. Each of the selected items will be checked with the supporting
documents. Let us look at the nature of payables in each category and the
supporting documents that will be checked:

10.1. PAYABLES – arise when goods and/or services are received in

advance.
10.1.1. If we are dealing with receipt of goods on credit, the

supporting document that need to be checked are
purchase orders, bid analysis, minutes of bid
committee, approval of the selection of supplier, goods
receiving vouchers, and the Journal Voucher used to
capture the transaction. Other additional evidences
may be seen as needed. The auditor should also ask if
payment is made subsequent to the period under
examination.
10.1.2. If we are dealing with receipts of services, supporting

documents including request for the purchase of
services, bid announcement, suppliers evaluation and
selection documents, approval of the purchase,
evidence of performance of the service and such other
documents depending on the nature of the service
shall be checked.
10.1.3. Pension contribution payables are also included in this

category. These are simple to examine. Pension
contribution is made up of 6% by the Government and
4% by the employees. It is calculated on the basic
salary of the employee. The auditor should take the
payroll of the month, take the total basic salary and
calculate these percentages. If there is any difference,
the auditor should ask for explanation. Detail work on
the correctness of salary is tested when expenditures
are tested or when compliance tests are made.
10.1.4. Salary Payable occurs when the month‟s salary is not

fully paid in that month. For example, if salary of
Tikimt is paid in Hidar, the total salary is reflected as
payable in the Trial Balance for the month of Tikimt.
The basic supporting document to be checked is the
payroll for the month. As mentioned above, additional
works on salary expense is done under test of
expenditure or test of compliance. If not done,
additional procedures should be applied when testing
salary payable.

10.2. PAYABLES AMONG PUBLIC BODIES
10.2.1. Due to staff – Are payables to staff other than salary

payables. Expected supporting documents are
correspondence letters and rules related with such
payables.
10.2.2. Due to MoFED for SSDP, for staff, for recurrent and
capital expenditures from next year‟s budget – include
amounts collected from MoFED on account of the
following year‟s budget to cover salary and allowances,
recurrent and capital expenditures. This is equivalent
to transfers and hence supporting documents that are
seen when transfers are checked will be seen.
10.3. DEPOSITS
10.3.1. Customs deposits, court deposits, hospital deposits and

other deposits are included in this category.
Instructions are needed to collect these monies. The
deposit requirement might have been written on
procedures books. The auditor needs to ask according
to which instruction or procedure the deposit is
collected. In addition, cash receipt for the money
deposit should be obtained. Such documents should be
examined to check the validity and accuracy of the
deposit.
10.4. RETENTION ON CONTRACT – is usually related to

construction. 10% or 5% depending on the contract is
retained from every progress payment made to the
contractor. This amount is to be released to the contractor
when he accomplishes the contract. The auditor needs to
obtain the contract and check the relevant articles related to
the retention. The accuracy of retention amount is checked
with the last payment certificate. The total amount paid to
the contractor can be taken from the expenditures record or
record kept by the department responsible for the follow up
of the progress of the contract. The retention amount can be
calculated based on that amount. If there are differences, the
auditor should ask for explanation.

11. The amounts checked need to be recorded in the current audit file. For
example, if the auditor selects retention on contract account, the
working paper looks like the following:
F1
MOE Initial Date
Retention on contract Prepared by KK 02/03/05

Opening balance OB10, 000 00
10% retention on third payment to ABC General contractor
for the construction of a school in Desse. See contract
dated Nehasse 1996. PV 100003 V50, 000 00
10% retention on fourth payment to ABC General V57, 000 00
contractor for the above contract.
117,000 00
Work done: Checked
OB = opening balance checked with the ledger.
V = checked with payment voucher, payment
certificate, bill of quantity, contract; bid committee
minutes, approval of the Minister.
Summary
The important controls that the auditor should look into when checking
payables include maintenance of control ledgers independent of subsidiary
ledgers and reconciliation of subsidiary ledger balances with control ledger
balances regularly.
The basic audit procedures to be applied in checking payable balances are those
explained above. As long as the auditor follows that direction, the documents to
be verified will differ from account to account and from Public Body to Public
Body. For example, the value of construction contract above for which open bid
is necessary might differ according to the requirements in the procurement
manuals of the Public Bodies.

Exercise 20-1 (group work)
1. How does an internal auditor of a Public Body using the cash basis of
accounting audit payables?
2. Describe the supporting documents that you would check when auditing Grace
Period Payables,
3. Describe the supporting documents that you would check when auditing
Customs deposits,
Problem
1. Assume that you are auditing the accounts of the Ministry of Health for the first
three months of 1997 budget year. The Trial Balance produced for the month of
Meskerem 1997 shows a payable balance of Birr 1,000,000. You asked for the
payable report and you learnt that the major balance was Birr 700,000 retention on
contract. You decided to examine this account. You asked for the subsidiary ledgers
and one of the ledgers was in the name of Sunshine Construction. The balance is
Birr 500,000. Of this balance, Birr 200,000 was balance brought forward from the
pervious budget period. There was one payment made in Nehasse 1996 through
Payment Certificate No 2. Retention is 10% of the payment. The contract amount is
Birr 5 million. The contractor has given 6% rebate.
Required: -
a) Describe the audit procedures you will be following for this particular test.
b) Prepare working paper for the account you have checked.
c) Give your opinion on the correctness of the balance.

SESSION XXI
LETTERS OF CREDIT
Learning Objectives
1. To provide the definition of Letters of Credit in the FGE Accounting
System;

checking the accuracy of the Letters of credit balance in the Trial
Balance.
Basic concepts
The FGE Accounting Manual defines letter of credit as “a guarantee to pay

suppliers with cash set aside in a bank account restricted for that purpose.”
Generally speaking letter of credit is a promise or an agreement to pay to a
foreign supplier from whom consumables or fixed assets are purchased.
Payment is usually made two portions – e.g. 30% advance and 70% final
payment. Payment is made through Bank.
The purchasing procedure through letter of credit is similar to other purchases.

Invitation for bid is made, suppliers are evaluated and selected by bid committee
and then order is placed. At this stage letter of credit is opened and the advance
payment is made. The advance payment is not a receivable account. It is not
cost of stock or fixed assets either. It is a separate category of item which, when
the goods are received, will be transferred to either stock or fixed asset as the
case may be.

Procedures
According to the Letter of Credit procedures of the Treasury Department of
MoFED, Public Bodies have to make a request for the opening of Letter of
Credit. The amount in the request for Letter of Credit has to be in agreement
with the amount in the Proforma Invoice of the suppler, the minutes of the bid
committee and Bank permit. Availability of budget is checked. The Letter of
Credit is approved by the responsible officials and finally transferred to the
Bank for payment.
The procedures to be followed in auditing the Letters of Credit balance are:
2. Check agreement of the Letters of Credit balance in the Trial Balance

with the ledger,
3. Check total of the ledger;
4. Scrutinize the ledger for apparent correctness;
5. Select a sample of transactions. Many transactions are not expected in

Letters of Credit account. The auditor can, therefore, check all the
transactions in the ledger.
6. Check the selected transactions with supporting documents such as bid

advertisement, suppliers‟ evaluation, bid committee minutes, Proforma
Invoices of the suppliers, and other correspondences. The auditor should
expect a file being maintained in the purchase department. He should
obtain and check the Letters of Credit file to learn about the history of
the transaction and give his comment on it.
7. Check clearance of Letters of Credits in subsequent months. Enquire into

Letters of Credits that remain unclear for a long period of time.
8. Recording the work done in a working paper as shown for receivables

and payables.

Summary
The auditor should note that Letters of Credit is directly related with purchases.
He should plan to avoid duplication of work. If transactions are tested under
procurement test, then the auditor should only check the correctness of the
ledger and posting of transactions from the Transactions Register to ledger and
then to Trial Balance.
NET ASSETS EQUITY
Learning Objectives
1. To provide the definition of Net Asset/ Equity in the FGE Accounting
System;
2. To briefly show how the Net Asset/ Equity balance is arrived at;

checking the accuracy of the Net Asset/ Equity balance in the Trial
Balance.
Basic concepts
Net Asset/ Equity is the difference between total assets less payables and Letters
of Credit. This account does not usually arise from cash payment or cash receipt
transactions. It does not arise as a result of non-cash transfers either. It is used to
keep the difference between the revenue received in a period and the total
expenditures incurred in that period. A Public Body might not spend all the
money it has collected in a certain period. When transferring the balance of
revenue and expenditure to the Trial Balance, the two will not be equal. But
under the Modified Cash Basis of Accounting, the debit and credit sides of the
Trial Balance should be equal. To create that equality, the difference should be
reflected as Net Asset/ Equity.

Procedures
Unlike other accounts, there is no need to develop detailed audit procedures for
the audit of Net Asset/ Equity because, the balance is checked when checking
the other accounts that give rise to that balance.
Exercise 21-1 (Class discussion)

a) Give the equation for Net Asset/ Equity.

SESSION XXII
CASH ON HAND AND CASH AT BANK
Learning Objectives:
understand about the following:
 The definition of cash;

 The audit objectives;
 The minimum audit procedures to be applied in the audit of cash.
Basic Concepts
The definition of Cash given in the Internal Audit Manual is as follows:
1. Balances of money (currency paper notes and coins, CPOs or

Cashiers Payment Orders issued by Banks, cheques, bank
transfers) in the hands of cashiers (collectors, main and petty
cashiers);
2. Balances of monies at Banks.
A phrase „Cash and cash equivalents‟ is also used in the FGE Accounting Systems
Manual when talking about cash. And these include:
1 Cash as representing cash on hand and cash at bank; and,

2 Cash Equivalents as representing short term, highly liquid
investments which are readily convertible to known amounts of
cash and which are subject to an insignificant risk of change in
value.
Cash and Bank
We can divide the audit procedures for Cash and Bank into the Validation Audit
Procedures and Test of Control Procedures.
The Validation Audit Procedures may only be concerned with the verification
that:

1 The cash and bank balances are correctly stated;

2 They belonged to the organization and physically existed or are
confirmed by the Banks in the case of cash balances held by the
Banks;
3 Cut-off procedures have been duly observed at least at the end of the
close of business;
4 Valuation consideration may be difficult to determine; for example,
the purchasing power of cash may deteriorate but the Cash and Bank
balances will be stated at the actual amounts counted and the bank
balances.
The Test of Control, on the other hand, concerns taking samples of transactions
and testing the effectiveness of the existent system of control to prevent
misappropriation, overspending of Budget appropriation, unwise or
inappropriate spending, and ensuring that laid down controls, methods and
procedures are working. Accordingly, samples of vouchers (transactions) are
taken from among the population of vouchers for testing purposes.
The audit objectives of Cash on hand

The objectives of examining main cash, petty cash transactions and balances of
both main and petty cash are:
To establish the validity and propriety of the cash transactions, and,
To properly state the cash on hand for purposes of financial statement
presentation.
The audit procedures to be followed in order to test control over cash on hand
are as follows:
Generally, the control objectives for cash include that the collection of all cash
are made only against official receipts vouchers and payments are made only for
the Public Body‟s objectives against authorization and proper documentation;
and that the transactions are recorded into the books of accounts promptly and
accurately.

The audit of cash on hand with petty cash included commences with the
evaluation of the internal control system using Internal Control Questionnaires
(ICQs) or Internal Control Evaluation Questionnaires (ICEQs). (See Annex XIX
and XXVIII of the Internal Audit Manual.)
Under the validation procedures, the internal auditor may conduct surprise cash
count to ensure existence of the cash and to a limited extent verify whether or
not the internal control system laid down by management is functioning
properly; by doing so he checks that:
1 All paid but not yet replenished petty cash vouchers are consistently
approved by a responsible person and supported by sufficient
pertinent documents. If there are vouchers that are not approved,
they should be listed down with the necessary detail on a schedule.
2 If there are suspense payments, these should also be listed down on a

schedule specifying the dates of payments and the reasons for the
advances and the amounts involved. If all such payments are within
allowable period as stipulated in directives/ guidelines, then there is
no problem. However, if there are long outstanding suspense
payments, the internal auditor should enquire for the reasons and
report where those reasons are not justifiable.
3 The internal auditor should check whether all collections made in

cash and by cheques up to the day of the cash count are deposited
into the bank. If there are still some cash on hand, these should be
listed down on a schedule/ cash count form and the signature of the
cashier should be secured.
The other audit procedures that the internal auditor should follow under the Test
of Control include the following:
1. Review of the personal files of cashiers to ensure that:
1.1 The cashier‟s honesty and the degree of risk involved is assessed;
1.2 Fidelity guarantee insurance or otherwise sufficient guarantors are

provided by the cashiers;

1.3 Clear job descriptions outlining duties, responsibilities and

accountability are provided to the cashiers;
1.4 The cashiers possess the education and training relevant to their
functions;
1.5 Proper safeguarding of cash is in place;
1.6 All cashiers are provided with secure places and cash safe boxes for
the cash they handle;
1.7 Strict control is exercised over used and unused receipt vouchers in
the custody of the cashiers (and also in the hands of those who keep
the vouchers);
1.8 Collections are made only against official pre-numbered Cash

Receipt Vouchers;
1.9 Cash collectors have handed over all their cash collections to the
main cashier intact and on time; and that the amounts are
reconciled against the summaries of the collection documents/ cash
receipt vouchers;
1.10 Cash and cheque collection summaries are prepared; and test
checked against the cash receipts vouchers;
The audit procedures to be followed in respect of cash also include the

following:
2. Obtain the monthly Trial Balance of the Public Body;
(i) Check agreement of each cash balance in the Trial Balance with each
of the General and Subsidiary Ledger Accounts;
(j) Ascertain that the cash balances are also in agreement with the cash
books;
(k) Ascertain the cash centers and the cashiers handling the cash;
(l) Ascertain that the petty cash funds are kept on the imprest system;
this could be achieved by selecting some replenishments that were

made during the period/ year under review and checking that the
replenishments were made only when the cash balances became low
and as provided in the directives/ guidelines;
(m) Ascertain that the cash on hand balances which include cash
collections and petty cash funds are confirmed by actual physical
count;
(n) Make counts of all the cash in the hands of the cashiers and
reconcile against the cash books and the ledger account balances
which must be written up-to-date; watch out for items such as
bounced cheques during the cash count; (see Procedures 6.28 under
Section II, Cash and Bank Balances in the Internal Audit Manual);
(o) When cash funds are to be counted ensure that simultaneous control
is exercised over all cash and other items of a cash nature in order to
prevent transfers from one fund to another to cover up shortages;
after the contents of each cash box, safe, etc. have been counted, each
item may be released to the cashier. Cash should preferably be
counted after the close of business hours in order to expedite the
audit operations;
(p) Make a separate listing of the contents of each cash fund;
(q) Seal the cash safe and break the seal as required;
(r) List out the documents for un-deposited cash and cash items and
reconcile with the funds counted to ensure agreement; trace these
funds to the bank statements to determine that the monies are
deposited intact subsequently;
(The Cash Count Form, Annex XVII – 1 in the Internal Audit Manual or similar
forms could be used for the purpose of cash count. The Suspense Payment
Vouchers held as part of cash on hand should also be listed out under the
Suspense Account – Count Sheet, Annex XVII – 2. Cut-off documents – dates,
numbers, particulars, and amounts on the last Cash Receipts Vouchers, Payment
Vouchers, Cheques, and all cash related documents with pre-numbers should be
listed out and signed for.)
(s) Check arithmetical accuracy of the accounting records;

(t) Follow the procedures in the Internal Audit Manual in respect of the
verification of petty cash balance and suspense payment vouchers;
(see Procedures 6.3 and 6.4 under Section II, Cash and Bank Balances
in the Internal Audit Manual);
The audit objectives of Cash at Bank

The objectives of examining cash at bank transactions and balances are:
 To establish the validity and propriety of the cash at bank

transactions, and,
 To properly state the cash at bank balances for purposes of

financial statement presentation.
The validation and test of control procedures for Bank are in general similar.
Validation concerns verifying existence and correctness of the Bank balance and
ownership thereof. As explained earlier, we take the balance at face value
without any measurement consideration – for instance, decline in purchasing
power. The test of control is the testing of the effectiveness of the system of
control through selection of a sample of transactions and documents from
among a population of vouchers.
Audit procedures for cash at bank

The audit of cash at bank account commences with the evaluation of the
internal control system using Internal Control Questionnaires (ICQs) or
Internal Control Evaluation Questionnaires (ICEQs). (See Annex XIX and
XXVIII of the Internal Audit Manual.)
The audit procedures to be followed in order to test whether or not there is

proper control over Cash at Bank are as follows:
 Ensure that Bank Reconciliation Statements are prepared and are

all checked and approved by independent persons other than the
preparers.

 Ensure that adequate control is exercised over cheques – that

unused cheques are kept in safe; blank cheques are not signed in
advance; cancelled cheques remain in the pads marked
“cancelled” or “VOID”;
The audit procedures to be followed in order to ensure the correctness of the

Cash at Bank balances are as follows:
1. Obtain the monthly Trial Balance of the Public Body;

2. Check agreement of the Trial Balance with the ledger accounts;
3. Identify the Bank accounts, and verify that:
Monthly bank reconciliation statements are prepared by the accounts

section to ensure that the balances are properly reconciled; select any
one month in the year under review and trace deposits and payments
of the month‟s bank transactions to the Bank Statement; observe
cutoff procedures (last document and cheque numbers and dates.);
(Note: There are many different types of Bank Reconciliation
Statement forms one of which is given as Annex XVIII to the
Internal Audit Manual);
 All outstanding and reconciling items (deposits, cheques issued and

other items) are cleared immediately (cheques should not be
outstanding for no more than six months); otherwise the auditor
should secure the reasons for and be convinced as to why they were
outstanding, or he should report the situation for the attention of the
management;
 Unusual items and errors in the Bank Statements (including contra

items) are given adequate attention;
 Request the Banks and obtain direct written confirmation of Bank

balances with the authorization of the Head of the Public Body at
least as at the end of the year and compare for agreement with the
balances in the ledgers; if differences are observed the matter should
be discussed with the Accountant of the Public Body and cleared
with the Bank as necessary.
Last but not least, the internal auditor should prepare or secure the necessary
schedules, list out the items selected and tested, the works done, including a
summary of the audit objectives, the findings and conclusions. He should file
these schedules and papers under the relevant section of the Current Working

Papers file. The Lead Schedule, Summary of Findings, Supporting Schedules and
Queries/ Notes and the test of internal control should also be filed accordingly.
An Audit Program (Annex XV to the Internal Audit Manual) and the detailed
procedures for the audit of cash and bank transactions are also given in the
Internal Audit Manual. It is also important for the internal auditor to refer to
other relevant directives and documents such as the detailed Procedural Manual
of the Treasury Department of the Ministry of Finance and Economic
Development (MoFED) issued in Megabit 1993.
Example: Assume that you have audited the Cash and Bank balances of the
Ministry of Education as of Tikimt 30, 1997 which are in agreement with the
Trial Balance submitted to MoFED, the ledger accounts and the cash books and
also with the physical counts and Bank Reconciliation Statements. The
schedules for these items under reference letter I (with sub-schedules – some
sub-schedules are not given) may look like the following (the figures given and
the names of persons are hypothetical.):


Sch. Ref. I
Initial Date
Prepared by AT 05/03/97
Reviewed by TH 15/03/97
Name of Public Body:___Ministry of Education_______
Audit Area: Cash on Hand and at Bank_______
Period/ Budget Year:__as on Tikimt 30, 1997
Description Sch. Ref. Birr

Cash on Hand:
- with Main cashiers I1 TC 100,000 00
- with Petty cashiers I5 50,000 00
Total of Cash on Hand 150,000 00
Cash at Bank:
- With National Bank of Ethiopia I9 BR 1,000,000 00
Total of Cash on Hand and at Bank 1,150,000 00
C
Work done:
TC = Test Counted, Main Cash, See Sch. I 4. ; Agreed with
General and Subsidiary Ledger s.
BR = Checked Bank Reconciliation Statement.
C = Checked casts (addition).
Findings:
1. A transfer of Birr 500,000 on Tikimt 30, 1997 from the
Central Treasury was not recorded since the advice did not
arrive on time. We have checked that the amount is
subsequently documented and recorded.
Conclusions:
In my opinion, based on the tests conducted, the above
balances are fairly stated.


Sch. Ref. I1
Initial Date
Name of Public Body:__Ministry _of Education______
Audit Area: :___Cash on Hand_- main cash______
Main cash:
Cashier 1 – Ato Bekele Kebede I 2 OC 10,000 00
Cashier 2 – Ato Getachew Abay I 3 OC 15,000 00
Cashier 3 – Ato Belaineh Abebe I 4 C 75,000 00
100,000 00
C
To Sch. I
Work done:
C = Cash counted and agreed with the General and
Subsidiary Ledgers, and Cash Book;
OC = Obtained Cash Certificates for cash that was not
counted.
Findings: No reportable findings.
Conclusions:


CASH COUNT FORM

Sch. Ref. I4
Initials Date
Name of Public Body MOFED
Audit Area Cash Count
Cash Count Date Tikimt 30, 1997.
Fund Main Cash Budget Year: 1997
1. LOCAL CURRENCY
1.1 Notes and Coins

Denomination Quantity Amount
Notes 100.00 150 15,000 00
50.00 300 15,000 00
10.00 1500 15,000 00
5.00 - -
1.00 - -
Coins 0.50 - -
0.25 - -
0.10 - -
0.05 - -
0.01 - -
Total of notes and coins 45,000 00
1.2 Cheques
Cheque No. Date of Issuance Payee Amount
AEB 150256 25.02.97 ACB Trading Co., Deposit 25,000 00
-
Total of cheques 25,000 00
1.3 Other documents with money value

Amount
Postage stamps -
Fuel coupons -
Total of other documents 5,000 00
Total Local Currency -
Record balance/petty cash float -
Difference short (over) -
Total of other documents 5,000 00

Sch. Ref. I4 (1)
2. FOREIGN CURRENCY
Denomination Quantity Amount
Total foreign currency

Record balance/petty cash float
Difference short (over)
I, Ato/W/ro/W/t. Belaineh Abebe, (Cashier 3) the cashier of the Ministry of Finance and Economic
Development (MoFED) confirm that the cash amounting to Birr 75,000 (Birr Seventy Five Thousand
only) as detailed above were counted in my presence and returned to me intact.
Cashier Senior Finance Official Auditor
Name: Belaineh Abebe Getachew Hunde Aarone Teshager

Signature ______________ ___________________ _________________
SUMMARY OF COUNTS
BIRR
Local Currency (Notes and Coins) 45,000.00
CHEQUES 25,000.00
Other documents with money value 5,000.00
From I 4 75,000.00
To Sch. I 1

Sch. Ref. I5
Initial Date
Name of Public Body:__Ministry _of Education______
Audit Area: :___Cash on Hand_- petty cash______
Main cash:
Cashier 1 – Ato Hunegnaw Bikila I6 OC 10,000 00
Cashier 2 – Ato Belay Abay I7 OC 10,000 00
Cashier 3 – Ato Abebe Belaineh and others I8 OC 30,000 00
50,000 00
C
To Sch. I
Work done:
C = Agreed with the General and
Subsidiary Ledgers, and Cash Book;
OC = Obtained Cash Certificates for cash that was not
counted.
Findings: No reportable findings.
Conclusions:


Sch. Ref. I 9
Initial Date
Name of Public Body:___MoFED_______
Audit Area: :___Cash at Bank_______
Cash at National Bank of Ethiopia

- Account No. Gov. 123456
Balance per General/ Subsidiary Ledger I 10 BR 1,000,000 00
To Sch. I
Work done:
BR = Checked Bank Reconciliation Statement.
Findings:
1. A transfer of Birr 500,000 on Tikimt 30, 1997 from
the Central Treasury was not recorded since the
advice did not arrive on time. We have checked
that the amount is subsequently documented and
recorded.
2. Balance per Ledger Birr 1,000,000
Add: Transfer, Not
Recorded in Ledger 500,000
Adjusted Balance 1,500,000 (see Sch.I 8.)
Conclusions:
Except for the above point, in may opinion, the Bank
Balance is fairly stated.


Sch. Ref. I 10
Initial Date
Audit Area: :___Cash at Bank_______
Ministry of Finance and Economic Development (MoFED)

National Bank of Ethiopia
A/C. No. Gov. 123456
Bank Reconciliation Statement for the Month of Tikimt 1997
Birr Birr
Balance per Bank Statement, Tikimt 30, 1,450,100
Add: Deposits in transit:
Date Ck. No.
25/02/97 110,000
27/02/97 55,000
25,000
1,615,100
Deduct: Outstanding checks:
15/01/97 AZA 600606 15,000
12/02/97 AZE 101025 11,500
20/02/97 AZE 101215 12,500
22/02/97 AZE 101227 59,600
22/02/97 AZE 101240 6,500
22/02/97 AZE 101245 10,000
115,100
Adjusted Bank Balance, Tikimt 30, 1,500,000
Balance per General Ledger, Tikimt 30, 1,000,000

Add: Transfer by MoFED, not recorded in TR/ Ledgers 500,000
Adjusted General Ledger Balance, Tikimt 30, 1,500,000
To I 1

Exercise 22-1
1. What is Cash made up of?
2. Distinguish between the functions of the Accountant and the Cashier of
a Public Body.
3. What is an ICQ and how does it differ from an Audit Program or
Procedures?
4. What are the objectives of cash audit?
5. What do you understand by the imprest system of petty cash? Do you
know of any other petty cash system?
6. What do understand by the “eye of the needle” when we talk about cash?
7. What is the significance of Bank Reconciliation Statement?
Exercise 22-2
1. Case Study on Control of Cash
Ato Dibiku is the Accountant of a Public Body. He held this position for the last 10 years.
He keeps the cheque books and prepares the cheques and is the co- signatory of the Bank
account. The check signing letter gave him the authority to sign checks for amounts up to
Birr 5,000 and required the signature of the Head of the Public Body for amounts above in
excess. Ato Dibiku decided to do without the Head of the Public Body by splitting payment
requests so that they all fell within his signing authority. The reason he gave was that most of
the time the Head was away attending urgent meetings and therefore, those who request for
payments should be served soon and doing so will improve the image of the Public Body as
this expedites the work. He felt also that this is what is required of public servants in
accordance with the civil service reform program. He also said that cheque handling should be
the sole territory of accountants even though the directives say otherwise since such works are
sensitive and even confidential business. The Head of the Public Body was a bit confused but
accepted the idea for the time being.

Ato Dibiku continued writing and issuing the checks and preparing the bank reconciliation
statement himself. Although the Public Body has a permanently employed cashier, he
sometimes collects money against cash receipts voucher he kept and deposits such collection
himself. He said he did this to compensate for the cashier‟s down time. The cashier he said is a
good person and deserves his support. He sometimes does not write out the cash receipts
because some of the people do not ask for receipts. But he later on copies from the notes of
such cash collection he kept with him. He gives the amount he collected along with the cash
receipts voucher for recording and for deposit of the money into the Bank.
He closes the accounts of the Public Body every month. He works late at night to complete
the job. He is proud of his energy and hard work and believes that he excels all his peer
groups, if not, accountants of his generation in such matters.
The Head of the Public Body was not comfortable with the way the financial activities are
conducted and calls upon you, the internal auditor to review the financial system and provide
him with a recommendation.
Instructions:
1. Which internal control procedures of the Internal Audit Manual would you employ
to evaluate the internal control system?
2. Identify key internal control weaknesses, if any, pertaining to the financial activities
of Public Body.
3. Prepare and present a short report to the Head of the Public Body showing your
findings and recommendations.

Exercise 22-3
2. Problem on Bank Reconciliation:
The Accountant of Ministry of Education received the Bank Statement from the National
Bank of Ethiopia for the month of Yekatit 1997 E.C. and reconciled the balance with that
shown in the General Ledger as on Yekatit 30. The Bank Account No. is Gov. X 201420.
The reconciliation statement (given) included the following items:
1. There was a budget transfer of Birr 500,000 for the month from the Ministry of
Finance and Economic Development (MoFED) per the request of the Public
Body. The amount is shown as receipt in transit on the reconciliation statement
because the Accountant failed to collect the Bank Advice.
2. There was a deposit into the Bank of Birr 15,000 on Tahsas 1, 1997 which is
outstanding since three months. It happened that this represented a duplicate
deposit slip.
3. There was also a collection of cash of Birr 15,000. The Cashier prepared a
deposit slip on Yekatit 27, but did not deposit it until after Yeaktit 30, 1997. The
amount is shown as reconciling item in the Bank Reconciliation Statement.
4. A check for Birr 10,000 (Check No. AF 500606) issued on Tahsas 15, 1997 was
replaced in Tir 1997. The latter check was cleared, but the first check is still
shown as reconciling item in the Bank Reconciliation Statement.
5. There were also following outstanding checks on the reconciliation statement:
Date of ck. Check No. Amount

25/05/97 AZ 100205 1.500
20/06/97 AZ 100215 12,500
22/06/97 AZ 100225 9,600
22/06/97 AZ 100235 2.500
22/06/97 AZ 100240 10,000

6. In addition, the balances per Bank Statement and the General Ledger as on
Yekatit 30, 1997 are the following:
Bank statement balance Birr 581,100

General Ledger balance Birr 50,000
Instruction: As an internal auditor of your Public Body you are required:
1 To investigate the contents of the Bank Reconciliation Statement

prepared by the Accountant, which was not independently checked
and approved, and prepare the corrected version of the Bank
Statement for Yekatit 1997;
2 Report your findings to the Head of the Public Body;
3 You are given the following Bank Reconciliation Statement prepared
by the accountant for your review.

Bank Reconciliation Statement prepared by the Accountant
The Federal Democratic Republic of Ethiopia

Ministry of Finance and Economic Development
Ministry of Education
National Bank of Ethiopia
A/C. No. Gov. X 201420.
Bank Reconciliation Statement for the Month of Yekatit 1997
Birr Birr
Balance per Bank Statement, Yekatit 30, 566,100
Add: Deposits in transit:
Date Ck. No.
01/04/97 15,000
27/06/97 15,000
30,000
596,100
Deduct: Outstanding checks:
15/04/97 AF 500606 10,000
25/05/97 AZ 100205 1,500
20/06/97 AZ 100215 12,500
22/06/97 AZ 100225 9,600
22/06/97 AZ 100235 2,500
22/06/97 AZ 100240 10,000
46,100
Adjusted Bank Balance, Yekatit 30, 550,000
Balance per General Ledger, Yekatit 30, 50,000

Add: Transfer by MoFED, not recorded in TR 500,000
Adjusted General Ledger Balance, Yekatit 30, 550,000

TEST OF INTERNAL CONTROL
SESSION XX
RECEIPTS
Learning Objective
1. To understand the purpose of the records available in the FGE
Accounting system;
2. To understand the method of sample selection for depth test;
3. To understand the general procedures for the Internal Control Test over
cash receipts.
Basic concepts
It is already discussed that the official Receipt Voucher of MoFED should be
used for the collection of every sum on behalf of the Federal Government. The
cash collection made in this way shall be recorded in the Receipts Cash Book
provided in the FGE Accounting system. This cashbook is different from a petty
cash book. The book is used to record all receipts other than from the
accountant of the Public Body for petty cash replenishment purpose. At the end
of each day, the cashier shall deposit the money collected during the day. The
deposit shall be recorded on the book so that the net total shall become zero.
The copies of the receipts and the deposit slip are presented to the accountant.
The accountant shall post the cash receipts and the deposit slip to the
Transaction Register.
Internal control over cash receipt is given in section III of the Audit Manual.
However, as cash is a very sensitive item, the following additional items need to
be considered:

1 Segregation of duty – as applicable to cash receipts, this means that

the cashier should not be allowed to record transactions on
Transactions Register book and other ledger accounts.
2 Cash depositing – all cash collected should be deposited intact and

every day. No payment should be made out of such collections.
3 Proper use of deposit slips – deposit slips should be cross-referenced

to the receipts through which cash is collected. This is to relate the
two documents and to prevent teaming and lading (lapping).
Teaming and lading is the process whereby the cashier collects
money from source X and use it for his own purpose, then collect
another money from source Y which he uses to replace the amount
of money he took earlier and the process continues.
4 Control over cash receipt vouchers - as stated in the Council of

Ministers Financial Regulation No 17/1997, Cash Receipts should be
serially numbered. This is an important control over the use of Cash
Receipts. The cashier should not be allowed to keep more than one
pad (if that is enough for say a week) of Receipt Vouchers. Unused
vouchers should be kept with a responsible person. A register of
Receipts Vouchers should be maintained. The cashier should sign on
the register whenever he collects new pads. The used pad should be
returned when the new one is collected.
5 Use of Receipts Cash Book - as discussed above this is an important

register. The accountant has to check this book whenever he collects
receipt vouchers and deposit slips.
Procedures
The audit objectives of test of internal control over cash are:
1 All cash collected is fully and accurately accounted for;
2 All cash collections are deposited daily and intact.
3 All collection transactions are correctly posted to the Receipts Cash

Book, the Transaction Register and ledgers.

The procedures that will be applied in the test of control over cash receipts are:
1. The auditor should determine the population (the number of vouchers
used during the period to be audited). The auditor should check that the
first voucher used is next to the voucher used in the previous period and
the Pads used during the audit period are in strict numerical sequence. He
should then take the last number of the Receipt Voucher for the period he
wanted to audit.
EXAMPLE: Assume that the auditor of Ministry of Information wanted to

test receipts for three months from Tikimt 1997 to Tahassas 1997. Assume
also that the first Receipt Voucher number is 123456 and the last number
is 123955. This means that the total number of Receipt Vouchers used (the
population) is 500 vouchers.
2. The next step is to select a sample of vouchers to be checked. The sample

size should be adequate enough to meet the audit objective. The Internal
Audit Head should decide the sample size at the time of audit planning. In
this case, let us say 10% is taken. This means 50 vouchers are selected. The
interval of sample selection to be used is then 10 = (500/50).
3. Using the vouchers selected, the auditor checks the accuracy of the
collected amount with the source and other documents such as
Proclamations, Regulations, Directives, Approved Budget of the year,
Agreement signed with donors, etc.
4. Check that all cash receipts are recorded in the Receipts Cash Book and
that the collections are deposited to the Bank intact and promptly.
5. Check posting of the selected Cash Receipts to the Transactions Register.
6. Another important procedure the auditor should apply is to check the

sequence of Receipts Vouchers. This can be done on a working paper
called sequence test sheet. Sequence test is done for vouchers like Receipt
Voucher, Receipt of Articles or Property Received and Receipt of Articles
or Property Issued. The auditor shall make another selection for sequence
test purpose. If the population is not large sequence test can be done 100%.
In the above case, the population is not that big and 100% test can be
made.
7. Document all the work done on a working paper. The working paper
should cover the following:

 Appropriate headings including the audit period,

 The steps followed in arriving at the population (total Receipt
Vouchers),
 The way sample is selected,
 The list of selected items,
 The work done on the selected items,
 The findings of the auditor, and,
 Conclusion.
Take for example, the above-discussed case of the Ministry of Information. The
working paper would look like the following:
Ministry of Information
Internal Control Test on Receipts
For the three months from Tikimt to Tahassas 1997
Determination of Population & sample selection

From the Receipts Cash Book kept by the cashier, I noted that the Receipt Vouchers used during the three
months under audit were from No123456 to 123955. The population was therefore 500.
As per my discussion with the Internal Audit Head W/o XXX, we have agreed to test 10% of the Receipt
Vouchers. We selected 10% because we have tested the control in the near past. The control was satisfactory at
that time.
The List of Selected Items

As I have selected 50 items out of the 500, the interval I should use is 10=(500/50). I have decided to select the
sample starting from the 9st item. The list of selected items is as follows:
123465 123565 123665 123765 123865
123475 123575 123675 123775 123875
123485 123585 123685 123785 123885
123495 123595 123695 123795 123895
123505 123605 123705 123805 123905
123515 123615 123715 123815 123915
123525 123625 123725 123825 123925
123535 123635 123735 123835 123935
123545 123645 123745 123845 123945
123555 123655 123755 123855 123955

Work done
 Checked that the cashier and the recipient sign each voucher,
 Checked the source of income and that income is appropriately calculated and received as per
proclamation No XXX,
 Checked that all the second copies are handed over to the accounts in time,
 Checked that collections are not used to pay advances or other payments and that they are deposited to
Bank intact and in the morning of the next working day,
 Checked that receipt vouchers are cross reference with deposit slips.
 Checked posting of receipts to Transactions Register and then to ledgers.
Findings
1. Finding: The amount of cash collection per day on average is Birr 150,000. Deposit is usually made on
the next working day. However, the cashier room was not reinforced by Iron grill.
Implication: The room can be easily broken and burglars can easily reach the cash.
Management Response: They have a plan to reinforce it. They are awaiting approval of budget.
Recommendation: Reinforcement of cashier‟s room is part of preventive control. The management

should give priority to it.
Conclusion
Except for the finding mentioned above, the internal control over receipts is adequate.
Sequence test
This test is useful to check the serial usage of documents like Receipt Voucher,
Receipt of Articles or Property Received and Receipt of Articles or Property
Issued. If the vouchers are not used in strict numerical sequence, the auditor
should get satisfactory explanation for that.
Sequence test can be done using a “sequence test sheet”. This sheet can be easily
produced on Microsoft Excel. The format for the sequence sheet is as shown on
the next page. The numbers can be extended as needed.
What the auditor should do is mark the first voucher number on the sequence
sheet together with the date of the receipt. Then he cancels each correctly used
voucher using diagonal line. If a voucher is “VOID”, the auditor will put a mark
like “V” in front of the voucher number. After the checking is completed, the

auditor summarizes those vouchers which were not cancelled or not “VOID”.
He should get adequate explanation as to why Receipts Pads were not used in
their numerical sequence. He should also ask why some vouchers are not used
or “VOID” is not written on the face of void vouchers.
EXAMPLE: Let us assume that the Ministry of Information used Receipt

Voucher No 123456 to 123505 in Tikimt 1997. The sequence test would look
like the following.
Ministry of Information
Sequence test
For the month of Tikimt 1997
1 21 41 61 N81 101
2 22 42 62 N82 102
3 23 43 63 N83 103
4 24 44 64 84 104
5 25 45 65 85 123505
30/2/97
56 26 46 V66 86 106
7 27 47 67 87 107
8 28 48 68 88 108
9 29 49 69 89 109
10 30 50 70 90 110
11 31 51 71 91 111
12 32 52 72 92 112
13 33 53 73 93 113
14 34 54 74 94 114
15 35 55 75 95 115
1/2/97
16 36 123456 76 96 116
17 37 57 V77 97 117
18 38 58 V78 98 118
19 39 59 N79 99 119
20 40 60 N80 100 120
Work done:
/ = Numerical sequence checked.
V = Void receipts - the original is attached with the carbon copies and “VOID” is
written on the face of the vouchers.
N=Vouchers not used in Tikimt 1997.

As some of the vouchers were not used in their numerical sequence the auditor
has to write his finding as follows:
2. Finding: Receipts vouchers numbers 123479 to 123483 were not used in Tikimt 1997 in
which month receipts before that and receipts after that were used.
Implication: Sequential use of receipts was not strictly observed.
Management Response: The cashier erroneously did not use those receipt vouchers.
Recommendation: The cashier should be told to use the vouchers in strict sequential
order. The accountant has also a responsibility to check proper usage of receipts.

Public Body _______________________ page ___of ____

Sequence Test
Type of document __________________
Period____________________________
1 51 101 151 201 251 301 351 401 451

2 52 102 152 202 252 302 352 402 452
3 53 103 153 203 253 303 353 403 453
4 54 104 154 204 254 304 354 404 454
5 55 105 155 205 255 305 355 405 455
6 56 106 156 206 256 306 356 406 456
7 57 107 157 207 257 307 357 407 457
8 58 108 158 208 258 308 358 408 458
9 59 109 159 209 259 309 359 409 459
10 60 110 160 210 260 310 360 410 460
11 61 111 161 211 261 311 361 411 461
12 62 112 162 212 262 312 362 412 462
13 63 113 163 213 263 313 363 413 463
14 64 114 164 214 264 314 364 414 464
15 65 115 165 215 265 315 365 415 465
16 66 116 166 216 266 316 366 416 466
17 67 117 167 217 267 317 367 417 467
18 68 118 168 218 268 318 368 418 468
19 69 119 169 219 269 319 369 419 469
20 70 120 170 220 270 320 370 420 470
21 71 121 171 221 271 321 371 421 471
22 72 122 172 222 272 322 372 422 472
23 73 123 173 223 273 323 373 423 473
24 74 124 174 224 274 324 374 424 474
25 75 125 175 225 275 325 375 425 475
26 76 126 176 226 276 326 376 426 476
27 77 127 177 227 277 327 377 427 477
28 78 128 178 228 278 328 378 428 478
29 79 129 179 229 279 329 379 429 479
30 80 130 180 230 280 330 380 430 480
31 81 131 181 231 281 331 381 431 481
32 82 132 182 232 282 332 382 432 482
33 83 133 183 233 283 333 383 433 483
34 84 134 184 234 284 334 384 434 484
35 85 135 185 235 285 335 385 435 485
36 86 136 186 236 286 336 386 436 486
37 87 137 187 237 287 337 387 437 487
38 88 138 188 238 288 338 388 438 488
39 89 139 189 239 289 339 389 439 489
40 90 140 190 240 290 340 390 440 490
41 91 141 191 241 291 341 391 441 491
42 92 142 192 242 292 342 392 442 492
43 93 143 193 243 293 343 393 443 493
44 94 144 194 244 294 344 394 444 494
45 95 145 195 245 295 345 395 445 495
46 96 146 196 246 296 346 396 446 496
47 97 147 197 247 297 347 397 447 497
48 98 148 198 248 298 348 398 448 498
49 99 149 199 249 299 349 399 449 499
50 100 150 200 250 300 350 400 450 500

Sample audit program for receipts is given below:

Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area __________________________
Budget Year ________________
Sampling
State Audit Population Sample
Performed Size Size Budget Year _______________

2. Actual Time ______________
3. Difference _______________
5. page of this form)
Ref Name of auditor Signature Remark

No Audit procedures
1 Completeness
1. Determine the total number of receipts
(population) used during the audit
period.
2. Select adequate sample out of the
population (discuss with the Chief
Internal Auditor).
3. Check posting to the Receipts Cash
Book kept by the cashier.
4. Check additions of Receipts Cash Book
kept by the cashier.
5. Check that each receipt is signed by the
cashier and does not contain any
alterations or erasures.
6. Check accuracy of calculation of income
(e.g.: if it is Excise Tax, is it as per the
Proclamation?)
7. Check multiplication, addition and
other calculations on the receipt.
8. Check deposit of the collection to Bank.
9. Perform sequence test on copy receipts
and inspect original copy of cancelled
receipts

2 Posting
1. Check posting of the collection transactions
to the Transactions Register.
2. Check additions of the Transactions
Register.
3. Check posting to the appropriate ledger
account.
3 Controls
1. Check that Cash Receipts are kept properly
by the responsible section.
2. Check number of Cash Receipts pads
printed (received) during the year with the
printer‟s receipts (transmittal letter/ Receipt
of Articles or Property Issued) and check
recording to the register of Receipts.
3. Scrutinize the register of Receipts to check
that new pads are issued in strict numerical
sequence.
4. Physically check unused Receipts pads on
hand and agree with register.
Summary
Cash collection is one of the sensitive areas of audit. The auditor should not
believe that merely counting cash and reconciling it with the cashiers‟ records
or the total of the receipts is adequate. Yes, the counted cash could agree with
the total of the receipts or the total of the register/book. The question that
remains is, was the income collected appropriately in accordance with the rates
provided in the Proclamations, regulations, guidelines, etc? Was the income
fully accounted for?
Systematic auditing following the procedures outlined in this section could help
answering most of the questions. In using the procedures to a particular
circumstance and in adding new necessary procedures, the auditor should use
his experience and knowledge of the activity to be audited.
1. You are the auditor of Ministry of Transport & Communication. You heard that
the cashier is lending money to outsiders at exorbitant rate. What would you do
to deal with it?
2. You are the auditor of Ministry of Revenue. While assessing the tax of one of
the taxpayers, the auditors could not agree with the taxpayer as he is asked to
pay more tax. The taxpayer is saying that he has paid the tax and should not be
asked again. You are asked to look into the issue. What do you think could be
the possible reasons? What would you do to investigate the case?
Time allowed: 30 minutes.

SESSION XXIV
PROCUREMENT
Learning Objective:
1 To understand the definition of procurement and the categories of
procurement methods as provided in Proclamation No 430/2005,
Determining Procedures of Public Procurement and Establishing its
Supervisory Agency Proclamation;
2 To understand the cycle of procurement as relevant to the understating of
internal control over purchase;
3 To understand the method of sample selection for depth test;
4 To understand the general procedures for the Internal Control Test over
procurement.
Basic concepts
Procurement is defined as “the purchasing, hiring or obtaining by any other
contractual means of goods, works and services”. According to this definition,
the general reference to procurements as goods and services is modified. Service
is broken down into works and services. Work is intended to include such
services as construction, reconstruction, demolition, repair or renovation of
building, road or structure while services is defined as any other services that
may not be classified as goods or works.
The Proclamation has provided for the controls that should be observed when
procuring goods, services and works. It is also stated that the Ministry of
Finance and Economic Development (MoFED) is authorized to issue
procurement directives for implementation of the Proclamation. The internal
auditor has to understand the provisions of the Proclamation, the directive and
other guidelines that will be issued, and use them when performing audits of
procurement.

Six methods of purchasing are identified in the Proclamation. These are Open
Bidding, Restricted Tendering, Direct Procurement, Request for Proposal
(Services), Request for Quotations (Goods), and Two–stage Bidding. In this
section of the Training Manual, only the techniques of auditing procurements
are dealt with, as the approach is more or less similar to any method of
purchase.
The cycle of procurement can be presented as follows:
Model 20
Request of stock
by departments
Stock Model 22
available Yes Receipt of Articles
? or Property Issued
No
Purchase
Process starts
Model 19 Model 70A

Receipt for Articles or Register of Items
Property Received Received & Issued
by Stores
Model 70 C
Stock card
Figure 1: Purchase Process

Sampling
Under System Based audit, the auditors need to select the sample of transactions
to be audited in a systematic way. The idea is that if the sample selected is a
representative of the entire transactions, the work the auditor does is
significantly reduced and yet he can come up with a sound conclusion about the
system of internal control. Under Vouching, the auditor may select a block of
transactions (e.g.: three months‟ purchase). This type of selection is not
preferred because the number of transactions selected for audit is unnecessarily
high and may not be representative of the transactions that occurred in the
period of audit.
Sampling of procurement transactions may be made as follows. As discussed

above the purchases made during a certain period of audit (say a year) may be
composed of purchases of Goods, Services and Works. The method of purchase
used may be Open Bid, Restricted Bid or any of the methods specified in the
Proclamation.
The first step in sampling is determination of the population. Population in

relation to purchases means all purchase transactions made during the period of
audit. Once the population (audit universe) is determined, the next step is
sample selection. In Part Three, Section Two of the Internal Audit Manual,
three types of sample selections are explained. One of the three methods can be
used in selecting purchase transactions. We suggest that the second method, i.e.,
Systematic Selection, is used. This method can be extended to include stratified
sampling to increase the accuracy of sampling. Let us see the selection of sample
purchase transactions using examples.

Assume that the Internal Auditor of Ministry of Agriculture and Rural

Development wanted to conduct internal control test over purchase based on
transactions of 1996 budget year. Assume also that the auditor discussed with
the purchase department‟s representative and established that there were 2,000
purchases transactions in the year. The auditor can select some of these
transactions and test them. However, the selected items may not enable the
auditor to test all methods of purchases and all types of purchases. The
conclusion of the auditor based on such sample would not be reliable.
What the auditor should do to increase the accuracy of the samples is to discuss
with the purchase department‟s representative and to review the purchase
register maintained by the department to stratify the purchases by method and
type. Assume that the 2,000 vouchers are made up of the following:
Types of purchases
Method of procurement Goods Works Services Total
Open Bidding 800 300 200 1300

Restricted Tendering 100 50 100 250
Direct Procurement 100 10 10 120
Request for Proposal (Services) - 10 80 90
Request for Quotations (Goods) 150 - - 150
Two–stage Bidding 30 20 40 90
1180 390 430 2000
All types of purchases are now identified and sample can be taken from each
category of purchase. This enables the auditor to test the internal control on all
sorts of purchases.

The sample to be selected shall follow the same pattern as the data in the above
table. The number of sample to be selected should not be too large to be almost
equal to the total population. It should not also be too small that it is not a
representative of the population. We suggest that if the auditor has already
tested purchases in the previous period of audit and has come up with no
material findings, he can reduce the sample size. On the other hand, if he is
suspicious about the strength of the internal control or if it is the first time
audit, the sample size should be sufficient enough to give him confidence that
he has made adequate test of the control. The Internal Audit head should decide
the sample size based on his knowledge of the system and the preliminary
assessment made on the system such as internal control questionnaire. In this
case, if the auditor wants to test 10% of the items, he has to test 200 items. The
selection of the sample will be as follows:
Types of purchases
Open Bidding 80 30 20 130

Request for proposal (services) - 1 8 9
Request for Quotations (goods) 15 - - 15
Two –stage bidding 3 2 4 9
118 39 43 200
The total population is 2000. The sample selected is 200. The interval to be used
in taking the sample items will, therefore, be 10 (i.e. 2000/200). The auditor will
then select the first item in each category randomly and then every 10 th item
will systematically be selected. The sample selected in this way should not be
changed once selected to avoid subjectivity.

As can be seen above, the auditor shall test at least one transaction from every
category of purchase. This makes his test all-inclusive. The sample enables him
to complete the audit in a short time (quick win). The conclusion on the system
will be more reliable than under the traditional approach.
Procedures
The audit objectives of test of internal control over procurement are:
 Only goods and services required by the Public Body are ordered and
such orders are subject to proper checking and approval procedures;
 The provisions of the Proclamation, the directives and other documents

issued by the Public Procurement Agency or other relevant body are
properly complied with;
 All goods and services received are as per the contracts of purchase or as
per the purchase order;
 Only goods received are reflected as purchase.
The procedures that will be applied in the test of control over procurement are:
1. It is already agreed that Internal Auditors should not perform pre-audit.

However, since procurement is the major area of application of public fund
and since some purchases are strategic to the achievement of the objective of
the Public Body, an exception should be made to allow the Internal Auditor
to perform limited audit test before purchases are concluded. This is only for
significant purchases in terms of monetary value and strategic significance.
The type of purchases and the value of purchases in which the auditor will
be involved should be pre-defined in consultation with the management of
the Public Body and, once done, the decision should not be changed now
and then.

In such purchases, the auditor should receive copies of bid announcements,

technical specifications, short listed suppliers, bid documents, etc. The
auditor can then make his comment on the documents if they are not in line
with the Proclamation or the directive or any other guideline or he feels
that specifications and terms are not to the advantage of the Public Body.
The auditor should be free to invite comments of professionals on
specifications after he gets permission from the Head of the Public Body.
The auditor should also attend the meetings of the purchase committee in
his capacity as observer (not a member of the committee) to see the fairness
of the conduct of business. If the auditor wants to make comment on any
aspect of the process, he shall make it in writing to the Head of the Public
Body. The Head of the Public Body can give appropriate instructions to the
Purchase Committee to correct the errors made or to give explanations on
the decisions it has made.
2. For the purchase transactions selected, the auditor shall check compliance
with the Proclamation, the directives and guidelines. He also checks the
completeness of the documentation as follows:
a. For each selected transaction, ensure that the purchase was made on the
basis of requisitions from the user department and that such requisitions
are duly authorized;
b. For each purchase of goods, obtain the copy of the Receipt for Articles or
Property Received and compare with the detail in the contract signed
with the supplier and the supplier invoice to ascertain the goods received
are those ordered. The auditor should give due attention to technical
specifications as for the quantity of the items received. For example in
the case of pharmaceutical purchase, the auditor should check the expiry
date of items received with the specification given on orders. In the
purchase of computers, the capacity and other technical specifications
should be checked with the order. The auditor can use specialist service
when checking such specifications.

c. Check the appropriateness of action taken on missing and damaged

goods and goods that are different from the goods ordered.
d. For each purchase of works, check payment certificates, temporary

acceptance or final acceptance certificates and other such relevant
documents.
d. For each purchase of services, check the output of the consultant, such as
final reports, and recommendation for payment by the user department.
3. For each purchase transaction selected, check posting of the transaction to

the Transaction Register. If it is cash purchase the document will be
Payment Voucher. The transaction is expected to be debited to the
appropriate expenditure account and credited to Bank or Cash account. If it
is credit purchase the document will be Journal Voucher. It is expected that
such transaction is debited to the appropriate expenditure account and
credited to appropriate payable account. Posting from the Transaction
Register to the appropriate General Ledger and Subsidiary Ledger account
should also be checked.
4. For each purchase transaction, check that the quantity received is posted to
Model 70A, Register of Items Received and Issued by Stores and to Model
70C, Stock Card.
5. Document all the work done on a working paper. The working paper should
cover the following:
 Appropriate headings including the audit period.
 The steps followed in arriving at the population (total purchase
transaction).
 The way sample is selected.
 The list of selected items.
 The work done on the selected items.
 The findings of the auditor; and,
 Conclusion.
Take for example, the above-discussed case of the Ministry of Agriculture and Rural
Development. The working paper would look like the following:

Ministry of Agriculture & Rural Development

Internal Control Test on Procurement
For the year ended Sene 30, 1996
Determination of Population & sample selection

I discussed with Ato XXX, the Head of the Purchase Department to establish the number of
purchase transactions concluded in the year and the types and methods of the procurements.
He showed me from the purchase order register that 2,000 purchase transactions were
concluded in the year. The summary of the transactions by method and type is as follows:
Types of purchases
Open Bidding 800 300 200 1300

1180 390 430 2000
As I have agreed with the head of the Internal Audit, Ato XXX, to test 10% of the
transactions, I have selected the sample as shown in the following table:
Types of purchases
Open Bidding 80 30 20 130

118 39 43 200
The List of Selected Items

As I have selected 200 items out of the 2000, the interval I should use is 10=(2000/200). I have
decided to select the sample starting from the 1 st item in each category. The list of selected items
is as follows:
Method of purchase Type of purchase Contract No Payment Journal voucher Amount
voucher reference
reference
Open bid Goods G1/96 12345 100,000
G11/96 12555 50,000
Etc
Works W1/96 13450 1,000,000
W11/96 14250 5,000,000
Etc
Service S1/96 19600 20,000
S11/96 20200 500,000
Etc
Restricted bid Goods W 1/96 0011 2,500
W11/96 0022 200

Work done
 Purchase requisition were checked,
 Invitation for bid, minutes of the purchase committee, approval of the Head of the
Public Body checked,
 Contracts signed with the suppliers checked,
 Goods receiving vouchers were compared with the contract,
 Output of the consultants and recommendation of the user department checked,
 Posting of goods receiving vouchers to Model 70A & C checked,
 Posting of Payment Vouchers and Journal Vouchers to Transaction Register and then
to ledgers checked.
Findings
1. Finding: Contrary to Article 31 (1) of Proclamation No 430/2005, invitation to bid for
the purchase of works was announced only on Addis Lisan. Refer contract No W1/96.
Implication: Purchases were not conducted in accordance with the law and the
Ministry might have been at a disadvantage.
Management Response: The Purchase Department Head explained to me that the

invitation was sent to the Ethiopian Press Agency to be published on the Ethiopian
Herald and Addis Zemen, but the Agency failed to publish it.
Recommendation: The provisions of the Proclamation should be observed so that the

procurement could be made at advantageous price to the Ministry.
Conclusion
Except for the finding mentioned above, the internal control over purchase is adequate.

Audit program
Sample audit program for purchase is given below:
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area __________________________
Budget Year ________________
Sampling

2. Actual Time ______________
3. Difference _______________
Ref Name of auditor Signature Remark

No Audit procedures
1 Orders
Select certain contracts of purchase and check:
1. Detail of goods ordered in the contract
with the signed requisitions.
2. Compliance with the Proclamation,
directives and guidelines.
3. Signing of contract by an authorized
official.
4. Record of detail of purchases in register of
purchases in the purchase department.
2 Goods and Services Received

For the above selected items check:
1. Signature of the storekeeper for receipt of
the goods.
2. Quantity and description of the goods
received with contract and supplier
invoice.

3. Posting of quantity and value of goods

received to Register of Items Received and
Issued by store,
4. Posting of quantity and value of goods to
stock card.
5. Posting of value of goods to control ledger
and subsidiary ledger as appropriate.
6. For purchases of service, obtain final
output of the consultant and authorization
for payment from the user department.
7. For purchases of work, check the
temporary acceptance or final acceptance
certificate or equivalent.
8. Check appropriate action is taken on
goods missing, damaged or not received.
9. Undertake sequence test of Model 19.
Summary
As the significant amount of the public fund allocated to a Public Body goes to
the purchase of Goods, Works and Services, the auditor is required to frequently
test the efficiency and effectiveness of the internal control system over
purchase.
Procurement is also largely related to the objective of the Public Body. For
example, Ministry of Health is required to make sure that there is sufficient
quantity and quality of medicine in the country. Ministry of Agriculture should
make sure that agricultural inputs exist in sufficient quantity and at the right
time. The Internal Auditors of these Public Bodies should, therefore, make sure
that the internal control is strong enough to provide management of the Public
Bodies assurance that the right quantity and quality of supplies are purchased
following the provisions of the Proclamation and the relevant directives.

Such assurances can be obtained by properly planning the audit work so as to

cover all aspects of purchase and the entire budget year. The procedures
identified above should be followed. In addition, the Internal Auditors should
devise additional procedures based on their experience and the nature of
purchases in each of the Public Bodies.

Exercise 24-1
Assume that you are the Internal Auditor of the Ministry of Education. In you
annual plan for 1997, one of the internal controls to be tested is procurement.
You have planned to start the audit of the first six months of 1997 budget year
today. You discussed with the purchase department and you noted that there
were 3,000 purchase transactions in the first six months. The transactions were
made in the following manner:
1 Goods – 1000 transactions through Open, 50 through Restricted, and 50

through Direct Bids, 100 through Request for Quotation and 50 through
Two-stage methods;
2 Works – 1000 transactions through Open, 50 through Restricted, and 20

through Direct Bids, 20 through Request for Proposal and 50 through
Two-stage methods;
3 Services – 450 transactions through Open, 50 through Restricted, and 30

through Direct Bids, 30 through Request for Proposal and 50 through
Two-stage methods;
Required: In your discussion with the Internal Audit Department Head, you
decided to test 10% of the total transactions. Calculate the sample you are going
to select. Present it in a table.
Time allowed: 10 minutes.

SESSION XXV
PAYROLL
Learning Objectives
 That salaries and allowances represent quite a substantial portion of the

FGE budget requiring stricter control;
 The audit objectives of payroll;
 The audit procedures to be applied in the audit of payroll.
Payroll – salaries and allowances
Salaries and allowances represent quite a substantial amount from Ethiopian

Government expenditure budget be it under capital or recurrent expenditures.
There are quite a large number of civil servants in the FGE‟s employment.
Therefore, the verification of salaries and wages is very important.
The Audit Objectives of payroll
The audit objectives of salaries, wages and allowances include ascertaining
1 The existence a strong internal control system to prevent fraudulent acts

from occurring in the preparation of payroll, recording and effecting the
payment;
2 That only net amounts after all legitimate deductions are paid to the
rightful owners for services actually rendered;
3 That unclaimed amounts are refunded and accordingly recorded until

the claims are settled subsequently;
4 That the expenditure is properly coded and recorded in the accounts and
reported in the Monthly and Annual Trial Balance.

Procedures
The audit procedures to be followed in order to test control over payroll are as
follows:
1. Select, say one month‟s payroll and secure the personal files and
attendance sheets of selected employees from the personnel section and
carry out the following steps:
1.1. List out the employees and their basic salary selected from the payroll
for testing;
1.2. Extract the relevant data and information from the files such as letters
of engagement, letters of resignation, notification letter of salary
scale, and documents related to special deductible items;
1.3. Ensure that all appropriate information and documents are sent to
the payroll section for the preparation of the payroll;
1.4. Ascertain that employees‟ personal files are kept in the custody of the
personnel section by persons who are not connected with the payroll
function;
1.5. Test the accuracy of attendance sheets (or similar documents for
those under contract) and that they have been approved by
appropriate officials who are not connected with the payroll function;
1.6. Test that overtimes and other benefits are signed for approval by the
immediate supervisors of the employees concerned who are not at all
connected with the payroll function;
1.7. Test that the payroll clerk does not have access to employees‟
personal files;
1.8. Ascertain that the gross pays and deductions such as income tax,
pension and advances and loans are correct and supported with
adequate documentation; and that the computations are also correct;
verify that concerned persons have signed signifying to that effect;
1.9. Test check the correctness of monthly payroll reconciliation.
1.10. Ensure that the audit covers all workers for whom regular payrolls
are not prepared;
1.11. Observe the payment of salaries and record your observations;
1.12. Conduct surprise count of the payroll fund and reconcile with the
entries in the cashbook to ensure the accuracy of the count against
the balance. The procedures and the forms described under Cash and
Bank could be applied and used;

1.13. Check the coding of the payroll and the accuracy of the recording;
trace the entries to the Transaction Register; and the postings to the
General and Subsidiary Ledger Cards;
1.14. Obtain and check against the Budget Ledger Card for salaries and
allowances and trace to ensure that satisfactory budgetary control was
exercised.
The audit procedures to be followed in order to verify the correctness of the

salaries and allowances are as follows:
1. Obtain a copy of the monthly Trial Balance and the supporting

schedules submitted to MoFED and check agreement with the
accounting records (the General and Subsidiary Ledgers);
amounts and transactions, which the auditor needs to check in detail.
As a rule of thumb, the auditor can select those big amounts making
up 50% of the total ledger balance.
3. Each of the selected items will be checked with the respective payroll
sheets. However, due to the special nature of the expenditure the
procedures which can be applied to validate the balance are not
different than that of procedures applied for the test of control; but it
is still necessary to:
3.1 Check whether or not the respective expenditure and

deductions on those selected payroll sheets are correctly
coded and posted to their respective accounts;
3.2 Verify that all amounts retained from the payroll have
been paid over to the concerned beneficiaries on time;
3.3 Verify that unclaimed salaries are reconciled and
refunded back to the Bank account until settlement to the
legitimate claimant;
The above may not an exhaustive list of the audit procedures that the internal
auditor should follow as concerns the audit of payroll. Therefore, the internal
auditor is advised to refer to other relevant directives and documents such as the
detailed Procedural Manual of the Treasury Department of the Ministry of
Finance and Economic Development (MoFED) issued in Megabit 1993. The
internal auditor should ensure compliance with such directives.

The internal auditor should prepare the necessary schedules, which contain the
salaries, and allowances, the items selected and tested, the works done,
including a summary of the audit objectives, the findings and conclusions. He
should file these schedules and other relevant audit working papers under the
relevant section of the Current Working Papers file; the Lead Schedule,
Summary of Findings, Supporting Schedules and Queries/ Notes and the test of
internal control being also filed under the appropriate sections of the working
papers.

Exercise 25-1
1. Why is the audit of payroll so important? Explain and justify.

2. What are the audit objectives of payroll?
3. What are the internal control systems of payroll and their significance in the
audit of payroll?
4. Distinguish among internal control systems, audit programs and procedures
in relation to payroll.
5. Some people argue that following the standard audit programs and
procedures given in the Audit Manual curtails initiative of the internal
auditor. Therefore, the internal auditor should develop his own programs
and procedures. What are the „pros‟ and „cons‟ of such arguments? Discuss.


INTERNAL CONTROL QUESTIONNAIRE FOR PAYROLL
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Name of Public Body ____________________________________

Audit Area ____________________________________
Budget year _____________________
Not
No. Questions Yes No applicable Comments
1 Are personnel records (files) maintained for all employees?
2 Is personnel section responsible for the proper custody of
personnel records?
3 Do personnel files provide up-to-date information of each
and every employee's salaries and related benefits?
4 Is there separate control system for recording annual leave
entitlement, accrual and payment?
5 Is budget constraint considered before new employment,
additional benefit and salary increment is proposed, etc?
6 Is payroll section notified in writing of every change that
should be reflected in payroll?
7 Are payroll sheets prepared, checked and approved by
different responsible persons before payment is made?
8 Do all employees who receive their salaries always sign on
the proper space of payroll sheets?
9 Are delegations for salary payments supported with official
authorization?
10 Are salary advances and loans paid and repaid according to
existing laws and regulations?
11 Are payroll expenditure and deduction posted to proper
accounts?
12 Is one month‟s expenditure compared against another to
identify causes of differences and take the necessary steps
accordingly?
13 Are salaries and allowances paid out of capital budget fully
capitalized in respective capital expenditure account?
14 Is payroll generally subject to civil service regulations?


INTERNAL CONTROL QUESTIONNAIRE FOR PAYROLL
Sch. Ref.
Initials Date
Prepared by
Reviewed by

Audit Area ____________________________________
Budget year _____________________
Not Evaluation and

A Is there reasonable assurance that employees are
paid only for work done? Consider:
Criteria
1 Are responsibilities for supervision and time-
keeping functions adequately segregated from
personnel, payroll processing, disbursement, and
general ledger functions?
2 Is there a clearly defined procedure for:
 Time keeping and attendance records?
 Review for completeness and for the
employee's supervisor's approval of
time cards or other time reports?
 Authorizing, approving, and recording
vacations, holidays, and sick leave?
B Is there reasonable assurance that employees are
paid the correct amount? Consider:
Criteria
personnel, payroll processing, disbursement,
and general ledger functions?
2 Is one-month‟s expenditure compared against
another to identify causes of differences and take
the necessary steps accordingly?


INTERNAL CONTROL QUESTIONNAIRE FOR PAYROLL (continued)
Not Evaluation and

3 Is budget constraint considered before new
employment, additional benefit and salary
increment is proposed, etc?
4 Is payroll section notified in writing for every
change that should be reflected in payroll?
5 Is payroll generally subject to civil service
regulations?
6 Are payroll sheets prepared, checked and
approved by different responsible persons before
payment is made?
7 Are personnel records (files) maintained for all
employees?
8 Is personnel section responsible for the proper
custody of personnel records?
9 Is there adequate clearly defined procedure for:
 Properly authorizing, approving, and
documenting all changes in employment
(additions and terminations), salary and wage
rates, and payroll deductions;
 for maintenance of personnel records (files)
for all employees?
 Promptly reporting notices of additions,
separations, and changes in salaries, wages,
and deductions to the payroll processing
function;
 Maintaining appropriate payroll records for
accumulated employee benefits (vacation,
pension data, sick leave, etc.);
 Interviewing, by the personnel department,
of terminating employees, as a check on
departure and as a final review of any
termination settlement.
C Is there reasonable assurance that the right
employees actually receive the right amount?
Consider:
Criteria
personnel, payroll processing, disbursement, and
general ledger functions?


INTERNAL CONTROL QUESTIONNAIRE FOR PAYROLL (continued)
Not Evaluation and

2 Are payroll sheets prepared, checked and
approved by different responsible persons before
payment is made?
3 Do all employees who receive their salaries always
sign on the proper space of payroll sheets?
4 Are delegations for salary payments supported
with official authorization?
5 Is one-month‟s expenditure compared against
another to identify causes of differences and take
the necessary steps accordingly?
6 Is there adequate procedure for:
 Returning unclaimed wages to a custodian
independent of the payroll department?
 Having employees who distribute checks
or pay envelopes make a report of
unclaimed wages directly to the
accounting department?
 Making payments of unclaimed wages at a
later date, only upon presentation of
appropriate evidence of employment and
with approval by an officer or employee
who is not responsible for payroll
preparation or time reporting?
D Is there reasonable assurance that accounting for
payroll costs and deduction is accurate? Consider:
Criteria
1 Are responsibilities for the payroll processing
function adequately segregated from the general
ledger function?
2 Are payroll expenditure and deduction posted to
proper accounts?
3 Are there adequate account coding procedures for
classification of employee compensation and
benefit costs, so that costs are recorded in the
proper general ledger account?
4 Is there adequate procedure for proper recording
or disclosure of accrued liabilities for unpaid
employee compensation and benefit costs?

SESSION XXVI
STOCKS
Learning Objectives
 The definition of stocks;

 The audit procedures to be applied in the audit of stores.
Definition of stocks
Stock items represent very many items held in the stores and include,
depending on the type of Public Body, food items, spare parts, medicine and
medical supplies, fuel and lubricants, stationery and office supplies, fixed assets
pending delivery to users and various other items. Stock items are normally
consumed or used within an accounting cycle or fiscal year. The stocks in the
custody of a Public Body also include various goods awaiting disposal.
Audit Objectives
The objectives of examining stocks include:
 Establishing credibility of the accounting records in respect of the

stocks;
 Ascertaining the reasonableness of the stock account balances;
 Review of cut-off of recorded stock account transactions;
 Establishing the physical existence and the reasonableness of the stocks
quantity figures determined by count;
 Determining the accuracy of the cost and of extension and footing of
the stock valuations;
 Determining that slow moving, damaged or obsolete items of stocks are
segregated and reported.

The first of the above three objectives do not at present apply since the FGE
accounting system does not recognize value of stock items as assets in the
accounts and in the financial statements.
Internal control over stocks demands

 Compliance with the procurement laws, rules, regulations and directives
of the FGE;
 Authorization and approval of purchasing and ordering;
 The separation of the function of ordering from receiving, delivering
and accounting;
 Budgetary controls;
 Control over all documents such as invoices, receiving reports, and
purchase orders and other related documents to prevent improper
purchasing, usage of the goods and undue payment.
Adequate internal control over stocks is directly related to purchasing or

acquisition of the items and accounting for the items. Stocks must be safely
controlled, requisitions produced for their purchase and proper use; controlled,
counted, priced using the first-in first out (FIFO) basis, the valuation method
adopted by the FGE.
Audit procedures
The audit of stock items commences with the evaluation of the internal control
system using Internal Control Questionnaires (ICQs) or Internal Control
Evaluation Questionnaires (ICEQs). (See Annex XXI and XXVIII of the Internal
Audit Manual.)
The audit procedures for stock can be divided into Validation and Test of
Control Procedures.

The Validation Procedures aim to determine that:

 The stock quantities/ balances/ values are fairly stated; the valuation
basis is consistent with the previous periods and that the stock is
stated at net realizable value;
 They belonged to the organization and physically existed in good
condition or otherwise adequate provisions have been made in the
accounts for the items which are considered obsolete, slow moving,
etc.;
 Where the items are given as securities for whatever reason such
disclosure is made;
 Cut-off procedures have been duly observed at least at the end of the
close of business concerning purchases; receiving and issuing of the
goods; and at the time of physical counts, etc.;
The Test of Control concerns testing of the effectiveness of the existent system
of control to prevent misappropriation, overspending of Budget appropriation,
unwise or inappropriate spending, and ensuring that laid down control methods
and procedures are working. Accordingly, samples of vouchers (transactions)
are taken from among the population of vouchers for testing purposes.
A general guide Audit Program (Annex XIV) and the detailed audit procedures
for the audit of stocks (for validation and test of control) are also given in the
Internal Audit Manual.
When auditing stocks, the internal auditor should follow the following steps:
1. Review and evaluate the internal control system through the ICQs of
ICEQs;
2. Obtain the signed monthly stock reports submitted by the Property

Administration Section to the concerned Head of the Department of the
Public Body;
3. Obtain the monthly Trial Balance and check agreement of purchases

with the accounting records – the general and subsidiary ledgers and the
Transactions Register; extract the expenditures pertaining to purchases;

4. Check the arithmetical accuracy of the stock reports which show the
stock movements (i.e. the beginning stock, receipts and issues during the
month, and the final balance to be carried forward to the next period, all
in quantities as well as in values on the First In First Out stock valuation
basis);
5. Obtain the stock records – the stock register book and the bin cards and
ascertain that the stock quantities and values in the stock reports are
agreement with the stock records;
6. Select items from the stock reports and related documents (such as
requisitions, minutes, tender documents, proforma invoices, purchase
orders, invoices, goods received notes and stores issue vouchers) on a
sample basis and verify that:
o Purchase of stock items is done according to plan; that only required

materials are purchased following the Procurement Proclamation and
procedures of the FGE; that value for money in terms of price,
quality and suitability of the items to be purchased is achieved; that
items of stock acquired through means other than purchase are
properly valued;
o Stock items are received against goods receiving and issued against
issuing documents; that the movement of Stock items is properly
recorded in the stock records; that proper storage and security system
exists; and that the existence and conditions of the stock items is
ascertained through monthly and yearly physical counts;
o Issues from stocks are made only on properly authorized requisitions;
o Damaged, obsolete and slow moving stocks are regularly reviewed. If

any write offs are necessary that this is authorized;
o The arithmetical accuracy (proof of extension and footing) of all

receipt and issue documents (Requisitions, goods receiving and
issuing documents) recorded on stock records is ensured;
o The stock register and the bin cards are properly balanced;
o The physical stocks against the balances in the stock records are
checked;
o Access by unauthorized persons to the stocks and related records are

restricted; and that the stocks are safe from damage or theft;

o All stock line items are identified and held together;
7. Observe some of the physical counts that are made every month and also
as at the end of the year and reconcile with the stock records ensuring
that the following steps are followed:
o Activities to be undertaken before the physical count:
Written stock count programs, procedures and

instructions including the personnel assigned for the
counts are prepared and distributed to those concerned
with internal audit included;
Identify the number and location of the stores, and the
staff involved in the stores management;
Visit the stores before the date of the physical count to
ensure proper stock arrangements are made to facilitate
the counts;
Ensure that similar items are stored in the same place as
far as possible;
Ensure that stock count sheets preferably containing the
quantity balances from the stock registers and bin cards
are prepared and ready for use when the count starts;
o Activities to be undertaken during the physical count:
Mark and record the cut off date on the last used pages of
the stock register books, stock cards, goods receiving and
issuing documents before the count starts and ensure that
the responsible persons have also signed;
Ensure that the physical count is taken in accordance with
the stock count procedures instructions; if the count takes
longer time ensure that the stores are sealed when the
count is not proceeding; the seal should only be broken in
the presence of all persons who signed on the sealing
document;
Recount to confirm correctness of count where differences
are observed with the stores records;
Ensure that damaged, obsolete, broken or slow-moving
stock items are identified;
Ensure compliance with stock count instructions;
Ascertain that goods belonging to third parties are
segregated from other stock items.

o Activities to be undertaken after the physical count:
Report to the responsible authority where the physical

counts are not being properly carried out; (This should
also be done during the progress of the counts).
Obtain direct external confirmation from the parties
concerned if stocks of third party are found in the stores;
count and reconcile with the documents and records;
Check the arithmetical accuracy of the stock count sheets
and ensure that they are signed by the storekeeper and the
count team members;
Check that the physical counts are in agreement with the
balances in the stock and bin cards; check valuation and
prepare the report.
The above procedures may not be exhaustive. Therefore, the internal auditor is
advised to refer to other relevant directives and documents such as the detailed
Procedural Manual of the Treasury Department of the Ministry of Finance and
Economic Development (MoFED) issued in Megabit 1993 and Directives No. 1
and 6 of 1991 E.C. regarding property administration and ensure compliance
therewith.
papers under the relevant section of the Current Working Papers file. Though
stock does not form a part of the accounts, the Lead Schedule, Summary of
Findings, Supporting Schedules and Queries/ Notes and the test of internal
control should be filed accordingly.
When the present accounting system in respect stocks becomes fully

operational, the value of stocks shall be those extracted from the General and
Subsidiary Ledgers to the Trial Balance and then to the Balance Sheet of the
Public Body as confirmed by physical counts.

On completion of the audit of stocks, the Head of the Internal Audit section
should report his findings in an acceptable format.
EXAMPLE: Assume that the stock balances per stock register and the bin cards
were in agreement with the physical counts and amount to the following
figures. The schedule of stock on hand with the schedule reference letter B
(with sub-schedules B1 and others for stock reports obtained from the
department concerned and checked) may look like the following (the figures are
as given.):

Sch. Ref.B
Initial Date
Audit Area: :___Stocks_(Test checked)______
Quantity
Unit of Sch. per stock Quantity Unit Cost Total
Type of stock items measure Ref. records per count Differences Birr Cost Birr
Fixed Assets in Stores
Computers and accessories:

- Desk top Computers complete Pcs. B1 20 19 (1)
(Dell)
- Printers (hp LaserJet 1150) Pcs. B1 15 15 -
- LCD Projectors (type identified) Pcs. B1 10 11 1
Tables and chairs:

- Office tables (type, etc. identified) Pcs. B2 60 60 -
- Office chairs (type, etc. identified) Pcs. B2 25 25 -
Office equipment:
- Photocopiers (type, etc. identified) Pcs. B10 30 30 -
Work done:

C = Test counted and agreed with the stock records;

S = Took the above items as samples and traced a random sample of 10 receiving and 10 issuing documents out of populations
respectively of 100, 150, 100, 125, 175, and 200 items.
V = Test vouched for pricing on the FIFO basis and found in order.
C = Checked casts and cross casts (addition, etc.) (See sub-schedules.)
Findings:
(1) The Dell Computers was issued under doc. No. 20 dated 23/02/97 but was not posted and deducted from the stock records.
Now recorded, checked.
(2) The LCD Projector found in excess was issued but returned because some part was found broken; pending repairs; the item
was recorded in a separate stock record. Traced to the record.
Remarks:
The unit and total costs are to be computed only for information purposes; the stock Birr balances do not form a part of the
financial reports until the Modified Cash Basis of Accounting under adoption by the Ethiopian Government becomes fully
operational.
Conclusion:
In my opinion, based on the tests conducted, the above balances are fairly stated.
Suppose the stock balances form a part of the financial reports of the Public
Body when the Modified Cash Basis of Accounting gets into full swing, then
your approach to auditing will have to be adjusted accordingly. Now assume
that you are auditing the stock records of the Ministry of Education and that
you have obtained all the stock balances per the stock records which are also in
agreement with the physical counts and tie up both with the Trial Balance
which must agree with the balances in the General and Subsidiary Ledger
Accounts. The schedule of stock balances with the schedule reference say,
letter B (with sub-schedules, most sub-schedules are not given)) may look like
the following (the figures are taken as given.)


Sch. Ref. B
Initial Date
Audit Area: :___Stocks_______

Fixed assets in stores B1 V / C /T 500,000 00
Stationery items B2 V / C /T 100,000 00
Fuel B3 V / C /T 250,000 00
850,000 00
C
To T/B and B/S
Work done:
T = Checked existence, condition, ownership (ownership titles), and valuation (at cost on a FIFO basis);
B = Balances agreed with the Ledgers and the Trial Balance.
V = Test vouched for pricing at cost of purchase and/ or valuation by professional valuers and found to be
in order.
T/B and B/S = Trial Balance and Balance Sheet.
Findings:
(1) The Dell Computers was issued under doc. No. 20 dated 23/02/97 but was not posted and deducted from
the stock records. Now recorded, checked.
(2) The LCD Projector found in excess was issued but returned because some part was found broken;
pending repairs; the item was recorded in a separate stock record. Traced to the record.
Conclusions: Except for the above points, in my opinion, the stock figures are fairly stated.


Sch. Ref. B1
Initial Date
Audit Area: :___Stocks_______
Fixed assets in stores:
Computers and accessories B5 250,000 00

Tables and chairs B6 175,000 00
Office equipment B7 75,000 00
500,000 00
To B
Note: Work done, Findings and Conclusions: similar to those
on Sch. B; but could also be written here.
Exercise 26-1
1. Why is the audit of stock so important? Explain and justify.
2. What are the audit objectives of stocks?
3. What are the internal control systems of stores? What are their significance
in the audit of stocks?
4. Distinguish among internal control systems and audit procedures in relation
to stores.
5. Some people argue that following the standard audit procedures given in the
Audit Manual curtails initiative of the internal auditor. Discuss.

Exercise 26-2
Problem 1 (group work)
The Property Administration Section of the Ministry of Education makes monthly

stock counts as part of their regular program. This time they planned a stock take for
the year ending Sene 30, 1996. They formed a committee as follows:
1. 1 person from the Finance Section, chairman;
2. 3 from the stores (2 stores clerks and the storekeeper);
3. 1 person from the Internal Audit Section to coordinate and
effectively manage the stock count program including participating
fully on the stock counts; and,
4. 1 person from the legal section.
The Property Administration Section Head had some knowledge of the steps that are
required for annual stock taking and accordingly, prepared procedures and circulated
to the concerned sections. User departments had also been advised to submit and take
out their requirements in advance of the count date. Accordingly, the persons
submitted authorized requisitions and signed the stores issue vouchers as having
received the items on the understanding that the storekeeper keeps the items until they
collect them at a later date. The storekeeper, however, forgot to appropriate the items
from the stocks. The clerks had posted all goods received notes and the stores issue
vouchers to the stores records.
The physical count proceeded according to schedule and it was noted that all the items
counted agreed with the balances shown both on the stock register and the bin cards.
Instruction: As the Head of the Internal Audit Section you are required to review the
above case in the light of good internal control system and report your
findings to the Head of the Public Body.

Exercise 26-3
Problem 2 (group work)
The stock count reports and the balances on the stock register and the bin cards
contain the following information as on Meskerem 30, 1996:
No. Items Stock register Bin cards Physical count
1 Photocopy paper type „x‟ (of 12 reams
per carton Cn) 116 Cn 118 Cn 118 Cn
2 Laptop computers 20 pcs 15 pcs 14 pcs
3 Photocopiers brand „y‟ 15 pcs 20 pcs 14 pcs
4 Photocopy paper type „z‟ (of 12 reams
per carton Cn) 400 Cn 398 Cn 398 Cn
You are provided with additional information as follows:
1. The physical stock counts were confirmed correct.

2. A posting error between type „z‟ and type „x‟ to the stock cards was noted.
3. Stores issue vouchers for 5 photocopiers were forgotten from posting into the bin
cards; otherwise, the balances of the two records are correct.
4. The unit costs on a FIFO basis were:
Quantity Unit cost

Items Balance Birr
Photocopy paper type „x” 50 Cn. 30 per ream
25 per ream for rest of stock.
Photocopy paper type „y” 100 Cn. 35 per ream
30 per ream for rest of stock.
Laptop computers All 17,500 per pc.
Instruction: As an internal auditor you are required to review the above

situation, prepare the corrected schedule and to report on what the correct
stock position should be in quantities as well as in value.
Total time allowed for the above two exercises: 40minutes

SESSION XXVII
FIXED ASSETS
Learning Objectives
 The definition of fixed assets;

 The audit procedures to be applied in the audit of fixed assets.
Basic Concepts
Fixed asset is defined as „tangible asset costing Birr 200 or more that is in
operational use and that has a useful economic life of more than one year such
as furniture, computers, heavy equipment, vehicles, ships and aircraft,
buildings, roads, sewers, bridges, irrigation systems, dam.‟ (Article 2 (12) of
Council of Ministers Regulation No. 17/1997).
Fixed assets are as a part of capital expenditures as defined under „expenditures‟

and comprise „the acquisition, construction, preparation, enhancement or
replacement of roads, buildings and other structures; the acquisition,
installation, or replacement of movable and immovable plant, machinery, and
apparatus, vehicle and vessels.‟ (Article 2 (3 b & c) of Council of Ministers
Regulation No. 17/1997).

Audit Objectives of fixed assets
The audit objectives in the verification of fixed assets in short are the following:
1 The verification of existence;

2 The verification of ownership;
3 The examination and full disclosure of the valuation methods used
(and also of the depreciation policies, where applicable);
4 The verification of the propriety of the fixed asset transaction for the
year under audit; and,
5 The review and evaluation of the internal control,
6 An audit of fixed assets significantly varies from an audit of current
assets (cash, receivable, stocks, etc.). Current assets are of short life
usually falling due within an accounting period of one year whereas
fixed assets are of a long life.
The audit procedures for fixed assets are in general similar to the procedures for
other items.
The audit of fixed assets involves the examination of fixed assets records and
evidences such as contracts, invoices, and receipt documents.
Regarding proposed acquisitions of fixed assets some of the questions that may
need to be answered are the following:
- Will the acquisition of new fixed assets improve the efficiency of the
Public Body in achieving its objectives?
- Will expenses be reduced by the acquisition of the fixed assets?
- What will the acquisition of the new fixed assets cost the Public Body
and what will the savings be in terms of finances?
- How many years will the new fixed asset serve at a lower running and
maintenance cost and when should it be replaced or disposed of?
Audit procedures
The audit of fixed assets commences with the evaluation of the internal control
system using Internal Control Questionnaires (ICQs) or Internal Control

Evaluation Questionnaires (ICEQs). (See Annex XXII and XXVIII of the

Internal Audit Manual.)
A general guide Audit Program (Annex XIV) and the detailed audit procedures
for the audit of fixed assets are also given in the Internal Audit Manual.
It is noted above that cost of fixed asset acquired is treated as capital

expenditure. As a result, all substantive tests are undertaken when expenditure
is reviewed. Here the procedure focuses only on physical movement and
management of fixed asset only. Therefore;
1. Obtain the fixed assets reports submitted by the Property

Administration section to the concerned department of the Public Body;
the internal auditor should check whether all current year acquired
assets were included in the list and the rest of the listed items agree with
the report of the previous year.
2. Obtain complete list of fixed assets disposed of or discarded or otherwise

set aside and ensure that:
The disposals are authorized by those in authority;

Management has explored alternative uses prior to
disposal;
The disposals were made following adequate procedures
and in compliance with FGE directives and regulations.
As a matter of fact, disposals made through cash sales transactions are

verified during substantive test on Receipts/ Revenue of the year under review.
3. In respect of all fixed assets of the Public Body:
Select certain fixed assets items from the register and
inspect their physical existence and conditions; this
should also be possible by selecting the physical items
and tracing them back to the fixed assets registers;
compare to fixed assets reports;
Make inspection visits to sites where the fixed assets
located;
4. Check if the fixed assets are covered with adequate insurance;

5. Ensure that custodian and record keeping functions of fixed assets are
distinct;
6. In respect of motor vehicles, ensure that:
The acquisition and disposal follows the laws, regulations and

directives;
Vehicle management is entrusted to the transport section;

Ownership documents are in the name of the FGE and user
Public Body, as appropriate;
The existence of control mechanisms (driver‟s log books; checks
on mileage readings etc.) to ensure that the vehicles of the
Public Body are only used for government duties;
Responsibility for driving vehicles is vested on assigned drivers
and authorized officers of the Public Body in accordance with
the rules and guidelines;
Accidents are reported and responsibilities identified for
recovery of costs;
The vehicles and the passengers are insured;
 The vehicles are maintained at regular intervals;
Those who receive transport allowances do not at the same time
use a vehicle of the Public Body;
Control mechanisms (driver‟s log books; checks on mileage
readings, etc.) are in place for the proper use of the vehicles of
the Public Body and accountability;
7. Check the arithmetical accuracies of all of the records examined.
advised to refer to other relevant directives and documents such as the detailed
Procedural Manual of the Treasury Department of the Ministry of Finance and
Economic Development (MoFED) issued in Megabit 1993 and Directives No. 1
and 6 of 1991 E.C. regarding property administration and ensure compliance
therewith.

papers under the relevant section of the Current Working Papers file. Though
fixed assets do not form a part of the accounts, the Lead Schedule, Summary of
Findings, Supporting Schedules and Queries/ Notes and the test of internal
control should be filed accordingly.
When the present accounting system in respect of fixed assets becomes fully
operational, the value shall be those extracted from the General and Subsidiary
Ledgers to the Trial Balance and then to the Balance Sheet of the Public Body as
confirmed by physical counts at least on rotation basis.
EXAMPLE: Assume that you are auditing the fixed assets records of the
Ministry of Education and that you have obtained all the fixed assets balances
per the fixed assets register and the individual ledger cards which are in
agreement with the physical counts (the valuation has been omitted for the time
being since it does not form a part of the financial reports at present. In the
future, when the Modified Cash Basis of Accounting becomes fully operational,
however, the amount will be a part of the financial reports. Then verification of
the valuation will be important consideration.) The schedule of fixed assets
(with and without value) with the schedule reference, say the letter D (with
sub-schedules) may look like the following (the figures are as given.):


(VALUE OMITTED – Sub-schedules NOT given.)

Sch. Ref. D
Initial Date
Audit Area: :___Fixed Assets_(Test checked)
Quantity
Unit of Sch. per stock Quantity Unit Cost Birr Total
Type of stock items measure Ref. records per count Differences Cost Birr
Buildings D1 C -
Motor vehicles D2 C -
Computers and accessories:
- Desk top Computers complete (Dell) Pcs. D3 20 C 20 -
- Printers (hp LaserJet 1150) Pcs. D3 15 C 15 -
- LCD Projectors (type identified) Pcs. D4 10 C 10 -
Furniture and fixtures

- Office tables (type, etc. identified) Pcs. D7 60 C 60 -
- Office chairs (type, etc. identified) Pcs. D9 25 C 25 -
Office equipment:
- Photocopiers (type, etc. identified) Pcs. D10 30 C 30 -
Work done:
S = Took the above items as samples and traced a random sample of 10 receiving and 10 issuing documents out of populations respectively of
100, 150, 100, 125, 175, and 200 items.
V = Test vouched for pricing at cost of purchase and found in order.
Findings:
(1) The Buildings were not given tag numbers although they could be identified by locations.
An old building in Nefas Silk area has not been occupied for a long time for fear that it may fall off. Requires to be checked.
(2) One of the LCD Projectors requires to be repaired.
(3) Five of the photocopiers are out of use for a long time. No spare parts could be found for their repair. Need to be scrapped off.
Remarks:
The unit and total costs are to be computed only for information purposes; the fixed assets Birr balances do not form a part of the financial
reports until the Modified Cash Basis of Accounting under adoption by the Ethiopian Government becomes fully operational.
Conclusions:
In my opinion, the above matters and the rest of the fixed assets items require to be examined by a team of experts to ascertain their
conditions and use. Then appropriate actions such as adequate maintenance, disposal, tagging, etc. require to be done.

Suppose the fixed assets form a part of the financial reports of the Public Body
when the Modified Cash Basis of Accounting gets into full swing, then your
approach to auditing will have to be adjusted accordingly. Now assume that
you are auditing the fixed assets records of the Ministry of Education and that
you have obtained all the fixed assets balances per the fixed assets registers and
the individual ledger cards which are also in agreement with the physical
counts and tie up both with the Trial Balance which must agree with the
balances in the General and Subsidiary Ledger Accounts. The schedule of fixed
assets with the schedule reference say, letter D (with sub-schedules) may look
like the following (the figures are taken as given.):


(WITH VALUES – ONLY Sub schedules D 1 and D 7 given.)

Sch. Ref. D
Initial Date
Name of Public Body:_Ministry of Education
Audit Area:_Fixed Assets, at cost and valuation_

Buildings D1 V / C /T 10,500,000 00
Motor vehicles D7 V / C /T 5,000,000 00
Furniture and fixtures D 12 500,000 00
Computers and accessories D 13 850,000 00
Photocopiers D 14 750,000 00
17,600,000 00
C
To T/B and B/S
Work done:
C = Test counted and agreed with the fixed assets records;
T = Checked existence, condition, ownership (ownership titles), and valuation;
B = Balances agreed with the Ledgers and the Trial Balance.
V = Test vouched for pricing at cost of purchase and/ or valuation by professional valuers and found to
be in order.
T/B and B/S = Trial Balance and Balance Sheet.
Findings:
(1) The Buildings were not given tag numbers although they could be identified by locations.
An old building in Nefas Silk area has not been occupied for a long time for fear that it may fall off.
Requires to be checked.
(2) One of the LCD Projector requires to be repaired.
(3) Five of the photocopiers are out of use for a long time. No spare parts could be found for their repair.
Need to be scrapped off.
(4) Depreciation was not provided for these assets in accordance with Government policy.
Conclusions:
In my opinion, the above matters and the rest of the fixed assets items require to be examined by a team
of experts to ascertain their conditions and use. Then appropriate actions such as adequate maintenance,
disposal, tagging, etc. require to be done. Otherwise, the valuation is fairly stated.


Sch. Ref. D1
Initial Date
Audit Area: :___Fixed Assets - Buildings_______
Buildings (at cost and valuation):
Building 1 - Head Office Building, at cost D2 6,000,000 00

Building 2– Administration and Finance and Legal Services,
at cost D3 1,500,000 00
Building 3 – Training Department D4 1,500,000 00
Building 4 – Garage for motor vehicles, at valuation D5 500,000 00
Building 5 – Training Department, at valuation D6 1,000,000 00
Total Buildings 10,500,000 00
Note: Work done, Findings and Conclusions similar to those To D

on Sch. D could also be written here.


Sch. Ref. D7
Initial Date
Audit Area: :___Fixed Assets – Motor Vehicles, at cost and
valuation
Toyota Land cruiser Motor Vehicles (3) D8 1,500,000 00

Nissan Patrol Motor Vehicles (2) D9 1,500,000 00
Land Rover Motor Vehicles (5) D10 1,500,000 00
Other light vehicles, at valuation (5) D11 500,000 00
Total Motor Vehicles 5,000,000 00
To D
Note: Work done, Findings and Conclusions similar to those

on Sch. D could also be written here.

Exercise 27-1
1. Why is the audit of fixed assets so important? Explain and justify.

2. What are the definitions of fixed assets and how do they differ from revenue
expenditures?
3. What are the audit objectives of fixed assets?
4. What are the internal control systems of fixed assets? What are their
significance in the audit of fixed assets?
5. Distinguish among internal control systems and audit procedures in relation
to fixed assets.
Exercise 27-2
Problems (group work)
Assume that you are now engaged in the audit of the fixed assets. You have
gone through the required audit procedures explained above and have
summarized your findings as follows:
1) No identification tag number was given to every fixed asset owned by the
Public Body. As a result, you could not verify the physical existence of the
assets.
2) Although year-end fixed assets count is made every year, the count is not
reconciled with the fixed assets‟ record (register and individual cards)
balances.
3) One of the recently constructed stores, which was transferred to fixed asset,
has started cracking. When you checked the documents related with the
construction, you learnt that provisional acceptance was under way.
4) The ownership booklets of some of the motor vehicles were not made
available for verification. You have also learnt that no procedure has yet

been put in place in order to ensure that all of the motor vehicles are to be
serviced.
5) Although there are so many fixed assets in the compound that are not
currently being used, no effort has so far been made to review their
conditions for the necessary actions including their disposal.
Instruction: As the Head of the Internal Audit Section you are required to
review the above case and report your findings to the Head of the
Public Body.


SAMPLE INTERNAL CONTROL QUESTIONNAIRES FOR FIXED ASSETS
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area ____________________________________
Budget year _____________________
Not
1 Are different staff members engaged in the
purchase of fixed assets, keeping custody of fixed
assets before being issued for use, and recording
their movements?
2 Is there any assigned section or body to follow-up
foreign purchase?
3 Is there a mechanism to prevent the purchase of
more quantity of fixed assets than required?
4 Are goods receiving notes issued upon receipt of
all acquisitions of fixed assets?
5 Is the store-keeper forced to raise goods receiving
notes without getting a chance to see the fixed
asset physically?
6 Are fixed assets issued without the authorization
of a designated official?
7 Does each fixed asset have its own identification
number?
8 Is there fixed assets register for proper recording
and controlling of the movement of fixed assets?
9 Is there a strong control mechanism to ensure that
fixed assets are not exposed to theft or damage?
10 Is there annual physical count of fixed assets and
the count compared against the balance in the
fixed assets register?
11 Is physical count of fixed assets undertaken in the
presence of the storekeeper and by staffs assigned
from other section?
12 Is the result of fixed assets physical count reported
to the Head of Public Body?


SAMPLE INTERNAL CONTROL QUESTIONNAIRE FOR FIXED ASSETS (continued)
Not Evaluation and

No. Questions Yes No applicable comments
13 Is there any mechanism to ensure the level of fuel
consumption being in line with the length of
distance that the vehicle has covered? For
example, maintaining log book.
14 Is there any controlling mechanism over the
proper utilization of the services of vehicles?
15 Are there any fixed assets which are out of
service?
16 Does Management take appropriate measures
consistent with the existing directives when there
are fixed assets, which are out of Service?
17 Is there a mechanism to verify the condition of
those fixed assets, which are aged and
malfunctioning, before disposing them off?


SAMPLE AUDIT PROGRAMME FOR FIXED ASSETS
Sch. Ref.
Initials Date
Prepared by
Reviewed by

Audit Area __________________________
Budget Year ________________
Sampling

2. Actual Time ______________
3. Difference _______________
Audit Objectives
1. To ensure the existence of strong internal control

system regarding the management of fixed assets;
2. To ascertain compliance with applicable laws and
regulations;
3. To ensure that fixed assets items are properly recorded
and utilized in accordance with good management
practice and the laws and directives;
4 To ensure that satisfactory fixed assets registers
containing necessary particulars that enable
identification of the assets, documents of purchase,
value, receipt, issue, transfer, etc. are maintained;
5 To ensure the existence of segregation of duties
(ordering, receiving, authorizing, recording,
storekeeping, etc.) and that it is working effectively;
6 To ensure that reports are received on status of the
fixed assets including their histories for necessary
actions according to law and directives;


AUDIT PROGRAMME FOR FIXED ASSETS (continued)

7 To ensure that the fixed assets are properly
kept with adequate safeguards from undue
losses;
8 To ensure that physical counts are made at
least once a year and compared with the fixed
assets records and that appropriate actions are
taken on the findings.
9 To examine the accounts and the fixed assets
registers with a view to assuring that all
acquisitions and disposals are accurately and
fully recorded.
General Procedures
1. Review previous year audit working papers.
2. Review the updating of the permanent file.
3. Fill in the internal control questionnaire.
4. Draw or update flow chart or system notes.
5. Evaluate the appropriateness and effectiveness
of the control system.
6. Conduct a „walk through‟ test to confirm the
control system.
7. Review internal and external reports.
Specific Procedures
The specific audit procedures to be carried out
are given on PP 133 to 135 of the Internal
Audit Manual.


SAMPLE AUDIT PROGRAMME FOR FIXED ASSETS ACQUISITION
Sch. Ref.
Initials Date
Prepared by
Reviewed by
Audit Area __________________________
Budget Year ________________
TEST REF
CONTROL OBJECTIVE TEST OF CONTROL REF. FINDING
To ensure: 1. Establish cut off periods for the purpose of the

• The adequacy of the laid reviews to be carried out;
down procurement procedures
2. Obtain at least the following documents:
on fixed assets;
• Compliance with laws, 2.1 Procurement policies and procedures on fixed
regulations, directives, and assets;
procedures. 2.4 Tender and purchase documents;
• Accuracy and completeness 2.5 Minutes of meetings on fixed assets;
of documents and records. 2.6 Payment vouchers with their supporting
documents;
2.7 List of approved suppliers;
3. For each class of asset ensure/ check that:
a. Purchase Requisition [PR] was properly raised
by the user department;
b. a minimum of three quotations are obtained
from different suppliers;
c. The quotations were really from approved
suppliers.
d. Enquiries are made on the management
objectives regarding the choice of a supplier as
to price and quality of goods and services;
e. Suppliers comparison schedule is prepared
taking into account such information as
discounts, warranty period, support services,
etc. provided by each supplier;
f. The selection criteria are fully applied on all of
the suppliers when selecting a supplier;


SAMPLE AUDIT PROGRAMME FOR FIXED ASSETS ACQUISITION (continued)
TEST REF
CONTROL OBJECTIVE TEST OF CONTROL REF. FINDING
g. The purchase order [PO] is reviewed and that:

• the PO is in the name of the selected supplier;
• the PO contains the list of assets, specifications
and quantities as per the PR.
• the PO states the terms of payment clearly i.e.
single or installments payment and payment
before or after delivery.
• the PO states the expected delivery date.
• the PO is duly approved by appropriate
authorities.
h. the Goods Receipt Notes [GRN] are in order to
ensure that:
• The fixed assets supplied were in conformity
with the PR and the PO. and the
specifications, quality, quantity and price;
• Assets are supplied in accordance with the
terms of the agreement;
i. the suppliers waybills and invoices to ensure that:
• The assets stated are in agreement with the PR,
the PO, and the GRN in terms of specifications,
quantity and prices.
• The documents are in the name of the Public
Body;
• Correct amount is stated. Check casting and
cross casting and ensure that the total amounts
of the documents are also correct;
• The vendor duly signed the invoices.
j. the payment vouchers [PV] are correct to ensure
that:
• The payee names correspond with names on
the quotation, the PO, the GRN, the waybill
and the invoices.
• Discounts were taken care of [where
applicable].
k. the payment voucher and the GRN are
recorded in the appropriate records;
l. the date sequences for the PR, the PO, the GRN
and the PV are in order.

VI. PROCEDURAL GUIDANCE ON SPECIAL AUDIT
SESSION XXVIII
FRAUD AND INVESTIGATION
Learning Objectives
 The definition and significance of fraud and the types of fraud;
 The major causes and characteristics of fraud;
 Fraud control – detection and prevention or deterrence;
 High risk areas for fraud;
 Fraud warning signs;
 The audit and investigation objectives of fraud; that fraud
investigation is a specialist area of great concern;
 The internal control system for the detection, prevention or
deterrence or minimization of fraud;
 The audit and investigation procedures to be applied concerning
fraud.
Definition of Fraud
“Fraud” generally involves an act of deception, bribery, forgery, extortion, theft,
misappropriation, false representation, conspiracy, corruption, collusion,
embezzlement, or concealment of material facts. Fraud may be committed by an
individual, a group of individuals, or by one or more organizations. Fraud is a
violation of trust that, in general, refers to an intentional act committed to
secure personal or business advantage.
In accordance with the Institute of Internal Auditor Practice Advisory 1210.A2-

1, Identification of Fraud,
 Fraud encompasses an array of irregularities and illegal acts

characterized by intentional deception perpetrated for the benefit of or
to the detriment of the Public Body and by persons inside and/ or outside
the Public Body. Examples of such fraud include:

 Acceptance of bribes and kickbacks;

 Diversion by an employee or an outsider to self advantage of
transactions that generate benefit (profit in the case of business)
to a Public Body;
 Embezzlement or misappropriation of money or property and
falsification of financial records to cover up the act and conceal
the detection thereof;
 Claims for services or goods undelivered to the Public Body.
 Fraud designed to benefit the Public Body generally produce such

benefit by exploiting an unfair or dishonest advantage that also may
deceive an outside party. Perpetrators of such frauds usually accrue an
indirect personal benefit to themselves. Examples of such fraud include:
 Improper payments such as bribes, kickbacks, and payoffs to

Government officials, customers, or suppliers;
 Tax fraud;
 Intentional, improper transfer pricing; for example, valuation of
goods exchanged between related Public Bodies, at a lower price
designed to improve the operating results of other Public Body to
the detriment of the selling Public Body.
Fraud is a significant and sensitive management concern where management

itself is not involved in the fraud. This concern has grown in recent years
owing to a substantial increase in the number and size of the fraud disclosed.
The tremendous expansion in the use of computers and the size and publicity
accorded to computer related fraud intensify this concern.
Types of Fraud
Fraud can be classified in different ways. There are internal and external frauds.
What these mean is explained below:
1 Internal fraud is committed by the entity or the entity‟s employees

for benefiting the entity and/ or its employees. Such fraud does also
bring direct or indirect benefits to the employees involved in the
fraud.
2 External fraud is committed by persons outside of the entity for the

benefit of outsiders to the detriment of the entity.

Examples of External fraud include:

 Issuing false financial statements;
 Issuing false prospectuses;
 Deliberately distorting financial statements.
There are also other types of fraud – the corporate fraud, for instance, which is
of three types, viz.:
o Misappropriation of corporate/ Public Body assets:
This type of fraud is committed by employees who are not directors or senior
management members and is usually undertaken for personal gain against the
Public Body. When the fraud involves senior management it is done on a
massive scale.
Examples include forgery, alteration or misappropriation of checks, drafts,

promissory notes or securities; unauthorized, non-business acquisition, use, or
disposition of funds, inventory, furniture, fixtures, equipment, records, or other
assets; embezzlement, theft, falsifying time sheets or payroll records, including
but not limited to reporting hours not worked; the falsifying of travel and
entertainment expenses and/or utilizing organization funds to pay for personal
expenses; fictitious reporting of receipts; misappropriation of organization-
owned computer hardware, software, data.
o Manipulation of accounting information:
This type of fraud, which is perpetrated by management, is intended to misstate

the financial statements so that they give false impression of the financial state
of affairs and the performance of the Public Body. Example is the worldwide
renowned Enron case.
o Deception of a third party:

This type of fraud is different from the ones described above. It involves the
misappropriation of third party‟s assets and/ or through the provision of false
information to a third party presumed to be done in the best interests of the
Public Body, for example, false representations to the tax authorities to
minimize the Public Body‟s tax liabilities.
The following are some areas which may give rise to suspicion of management
fraud:
 Staff turnover especially of finance and key positions;
 Single source of supply for key supplies;
 Unusual changes in financial figures – downward or upward;
 Not recording accounts up-to-date and late reporting of financial

activities; and,
 Payments in round figures rather than the actual amounts.
There are also other types of fraud, for instance, Contract fraud, connected with
contracts with third parties - falsifying the contents and the amounts in the
contracts to obtain undue advantages. There is also Computer fraud.
Major causes of Fraud
The major causes of fraud can be grouped under three headings - poor internal
control, collusion between/ among workers and the environment in which the
Public Body works.
By internal control we mean, in general, financial and management controls.

The financial controls can further be divided into budgetary control,
safeguarding of assets and accounting controls.
There should be planning and controlling of incomes and expenditures. This is

budgetary control.

Safeguarding of assets concerns the safeguarding the entity‟s assets from loss or
misuse.
By accounting control we mean that financial transactions of the Public Body

should be recorded correctly and accurately and on time as and when the events
occur. Necessary reports should also be produced to aid management in decision
making; accounts that require to be reconciled such as bank balances, accounts
receivable and payable should be regularly reconciled. Transactions should be
supported by adequate documents; pre-numbered documents should be used.
Management Control is the process of assuring that resources are obtained and
used effectively and efficiently in the accomplishment of the Public Body‟s
objectives. The process is ongoing as long as the Public Body exists as an
ongoing operation.
When we talk about collusion between/ among workers we mean employees

cooperating to defraud the Public Body. Under the circumstance, it would be
very tough to trace the fraud committed by these collaborators unless they
quarrel and the information leaks.
The other matter concerns the environment in which the Public Body works.
Some environments where internal controls are loose could be conducive as
breeding grounds for fraud.
If the internal control system is poor the possibilities of fraud occurrence will be
high.
Fraud control – detection and prevention or deterrence
It is said that prevention is better than cure. The first attempt of management
and the internal auditor should, therefore, be on the prevention of fraud.
Fraud deterrence consists of those actions that are taken:

 To discourage the perpetration of fraud; and also,

 To limit the exposure if fraud does occur.
Instituting the necessary cost effective control mechanism acts as a deterrent for
fraud. The control mechanism include matters such as fostering control
consciousness, setting realistic Public Body goals and objectives, creating clear
communication channels that provide management with adequate and reliable
information, and establishing and maintaining appropriate authorization
policies for transactions.
Detection consists of identifying indicators of fraud sufficient to warrant

recommending an investigation. These indicators may arise as a result of control
established by management, tests conducted by the internal auditor and other
sources both from within and outside the Public Body.
High-risk areas for fraud
The management and the internal auditor should be aware that cash receipts
(the documents and the cash itself), stocks, purchases, payroll, receivables and
payables are among high-risk areas for fraud.
Altered, forged and missing cash receipts, unexplained shortages, and using one
day‟s collection to cover up a previous day‟s unaccounted for collection are
some examples concerning cash receipts.
Receiving inferior qualities of goods for the price of better qualities and sharing
the resulting difference in prices with vendors, removing items from cartons of
incoming and outgoing shipments, declaring that items are received while that
is not true, throwing items through the fence for latter pick up, carrying the
same types of commodities on shelves at different unit prices (under the FIFO
inventory valuation method, for instance), and reporting of stolen stocks as

existent when in fact they do not exist in stores are all examples of fraud
involving stocks.
Regarding fraud on purchase transactions, accepting kickbacks in the form of

compensation or special favors; technical managers buying from their own
companies through cover; buying at higher unwarranted prices; breaking
confidentiality and disclosing quotation prices to suppliers who offer kickbacks
could be cited as examples.
Inflating hours worked and also not reporting absences; fictitious/ dummy
employees on payroll; unreported terminations of employment or transfers; and
unauthorized advances to employees are examples of payroll fraud.
Unauthorized write off of debtors‟ balances, collusion with debtors,

unauthorized offset of debtors‟ with creditors‟ balances; and preparing duplicate
payments to suppliers and collusion with suppliers to increase the supplier‟s
invoice amounts and sharing the difference are examples of frauds concerning
accounts receivable and payable respectively.
Regarding fraud involving employees, the question that is frequently asked is

why employees commit fraud. The answer is that employees commit fraud
either out of greed or need. The more dissatisfied an employee is the more likely
that he will engage in criminal behavior. The other reason why employees
commit fraud is related to financial pressures. In this case, the employees must
have a motive and perceive an opportunity to commit fraud and conceal their
crimes. The opportunity arises as a result of loose internal control – the lack or
inadequacy of checks and balances in the Public Body. Dividing the
responsibility among other employees would deter the opportunity.

Fraud warning signs
There are fraud-warning signs that the Head of the Public Body and the internal
auditor should be aware of. Weak internal controls, unethical leadership, lack of
fraud policy, lack of effective internal auditing function, control by a single
person over key functions, inadequate screening of job applications, vendors or
contractors are some examples of fraud warning signs.
Audit and investigation objectives
The internal auditor has the responsibility for examining and evaluating the
adequacy and effectiveness of the internal control system in relation to the
Public Body‟s operations. The internal auditor should, therefore, determine if:
1. The Public Body‟s goals and objectives have been clearly and
realistically set;
2. The environment in which the Public Body works ensures the

existence of control consciousness;
3. There have been written policies and procedures put in place:
- Describing prohibited activities and the ensuing penalties when

violations are discovered;
- For authorization of transactions including defining limits of

authority;
- For ensuring that no one person is in full control of a series of

activities from beginning to end and that a division of function
exists in the Public Body;
- For monitoring activities and safeguarding of assets involving high

risks for fraud such as cash, inventories, accounts receivable and
payable, plant and equipment; and,
- For ensuring that there is an effective communication channel in

the Public Body.

Audit and investigation procedures
As sufficiently explained earlier detection, prevention and deterrence of fraud,

and also investigation when the symptoms have been noticed is a specialist task,
which cannot be accomplished under the normal audit procedures.
If the internal auditor suspects that fraud has occurred, he should advise the
Head of the Public Body about it and recommend on the necessary investigation
to be carried out.
Some of the ways that the internal auditor can become aware of the possibility
of fraud in the Public Body include information coming from within or outside
of the Public Body and/ or as a result of the internal auditor‟s own assessment of
the adequacy of the internal control system or while conducting his normal
audit procedures.
When the internal auditor becomes aware of alleged fraud, he should decide on
the measures he has to take, of course, on the authorization of the Head of the
Public Body. He should take the following steps:
1. Gather sufficient information and evidence on the alleged fraud and

determine if fraud has occurred; and,
2. Depending on the initial findings, conduct the investigation by
involving other experts where appropriate;
3. Assess the probable level and the extent of complicity of the fraud in
order to avoid giving/ receiving misleading information to/ from
those concerned;
4. Determine the knowledge, skills and other competencies that are
required for the effective carrying out of the investigation;
5. Design procedures that would allow the identification of the fraud
perpetrators, and necessary details about the fraud such as the extent
of the fraud, the techniques used in committing the fraud, and the
cause for the fraud;

6. Coordinate the activities with the management and concerned

personnel while the investigation proceeds keeping secrecy and
confidentiality as far as possible;
7. As evaluators of the internal control system, determine if the
existent controls require review to deter similar or other frauds from
occurring in the future; and,
8. Report the findings and recommend on the actions that need to be
taken; the reports could be oral or written, again depending on the
gravity of the case and its future implications;
9. Ensure that management has taken, among others, the following
steps concerning fraud:
9.1 Establish fraud policy and state the Public Body‟s

position against fraud;
9.2 Develop a code of conduct;
9.3 Make all employees of the Public Body responsible for
reporting fraud;
9.4 Establish fraud reporting channels;
9.5 Describe the investigation process; and,
9.6 Impose penalties on fraud perpetrators and accomplices where
employees are involved in the fraud.
One of the tools that the internal auditor could use in his fraud examination is
the fraud assessment interview. He could prepare the questions, with adequate
review and approval of the Head of the Public Body, in order to compile
necessary information on possible fraud to help him in his audit and
investigation of the Public Body‟s operations. Examples of some of the questions
that could be posed are given at the end of this Session.
There are also questions under the heading Fraud Investigation Standards given
as Annex XXV to the Internal Audit Manual.
On completion of the investigation, the internal auditor should report the

results to the Head of the Public Body. His findings may indicate inadequacy of
the internal control system to control fraud. Therefore, he should advise
management on the steps required to make the internal control system
effective.

The report should at least cover the following particulars:

 The reasons for the investigation;
 The objectives of the investigation;
 The work carried out in relation to the investigation; and,
 The conclusions reached and the recommendations for future

actions.
Failure to detect fraud

The internal auditor may fail to detect fraud because of various reasons
including the following:
 Unwillingness to look for fraud because of fear of spoiling good
relationship with those that might be involved in the fraud and
fear of possible risks on the person;
 Too much trust placed on the auditees – management and

employees;
 Internal auditor not giving enough emphasis to audit quality;
 Management not having fraud policy;
 Inadequate support from management to internal auditor and to

strengthen the internal controls; and,
 Failure to focus on high-risk fraud areas.
Examples of fraud:
1. A senior official of a Public Body arranges to accept financial and other

incentives from a bidder by providing him with information that facilitated
the way that only he will be able to submit a satisfactory bid proposal and
eventually win the award. The senior official also used his personal
influence and position to persuade other committee members involved in
the bids review and analysis so that their decision inclined towards this
person. As a result, this contractor wins the bid award. Once the contract is
in effect, the same senior official approves and justifies several high cost
contract amendments, for which he receives gratuities.

2. An employee prepares and submits a monthly payroll time report, and

intentionally falsifies the document by not reporting unpaid leave taken.
The supervisor without knowing of the leave that should have been
deducted approves the payroll for payment. The employee is paid for the
time he has not worked. Similarly, an employee falsifies a travel voucher by
reporting expenses that were not incurred and gets paid.
3. An official responsible for contract procurements advises a contractor that

in order to continue receiving contracts, the contractor must pay special
gratuities or provide favors or services. The official threatens to blacklist
and cut him off from any future Government works if he fails to comply
with the advice. The contractor complies because of the threat and possible
economic and financial loss.
4. A Public Body‟s official has a hidden financial interest (shares or direct

ownership) in a vendor doing business with the Public Body, which others
did not know. The official is in a position to influence that any dealings be
made with the vendor company. Here, there will be conflict of interest.
Under the dealing, orders are being filled and higher than fair market prices
are being paid for goods or services provided by the company under the
pretext that quotations are received from three suppliers and the prices
offered by the company were fair. As a result, the officer will unduly
benefit financially from the dealing.

Exercise 28-1
1. What is fraud? Explain and justify. Distinguish between fraud and error;
and also audit and investigation.
2. What types of fraud do you generally recognize? Explain and justify.
3. What are the major causes of fraud? Discuss the high-risk areas of fraud.
4. What indicators lead to the recognition of fraud warning signs?
5. Why do internal auditors fail to detect fraud?

FEDERAL DEMOCRATIC REPUBLIC OF ETHIOPIA

FRAUD ASSESSMENT INTERVIEW QUESTIONS
Sch. Ref.
Initials Date
Prepared by
Reviewed by

Audit Area Fraud Investigation
Budget Year ________________________
S.
No. Questions Yes No N/A Comments
1 Fraud in any Public Body could encompass a whole range of
activities where people steal from the Public Body, lie to the
management or take unfair advantage of the Public Body. Do
you think fraud is a problem for any Public Body in general?
2 Do you think the Public Body has a problem with fraud?
3 If employees are stealing from the Public Body, why do you
think they would do it?
4 Frequent, small thefts by employees can add up to a lot of
money. If you knew another employee was stealing from the
Public Body, what would you do?
5 Do you know of anyone who might be stealing or taking
unfair advantage of the Public Body?
6 Suppose someone who worked with this Public Body decided
to steal or commit fraud, how could he do it and get away
with it?
7 Do you know of employees‟ whose lifestyle or behavior has
changed significantly?
8 Do you know of employees of the Public Body with a past
history of dishonesty or illegal conduct?
9 Do you know of employees of the Public Body with financial
pressures?
10 Have new employees been provided with detailed documents
which make specific references to actions that will be taken
including criminal prosecution without failure in the event
of fraud or misappropriation of the Public Body‟s assets?
11 Do you know of honest employees who are encouraged as
against fraudsters?
12 Is there any other information you may wish to furnish
regarding possible fraud in the Public Body?

SESSION XXIX
PERFORMANCE AUDIT (VALUE FOR MONEY AUDIT - VFM)
Definition of Performance Audit and Value for Money
Reference is frequently made to “value for money audit” and “Performance

audit” in relation to examinations of the use of resources by Public Bodies.
Different terms are used in various parts of the world. Although Performance
Audit can sometimes be interpreted as extending beyond clear VFM issues (to
include, for example, quality and technical matters), the terms are used
interchangeably by many auditors.
A Performance Audit “is an objective and systematic examination of a Public

Body‟s program, activity, function or management systems and procedures to
provide an assessment of whether the Public Body, in the pursuit of
predetermined goals, has achieved economy, efficiency and effectiveness in the
utilization of its resources”.
Although Performance Audit can be very wide-ranging, in broad terms, it can

be applied to those activities involving a considerable level of resources and
projects that are at risk of failing in their objectives.
It is important that any Public Body should ensure that optimal VFM is
achieved from the resources provided. The term “value for money” refers to the
way in which resources (financial, human or physical) have been allocated and
utilized by the Public Body.
Performance Audit, therefore, involves an independent assessment of whether

economy, efficiency and effectiveness have been achieved by the Public Body
concerned.

Economy - is concerned with minimizing the cost of resources used (staff,

materials and equipment) for an activity in the pursuit of its objectives and
whether they are in accordance with sound administrative principles and
practices and management policies. An economical Public Body acquires its
input resources, of the appropriate quality and quantity, at the lowest cost.
Efficiency - is concerned with the relationship between goods and services

produced (the outputs) and the resources used to produce them (the inputs). An
efficient Public Body produces the maximum output from any given set of
inputs or uses minimum inputs to achieve a given quantity and quality of
output.
Effectiveness - means ensuring that the desired results, objectives, targets or

policies have been successfully achieved. Using a range of performance
measures and indicators, it is possible to assess a Public Body‟s effectiveness.
In practice, the boundaries between economy, efficiency and effectiveness are

seldom clear-cut. Examinations of VFM, therefore, normally follow these
various aspects of performance simultaneously as part of the same exercise.
Example: If the internal auditor of the Ministry of Health wanted to conduct

Performance Audit of a hospital under construction, he might cover any or all
of the following aspects:
1 The Economic test could be the tendering, contract and project control
procedures to establish how far the hospital and associated facilities had
been built to specification, on time and at lowest achievable cost or
within approved cost limits.
2 The Efficiency test could be to check how facilities such as wards, beds,
operating theatres and equipment are utilized.

3 The Effectiveness test could be test of results in terms of reductions in

patient waiting lists, increase in operations performed, improved
diagnostic and treatment rates and improvements in health.
Performance Audit differs from Financial Audit in that the former examines
whether the Public Body has done the right thing and done so in the correct
and least expensive way. It considers whether the Public Body has achieved its
goals economically, efficiently and effectively in utilizing its resources.
Financial Audit is concerned with examination of the transactions relating to
expenditure and receipts and with the form and content of the accounts.
The achievement of economic, efficient and effective resource utilization

depends on the existence of good management controls. Management controls
include policies and procedures for:
1 Planning, organizing, directing and controlling program operations,
2 Confirming that resource use is consistent with legislation and

regulations;
3 Safeguarding resources against waste, loss and misuse;
4 Measuring, monitoring and reporting on the Public Body‟s performance;
5 Ensuring that a program or activity meets its objectives;
6 Ensuring that valid and reliable data are obtained, maintained and
disclosed accurately in annual reports and other documents.
The auditor‟s role is to provide independent verified information that

management has the proper arrangements in place and that they are effective.
Objectives of Performance Audit
1 To provide independent information, assurance and opinion about

economy, efficiency and effectiveness (in effect, Value For Money) in
major fields of revenue, expenditure and the management of resources.

2 To identify ways of improving Value For Money and to encourage and

assist Public Bodies to take the necessary action to improve systems and
controls.
3 To expose serious waste, extravagance or other examples of poor

performance.
Impacts of Performance Audit

1 Increasing income,
2 Reducing costs or expenditure, resulting in financial savings,
3 Improving efficiency,
4 Strengthening or enhancing management and administrative or

organizational processes,
5 Improving the quality of services provided,
6 Achieving the Public Body‟s aims and objectives more cost-effectively,
7 Developing policy,
8 Creating awareness of the need for good accountability and transparency

in the use of resources.
Types of Performance Audit

Performance audits can be classified into the following three types:
Selective audit.
The Public Body might be criticized for serious waste and extravagance,
improper expenditure, inefficiency, ineffectiveness or weaknesses in control or
non-compliance with laws and regulations. The auditor needs to check whether
the criticism of the Public Body is justified, examining causes for deficiencies or
weaknesses and considering action taken or needed to introduce improvements.

Example: Finding out why a certain contractor for building a school was
selected where the cost is much higher than other contractors who competed
for the same contract.
Major projects audit
These are done as part of the normal Performance Audit. There is no need to
have complaints by interested parties. The audits are performed to get assurance
that major projects are performing as planed and, if there are weaknesses, to
draw attention to material weaknesses in control or achievement and their
consequences.
Example: Examination of the grant arrangements for controlling HIV/AIDS.
Standard managerial operations audit
These reviews may cover common procedures, systems or established good

practice. For example the stores management system, inventory control systems
and the relevant records may be reviewed to ensure that these activities are
done in an effective, economic and efficient way. Like audit of major projects,
this is also part of the normal Performance Audit.
Performance Audit steps

The elements in each Performance Audit study can be grouped into three major
phases, namely planning, examination and reporting.
Steps in Performance Audit

a) Planning
1 General surveys and updating (marking) of potential study areas in order to

obtain up-to-date knowledge and understanding of the Public Body
concerned,

2 Planning and preparation of a Performance Audit strategy and decisions on

the areas to be examined, taking account of high risk areas,
3 Preliminary studies and planning individual performance audits, including

confirmation of the terms of reference for specific audits,
b) Examination
4 Conducting the full Performance Audit examination, involving detailed

fact-finding, research and analysis of the area under review.
c) Reporting
5 Preparation of reports resulting from the audits,
6 Agreeing the findings and clearance of the reports with the audited
department or section or project,
7 Finalizing and publishing of the reports and their presentation to the Head
of the Public Body and the Inspection Department of MoFED,
8 Review of follow-up to the reports.
Performance Audit Standards
Auditors need means of measuring the performance of the areas subject to audit.
It is essential to establish suitable criteria for performance measurement when
planning an audit. Criteria are reasonable and attainable standards of
performance against which the performance of the department/ section audited
will be measured. Without suitable and acceptable criteria determined in
advance, much effort could be wasted, conclusions may be difficult to reach and
agreement on the findings may not be easily reached with the
department/section. The audit criteria should be:
1 Relevant – enables making observations and reaching conclusions against

the audit objectives,
2 Reliable - results in consistent conclusions when used by different

auditors in similar circumstances,

3 Neutral - free from bias,
4 Understandable - clearly stated and not subject to different

interpretations,
5 Complete - all the criteria are identified and used.
Planning Performance Audit

Planning is the means by which potential Performance Audits are identified,
prioritized, selected and included in an overall audit program. The planning
process enables identification of the nature, extent and timing of the
performance audit work to be undertaken.
Strategic Planning of Performance Audit

The strategic planning of Performance Audit represents a policy statement from
which shorter-term Performance Audit plans can be prepared. The aim of
strategic planning is to determine the future program of Performance Audit
work and the priorities and resources required to carry it out. Strategic plans
look ahead for at least three years to identify longer-term options and they may
include more detailed study proposals for the shorter term. The plans involve
procedures for identifying, prioritizing and selecting possible areas for
performance examinations. They should be reviewed and updated as necessary.
Strategic planning is done in two steps:
1 General surveys - is aimed at providing an understanding of the Public

Body‟s objectives, its main activities and the level and nature of resources
used in carrying out its functions. Information for general survey work can
be obtained through normal day-to-day work. Information on progress of
projects may be obtained from the appropriate department of the Public
Body. Additional information may be required from time to time to obtain
more detailed information. This is required to provide a basis for
identifying potential areas for Performance Audit. General survey covers:

1 Information on the Public Body,
2 Significant legislative authorities,
3 Objectives of the Public Body,
4 Organizational arrangements,
5 Accountability relationships,
6 Activities carried out,
7 Nature and level of resources used,
8 Procedures and control systems in place,
9 Other relevant information or evidence.
2 Marking – allows changes and new developments to be reflected in

planning the Performance Audit strategy. Marking can be carried out by
referring to information including financial statements, accounts, annual
reports, annual development programs, project proposals, and policy
proposals. In Marking, the auditor will follow the following steps:
Be familiar with the policy objectives, operational objectives and

main activities, working methods and problems of the Public
Body,
Keep abreast of changes in policy, significant developments and

projects,
Monitor outputs from finance department and management

information systems (MIS),
Establish reasons for any changes in income (budgets,

donations) and expenditure trends,
 Identify signs of serious waste, extravagance or inefficiency.

Potential Performance Audit Areas

The following are the common areas that need to be covered by Performance
Audit:
1 Procurement,
2 Stores management,
3 Support services, including telephones and electricity,
4 Asset management, including vehicles, buildings, etc.
5 Management of major capital projects,
6 Utilization and deployment of manpower.
Detailed Planning Performance Audit

Once the strategic planning of Performance Audit is completed, the next step is
to plan for the detailed Performance Audit. As stated, the strategic plan is a
generic plan covering a number of yeas (three to five years). The detailed plan
looks at each year independently.
Information in the following areas is needed to prepare one-year plan:

1 Background information on the proposed audit area,
2 Policy documents and strategic plans,
3 An assessment of the risks, if any, to achieving VFM,
4 Proposed scope of the audit and main issues to be addressed,
5 The approach and techniques to be used and sources of evidence,
6 Expected impacts of the study in terms of savings or improvements,
7 Staffing requirements and cost to carry out the study,
8 The proposed timing of the study.

Sources of information:
1 Proclamations, laws, policies, guidelines, etc,
2 The Public Body‟s mission statement, annual reports, and minutes of

management/board meetings,
3 Previous audit reports, reviews, evaluations and inquiries into the

activities of the Public Body,
4 The budget estimate,
5 Discussion with management, employees and other stakeholders,
6 Studies by Government, professional or interest groups,
7 Information held by other Public Bodies (e.g.: Inspection Department

of MoFED),
8 Similar audits undertaken by other Public Bodies,
9 Media coverage.
Preliminary Study
Before going into the detailed planning of the Performance Audit, preliminary
study is needed to ensure that the areas of audit identified during the strategic
planning are still relevant and there is a need to audit those areas in detail. The
preliminary study shall state how the work should continue. It shall also
recommend specific objectives and tasks for the detailed audit of the selected
areas.
The preliminary study involves examination and analysis of the Public Body‟s
papers, local and foreign visits as necessary and discussions with appropriate
staff in the Public Body. Experts‟ advice may also be required where the audit
area is a professional area, such as IT or engineering. The preliminary study
should address the points shown below:

1 The important issues to be examined and included in the planning

document for the full study,
2 The nature, extent and availability of audit evidence required and how it
will be collected,
3 The approach and techniques which will be used to analyze the data,
4 The timing of the various stages of the full review,
5 The resources required in terms of staffing input,
6 The format in which the findings and results of analysis should be

reported.
Information required during this preliminary study includes the following:

1 The history and location of the Public Body or its section/unit,
2 Its legal requirements,
3 The Public Body‟s establishment Proclamation, objectives and policies,
4 An organizational chart and its management,
5 Its budgetary allocations and expenditure levels,
6 Travel and equipment expenditure,
7 Number of employees,
8 Type of examination to be made,
In addition, if the subject of the audit is an activity,

9 Background and factors influencing an activity to be audited,
10 The type of activity,
11 Its location,
12 Persons responsible for the activity,
13 Policies important to the activity,
If the subject of the audit is a program,

14 Specific procedures for accomplishing the activity,

15 Purpose and objectives of a program,
16 Cost and duration of program,
17 The inter-relationships between entities responsible for the program,
18 Policies and procedures for accomplishing the program,
19 Administrative regulations related to the program.
The purpose of the preliminary study is to identify important areas to be

audited. In the process of identification, the auditor should obtain answer for
the following questions:
1 What are the objectives that the Public Body is expected to achieve?
2 How well and how far have these been achieved?
3 At what cost?
4 Have the objectives been achieved economically, efficiently and

effectively?
5 If not, what explanations does the Public Body give?
6 What are the areas of weakness in the Public Body perceived by

management?
If the auditor tries to obtain answer for the following questions, he can identify
important issues to be covered during his performance audit:
1 Is the activity covered by relevant legislation or regulations?
2 Were the intended objectives of the activity properly defined and

communicated? Were they achieved?
3 Are there adequate controls to ensure the achievement of satisfactory

VFM?
4 Is there a need for public expenditure or resources to be used on this

activity?
5 Has consideration been given to alternative means of meeting the need?

Was the best alternative chosen?

6 Have activities been planned, organized and implemented in an

acceptable way?
7 Were the requirements or specifications appropriate, at the right level

and are they being met?
8 Did matters proceed at the appropriate rate, avoiding delay and

unnecessary costs?
9 Were resources used economically and efficiently?
10 Were receipts or returns optimized?
11 Were there any other significant VFM implications of the activity

concerned?
The output of the preliminary study report should be thoroughly considered by

the Head of the Audit Department to decide whether or not the Performance
Audit should continue in detail. If the decision is to proceed with a detailed
audit, specific objectives of the audit and plans for the timing and staffing of the
audit need to be drawn.
Audit Plan
To proceed with the detailed audit, one of the basic tools necessary is the audit
plan. The audit plan should be prepared in writing and should be documented
in the Performance Audit Working Paper. The Performance Audit team, in
consultation with the Head of the Audit Department and other higher officers,
should prepare the audit plan. The audit plan should cover the following:
1 The audit objectives,
2 The audit scope, reasons for any limitations to the scope,
3 The audit criteria and their sources,
4 Description of the planned audit approach and methodology,
5 Identification of audit staff and external consultants, including their

qualifications and special knowledge or skills,
6 The timing and the main control points.

Audit Objectives
To reach at a conclusion at the end of the Performance Audit exercise, clear and
specific audit objectives need to be developed for each audit. What is expected is
that for each and every audit objective, there will be, at the end of the audit, a
conclusion. Audit objectives are normally expressed in terms of what questions
the audit is expected to answer about the performance of an activity, such as
results achieved, or the economy or efficiency of resource utilization.
E.g.: To assess the efficiency of stores management. The efficiency criteria

applicable to the stores management are identified and agreed with the
department concerned. The auditor will then collect evidences to reach at a
conclusion.
Audit Scope
Audit scope is audit boundary. The auditor needs to define what he will cover
in his audit of a specific area. Audit scope refers to the framework, boundary,
limit, subject and nature of the audit. In establishing audit scope, the auditor
should consider whether the topic is within its mandate, whether the audit will
cover significant issues that are likely to add value and be of interest to
management and the ability of the audit team to carry out the audit in
accordance with the required professional standards.
Audit Criteria
Auditors need a means of measuring the performance of the activity subject to
audit. The standards used for this purpose are referred to as audit criteria. These
are reasonable and attainable standards of performance and control against
which the economy, efficiency and effectiveness of the activity can be
evaluated. Primary sources of audit criteria include the controls, standards,
measures, results, commitments and targets adopted by the Public Body itself or

imposed by legislative bodies. The auditor should review these criteria to assess
their relevance to the audit to ensure that they are reasonable and complete.
Where the Public Body‟s own measures are found to be suitable, they can be
adopted as audit criteria. If not acceptable, criteria may be obtained from the
law, regulations, and standards developed by other bodies.
Performance Audit Techniques

Different tools and techniques for Performance Audit can be used. The chosen
techniques should be those most suitable for the particular audit.
Evidence gathering techniques:

1 Examination of papers -Annual reports, financial statements, Project
documents, Correspondence, Memos, Minutes, Reports, instructions to
staff, Internal audit reports are the common sources,
2 Interviewing – with the help of questions prepared in advance of the

interview.
3 Direct observation - helps to obtain evidence about physical assets and

can be helpful in gathering evidence about whether people are following
the proper procedures.
4 Case studies - refer to the in-depth examination of a representative

selection transactions or items in order to understand an activity as a
whole. The method focuses on assessing efficiency of various services by
analyzing a sample of cases to obtain an insight into the precise workings
of an activity.
5 Questionnaires – when the cost of interview is significant, this technique

can be used.
6 Surveys - is a useful method of collecting new or standardized

information, both quantitative and qualitative, from a number of
respondents in an audit area through postal questionnaires, personal
interviewing and telephone interviewing,
7 Focus groups – a brain storming session can be organized for a focus

group of about 15 to 20 people.

8 Flow charting - is a visual aid to the sequential processes in the flow of

transactions in an activity or the Public Body.
9 Statistical analysis - is often employed when data has to be analyzed in

order to establish trends or make comparisons.
The detailed audit

At this stage sufficient evidences are collected to be able to reach at a
conclusion. An auditor should not reach at a conclusion without the necessary
and accurate supporting facts, figures or examples. The following are key
questions that the auditor must keep in mind continually during a Performance
Audit examination:
1 Why is the activity carried out?
2 What value does it add?
3 Why is it carried out in the way that it is?
4 How is performance measured in the area under examination and what

systems are in place to achieve this?
5 Are economy, efficiency and effectiveness measures and targets in place

and, if so, what do they show?
6 Could the activity be carried out at less cost without affecting efficiency
or effectiveness?
7 Could it be carried out more efficiently or more effectively?
8 What potential is there for financial impact as a result of the audit

review?
THE REPORTING PHASE OF PERFORMANCE AUDIT
Framing Conclusions and Recommendations
The final stage of the Performance Audit involves reaching conclusions based
on the detailed examinations, making recommendations and drafting the report
for the management. Reports can be presented in the form of letter,
presentations and written reports. The auditor must consider how to report his

findings. Where deficiencies in performance have been identified, the audit

team needs to develop recommendations to guide corrective action.
Recommendations should be feasible to implement. They should also be
consistent with the findings and conclusions in the report.
Performance Audit reports should be kept brief, and should bring out only the
most important matters. A strong, clear report structure, covering the main
issues needs to be developed. The language used must be simple, direct and
unambiguous. The report should concentrate on the reasons why things are
done, how well they are controlled and the VFM achieved, rather than on their
descriptions. The auditor should use clear evidence and well chosen examples to
strengthen the messages in the reports.
Performance audit report can be structured in the following manner:

1 Title: Ensure that the subject matter of the report is reflected accurately in
the title.
2 Preface: Introduction of the aim of the examination.
3 Executive Summary: Include an overall conclusion, together with key
findings and recommendations of about two pages. This should provide the
reader with a concise, clear view of the purpose and results of the
performance review.
4 Introduction to Report: Provides a brief background to the audit and the

activity audited. This should be sufficient to allow readers to understand the
context of the report.
5 Objectives and Scope of the Review: The report should clearly state the
objectives and scope of the audit.
6 Timing: The report should indicate the period of time for which audit is
done.
7 Audit Criteria: The report should explain the basis for measuring
performance and the source of the criteria.
8 Methodology: The report should give a clear explanation of the techniques

used to collect and analyze information.

9 Findings: Present the findings in a logical sequence. Each identified main

topic or fundamental issue is covered in separate sections or chapters of the
report.
10 Recommendations and Conclusions: The actions needed to correct problems

are given in this section. They flow directly and logically from the findings.
Recommendations should be specific, achievable and realistic, time-bound,
and financial or other impacts have to be quantified.
11 Glossary: Technical terms and abbreviations should be kept to a minimum

and should be listed and explained in a glossary at the end of the report.
Follow-up of Performance Audit Reports

Following up the recommendations in the performance reports is a means of
ascertaining whether recommendations have been taken care of or addressed by
the department or activity audited. Performance Audit reports are distributed to
the management, the department audited, the Inspection Department of
MoFED and other concerned legal users of the reports. The Inspection
Department of MoFED shall be responsible to follow up whether timely and
appropriate actions are taken by the management of the Public Body.

Exercise 29-1
In a group of ten, discuss on the following, take note, elect presenter, and present to the class.
1. Efficiency has improved when the unit cost of teaching children or providing
hospital treatment has been reduced over time; or where more children have been
taught or hospital beds provided, without additional resources. (Discuss)
2. Reduction in repairs and maintenance cost of equipment, for example, vehicles,

computers or photocopiers, is a measure of efficiency. (Discuss)
3. Where there has been an improvement in school examination results or where

sickness rates have fallen as a result of medical care, we can say the activity is
effective. (Discuss)

SESSION XXX
PROJECT AND CONTRACT AUDIT
Learning Objectives:
 The definition of projects and contracts and related audits;
 The funding modalities;
 Basic bid documents and processes;
 The audit objectives projects‟ and contracts‟ expenditures;
 The internal control system in relation to projects and contracts;
 The audit procedures to be applied in the examination of projects‟ and
contracts‟ expenditures.
Introduction
This Session of the internal audit training covers two topics – project and
contract audits. Project and contract audits are a specialist area of audit -
Compliance and Performance Audit. This should not, however, imply that such
audits are not undertaken when conducting normal audit.
Definition of project and contract and related audits

A simple dictionary definition of the term project is „a piece of work, etc. that is
organized carefully and designed to achieve a particular aim; a planned activity.‟
A contract, under the present Session, concerns agreements with contractors for
the provision of services and construction of buildings, roads, dams, water wells
and others.
A contract audit, therefore, is a Compliance and Performance Audit which is

intended to ascertain and ensure that constructions are executed in accordance
with contracts, relevant laws and regulations in force.

The term counter part funds are also referred to in the Audit Manual. Counter
part funds are created by means of payments into a special account of the
equivalent value in local currency from the proceeds of the sale of commodities
or foreign currencies that were provided by grants or loans.
Project and contract management is a carefully planned and organized effort to

accomplish a specific (and usually) one-time effort, for example, construction of
a building or implementation of a new computer system. Project management
includes developing a project plan, which includes defining project goals and
objectives, specifying tasks or how goals will be achieved, what resources are
need, and associating budgets and timelines for completion. It also includes
implementing the project plan, along with careful controls to stay on the
"critical path", that is, to ensure the plan is being managed according to plan.
Project management usually follows major phases (with various titles for these
phases), including feasibility study, project planning, implementation,
evaluation and support/maintenance. (Program planning is usually of a broader
scope than project planning, but not always.)
Funding Modalities
The two major types of donor funding to the Government are the bilateral and
the multilateral funding.
Bilateral funding concerns a foreign donor providing funding in cash or in kind

to an agency (a Public Body) for the implementation of economic development,
environmental protection or capacity building. „Bi‟ means two – i.e. between
two parties, a donor on the one hand and the fund recipient on the other.
Multilateral funding mainly concerns funding by many donors of development

projects in a country. The donors could include the World Bank, the

International Monetary Fund and Governments and others. „Multi‟ meaning

many.
Funding or disbursement modalities specify how funds flow from the donors to
the Federal Government of Ethiopia (FGE) and/or to the relevant Public Body
and/ or to the Regional States (RS). They also specify the flow of reports to the
donors and to the FGE on the spending of the funds.
The Ministry of Finance and Economic Development (MoFED) has identified

three Channels or instruments for the flow of donor funds.
Channel I – This includes Aid and Loan funds that flow through the MoFED or
its equivalent in the RS; and the reporting system has to follow the same
upward channel.
Under this channel, the initial fund recipient is the MoFED which then
disburses the funds to those Public Bodies that are eligible to receive and use the
fund.
Within Channel I there are two sub-channels – Channel I „A‟ for funding to
Budgetary Institutions (BIs) or Public Bodies for general budgetary support; and
Channel I „B‟ for funding BIs or Public Bodies for specific programs and projects.
Channel II – This is one of the aid disbursement channels used by bilateral

donors for releasing resources to beneficiary institutions (BIs) under projects
financed by them. The donors directly provide goods and/or funds to
beneficiaries usually to the Public Bodies.
Channel III – Under this channel, the donors directly control all grant funds.
The donors maintain their own bank accounts, pay directly to contractors
and/or suppliers as when requested to do so by the fund recipients.

Basic bid documents and processes

Bid documents for project and contract works normally contain the following:
1 Letter of invitation to bidders;

2 Instruction to bidders;
3 Conditions of contracts;
4 Forms of letters and schedules; and,
5 Requirements and specifications.
The bid should be announced through the appropriate media and the proposals
received from potential suppliers. The bid documents received are then opened
in the presence of bidders or their representatives and compared for compliance
with the tender documents, and finally, the one who satisfied the requirements
is selected.
The following criteria could be used to judge the proposals:

 Technical competence; and,
 Cost.
Sometimes after sales service and support is considered. Finally, the contract is
signed with the winners.
Audit objectives of project and contract expenditures

The reasons for conducting contract and project audits should be to ensure that
the works are done effectively, economically, efficiently and in compliance
with agreements, laws and regulations.
The reviewing of audit subjects (operations, projects, programs, and activities) is

to determine whether:
 Resources are economically acquired and efficiently utilized;

 Established objectives are achieved;
 Users are satisfied with the type or level of goods or services
rendered by the organization; and,
 Prevention and control of fraud.

Economy is doing things cheap; efficiency doing things in the right way and
effectiveness doing the right things, which is, achieving objectives.
The audit objectives with respect to projects, contracts and donors‟ and counter
part funds, therefore, are as follows:
o To ensure proper collection and use of funds designated for the

specific project purposes in compliance with agreement terms, laws,
regulations, guidelines and budgetary controls;
o To ascertain that proper records are maintained to ensure adequate
stewardship over grants and loans; and,
o To ensure the economic and efficient use of the funds and the
prevention and control of fraud.
The objectives of internal control over verification of projects and contracts

expenditure are to obtain maximum operating efficiency from the money
invested in these assets. (See „Fixed assets‟ and „Expenditures‟ sections of this
training module.)
Audit procedures
The audit of projects and contracts funded by donors‟ grants and loans and the
Ethiopian Government budget should commence with the evaluation of the
internal control system using Internal Control Questionnaires (ICQs) or
Internal Control Evaluation Questionnaires (ICEQs). (See examples in the
Internal Audit Manual.)
The audit procedures to be followed in order to ensure the correctness of project

or contract expenditures and grant fund balances and compliance with
agreement terms, laws, rules, regulations and guidelines are as follows (Note:
although you may see certain distinctions, basically there should not be any

distinction between the two procedures, but have been presented so hereunder
following the Internal Audit Manual):
A. Projects funded by grants and loans
1. Evaluate the system of internal control related to the projects;

2. Obtain the Trial Balance and the supporting schedules submitted to MoFED
and ensure agreement with the underlying accounting records;
3. Obtain copies of the funding and other agreements with the donors and the
vendors respectively and also of bills of quantities and specifications and
review to ensure compliance therewith;
4. Check and review relevant correspondence file in relation to donation/loan
advice of payment of donors/lenders;
5. Check that collection of grant/ loan funds from the donors/ grantors are
supported by official cash receipts; where grants are received in kind, check
against receipt acknowledgement documents;
6. Ensure that interest income on the funds (if any) have been accounted for;
7. Ensure that the receipts of funds including aid in kind are recorded in the
accounting books and Budget Ledger Cards as well as in the stores records
where the aid in kind represented commodities;
8. Check that the commodities are issued based on approved requisitions and
against stores issue vouchers; ensure that the commodities are used
exclusively for the project as certified by the project supervisor;
9. Where the funding comes from commodity sales or foreign currency
transactions:
9.1 Ensure that the sales have realized higher prices in accordance
with relevant Government policies and guidelines;
9.2 Ensure that official receipt vouchers are issued to acknowledge
the collection of the cash from the sales;
10. Obtain copies of approved budgets and Budget Ledger Cards for comparison
with the expenditures incurred for the projects;
11. Vouch a sample or all of the expenditures depending on the volume of
transactions against the documents that support the expenditures starting
from the invitation for tender, as the case may be, to the execution of the
projects and the budgets;
12. Ensure that the payments are approved and are executed in accordance with
the approved budget;
13. Check that the expenditures are properly coded and accordingly recorded in
the accounting records;
14. Where separate cash and bank accounts are maintained apply the audit
procedures described under „Cash and Bank Balances‟;

15. Check that the progress of the work is properly supervised and closely
monitored;
16. Ensure compliance of performance with plans and that the reporting
requirements are also discharged;
17. Check with the view to prevent or deter the occurrence of fraud; and
investigate any fraud with the approval of the Head of the Public Body.
B. Contract audit
1. Evaluate the system of internal control related to the contracts;

2. Obtain the Trial Balance and the supporting schedules submitted to MoFED
and ensure agreement with the underlying accounting records;
3. Obtain copies of the funding and other agreements with the donors and the
vendors respectively and also of bills of quantities and specifications and
review to ensure compliance therewith; (funding agreement with the donors
may not be appropriate where the funds are given by the FGE.);
4. Check and review relevant correspondence file in relation to donation/loan
advice of payment of donors/lenders;
5. Select a sample of contracts from among contracts signed during the period
of audit and ascertain that (we can view the situation by dividing „contract‟
into „pre-contract, during the duration of the contract, final account, and
post completion‟):
5.1 Effective contract administration is in place to ensure the successful

completion of the contract as to time, cost, and performance criteria
and in accordance with the policies and procedures, laws and
regulations;
5.2 Adequate procedures exist to ensure that unnecessary or extravagant

expenditures, possible collusion of employees with tender participants
or contractors or suppliers, bribery and corruption are detected and
prevented at „pre-contract stage‟; needs are identified, options
explored and designs and tender documents are prepared beforehand;
consent and lands are secured;
5.3 Bid documents are clear and complete; tenders are advertised or re-
advertised or otherwise communicated to bidders so that they are
given fair chance to participate in the bids;
5.4 There are no chances for submission of tender documents after the bid
closing dates;
5.5 Bids are collected, recorded and kept under the responsibility of a
designated officer; then tender envelopes are all opened in the

presence of bidders, evaluated and contract winners identified and the

contracts awarded to those who have satisfied the insurance and
bonding requirements and contracts signed;
5.6 Those involved in tendering and also the participants declare that
there is „no conflict of interest‟;
5.7 Loss, waste and extravagance are prevented and hence savings or
improved controls are encouraged during the prevalence of the
contract;
5.8 The works are measured and compared against planned costs, budgets
and variations, if any, are authorized before hand; and payments (not
overpayments) are effected in accordance with the measurements,
work certificates and satisfactory work accomplishment and the terms
of the agreements;
5.9 The work has been satisfactorily completed;
5.10 Retentions are withheld from all payments to the contractors in

accordance with the agreements, laws, regulations and procedures and
guidelines;
5.11 Retentions are released only upon satisfaction of the requirements;
5.12 Post-completion review is done and reported for appropriate actions;
5.13 Check for fraud with the view to prevent or deter the occurrence;
and investigate with the approval of the Head of the Public Body
where fraud is detected.
advised to refer to other relevant directives and documents issued by the
MoFED and the Public Body concerned.

SESSION XXXI
COMPUTER AUDIT
Learning Objective
At the end of this section, you will appreciate:
1 What we mean by computer audit,
2 The different phases of computer audit,
3 The procedures to perform computer audit,
4 What the internal auditors of Public Bodies in Ethiopia can do until

the real computer audit is started.
Basic concepts
Use of computer is not limited to accounting purposes. Computers in a Public
Body might be used for different purposes. For example, in Central Statistical
Authority all statistical data is kept on computer files. Similarly, other Public
Bodies such as Investment Authority, Ethiopian Mapping Authority, and
Ethiopian Radio & Television Organization use computers for non-financial
purposes. As we have said that the role of the internal auditor is to assist the
management in meeting the objectives of the Public Body, audit of computers in
the Public Bodies should encompass all such computers and computer systems.
The internal auditor should be concerned about the security of data in those
computers and backup files.
Computer auditing is a branch of general auditing concerned with governance

(control) of information and communications technologies (computers).
Computer auditors primarily study computer systems and networks from the
point of view of examining the effectiveness of their technical and procedural
controls to minimize risks. The auditors spend rather more of their time dealing

with the people who specify, develop, test, manage, administer, use and abuse
the computer systems. Computer auditing is also known as IS, IT or ICT
auditing and systems auditing.
Audit of computer systems are made at two different phases:
a) Audit during the system design phase - is needed for two major reasons.
First, by changing the system to incorporate required controls after the
system has been implemented could be expensive. Hence, the auditor
can participate during the design phase and give his comments on the
design. Second, it is often difficult, if not impossible, for the IT auditor to
understand a system that has taken several thousand hours to design and
implement on the basis of a periodic review. If the auditor is involved
during the design, he could have adequate understanding of the system.
b) Audit during the operation phase – is needed to ensure that each

application system safeguards the organization‟s assets, maintains
integrity, and processes data efficiently. The auditor is checking the
existence of sound application software system controls. These controls
are exercised at different stages in the flow of data through a computer
system. At data capture stage, controls ensure all transactions are
recorded and that they are authorized, complete, and accurate. They
ensure source data are transmitted to the point of data preparation for
input to the computer, and that source data are returned and properly
filed. The following are the different controls that exist:
1 Data preparation controls ensure all data are converted to
machine-readable form, and are authorized, complete and
accurate. They also ensure input data are transmitted to a
computer room or input device for input to the computer and that
input data are returned and properly filed.
2 Controls on the system access ensure only authorized personnel
gain access to the computing resources such as application system
files and programs.
3 Input controls ensure all data entered into the computer are
authorized, accurate, and complete. These also ensure errors
identified are corrected and re-entered for processing.
4 Transmission controls ensure data sent between two points in a
computer system is authorized, accurate and complete.

5 Processing controls ensure programs process all data entered into

the computer system and that processing is authorized, accurate
and complete.
6 Output controls ensure that output produced by the computer is
authorized, accurate and complete, distributed to the right
personnel, and properly filed.
7 Audit trail controls ensure data can be traced through a system
from its source to its final destination, and vice versa, and that the
integrity of a corrupted audit trail can be restored.
8 Back-up and recovery controls ensure that the physical existence
of data can be restored if the data are lost or their integrity is
corrupted.
An internal auditor can perform Financial Audit, Performance Audit, Contracts

Audit, Environmental Audit, etc. without considering the computer system
even if the system is computerized. For example, in Financial Auditing, the
auditor can get the printed financial statements and registers, which are the
subject of the audit. Then he can perform his audit based on the papers printed
out of the computer system. This is what is known as auditing around the
computer. This means the auditor is not worried about how the records are
maintained in the computer (the black box) and how the financial statements
are produced. He is only concerned about the output.
Auditing around the computer system might have been sufficient in the past.
Nowadays the computer systems are becoming more complex as described
above. The auditor would be obliged to use computers in his computer audit.
There are three ways in which the auditor decides on the use of computers to
perform audit procedures:
1. Processing the auditor‟s test data on the client‟s system as part of tests of
internal controls - the objective of test data approach is to determine
whether the client‟s computer program can correctly handle valid and
invalid transactions as they arise. The auditor develops different types of
transactions that are processed under his own control using the Public
Body‟s application systems on the Public Body‟s hardware. The auditor‟s

test data must include both valid and invalid transactions in order to
determine whether the Public Body‟s application software will react
properly to different kinds of data. Since the auditor has complete
knowledge of the errors that exist in the test data, it is possible for him to
check whether the Public Body‟s system has properly processed the
input. The auditor does this by examining the error listing and the details
of the output resulting from the test data.
E.G: For instance, assume an auditor is testing the effectiveness of a Public
Body‟s payroll internal controls. It is not possible for an employee to work
for 1,000 hours in a month. The auditor prepares a payroll transaction with
1,000 hours for each month and processes it through the Public Body‟s
system. If the controls are effective, the Public Body‟s system should not
process that transaction. The error listing should, therefore, indicate that the
number of hours exceeds the limit.
2. Testing the records maintained by the computer as a means of verifying
the Public Body‟s financial statements – the auditor can use specifically
developed software to test the records of the Public Body. He applies the
normal audit procedures that are used in auditing but he does not ask for
print outs of registers, ledgers and other records.
3. Using the computer to perform audit tasks independent of the Public
Body‟s records – this is a more recent development. It is now common for
auditors to use laptop personal computers (PC) as an audit tool. By using
PCs the auditor can perform many audit tasks such as analytical
procedures and working paper preparations. Data are entered into the PC
by the auditor and subsequently used by him for analysis and
summarization. For example, the Public Body‟s Trial Balance can be input
into the PC and use these data to perform analytical procedures.
Procedures
The computer audit procedures to be followed can be categorized into the
following five headings:
1. Preliminary Review Phase - is the first step in computer audit. It involves
reviewing the system, its hardware and software. This is preliminary in
nature and the objective is to obtain the necessary details on how to go
ahead in the audit. The evidence collection during this preliminary
phase is primarily done through observation, interviews, and the review
of available documentation.

2. Detailed Review Phase - is meant for thorough understanding of the

systems development controls, administrative controls and application
controls. The controls are described in Section IV of the Internal Audit
Manual.
3. Compliance Testing Phase – under this phase, the auditor determines the
operating efficiency, effectiveness and reliability of the system. At this
the auditor checks the existence of the internal controls using different
methods. One of the methods is using test data as described above.
4. Substantive Testing Phase - the objective of this phase is to acquire

sufficient evidence so that the auditor can make a final decision on
whether substantial losses have occurred or could occur in processing.
By loss we mean fraud and embezzlement, unnecessary cost incurred,
faulty management decision, etc.
5. Report writing – is the final procedure of computer audit. The auditor

shall prepare draft report, discuss it with the audited department or
section, prepare the final report and then submit it to the management.
Summary
Having thorough understanding of computer system is mandatory to perform

computer audits. Internal auditors should have Information Technology
background to perform computer audits effectively. Organizations are
employing auditors who graduated in Computer Science or Information
technology. One such example in our country is the Ethiopian Airlines.
Auditors assigned for IT audits do not have accounting background. They have
computer background.
In the Public Bodies, not all internal auditors are using computers. Some do not
have computers and are not also trained. Those trained are using the computer
in a limited way. They might use it to write their reports but, during our
assessment interview, we learnt that even report writing is done by secretaries.
Thus, application of full computer (IT) audit at present might not be thinkable

as the internal auditors in the Public Bodies are not computer experts. It is,
however, possible to perform some important procedures until it is decided to
go into full-fledged computer audit.
Under system development phase, the internal auditor can be involved to

observe that adequately qualified experts are involved in the design and
implementation of new systems and that technically fit computer network
equipment and accessories are purchased as per the specifications given by the
experts. This is highly related with procurement audit. The audit procedures
prescribed for procurement can be used.
Under administrative controls, the auditors can at least check that there are
adequate security measures to protect computers on which important
applications are run. Physical securities include protection against flood, theft,
fire, and power interruptions. The condition of the room in which the
computer is kept, restriction of entry to the computer room to unauthorized
personnel and use of password are some of the controls that should be in place
and that can easily be verified by the internal auditor. The auditor can also
make sure that computer files are kept in duplicate; at least one copy of which
should be kept outside the premises of the Public Body as disaster recovery
measure.
The auditors of the Public Bodies can then report their findings to the
department concerned and, when there are serious failures, to the top
management. If the auditor of a Public Body feels that there is a need for a more
detailed computer audit, he should bring this to the attention of the top
management so that hiring professional IT auditors might be considered.

Discuss the use of computers by the different departments in your office and
identify which of the applications are important to the achievement of the
Public Body‟s objective. Have you been involved in computer audit in you
office?

SESSION XXXII
SOCIAL AND ENVIRONMENTAL AUDIT
Learning Objective
At the end of this section, you will appreciate:
1 The relevance of Environmental Audit for Public Bodies,
2 The suggested approach to perform the audit,
3 The way report is presented to management.
Basic concepts
Social auditing is a process that enables an organization to assess and
demonstrate its social, economic, and environmental benefits and limitations. It
is a way of measuring the extent to which an organization lives up to the shared
values and objectives it has committed itself to. As stated in the Internal Audit
Manual, Environmental Audit is an audit which confirms the degree of
compliance with both internally and externally determined emission and
pollution standards.
In Ethiopia it is a constitutional right to live in a healthy environment. The

Environmental Protection Authority (EPA) is the Government body responsible
for the environmental issues. There are enabling proclamations like
Proclamation No. 299/2002, Environmental Impact Assessment Proclamation
and Proclamation N0.300/2002 Environmental Pollution Control Proclamation,
which were enacted by the Federal Council of Peoples Representatives.
The Authority has developed environmental guidelines for the implementation

of the laws. One such guideline is, guidelines on Integrated Pollution
Prevention and Control.
A Public Body has a legal responsibility to assess its activities, identify those
activities having impact on environment and take adequate action to protect the

environment. Failure to do so might cause damage to the public and the Public
Body might be held responsible for its action.
The role of the internal auditors in this respect is to discuss with senior
management to identify activities in the Public Body that may, if not properly
managed, cause environmental pollution. A good example in the Ministry of
Agriculture and Rural Development could be pesticides. These chemicals should
be preserved in a proper way and, if there is a need to dispose them of, should
be disposed of in a proper way. In identifying the appropriate procedures to deal
with environmental issues, we suggest that the management and the internal
auditor have to consult Environmental Protection Authority.
Procedures
The Objective of Environmental Audit is:
1 That the rules and procedures emanating from the Proclamations

mentioned above, the different guidelines issued by EPA and other
internal and external guidelines are complied with; and,
2 That employees understand their role in the environmental
management;
The Environmental Audit procedures will be:
1. The auditor might not have adequate knowledge as to which activities

and as to which stock items might cause damage to the environment.
The first thing to do is to discuss environmental issues with senior
management and try to identify risky areas. Through this discussion, the
auditor establishes which department of the Public Body to talk to and
the issue to discuss,
2. The auditor will continue to discuss with the department heads and
other officers identified to have knowledge of the activity or the item
with potential environmental problem;
3. Together with the officer of the department, define the requirements –

conventions and laws or social and moral responsibilities that should be
taken into account. As suggested above, discussions with EPA will help

to identify the Ethiopian Laws, International Conventions and

Guidelines that are relevant to the activity or item on hand;
4. Develop checklist based on above to check compliance with them;
5. Periodically perform Environmental Audit using the checklist. The
techniques to be used are observations and interviews of employees
concerned;
6. After performing the audit, the auditor has to evaluate his findings. He
should have meeting with the department head concerned to evaluate
findings and identify corrective actions;
7. The auditor then reached agreement and signs it with the department
manager;
8. Make proper follow up to ensure that corrective actions agreed are being
implemented;
9. After performing the audit in all risky areas, overall report to top-level
management should be prepared. The report should state the steps
followed to perform the audit, the audit findings, the corrective actions
agreed with the concerned departments and the actions taken so far. The
report might also indicate the responsibility of the senior management to
deal with some of the items that are not dealt with.
Summary
Environmental Audit is a new area of audit. It is not yet well developed. The
purpose of this section is to indicate how the internal auditor helps the
management and how the internal auditor protects the Public Body from any
damage that might be caused because of failure to put appropriate procedures in
place to deal with activities or items that might cause environmental pollution.
We should not forget that failure to observe environmental rules might bring
financial liability to the Public Body. This in turn will have an impact on the
Financial Audit to be performed. If there is a penalty levied due to the failure,
the auditor might want to test the source of fund to cover the payment, the
approval of the payment, and the accuracy of the recorded liability.

1. What type of activities and what type of stock items might cause
environmental problems in your Public Body?
2. The Internal auditor of Ministry of Health received complaints from the

public that the residents near one of the Ministry‟s store are being
disturbed by a bad smell coming out from the store since recently. What
do you think will be the action the auditor will take?

Audit

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Audit

Uploaded by

Copyright:

Available Formats

Internal Audit Training Manual-----------------------------------------------------------------

I. INTRODUCTION AND GENERAL BACKGROUND

This Module covers the following three sessions:

---------------------------------------Ministry of Finance & Economic Development 1

---------------------------------------Ministry of Finance & Economic Development 2

The General Concept of Auditing

It is useful for participants to have a general understanding of auditing as whole, before

---------------------------------------Ministry of Finance & Economic Development 3

Historical Development of Internal Auditing

The learning objective:

---------------------------------------Ministry of Finance & Economic Development 4

---------------------------------------Ministry of Finance & Economic Development 5

Internal Auditing in Ethiopia

---------------------------------------Ministry of Finance & Economic Development 6

---------------------------------------Ministry of Finance & Economic Development 7

The Scope and Practice of Internal Auditing in Ethiopia

---------------------------------------Ministry of Finance & Economic Development 8

1 The framework consists of a common body of knowledge most thoroughly

---------------------------------------Ministry of Finance & Economic Development 9

3 Internal Audit studies, qualification exams are based on the contents of

---------------------------------------Ministry of Finance & Economic Development 10

Definition: It is a framework of best practice guidance containing an assemblage of

Contents: The Framework contains mandatory and optional elements. The

---------------------------------------Ministry of Finance & Economic Development 11

Development and Practice Aids are made up of a variety of materials, including

The Definition of Internal Auditing (IA)

---------------------------------------Ministry of Finance & Economic Development 12

3 Assist trainees to understand internal auditing as “an independent and objective

---------------------------------------Ministry of Finance & Economic Development 13

8 Assurance and consulting: Past definitions which characterized internal auditing

---------------------------------------Ministry of Finance & Economic Development 14

---------------------------------------Ministry of Finance & Economic Development 15

II. INTERNAL AUDITING STANDARDS OF PUBLIC BODIES OF THE

---------------------------------------Ministry of Finance & Economic Development 16

The purpose of the Standards can be:

---------------------------------------Ministry of Finance & Economic Development 17

1000 Purpose, Authority, and Reasonability

---------------------------------------Ministry of Finance & Economic Development 18

1000.A1 The nature of assurance (audit) services provided to the organization

In accordance with this assurance (audit) Implementation Standards if

1000.C1 The nature of consulting services should be defined in the Audit

1100 Independence and Objectivity

---------------------------------------Ministry of Finance & Economic Development 19

1110 Organizational Independence

1110-A1 The internal audit activity should be free from interference in

---------------------------------------Ministry of Finance & Economic Development 20

Internal audit units in Public Bodies should be free to

1120 – Individual Objectivity

1 Auditors should maintain an independent mental attitude in performing

2 The principle of objectivity dictates that internal auditors perform their

---------------------------------------Ministry of Finance & Economic Development 21

3 Internal audit organizations in Public Body ought to carry out staff

5 Although auditors in Public Bodies may be aware, the principles of

---------------------------------------Ministry of Finance & Economic Development 22

1130 Impairment to Independence or Objectivity

If independence or objectivity is impaired in fact or in appearance the details of

1 If they face situations in which a conflict of interest or bias is present

---------------------------------------Ministry of Finance & Economic Development 23

1130.A1 Internal auditors should refrain from assessing specific

---------------------------------------Ministry of Finance & Economic Development 24

However, notwithstanding the preceding paragraphs, the internal auditor‟s

1130.A2 Assurance engagements for functions over which the Chief

1130.C1 Internal auditors may provide consulting services relating to