Audit Book April 2015 Adopt L5 Enset

CHAPTER 1
AUDIT ENVIRONMENT AND ASSURANCE REPORTING
INTRODUCTION
Audit is being conceived as an assurance engagement. That is a process whereby a person (or body)
provides another person (or body) with an assurance or expresses a conclusion that is intended to increase
the confidence that the latter can place in a given subject matter or information.
In our day-to-day life, when you dress up for an outing, you would like to get the assurance from a person
next to you, that your dress fits you. By asking: Am I ok in the dress? An alternative approach would be for
to look yourself into the mirror.
Auditing is out here to provide assurance to the users of financial statements of their truth and fairness.
“Truth and fairness” is a concept that we will study later in text. For now, this concept simply means
“sincere”.
It now appears wise for us to know what is meant by “assurance” or better still “assurance engagement”.
1 – WHAT IS AN ASSURANCE ENGAGEMENT?
1.1 – Definition of “assurance engagement”
An assurance engagement is one in which a practitioner expresses a conclusion designed to enhance the
degree of confidence of the intended users other than the responsible party about the outcome of the
evaluation or measurement of a subject matter against criteria.
Example of an assurance engagement

Imagine you are buying a house. You would like to find out about the structural soundness of the property. That, you
would probably engage a surveyor.
There are alternatives:
a) You could go and look at the property for yourself – tap the walls, look for damp patches, pace out the sizes
of the rooms;
b) You could ask the vendor.
Why should you ask a surveyor, who will charge you a fee, and, when you get the report, will warn you that because
it was not possible to lift carpets, or drill holes in the walls, there may be some things that were missed and for
which he or she cannot be held responsible?
You do it because you know that the surveyor has more expertise than you have about the structure of houses, and
you will feel more confident buying the house as a result.
You do it because you believe that if you have a surveyor’s report it will reduce your exposure to risk – the risk of
rising damp, subsidence, collapse or any other reason why your substantial investment in the house may lose its
value.
You are looking for assurance.
1.2 – Features of an assurance engagement

Also referred to as the elements of an assurance engagement
The house purchase example has most of the attributes of an assurance engagement.
It has three people involved:
 A “responsible party” – the vendor who currently owns the house;

 A “practitioner” – the surveyor whose job is to prepare a report setting out an opinion on the state
of the house;
 An “intended user” – you, the prospective purchaser of the house, hoping that your confidence in
the state of the house will be enhanced as a result of the report.
It has a “subject matter” – the house about which the report is written.
It has a report which contains a “conclusion” about the state of the property.
There is one further possible element to the engagement.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 1
It would also be possible for there to be “subject matter information”, estate agents’ particulars for
example, and the report, rather than being designed to tell you about the house itself, might instead have
been intended to confirm the details contained in the particulars.
Summary of features:
i. The practitioner who conducts the work

ii. The user who commissioned the work
iii. A responsible party
iv. The subject matter
v. The subject matter information
vi. Criteria (existing regulation and rules serving as basis and reference for the practitioner)
vii. Sufficient appropriate evidence which needs to be documented
viii. Report
1.3 – International framework for assurance engagements
Assurance engagements are governed by the International Framework for Assurance Engagements. The
framework has been promulgated by IFAC (the International Federation of Accountants).
For this framework, an audit is a particular type of assurance engagement.
An audit has:
i. The auditor as the practitioner who reports to;

ii. The company’s shareholders, who are the users, about;
iii. The financial statements which are the subject matter information, which give information about;
iv. The company’s performance which is the subject matter prepared by the;
v. Directors who are the responsible party;
vi. Criteria: the auditor knows that financial statements have to comply with the rules laid down in the
Companies Act 2006 (OHADA Uniforms Acts for the case Cameroon for example) and Financial
Reporting Standards and knows that audit work needs to be conducted in accordance with
International Standards on Auditing.
Subject matter – further considerations

Not all assurance engagements have as subject matter the company’s performance. Other subject matters include:
 The effectiveness of the systems and procedures implemented by management to prevent errors and fraud
distorting the financial statements;
 The company’s impact on the environment;
 etc
1.4 Types of Assurance Engagements
The International Framework permits two types of assurance engagements to be performed.
- A reasonable assurance engagement, and

- A limited assurance engagement
1.4.1 Reasonable assurance engagements
Here, the practitioner:
- Gathers sufficient appropriate evidence,

- Concludes that the subject matter conforms in all material respects with identified suitable criteria.
- Gives his report in the form of positive assurance, for instance by stating that: “in the practitioner’s
opinion, financial statements have been prepared in accordance with applicable legislation and
accounting standards”.
Further example: “In my opinion:
 Management has implemented suitable systems which function effectively to reduce the risk
of fraud or other error based on XYZ criteria”; or
 The company’s emissions of greenhouse gases are within the limits set by the XYZ Act or law or
again regulation”; or again
 The financial statements give a true and fair view of the state of the company’s affairs as at 31
December 20X9 and of its profit (loss) for the year then ended and have been properly
prepared in accordance with the OHADA Uniform relative to Accountancy”.
The identified suitable criteria for the last example are the provisions of the OHADA Uniform relative to
Accountancy.
1.4.2 Limited assurance engagements
Here, the practitioner:
- Gathers sufficient appropriate evidence to be satisfied that the subject matter is plausible (apparent
noticeable, perceivable) in the circumstance.
- Gives his report in the form of negative assurance.
A negative assurance report takes the form: “nothing has come to our attention that causes us to believe
that the financial statements are not prepared, in all material respects, in accordance with an applicable
financial reporting framework”.
1.4.3 Not absolute assurance
It is not possible to give an absolute level of assurance because of:
- The lack of precision often associated with the subject matter. For instance financial statements are
often subject to estimation and judgments.
- The nature, timing and extent of procedures.
- The fact that the evidence is usually persuasive rather than conclusive.
- The fact that evidence is gathered on a test basis.
- Even if everything reported on was examined and found to be satisfactory, there may be other items
which should have been included – the completeness problem.
In the nutshell, no report on an assurance engagement can ever provide absolute assurance, because of
the nature of the evidence available.
1.5 The Level of Assurance
The framework states that the level of assurance given by a reasonable assurance engagement is high,
where as a limited assurance engagement gives a moderate level of assurance. This implies that the
confidence inspired in the user by the report produced after a reasonable assurance engagement is
designed to be greater than the outcome of a limited assurance engagement. It follows therefore that the
procedures carried out will be more intensive and the evidence gathered needs to be of higher quality for a
reasonable assurance engagement. This is reflected in the nature of the opinion given.
Summary/ overview
Assurance type Example Nature of key work Assurance Opinion/conclusion

performed level
Reasonable Audit of Detailed testing, High Positive: “We believe that the
financial evidence gathering financial statements present a true
information and substantiation to and fair view”
support the
conclusion
Limited Review of Primarily enquiries Moderate Negative: “We have not become
financial and analysis, less aware of any matter to cause us to
information detailed procedures believe that the financial statements
do not present a true and fair view”
No assurance Preparing Preparation of No conclusion
financial financial statements
statements
(compilation)
1.6 – Worked example: Assurance engagement
Darlet Plc, a large listed company at the Douala Stock Exchange, is considering taking over Edouard Ltd, a
small, family owned company.
Darlet Plc has asked Abege Chartered Accountants (ACA), an accounting firm, to carry out due diligence
(where a report is requested on an acquisition target) in relation to this prospective purchase. They want
them to review the financial statements of the last three years and ensure that they were prepared under
generally accepted accounting practice in the member-states of OHADA (Uniform Act OHADA relative to
Accountancy). They also want them to review the budgets for the coming 12 months and ensure that they
are reasonably and internally consistent.
You can see the elements of the assurance service as these:
 Practitioner: ACA
 Responsible party: Edouard Ltd
 Users: Darlet Plc management
 Subject matter: performance and financial position of Edouard Ltd
 Subject matter information: Financial statements/budgets
 Criteria: Uniform Act OHADA relative to Accountancy/reasonably and internally consistent.
ACA will plan and carry out work to obtain sufficient appropriate evidence to support their assurance
opinion, which will be given in a written report.
The benefits of this service to Darlet Plc are that:
 They are given assurance that the financial statements are in line with the Uniform Act OHADA
relative to Accountancy and therefore are understandable and comparable with other companies
they might be considering for takeover.
 They are given assurance that the budgets are reasonable and internally consistent and therefore
can be trusted as an indicator of the company’s future operating ability.
 They can therefore make an informed decision about whether to buy Edouard Ltd and for how
much.
1.7 – The Practitioner’s role

(the auditor in the case of the audit of financial statements)
1.7.1 – Qualities
Auditors describe themselves as Chartered Accountants, or Certified Accountants, or just as Accountants.

An auditor refers either to a Sole Practitioner holding a valid practising certificate or a member of a
partnership qualified to act as auditors.
Individuals who are authorised to conduct audit work may be sole practitioners, partners in a
partnership, or directors of an audit firm. To be qualified to act as an auditor, a person must be:
 A member of a Recognised Supervisory Body (RSB), for instance ONECCA, ACCA, CIMA ......., and
 Be allowed by the rules of that body to be an auditor, or
 Someone directly authorised by the state.
To be eligible to act as auditor, a firm must be:
 Controlled by members of a suitably authorised supervisory body, or

 A firm directly authorised by the state.
The law in most countries excludes those involved with managing the company and those who have
business or personal connections with them to act as auditors of the company. For instance, the following
are excluded by law from acting as auditors of a company:
 An officer of the company (Director or Secretary),

 An employee of the company,
 A business partner or employee of the above,
 Those whose objectivity and independence might be questioned by external parties because of
business relations, personal relationships, long association with the client, fee dependency, or non
audit services provided.
An auditor needs to possess four main qualities: independence, competence, integrity, and confidentiality.
a) Independence
An auditor cannot give an unbiased opinion unless he is independent of all the parties involved. Total
independence is impossible in that the auditor receives his fees from the client. Nonetheless,
independence is very important. Not only must the auditor be independent in fact and in attitude of mind,
but must also be seen to be independent.
b) Competence
An auditor must have been thoroughly trained and proven his competence before he can sign an audit
report. By law, only members of certain professional bodies can become auditors of limited companies.
These professional bodies include:
 The Association of Certified Chartered Accountants of CEMAC, The National Council of Auditors and
the National Order of Chartered Certified Accountants of Cameroon (ONECCA) – for Cameroon and
the CEMAC zone)
 The French Order of Chartered Accountants and the French Association of Auditors – for France,
 The Chartered Institute of Management Accountants (CIMA), the Association of Chartered Certified
Accountants (ACCA) – for the United Kingdom,
 The American Institute of Chartered Public Accountants (AICPA) – for the United States,
 Etc.
These professional bodies have developed competence in their members by using difficult examinations,
post qualifying education, the publication of auditing standards and guidelines and the insistence of at
least a certain number of years of practice before a practising certificate is given.
c) Objectivity (to provide more material on this point)
d) Integrity
Qualified accountants are renowned for their honesty, discretion and tactfulness. Auditors authorised by
their professional bodies to conduct audits are known as Registered Auditors. Registered Auditor firms are
supervised and inspected by their professional bodies acting as supervisory bodies.
e) Confidentiality
According to this rule of professional conduct, information acquired in the course of professional work
should not be disclosed except where consent have been obtained from the client or other proper source
to do so, or where there is a public duty to disclose, or where there is a legal or professional right or duty
to disclose. A member acquiring information in the course of professional work should neither use nor
appear to use that information for his personal advantage or for the advantage of a third party.
1.7.2 – The public interest
The practitioner (the auditor in the case of the audit of financial statements) needs to bear in mind that the
role which he or she plays has little meaning if it is not conducted in the public interest. It also needs to be
perceived in this way by interested parties.
From this flows the need for:
 Professional standards governing the conduct of assurance engagements, dealt with in a different
chapter; and
 Standards governing the ethical behaviour practitioners, dealt with in a different chapter.
1.8 – Terms of Engagement
The terms of the engagement are established through the signing of the engagement letter. The
Companies Acts and the OHADA Uniform Act state that the auditor may be asked to perform additional
work in areas such as taxation, accountancy, and such others. Before commencing any professional work,
an accountant should agree, in writing, the precise scope and nature of the work to be undertaken and this
is done through the medium of an engagement letter.
The purposes of this letter are:
 To clearly define the responsibilities of the auditor.

 To minimise misunderstanding between the auditor and the client.
 To confirm verbal arrangements in writing.
 To confirm acceptance by the auditor of his engagements.
 To inform and educate the client.
A letter of engagement is sent during the following cases:
 To all NEW clients before any professional work has to be commenced.

 To all existing clients who have not yet had the letter.
 When ever there is a change of circumstances (extra duties to be performed, a significant new
auditing guideline, a major change in ownership and management, change in the scope or context
of the assignment after initial appointment).
 In the case of groups, an engagement letter should be sent to each member company of the group
that is to be audited by the firm.
Many firms of auditors choose to send a new letter every year, to emphasise its importance to
clients.
The contents of the engagement letter
The contents of a letter of engagement for audit services are listed in ISA 210 Agreeing the Terms of Audit
Engagements. They should include the following:
 The objective and the scope of the audit;
 The responsibilities of management: the client’s statutory duties such as on accounting records to
be made available and financial statements which show a true and fair view and comply with the
Act;
 The auditor’s statutory and professional responsibilities (to report on the accounting records and
financial statements and to follow auditing standards respectively);
 The sending of a letter of weakness to the management (management letter);
 The need for a letter of representation from the management;
 The audit fees and the basis on which they are charged;
 The identification of an applicable financial reporting framework; and
 Reference to the expected form and content of any reports to be issued (not absolute assurance).
In addition to the above the engagement letter may also make reference to:
 The unavoidable risk that some material misstatements may go undetected due to the
inherent limitations in audit;
 Arrangements regarding the planning and performance of the audit;
 Any agreement for the auditor to carry out extra work;
 The agreement of management to make available to the auditor draft financial statements and
other information in time to complete the audit in accordance with the proposed timetable;
 The agreement of management to inform the auditor of facts that may affect the financial
statements;
 The request for management to acknowledge receipt to the engagement letter and to agree
the terms outlined;
 Agreements concerning the involvement of auditors experts and internal auditors; and
 Restrictions to the auditor’s liability.
1.9. – Benefits of assurance (including audit)
A key feature of assurance services is that they are provided by independent professionals who therefore
give an objective, unbiased opinion. They give the following benefits to users:
 Enhances the credibility of the information being reported on

 Reduces the risk of management bias, error or even fraud in the information being reported on
 Draws the attention of the user to any deficiencies in the information being reported on.
Assurance services also give added credibility to the wider share market:
 They ensure that high quality, reliable information circulates in the market
 They give investors added faith in the market
 They improve the reputation of organizations trading in the market.
2 – AUDIT, AS AN ASSURANCE SERVICE
2.1 – Definition of Audit
An audit is such an investigation into a set of books, and into the documentary evidence from which such
books have been compiled, as will enable an auditor to satisfy himself whether the balance sheet and/or
other statements have been drawn up in such a manner as to give a true and fair view of the state of
affairs of the concern (the business unit), and whether the profit and loss account or revenue account gives
a true and fair view of the profit or loss for the financial period under review, and to report thereon.
What should be retained from the above definition is that audit is an investigation into the accounting
records (books of original entry, journal, ledger accounts) and financial statements (balance sheet, profit
and loss accounts …). This investigation is made on the basis of evident documents such as source
documents and others. It is aimed at stating whether or not the financial statements show a true and fair
view of the transactions of the business, giving that many persons rely on financial statements for decision
making.
An audit is a key example of an assurance service.
2.2 – The general principles of external audit engagements: the agency theory
Invests
The principal: Primary agent:

Shareholder(s) Directors
Financial Stats
Gives assurance
Audits
Secondary agent:
Auditor
Agency theory – The shareholders delegate the direction of the company to directors who act as
primary agents for the shareholders of the company.
This marks the separation of the ownership of the company from its management (direction). The direction
of the company could only be assessed through the financial statements prepared by the directors. Do
these financial statements reflect the state of affairs of the company? Is the financial information therein
genuine? Do the financial statements contain lies? In typical audit terms, the question should be: “do the
financial statements show a true and fair view?”
Auditors – But in order to obtain assurance that the financial statements do show a true and fair view,
shareholders also appoint an auditor as a secondary agent. The first agent of the shareholders was the
directors.
Audit – The auditor then audits the financial statements essentially by going through the financial
statement line by line, examining each account balance.
Evidence – The evidence generated by these tests (series of examinations) then gives the auditor the
picture that financial statements show a true and fair view.
Assurance – The auditor then delivers this opinion to shareholders in the form of an audit report and
thereby delivers assurance.
The above details explain the general principles of audit which revolves around the concept of agency.
2.3 – The concepts of stewardship, fiduciary relationship and accountability
2.3.1 – Notion of stewardship
Stewardship is the responsibility to take good care of resources. A steward is a person entrusted with the
management of another person’s property, for example when one person is paid to look after another
person’s house while the owner goes abroad on holiday.
Owners who appoint managers to look after their property will be concerned to know what has happened
to their property. The process whereby the managers of a business account or report to the owners of the
business is called Stewardship accounting and stewardship is the name given to the practice by which
productive resources owned by one person or group are managed by another person or group of persons.
This relationship, where one person has a duty of care towards someone else is known as a “Fiduciary
relationship”.
2.3.2 - The notion of fiduciary relationship
A fiduciary relationship is a relationship of “good faith” such as that existing between the directors of a
company and the shareholders of the company. There is a “separation of ownership and control” in the
sense that the shareholders own the company, while the directors take the decisions at the company. The
directors must take their decisions in the interests of the shareholders rather than in their own selfish
personal interests.
This fiduciary relationship leads to the stewards being accountable for the way they carry out their roles of
stewards.
2.3.3 - The concept of accountability
Accountability means that people in positions of power can be held to account for their action; that is, they
can be compelled to explain their decisions and can be criticized or punished if they have abused their
position. The directors account to shareholders via financial statements.
2.4 – Other audit related concepts
2.4.1 – The concept of materiality
“Information is material if its omission or misstatement could influence the economic decisions of users
taken on the basis of the financial statements”. ISA 320 para 3
If the availability of additional information on an issue does not affect you or does not change the earlier
decision you have made, then the information is immaterial; you do consider it to have any impact.
The idea here is that material items could affect users. And therefore immaterial items could not affect
users.
E.g. a big amount of money is material (by its size).
2.4.2 – The concept of true and fair view (truth and fairness)
Directors have a statutory duty to produce financial statements which give a true and fair view, and the
auditors are required by law to report whether, in their opinion the financial statements give a true ad fair
view. There is no official definition of “true and fair” in the IAASB Glossary of terms or in any individual ISA
but:
 “Truth” in accounting terms can be taken to mean not factually incorrect, and
 “Fairness” means on the one hand clear, distinct and plain, and on the other hand impartial/unbiased,
just and equitable.
Other scholars provide the following definitions:
 “true” stands to represent the arithmetical accuracy of the figures (within materiality).
 “fair” stands to represent the honest and clear presentation of the financial information (for the
purpose of effective communication with stakeholders).
2.5 – Objective of audit
The objective of audit is to produce a report by the auditor of his opinion of the truth and fairness of
financial statements so that any person reading and using them can have belief in them.
This is achieved by the expression of an opinion by the auditor on whether the financial statements are
prepared, in all material respects, in accordance with an applicable financial reporting framework.
2.6 – The audit report
 Communication means used by the auditor to express his opinion at the end of the audit.
 Could be either an unmodified (unqualified) or a modified (qualified) report.
 If the auditor agrees the financial statements are true and fair he would give an unmodified report
(also known as a clean audit report unqualified).
Example of such a report/opinion
In our opinion, the financial statements give a true and fair view of (or “present
fairly, in all material respects”,) the financial position of the Company as of 31
December, 20X9, and of its financial performance and its cash flows for the year
then ended in accordance with International Financial Reporting Standards.
 If the auditor is unable to state the true and fair view or disagrees with some aspects of the
financial statements, a modified (also known as unqualified) report is required.
 A report states:
- The responsibilities of the management and those of the auditors within the introductory
paragraph;
- The scope of the audit focusing on the standards, the fact that only a reasonable assurance
could be provided and the meaning of an audit;
- The opinion of the auditor as shown above;
- Signature, address of auditors and date.
NB: The audit report is studied in details in the last chapter of this text.
2.7 – Value attached to audit by management

The audit is valued by management because:
 They value having their business scrutinized by another set of professional eyes.
 It provides additional assurance to third parties such as taxation authorities concerning the
reliability of the financial statements.
 A growing business will one day require an audit.
 Audit may have subsidiary benefits, such as the auditors recommending improvements in company
systems.
2.8 – Limitations and benefits of statutory audits

Benefits
 High quality, reliable information circulates the markets (gives investors faith and improves
reputation of the market).
 Independent verification (management value having their business scrutinized).
 Reduces the risk of management bias, fraud and error (by acting as a deterrent).
 Enhances the creditability of the information (especially for raising finance and for the tax
authorities).
 Deficiencies may be highlighted in the management letter.
Limitations
 Financial information includes subjective and judgemental matters.
 Inherent limitations of controls used as audit evidence.
 Representations from management may have to be relied upon as the only source of evidence in
some areas.
 Evidence is persuasive not conclusive.
 Do not review 100% of the transactions.
3 – AUDIT AND OTHER ASSURANCE COMPARED

 This section looks at the similarities between audit and other examples of assurance of which the
main on is “a review engagement”.
 All assurance assignments follow the same basic outline with the key difference being the level of
assurance given in the final opinion.
 This has practical implications at various stages of the assignment.
3.1 – Review engagement: what is it?
An engagement to review financial statements is an example of a limited assurance engagement. The

objective of a review engagement is to enable a practitioner to state whether on the basis of procedures
which do not provide all the evidence that would be required in an audit, anything that has come to the
practitioner’s attention that causes the practitioner to believe that the financial statements are not
prepared, in all material respects, in accordance with an applicable financial reporting framework. In a
review engagement, the auditor gives negative assurance, reporting that he is not aware that anything is
materially wrong.
3.2 - Characteristics of a review engagement
A review engagement has all the attributes of any assurance engagement, such as:
- The practitioner who conducts the work

- The user who commissioned the work
- A responsible party
- The subject matter
- The subject matter information
- Criteria
- Sufficient appropriate evidence which needs to be documented.
- A report.
3.3 - Differences between a review engagement and an audit
- The practitioner is not carrying out an audit.

- For an audit, the user will always be the company’s shareholders, whereas for review engagement, the
user could be whoever commissions the work e.g. a bank wanting to know whether to maintain
existing or extend further credit facilities.
- The subject matter of a review engagement will be the performance of the business and the subject
matter information will be financial statements. However, the period reviewed could be any period
determined in the terms of engagement rather than the statutory reporting period subject to an audit.
- Again, the financial statements could be management accounts, profit forecasts or similar reports,
rather than the statutory financial statements prepared under applicable law and accounting principles
which are the subject of an audit.
- The criteria for auditing financial statements are applicable law and accounting standards but for a
review, engagement, the criteria will be whatever is agreed in the terms of engagement.
- An audit report gives positive assurance whereas the report after a review engagement gives negative
assurance.
3.4 – Review engagement and the quality of evidence
It is clear that far less evidence is obtained during a review assignment, and the evidence is generally less
reliable as some of the most reliable sources, such as third party confirmations and evidence generated by
the assurance provider are not required.
In some cases, the nature and quality of the evidence that can be obtained is further affected by the nature
of the subject matter of the assignment. If the firm (the auditor) is appointed to carry out a review of
forecast figures to be presented to potential lenders then again analytical procedures and inquiry will be
employed but the reliability of the evidence will be even lower due to the uncertainties involved. The
figures being reviewed relate to transactions and events, some or all of which have not yet occurred at the
time the opinion is given. The information is based on subjective estimates.
3.5 – Review engagement and reporting
At the end of a review engagement, the assurance provider can give only a low level of assurance and may
include additional warnings to readers of the assurance opinion about the nature of the information and
the assurance that can be given.
3.6 – Other examples of review engagements
Examples of other assurance engagements, where the terms of the engagement will be agreed between
the practitioner and the person commissioning the report, include:
 Value for money studies;

 Environmental audit;
 Circulation reports (for newspapers, magazines, etc);
 Cost/benefit reports;
 Due diligence (where a report is required on an acquisition target);
 Branch audit (where an overseas company trades in a country through a branch and wants an audit
of the branch even though it is not required by legislation);
 Reviews of specific business activities;
 Internal audit;
 Reports on website security;
 Fraud investigations;
 Inventories and receivable reports
 Internal control reports
 Reports on business plan (for banks and providers of finance).
4 – THE EXPECTATION GAP

4.1 – What is the expectation gap?
This is so-called “gap” is between the expectations of users of assurance reports (particularly of audit
reports under the Companies Act/OHADA Uniforms Acts) and the firm’s legal responsibilities. For example,
users of the financial statements may well expect that an assurance engagement involves the checking of
every single transaction, while the firm judges that checks on a test basis are sufficient.
This is further compounded by confusion over the meaning of the report that the auditor gives. The
misunderstandings made by lay users of financial statements can be summarized as follows:
 Many believe that responsibility for preparing financial statements lies with the auditor, rather
than with management;
 It is widely believed by the general public that the auditor’s principal duty is to detect fraud, when
in fact the duty is to make a report as to whether or not the financial statements are materially
misstated, irrespective of whether such misstatement arises as a result of fraud;
 In most cases the users of financial statements will also have little perception of the concept of
materiality and believe that the auditors check all the transactions that the company undertakes;
 The public generally perceives that an audit report attached to the financial statements means that
they are ‘correct’, rather than just meaning that there is reasonable assurance that they show a
true and fair view.
4.2 – Narrowing the expectation gap

Various steps have been taken to try to reduce the expectation gap.
a) Expanding the audit report
The content of the Company Act audit report has been expanded to:
 Set out the responsibilities of auditors and directors;

 Explain how an audit is conducted:
 On a test basis, which implies sampling;
 By assessing significant estimates and judgements;
 So as to give reasonable assurance on the accounts;
 So as to detect material misstatements – in relation to fraud, error or any other
irregularity.
In the case of listed companies the report has been expanded further to explain to the users of financial
statements that the auditors review statements made by the company about its corporate governance
procedures, and consider other information included with financial statements to ensure it is consistent.
b) Engagement letter
When the firm (of auditors) issues an engagement letter, the letter includes a paragraph reminding the
directors of their responsibilities and setting out the firm’s responsibilities.
c) Directors’ responsibilities
The reporting requirement was extended by the guidance on the preparation of audit reports, to include a
statement of the directors’ responsibilities.
This serves to make the respective responsibilities of management and auditors clearer to the users of the
financial statements.
d) Audit committees
Various statements of the principles of corporate governance developed for listed companies have
recommended that companies should establish an audit committee of the board to liaise with and receive
reports from both external and internal auditors. (Internal auditors are people who work for a company
and help the directors to ensure that accounts are properly kept and business risks are minimized.
‘External auditors’ is the phrase used to describe those involved in the independent Company Act audit.).
The existence of an audit committee serves as a reminder of the division of responsibilities between
auditors and management. The disclosures made in the company’s annual report about its corporate
governance practices should include comments about the operations of its audit committee.
4.3 – So why do things still go wrong?
Sometimes companies fail. Sometimes people commit fraud. Sometimes people make genuine mistakes
when financial statements are being prepared.
These events are never the fault of the auditor – although as we have seen, the expectation gap means
that the users of financial statements do not necessarily understand this.
Sometimes – and these tend to be the most difficult cases – events like this occur, the auditors do not
detect them, but no audit failure takes place.
How can this be?
If:
 The effect is immaterial; or
 The accounts, in spite of the event taking place, still show a true and fair view; or
 The auditor’s procedures were properly planned, executed and documented but the event could
not be detected for some reason, perhaps a carefully executed fraud or a sudden, cataclysmic
change leading to the company’s collapse;
the auditors may not be at fault.
Nevertheless, corporate collapses do happen and the auditors are found to have been negligent in some
way. Clearly, in these cases, something must have gone wrong in:
 Planning the audit;
 Performing the audit;
 Drawing conclusion from the work done.
These failures can usually be traced to one of four main causes:

 The failure to assess audit risk properly;
 The failure to respond appropriately to audit risk;
 The failure to recognize and respond to situations where the auditor’s objectivity is threatened;
 The failure to recognize and respond to situations beyond the auditor’s area of competence.
The first two of these causes are dealt with in a subsequent chapter(s) (xx), dealing with the detail of
auditing.
The last two points are dealt with in a subsequent chapter (xx) on Professional Ethics.
CHAPTER REVIEW QUESTIONS
Question 1 – Define an assurance engagement.
Question 2 – Any assurance engagement requires which of the following elements?
Question 3 – In a reasonable assurance engagement, a negative conclusion is drawn.
True False
Question 4 – Audit is a limited assurance engagement.

True False
Question 5 – Which of the following is not a potential benefit of having an audit?

A Management may value having their business scrutinized by a set of professional eyes.
B Assurance may be given to parties other than management who have a financial interest in
the company.
C Audit is likely to be required in the near future by a growing company.
D Fraud will be uncovered by the auditors.
Question 6
The auditor’s opinion on the financial statements is based on the concept of reasonable assurance.
State what reasonable assurance means. (1 mark)
Question 7
Your client is the parent company of a diverse group with several subsidiaries, some of which are below the
threshold required a statutory audit.
The client has suggested that costs could be saved if these companies were not subjected to audit, and has
asked for your views.
Set out the benefits that these companies may obtain from an audit that you will explain to the directors.
(2 marks)
Question 8
What are the benefits of assurance reports? (2 marks)
Question 9
An audit conducted under the Companies Act provides reasonable, not absolute, assurance that the
financial statements are free from material misstatements.
List the reasons why an audit cannot provide absolute assurance that the financial statements are free
from material misstatements. (4 marks)
Question 10 – Benefits of assurance
During the night of 25 March 20X9 strong gales caused the brick chimney of the factory to crash through
the roof of Hancock Ltd’s assembly area. Production was severely disrupted for a period of two months.
In addition to claiming from its insurers for the cost of repairing the premises and for the equipment and
inventories destroyed in the accident, the company is also including a considerable claim under the loss of
profits provision of its policy. The directors have prepared detailed calculations of the loss of profit and
have requested the company’s auditors to review this claim and provide an assurance report which they
will submit with it to the insurers.
What advantages would the directors expect to gain from having this report?
Question 11 – Review and audit compared
The directors of Gony Ltd are concerned about the reliability and usefulness of the monthly financial
management information that they receive.
As a result, the company’s auditors have been engaged to review the system and the information it
generates, and to report their conclusions.
Contrast this assignment with the statutory audit of the company’s financial statements with regard to the
scope of the assignment and to the report issued.
Question 12
There has been considerable concern over the lack of understanding amongst the users of the accounts
over the level of assurance being given in a statutory audit report of a company.
Requirement
Discuss the steps that the accountancy profession has taken to resolve this issue.
Question 13 – Benefits of an audit
Aristide Ltd was established in June 20X0 to produce aristide products which are used as display units in
retail industry. The shares are owned equally by two executive and two non-executive directors.
The company’s revenue increased steadily over the first two years of trading. The results for the first year
of trading indicated an operating profit margin of 15%, and the management accounts for the second year
of trading indicate that this has increased to 18%. The directors are currently negotiating a contract worth
600 million CFAF to supply a major retailer which has over 100 outlets throughout Cameroon. The
company will require an increased overdraft facility to fulfill the order.
The finance director of Aristide Ltd has prepared a business plan for submission to the company’s bankers
in support of a request for a larger overdraft facility. The plan includes details of the company’s products,
management, markets, method of operation and financial information. The financial information includes
profit and cash flow forecasts for the six months ending 31 December 20X2, together with details of the
assumptions on which the forecasts are based and the accounting policies used in compiling the profit
forecast. The company’s bankers require this financial information to be reviewed and reported on by
independent accountants.
Although the company’s revenue was below the threshold (or is not required by law to be audited) for a
statutory audit for its first year of trading, the company was required by its bankers to have an audit of its
financial statements for the year ended 30 June 20X1. Your firm conducted this audit in accordance with
auditing standards and issued an unqualified report.
Requirements
(a) Describe the benefits, in addition to continuance of its overdraft facility, to the company and its
directors and shareholders from having an audit of its annual financial statements.
(b) Explain how and why the level of assurance provided by a report on profit and cash flow forecasts
differs from the level of assurance provided by an audit report on annual financial statements.
CHAPTER 2
STATUTORY AUDIT
1 – REGULATORY ENVIRONMENT WITHIN WHICH STATUTORY AUDITS TAKE

PLACE
The regulatory environment establishes the requirements which are all about the legal backing for audits
to be performed and its conduct.
As an obligation, all publicly quoted and large companies are required by law to produce annual financial
statements and have them audited by an external auditor. Other organizations such as small private
companies and partnerships may choose to be audited even if there is no legal requirement. The objective
of an external audit engagement is to enable the auditor to express an opinion on whether the financial
statements:
- Give a true and fair view (or are presented fairly in all material respects).
- Are prepared, in all material respects, in accordance with an applicable financial reporting
framework.
N.B: The financial reporting framework to be applied will vary from country to country.
In the conduct of an external audit, the auditor should follow the following general principles:
 Compliance with applicable ethical principles; that is, the IFAC (International Federation of
Accountants) code of ethics for Professional Accountants and the ethical pronouncements of the
auditor’s professional body (for example, the ACCA’s rules of Professional Conduct).
 Compliance with applicable auditing standards as established by international bodies such as the
International Auditing and Assurance Standards Board (IAASB’s) and ISAs (International Standards on
Auditing).
 Planning and performing the audit with an attitude of Professional Scepticism that recognizes that
financial statements being audited may be materially misstated. For instance, the auditor should not
simply accept an explanation about a matter given by management but should seek further evidence
about the matter that confirms or contradicts management’s explanation.
To these general principles, other scholars add that:

 Sufficient appropriate audit evidence is gathered.
 The evidence is properly reviewed and valid conclusions drawn.
To summary, the conduct of an audit is governed by three sets of rules:
 The code of Ethics (read the next chapter)

 Auditing Standards (ISAs)
 Company law.
Expandable text: audit threshold

For many years all companies registered in the UK were required to be audited. In the early 1990s certain very small
companies were granted exemption from audit and this exemption was later extended to all companies (qualified as
a small company under the Company Act 2006) fulfilling the following criteria:
 The company’s turnover must not exceed £6.5 m
 The company’s gross assets – fixed assets as disclosed at net book value in the balance sheet + current
assets – must not excess £3.2 m
 The number of the company’s employees must not exceed 50.
Expandable text: audit threshold (in Cameroon, to be provided as extracted from the OHADA Uniform Act if it
exists)
2 – International Standards on Auditing (ISAs)
 These are the rules as to how audit is performed.

 Set by: International Auditing and Assurance Standards Board (IAASB).
 IAASB is a subsidiary of the International Federation of Accountants (IFAC).
 There are more than 30 ISAs.
IFAC
The International Federation of Accountants (IFAC) is the global organization for the accountancy
profession. It was formed in 1977 and is based in New York. IFAC has more than 160 member bodies of
accountants (including ACCA), representing 2.5 million accountants from 120 separate countries.
IFAC’s overall mission is to serve the public interest, strengthen the worldwide accountancy profession,
and contribute to the development of strong international economies by establishing and promoting
adherence to high-quality professional standards.
Setting auditing standards
IFAC
International Federation of Accountants
IFAC codes IAASB

of ethics International Auditing and
Assurance Standards Board
International International
Standards on Standards on Quality
Auditing (ISAs) Control (ISQCSs)
Other IFAC and IAASB activities
 IFAC publishes a code of ethics governing all assurance engagements carried out under IAASB
standards.
 IAASB publishes International Standards on Quality Control 1 (ISQC1) setting out quality control
principles for all assurance engagements (including audits) conducted under its standards.
 IAASB sets standards for other types of assurance engagements in addition to audits.
The relationship between international and national standards and regulation
IFAC has no legal standing in individual countries. Countries therefore need to have arrangements in place
for:
 Regulating the audit profession

 Implementing auditing standards.
National regulatory bodies:
Enforce the implementation of auditing standards
Have disciplinary powers to enforce quality of audit work
Have rights to inspect audit files to monitor audit quality.
There are two possible schemes for regulation at the national level:
 Self regulation by the audit/accountancy profession

 Regulation by government or by some independent body set up by government for the purpose.
National standard setters
 May set their own auditing standards

 May adopt and implement ISAs, possibly after modifying them to suit national needs.
Expandable text – Standards setting in other countries

1 - In the UK
The Financial Reporting Council (FRC)
The FRC was established in 1990 to promote good financial reporting in the UK through the setting of accounting
standards (by the Accounting Standards Board) and the review of published financial statements (by the Financial
Reporting Review Panel).
The government has now added regulatory functions to its remit so that it has responsibility for:
 Issuing Auditing Standards – through the Auditing Practices Board (APB);
 Oversight of the accountancy profession – through the Professional Oversight Board for Accountancy
(POBA);
 Investigation and discipline – through the Accountancy Investigation and Discipline Board (AIDB).
2 – In the USA
3 – In Cameroon
3 – STATUTORY REGULATIONS ON AUDITORS
Statutory regulations on auditors govern the appointment, rights, removal and resignation of auditors.
3.1 – Qualities required of an auditor
Auditors describe themselves as Chartered Accountants, or Certified Accountants, or just as Accountants.

An auditor refers either to a Sole Practitioner holding a valid practising certificate or a member of a
partnership qualified to act as auditors.
Individuals who are authorised to conduct audit work may be sole practitioners, partners in a
partnership, or directors of an audit firm. To be qualified to act as an auditor, a person must be:
 A member of a Recognised Supervisory Body (RSB), for instance ONECCA, ACCA, CIMA ......., and
 Be allowed by the rules of that body to be an auditor, or
 Someone directly authorised by the state.
To be eligible to act as auditor, a firm must be:
 Controlled by members of a suitably authorised supervisory body, or

 A firm directly authorised by the state.
The law in most countries excludes those involved with managing the company and those who have
business or personal connections with them to act as auditors of the company. For instance, the following
are excluded by law from acting as auditors of a company:
 An officer of the company (Director or Secretary),

 An employee of the company,
 A business partner or employee of the above,
 Those whose objectivity and independence might be questioned by external parties because of
business relations, personal relationships, long association with the client, fee dependency, or non
audit services provided.
An auditor needs to possess four main qualities: independence, competence, integrity, and confidentiality
(as studied in the previous chapter).
3.2 – Appointment of auditors
In most jurisdictions, auditors are only appointed by members or shareholders in general meetings.
 Appointment at General Meetings: at each general meeting at which the accounts of a company are
to be laid before the members, the company shall appoint an auditor to hold office from the
conclusion of that meeting until the conclusion of the next general meeting at which accounts are laid
before the members. A retiring auditor may be reappointed at the general meeting.
 Appointment other than at general meetings: Directors can appoint the first auditor, or should the
office of auditor become vacant during the year, then the directors may appoint someone to fill what is
described as the “casual vacancy”. This needs the approval of members at the next AGM.
Once appointed, it is the auditor’s duty to report to the members of the company on the accounts
examined by him and laid before the company in general meetings. To enable him to carry out this duty,
the law gives the auditor a right of access to the records of the company and the right to require
information and explanations from the directors and other officials of the company.
To be qualified for appointment as auditor, the person must be:
 A member of an established and recognised body of accountants.

 Authorised by the Minister of Economic or the competent authority as eligible for appointment.
The following persons are not qualified to act as auditors:
 An officer or servant of the company; where in this connection an officer of the company includes a
director, manager or secretary.
 A person who is a partner of, or is the employee of, an officer or servant of the company.
3.3 - The removal of an auditor
The provision for removal of the auditor places the authority for removal with members in general
meeting. The aims of this provision are:
 To preserve the right of the members to appoint the auditor of their choice;
 To preserve the auditor’s independence of the directors by not permitting directors who may be in
disagreement with the auditor, to dismiss him.
3.4 - Resignation of auditors
In practice, if the auditor and management find it difficult to work together, the auditor will usually resign.
To prevent the circumstances of the resignation being hidden from the members of the company, the
auditor have to submit a statement of the circumstances surrounding his resignation.
3.5 - The responsibility of auditors upon appointment or removal/resignation
The auditor has the following responsibilities on appointment or on removal / resignation:
 On appointment:
– To obtain clearance from the client to write to the existing auditor, if denied, the appointment
should be declined.
– To write to the existing auditor asking if there are any reasons why the appointment should not be
accepted.
 On removal / resignation:
– To deposit at the company’s registered office a statement of the circumstances connected with the
resignation or removal; or
– A statement that there are no such circumstances.
– To deal promptly with requests for clearance from new auditors.
3.6 - The rights of auditors
The auditor is given the following rights by law:
 A right of access at all times to the accounting records, accounts and vouchers of the company and any
such information and explanations as the auditor considers necessary for the performance of his
duties.
 A right to attend any general meeting of the company and to receive all notices of, and communication
relating to, any general meeting which any member of the company is entitled to receive.
 A right to be heard at any general meeting which he attends on any part of the business of the meeting
which concerns him as auditor.
 On resignation, a right to request an EGM of the company to explain the circumstances of the
resignation and to request the company to circulate the notice of circumstances relating to the
resignation.
These rights are given to the auditor to enable him to carry out his duties to the members. He can
visit his client’s offices at any time, without formal prior notice, inspect the company’s accounting records
or to carry out surprise checks. The matters on which the auditor has a right to require information and
explanations are left to the direction of the auditor rather than that of the directors.
3.7 - The remuneration of auditors
The remuneration of the auditor shall be fixed by the company in general meeting, or in such manner as
the company in general meeting may determine. However, if appointed by the directors, this may be fixed
by the directors.
3.8 - The duties of auditors
The fundamental duties of the auditor are:
 To form an opinion on whether the financial statements give a true and fair view and are prepared in
accordance with applicable reporting framework,
 To issue an audit report.
Matters implicit in the audit report and which the auditor has a duty to check are that:
 The company’s financial statements agree with the underlying accounting records,
 Proper accounting records have been kept.
 All necessary information and explanation have been obtained.
 Information issued with the financial statements is consistent with the financial statements.
 Other information required by law if not included in the financial statements is included in the audit
report.
CHAPTER 3
PROFESSIONAL ETHICS
1 – THE NEED FOR PROFESSIONAL ETHICS

Basic definition of “ethics” from the Oxford Advanced Learner’s Dictionary, New 7 th Edition
The word “ethics” is always written in plural. It is the set of moral principles that control or influence a person’s
behaviour. “Moral” is an adjective (only before noun) concerned with principles of right and wrong behaviour.
Within the framework of any assurance engagement, the end-user of the subject matter needs to trust the
practitioner.
A high level of trust can only be established if the user is reassured and believes that assurance
practitioners act in accordance with a code of ethics.
The practitioner needs a code of ethics to make sure that he or she is worthy of that level of trust. The
code of ethics gives value to their work.
In order to be trusted the auditor needs to be independent of their client. Independence is defined in APB
Ethical Standard 1 as “freedom from situations and relationships which make it probable that a reasonable
and informed third party would conclude that objectivity either is impaired or could be impaired.”
Codes of ethics are issued to preserve the independence of the auditor.
Independence and objectivity are key features of the Code of ethics and they are fundamental to the
provision of assurance services.
IFAC has issued a code of ethics, as has the ACCA. These codes have the same roots and are, to all intents
and purposes identical.
Both follow a conceptual framework which identifies:
 fundamental principles of ethical behaviour;

 potential threats to ethical behaviour;
 possible safeguards which can be implemented to counter the threats.
A conceptual framework relies on a principles rather than a rules based approach. That means that the
spirit of the cod is followed rather than a strict set of rules. It is guidance so the actual application will
depend on the individual circumstances of a specific situation.
2 - Fundamental Principles
The fundamental principles consist of the following attributes:
 Objectivity
 Professional behaviour
 Professional competence and due care
 Integrity
 Confidentiality
These attributes are defined as follows:
a. Objectivity: Members should not allow bias, conflicts of interest or undue influence of others to
override professional or business judgements. Objectivity is the state of mind which has regard to
all considerations relevant to the task in hand but no other. It presupposes intellectual honesty.
This attribute promotes “justness and equity”.
Example: The owners of a private company have the opportunity to sell their shareholdings to a
large listed company and have asked for your advice. It looks like an excellent deal, but which will
almost certainly mean that your firm will lose the audit to a larger competitor. Your advice might
not be impartial – you may be tempted to advise against the deal in order to keep the client. If this
is the case, then objectivity has not prevailed.
b. Professional behaviour: Members should comply with relevant laws and regulations and should
avoid any action that discredits the profession.
Example: This is possibly the most difficult principle to illustrate. Clearly you, as a professional,
would not indulge in illegal behaviour. But does it matter what you do in the evenings or on your
lunch break?
c. Professional competence and due care: Members have a continuing duty to maintain professional
knowledge and skill at a level required to ensure that a client or employer receives competent
professional service based on current developments in practice, legislation and techniques.
Members should act diligently and in accordance with applicable technical and professional
standards when providing professional services.
In other words, members should not accept or perform work which they are not competent to undertake
unless they obtain such advice and assistance as will enable them competently to carry out the work.
Example: A client is starting to expand into areas where there are complex tax issues. You have no
direct experience of this area, but you know that a larger firm in the town does have a number of
specialists in this field. You might be tempted to think that you can “get yourself up to speed” quite
quickly.
d. Integrity: Members should be straightforward and honest in all professional and business
relationships.
Example: You find out that one of your listed audit clients is shortly to be taken over, or has access
to technological advances which will give it a fantastic competitive advantage. You might be
tempted to buy some shares or encourage your friends to do so.
e. Confidentiality: Members should respect the confidentiality of information acquired as a result of

professional and business relationships and should not disclose any such information to third
parties without proper and specific authority or unless there is a legal or professional right or duty
to disclose. Confidential information acquired as a result of professional and business relationships
should not be used for the personal advantage of members or third parties.
Example: You are tempted to share your knowledge of the takeover or technical advances
mentioned above, or even of the level of director’s salaries, with your friends on a night out on the
town.
Mnemonics on the fundamental principles

1 – Dr PICCO standing for: 2 – OPPIC standing for:
P: Professional behaviour (no discredit to O: pbjectivity
the profession. It therefore involves ICCO, P: Professional behaviour
the other principles). Equally known as P: Professional competence and due care
“professionalism” I: Integrity
I: Integrity (straightforward, honesty, C: Confidentiality
respect)
C: Competence (mastery of the work and
keeping to all changes (recent
developments) affecting the work)
C: Confidentiality (keeping the client’s
secret)
O: Objectivity (keeping independence)
3 - Threats to fundamental principles of ethical behaviour
“Threats are situations where a practitioner tempted not to follow code of ethics”. In ordinary human life,
eating without washing your hands is a threat to your health. Health is a treasury which should not be
tampered with.
The ethical professional behaviour of the practitioner should not be tampered with throughout the
conduct of an audit. In the review of the ethical professional behaviour of the practitioner, the
consideration is not only the practitioner’s view as to whether his or her integrity is under real threat, but
how the situation might appear to a third party.
The practitioner needs to:
“behave and be seen to behave” in an ethical, professional manner.
The framework has identified five potential threats to ethical professional behaviour which include:
 Self-interest threat;
 Self-review threat;
 Advocacy threat;
 Familiarity threat;
 Intimidation threat.
a. Self-interest threat: This is expressed by the existence of financial or other interests of the auditor
(including the members of his/her family or any close relationship) in the client. Examples of such
interests include:
 shareholding: financial interest in shares;

 cross selling: selling of other services to the client;
 significant outstanding fees from the client most especially if the client is suffering from
going concern problems;
 dependence on the client for significant proportion of the firm’s total fee income;
 Lowballing: making cost low;
 contingent fees i.e. where the auditor receives a commission, or a % of fees is payable
upon a specific event occurring;
 acceptance of gifts/benefits (unless modest) and hospitality. Modest means available to all
company’s staff at same terms. Again the assurance firm should establish policies on gifts
and hospitality and should be communicated. At all times the auditor should consider how
it would look to a third party. If it would be seen to jeopardise the objectivity of the auditor
it should not be accepted.
b. Self-review threat: A self-review threat occurs when the auditor has to re-evaluate work
completed by himself e.g. if the external auditor prepared the financial statements and then
audited them, or if the external auditor advised on the implementation of the financial reporting
system of the client. Here there is a risk that the auditor does not identify the shortcomings in his
own work because he does not review it thoroughly, assuming that it is up to standard because he
did the work in the first instance.
Alternatively, the auditor may identify shortcomings in his work but may not highlight them
because it will imply that his work was not up to standard.
Other self-review threat include the completion of accounting services, IT, valuation services and
tax services mostly when they involve judgment or management roles or if they are likely to have a
material effect on the financial statements. Corporate finance services are allowed when they are
aimed at assisting the client raise finance/develop corporate strategies and when they do not
involve making decisions. Internal audit services should not be undertaken. A former employee of
client joining assurance firm should not be involved in the audit until 2 years have elapsed.
c. Advocacy threat: This may occur when the auditor is asked to promote the client’s position or
represent them in some way. In this situation the auditor would have to be biased in favour of the
client and therefore cannot be objective. This could happen if the client asked the auditor to
promote their shares for a stock exchange listing or if the client asked the auditor to represent
them in court. Other examples include:
 Corporate finance services: advising on debt restructuring (entering negotiations with the
bank on clients’ behalf;
 Contingent fees;
 Dealing in clients shares.
d. Familiarity threat: A familiarity threat occurs when the auditor is too sympathetic or trusting of the
client because of a close relationship with them. This may be because a close friend or relative of
the auditor works in a key financial role for the client. The auditor may trust their friend or relative
to not make mistakes and therefore not review their work as thoroughly as they should and as a
result allow material errors to go undetected in the financial statements. Here, the auditor loses
professional scepticism. Examples of familiarity threats includes:
 Audit partners leaving to join the client;

 Acting for prolonged period.
e. Intimidation threat: The client may harass or bully the auditor into giving an unqualified opinion
when a qualified opinion is appropriate.
If the auditor is dependent on fees from a client the client may use this to their advantage and
threaten to take their business elsewhere unless the auditor gives in to their demands.
The auditor should not give in to such pressure and may choose to resign from such a client.
f. Management (APB ethical standard): This occurs when the auditor undertakes any work which
involves making judgements and taking decisions that are responsibility of management. Examples
include:
 Serving on the board of directors of any engagement partner or employee of the assurance
firm;
 Performing other services is also a management threat.
Mnemonic on threats against fundamental principles

It is known that Dr PICCO is married to Mrs IFASS
IFASS stands for:
I: Intimidation (do not allow this to happen; keep to your independence)
F: Familiarity (do not become a friend of the client)
A: Advocacy (do not be part of management; do not represent the client in anyway)
S: Self-interest (do not have any other interest in the business; limit yourself to the provision of the
audit opinion)
S: Self-review (do not produce financial statements and audit them latter on)
Note that management threat is not part of this mnemonic simply because it is an addition by APB
(Auditing Practice Baord in Britain). The others are established by IFAC and ACCA.
4 – Possible safeguards against threats
“Safeguards are guidance or course of action aimed at reducing or eliminating threats”. In ordinary human
life, a possible safeguard against a cool weather is to put a pullover.
In order to guard against the threats or perceived threats the firm (the auditing team) needs procedures to
enable it to:
 identify possible threats;
 evaluate the risk arising from the threat;
 evaluate whether the necessary safeguards are in place;
 take corrective action if necessary.
Usually this will be done through the use of checklists and the issues need to be considered:
 On acceptance of a new client;

 At the planning stage of any audit;
 At the completion stage of any audit;
 Whenever additional, non audit services are provided to an audit client;
 If any event, or change in circumstances occurs which may mean that the firm’s independence may
be threatened.
The procedures operated by the firm will normally consist of the following:
 “Fit and proper” or “independence” forms to be completed by all staff on a regular basis, disclosing
financial interests and other relevant factors.
 A checklist of procedures to be filled in when a new appointment is accepted covering such issues
as:
- proof of the client’s identity, and

- consideration of relationships with the firm, its staff, other clients, etc.
 Consideration of independence issues when files are reviewed as part of the firm’s quality control
process.
 Appointment of a senior partner with responsibility for ethical issues.
4.1 – General safeguard – safeguards created by the profession
These might include education, training and experience requirements for entry into the profession,
professional development requirements, corporate governance regulations, professional standards,
monitoring, external review of work and reports.
4.2 – General safeguard – safeguards in the work environment
These might include oversight structures, ethics and conduct programmes, good recruitment procedures,
strong internal controls, disciplinary procedures, strong ethical leadership, policies and procedures to
promote quality control, culture of strong ethics in the organisation.
4.3 - General safeguard – safeguards created by individuals
These might include professional development requirements, keeping records of contentious issues,
keeping a broader perspective, using a mentor, keeping in contact with professional bodies.
5 – Specific safeguards to specific threats to ethical professional behaviour
This refers to safeguards to put in place against specific threats:
 self-interest threats;
 self-review threats;
 advocacy threats;
 familiarity threats;
 intimidation threats;
 management threats.
These safeguards are highly dependable on specific circumstances.
6 – Other issues
6.1 – Opinion Shopping
While shareholders appoint auditors, the Directors typically seek out a potential firm for the shareholders
to vote on. The Board might be tempted to interview several firms until it found one that accepted its
accounting methods.
Any firm of auditors aware that a potential client is engaged in this process (known as “opinion shopping”)
should not accept nomination.
6.2 – Confidentiality
External auditors are in a unique position of having a legal right of access to all information about their
clients. It goes without saying that the client must be able to trust the auditor not to disclose anything
about their business to anyone as it could be detrimental to their operations. As a basic rule, members of
an audit team should not disclose any information to those outside of the audit team, whether or not they
work for the same firm. There is little point using different teams for different work assignments if staff
from different teams are disclosing information to each other!
Information should only be disclosed under certain circumstances:
 if the client has given their content;
 if there is an obligation to disclose, e.g. if the client is suspected of money laundering, terrorism,
drug trafficking;
 if it is required by a regulatory body, e.g. financial services legislation;
 if a court order has been obtained;
 if a member has to defend himself in court or at a disciplinary hearing;
 if it is in the public interest.
This latter point is difficult to prove and the audit must proceed with caution if thinking of disclosing
information for this reason. Such examples could include fraud, environmental pollution, or simply
companies acting against the public good.
Legal advice should be sought beforehand to avoid the risk of being sued. Matters to consider before
disclosing information in the public interest are whether that matter is likely to be repeated and how
serious the effects of the client’s actions are.
Where an auditor feels the need to disclose information, they should consider disclosing to the company’s
Audit Committee (or Board of Directors, if there is no Audit Committee).
In certain circumstances auditors may be required by law to disclose information. For example, where
money laundering is suspected, UK auditors must disclose their suspicions to the Serious Organised Crime
Agency (SOCA).
On some occasions, auditors may come under pressure to disclose information (e.g. to customers,
suppliers, tax authorities). There is no duty for the auditor to disclose to these parties therefore should
only do so if a court order has been obtained.
6.3 – Conflicts of interest
Members should place their clients’ interests before their own and should not accept or continue
engagements which threaten to give rise to conflicts of interest between the firm and the client. Any
advice given should be in the best interests of the client. Where clients’ interests conflict (for example,
clients in the same line of business), the firm’s work should be arranged to avoid the interests of one being
adversely affected by those of another.
The steps to be taken by the auditor are:
 once a conflict is noted, you should advise both clients of the situation
 reassure the client that adequate safeguards will be implemented, e.g. separate engagement
leaders for each, separate teams, ‘Chinese walls’ to prevent the transfer of client information
between teams and a second partner review.
 Suggest they seek additional independent advice.
 If adequate safeguards can’t be implemented, the auditor should resign.
Safeguards can help to avoid or manage a problem situation, but problems are often hard to foresee as the
auditor may have no knowledge that two clients are related in some way until a problem comes to light.
7 – Ethical issues related to accepting a new audit engagement
Before accepting a new audit engagement, think of potential issues which include ethical considerations.
a) From the ethical view point, the new auditor need to ask permission to get in contact with existing
auditor, then wait for clearance. If no response, consider the new appointment carefully.
b) Other issues are to be considered:
 Risk analysis: the auditor may not want to accept client if risk deemed to high; consider
the following: management integrity, past performance of business, internal controls,
environment (good/bad), complexity of transactions, unusual transactions, money
laundering risks, etc
 Legal issues: what to perform which is lawful;
 Practical issues: staff, timing, location, etc
Further material on accepting a new audit engagement

Procedures
If offered an audit role, the auditor should:
 Ask the client for permission to contact the outgoing auditor (reject role if client refuses);
 Contact the outgoing auditor, asking for any reasons why they should not accept appointment. If a reply is not
received, the prospective auditor should try and contact the outgoing auditor by other means e.g. by telephone.
If a reply is still not received the prospective auditor may still choose to accept but must proceed with care.
 Ensure that the legal requirements in relation to the removal of the previous auditors and the appointment of
the firm have been met (read related knowledge on the removal and appointment of auditors in Chapter 3).
 Carry out checks to ensure the firm can be independent, is competent to do this audit and has the necessary
resources.
 Assess whether this work is suitably low risk.
 Assess the integrity of the company’s directors.
 As a commercial organization, the firm should also ensure that this is a desirable client (e.g. right industry,
suitable profit margin, etc.).
 Not accept the appointment, where it is known that a limitation will be placed on the scope of the audit.
Further explanation on accepting a new audit engagement – Know your client

Client screening procedures are designed to identify potentially high risk audit clients. A high risk client is one where
total costs will exceed the benefits to the auditor.
Considerations which are relevant in deciding whether a client is high risk include the following:
 Evidence of client involvement in fraudulent or illegal activities.
 The state of the economic sector in which the client operates.
 The nature of the industry and the client’s product lines or services.
 The client’s previous audit history.
 The general abilities of the client’s management team.
 Understanding, by the directors, of their own role and that of the auditor.
 Management permission or refusal to allow auditors to examine significant documents.
 Evidence of management intentionally failing to record a material transaction.
The review procedure is best carried out by means of a standard checklist. A client may exhibit some of the above risk
factors and yet still be accepted due to the relatively high level of the proposed audit fee. It is very much a commercial
decision to be made by the audit firm.
8 – Obtaining new audit work
The most common way of obtaining an audit engagement is by recommendation. It is not uncommon for
up to 90% of a firm’s new business to come from its existing client base. The second most common way of
obtaining new work is by submitting a successful tender.
‘Tendering’ is the process of quoting a fee for work before the work is carried out. It usually involves a
number of firms competing by submitting tender proposals to the prospective client.
Risks associated with the tender process
In addition to the risk associated with any other new client the specific risks of being involved with the
tender include:
 Waste of time – if the audit tender is not accepted
 Setting an uncommercially low fee in order to win the contract (lowballing for example)
 Making unrealistic claims or promises in order to win the contract.
Chapter 4
RESPONSIBILITIES
INTRODUCTION
The distinction between the responsibilities of company’s management and its external auditors should be
clear.
However, as discussed previously, misconceptions, particularly about the role of audit, can lead to a
phenomenon known as the ‘expectation gap’. It is therefore crucial that clearly defined distinctions
between the respective responsibilities of management and external auditors be established and that both
parties understand (and agree upon) these prior to the commencement of work.
1 – Responsibilities of Management
 Management is responsible for:
- Managing the business so as to achieve company objectives: producing suitable returns for
shareholders or achieving other targets;
- Assessing business risks to those objectives being achieved : devising necessary strategies
to deal with the business risks, e.g. business risks;
- Safeguarding the company’s assets: taking reasonable steps for the prevention and
detection of fraud and other irregularities. To carry out this responsibility they need to
implement systems and controls to safeguard the company’s assets and they need to
ensure that the systems and controls (internal control systems) operate effectively. Such
procedures may include: (i) the safekeeping of documents of title to land and buildings and
other assets (ii) the setting of authority limits, i.e. the limitation of what any one individual
can do without consulting someone else (iii) implementing other procedures to prevent
fraud and reduce the likelihood of error.
- Keeping proper accounting records: this requires records of (i) the cash payments and
receipts (ii) what the payments and receipts relate to (iii) the assets which include non-
current assets and inventory (iv) the liabilities.
- Preparing company financial statements: which give a true and fair view of the affairs of
the company at the end of the accounting period and of the profit or loss of the company
for that period. In preparing those financial statements, the directors are required to: (i)
select suitable accounting policies and then apply them consistently (ii) make judgements
and estimates that are reasonable and prudent (iii) comply with applicable accounting
standards (iv) prepare the financial statements on the going concern basis unless it is
inappropriate to presume that the company will continue in business. Once the financial
statements have been prepared, it is the directors’ responsibility to ensure that they,
together with the auditor’s report, are laid before the members of the company in general
meeting.
- Ensuring the company complies with applicable laws and regulations: laws and regulations
concerning: (i) money laundering (ii) health and safety (iii) employer’s liability (iv) paye and
payroll matters.
 It is not the responsibility of the auditors of a company to do any of the above.
2 – Responsibilities of the external auditors
2.1 – General
“The responsibilities of the external provider of assurance services is determined by:
 The requirements of any legislation or regulation under which the engagement is conducted;
and/or
 The terms of engagement for the assignment, which will specify the services to be provided;
 Ethical and professional standards;
 Quality control standards”. (International Framework for Assurance Engagements)
2.2 – The audit opinion
a) Main responsibility
The auditor’s main responsibility is to form an opinion on whether the company’s financial statements give
a true and fair view.
Auditors are NOT responsible for:
 Preparing the financial statements;

 Choosing accounting policies;
 Implementing systems and controls; or
 Establishing the mechanisms for ensuring that good standards of corporate governance are
maintained.
b) Other responsibilities and consequences
To formulate an opinion, the auditor has to ensure that:
 The audit is planned properly;

 Sufficient appropriate audit evidence is gathered;
 The evidence is properly reviewed and valid conclusions drawn.
The more effectively the auditor performs these responsibilities the lower the risk that they come to the
wrong conclusion.
To assist in planning and performing their work auditors must consider:

 The quality of accounting systems from which the financial statements are produced;
 The effectiveness of the internal controls operated by the company to ensure that its financial
information is as complete and accurate as possible; and
 The standards of corporate governance, including the effectiveness of the internal audit function.
All of these factors affect the risk of misstatement and, for that reason, affect the risk of giving an
inappropriate opinion.
However, it must be remembered that the establishment and maintenance of these systems is the
responsibility of the company and its management, NOT its auditors.
2.3 – Non-assurance services

A firm which is engaged by management to provide additional non-statutory and non-assurance services is
only responsible for providing the services specifically negotiated with management. Such engagements do
not result in the firm taking responsibility for any aspects of the company’s operations or procedures.
For example, a firm may be engaged to perform services additional to the audit such as:
 Assisting the company with the maintenance of its accounting records;
 Assisting the company with preparing management information;
 Preparing the financial statements of the company;
 Preparing the tax return of the company.
The key point is that management retains the overall responsibility for all of these matters; the firm is
employed as a support to management, providing expert assistance.
3 – RESPONSIBILITIES OF INTERNAL AUDITORS

Internal auditors are either:
 Employees of the organization they are auditing; or
 Contracted to provide internal audit services through an outsourcing arrangement.
It therefore follows that the precise responsibilities of internal auditors will be defined by whoever
determine the objectives of the assignments they conduct. However, ISA 610 Using the Work of Internal
Auditors lists the main activities of the internal audit function as:
 Monitoring of internal control;
 Examination of financial and operating information;
 Review of the operating activities;
 Review of compliance with laws and regulations;
 Risk management; and
 Governance.
While some of the work performed by internal and external auditors may be similar it must be
remembered that the external auditor is solely responsible for the audit opinion. This responsibility can
never be reduced by the use of the work of the internal auditors.
If the external auditor wishes, at any point, to use the work of internal audit to assist with their procedures,
they must firstly determine:
 Whether the work of internal audit is adequate for the purpose of the audit;
 The effect of the work of internal auditors on the nature, timing and extent of the external
auditor’s own procedures;
 The objectivity of internal audit;
 The technical competence of internal audit;
 Whether the work of internal audit is carried out with due professional care; and
 Whether there is likely to be effective communication between the internal and external auditors.
4 – ERROR
 Auditors are responsible for detecting material misstatements in the financial statements, some of
which may be caused by error.
 Management are responsible for designing and implementing a system of internal control which is
capable of preventing, or detecting and correcting, errors in the financial records.
 Auditors are required to assess the system of internal control as part of their audit in order to
determine whether to rely on the system of controls or carry out extended tests of details.
 Auditors are required to report to those charged with governance on material weaknesses in
controls which could adversely affect the entity’s ability to record, process, summarise and report
financial data potentially caused material misstatements in the financial statements.
 Auditors are responsible for giving an opinion whether the financial statements are free from
material misstatements caused by error. This means that they should design procedures that are
capable of detecting errors.
 The two types of test generally carried out as part of an audit are tests of control and tests of detail
(to be studied in detail later on). The more reliance that can be placed on controls (assessed by
testing controls), the fewer tests of details may be carried out.
Definition of internal control
A process designed and effected by those charged with governance, management, and other personnel to
provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of
financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and
regulations. It follows that internal control is designed and implemented to address identified business
risks that threaten the achievement of any of these objectives.
Internal controls are designed in part to prevent errors occurring in financial information, or to detect
errors and correct them.
5 – FRAUD
 The auditor is responsible for drawing a conclusion as to whether the financial statements are free
from material misstatements caused by fraud.
 The auditor’s responsibilities with regard to fraud are set out in ISA 240 The Auditor’s
Responsibilities Relating to Fraud in an Audit of Financial Statements and include:
- Assessing risks of material misstatement;
- Discussing the susceptibility of the financial statements to material misstatement caused
by fraud.
 A key issue in relation to discovering material misstatements caused by fraud is professional
skepticism.
 When the auditors become aware of possible non-compliance, they should evaluate the possible
effect on the financial statements and on other audit evidence obtained and need to make reports
to management.
More on “fraud” is provided in the next Chapter which focuses on “Responsibilities 2 – Detection of fraud
and errors”. You are advised to read it for more knowledge on ‘responsibilities and fraud’.
6 – COMPLIANCE WITH LAWS AND REGULATIONS

6.1 – Different responsibilities
 Management is responsible for ensuring that the company complies with laws and regulations.
 Auditors are responsible for concluding that the financial statements are free from material
misstatements caused by non-compliance with laws and regulations.
 Auditors are required to have a general understanding of the legal and regulatory framework
within which the company operates.
6.2 – Laws and regulations

Auditors are interested in two categories of law and regulations:
 Those with a direct impact on the financial statements, for example, the Companies Act in the UK
or the OHADA Uniform Act on Accounting in Cameroon;
 Those which provide a legal framework within which the company operates.
The auditor should obtain an understanding of the legal framework within which the company operates as
part of his understanding of the entity and its environment (discussed in Chapter XXXX).
Areas of law which affect all businesses will be:
 Employment law or the labour code;
 Social security law;
 Health and safety law.
6.3 – Risk assessment
As part of their risk assessment procedures, auditors should assess the risk that the company is not
complying with any relevant law or regulation. Risk assessment procedures will be considered in more
detail in Chapter xxxxxxx.
6.4 – Evidence about compliance
The auditor is required by ISA 250 Consideration of Laws and Regulations in an Audit of Financial
Statements to obtain evidence about compliance with laws and regulations. It states that the auditors
should:
 Make inquiries of management;
 Inspect correspondence with relevant licensing or regulatory bodies;
 Ask those charged with governance if they are on notice of any non-compliance.
The auditors should obtain written representations that management has disclosed all known instances of
actual or possible non-compliance with laws and regulations.
6.5 – Non-compliance suspected

When the auditors suspect non-compliance, they should document findings and discuss them with
management. If the auditors cannot obtain sufficient appropriate evidence about the suspected non-
compliance, this might represent a limitation on the scope of the audit, which will result in the auditors not
being able to give an unqualified opinion.
6.6 – Reporting of non-compliance
The ISA requires that the auditors should communicate discovered instances of non-compliance with laws
and regulations to those charged with governance (the directors) without delay, and make appropriate
reports, as set out below:
If the auditors suspect non-compliance with laws and regulations

If the auditor suspects that management or those charged with
THOSE CHARGED WITH governance are involved in non-compliance, the auditor shall
GOVERNANCE communicate the matter to the next higher level of authority at the
entity, if it exists, such as an audit committee. Where no higher
authority exists auditor shall consider the need to obtain legal advice.
Only if non-compliance causes the financial statements to not give a

SHAREHOLDERS true and fair view or there is a fundamental uncertainty – in which case
it should be included in the audit report in the usual way.
THIRD PARTIES The auditor shall determine whether the auditor has a responsibility to
e.g. regulatory and report the identified or suspected non-compliance to parties outside the
enforcement authorities entity.
Chapter 5
RESPONSIBILITIES 2 – DETECTION OF FRAUD AND ERROR
1 – Definition of fraud
 Fraud is a word we normally use to cover a wide range of illegal acts.

 The term fraud means the willful misrepresentation made with an intention of deceiving others. It
is a deliberate mistake committed in the accounts with a view to get personal gain.
For audit purposes, ISA 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial
Statements, identifies two types of risk of misstatement which can arise from fraud:
 Misstatements arising from fraudulent financial reporting (fraudulent manipulation of accounts not
involving defalcation also known as window dressing);
 Misstatements arising from misappropriation of assets.
In order to have a reasonable expectation of detecting fraud or error, auditors should follow the
procedures in ISA 240.
2 – Details on the types of fraud
Fraud
Fraud through defalcation Manipulation of accounts
Misappropriation of cash Misappropriation of

goods/other fixed assets
Overstatement of profit Understatement of profit
2.1 – Fraud through defalcation (misappropriation)
The following are the methods of defalcation involving misappropriation of cash or goods:
1. By misappropriating the receipt by not recording the same in the cashbook
2. By destroying the carbon copy or counter foil of the receipt and misappropriating the cash received
3. By entering lesser amount on the counterfoil and misappropriating the difference between money
actually received and the amount entered on the counterfoil of the receipt book
4. By not recording the receipt of sale of a casual nature for example sale of scrap, sale of old
newspapers, etc.
5. By omitting to record cash donations received by non-profit making charitable institutions
6. By misappropriating the cash received on discounting the bills receivable and showing them as bills
outstanding on hand
7. By misappropriating cash received from debtors and concealing the same by giving artificial credit
to the debtors in the form of bad debts, discount or sales return, etc.
8. By adopting the method of “teeming and lading” or “lapping process”. Under this method cash
received from one debtor is misappropriated and deficiency in that debtors account is made good
when another payment is received from second debtor by crediting the second debtors account
less by that amount. This process is carried out round the year.
9. By suppressing the cash sales by not recording them or by treating the cash sales as credit sales.
10. By under casting receipt side total of the cashbook
11. By recording fictitious or bogus payments
12. By recording more payments that actual amounts paid by altering the figures on the vouchers.
13. By showing the same payment twice
14. By showing credit purchases as cash purchases and misappropriating the amount
15. Recording personal expenses as business expenses
16. By not recording discounts and allowances given by the creditors and misappropriating the
amounts
17. By overcasting the payment side total of the cashbook
18. Recording fictitious and inflated purchases and misappropriating that amount
19. By suppressing the credit notes for returns and showing the full payment to creditors
20. By including the names of dummy workers or the workers who have left the job and
misappropriating the money offered as salaries
21. By over casting the total of wages sheets and drawing that amount for misappropriation.
22. By misappropriating the undisbursed wages.
2.2 – Fraud through manipulation of accounts
It implies presentation of accounts more favorably than what they actually are. Window dressing means
showing a wrong picture. The fraud through manipulation of accounts is also known as window dressing
because accounts are manipulated to show a wrong picture of the profit or loss of the business and its
financial state of affairs. Generally this type of fraud is committed by the people at the top management
level. This does not involve any misappropriation of cash of goods but it is either over statement of profit
or understatement of the same. Such fraud is committed with certain objective and is relatively difficult to
detect.
3 – Responsibilities regarding fraud
ISA 240 sets out management and auditor responsibilities regarding fraud.
Regarding management, ISA states that the primary responsibility for the prevention and detection of
fraud rests with both those charged with governance of the entity and with management. To fulfil this
responsibility, various actions can be taken including:
 Demonstrating that management follow a culture of honesty and ethical behaviour and
communicating that they expect all employees to adhere to this culture;
 Establishing a sound system of internal control;
 From the point of view of those charged with governance, ensuring that management implement
policies and procedures to ensure, as far as possible, the orderly and efficient conduct of the
company’s business.
Regarding the auditor, the ISA states that the auditor must obtain reasonable assurance that the financial
statements, taken as a whole, are free from material misstatement, whether caused by fraud or error. The
auditor does not therefore offer complete assurance that the financial statements are free from fraud
and/or error as audit testing is not designed to provide this assurance.
4 – Risk assessment
Part of an auditor’s work must include assessing the risk of a fraud existing (discussed in Chapter 9).
ISA 240 sets out that auditors are:
 Entitled to accept representations as truthful and records as genuine, unless there is evidence to
the contrary; but also
 Required to bring professional skepticism to work.
Auditors should also carry out a discussion of the susceptibility of the entity’s financial statements to fraud.
This will usually include a consideration of:
 Where the company’s system is weak and how management could perpetrate fraud;
 The circumstances that could indicate earnings management which could lead to fraudulent
financial reporting;
 The known internal and external factors that could be an incentive to fraud being carried out;
 Management’s involvement in overseeing employees with access to cash or other assets which
could be misappropriated;
 Any unusual or unexplained changes in behaviour/lifesthle of management or employes;
 The need for professional skepticism;
 The type of circumstances that could lead to suspicions of fraud;
 How unpredictability will be incorporated into the way the audit is carried out;
 What audit procedures might be responsive to fraud;
 Any allegations of fraud that have been made;
 The risk of management override of controls.
4.1 – The auditor can suspect fraud under the following circumstances
(concrete cases)
1. When vouchers, invoices, cheques, contracts are missing, etc.
2. When control account does not agree with subsidiary books.
3. When the difference in trial balance is difficult to locate.
4. When there are greater fluctuation in Gross Profit and Net Profit ratios.
5. When there is difference between the balance and the confirmation of the balance by the parties.
6. When there is difference between the stock as per records and the stock physically counted.
7. When the explanation given by the client is not satisfactory.
8. When there is a overwriting of some figures.
9. When there is a contradiction in the explanation given by different parties.
4.2 – Procedure to be followed to detect errors
The following procedures may be adopted by the auditor to detect the errors:
1. Check the opening balances from the balance sheet of the last year;
2. Check the posting into respective ledger accounts;
3. Check the total of the subsidiary books;
4. Verify all the castings and the carry forwards;
5. Ensure that the list of debtors and creditors tally with the ledger accounts;
6. Make sure that all accounts from the ledger are taken into accounts;
7. Verify the total of the trial balance;
8. Compare the various items from the trial balance with that of the previous year;
9. Find out the amount of difference and see whether an item of half or such amount is entered
wrongly;
10. Check difference involving round figures as 1 000 000 CFAF and 100 000 CFAF etc.
11. See where there is misplacement or transposition of figures that is 45 for 54: or 81 for 18, etc;
12. Ultimately careful scrutiny is the only remedy for detection of errors.
13. See that on entry of the original book has remained unposted.
4.3 – The auditor should perform the following duties in respect of fraud
1. Examine all aspects of the finance.
2. Vouch all the receipts from the counterfoils or carbon copies or cash memos, sales mart report,
etc.
3. Check thoroughly the salary and wages register.
4. Verify the methods of valuation of stocks.
5. Check up stock register, goods inwards notes, goods outward books and delivery challans, etc.
6. Calculate various ratios in order to detect fraudulent manipulation of accounts.
7. Go through the details of unusual items.
8. Probe into the details of the problems when there is a suspicion.
9. Exercise reasonable skill and care while performing the duty.
10. Make surprise visit to check the accounts.
5 – Where fraud is suspected
If the auditors identify misstatements which might indicate that fraud has taken place, they should
consider the implications of this for other aspects of the audit, particularly management representations
which may not be trustworthy if fraud is indicated. This may lead to a limitation in the scope of the audit.
6 – Management representations
Auditors are required to obtain particular written representations from management acknowledges its
responsibility to design and implement internal controls to prevent and detect fraud and that management
has disclosed any known or suspected frauds by management, employees with a significant role in internal
control, or any other frauds which might have a material impact on the financial statements to the auditor.
In addition, management confirm in writing that it has disclosed the results of its own assessment of
whether the financial statements may be materially affected by fraud.
7 – Reporting frauds or suspected frauds
The ISA requires that the auditors should discuss suspected or actual fraud with management and those
charged with governance and make the appropriate reports, as set out below:
If they actually discover fraud.

MANAGEMENT
If they suspect fraud.
THOSE CHARGED WITH

If the auditor has identified or suspects fraud involving management.
GOVERNANCE
THIRD PARTIES
The auditor shall determine whether there is a responsibility to report the
e.g. regulatory and
occurrence or suspicion to a party outside the entity.
enforcement authorities
If fraud or error causes the financial statements to not give a true and fair view or there is a fundamental
uncertainty, it should be included in the audit report in the usual way, thereby notifying the shareholders.
Chapter 6
CLIENT ACCEPTANCE AND CONTINUANCE
1 – WHAT IS IT ALL ABOUT?
 It is all about knowing when to say no to a client when approached for an assurance
engagement.
 The question is: “Why the auditor accepts some clients (companies) and why does he rejects
others?”
The focus of this chapter is on the procedures that should be followed by a firm (auditor) before
accepting a new client, a new engagement for an existing client, or agreeing the terms of any new
engagement.
Acceptance decisions are crucially important, because new clients and/or engagements can pose
threats to objectivity, or create risk exposure to the firm, which must be carefully evaluated. One of
the current issues being debated in the profession is whether there should be an outright ban on the
provision of non-audit services to audit clients. In addition, new International Standard on Auditing
(ISA) requirements compel the firm to establish whether preconditions for an audit are present
when faced with a potential new audit engagement. All of these factors mean that acceptance
decisions must be taken with care.
2 – ACCEPTANCE AND CONTINUANCE PROCEDURES
Procedures spell out the prior work to be done before accepting or not a new clients. The concept of
continuance relates to existing or recurring engagement – engagements that are either repeated or
continuing relationships.
There are basically three principles to follow or respect within the acceptance and continuance
procedures.
Principle 1: it requires the auditor to undertake new or recurring (continuing) work only where
the auditor has:
 Competencies, capabilities, sufficient time and resources;

 Complied with relevant ethical requirements; and
 Considered management’s integrity.
Principle 2: this principle requires the auditor to “identify and resolve conflicts of interest”.
Principle 3: this principle requires the auditor to be alert to changes in circumstances that may
obligate the auditor to withdraw (where possible) from an engagement.
The various components of these principles must be developed thanks to the material gathered so
far before the third section. INCLUDED:
 ‘know your client/customer’ or ‘customer due diligence’ procedure for investigation on

management integrity. A, D AND C
 Ethical requirements
 Conflicts of interest
 Withdrawal
 Documentation of procedures
3 – PRECONDITIONS FOR AN AUDIT (What do the standards say?)
Once a firm (auditor) has decided to go ahead with an audit engagement, it must comply with the
requirements of ISA 210, Agreeing the Terms of Audit Engagements. ISA 210 was revised as part
of the International Auditing and Assurance Standards Board’s Clarity Project, with new
requirements to perform specific procedures in order to establish whether the preconditions for an
audit are present.
ISA 210 Agreeing the terms of the audit engagement establishes the preconditions for accepting an
audit, which are:
 an acceptable financial reporting framework has been used in the preparation of the
financial statements
 those charged with governance agree that they acknowledge and understand their
responsibilities.
If the preconditions for an audit are not present, the auditor must discuss the matter with those
charged with governance. Unless required by law or regulation to do so, the auditor must not accept
the engagement.
If the preconditions for an audit are not present, the auditor must discuss the matter with those
charged with governance. Unless required by law or regulation to do so, the auditor must not accept
the engagement.
Further information on preconditions for accepting an engagement

ISA 210 defines preconditions for an audit as follows:
‘The use by management of an acceptable financial reporting framework in the preparation of the financial statements and the
agreement of management and, where appropriate, those charged with governance to the premise on which an audit is
conducted’. This means that the auditor must do two things. First, the auditor must determine the acceptability of the financial
reporting framework to be applied in the preparation of the financial statements. This includes evaluating whether law or
regulation prescribes the applicable financial reporting framework, considering the purpose of the financial statements, and the
nature of the reporting entity (for example, whether a listed company or a public sector entity). In most cases this will simply be a
matter of confirming with the client that the financial statements will be prepared under International Financial Reporting
Standards, or other national reporting framework.
Second, the auditor must obtain the agreement of management that it acknowledges and understands its responsibility:
 For the preparation of the financial statements in accordance with the applicable financial reporting framework.
 For internal controls to enable the preparation of financial statements which are free from material misstatement,
whether due to fraud or error.
 To provide the auditor with access to all information necessary for the purpose of the audit.
In relation to the final bullet point, if management impose a limitation on the scope of the auditor’s work in the terms of a
proposed audit engagement, the auditor should decline the audit engagement if the limitation could result in the auditor having to
disclaim the opinion on the financial statements. The engagement should also be declined if the financial reporting framework is
unacceptable, or if management fail to provide the agreement outlined above. (ISA 580, Written Representations also requires
that management provide written representations regarding its responsibilities in relation to the preparation of financial
statements.)
ISA 220 Quality control for an audit of financial statements deals with those aspects of engagement
acceptance that are within the control of the auditor. The engagement partner must be satisfied that
appropriate procedures regarding the acceptance and continuance of client relationships and audit
engagements have been followed, and must determine that conclusions reached in this regard are
appropriate.
Engagement letter
Establishing the terms of the engagement
The terms of the engagement are established through the signing of the engagement letter.The Companies
Acts and the OHADA Uniform Act state that the auditor may be asked to perform additional work in areas
such as taxation, accountancy, and such others. Before commencing any professional work, an accountant
should agree, in writing, the precise scope and nature of the work to be undertaken and this is done
through the medium of an engagement letter.
The purposes of this letter are:
 To clearly define the responsibilities of the auditor.

 To minimise misunderstanding between the auditor and the client.
 To confirm verbal arrangements in writing.
 To confirm acceptance by the auditor of his engagements.
 To inform and educate the client.
A letter of engagement is sent during the following cases:
 To all NEW clients before any professional work has to be commenced.

 To all existing clients who have not yet had the letter.
 When ever there is a change of circumstances (extra duties to be performed, a significant new
auditing guideline, a major change in ownership and management, change in the scope or context
of the assignment after initial appointment).
 In the case of groups, an engagement letter should be sent to each member company of the group
that is to be audited by the firm.
Many firms of auditors choose to send a new letter every year, to emphasise its importance to
clients.
The contents of the engagement letter
The contents of a letter of engagement for audit services are listed in ISA 210 Agreeing the Terms of Audit
Engagements. They should include the following:
 The objective and the scope of the audit;
 The responsibilities of management: the client’s statutory duties such as on accounting records to
be made available and financial statements which show a true and fair view and comply with the
Act;
 The auditor’s statutory and professional responsibilities (to report on the accounting records and
financial statements and to follow auditing standards respectively);
 The sending of a letter of weakness to the management (management letter);
 The need for a letter of representation from the management;
 The audit fees and the basis on which they are charged;
 The identification of an applicable financial reporting framework; and
 Reference to the expected form and content of any reports to be issued (not absolute assurance).
In addition to the above the engagement letter may also make reference to:
 The unavoidable risk that some material misstatements may go undetected due to the
inherent limitations in audit;
 Arrangements regarding the planning and performance of the audit;
 Any agreement for the auditor to carry out extra work;
 The agreement of management to make available to the auditor draft financial statements and
other information in time to complete the audit in accordance with the proposed timetable;
 The agreement of management to inform the auditor of facts that may affect the financial
statements;
 The request for management to acknowledge receipt to the engagement letter and to agree
the terms outlined;
 Agreements concerning the involvement of auditors experts and internal auditors; and
 Restrictions to the auditor’s liability.
4 – ACCEPTING NON-AUDIT ASSIGNMENTS
5 – RED FLAG EXAMPLES
1. Frequent changes of auditors – can mean an organisation is opinion shopping.

2. Poor financial history – prior failed business or bankruptcy could indicate a person who takes
unjustifiable risks.
3. Work/business history – is there unstable address, employment or professional history?
4. Overly litigious as a plaintiff or defendant – signals a party who is not afraid to sue, presents a
risk of non-payment or who may not honour their agreements.
5. High turnover in upper management – can indicate a lack of internal stability.
6. Short operating history – where were the management team before they were at the current
organisation?
7. Foreign operations/plants – complex business structures may be concealing something.
8. Reluctance to provide references – if they are reluctant to disclose information now, how will
they be once they are a client?
9. Pressure to start work quickly – can be a sign that they do not want you looking into their
background.
10. Regulatory actions – can indicate poor internal controls or a management team ignoring internal
controls.
CHAPTER 7
PLANNING THE AUDIT PROCESS
Introduction
Planning plays a vital role in any assurance service whose purpose is to increase the confidence of the end
users of information by reducing their level of risk.
It is often said: “If you fail to plan then you are planning to fail”. This quotation which is full of meaning,
perfectly and adequately applies to the conduct of an audit. Planning an audit highly contributes in
ensuring that the risk that the financial statements may be misstated is reduced to an acceptable level. In
other terms, it helps the auditor to avoid the audit risk: the risk of formulating a wrong opinion.
Still in connection with planning, Laurence J. Peter says: “If you don’t know where you are going, you’ll
probably end up somewhere else.”
Relevant AUDITING AND ASSURANCE STANDARDS (International)
 ISA 220 Quality control for audit work
 ISA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements
 ISA 300 Planning an Audit of Financial Statements
 ISA 315 Identifying and Assessing the Risks of Material Misstatements through Understanding the
Entity and its Environment
 ISA 520 Analytical procedures
 ISA 550 Related parties
 ISA 570 Going Concern
 ISA 620 Using the work of an expert
1 – WHY PLAN?
Engagements are planned to ensure that the auditor:
 Devotes appropriate attention to important areas of the audit;
 Identifies and resolves potential problems on a timely basis;
 Organises and manages the audit so that it is performed in an effective and efficient manner.
Efficiency refers to the amount of time spent gathering audit evidence while effectiveness refers to
the minimization of audit risk.
 Selects team members with appropriate capabilities and competencies;
 Directs and supervises the team and reviews their work; and
 Effectively coordinates the work of others, such as experts and internal auditors.
Therefore the ultimate purpose of planning is to ensure that the risk of performing a poor quality audit
(and ultimately giving an inappropriate audit opinion) is reduced to an acceptable level.
ISA 300 Planning an Audit of Financial Statements equally makes it an obligation for auditors to plan their
work. This standard states that: “The objective of the auditor is to plan the audit so that it will be
performed in an effective manner”.
Illustration – Paying attention to important areas
Two persons are involved in a motor accident and they now need medical attention. The first person,
named Kwallar is bleeding through the nose while the second person, Fai, has a fracture at the level of the
leg. For the Medical Doctor the knowledge of these individual specific situations of these two persons is
important to enable him to focus attention on the affected areas before any other thing. Kwallar will be
administered a medical care different from that of Fai.
The approach of the medical doctor is similar to that of the auditor.
2 – THE PLANNING PROCESS - Planning activities
This section describes the stages in the planning process of an audit. These stages include:
- general understanding of the client (background research or knowledge of the business);
- preliminary analytical review;
- risk assessment;
- materiality calculation;
- tolerable errors calculations for material areas;
- the audit approach to be adopted for all areas;
- assessment of auditor’s independence
- Budget and staffing;
- Timetable and deadlines.
a) Obtaining a General Understanding of the client
The understanding of the organization, its environments and its internal controls is used to identify the
risks that the business is exposed to and, ultimately, how could these lead to a risk of material
misstatement in the financial statements.
In modern audits, the process is often referred to as Knowledge of the business, or “KOB”.
Before commencing the audit proper the auditor must try to know as much as possible about:
- The present condition and future prospects of the industry where his client operates;
- The past history, the present condition, and the future prospects of his client;
- The management and key personnel of the enterprise and any recent changes;
- The products / goods and the manufacturing and/or trading processes of the enterprise and any
recent changes;
- The locations of all the operations of the business;
- Any difficulty encountered by the enterprise in manufacturing, trading, expanding, contracting or
financing;
- Any problems in accounting or in internal control system;
- Any problem likely to lead to audit risk. For example the difficulty of assessing the value of long
term contracts in an engineering business;
- Any problem likely to be met in carrying out the audit, for example distant locations, tight timing
problems, or large staff requirement;
- Any changes in law or accounting practice which may affect the business.
-
Summary of the above section

In a nutshell, the auditor’s understanding should include information on:
 the nature of the entity
 the industry in which the client operates and the level of competition within that industry
 the client’s customers and suppliers
 the client’s management, governance, objectives and strategies, and business processes
 the regulatory environment in which the client operates.
(ISA 315 Identifying and Assessing the Risks of Material Misstatement.....)
How to obtain understanding of the client / what tools can the auditor use?
Category 1 sources: the use of tools or models
The auditor can use relatively simple and well known tools to frame its knowledge of clients, including:
 PEST analysis: this helps to assess a company’s external environment by considering the significant
political, economical, social and technological factors affecting it;
 Michael Porter’s 5 Forces analysis: this is another external analysis tool that considers the power
of buyers, the powers of suppliers, the threat of existing competitors, the threat of new entrants to
the market and the threat posed by substitute products;
 SWOT analysis: this considers a business from a more internal perspective and requires the
assessor to consider the business’s strengths, weaknesses, opportunities and threats.
Category 2 sources: other sources as required by ISA 315
i. Information from the auditor’s firm: the auditor gathers information by reading last year’s
audit files (working papers file); consulting last year’s team; consulting partner, manager of
the audit firm and industry experts;
ii. Information from the auditor: making reference to past experience;
iii. Information from the external sources: the auditor gathers information by making research
in the internet, trade press; by consulting industry surveys; by reading published material
covering the company and the industry; by making use of information from the companies
House;
iv. Information from the client: the auditor asks questions to the management of the
company; discusses with staff; observes; consults website; reads brochures.
v. Discussion among the engagement team on the susceptibility of the client’s financial
statements to material misstatements; this discussion – effectively a planning meeting – is
required by ISA 315 which equally required the minutes to developed and kept for
evidence of its holding.
vi. Perform analytical procedures at the planning stage of the audit to identify any unsual or
unexpected relationships that may highlight where risks exists. Analytical procedures are a
study of plausible relationships between both financial and non-financial data.
vii. Perform observation and inspection to corroborate the responses made by management
and others within the organization. These procedures also provide information about the
entity and its environment. Examples of such audit procedures include observation or
inspection of the entity’s operations, premises, and facilities, business plans and strategies,
internal control manuals, and any reports prepared and reviewed by management (such as
management reports, interim financial statements, and minutes of board of directors’
meetings).
By performing these activities, the auditor will gain an understanding of the issues at the entity level, the
industry level, and the economy level.
Although not expressly mentioned in this section, analytical procedures constitute an important source for
KOB. This is the subject of the next point.
b) Preliminary analytical procedures
Analytical procedures are techniques of evaluation of financial information by studying the relationship
between this information and other financial and non-financial data. They include comparison of financial
information with prior periods, budgets and forecasts and similar industries.
At the planning stage, analytical procedures are used for two main reasons:
 to help understand the client’s financial statements;

 to help spot possible errors.
If errors look possible, the audit work will be directed towards those errors.
How this is done
Basic analytical procedures could involve simply looking at the client’s trial balance or draft financial
statements to see if they appear in line with the auditor’s expectations (considering what could be seen as
normal/standard).
Typically, the auditor goes further than the above analysis by:
 monitoring statistical trends in key figures and ratios;

 asking the client why certain balances appear out of line with expectations.
Computer programs are often used to select those balances that appear furthest from expectations.
NB: Analytical procedures are mandatory at the planning stage and final review stage of the audit. At the
substantive testing stage, they may not be appropriate is some circumstances.
ADDITIONAL MATERIAL _ under processing
GOING CONCERN – Explain the going concern assumption
When planning an audit, performing an audit, and evaluating the results of an audit, an auditor will
consider whether it is appropriate to assume that their client will remain as a going concern (ISA 570).
The going concern assumption is made when it is believed that a company will remain in business for the
foreseeable future. Under this assumption, assets are valued on the basis that they will continue to be
used for the purpose of conducting a business, and liabilities are recorded and classified as current and
non-current on the basis that the client will pay its debts as they fall due in the years to come. It is the
responsibility of management and those charged with governance to assess whether their company is
likely to remain a going concern. It is the responsibility of the auditor to obtain sufficient appropriate
evidence to assess the validity of the going concern assumption made by their client’s management and
those charged with governance when preparing the financial statements.
1 – Going concern risk – indicators (for the assessment of going concern assumption)
For each client, an auditor will use their professional judgement to assess whether the going concern
assumption is valid. There are a number of indicators that, alone or combined, can suggest that the going
concern assumption may be at risk. A comprehensive list of events and conditions that place doubt on
the going concern assumption is provided in ISA 570. Indicators include:
 a significant debt-to-equity ratio
 long-term loans reaching maturity without alternative financing in place
 prolonged losses
 an inability to pay debts when they fall due
 supplier reluctance to provide goods on credit
 the loss of a significant customer
 overreliance on a few customers or suppliers
 high staff turnover
 the loss of key, long-standing personnel
 staff regularly out on strike
 uncertainty around the future availability of a key input or raw material
 rapid growth with insufficient planning
 inadequate risk management procedures
 being under investigation for non-compliance with legislation
 falling behind competitors
 significant rapid increase in competition
 prolonged drought for the agricultural sector.
If the auditor identifies risk factors that indicate that the going concern assumption is in doubt, they will
undertake procedures (when performing the audit) to gather evidence regarding each risk factor.
Example
If a client has lost a number of key, long-standing personnel, an auditor may assess the quality of the
remaining staff and the likelihood that the client will be able to hire suitable replacements in the near
future. If the auditor believes that there is an unresolved going concern issue outstanding, an
assessment is made of the appropriateness of management disclosures in the notes to the financial
statements regarding that issue.
c) Risk assessment
At this juncture of the planning process, the KOB and the preliminary analytical reviews must have
provided the auditor with the understanding of the client, the client’s environments and the client’s
internal control. It is now possible for the auditor to identify the risks the client is exposed to. This process
is known as “risk assessment”.
It is important to mention that the auditor’s assessment of risk underpins the whole of audit; that is, it
forms the basis for the success of the audit work.
It is the assessment of risk which determines the nature of the procedures to be carried out based on the
potential impact of fraud, the significant risk, how much evidence needs to be gathered.
Significant risks are particulars issues which affects the client and which require special consideration, e.g.
cash flow problems, imminent takeover, major customers or suppliers in difficulties, quality or
marketability issues with particular products.
So everything in the planning process is about the auditor’s response to assessed risk.
d) Materiality calculation
What is materiality?
“Information is material if its omission or misstatement could influence the economic decisions of users
taken on the basis of the financial statements”. ISA 320 para 3
So what really is materiality?
 A big amount of money (material by size);
 An amount which although not big:
- triggers a threshold;
- indicates future developments or other significant events;
- whose disclosure is compulsory (material by nature) including: transaction which means
the client makes a loss rather than a profit; a noteworthy threshold – 100 billion CFAF
profit; transactions with directors e.g. salary and benefits, personal use of assets, etc;
Why is materiality important?
 If financial statements contain a material misstatement they cannot show a true and fair view.
 Auditors should therefore consider materiality when determining the nature, timing and extent of
audit procedures (for financial statements not to contain material misstatements or reduce the risk
of material misstatement to an acceptable level).
The materiality level determined at the preliminary materiality assessment helps auditors decide
such questions as what items to examine and whether to use sampling techniques. This enables
them to select audit procedures that, in combination, reduce audit risk to an acceptable low level.
 This means that auditors must decide on what they mean by “material” before they design their
procedures – hence its place in the planning of an audit.
What are the implications for the work the auditors do?
Auditors will:
 Need to examine all items in the financial statements which are material
BUT
 they will also need to design tests to give assurance that material amounts have not been omitted
from the financial statements.
AND
 they will need to allow for the fact that a number of immaterial errors could together add up to a
material misstatement.
Calculating or determining materiality
Auditors plan and perform the audit to be able to provide reasonable assurance that the financial
statements are free of material misstatement and give a true and fair view. There are no hard and fast
rules for determining materiality. What is material is a matter of pure professional judgement. For
example, an amount that is material to the financial statements of one entity may not necessarily be
material to the financial statements of another entity of a different size or nature. Further, what is material
to the financial statements of a particular entity might change from one period to another.
Therefore, as earlier said, the assessment of what is material is a matter of professional judgment. This
assessment equally includes consideration of both the amount (quantity) and the nature (quality) of
misstatements.
Auditors consider the possibility of misstatements of relatively small amounts that, cumulatively, could
have material effect on the financial statements. For example, a relatively small error in a month-end
procedure could be an indication of a potential material misstatement if that error is repeated each month.
Auditors are also alert to the nature of misstatements relating to qualitative aspects of a matter. Examples
include:
 the inadequate or inaccurate (improper) description of an accounting policy when it is likely that a
user of the financial statements could be misled by the description;
 failure to disclose consequent imposition of regulatory restrictions, which may significantly impact
the entity’s ability to continue as a going concern.
However, firms typically have a standard method for calculating a baseline materiality figure as part of the
planning process.
Common measures are:
 ½ - 1% of turnover
 5 – 10% of results
 1 – 2 of assets (gross)
but these are up to the judgment of the auditor who may use different measures.
Materiality is considered at both the overall financial statement level and in relation to individual account
balances, classes of transactions and disclosures. Materiality may be influenced by considerations such as
legal and regulatory requirements and considerations relating to individual financial statement account
balances and relationships. This process may result in different materiality considerations being applied depending
on the aspect of the financial statements being considered. For example, the expected degree of accuracy of certain
statutory disclosures, such as directors’ emoluments, may make normal materiality considerations irrelevant.
Expandable text – Risk and materiality

There is a relationship between risk and materiality, in that:
 The greater the risk of material misstatement
 The lower the level of materiality.
Imagine two clients with similar levels of revenue, profitability and net assets.
Client n°1
 Is well established in a stable industry.

 Management has a strong sense of ethics which is communicated throughout the business.
 Management regards the accounting function highly, understands the accounts and insists on accounts and
other reports being produced promptly and to a high standard.
 Accounting systems are strong.
 Staff are well trained, well motivated and carry out their work efficiently.
 Audit adjustments are rare and, when they occur, are put through promptly.
Client n° 2
Is recently established in a cut-throat, volatile industry.
 Management is driven by “doing the deal” and are not averse to “cutting the odd corner”.
 Management ‘s interest in the accounts is limited to a focus on top lines sales numbers.
 Staff are underpaid, poorly motivated and expected to “pick up the systems as they go along”.
 The auditors spend a huge amount of time trying to “get things to agree”, tend to find a large number of errors,
and experience resistance to any adjustments, particularly those which reduce the level of reported profits.
It is not too hard to see that Client n° 2 is more risky than Client n° 1.
It is also true to say that, strictly speaking, the user of the financial statements of both clients would probably put the
same value on a misstatements of both clients would probably put the same value on a misstatement to be regarded as
material in both companies.
From the auditor’s point of view, however, it is highly likely that the level of materiality set for Client n°1 would be
higher than for Client n° 2, because the level of risk is lower (for Client N°1).
e) Tolerable error
What is tolerable error?
It is: “The maximum error in a population that the auditor is willing to accept”. ISA 530
This means that in the case of tests of control, the auditors will accept a certain number of instances of a
failure to apply a control procedure and will still conclude that the procedure is operating properly.
Tolerable error is considered during the planning stage, and for substantive procedures, is related to the
auditor’s judgement about materiality.
The difference between materiality and tolerable error
 Materiality concerns the financial statements as a whole.

 Tolerable error only concerns the population being tested.
f) Setting the audit strategy
The “knowledge of the business” and the “analytical review” stages have led to the “risk assessment stage”
which would now serves as a basis for the setting up/definition of an audit strategy.
The audit strategy, also referred to as “the general strategy” or “overall audit plan” is a comprehensive
plan that governs decisions on the nature, extent and timing of the audit procedures to be carried out, so
that adequate audit evidence can be obtained on the assertions for the various items presented in the
financial statements that have to be audited.
The audit strategy sets the overall approach of the audit and covers:
 The scope (of the audit): general factors influencing the overall approach to the audit:
 Financial reporting framework;
 Industry specific (special) reporting requirements (ltd companies, charities, other regulated
businesses such as banks and insurance companies);
 Other factors: multiple locations,...
 The timing (of the audit): deadlines for: final reporting, any interim report, reports to
management, reports to those charged with governance; the timing of interim and final audit
visits. The overall aim is to enable these deadlines to be met.
 The direction (of the audit): It covers the overall approach and concerns (to mean relies on) such
issues as:
 Preliminary assessment of materiality;
 Preliminary identification of high risk areas;
 Preliminary identification of material components and account
 Decisions about whether assurance is expected to be derived from reliance on controls or

a fully substantive approach;
 The need for sites visits and other logistical issues;
 The impact of recent developments at the client, in its industry, in regulatory or financial
reporting requirements.
Expandable text – Interim vs final audits
Material to be provided.
Expandable text – Material components

The term “material components” refers to: a division, branch, subsidiary, joint venture, associated company
or to other entity whose financial information is included in financial statements audited by the principal
auditor..
The audit plan
Once the audit strategy has been decided upon, the next stage is to decide how it is going to be carried
out – we need the audit plan.
The plan is based on the assessed risk and the calculated/defined materiality. Thanks to the plan, it is
possible to decide:
 What audit procedures are to be carried out;

 Who should do them;
 How much work should be done (sample sizes, etc);
 When the work should be done.
The relationship between the audit strategy and the audit plan
STRATEGY
PLAN
What evidence do we
need?
Design procedures to
get it
Whilst the strategy sets the overall approach to the audit, the plan fills in the operational details of how
the strategy is to achieved.
3 – DOCUMENTING THE PLANNING PROCESS
ISAs require that all the elements of the audit should be documented, and so it is clearly necessary to
produce a record of the audit strategy and plan, which can be referred to as the audit progresses and can
be used in the completion stages to ensure that everything has been done which ought to have done.
Most firms will use “audit packs” – pre-printed or computerized documents and checklists to ensure that
the requirements of ISAs have been followed.
Other related issues to documenting the planning process
 For large audits much of the KOB information may be kept on a permanent file and the audit plan
may contain a summary or simply cross refer to the permanent file.
 Increasingly KOB is being summarized in a planning memorandum which is updated each year.
 With computerized audit systems where all background documents may be scanned in, the
distinction between current and permanent audit files is being eroded.
 For large audits, the planning may be so complex that it needs to be summarized in a separate
memorandum.
 For small audits the summary may be all that is necessary.
The permanent file
The permanent file usually contains documents and matters of continuing importance which will be
required for more than one audit. This file usually carries
a) Statutory Material Governing the Conduct, accounts and audit of the enterprise (big or small
companies, local government etc)
b) The rules and regulations of the enterprise (memorandum of association for companies,
partnership agreement for partnerships, club rules for clubs, etc)
c) Copies of Documents containing important and relevant information to the auditor such a:
- The letter of engagement and minutes of appointment of the auditor
- Trading and other agreements entered into by the client

- Long-term and short-term deeds such as shares, debentures, loans, guarantee and indemnities.
d) The addresses of the registered office and all other premises, with a short deception of the work
carried out at each
e) An organisational chart showing the principal functional areas with a note on the number of people
involved and the names of responsible official.
f) The list of books and other records and where they are kept with the names, position, specimens of
signatures and initials of persons responsible for books and documents
g) An outline history of the organisation, including the outline on revenue, provisions, share capital and
important accounting ratios.
h) A list of Accounting matters of importance such as accounting policies used for material areas such
stock work – in - progress, Depreciation, research and Development.
i) Notes of interviews and correspondences including internal control matters and all past letters of
weaknesses.
j) A list of the shareholders, their shareholding and service contacts
k) A list of the Company’s properties and investigation
l) A list of the company’s advisors ( bankers, Stockbrokers, solicitors, values, insurance Broke, etc)
The current file
The current file contains the documentation and evidence for the current audit.
Expandable text – contents of a current file

Typically, there page 178
CHAPTER 8
AUDIT RISK
1 - INTRODUCTION
Identifying and assessing audit risk is a key part of the audit process, and ISA 315, Obtaining an
Understanding of the Entity and its Environment and Assessing the risk of material misstatement, gives
extensive guidance to auditors about audit risk assessment.
2 - WHAT IS AUDIT RISK?

According to the International Auditing and Assurance Standards Board (IAASB) Glossary of Terms, audit
risk is defined as follows:
“The risk that the auditor expresses an inappropriate audit opinion when the financial
statements are materially misstated”.
This typically means that the auditor states that the financial statements are true and fair, when in fact
they are not.
3 - WHY IS AUDIT RISK SO IMPORTANT TO AUDITORS?

Audit risk is fundamental to the audit process because auditors cannot and do not attempt to check all
transactions. Students should refer to any published accounts of large companies and think about the vast
number of transactions in a statement of comprehensive income and a
statement of financial position. It would be impossible to check all of these transactions, and no one would
be prepared to pay for the auditors to do so, hence the importance of the risk‑based approach toward
auditing. Auditors should direct audit work to the key risks (sometimes also described as significant risks),
where it is more likely that errors in transactions and balances will lead to a material misstatement in the
financial statements. It would be inefficient to address insignificant risks in a high level of detail, and
whether a risk is classified as a key risk or not is a matter of judgment for the auditor.
4 - RISK-BASED AND PROCEDURAL APPROACHES TO AUDITING
4.1 - Risk-based approach
In the previous section, we have made mention of the risk-based approach to audit work. What is it all
about?
The risk-based approach requires that the audit work be performed under ISAs and particularly ISA 315,
Obtaining an Understanding of the Entity and its Environment and Assessing the risk of material
misstatement. It says when you do an audit you have to:
i. Assess the risk of material misstatements;

ii. Address the risk; and
iii. Review the result to make sure that the risk of material misstatements has been reduced to an
acceptable level.
Why all this? The auditor should plan the audit around the risks that the client’s financial statements may
contain misstatements, whether as a result of fraud or not. The risks to which company A is exposed to are
different from those company B is. As such, each audit will involve different priorities, different tests, and
will take different lengths of time. These are the features of the risk-based approach.
The risk-based approach minimizes the chance of the auditor giving the wrong opinion. It also helps to
ensure that audit work is carried out as efficiently as possible, as assurance is obtained using the most
effective tests.
4.2 - Procedural approach
This is an alternative approach to risk-based approach. Here the auditor carries out a set of standard
procedures and tests regardless of the particular nature of the client. This approach is not recommended
by ISAs.
5 - RELEVANT ISAs TO AUDIT RISK

There are many references throughout the ISAs to audit risk, but perhaps the two most important audit
risk-related ISAs are as follows:
 ISA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance
with ISAs;
 ISA 315 Obtaining an Understanding of the Entity and its Environment and Assessing the Risks of
Material Misstatement.
5.1 - ISA 200, Overall Objectives of the Independent Auditor and the Conduct of
an Audit in Accordance with ISAs
ISA 200 sets out the overall objectives of the auditor, and the standard explains the nature and scope of an
audit designed to enable an auditor to meet those objectives. References to audit risk are frequently made
by ISA 200, and the standard also requires that the auditor shall plan and perform an audit with
professional scepticism, recognising that circumstances might exist that may cause the financial statements
to be materially misstated. Professional scepticism is defined as an attitude that includes a questioning
mind and a critical assessment of evidence.
5.2 - ISA 315 Obtaining an Understanding of the Entity and its Environment and
Assessing the Risks of Material Misstatement
ISA 315 deals with the auditor’s responsibility to identify and assess the risks of material
misstatement in the financial statements through an understanding of the entity and its environment,
including the entity’s internal controls and risk assessment process. The first
version of ISA 315 was originally published in 2003 after a joint audit risk project had been carried out
between the IAASB, and the United States Auditing Standards Board. Changes in the audit risk
standards have arguably been the single biggest change in auditing standards in recent years, so
the significance of ISA 315, and the topic of audit risk, should not be underestimated by
auditing students.
The summary of the requirements of ISA 315 is as follows:
 The auditor shall perform risk assessment procedures in order to provide a basis for the
identification and assessment of the risks of material misstatement.
 The auditor is required to obtain an understanding of the entity and its environment,
including the entity’s internal control systems.
 The auditor shall identify and assess the risks of material misstatement, and determine whether
any of the risks identified are, in the auditor’s judgement, significant risks. This is in order to
provide a basis for designing and performing further audit procedures.
 ISA 330 then deals with the required responses to assessed risks.
The
Let us consider each of these four stages in more detail.
a) - Risk assessment procedures

ISA 315 gives an overview of the procedures that the auditor should follow in order to obtain
an understanding sufficient to assess audit risks, and these risks must then be considered when designing
the audit plan. ISA 315 goes on to require that the auditor shall perform risk assessment procedures to
provide a basis for the identification and assessment of risks of material misstatement at the financial
statement and assertion levels. ISA 315 goes on to identify the following three risk assessment procedures:
i. Making inquiries of management and others within the entity
Auditors must have discussions with the client’s management about its objectives and expectations, and its
plans for achieving those goals.
ii. Analytical procedures

Analytical procedures performed as risk assessment procedures should help the auditor in
identifying unusual transactions or positions. They may identify aspects of the entity of which the
auditor was unaware, and may assist in assessing the risks of material misstatement in order to
provide a basis for designing and implementing responses to the assessed risks.
iii. Observation and inspection

Observation and inspection may also provide information about the entity and its environment.
Examples of such audit procedures can potentially cover a very broad area, including observation or
inspection of the entity’s operations, documents, and reports prepared by management, and also of the
entity’s premises and plant facilities. ISA 315 requires that risk assessment procedures should, at a
minimum, comprise a combination of the above three procedures, and the standard also requires that the
engagement partner and other key engagement team members should discuss the susceptibility of the
entity’s financial statements to material misstatement. Key risks can be identified at any stage of the audit
process, and ISA 315 requires that the engagement partner should also determine which matters are to be
communicated to those engagement team members not involved in the discussion.
b) - Understanding an entity
ISA 315 gives detailed guidance about the understanding required of the entity and its environment by
auditors, including the entity’s internal control systems. Understanding of the entity and its environment is
important for the auditor in order to help identify the risks of material misstatement, to provide a basis for
designing and implementing responses to assessed risk (see reference below to ISA 330, The Auditor’s
Responses to Assessed Risks), and to ensure that sufficient appropriate audit evidence is collected.
c) - Identification and assessment of significant risks and the risks of material misstatement
In exercising judgement as to which risks are significant risks, the auditor is required to consider the
following:
 Whether the risk is a risk of fraud.
 Whether the risk is related to recent significant economic, accounting or other developments, and
therefore requires specific attention.
 The complexity of transactions.
 Whether the risk involves significant transactions with related parties.
 The degree of subjectivity in the measurement of financial information related to the risk,
especially those measurements involving a wide range of measurement uncertainty.
 Whether the risk involves significant transactions that are outside the normal course of business
for the entity, or that otherwise appear to be unusual.
d) - ISA 330 and responses to assessed risks

The requirements of ISA 330, The Auditor’s Responses to Assessed Risks, essentially ISA 330 gives guidance
about the nature and extent of the testing required, based on the risk assessment findings. (requires more
findings).
Expandable text – The importance of risk analysis

Risk analysis is the most important stage of the audit. If auditors assess risk properly, they will:
 Identify main areas where errors or misstatements are likely early in the audit.
 Plan audit work that addresses these possible mistakes.
 Discover errors as early as possible in the audit process.
 Carry out the most efficient (and hence profitable) audit possible.
 Minimize the chance of issuing an incorrect audit opinion.
 Reduce the chance of getting sued (and losing!).
 Have a good understanding of the risks of fraud, money laundering etc.
 Be in the best position to assess whether the client is a going concern.
Although the key to risk assessment is to do it as part of the planning process, it is important to understand that:
 Rick can be uncovered at any stage of the audit.
 In the light of the work done the level of risk may be reappraised.
 The review and completion phase of the audit has to confirm that the risk of material misstatement has been
reduced to an acceptable level.
Expandable text – The role of information technology

The role of information technology (IT)
IT can play an important part in risk analysis because it enables auditors to carry out analytical procedures (see the
sessions on audit procedures) in a cost effective way to highlight:
 Unusual relationships
 Unusual trends in the components of financial statements.
The use of IT also enables the auditor to process high volumes of data through computer-assisted audit techniques
(CAATS), to screen for unusual relationships or unexpected repetition of data in a way which would be impossible
without such technology. More in one of the forthcoming chapters related to audit procedures.
6 - THE AUDIT RISK MODEL

Finally, it is important to make reference to the so called traditional audit risk model, which pre-dates ISA
315, but continues to remain important to the audit process. The audit risk model breaks audit risk down
into the following three components:
 Inherent risk;
 Control risk;
 Detection risk.
6.1 - Inherent risk

 This is the susceptibility of an assertion about a class of transaction, account balance, or disclosure
to a misstatement that could be material, either individually or when aggregated with other
misstatements, before consideration of any related controls.
 It is the risk of errors or misstatements due to the nature of the company and its transactions.
 Clearly this requires the audit team to have a good knowledge of how the client’s activities are
likely to affect its financial statements, and the audit team should discuss these matters in a
planning meeting before deciding on the detailed approach and audit work to be used. Such a
meeting is compulsory under ISA 315 and must be documented.
6.2 - Control risk

 This is the risk that a misstatement could occur in an assertion about a class of transaction, account
balance or disclosure, and that the misstatement could be material, either individually or when
aggregated with other misstatements, and will not be prevented or detected and corrected, on a
timely basis, by the entity’s internal control.
 In other words, control risk is the risk of errors or misstatements because the company’s internal
controls are not strong enough to prevent, detect and correct them.
6.3 - Detection risk

This is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level
will not detect a misstatement that exists and that could be material, either individually or when
aggregated with other misstatements.
Detection is split between two components: sampling risk and non-sampling risk.
 Sampling risk is the risk that the sample selected by the auditor does not properly reflect the
population of the data being sampled. The conclusion drawn from such a sample will therefore not
be applicable to the entire population.
For ISA 530 para 7 is the risk which “arises from the possibility that the auditor’s conclusion,
based on a sample may be different from the conclusion reached if the entire population were
subjected to the same audit procedure”.
In other words it is the risk that the sample may not be representative.
 Non-sampling risk is the detection risk other than sampling risk that the auditor will not detect a
material misstatement. This could be due to a variety of reasons e.g.:
 human error;
 misinterpretation of the results of a test;
 use of inappropriate procedures;
 failure to investigate a particular balance or transaction;
 misleading of the auditor by a member of the client’s staff.
7 - AUDIT RISK, BUSINESS RISK AND ENTITY RISK

It is important to make a distinction between audit risk, business risk and entity risk.
Audit risk
Audit risk refers to the chance of an error slipping through an audit, usually a financial audit, and resulting
in a flawed audit report. Generally, audit risk is represented by the following formula: Audit Risk (AR) = IR x
CR x DR. In the formula, IR, or inherent risk, refers to the susceptibility of misstatement, assuming that
there are no internal controls to counter that chance of misstatement. Control risk (CR) expresses the
chance that internal controls won't catch a misstatement, and detection risk (DR) refers to the chances
that the auditor won't detect the misstatement in his or her audit.
Business risk
ISA 3152 defines business risk as follows:
‘A risk resulting from significant conditions, events, circumstances, actions or inactions that could
adversely affect an entity’s ability to achieve its objectives and execute its strategies, or from the
setting of inappropriate objectives and strategies.’
Hence business risk is a much broader concept than audit risk.
Entity risk
The entity risk is the risk that cannot be influenced by auditor. It includes the inherent risk and the control
risk which relate to the nature of the entity and its systems.
8 - ASSESSMENT OF RISK
The level of audit risk is highly dependable on its components:
 inherent risk (IR);

 control risk (CR);
 detection risk (DR).
The level of audit risk score thanks to the following equation:
AR = IR x CR x DR
It is well known the entity risk (inherent risk and control) cannot be directly influenced by the auditor, as it
relates to the nature of the entity and its systems. The only risk that the auditor can change is detection
risk.
The think that auditors are required to do is to assess inherent risk and control risk on three levels:
maximum or high risk, moderate or medium risk and low risk.
Therefore, once inherent and control risks have been assessed, and with a maximum overall audit risk
“score” in mind, detection risk can be manipulated to make the audit risk an acceptable level.
Detection risk will be a major variable in determining the extent of audit procedures, e.g. sample sizes for
audit tests.
If control risk and inherent risks are deemed low because the entity is not particularly risky and its controls
are effective, the auditor will place reliance on these factors. Detection risk can be allowed to be higher
and still give an acceptably low level of audit risk. If detection risk needs to be low because the client is
inherently risky or controls are not effective, the auditor will increase the sample size and/or use more
experienced staff.
If the inherent and control risks are high, the detection risk must be low in order to have a low overall audit
risk. Therefore, the auditor has to carry out more detection procedures to be reasonably assured that the
financial statements are free of material misstatements.
Significance
A low audit risk is important because it is not possible for auditors to verify all transactions. Auditors tend
to focus on key risk areas -- for example, overstated revenues or understated costs, where it is more likely
that errors will lead to material misstatements on the financial statements. Auditing standards require
auditors to plan and perform audits with professional skepticism because there is always the possibility
that the financial statements are materially misstated. Professional skepticism involves a questioning mind
and a critical evaluation of evidence.
CHAPTER 9
INTERNAL CONTROL SYSTEM
1 - THE CONTEXT WITHIN WHICH INTERNAL CONTROL SYSTEM IS STUDIED
In managing a business, directors need to have strong risk management processes in place as one of the
requirements of good corporate governance. There are a number of ways of managing risks which include
four basic methods, memorized thanks to the mnemonic TARA:
T Transfer risk: e.g. by subscribing for an insurance policy

A Avoid risk: e.g. by not entering into a particular business which you
consider very risky
R Reduce risk: e.g. by putting in place strong internal control systems
A Accept risk: e.g. by considering the risks and the returns of a business
venture
So, one way of managing risks is ‘internal control’ which mainly reduces risk and auditors need to gain a full
understanding of how internal control systems of an organization works in order to successful preform the
audit process..
Internal control systems are engrained or enshrined within good corporate governance through
guidance/reports and acts (laws) corresponding respectively to the UK approach and US approach to
internal control systems.
UK approach to internal control systems: Turnbull report 1999
This approach is highly influenced by the Turnbull report-1999 issued by the Turnbull Committee put in
place the UK government to establish the requirements for a strong internal control system to businesses.
This report simply provided recommendations, advice, and guidance on what a good, strong internal
control system should be. These requirements are not enforceable by law.
US approach to internal control systems
This approach is highly influenced by:
 The Committee of Sponsoring Organisations (COSO), formed in 1985 to sponsor the national
commission on fraudulent reporting. The sponsoring organisations included the American
Accounting Association and the American Institute of Certified Public Accountants. COSO now
produces guidance on the implementation of internal control system for large and small
companies.
In COSO, internal controls seen to apply to three aspects of the business:
(1) Effectiveness and efficiency of operations – that is the base business objectives including
performance goals and safeguarding resources.
(2) Reliability of financial reporting – including the preparation of any published financial
information.
(3) Compliance with applicable laws and regulations to which the company is subject.
In 1992, COSO recommended the elements of an effective control system.
 Sarbanes Oxley Act 2002 (SOX) – the US corporate governance made up of a set of laws,
enforceable to businesses.
The above-mentioned three sets of instruments:
- the Turnbull report 1999 (UK origin)

- the advice on internal control systems by COSO 1992 (US origin), and
- the SOX 2002 (US origin)
provide almost the same principles and elements of sound internal control systems as developed
in this chapter.
Systems in organisations
Businesses have in place systems which enable them to achieve their objectives.
The purpose of a system is to enable the business to:
 collect data
 summarise data
 produce useful information, and
 aid the directors in complying with the following obligations:
 effective management of the business
 safeguard of the business’ assets
 prevention and detection of errors and frauds.
From management’s view, the more reliable a system is the more accurate its output will be as more
reliable information will lead to better decision making.
For a system to be reliable, there is a need for a sound system of internal control should be embedded in it.
2 – MEANING OF INTERNAL CONTROL
The first definition goes thus:
“Internal controls are methods or procedures adopted in a business to:

 Safeguard its assets
 Ensure financial information is accurate and reliable
 Ensure compliance with all financial and operational requirements
 And generally assist in achieving the businesses' objectives”.
Procedures explain the how, why, what, where and when of any set of actions.
The second definition emanates from COSO:
In the United States many organizations have adopted the internal control concepts presented in the
report of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Published in
1992, the COSO report defines internal control as:
“ process, effected by an entity's board of directors, management and other personnel, designed to provide
reasonable assurance regarding the achievement of objectives in the following categories:
 effectiveness and efficiency of operations,

 reliability of financial reporting, and
 compliance with applicable laws and regulations”.
In the nutshell, internal control system is the set of processes put in place to make sure things stay on the
right track.
NB: It is worth distinguishing between internal control and internal control system. An internal control is
an individual process, measure or action; while internal control system is a set of many processes,
measures or actions. Internal control system equally means “the whole network of systems in an
organization to provide reasonable assurance that organizational objectives will be achieved.”
Another concept worth knowing and distinguishing is ‘internal management control’; it is procedures and
policies in place to ensure that company objectives are achieved. Therefore, it represents an organ of
oversight of internal control system.
It is for management to determine the extent to which internal controls are to be applied within the
organization. There are numerous factors to be considered:
a) the nature, size and volume of transactions;

b) the geographical distribution of the enterprise;
c) the controls exercised personally by individual members of management; and
d) the cost of setting up controls and the benefits obtained thereby.
Thus the auditor’s approach to evaluating the internal control system will depend on the type of business.
The following factors will need to be considered:
i. Smaller businesses
Are the proprietors able to intervene directly? This will assist in preventing and detecting errors.
However, if this is the case, there is the risk that internal controls may be overridden for the proprietor’s
benefit, to the detriment of the business.
Therefore, the auditor may decide not rely on internal controls.
ii. Larger businesses
The prevention of errors and fraud is of paramount importance.
Procedures are likely to be more formalized than for a smaller business, so that direct intervention, with its
attendant benefits and risks, is less likely.
3 – THE PURPOSE OF INTERNAL CONTROL
The purpose of internal control is implied by the definition given earlier, to help management achieve the
entity’s objectives, especially in terms of ensuring:
 the orderly and efficient conduct of the business
By creating internal controls, managers establish protocols and procedures their staff must follow in
performing their day-to-day work duties. These established protocols help bring order and cohesiveness to
companies, as everyone knows what's expected, as outlined in the internal controls.
 the safeguarding of assets
Not allowing assets to be broken, stolen or lost. Procedures are always devised to safeguard them, such as:
usage of cameras, locks, physical barriers, keeping of a plant register, regular reviews of debtor balances,
having firewalls and protective devises on computer systems, etc.
 the prevention and detection of fraud and error
Establishing internal controls can help companies prevent or reduce fraud and theft within their
organizations. Internal controls can include activities such as reconciling bank statements and internal
audit reviews, which can uncover whether the company's money is being misappropriated by management
or employees.
 the accuracy and completeness of the accounting records
Ensuring the financial statements accurately reflect the affairs of the business: all assets and liabilities
actually exist, all rights and obligations are included through the following types of controls: number
documents such as cheques sequentially to avoid duplication, regular reconciliation of accounts, etc
 the timely preparation of reliable financial information
Compliance with the adequate financial reporting framework which defines the time and manner of
reporting
 Uphold Sarbanes-Oxley Act
The Sarbanes-Oxley Act stresses the importance of public companies maintaining internal controls when it
comes to their financial reporting. The act requires that public companies, small and large, include details
on the company's internal controls inside of their annual reports. This information is beneficial to investors
and helps prove the integrity of a company's financial data and the management of it.
4 – TYPES OF INTERNAL CONTROLS
- Detective: Designed to detect errors or irregularities that may have occurred.

- Corrective: Designed to correct errors or irregularities that have been detected.
- Preventive: Designed to keep errors or irregularities from occurring in the first place.
The effectiveness of internal controls rests on five components.
5 - THE FIVE COMPONENTS OF INTERNAL CONTROL
In 1992, COSO published the report Internal Control--Integrated Framework as a "basis for developing
business control systems and assessing their effectiveness" (Internal Control Issues). This report provides
the following five components of internal control (equally contained in the Turnbull report 1999):
 Control Environment;
 Risk Assessment;
 Control Activities;
 Information and Communication;
 Monitoring.
In simple terms, all this is all about what is needed or what should be in place for internal control systems
to be effective.
i. The control environment: The control environment relates to the control consciousness of the
people within the organization. The control environment is the basis (foundation) for all other
components of internal control, providing both discipline and structure to the organization.
The following meaning is equally attached to the control environment:
“The control environment is concerned with the actions, policies, and procedures that reflect the
overall attitude of the client’s top management, directors, and owners of an entity about internal
control and its importance”.
The control environment is all about management having a right attitude. (ISA 315)
The control environment is often referred to as “the tone at the top” referring to top
management.
The following values play key parts in the control environment component:
- Communication and enforcement of ethical values;

- commitment to competence;
- participation by those charged with governance (board of directors and audit committee);
- management’s philosophy and operating style;
- management need to have awareness and action in place;
- organizational structure;
- assignment of authority and responsibility;
- human resource policies and practices – staff training, recruitment procedures etc.
ii. Risk Assessment – There is a connection between the objectives of an organization and the risks to
which it is exposed. In order to make an assessment of risks, objectives for the organization must
be established. Having established the objectives, the risks involved in achieving those objectives
should be identified and assessed, and this assessment should form the basis for deciding how the
risks should be managed.
The risk assessment should be conducted for each business within the organization, and should
consider, for example:
- Internal factors, such as the complexity of the organization, organizational changes, staff
turnover levels, and the quality of staff
- External factors, such as changes in the industry and economic conditions, technological
changes, and so on.
The risk assessment process should also distinguish between:
- Risks that are controllable: management should decide whether to accept the risk, or take
measures to control or reduce the risk
- Risks that are not controllable: management should decide whether to accept the risk, or
whether to withdraw partially or entirely from the business activity, so as to avoid the risk.
In a nutshell, risk assessment is all about putting mechanisms in place to identify the right risk and
establishing the right control and this is a permanent and an ongoing process.
iii. Control Activities - the organization's policies and procedures which help ensure that necessary
actions are taken to address the potential risks involved in accomplishing the entity's objectives
(including financial reporting objectives).
Control activities simply referred to as “measures put in place by management to prevent irregularities”.
In essence, control activities are established in response to perceived risks.
The table below through the mnemonic ACCAMAP summarises control activities:
S/N° Nature of control activity Meaning / further explanation / example

1 Approval also known as A senior employee like a manager to sign off an action (. e.g. an employee
authorisation wants to do overtime, a manager should authorise this in advance. For
spending transactions, an organisation might establish authorisation limits,
whereby an individual manager is authorised to approve certain types of
transaction up to a certain maximum value.
There two types of authorisaton: general and specific.
 General authorization is permissible for routine events for which

there are policies to follow.
 For some transactions specific authorization is needed on a case-by-
case basis.
2 Computer controls Having passwords, backups, virus checks.
3 Comparison Looking at budget versus actual and reviewing for variances, any variances
should then be investigated.
4 Arithmetic controls Check procedure: recalculating an employee work, sequence checking.
5 Maintain and review control Like receivables, wages, PAYE, bank.
accounts
6 Account reconciliations
7 Physical controls Measures and procedures to protect physical assets against theft or
unauthorised access and use. They include:
 Using a safe to hold cash and valuable documents

 Using secure entry systems to buildings or areas of a building
 Dual custody of valuable assets, so that two people are needed to
obtain access to certain assets
 Periodic inventory checks
 Hiring security guards and using closed circuit TV (CCTV) cameras.
8 Segregation of duties Most transactions can be broken down into three separate duties: the
authorization or initiation of the transaction, the handling of the asset that
is the subject of the transaction, and the recording of the transaction. This
reduces the risk of fraud and may also reduce the risk of error.
For example, in the system for purchases and purchase accounting, the
same individual should not have responsibility for:
 Making a purchase (after having authorized himself)

 Making the payment and recording the purchase and the payment
in the accounts.
If one individual did have responsibility for more than one of these
activities, there would be potential for fraud. The individual could record
fictitious purchases (e.g. the purchase of goods ordered for personal use)
and pay for transactions that had not occurred.
Segregation of duties can also make it easier to spot unintentional mistakes,

and should not be seen simply as a control against fraud.
At board of director level, corporate governance codes state that the duties
of the chairman of the board and the CEO should be segregated, to prevent
one individual from acquiring a dominant position on the board.
Another example is separating IT duties from User Departments
Although segregating duties provides protection against fraud by one

individual, it is not effective against collusion to commit fraud by two or
more individuals.
The above control activities can be easily memorised while making use of the mnemonic “ACCAMAPS”.
This is made up of the first letters of the eight above control activities as follows:
A= Approval or Autorisation
C= Computer controls
C= Comparison
A= Arithmetic controls
M = Maintain and review control accounts
A= Account reconciliation
P= Physical controls
S= Segregation
According to the Auditing Practices Committee (APC) – now APB (Auditing Practices Board of UK origin),
control activities include the following:
S Segregation of duties: (as explained above)
P Physical: (as explained above)
A Authorisation and approval: (as explained above)
M Management: management exercising controls on the basis of information they receive.
S Supervision: supervision is oversight of the work of other individuals, by someone in a positioin of
responsibility. Supervisory controls help to ensure that individuals do the tasks they are recruited to
and perform them properly.
O Organisation: organisation controls refer to the controls provided by the organisation’s structure,
such as:
 The separation of an organisation’s activities and operations into departments or

responsibility centres, with a clear division of responsibilities
 Delegating authority within the organisation
 Establishing reporting lines within the organisation
 Co-ordinating the activities of different departments or groups, e.g. by setting up
committees or project teams.
A Arithmetic and accounting: controls are provided by:
 Recording transactions properly in the accounting system

 Being able to trace each individual transaction through the accounting records
 Checking arithmetical calculations, such as double-checking the figures on an invoice before
sending it to a customer (sales invoice) or approving it for payment (purchase invoice) to
make sure that they are correct.
P Personnel: personnel controls should be applied to the selection and training of employees, to make
sure that: suitable individuals are appointed to positions within the organisation; individuals should
have the appropriate personal qualities, experience and qualifications where required; individuals
are given suitable induction and training, to ensure that they carry out their tasks efficiently and
effectively.
Staff should also be given training in the purpose of controls and the need to apply them. Specific
training about controls should help to increase employee awareness and understanding of the risks
of failing to apply them properly.
These control activities are placed into three groups to show how they work together.
Internal control (control activity) Explanation
Group 1 Set the structure of the company providing
Organisational, Segregation of duties responsibility for different areas of the company
(organisational) as well as ensuring tasks are split
between various people to minimise the risk of
fraud and collusion (segregation of duties).
Group 2 Detailed controls embedded into the operational
Physical, authorisation and approval, Arithmetic and systems ensuring assets are safeguarded (physical),
accounting transactions are legitimate to the company
(authorisation and approval) and that the
accounting records are correct (arithmetical and
accounting).
Group 3 Controls over the human resources of the company
Personnel, Supervision, Management including selection of appropriate staff (personnel),
ensuring those staff are working correctly
(supervision) and management are checking the
whole control environment (management) normally
using internal audit.
Some other control activities include:
 Adequate documents and records consisting of:
- Prenumbered consecutive documents so missing items are noticed
- Prepared as near to transaction time as possible
- Good design with instructions and appropriate spaces*
 Independent checks on performance: Personnel are likely to forget or intentionally fail to follow
procedures, or they may become careless unless someone observes and evaluates their
performance.
iv. Information and Communication - focuses "on the nature and quality of information needed for
effective control, the systems used to develop such information, and reports necessary to
communicate it effectively" (Internal Control Issues).
Methods used to initiate, record, process, and report an entity’s transactions and to maintain
accountability for related assets.
 For a small company with active involvement by the owner, a simple computerized accounting
system that involves one honest, competent accountant may provide an adequate accounting
system.
 A larger company requires a more complex system that includes carefully defined responsibilities
and written procedures.
v. Monitoring - involves assessing the quality and effectiveness of the organizations internal control
process over time. It includes assessing the design and operation of controls, and assessing
compliance with policies and procedures. It also provides for the implementation of appropriate
actions when necessary.
 For many companies, especially larger ones, an internal audit department is essential for effective
monitoring.
 To maintain internal audit independence, it is imperative that they be independent of operating

and accounting departments; and that they report to a high level of authority, preferably the audit
committee of the board of directors.
To conclude, it is a CRIME not to have good internal controls. The word CRIME enables the memorization
of the five components of internal control. The letters it carries stand for:
C = Control activities
R = Risk assessment
I = Information and communication
M = Monitoring of controls
E = Environment
6 - RESPONSIBILITY FOR INTERNAL CONTROL
Everyone in the organization has a responsibility in the internal control structure. The COSO designates
each party’s role and responsibility as follows:
i. Management – the chief executive officer (the top manager) of the organisation is
ultimately responsible and should assume “ownership” of the system. He has overall
responsibility for designing and implementing effective internal control to:
 safeguard the company’s assets;
 enable financial statements which give a true and fair view to be produced;
 prevent and detect fraud.
More than any other individual, the chief executive sets the “tone at the top” that affects
integrity and ethics and other factors of a positive control environment.
ii. Audit Committee – management is accountable to the audit committee which provides
governance, guidance and oversight.
iii. Internal Auditors – internal auditors play an important role in evaluating the effectiveness
of control systems and contribute to ongoing effectiveness. The internal audit function
also plays a significant monitoring role.
iv. Other personnel – internal control is, to some degree, the responsibility of everyone in an
organization and therefore should be part of each person’s job description. Virtually all
employees produce information used in the internal control system or take other actions
needed to effect control. All personnel should be responsible for communicating problems
in operations, noncompliance with the code of conduct, policy violations or illegal acts.
Further explanation: The external auditor and internal control
The external auditor does not assume any level of responsibility for internal control. They measure the effectiveness of internal
control through their efforts. They assess whether the controls are properly designed, implemented and working effectively such
that the risk of material misstatement in the financial statements is reduced, and make recommendations on how to improve
internal control.
They equally test controls in the systems to determine the extent of the procedures they will carry out in the conduct of the audit.
7 - LIMITATIONS OF INTERNAL CONTROLS
No matter how well internal controls are designed, they can only provide reasonable assurance (not
absolute assurance) that objectives have been achieved. Some limitations are inherent in all internal
control systems. These include:
a) Judgment
The effectiveness of controls will be limited by decisions made with human judgment under pressures to
conduct business based on the information at hand.
b) Breakdowns
Even well designed internal controls can break down. Employees sometimes misunderstand instructions or
simply make mistakes. Errors may also result from new technology and the complexity of computerized
information systems.
c) Management Override
High level personnel may be able to override prescribed policies and procedures for personal gain or
advantage. This should not be confused with management intervention, which represents management
actions to depart from prescribed policies and procedures for legitimate purposes.
d) Collusion
Control systems can be circumvented by employee collusion. Individuals acting collectively can alter
financial data or other management information in a manner that cannot be identified by control systems.
8 – TESTING INTERNAL CONTROL FOR MANAGEMENT PURPOSES
An organization's operating procedures, processes and mechanisms are the backbone of its risk
management system. These procedures, often known as internal controls, ensure that employees abide by
top management's recommendations, industry practices and regulatory guidelines when performing their
tasks.
Internal control testing is like placing the procedures of the company under a microscope.
An internal auditor tests controls to ensure they are adequate and effective.
Control Adequacy
A control is adequate if it clearly details procedures and steps that an employee must follow to perform
tasks.
To illustrate, a control may instruct a shipping clerk on how to record goods stored at the warehouse and
sign the bill of lading. An adequate control also explains procedures for decision making and problem
reporting. The shipping control could, for instance, require the clerk to notify a manager if goods received
are worth more than 100,000,000 CFAF.
Control Effectiveness
A control is effective if it provides appropriate solutions to internal control problems (i.e. it really meets
the control objectives).
For example, the accounts receivable department's manager at a small retail store believes an employee
may be stealing cash because sales revenue amounts do not match cash received. He can establish a
procedure requiring customer checks to be sent to a new address and asking three employees in different
departments to record cash payments. The new control is effective if the manager notes that cash balances
now match sales amounts.
Areas of testing
An internal auditor may test various controls, depending on the audit objective, the company size and
industry. An auditor may test procedures in financial reporting mechanisms to ensure that financial
statements are accurate and complete, and conform to generally accepted accounting principles (GAAP).
Operational control testing helps an auditor evaluate control adequacy and effectiveness at the segment
level. An auditor also could test information technology (IT) systems to prevent losses resulting from IT
malfunction.
Testing Significance
“Testing significance” is the conclusion the auditor should arrive at after having performed the control
tests while typically applying generally accepted auditing standards (GAAS). The conclusion could be that,
internal controls are:
 Either “high”: capable of preventing operating losses resulting from error or system breakdowns;
or ensuring that employees abide by internal rules, laws and regulations when performing their
duties;
 Or “medium”: average possibility of error or system breakdowns occurring, thus allowing operating
losses; or 50% possibility for employees not abiding by internal rules, …
 Or again “low”: high possibility of error or system breakdowns occurring, thus allowing operating
losses; or above 90 % possibility for employees not abiding by internal rules, …
9 - INTERNAL CONTROL AND THE CONDUCT OF A STATUTORY AUDIT
In conducting an audit, specifically within the framework of audit planning, the auditor needs to
understand and document the system:
 To assess the reliability as a basis for preparing financial statements.
 To assess the effectiveness of control.
 To design suitable audit procedures.
This is also compulsory as stated in ISA 315:
“The auditor should obtain an understanding of the information systems, including the related business
processes, relevant to financial reporting.”
This is achieved thanks to a process known as “tests of control”. These are audit tests meant to test a control
or control procedure.
Test of control means tests performed to obtain audit evidence regarding the suitability of design and
effective operation of the accounting and internal control systems, and their operation throughout the
period. Details on test of control are provided below.
At the end of the process, the auditor should rate the internal control systems as “high”, “medium” and
“low” based on loss expectation. A high internal control systems would mean that the systems are capable
to producing accurate financial information and that other forms of audit procedures (e.g. substantive
testing) could be neglected or performed lightly.
9.1 – How to evaluate internal controls: tests of control
Information about the system comes from a process known as “tests of control” and which includes the
following:
i. Previous knowledge/experience;
ii. Observation of elements such as management’s philosophy, operating style, integrity, and ethics.
Interview of the organisation’s human resources staff to determine how management recruits
competent employees, assigns them responsibility, and develops them. Find out the level of
direction provided by the board of directions. All of this is about gaining understanding of the
company’s control environment.
Interview questions include why the owner created certain internal controls, what the controls are
for, do managers understand the purpose of the controls and what corrective measures are taken
when a control violation is found.
iii. Interview of client’s management to see if they have established objectives by whch the
organization can be measured and evaluated. Without such objectives, internal and external risks
that threaten them cannot yet be identified, analysed, an overcome.
iv. Interview of client’s employees: Employee interviews serve another important evaluation process.
Auditors use employee interviews to determine how well individuals are trained for their jobs. The
interviews can also shed more light on how well business owners and managers educate
employees on the importance of safeguarding business operations. Auditors may ask employees
what is their job responsibility, how do they protect the company’s business and financial
information, have they been given a manual outlining the company’s standard operating
procedures and who is responsible for reviewing the employee’s completed work.
v. Review of client’s system manuals to gain an understanding of control activities; are policies and
procedures that help ensure that management’s directions for important activities at all levels of
the organization followed?
vi. Observation of processes: to assess how they operate effectively.

vii. Evaluation of monitoring processes: Interview management to see if someone is performing
continuous assessment of how the other controls are operating. Or conduct a separate evaluation
of monitoring, or some combination of both interviews and independent evaluation.
viii. Walk-through tests (where transactions are traced through system to confirm understanding).
Section summary
This section covers examples of tests of control which are meant to gain an understanding of the reliability
of the control system and include, as mentioned above, the following: (i) enquiry and confirmation, (ii)
inspection, (iii) observation, (iv) walk-through tests, and (v) to a certain extent, recalculation and
reperformance.
9.2 – Documenting the system
Possible ways of documenting the system and controls are:
 Narrative notes (which can prove bulky if system is large or complex);
 Flowcharts (which can make a complex system easier to follow);
 Organization charts – showing roles, responsibilities, and reporting lines;
 Internal Control Questionnaire (ICQ);
 Internal Control Evaluation Questionaire (ICE).
What are Internal Control Questionnaire (ICQ) and Internal Control Evaluation Questionnaire (ICE)?
ICQs
An ICQ is a list of all possible controls for each area of the Financial Statements. The client’s staff are asked
questions and systems documentation reviewed, to establish which controls exist for the later appraisal of
the system.
An ICQ is a formal and usually standardized document which comprises:

 A list of internal controls in existence and
 Highlights any weaknesses.
ICEs
 ICE (sometimes referred to as ICEQ) does not attempt to record ALL controls like an ICQ.
 Instead, for each control objective, it asks for the controls which achieve that objective.
 As such, an ICE may not record the entire system – but it is far more use as an evaluation tool for
the auditor, as its focus is on whether IC objectives are being met.
 It concentrates on the most serious weaknesses that could occur within a system through the use
of “key” questions.
Specimen to be included from research book
10 – INTERNAL CONTROL IN ACTION or HOW CONTROLS OPERATE
Each major accounting system should have control objectives and control procedures. The auditor can then
perform tests of control to ensure the controls are working.
10.1 – Control objectives
 Control objectives are conditions which the system of internal control should satisfy.
 Control objectives are objectives the internal controls seek to achieve.
 If these objectives/conditions are achieved, then the potential that waste, loss, unauthorized use
or misappropriation to occur will be minimize.
10.2 – Types of control objectives
The control objectives include authorization, completeness, accuracy, validity, physical safeguards and
security, error handling and segregation of duties.
i. Authorisation
The objective is to ensure that all transactions are approved by responsible personnel in accordance with
specific or general authority before the transaction is recorded.
ii. Completeness
The objective is to ensure that no valid transactions have been omitted from the accounting records.
iii. Accuracy
The objective is to ensure that all valid transactions are accurate, consistent with the originating
transaction data and information is recorded in a timely manner.
iv. Validity
The objective is to ensure that all recorded transactions fairly represent the economic events that actually
occurred, are lawful in nature, and have been executed in accordance with management's general
authorization.
v. Physical Safeguards & Security
The objective is to ensure that access to physical assets and information systems are controlled and
properly restricted to authorized personnel.
vi. Error handling
The objective is to ensure that errors detected at any stage of processing receive prompt corrective action
and are reported to the appropriate level of management.
vii. Segregation of Duties
The objective is to ensure that duties are assigned to individuals in a manner that ensures that no one
individual can control both the recording function and the procedures relative to processing the
transaction.
A well designed process with appropriate internal controls should meet most, if not all of these control
objectives.
9.3 – Control procedures
These are procedures, measures that should be in place to ensure that the control objectives are achieved.
Inter
11 – EXAMPLES OF CONTROLS WITHIN A TRANSACTION CYCLES
11.1 - Sales cycle
Objectives of controls
The objectives of controls in the revenue cycle are to ensure that:
 sales are made to valid customers
 sales are recorded accurately
 all sales are recorded
 cash is collected within a reasonable period
This is a summary of the sales cycle, showing the possible problems and the related controls:
Stage Risks Control objective Control procedures

Receive an Orders may not be To ensure that order is Confirm order back to customer
order recorded accurately raised accurately (or) get all orders in writing
Orders may be taken To ensure that the All new customers are subject
from customers that customer is to credit check
are unable to pay or creditworthy
unlikely to pay for a Perform regular credit checks
long time = financial To ensure that the on existing customers
loss order does not take credit limit check before order
customer over credit is accepted
limit
Orders cannot be To make sure that the Check inventory system before
fulfilled and customer’s order can be issuing order
therefore customer fulfilled correctly (items
goodwill is lost(and are in inventory) Automatic re ordering system
possibly the linked to customer order system
customer)
Goods are Goods may not be To ensure that all orders Use sequentially numbered
despatched to despatched for are sent to warehouse customer order pads.send a
customers orders made copy to the warehouse where
they are filed numerically and
Incorrect goods may To ensure that the right the sequence is checked to
be sent to customers goods are in inventory ensure that all are there(none
leading to loss of missing)
goodwill or goods To ensure that the Pick goods using a copy of the
may not be in goods are sent to the customer’s order
inventory right customer
Get the copy signed by the
picker as correct
When GDN is raised check it

matches with the customer
order(staple together and file)
Get the customer to sign a copy

of the GDN and return to the
company
Use sequentially numbered

GDNs, file a copy numerically
and check that they are all there
Invoice is Invoices may be To ensure invoice is Copy of sequentially numbered

raised missed, incorrectly raised for every delivery GDN sent to invoicing dept,
raised or send to the stapled to copy of the invoice,
wrong customer To ensure that the checked all GDNs are there and
invoice is raised for the having invoice to match
Credit notes may be correct amount
raised incorrectly, On copy of the invoice sign as
missed or to cover To ensure that credit agreed to original order and
the cash being mis- notes are raised GDN, signed as agreed it adds
appropriated correctly and are valid up properly
Credit notes to be allocated to

invoice it relates
Authorised by manager,
sequence check done on a
regular basis
Sale is
Review receivables ledger for
recorded Invoice sales may be To ensure that all sales
credit balances(paid for goods
inaccurately are recorded
but no debtor recorded)
recorded, missed or
recorded for the
To ensure that the sale Perform a receivable ledger
wrong customer
is recorded at the reconciliation(check info in
correct amount individual ledger matches that
in nominal)
To ensure that the sale
is recorded in the right Computer controls
debtor’s ledger
Double check back to invoice
Perform receivables ledger

control account reconciliation
Customer statements sent

Cash received out(customer let you know if
Incorrect amounts error)
may be received To ensure the customer Agree cash receipt back to the
pays the correct invoice
Customer may not amount
pay for goods Review receivables ledger for
To ensure that the credit balances (customer
customer does pay overpaid)
Review aged debt listing and

investigate (customer
underpaid)
Review aged debt listing

regularly, phone when overdue
by 30 days, another letter at 45
days final letter threatening
legal action at 60 days
Cash recorded Refer receivable to solicitors

Cash may be
incorrectly recorded To ensure that all cash Customer statements
or recorded against receipts are recorded
the wrong customer Perform a bank reconciliation
account To ensure that cash is
Customer statements
recorded at the correct
Cash received may
amount Regular banking/physical
be stolen
security over cash (i.e. a safe)
To ensure that the cash
is recorded in the right Reconciliation of banking to
debtor ledger cash receipts records
To ensure that all
money received is
banked promptly
Segregation of duties
Examples of control tests/(also known as compliance testing)
Test of control should be designed to check that control procedures are being applied and that objectives
are being achieved. Tests may be appropriate under the following broad headings.
 Carry out sequence tests checks on invoices, credit notes, despatch notes and orders. Ensure that
all items are included and that there are no omissions or duplications.
 review the existence of evidence for authorisation in respect of:
- Obtain goods despatch notes and ensure each note is signed by the warehouse foreman to
confirm despatch of goods listed on the GDN to the customer.
- Obtain simple credit notes and ensure each document is signed by the accounts clerk to
confirm the arithmetical accuracy of the note has been checked.
- Obtain a sample of despatch notes and goods returned notes; ensure that they are signed by
a responsible official to confirm that details have been agreed with the relevant sales
invoices and credit notes.
 This is often done by the grid stamp containing several signatures on the face of the documents.
Ensure that the control has been applied by checking the accuracy of each invoices and credit
notes.
 Observe that control account reconciliations have been preformed and reviewed. By reviewing the
work done by the client through observation
 In all cases, test should be performed on sample basis. Aspects of sampling are dealt with in
chapter 9
11.2 - Purchases cycle
The objectives in the purchases cycle are to ensure that:
 purchases are only made when there is genuine need

 value for money is achieved
 goods and services delivered are what was ordered
 quality of goods and services delivered is satisfactory
 liabilities are recorded completely and accurately
 only valid liabilities are paid
 liabilities are paid in a sensible, commercial timescale.
This is a summary of the purchases cycle, showing the possible problems and the related controls:
the table shows the various stages of the purchases cycle together with:
 the risks (what could go wrong)
 control procedures (so that things don’t go wrong)
Stage Risk Control objectives Control procedures

Requisition raised Unauthorised purchases To ensure that All requisitions authorised
may be made(i.e. for own requisition is for a valid by department manager
personal use/fake business reason
suppliers entered onto Central purchasing dept
payables ledger) To ensure that it is cost Preferred suppliers/agreed
effective price lists/terms
To ensure that items

are actually needed Check inventory levels first
Order is placed Invalid or incorrect orders To ensure that order is Have sequentially numbered
made or recorded raised for all requisition pads, copies filed
requisitions numerically with copy of
The most favourable order stapled to it.
terms not obtained To ensure orders are Periodically check that all
accurately recorded by are there
supplier
Ask them to repeat the
To ensure items are order back to you (on the
correctly costed phone)
(or) send/confirm all orders

in writing
Check quoted price against

supplier price list (discounts
to contract)
Goods received Goods may be To ensure goods receive Have one delivery area kept
misappropriated for own for all orders secure)
use or not receive at all
Goods may be accepted To ensure that the Copy of purchase order sent
that have not been goods received are as to warehouse, sequentially
ordered/wrong ordered + correct numbered, filed, matched to
quantity/inferior quality quality GRN stapled, checked all
there.
Raise GRN and grid stamp it,

signed as goods checked to
PO and checked for quality
Copy of sequentially
Invoices may not be To ensure that an
Invoice received numbered GRNs sent to
recorded resulting in non invoice is received for
invoicing department, filed
payment and loss of all goods received
and matched to copy of
supplier goodwill
invoice(stapled), checked to
see if all there.
To ensure that do not
Invoices may be logged get invoices for things As above-if no GRN ask
for goods not received we have not received, supplier for proof of delivery
and valid business + match to PO (authorised
purchases as mentioned above)
To ensure invoices are Grid stamp invoice signed as

for right items, right checked items to PO, GRN,
price adds up agree price to suppliers
price list
Check invoice calculations
To ensure that all Batch controls on input

Purchases Some purchases may be
recorded missed or recorded purchases are recorded
Stamp the invoice to
incorrectly leading to loss To ensure that all indicate recorded, check all
of goodwill invoices are recorded at filed invoices are stamped
the correct amount
To ensure recorded in Suppliers send in monthly
right supplier ledger statements, reconcile these
to suppliers ledger
account(may need to
consider cash/goods in
transit)
Grid stamp – signed
Supplier statement
reconciliation
Invoices may not be To ensure all invoices
Cash paid paid/the incorrect paid (and only once) Stamp invoices when paid
amount paid or may be check all invoices stamped
paid twice
To ensure paid correct Keep paid invoices
amount separately from unpaid ones
To ensure valid business Cheque signatory to check

expense to invoice when signing
cheque/authorising BACS
Have relevant bank

authorised signatories(level)
Get invoices signed as

authorised by relevant
manager
Examples of control tests
As already noted, tests of control should be designed to check that the control procedures are being
applied and that objectives are being achieved. One suggested way to design tests of control for a
particular situation is to list the documents in a transaction cycle and generate appropriate tests of control
for each document. This approach is illustrated here in connection with the purchase cycle – note that a
similar technique could be applied to other transaction cycles.
 Obtain the ledger recording purchase orders; ensure each page has been signed by a responsible
official to confirm all orders have been recorded there are no gaps in the sequence of orders.
 Obtain a sample of purchase invoices; ensure each invoice has been signed by a responsible official
to confirm checks on the invoice have been completed and the invoice is passed for payment.
 Obtain samples of credit notes; ensure each credit note is signed by a responsible official to
confirm the details of the credit notes (goods descriptions and quality) have been agreed to the
relevant goods returned note.
 Review the purchase order for the relevant signature for approval.
 Review purchase invoice for evidence that the invoice has been reviewed and checked.
 Review purchase invoice for initialling the grid stamp.
 Review/observe the supplier reconciliation note to ensure the control has been complied with
11.3 – Payroll
The objectives of controls for the payroll cycle are to ensure that the company will:
 pay the right people
 at the right rate
 for valid work done.
And
 deal correctly with taxes and other deductions.
This is a summary of the payrolls cycle, showing the possible problems and the related controls:
The table shows the various stages of the payroll cycle together with:
 the risks (what could go wrong).
 control procedures (so that things don’t go wrong).
stage risks control objectives control procedures
clockcards/timesheets cards may be missed to ensure all cards are check number of cards
submitted ,bogoes employees paid received to number of employees
or employees paid for
to ensure that no keep all spare cards
hour not worked
bogoes clock cards locked in cupboards
submitted
get departmental
to ensure the hours managers to sign clock
noted have actually cards as authorised
been worked hours(and especially any
overtime)
clock cardsinput into cards may not be batch totals or hash

computer to ensure all clock cards
recorded accurately total checks
entered
range checks inputter
to ensure details input signs clock card to say
correctly double checked details
to ensure inputter to screen
doesn’t input data programme only allows
twice/input bogus input for each person
employees once, can only input for
employees held within
standing data
hierarchical password
control to payroll system
different person should

be responsible for
updating standing data,
to those responsible for
the monthly
processing(segration of
duties)
standing data input Standing data could be to ensure leavers are managers should
compromised. not paid after they have complete a
unprocessed updates left/joiners are paid leavers/joiners form
may mean employees when they start noting date of
who have left are paid departure/arrival and
or joiners are missed send promptly to payroll
dept
to ensure standing data
input is accurate standing data files
regurlarly printed out
and send to department
managers for them to
sign and return
confirming all staff there
inputter to sign
joiner/leaver form/wage
rise form to say checked
to input
monthly print of any

changes to go to senior
management for review,
they should sign print as
authorised
sample of wages
processing of data inaccurate processing of
to ensure correct wage recalculated manually,
data could lead to wages
is calculated print out signed as
and taxes being
checked
incorrectly calculated to ensure correct tax is
calculated exception report
produced automatically
for anyone paid over
&xxx, or paid under
&xxx
sample of
deductions(PAYE?
NIC)recalculated
manually print out
to ensure correct wages, signed as checked
recording of payroll recorded payroll may
not match actual payroll NIC, PAYE recorded nominal ledger clerk
signs payroll print out to
confirm entries double-
checked t print
senior management
review wages expenses
to ensure that all staff
for reasonableness
are paid(employees will
staff paid staff may not be paid complain if not!!!) have two people
present where cash
wages are paid.(see
to ensure no bogus controls above over
employees are paid standing data)
responsible individual
should review any BACS
payroll summary prior to
paying staff-sign to
confirm reviewed
A suggested programme of tests of control is set out below. this would, of course, be modified to
suit the particular circumstances of the client.
 test a sample of timesheets, clock cards or other records, for approval by a responsible official .pay
particular attention to the approval of overtime there relevant.
 Observe wages distribution for adherence to procedures ensuring employees sign for wages, that
unclaimed wages are rebanked, etc.
 test authorisation for payroll amendments by reference to personnel records.
 Test control over payroll amendments by reviewing changes and seeing whether they have been
authorised.You could also do a dummy transaction to see how the system handles the change
 obtain the payment sheet for casual labour payments and ensure this has been signed by the chief
accountant to authorise the payment made.
 Obtain the weekly payroll and ensure this have been signed by a responsible official to approval
those payments
 examine evidence of independent checks of payrolls(e.g. by internal audit)
 inspect payroll reconciliation done regularly,clearing wage control account, tying the PAYE liability
up to the inland Revenue records.Review the client working papers or observe the reconciliation
process happening.
 Examine explanations for payroll expense variances.
 Test authorisation for payroll deductions by reviewing the employees records, looking at who is
authorised to place through amendments, and observes the process.
 Test controls over unclaimed wages.You could do a dummy transaction to see how the system
works, what happens to the wages unclaimed, are they placed in a safe, if so tick the clients
working to the amount in the safe.
11.4 - Inventory
The objectives of controls in the inventory cycle are to ensure that:
 inventory levels are in keeping with the needs of:
-prodction (raw materials are bought in components)
-customer demand (finished goods)
 inventory levels are not:
- excessive
- too low (stockouts)
 value for money is achieved
 goods /services delivered are what are ordered
 quality of goods/services delivered is satisfactory
 liabilities are recorded completely and accurately
 only valid liabilities are paid
 liabilities are paid in a sensible, commercial timescale.
The table shows the various stages of the inventory cycle together with:
 the risks (what could go wrong)
 controls procedures (so that things don’t go wrong!).
Process Risks Possible control procedures
Inventory arrives because Inventory stolen on arrival All goods inward received at set locations
it has been purchased, or a and signed for/logged in by stores
sale has been returned New purchases mixed up manager.
with returns.
All returns sent to a returns department for
Poor quality inventory
checking.
accepted.
Inventory accepted that was

never ordered. See purchase cycle.
No record is made of its

arrival.
inventory is stored until it poor storage conditions lead
is needed to damaged inventory.
Inventory items not used

before their useful life ends.
Inventory stolen from
storage areas.
materials over-ordered t o
enable theft
Raw materials leave stores,

to be used in production
wrong goods sent.
goods being stolen(no real

sale).
finished goods leave
because they have been poor quality sent
sold
records not updated.
returned goods actually

being stolen
goods leave because they

are being returned to
counting lacks accuracy.
suppliers
an inventory count is staff lie about amount

performed (may be counted to cover up their
annual, or more regular) theft.
inventory records lost during

count.
inventory wrongly counted

because it is moved during
count all counted areas to be marked as
completed.
managers to check by doing random

second counts
staff do not count areas that they are

usually responsible for.
counting done in pairs
inventory sheets sequence and counters

sign out (and in )the count sheets.
all inventory movements during count
authorised by management.
closure during inventory accounts to avoid

problems.
 Observe physical security of inventories and environment in which they are held
 Obtain inventory records. Where quantity of inventory has been changed without reference to
GDN and GRN, ensure that amendment is signed by a responsible official to authorise that change.
 In the client’s warehouse, observe client staff ensuring that where a movement in inventory
occurs, that movement is recorded on the appropriate GDN or GRN;
 Test for evidence of authorisation to write off or scrapping of inventories (existence of signature).
 Observe controls over recording of movements of inventory belonging to third parties.
 Observe the procedures for the authorisation for inventory movements i.e. the use made of
authorised goods received and despatch notes.
 Inspect reconciliations of inventory counts to inventory records (this gives overall confort on the
adequacy of controls over the recording of inventory)
 Test for evidence of sequence checks of despatch and goods received noted for completeness.
 Assess adequacy of inventory counting procedures and attend the count to ensure that procedures
are complied with.
11.5 -Capital and revenue expenditure
This area looks at expenditure on items other than purchases. However, the controls are virtually identical
to controls over purchases as seen above.
Some controls may vary, such as:
 Capital expenditure is often for substantial amounts. As such, most companies would require such
items to be included in the budget and authorised by very senior level management.
 Regular revenue expense items may be monitored by simple variance analysis (i.e. actual versus
budget ) on a monthly basis.
 capital item are like to be stored on an asset register, which records details of supplier, price,
insurance details; current location, responsible employee, etc
 Just as inventory is counted,assets are likely to be checked against the register on a regular basis.
 When assets are sold second hand , the items will be checked against similar items or price guides
to ensure the company receives fair value.
 Ownership documents (title deeds, vehicle registration documents) will be safely stored.
11.6 - Bank and cash
The objective of controls over bank and cash are to ensure that:
 cash balances are safeguarded

 cash balances are kept to a minimum
 money can only be extracted from bank accounts for authorised purpose.
POSSIBLE CONTROLS
Objectives Possible control procedures
Cash balances are safeguarded. Safes/strong room/locked cashbox with

restricted access
Security locks.
Swipe cards access.
Key access to tills.
Night safes.
Imprest system.
Use of security services for large cash

movements.
People bankings vary routes and

timings.
Cash balances are kept to a minimum. Tills emptied regularly.
Frequent bankings of cash and cheques

received.
Money can only be extracted from bank accounts Restricted list of cheque signatories.
for authorised purposes.
Dual signatories for large amounts.
Similar controls over bank transfers and

online banking, e.g secure passwords
and pin numbers.
Cheque books and cheque stationary

locked away.
Regular bank reconciliations reviewed

by person with suitable level of
authority.
Cash receipts:
 observe that mail is opened by two staff to minimise the possibility of fraud (cash being stolen on
receipt)
 test independent check of cash receipts to bank lodgements
 tests for evidence of a sequence check on any pre-numbered receipts for cash
 test authorisation of cash receipts
 test of evidence of arithmetical check on cash received records.
Cash payments:
 inspect current books for:
-sequential use of cheques
-controlled custody of unused cheques
-any signatures on blank cheques
 test(to avoid double payment ) to ensure that paid invoices are marked paid
 test for evidence of arithmetical checks on cash payment records, including cash book
 obtain the file direct debit payments-ensure each payment is authorised
Bank reconciliations:
 examine evidence of regular bank reconciliations,at least once per month, but in large
organisations this should done daily or weekly
 examine evidence of independent checks of bank reconciliations (e.g. a signature)
 Examine evidence of follow up of outstanding items on the bank reconciliation .Pay particular
attention to old outstanding reconciling items that should be written back such as old,
unpresented cheques.
Petty cash:
 test petty cash vouchers for appropriate authorisation.
 Test cancelation of petty cash vouchers.
 Test for evidence of arithmetical checks on petty cash records.
 Test for evidence of independent checks on the cash balance.
 Perform a surprise petty cash count and reconcile to petty cash records
Expendable Test-Writing up the tests

writing up the tests
There are vitally important rules to remember foe all working papers.
 Rule 1 If you don’t do the work, you cant write it up.
 Rule 2 If you don’t write it up,you might as well not have done the work.
 Rule 3 If the person reviewing your work cant understand what you have done, you might as well not
have done it in the first place.
These rules are the same for all audit work- so you need to:
 Say what you did
 say why you did it
 say what your conclusions were. We will look at this in more details in chapter 10.
Expendable Test – control weaknesses and what to do about
Control weaknesses and what to do about them
Managements role
As we have seen, any business faces risks of various types and it is managements responsibility to implement procedures
to mitigate those risk.
The risk assessment process will depend to large extend on:
 the nature
 the size
 the complexity of the business. However, for larger businesses it will normally consist of:
 agreed programmes of work for the internal audit department to regularly review the company’s financial
systems for internal control weaknesses
 supervision of the process by , and reports to, the audit committee
 liaison with the external auditors.
The external auditors role
we know that the external auditor is not responsible for implementing or maintaining internal controls. The auditor needs
to:
 assess internal controls as a source of assurance
 report material weaknesses in internal controls to those charged with governance.
12 – REPORTING TO THOSE CHARGED WITH GOVERNANCE
Auditors should communicate material weaknesses in internal control in writing to “those charged with
governance” – the audit committee (if one exists) or management in general.
The form, timing and addressees of this communication should be agreed at the start of the audit, as part
of the terms of the engagement.
This report has traditionally been known as a management letter or report to management (they use to
call it weakness letter) and is usually sent at the end of the audit process.
Recent revision of audit standards has added other matters that should be communicated.
 For listed companies, a report on audit independence.
 A report at the planning stage, identifying key audit risks and the work to be performed.
 At the end of the audit, a report covering:
- expected audit report;
- unadjusted errors and misstatements;
- comments on accounting practices and policies in use by the company;
- other relevant matters.
However, this section of the notes will concentrate on internal control issues.
Reporting on internal control
Where the auditor is reporting weaknesses, it should be made clear that:
 the report is not a comprehensive list of weaknesses, but only those that have come to light during
normal audit procedures;
 the report is for the sole use of the company;
 no disclosure should be made to a third party without written agreement of the auditor;
 no responsibility is assumed to any other parties.
The usual structure of the report is:
 covering letter (which will include the above list of points);
 appendix, noting the weaknesses, consequences, and recommendations (often with a space left for
management to respond with their planned action).
In the exam, an internal control question may require you to analyse controls and report weaknesses in
the form of a management letter. If so, it is the appendix (see below) that you need to produce. A
covering letter would be specifically requested by your examiner.
The best structure is:
Weakness Clear description of what is wrong.
Consequence What could happen if the weakness is not corrected. Focus on what
matters to the client – the risk of lost profits, stolen assets, extra costs,
errors in the accounts.
Recommendation This must deal with the specific weakness you have observed! It must also
provide greater benefits than the cost of implementation.
Try to suggest who should carry out the control procedures, and when.
Illustration
(A table format is the best format to be used within an exam context).
The Directors
Chinje CO
P.O. Box 456 Bamenda
Commercial Avenue
24th March 2012-04-10
Dear Sirs
Management letter
As usual at the end of our audit, we write to bring to your attention weaknesses in your company’s internal
control systems and provide recommendations to alleviate those weaknesses.
Weakness Consequence Recommendation
There appear to be purchase There is a possibility that All invoices should be

invoices missing from the purchases and liabilities are not sequentially filed on receipt by
sequentially numbered invoice completely recorded. the Accounts Department.
file. Regular checks should be made
to ensure a complete record, with
any missing items investigated
Also, it would be difficult to
and copies requested if
provide proof of purchase where
necessary).
the invoice is missing. This may
make it difficult to obtain refunds
for faulty goods, leading to
increased costs.
As such, the accounts could be

incomplete and items may have
been purchased without control
over quality, price, etc.
If you require further information on the above, please do not hesitate to contact us.
Yours faithfully
Audico Consultancy Co.
NB: The above letter has highlighted only on weakness for illustration purpose; in practice such letters
highlights many weaknesses with their related consequences and recommendations.
Question Dean
You are the senior in charge of the audit of Dean. To assist you in your audit planning, one of the audit
team has provided the following description of the purchasing system. No other controls exist apart from
those described.
“The company has no buying department, so employees place orders in their own area of responsibility.
Internal Control: Test Your Knowledge
Today many companies recognize the desirability as well as the requirement to have an effective system of internal
control. Yet, designing and implementing a cost-effective system of internal control is a daunting, if not overwhelming,
task.
One way to overcome resistance to internal control is to educate stakeholders at every level of the organization about its
advantages.
Try the following quiz to test your knowledge of internal control and consider using it as a teaching tool for others in
your organization.
1. Houston Helpers, a faith-based group that offers help to people in need, has hired Janet Wells, a local CPA, to train
its professional staff in the basics of internal control. As Wells begins her presentation, a participant interrupts by
saying, “We are not like other organizations. How can we talk about common elements of internal control when we are
a faith-based service provider?”
a. The participant is correct; there are no generally accepted frameworks for internal control.
b. The participant is incorrect; there are generally accepted frameworks for internal control, regardless of industry.
2. Internal control is a process designed to provide reasonable assurance regarding the achievement of which objective?
a. Effectiveness and efficiency of operations

b. Reliability of financial reporting
c. Compliance with applicable laws and regulations
d. All of the above
3. CS Inc. has asked you to join its board of directors. Before agreeing to do so, you realize that it is important that you
understand the company’s approach to Enterprise Risk Management (ERM). Which of the following is NOT true about
ERM?
a. ERM is a bottom-up view of the key risks facing the organization.

b. ERM links growth, risk and return.
c. ERM aligns risk appetite and strategy.
d. ERM identifies and manages cross-enterprise risk.
4. The directors of Evans Corp. are reevaluating their “tone at the top.” They realize the phrase “tone at the top” is used
to describe the example set by directors, officers and executives through their statements and daily actions. The board
members also realize written policies need to reinforce the tone, but are unsure how to integrate written policies into the
“tone at the top.” If you were advising the board, what would you tell them is the cornerstone of these policies?
a. A comprehensive code of conduct

b. A conflict-of-interest policy
c. Organization communications
d. Protection of the organization’s assets
5. Your employer has asked you to develop controls to help prevent duplicate payments. Which of the following steps
would NOT be appropriate in developing such a policy?
a. Create a form for updates to the master vendor file, which should be completed by the person requesting the change
and signed off by someone at a higher level.
b. Purge inactive vendors.
c. Periodically run reports showing the daily changes to the master vendor file.
d. Prohibit the sharing of passwords for the master vendor file.
6. As part of a training exercise for a corporate controller’s staff, Jeri Lee breaks the group into teams and asks each
team to gain (and document) their understanding of a potential acquisition’s system of internal control. When she
returns to check on their progress, she discovers that one team is working on integrating the use of narratives,
flowcharts and internal control questionnaires. What should Lee tell this team about using all three approaches
simultaneously?
a. The team is correct in using all three approaches simultaneously.
b. The team only needs to use one approach.
c. Combining the use of narratives and flowcharts together is inefficient.
d. Combining the use of flowcharts and internal control questions together is ineffective.
e. b and c
COSO FRAMEWORK
The COSO framework consists of five elements of control: the control environment, risk assessment, control activities,
information and communication, and monitoring. The remaining questions refer to these elements.
7. The owner of Austin Marina has approached the managing partner of a CPA firm about conducting a first-time
independent audit. While discussing the nature and scope of the audit, the owner of Austin Marina asks if it is really
necessary for the auditor to gain an understanding of Austin Marina’s system of internal control. Which of the
following responses would NOT be correct?
a. The auditor needs to gain an understanding of the client’s internal control in order to assess risk.
b. An understanding of internal control is necessary to support the audit opinion.
c. Audit standards do not require the auditor to gain an understanding of the client’s system of internal control since
risk can be assessed by other means.
d. Independent auditors can no longer assess control risk at a maximum without having support for that assessment.
8. Risks relevant to financial reporting include which of the following?
a. External events
b. Internal events
c. Circumstances that might affect reliable financial reporting
d. All of the above
9. Control activities can be defined as:
a. A means to an end
b. Authorized procedures
c. The particular category in which a control is placed
d. The actions of people to help ensure that management directives necessary to address risks are carried out
10. Evans & Co. has been struggling to implement the monitoring component of the COSO Internal Control—
Integrated Framework. Which of the following is NOT correct in how the company can implement the monitoring
component?
a. Monitoring can be an ongoing process.

b. Monitoring can be conducted as a separate evaluation.
c. An adequate internal audit staff can reduce external audit costs.
d. The independent auditor can serve as part of the control environment.
ANSWERS
1. (b) While the staff at Houston Helpers may not be aware of it, there are frameworks available to evaluate the
effectiveness of internal control in any type of organization. The industry standard used by most U.S. companies is
Internal Control—Integrated Framework, which was issued in 1992 by the Committee of Sponsoring Organizations
(COSO), and is a blueprint for organizations to assess and enhance internal control systems. COSO was formed in
1985. The sponsoring organizations are the American Accounting Association, the AICPA, Financial Executives
International, the Institute of Management Accountants, and the Institute of Internal Auditors.
2. (d) Effectiveness relates to the ability of the entity to accomplish its goals. Efficiency is concerned with maximizing
the best use of resources. Reliability of financial reporting includes the accuracy of financial statement balances and
adequate and complete disclosure. Compliance with applicable laws and regulations refers to all laws and regulations
that apply to the entity.
3. (a) ERM provides “a process that provides a robust and holistic top-down view of key risks facing the organization.”
(Effective Enterprise Risk Oversight: The Role of the Board of Directors, COSO, 2009). Thus ERM is significantly
different from the more traditional risk management approaches. Board members need to understand the entity’s
strategy for managing risks to ensure that day-to-day operations are aligned with stakeholder expectations. The other
answers are true.
4. (a) “The code of conduct should be a source of guidance on daily behavior and set the minimum standards for that
behavior,” according to the AICPA On-Site Training course Financial Fraud, Forensics, and the CPA. The “tone at the
top” applies to everyone as they carry out their business and personal responsibilities. The other answers (a conflict-of-
interest policy, organization communications, and protection of the organization’s assets) are normally considered for
inclusion in the code of conduct.
5. (b) Accounts payable expert Mary Schaeffer recommends that inactive vendors be deactivated, not purged. This
allows vendor activity to be researched if needed. The other steps are appropriate. Using forms for updates to the
master vendor file allows accountability for changes. Schaeffer also recommends executive review of reports, which
show daily changes to the master vendor file. Passwords to the master vendor file should never be shared. For more
information, see “Fight Fraud and Duplicate Payments” (Dec. 4, 2008), by Mary Schaeffer, available at
tinyurl.com/yfc7jog.
6. (e) A narrative is a written description of a system of internal control. A flowchart is a diagram of the documents and
their sequential flow within an organization. A narrative and a flowchart present the same information. While one well-
executed approach can be sufficient to gaining an understanding of internal control, a flowchart and an internal control
questionnaire can be used together effectively, as the internal control questionnaire offers checklists that include the
many types of controls available.
7. (c) Current audit standards require the independent auditor to obtain an understanding of the entity and its
environment, including internal control. Moreover, the auditor is required to evaluate the design of controls and
whether or not they have been implemented. Also, the auditor must document significant processes and their basis for
assessing control risk.
8. (d) Risk assessment is the process of identifying and analyzing relevant risks in order to manage and mitigate the
risks. External and internal events, as well as any other circumstance that could affect reliable financial reporting
should play a part in risk assessment.
9. (d) The COSO definition of control activities recognizes that internal control is affected by people at every level of
the organization. Control activities are more than a means to an end, and are not limited to authorized procedures.
Control activities are often in overlapping categories.
10. (d) Management is responsible for establishing and maintaining the entity’s internal control, and an independent
auditor cannot perform management functions. Monitoring can be an ongoing process or be conducted as a separate
evaluation. For many larger entities, internal audit departments are essential for effective monitoring. In fact, AU
section 322 addresses the effect of internal auditors on the external auditor’s evidence accumulation, provided the
internal audit function is performed by staff independent of both the operating and accounting departments and reports
either to top management or the audit committee.
SCORING
An effective system of internal control is one of the best ways to prevent the fraudulent misstatement of financial
statements. If you answered all 10 questions correctly, you are an internal control guru. If you answered eight or nine
questions correctly, your knowledge of internal control is competent.
If you answered seven or fewer questions correctly, you may want to build on your internal control skills. Fortunately,
no one needs to “reinvent the wheel” when implementing or upgrading a system of internal controls. The resources
listed on the previous page will help you stay competent in internal control.
CHAPTER 10
AUDIT EVIDENCE
Chapter learning objectives

 Defines audit evidence;
 Defines relevant assertions and discusses their use in assessing risks
and designing appropriate further audit procedures;
 Discusses qualitative aspects that the auditor considers in determining
the sufficiency and appropriateness of audit evidence; and
 Describes various audit procedures and discusses the purposes for
which they may be performed.
INTRODUCTION
ISAs state that: "The auditor must obtain sufficient appropriate audit
evidence by performing audit procedures to afford a reasonable basis for an
opinion regarding the financial statements under audit." The opinion to be form by the auditor is worth
something which requires valid evidence.
1 – DEFINING AUDIT EVIDENCE

Audit evidence is all the information obtained by the auditor in arriving at
the conclusion on which the audit opinion is based and includes the information
contained in the accounting records underlying the financial statements
and other information.
2 - EVIDENCE ABOUT WHAT?
The auditor needs evidence to corroborate or refute the assertions made by management in the financial
statements.
3 – MEANING OF MANAGEMENT ASSERTIONS
Different acceptable meanings:
 ISA 315 (IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH
UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT) defines assertion as representations by
management, explicit or otherwise, that are embodied in the financial statements, as used by the
auditor to consider the different types of potential misstatements that may occur.
 In a financial audit, management assertions or financial statement assertions is the set of

information that the preparer of financial statements (management) is providing to another party.
 Bir P (1975) "Financial statements represent a very complex and interrelated set of assertions."
 Management assertions are the assertions by management about the accuracy of the financial
statement components. An auditor typically uses these assertions to help guide the type of audit
evidence gathered.
 Assertions or management assertions in audit or auditing simply means what management claims.
For example, if a management states that internal controls are effective then it is a claim or
assertion made by management.
Example 1: Through an item, say “receivables: 12 00 000 cfaf”, contained in the statement of financial
position management is making an assertion. Here, management is making an assertion that the
company’s customers owe the company 12 000 000 cfaf.
Example 2: If a balance sheet of an entity shows buildings with carrying amount of 800 million cfaf, the
auditor shall assume that the management has claimed that:
 The buildings recognized in the balance sheet exist at the period end;
 The entity owns or controls those buildings;
 The buildings are valued accurately in accordance with the measurement basis;
 All buildings owned and controlled by the entity are included within the carrying amount of 800
million cfaf.
Given that management is responsible for the preparation of financial statements that gives a true and fair
view, they make assertions on all the accounts balances appearing on the financial statements, which
include the following for the balance sheet and the income statement:
(a) Main components of the balance sheet
 Propery, plant and equipment

 Investments
 Loans granted
 Inventories
 Trade and other receivables
 Cash and cash equivalents
 Issued capital
 Retained earnings
 Interest bearing borrowings
 Trade and other payables.
(b) Main components of the income statement
 Revenue (credit and cash sales)

 Inventory
 Purchases
 Other operating income
 Other operating expenses.
4 – TYPES OF ASSERTIONS MADE BY MANAGEMENT
ISA 315 points out that in preparing financial statements management make direct or indirect assertions
regarding the recognition, measurement, presentation of elements of financial statements and disclosures
made in the financial statements. If these assertions are correct then financial statements will
automatically be reliable.
ISA 315 categorizes the different assertions in three categories which are further classified as follows:
1. Transactions (Income statement):

o Occurrence — the transactions actually took place
o Completeness — all transactions that should have been recorded have been recorded
o Accuracy — the transactions were recorded at the appropriate amounts
o Cutoff — the transactions have been recorded in the correct accounting period
o Classification — the transactions have been recorded in the proper accounts
2. Accounts balances (Balance sheet):
o Existence — assets, liabilities and equity balances exist
o Rights and Obligations — the entity holds or controls the rights to its assets and owes
obligations to its liabilities
o Completeness — all assets, liabilities and equity balances that should have been recorded
have been recorded
o Valuation and Allocation — assets, liabilities and equity balances are included in the
financial statements at appropriate amounts and any resulting valuation or allocation
adjustments are appropriately recorded.
3. Presentation and disclosure:
o Occurrence — the transactions have occurred
o Rights and Obligations — the transactions pertained to the entity
o Completeness — all disclosures that should have been included in the financial statements
have been included
o Classification and Understandability — financial statements are appropriately presented
and described, and information in disclosures are clearly expressed.
o Accuracy and Valuation — financial and other information is disclosed fairly and at
appropriate amounts.
5 – THE USE OF ASSERTIONS IN OBTAINING AUDIT EVIDENCE
Assertions are important to the auditor; they have an impact on how the auditor gathers evidence.
The auditor should use relevant assertions for classes of transactions, account balances, and presentation
and disclosures in sufficient detail to form a basis for the assessment of risks of material misstatement and
the design and performance of further audit procedures. The auditor should use relevant assertions in
assessing risks by considering the different types of potential
misstatements that may occur, and then designing further audit procedures that are responsive to the
assessed risks.
Relevant assertions are assertions that have a meaningful bearing on whether the account is fairly stated.
For example, valuation may not be relevant to the cash account unless currency translation is involved;
however, existence and completeness are always relevant. Similarly, valuation may not be relevant to the
gross amount of the accounts receivable balance but is relevant to the related allowance accounts.
Additionally, the auditor might, in some circumstances, focus on the presentation and disclosure assertion
separately in connection with the period-end financial reporting process.
For each significant class of transactions, account balance, and presentation and disclosure, the auditor
should determine the relevance of each of the financial statement assertions. To identify relevant
assertions, the auditor should determine the source of likely potential misstatements in each significant
class of transactions, account balance, and presentation and disclosure. In
determining whether a particular assertion is relevant to a significant account balance or disclosure, the
auditor should evaluate:
a. The nature of the assertion;
b. The volume of transactions or data related to the assertion; and
c. The nature and complexity of the systems, including the use of information technology, by which the
entity processes and controls information supporting the assertion.
Further explanation/summary
Remember that the audit evidence required depends on both:
 the nature of the item being tested
And
 the assertion being tested.
Why assertions matter to auditors
Assertions matter to auditors because:
 the auditor chooses suitable procedures based on the nature of the item in the financial
statements being audited.
 The procedures will be refined further depending on which assertion about the item the auditor is
testing.
Different items – different approach
The audit approach to testing receivables will be different from testing payroll.
e.g.
Item Audit tests e.g.
Accounts receivable  Carry out third party confirmation (requires customers to
confirm)
 Review correspondence and aged analysis for evidence of
delinquent receivables.
 Test subsequent receipt of cash from customers.
Payroll  Inspect timesheets
 Inspect authorized pay rates
 Verify employees are genuine through contracts of
employment
 Check tax and other deductions.
Different assertions – different approaches
For a single item in the financial statements – e.g. property, the auditor may need to use different
approaches for different assertions
Assertion Audit tests e.g.

Existence  Inspect the property concerned.
Valuation  Agree cost to purchase contract or subsequent revaluation to
valuer’s report.
 Re-perform depreciation calculation.
Rights and obligations  Inspect title deeds.
Cut-off  Inspect purchase contract to verify date of purchase.
completeness  Review repairs account, correspondence with lawyers and
property consultants for evidence that there are no additional
properties.
Note: The completeness assertion tends to be the most difficult assertion to test. It is usually easier to verify
items we know about than to think about what should be there, but is not.
Relationship of Financial Statement Assertions and the Audit
Financial Managemen Audit

Statements t Assertions Objectives
(GAAP)
Audit Audit Audit

Procedures Evidence Report on
Financial
Statements
Identification and formulation of audit objectives and related issues: read Sud-Africa book.
6- AUDIT PROCEDURES FOR OBTAINING AUDIT EVIDENCE
The auditor should obtain audit evidence to draw reasonable conclusions on which to base the audit
opinion by performing audit procedures to:
a. Obtain an understanding of the entity and its environment, including its internal control, to assess the
risks of material misstatement at the financial statement and relevant assertion levels (audit procedures
performed for this purpose are referred to as risk assessment procedures);
b. When necessary, or when the auditor has determined to do so, test the operating effectiveness of
controls in preventing or detecting material misstatements at the relevant assertion level (audit
procedures performed for this purpose are referred to as tests of controls); and
c. Detect material misstatements at the relevant assertion level (audit procedures performed for this
purpose are referred to as substantive procedures and include tests of details of classes of transactions,
account balances, and disclosures, and substantive analytical procedures).
The auditor must perform risk assessment procedures7 to provide a satisfactory basis for the assessment
of risks at the financial statement and relevant assertion levels. Risk assessment procedures by themselves
do not provide sufficient appropriate audit evidence on which to base the audit opinion and must be
supplemented by further audit procedures in the form of tests of controls, when relevant or necessary, and
substantive procedures.
Tests of controls are necessary in two circumstances. When the auditor's risk assessment includes an
expectation of the operating effectiveness of controls, the auditor should test those controls to support
the risk assessment.
In addition, when the substantive procedures alone do not provide sufficient appropriate
audit evidence, the auditor should perform tests of controls to obtain
audit evidence about their operating effectiveness.
As described in section 318, Performing Audit Procedures in Response to Assessed Risks and Evaluating the
Audit Evidence Obtained, the auditor should plan and should perform substantive procedures to be
responsive to the related planned level of detection risk, which includes the results of tests of controls, if
any. The auditor's risk assessment is judgmental, however, and
may not be sufficiently precise to identify all risks of material misstatement.
Further, there are inherent limitations in internal control, including the risk of management override, the
possibility of human error, and the effect of systems changes. Therefore, regardless of the assessed risk of
material misstatement, the auditor should design and perform substantive procedures for all relevant
assertions related to each material class of transactions, account balance, and disclosure to obtain
sufficient appropriate audit evidence.
The auditor should use one or more types of the audit procedures described in paragraphs .27 through .41
of this section. These audit procedures, or combinations thereof, may be used as risk assessment
procedures, tests of controls, or substantive procedures, depending on the context in which they are
applied by the auditor. Paragraph .05 of section 314, Understanding the
7 See paragraph .05 of section 314, Understanding the Entity and Its Environment and Assessing
the Risks of Material Misstatement, for an explanation of risk assessment procedures.
Audit Evidence 313

Entity and Its Environment and Assessing the Risks of Material Misstatement, provides guidance to the
auditor to perform a combination of audit procedures when performing risk assessment procedures. In
addition, a combination of two or more of these audit procedures may be necessary to obtain sufficient
appropriate audit evidence when performing tests of controls or substantive procedures at the relevant
assertion level. In certain circumstances, audit evidence
obtained from previous audits may provide audit evidence where the auditor should perform audit
procedures to establish its continuing relevance.10
The nature and timing of the audit procedures to be used may be affected by the fact that some of the
accounting data and other information may be available only in electronic form or only at certain points or
periods in time.11 Source documents, such as purchase orders, bills of lading, invoices, and checks, may be
replaced with electronic messages. For example, entities may use electronic commerce or image
processing systems. In electronic commerce, the entity and its customers or suppliers use connected
computers over a public network, such as the Internet, to transact business electronically. Purchasing,
shipping, billing, cash receipt, and cash disbursement transactions are often consummated entirely by the
exchange of electronic messages between the parties. In image processing systems, documents are
scanned and converted into electronic images to facilitate storage and reference, and the source
documents
may not be retained after conversion. Certain electronic information may exist at a certain point in time.
However, such information may not be retrievable after a specified period of time if files are changed and
if backup files do not exist. An entity's data retention policies may require the auditor to request retention
of some information for the auditor's review or to perform audit procedures at a time when the
information is available.
AUDIT PROCEDURES
Audit procedures consist of tests of control and substantive procedures.
(1) Test of control means tests performed to obtain audit evidence regarding the suitability of
design and effective operation of the accounting and internal control systems, and their
operation throughout the period.
(2) Substantive procedures means tests performed to obtain audit evidence to detect material
misstatements in the financial statements. Substantive procedures refer to the techniques
described below such as inspection of tangible assets, inspection of documents, inquiries,…
They may consist of:
 Tests of details of transactions and balances

 Analytical procedures.
Methods or techniques of audit evidence gathering
(a) Inspection of Records or Documents

Inspection consists of examining records or documents, whether internal or external, in paper form,
electronic form, or other media. Inspection of records and documents provides audit evidence of varying
degrees of reliability, depending on their nature and source and, in the case of internal records and
documents, on the effectiveness of the controls over their production. An example of inspection used as a
test of controls is inspection of records or documents for evidence of authorization.
Some documents represent direct audit evidence of the existence of an asset, for example, a document
constituting a financial instrument such as a stock or bond. Inspection of such documents may not
necessarily provide audit evidence about ownership or value. In addition, inspecting an executed contract
may provide audit evidence relevant to the entity's application of accounting principles, such as revenue
recognition. Inspection of Tangible Assets
(b) Inspection of tangible assets consists of physical examination of the assets.

Inspection of tangible assets may provide appropriate audit evidence with respect to their existence, but
not necessarily about the entity's rights and obligations or the valuation of the assets. Inspection of
individual inventory items ordinarily accompanies the observation of inventory counting. For example,
when observing an inventory count, the auditor may inspect individual inventory items (such as opening
containers included in the inventory count to
ensure that they are not empty) to verify their existence.
(c) Observation
Observation consists of looking at a process or procedure being performed by others. Examples include
observation of the counting of inventories by the entity's personnel and observation of the performance of
control activities.
Observation provides audit evidence about the performance of a process or procedure but is limited to the
point in time at which the observation takes place and by the fact that the act of being observed may affect
how the process or procedure is performed. See section 331, Inventories, for further guidance on
observation of the counting of inventory.
(d) Inquiry
Inquiry consists of seeking information of knowledgeable persons, both financial and nonfinancial, inside or
outside the entity. Inquiry is an audit procedure that is used extensively throughout the audit and often is
complementary to performing other audit procedures. Inquiries may range from formal written inquiries to
informal oral inquiries. Evaluating responses to inquiries is an integral part of the inquiry process.
Inquiry normally involves:

• Considering the knowledge, objectivity, experience, responsibility, and qualifications of the individual to
be questioned.
• Asking clear, concise, and relevant questions.
• Using open or closed questions appropriately.
• Listening actively and effectively.
• Considering the reactions and responses and asking follow-up questions.
• Evaluating the response.
In some cases, the auditor should obtain replies to inquiries in the form of written representations from
management. For example, when obtaining oral responses to inquiries, the nature of the response may be
so significant that it warrants obtaining written representation from the source. See section 333,
Management Representations, for further guidance on written representations.
Responses to inquiries may provide the auditor with information not previously possessed or with
corroborative audit evidence. Alternatively, responses might provide information that differs significantly
from other information that the auditor has obtained, for example, information regarding the possibility of
management override of controls. In some cases, responses to inquiries provide a basis for the auditor to
modify or perform additional audit
procedures. The auditor should resolve any significant inconsistencies in the information obtained.
The auditor should perform audit procedures in addition to the use of inquiry to obtain sufficient
appropriate audit evidence. Inquiry alone ordinarily does not provide sufficient appropriate audit evidence
to detect a material misstatement at the relevant assertion level. Moreover, inquiry alone is not sufficient
to test the operating effectiveness of controls.
Although corroboration of evidence obtained through inquiry is often of particular importance, in the case
of inquiries about management's intent, the information available to support management's intent may be
limited. In these cases, understanding management's past history of carrying out its stated intentions with
respect to assets or liabilities, management's stated reasons for choosing a particular course of action, and
management's ability to pursue a specific course of action may provide relevant information about
management's intent.
(e) Confirmation
Confirmation, which is a specific type of inquiry, is the process of obtaining a representation of information
or of an existing condition directly from a third party. For example, the auditor may seek direct
confirmation of receivables by communication with debtors. Confirmations are frequently used in relation
to account balances and their components but need not be restricted to these items. A confirmation
request can be designed to ask if any modifications have been made to the agreement, and if so, what the
relevant details are. For example, the auditor may request confirmation of the terms of agreements or
transactions an entity has with third parties. Confirmations also are used to obtain audit evidence about
the absence of certain conditions, for example, the absence of an undisclosed agreement that may
influence revenue recognition.
See section 330, The Confirmation Process, for further guidance on confirmations.
(f) Recalculation
Recalculation consists of checking the mathematical accuracy of documents or records. Recalculation can
be performed through the use of information technology, for example, by obtaining an electronic file from
the entity and using CAATs to check the accuracy of the summarization of the file.
(g) Reperformance
Reperformance is the auditor's independent execution of procedures or controls that were originally
performed as part of the entity's internal control, either manually or through the use of CAATs, for
example, reperforming the aging of accounts receivable.
(h) Analytical Procedures

Analytical procedures consist of evaluations of financial information made by a study of plausible
relationships among both financial and nonfinancial data. Analytical procedures also encompass the
investigation of identified fluctuations and relationships that are inconsistent with other relevant
information or deviate significantly from predicted amounts. See section 329,
Analytical Procedures, for further guidance on analytical procedures.
An analytical procedure might be scanning, which is the auditor's use of professional judgment to review
accounting data to identify significant or unusual items and then to test those items. This includes the
identification of anomalous individual items within account balances or other data through the reading or
analysis of entries in transaction listings, subsidiary ledgers, general
ledger control accounts, adjusting entries, suspense accounts, reconciliations, and other detailed reports.
Scanning includes searching for large or unusual items in the accounting records (for example, nonstandard
journal entries), as well as in transaction data (for example, suspense accounts, adjusting journal entries)
for indications of misstatements that have occurred. CAATSmay assist an auditor in identifying anomalies.
Since the auditor tests the items selected by scanning, the auditor obtains audit evidence about those
items. The auditor's scanning also may provide some audit evidence about the items not selected
since the auditor has used professional judgment to determine that the items not selected are less likely to
be misstated.
Further explanation: Audit tests: the difference between tests of control and substantive tests
The purpose of audit tests
The purpose of audit tests, or audit procedures, is to allow the auditor to collect sufficient appropriate audit evidence to be able to
conclude with reasonable assurance that the financial statements (FS) are free of material misstatement. If sufficient appropriate
audit evidence cannot be obtained, or the evidence points to a material misstatement in the FS, the auditor will have to issue a
modified audit opinion.
Misstatements will find their way into published financial statements only if three events all happen:
1. An error is made in the first place. The risk of that happening is known as ‘inherent risk’, and assessing that is a very big
part of audit planning (not the subject of this article).
2. The client’s internal control system does not prevent, identify or correct the error. This is known as ‘control risk’.
3. The auditor does not detect the error during the audit. This is known as ‘detection risk’.
There are therefore two lines of defence preventing an error that has occurred from ending up in the published FS: the internal
control system and the work auditor carries out.
If the client’s internal control system is good, there is a reduced likelihood that there will be an error in the FS and the auditor will
reduce the amount of audit work to be carried out. If the internal control system is poor, the auditor will have to perform much more
work as the audit is the only defence left against a material misstatement appearing in the published FS.
Therefore, the auditor must:
1. Assess the effectiveness of the internal control system. This means investigating both its design and its operation. The
operation of the internal controls is assessed by carrying out tests of control.
2. Obtain additional, direct evidence about the amounts shown in the FS. This evidence is obtained using substantive testing.
Consider the receivables amount in the SOFP. One way in which this could be misstated would be if it were incorrectly valued,
perhaps because a large balance was owed by a customer who was unlikely to pay.
The controls that would help to prevent that include:
 Take up credit references on new customers.
 Establish a credit limit.
 Producing aged receivables analyses.
 The follow up amounts that are not paid on time.
The operation of these controls needs to be tested. For example:
 Look at the client’s files where credit references are kept to ensure that every customer was investigated. The auditor
would inspect the references.
 Look for evidence of new orders being rejected if they would breach the credit limit. This could be tested by inspecting
copies of notifications sent to customers. The auditor might also consider using test data to observe if an order exceeding
the credit limit is actually rejected.
 Inspecting notes made by the credit controller of conversations held with slow payers and perhaps enquiring about the
follow-up procedures that are carried out.
Each of these audit tests are testing a control or control procedure. They are therefore tests of control. These tests are not
investigating the receivables balance in the SOFP. I repeat, a test of control tests controls, not amounts in the FS.
Tests of control can be grouped into:
Enquiry and confirmation. For example, ask the credit controller about the way in which customers are encouraged to pay and ask
how these customers are identified and how often they are followed up. This is a relatively weak source of evidence because the
credit controller might exaggerate his or her efforts.
Inspection. For example, the credit references or notes made by the credit controller of conversations.
Observation. For example, observing the credit controller at work.
Recalculation and reperformance. For example, ensuring that the aged receivables analysis seems to be accurate.
Even when internal control systems are very good, the auditor will always carry out tests on the figures in the FS. The work has to
address all the assertions made by each material figure. For example, valuation, completeness, existence etc. These tests are
substantive tests and consist of:
 Analytical procedures and

 Tests of detail.
So, staying with receivables, the auditor would calculate the receivables collection period. If this were not too large and broadly in
line with previous periods, the auditor would have gained some evidence about valuation (ie most debts not very old).
Tests of detail would include:
 Writing to customers asking them to confirm the amount owed (existence and ownership).
 Tracing, by inspection, some sales invoices to the Dr side of customers’ accounts (existence and ownership).
 Observation/inspection of amounts received after year end. This gives evidence about valuation because if a payment is
received subsequently the debt was obviously not bad.
 Recalculation of bad debt provisions.
Substantive tests therefore include analytical procedures in addition to the four classes of audit procedures available for testing
controls, so giving the well-known mnemonic AEIOU:
Analytical procedures
Enquiry and confirmation
Inspection
Observation
RecalcUlation and reperformance
Remember if the tests of control show that controls are now operating correctly, the auditor will have to increase the substantive
tests. For example, if the client does little to assess customers’ credit worthiness to ensure, as far as possible, that debts are
recoverable, the auditor will have to do much more work on the receivables figure in the SOFP to be satisfied that the amount is
valued at a true and fair amount.
7 - THE QUALITY OF EVIDENT – “SUFFICIENT APPROPRIATE AUDIT EVIDENCE”
“The auditor should obtain sufficient appropriate audit evidence to be able to draw reasonable
conclusions on which to base the audit opinion.” ISA 500 para 2
PERSUASIVE NOT EVIDENCE

CONCLUSIVE
SUFFICIENT APPROPRIATE
RELIABLE RELEVANT
 Sufficiency is the measure of the quantity of audit evidence.

 Appropriateness is the measure of the quality of audit evidence, that is, its relevance and its
reliability in providing support for, or detecting misstatements in, the classes of transactions,
account balances, and disclosures and related assertions. The auditor should consider the
sufficiency and appropriateness of audit evidence to be obtained when assessing risks and
designing further audit procedures.
The quantity of audit evidence needed is affected by the risk of misstatement (the greater the risk, the
more audit evidence is likely to be required) and also by the quality of such audit evidence (the higher the
quality, the less the audit evidence that may be required). Accordingly, the sufficiency and appropriateness
of audit evidence are interrelated. However, merely obtaining more audit evidence may not compensate if
it is of a lower quality.
A given set of audit procedures may provide audit evidence that is relevant to certain assertions but not to
others. For example, inspection of records and documents related to the collection of receivables after the
period end may provide audit evidence regarding both existence and valuation, although not necessarily
the appropriateness of period-end cutoffs. On the other hand, theauditor often obtains audit evidence
from different sources or of a different nature that is relevant to the same assertion. For example, the
auditor may analyze the aging of accounts receivable and the subsequent collection of receivables to
obtain audit evidence relating to the valuation of the allowance for doubtful accounts. Furthermore,
obtaining audit evidence relating to a particular assertion, for example, the physical existence of inventory,
is not a substitute for obtaining audit evidence regarding another assertion, for example, rights
and obligations.
The reliability of audit evidence is influenced by its source and by its nature and is dependent on the
individual circumstances under which it is obtained. Generalizations about the reliability of various kinds of
audit evidence can be made; however, such generalizations are subject to important exceptions. Even
when audit evidence is obtained from sources external to the entity, circumstances may exist that could
affect the reliability of the information obtained. For example, audit evidence obtained from an
independent external source may not be reliable if the source is not knowledgeable. While recognizing
that exceptions may exist, the following generalizations about the reliability of audit evidence are useful:
 Audit evidence is more reliable when it is obtained from knowledgeable independent sources
outside the entity.
 Audit evidence that is generated internally is more reliable when the related controls imposed by
the entity are effective.
 Audit evidence obtained directly by the auditor (for example, observation of the application of a
control) is more reliable than audit evidence
 obtained indirectly or by inference (for example, inquiry about the application of a control).
 Audit evidence is more reliable when it exists in documentary form, whether paper, electronic, or
other medium (for example, a contemporaneously written record of a meeting is more reliable
than a subsequent oral representation of the matters discussed).
 Audit evidence provided by original documents is more reliable than audit evidence provided by
photocopies or facsimiles.
The auditor should consider the reliability of the information to be used as audit evidence, for example,
photocopies; facsimiles; or filmed, digitized, or other electronic documents, including consideration of
controls over their preparation and maintenance where relevant. However, an audit rarely involves the
authentication of documentation, nor is the auditor trained as or expected to be an expert in such
authentication.
When information produced by the entity is used by the auditor to perform further audit procedures, the
auditor should obtain audit evidence about the accuracy and completeness of the information.3 In order
for the auditor to obtain reliable audit evidence, the information upon which the audit procedures are
based needs to be sufficiently complete and accurate. For example, in auditing revenue by applying
standard prices to records of sales volume, the auditor should consider the accuracy of the price
information and the completeness and accuracy of the sales volume data. Obtaining audit evidence about
the completeness and accuracy of the information produced by the entity's information system may be
performed concurrently with the actual audit procedure applied to the information when obtaining such
audit evidence is an integral part of the audit procedure itself. In other situations, the auditor may have
obtained audit evidence of the accuracy and completeness of such information by testing controls over the
production and maintenance of the information. However, in some situations the auditor may determine
that additional audit procedures are needed. For example, these additional procedures may include using
computer-assisted audit techniques (CAATs) to recalculate the information.
The auditor ordinarily obtains more assurance from consistent audit evidence obtained from different
sources or of a different nature than from items of audit evidence considered individually. In addition,
obtaining audit evidence from different sources or of a different nature may indicate that an individual
item of audit evidence is not reliable. For example, corroborating information obtained from a source
independent of the entity may increase the assurance the auditor obtains from a management
representation. Conversely, when audit evidence obtained from one source is inconsistent with that
obtained from another, the auditor should determine what additional audit procedures
are necessary to resolve the inconsistency.
The auditor may consider the relationship between the cost of obtaining audit evidence and the usefulness
of the information obtained. However, the matter of difficulty or expense involved is not in itself a valid
basis for omitting an audit procedure for which there is no appropriate alternative.
In forming the audit opinion, the auditor does not examine all the information available (evidence) because
conclusions ordinarily can be reached by using sampling approaches and other means of selecting items for
testing. Also, the auditor may find it necessary to rely on audit evidence that is persuasive rather than
conclusive; however, to obtain reasonable assurance,4 the auditor must not be satisfied with audit
evidence that is less than persuasive.
The auditor should use professional judgment and should exercise professional
skepticism in evaluating the quantity and quality of audit evidence, and thus
its sufficiency and appropriateness, to support the audit opinion.
Types of Evidence
 Physical evidence
 Third-party representations
 Documentary evidence
 Computations
 Data Interrelationships
 Client representations
 Accounting records
To envisaged:
1. Sampling; 2 Documentation; 3 Audit of small entities
CHAPTER 11
THE AUDIT OF TRANSACTIONS AND BALANCES
Chapter learning objectives
When you have completed this chapter you will be able to:
 Explain the purpose of substantive procedures in relation to financial statements assertions

 Explain the substantive procedures used in auditing each balance
 Tabulate those substantive procedures in a work program, for the following areas:
- Inventories:
- Receivables
- Payables
- Bank and cash
- Non current assets
- Non current liabilities
- Accounting estimates
 Explain the use of computer assisted audit techniques in the context of an audit
 Discuss and provide relevant examples of the use of test data and audit software for the
transaction cycles and statement of financial position items
 Discuss the use of computers in relation to the administration of the audit
 Discuss and provide examples of how analytical procedures are used as substantive procedures
 Computer and interpret key ratios used in analytical procedures
 Discuss the problems associated with the audit of accounting estimates
 Discuss the extent to which auditors are able to rely on the work of experts and internal audit
 Discuss the audit considerations relating to entities using service organizations
 Explain the extent to which reference to the work of others can be made in audit reports
 Apply audit techniques to small not for profit organizations
 Explain how the audit of a small not for profit organization differs from the audit of for profit
organizations.
AUDIT OF TRANSACTIONS AND
BALANCNCES
WORKING PAPERS RECEIVABLES
ANALYICAL
PROCEDURES INVENTORIES
CAATs PAYABLES
THE WORK OF BANK AND CASH

OTHERS
NON-CURRENT ASSETS
NON-CURRENT LIABILITIES
ACCOUNTING ESTIMATES
1 - GENERAL PRINCIPLE
A word of warning: chapter 9 dealt the principles of audit evidence. This chapter deals with how those
usually tested. You may be tempted to learn these by heart. Whatever you do.
DO NOT DO THIS!!!
The audit of any item is based on:
 The risk of misstatement

 The nature of the item
 The assertion you are testing.
The examiner is not stupid. He or she knows that auditing is a matter of professional skill and judgment. If
you can answer an exam question simply by learn a few pages of a book. It is not a very good test of
whether you are a competent auditor.
So the questions may not ask about standard situations and you will have to apply your knowledge to the
demands of the question.
Things you always have to do
Nevertheless, there are some things which, on way or another, will always apply (and which, if you
mention them, will gain you mark):
 Understand the system

 Analytical procedures
 Document your work
Things you will always have to consider
What are you being asked to test?
 A transaction or event that took place during the year.

 An account balance at the period end.
 Presentation or disclosure.
What is the nature of the item you are testing?
 Asset
 Liability
 Revenue
 Expense
What assertion(S) are you testing?
 Existence
 Occurrence
 Valuation
 Cut-off, etc.
Things you may have to do
 If you rely on controls, you will have to test them.

 Management representations are required for some items by ISA 580 and by a number of other
ARE As.
 If there are high volumes of transactions, consider using computer assisted audit technique
(CAATs).
2 - ANALYTICAL PROCEDURES
 Planning – risk assessment – compulsory

(ISA 520)
 Substantive – not compulsory ISA520, but
WHY usually an effective and efficient means of
gathering evidence
 Review- final check that the figures make
sense – compulsory (ISA 520)
 Efficient
 Effective
 Set out the figures

 Calculate ratios/computer trends
WHY proof in total /make comparisons
 Investigate anomalies
 Corroborate answers to enquiries
Why do they?
Analytical procedures as substantive evidence
Analytical procedures as substantive must be used at the planning stage to identify risk, and at the
completions stage audit as a final review of the FS.
They may also be used at the substantive stage when the auditor as auditing the draft financial statements.
Analytical procedures are not just the comparison of one year with another.
AP’s can be used in the following ways:
 Ratio analysis
 Trend analysis
 Proof in total
In order to use analytical procedures the following process should be followed;
 Create your own expectation of what you think the figure should be
 Compare your expectation to the actual figure
 Investigate any significant differences
- Example 1- create an expectation of payroll costs for the year by taking last year’s cost and
inflating for pay rise and change in staff numbers- proof in total.
- Examples 2- calculate the receivable day’s ratio and compare it with prior year and credit terms
given to customers. If the figure is higher than expected it may indicate overstatement of
receivable – ratio analysis.
- Example 3- plot monthly sales data for the prior year and plot against the current year and
investigates any unusual trends. You would expect the business to follow the same pattern
month on month especially if they have a seasonal business – trend analysis.
- Example 4- using the client’s depreciation policy, re- computes the expected depreciation
charge and compares it with the actual depreciation charge. If there is a significant difference it
should be investigated- proof in total.
Expandable Text- Analytical Procedures

Analytical procedures are useful as they are a way of addressing several FS assertions at once and you are
essentially auditing a whole balance at once to see if it is reasonable.
You can use them to corroborate other audit evidence obtained. By using analytical procedures you identify
unusual items that can then be further investigated to ensure that a misstatement doesn’t exist in the balance.
In order to use analytical procedures effectively you need to be able to create an expectation. It will be different
from last and expectation if operations are significantly different from last year, more so if changes haven’t been
planned for. If the changes were planned, we can compare the actual with the forecast. However, there is no
point comparing the actual with prior year since it bears no relation to be the current year.
It will also be difficult to use analytical procedures if there have been lots of one-off events in there as the will
be nothing to compare them with.
The ratios
GROSS PROFIT %
PROFITABILITY
NET PROFIT%
RECEIVABLES DAYS
EFFICIENCY INVENTORY TURNOVER
PAYABLES DAYS
LIQUIDITY CURRENT RATIO QUICK

RATIO GEARING
RETURN RETURN ON CAPOTAL

EMPLOYED (ROCE)
Expandable Text – Ratios

Gross margin
Gross profit / sales revenue x100%
Purpose
For most business – main exception are consultancies and some businesses in the service sector – the margin
between sales revenue and cost of what generates the profits the business needs to pay the wages. Services any
debt and eventually pay dividends to shareholders.
The lower the margin, the greater the volume of sales revenue needed
Net margin
Profit before tax/ sales revenue x100%
Purpose
Profit before tax is what is left all costs and at its simplest enables dividends to be paid to shareholders.
It is also what enables the business to grow from its own resources.
Receivables days.
Receivables / sales revenue 365
Indicates how quickly or slowly the business is generating cash by collecting it in from its customers.
Deterioration may be an indication of disputes with customers or non-recoverability of, and therefore overstatement,
of receivables.
NB. Care needs to be taken where the profile of sales revenue is inconsistent from year to year. Where there are high
sales at the end of the year, receivable days would be expected to be higher than for a similar company of another
year where sales occurred earlier in the year and tailed off towards the year end.
Payables days
Payables/ purchases x 365
Purpose
To show how long the company is taking to pay its suppliers.
May be indicative of cash- flow problems, or, extended credit terms taken.
Inventory turnover
Inventory / cost of sales x 365
(How many days worth of cost of sales are tied up in inventory?) Or in the year
Cost of sales/ inventory
(How many times the year end inventory could have been sold in the year)
Purpose
To show how much the business has invested in its inventory.
Slower inventory turnover may indicate excessive inventory holdings, or building for the launch of a new
product.
The current ratio
Current assets/ current liabilities
The quick ratio
Current assets-inventory / current liabilities
Purpose.
A refinement of the current ratio, which eliminates less liquid assets. Inventory, from the equation.
Leverage or gearing
Share capital + reserves / Borrowings or Borrowings/ share capital + reserves + borrowings’ 100
Purpose
To show the relative reliance of the business on external or internal sources of finances.
Businesses with higher leverage are usually regarded as more risky-greater danger of being financially
overstretched, but the opportunity of greater rewards for individual shareholders.
Return on capital employed (ROCE)
Profit before interest and tax/ share capital + reserves + borrowings.
Purpose
Is the business giving sufficient return compared with other possible investments?
ROCE is a useful measure for a large diversified group that can switch where it invests its funds. It is less use
for a small, owner- managed business where choice of investment is limited.
How are analytical procedures used?
Calculating the ratios is just the start. Analytical procedures are audit procedures in their own right,
designed to enable the auditor to reduce the risk of coming to the wrong opinion about the financial
statements.
This means that the auditor needs to use analytical procedures to identify anomalies in the figures, which
may make indicate problems.
To do this, the auditor will make comparisons:
 Between the current year and previous year(S)

 Between actual figures and budgets, forecasts or client’ expectations
 With similar companies.
Analytical procedures as substantive procedures
ISA 520 states that the auditor may use analytical procedures as substantive procedures.
The suitability of this approach depends on four factors:
 The suitability of using substantive analytical procedures given the assertions.

 The reliability of the data.
 The degree of precision possible
 The amount of variation which is acceptable.
Some example
(1) Suitability
- Analytical procedures are clearly unsuitable for testing the- existence of inventories- to do this
you need to go and count the items on the shelves in the warehouse.
- Analytical procedures may well be suitable for testing the value-of labor carried forward in
inventory – by comparing direct labor costs for the year with value in inventory, in the context
of the costs of raw materials and overheads in inventory.
(2) Reliability
- If controls over sales order processing is week, it will-probably be necessary to rely on tests of details
rather than analytical procedures.
(3) Precision
- There is likely to be greater consistency in gross margins over-time than in discretionary expenditure like
advertising or R&D.
(4) Acceptable variation
- Variations in sales revenue, which may have a minor impact-on the results for the year, will be regarded
differently from receivables, which, if uncollectible will have a proportionately greater impact.
Expandable Text – Analytical Procedures

1) Viola Ltd has sales revenue of S1m and a gross margin of 35%. What is the value of it’s of sales?
2) French Horn Ltd has sales revenue of S3m and receivables of & 500, 000. Calculate its receivables period.
3) Oboe Ltd has inventories of &1m at the beginning of the year and &2m at the end of the year and purchases of
&9m for the year. Calculate its inventory turnover period.
Solution-
1) Viola Ltd has sales revenue of &1m and a gross margin of 35%. What is the S 650,000
value of its cost of sales?
2) French Horn Ltd has sales revenue of s 3m and receivables of & 500,000. 61 days
Calculate its debtor’s period.
3) Oboe Ltd has inventory of & 1m at the beginning of the year and &2m at the 91 days
end of the year and purchases of &9m for the year. Calculate its inventory turn Inventory turns over four In the
period. year
Purchases + opening inventory
less closing inventory=cost of
sales =&8m
0.25x365=91 days
3 The audit of receivables
PEOPLE WHO OWE US
MONEY (treads and loan
receivables, etc.)
WHAT ARE THEY?
PEOPLE WHO OWE US

SERVICE (prepayments)
Trade: are they going to pay and fairly soon?

KEY QUESTIONS Prepayments: Did we make the payment?
Is it accounted for in the correct period?
I.e. is the calculation correct?
Trade: 1) Ask them (circularization)

2) see if they pay (after date receipts)
3) Review ageing
PROCEDURES Prepayments: verify payment
Review invoices, etc.
For cut-off
Key assertions
Assertions – receivables
 Existence –the receivable actually exists.

 Rights and obligations – receivable belong to the company.
 Valuation and allocation – receivables are incited in the financial statements at the
correct amount.
 Cut – off – transactions and events have been recorded in the correct accounting
period.
Audit procedures
 Obtain a list of receivables, cast this and agree it to the receivables control total at the year. Ageing
of receivables may also be verified at this time.
 Determine an appropriate sampling method (cumulative monetary amount value- weighted
selection, random, etc.) using materiality for the receivable balanced to determine the sampling
interval or number of receivables to include in the sample.
 Select the balance to be tested, with specific reference to the categories’ of receivable noted
below.
 Extract details of each receivable selected from the ledger and prepare circularization letters.
 Ask the chief accountant at the company (or other responsible official) to sign the letters.
 The auditor posts or faxes the letters to the individual receivables, explanations from management.
Receivables circularization – procedures
Purpose
 Direct third party confirmation to give evidence of existence and valuation.

 Advantages:
 Independent evidence.
 External evidence.
 Relatively efficient (if successful)
Disadvantages:
 Those circularized may not reply.
Method
 Select sample of receivables to be circularized.

 Inform client of intended list of those to be circularized.
 Consider implications if client objects to any of the account selected being circularized.
 Record names and amount circularized.
 Record replies received and consider implication of any accounts not agreed.
 For non- replies perform alternative procedures (other evidence in relation to account
receivable).
Expandable Text – confirmation Letter Example
Example of working of an accounts receivable confirmation letter
Note. This letter is an example of positive confirmation – we think you owe this much, please confirm – which is
usually used for circularizing receivables.
Negative confirmations – please tell us if you owe our client any money and how much – are of less use in this
context.
Typed on client’s letterhead
Customer Ltd
Customer’s address
Date of circularization
Dear Sirs
As part of their normal audit procedures we have been requested by our auditor, Auditor & Co, to ask you to confirm
the balance on your account with us at Year End Date.
The balance on your account as shown by our records is shown below.
After comparing this with your records will you please be kind enough to sign the confirmation below and return a
copy to them in the enclosed prepaid envelope. We shall be grateful if you would do this even if the account has since
been settled. If the balance is not in agreement, with your records, will you please note on the confirmation the details
of the items making up the difference in the space provided.
Please note that this request is made for audit purposes only and has no further significance. Remittances should be
sent to us in the normal way.
Your kind co-operation in this matter will be greatly appreciated.
Yours faithfully
Chief Accountant
Auditor & Co
Auditor’s address
Dear Sirs
We confirm that, except as noted below, a balance of & xxxxx
Owed by us to client limited at Year End Date.
Name of company or individual customer Ltd.
Signed
Position held
*Details of differences if any
Recoverability / provision for doubtful debts (Valuation)
 Discuss the assumptions underlying the general provision with management to ensure reasonable
 Recalculate the provision based on management’s assumptions and agreed to the figure in the
financial statements
 Compare the prior year provision to the amounts actually written off as bad in they year to test
how accurate management usually are in estimating possible bad debts
 Obtain a list of aged receivables and investigate the recoverability of any old balances.
 For a sample of year end balances, agree outstanding showing receipt of money after year end
Discuss invoices more than 3 months old with management to consider recoverability of amount.
 Where overdue receivables have not paid. Trace the balances to the provision for doubtful debts.
Where the balances are not included in the provision to be recoverable.
Presentation and disclosure
 Agree receivables figure in the financial statements to the receivables control account total and the
nominal ledger
Analytical review
 Calculate the trade receivables collection period and compare to last year to assess
reasonableness.
Cut- off
 Select a sample of GDN’s immediately prior to the year – end and immediately after the year end
and ensure that they have been recorded in the correct period.
 For prepayment review invoices to calculation of prepayment and ensure that payment has
actually been made by agreeing it to the bank statements.
Income statement entries related to accounts receivable
Check postings and validity of:
 Bad debt write offs

 Movements on bad debt provision
 Recoveries from receivables previously written off.
Ensure doubtful receivables and recoveries identified from other audit work are properly reflected in the
income statement.
4 - The audit of inventories

Overview
INVENTORIES
WHAT ARE THEY? PROCEDURES
RAW MATERIALS FINISHED GOODS WORK IN PROGRESS
KEY QUESTIONS
Are the quantities correct?
Is the valuation correct?
The audit of inventories is usually regarded as one of the higher risk areas of the audit.
 It is usually crucial to assurance about an entity’s profit
 It may be complex
 It is usually subject to a degree of estimation.
They can also be very varied, e.g.
 Sheep or cows on a farm

 Jewell
 The costs of developing a computer game
 Care
 Food and drink
 Chemicals
 Petrol.
That’s probably enough to be going on with.
How are inventories valued?

INVENTORIES
KEY PRINCIPLE
D
VALUED AT THE
LOWER OF COST AND
NET REALISABLE
VALUE (NRV)
Finished goods and raw materials
FINISHED GOODS AND

RAW MATERIALS
OBJECTS ON SHELVES, IN
BINS , IN CUPBOARDS IN THESE CAN BE COUNTED, CONSIDERATIONS:
SHOPS, WAREHOUSES, ON MEASURED WEIGHED, ETC. PRICING OBSOLESCENCE
LORRIES, ETC. SALEABILITY DAMAGE
NET REALISABLE VALUE
MATERIALS CONTENT
LABOUR CIBTENT
OVERHEAD CONTENT
Work in progress
WORK IN PROGRESS
PARTLY- COMPLETED
OBJECTS AT
THESE CAN BE
WORKSTATIONS, ON
COUNTED AND
THE FACTORY FLOOR
ESTIMATES MADE OF CONSIDERATIONS: STAGE
OR STORED AWATING
STAGE OF COMPLETION OF COMPLETION COSTS TO
COMPLETION
COMPLETION NET
REALISABLE VALUE
PARTLY- COMPLETED THESE CAN BE INSPECTED MATERIALS CONTENT
MAJOR CONTRACTS- AND ESTMATES MADE OF LABOUR CONTENT
STAGE OF COMPLETION OVERHEAD CONTENT
ROADS, BULDINGS, OR EXPERT OPINIONS
SHIPS, AIRCRAT, ETC. SOUGHT
Assertions again
ASSERTIONS PROCEDURES
EXISTENCE CONFIRMATION
COMPLETENESS INVENTORY COUNT
PRICING TESTS
VALUATION OBSOLESCENCE
REVIEW
NRV TESTS
RIGHTS AND CONFIRMATION

OBLIGATIONS CUT – OFF TESTS
Inventory Procedures
Before =planning During= attendance After = follow-up
a) Review prior year a) Observe compliance a) Follow – up cut-off

working papers with instructions tests
b) Discuss instructions b) Make test counts (from b) Ensure all copies of
c) Familiarisation, nature, physical to recorded inventory take of
value, location etc. and vice versa) inventory take sheets
d) Arrange Thiard party c) Take copies of from inventory day
certifiâtes inventory take sheets agree to client
e) Consider need for d) Obtain more details of inventory sheet and
experts (s) damaged inventory check sequencing is
f) Role of internal audit e) Note cut- off details complete
g) Extract reprehensive c) Ensure continuous
sample inventory records
adjusted
d) Conclude on reliability
of quantities used as a
basis for computing
inventory
e) Valuation review lower
of cost and NRV
The inventory count
Principles
 The inventory count is a ‘one off. It is a single opportunity to establish what is and what is not in
inventory
 Because of the crucial impact of inventory levels on the result for the year, it must be tested both
for existence and completeness. ( for most other areas the emphasis is likely to be on one or other
of these assertions rather than both)
 Inventory can consist of almost anything with different properties (see the list above). It can
therefore be quite complex and so needs to be well organized by the client. The auditor needs to
be equally well organized to ensure that sufficient, appropriate evidence is gather
 It is the client’s responsibility to establish the correct value of the inventory the auditor’s job is to
form an opinion as to whether that value is materially correct or not . it is therefore not the
auditor’s responsibility to count the inventory , only to check that it has been done correctly.
Procedures
Before the count
 Obtain clients instructions for the count and review them:

 For obvious flaws
 To ensure that the logistics for the audit team have been thought through
 To obtain awareness of where the most material or otherwise risky inventory lines are to be found.
On the count (inventory count)
 Observe the count as it proceeds to ensure:

 The client’s instructions are being followed
 Everything is counted and recorded
 There is no risk of anything being included more than once
 Evidence of damaged or slow moving inventory is being recorded
 Cut – off is observed – no dispatches or deliveries occur count is taking place, and there is no
movement of inventory within the client premises which may confuse the count
 Inventory sheets (or whatever method is used to record the count handheld devices, barcode
readers, etc) are properly controlled.
 Conduct test counts on a suitably random basis whilst gearing the tests toward material items:
- Existence – it will be necessary to check from the client’s inventory records to your test data,
so you need to ensure that you record sufficient details or the location and the items to be
able to trace them later.
- Completeness – you will need to be able to trace the items from your counts, into the client
inventory records and will therefore need to record sufficient details to enable you to do this.
Note. These aspects of the count are crucial – the auditor needs to know in advance:
- The details of the inventory

- How the inventory will be recorded in the client’s system.
Record cut – off information:
 The last goods received record of the year

 The last dispatch record of the year
Audit procedures at the final audit stage
 Obtain a list showing each individual line of inventories categorized between finished goods, WIP
and raw materials. Cast and agree the total to the inventories figures in the financial statements.
 Check that the figures disclosed in the financial statements agree to the audited figures and that
inventories have been correctly analyzed between finished goods, raw materials and work in
progress.
Valuation
 Trace some items of inventory in the inventory sheets back to original purchase invoices to agree
the cost
 Trace the same items of inventory post – end sales to determine the net realizable value of
inventory
 For items that have been sold trace to the provision for slow- moving inventory or discuss with
management why these have not been provided for
 Ensure that inventory is stated in the accounts at the lower of cost and net realizable value by
reviewing the relevant purchase invoices and after year end sales invoices.
Analytical review
 Calculate inventory cutover and compare to last year to assess reasonableness

 Calculate gross profit percentage and compare to prior year reasonableness
Cut – off
 Select a sample of GDN’s from immediately prior to the year end and included in year – end
payable, and ensure that the goods are included in year- end inventories.
 Select samples of GDN are from immediately prior to the year end and included in year- end
receivables, and ensure that the goods are not included in year – end invoice was raised in the
correct period.
Year end counts and continuous inventory system
The procedure suggested above apply to all inventory counts whether as a one- off year end exercise or
where inventory is counted on a rolling basis through the year.
The objective is the same:
 To know what the client has in inventory at the count took place.
Continuous inventory systems
Where the client has a continuous inventory, where a theoretical book inventory figure is always know,
there are both advantages and disadvantages for the auditor.
Advantages
 The auditor is less time constrained and can pick and choose particular location and inventory lines
at any time to ensure the system is working properly.
 Slow moving and damaged inventory should be identified and adjusted for in the client records on
a continuous basis therefore the inventory valuation should be more reliable.
Disadvantages
 The auditor will need to gain sufficient evidence that the system operates correctly at all time. Not
just at the time of the count.
 Additional procedures will need to be devised to ensure that the year end inventory figure is
reliable, even though it may not have been counted at that date.
Inventory held at the third parties
 Where the client has inventory at locations not visited by the auditor, the auditor normally
obtains confirmation of the quantities, value and condition from the holder. The auditor
needs to consider whether the holder is sufficient independent to be able to provide
relevant, reliable evidenced.
 As with confirmations from receivables, the auditor requests details from the party holding
the inventory on behalf of the client to confirm its existences.
 The confirmation request will be sent by the client to those parties identified by the client.
 The reply should be sent directly to the auditor to prevent it being tampered with by client.
 Problems can occur if the third party uses a different description to that of the client and
as always, a response is not guaranteed.
Other audit evidence about inventory
 For specialized inventory – livestock, property, food in restaurants, and significant work in progress
– it will be necessary to obtain evidence from experts- see section 9 of this chapter.
 The auditor needs to obtain evidence of the value of the inventory.
- Cost information can be obtained from invoices and price lists.
- The costs of manufactured can be obtained from invoices and costing records.
- The opinion of independent experts may be obtained.
Test your understanding 1

1 list the audit procedures before the inventory count. (3 marks)
2) List the audit procedures to test for existence and completeness on inventory.
(2 marks)
3) Saxophone Ltd runs a petrol filling station. List the audit procedures to tests the quantities of petrol
inventory of sheet and bar steel.
(2 m arks)
4) Flute Ltd makes large machines out of very heavy lumps of steel. List the audit procedures to test
its inventory of sheet and bar steel.
(2 marks)
5) Piccolo Ltd has a sheep farming business. List the audit procedures to verify the number of animals
it owns at the year end.
( 2 marks)
5 The audit of payables and accruals
PEOPLE WE OWE FOR INVOICED GOODS

AND SERVICES
PEOPLE OWE FOR GOODS AND SERVICES NOT

YET INVOICED (ACCRUALS)
WHAT ARE THEY?
People WE’VE BORROWED FROM (LOANS,
LESAING)
TAXES OWED- PAYE, VAT&CORPORATION TAX
DO WE REALLY OWE THIS? (EXISTENCE IS THERE

KEY QUESTIONS ANY MORE? (COMPLETENESS) IS IT DEAL WITH
IN THE RIGHT PERIOD? (CUT- OFF)
STATEMENT RECONCILATION CONFIRMATION

PROCEDURES REVIEW POST YEAR END PAYMENTS AND
INVOICES FOR OMITTED LIABILITIES
EXISTENCE, RIGHTS AND OBLGATIONS

AUDIT ASSERTION COMPLETENESS VALUATION AND ALLOCATION
AND CUT- OFF
Principles
 The main thrust of the testing of payables is usually to test for completeness.
 Testing for existence, valuation, etc. is still important, but the major consideration, is
for the auditor to gain assurance that all liabilities which should be include, are
included.
You therefore have to think of the best indicators that additional liabilities may exist. If as result of this,
none are revealed, the testing of the values, right and obligations of the payables we know about id
relatively straightforward.
Possible indicators of additional liabilities
Does the list of payables at the year end:
 Include all the major suppliers the client dealt with during the year?
 Include all significant suppliers from the equivalent list year?
 Include all expected accruals? Rent, utilities, telephone etc.
 Include expected sources of financing for non- current assets? Leasing, hire purchase, mortgages,
etc.
 Include all expected tax balances? Profits/corporation after the year end?
 Include all suppliers revealed by a review unpaid invoices at and after the year end?
 Include all supplies revealed by a review of unpaid invoices at and after the year end?
 Ensure that payables have been included in the financial statement in the heading of current
liabilities and agree to the working papers of payables
Existence
 Circularize a sample of trade payables to confirm the balance at the end of the year ( this is not a
usual audit test, and is more or less the same formations as for receivables confirmation except
that negative confirmation are more acceptable)
 Reconcile supplies statement balance to the payables ledger
Completeness
 Investigate any supplied names that were shown on last year ‘s pebbles listing but do not have a
balance showing in this year’s list of balances
 Review after date invoices and payments and ensure they have been provided for at the year- end
as appropriate
 Perform analytical procedure on the list of payables. Determine reasons for any unusual change in
the total balance of individual payables in the list.
 Calculate the trade payables payment period and compare to last year to assess reasonableness
 Obtain a list of the individual balances from the payables ledger, check the cast and agree the total
to the trade payables figure in the draft financial statement
 Obtain a list of debit balances in the payables ledger and obtain explanations from management
 Agree brought forward figure to last year’s audit file
Cut-off
 Select a sample of GRN’s immediately prior to the year end to test that they are in year-end
payable , and ensure that the goods are in year-end inventories , also test GRN’s post year end to
test that they are not in inventory at the year end
Supplier statement reconciliations
For those suppliers balances selected for testing:
 Obtain supplier statement at the statement of financial position date.

 Compare with balance according to the client records
 Seek explanation for differences from client staff.
Expandable Text – Explanation of differences

There generally two main explanations for differences:
1) Timing difference:
- Invoices not yet received by the client.
- Payments not yet received by the supplier
- Returns and credit notes not yet appearing on the supplier’s statement.
2) Errors
- Supplier errors that will remain as part of the reconciliation until the supplier corrects them.
- Client errors, which the client needs to adjust.
Note. It is possible that there are administrative reasons at the client for some of the difference:
 Goods received accrual – invoiced received but not yet processed.
- Perhaps awaiting authorization , or perhaps ‘may does the posting on Tuesdays’ which means that
invoices arriving between Wednesday and Monday are known about but not yet entered on the
system.
 Goods received not involved – the client accrues for all goods received but does not post to
the purchase ledger until the invoice is
 Cheques in the drawer- not goods received but do not post to the purchase ledger until the
invoice is received.
Cheques in the drawer – not a good idea to have signed cheques lying around, but
sometimes for relatively short periods there may be a deal in sending out the
cheque. Sometimes, with systems with automated payment runs, the accounts staff
does not know how to prevent cheques being produced and the number of cheques
in the drawer can be quite about the accounting staff’s competence, idea, and raises
questions about the accounting staff competence. And, on assumption the amounts
are material, will mean the amounts will have to be added back to both bank and
payables.
Suggested layout a supplier’s statement reconciliation
Supplier’s statement Year end date
Reconciliation
Supplier limited
$ $
Balance per supplier statement Less : xxxx
Returns/credit not yet credited xx
Payments not yet received by supplier xx
(xx)
xxx
Balance per purchase ledger xxx These figures should
Invoices not yet posted xxx be the same!
Goods received not invoiced xxx
Reconciled balance xxx
Expandable Text – supplier reconciliation example

Tuba Ltd
You are auditing the payables of tuba Ltd and have found that the balance according to Tuba’s purchase
ledge does not agree to the statement from its supplier Trombone Ltd.
The following is relevant.

$
Balance per Tuba Ltd’s purchase ledger 350

Balance per Trombone Ltd’s statement 1,500
Invoices in file on purchase ledger desk awaiting posting 150
Goods returned by Tuba to Trombone in last week of the year, not yet reflected on Trombone’s statement
200
Value of goods from Trombone received by Trombone on the very last day of the year ( invoices are sent by mail) 50
Payment by cheque sent by mail by Tuba to Trombone on the very last day of the year 750
What is the correct figure for the balance between Tuba and Trombone that should from part of Tuba’s payables
figure in its financial statements?
Solution
Trombone Ltd state ment réconciliation $ $
Balance per supplier statement 1, 500
Less :
Returns / credit not yet credited 200
Payments not yet received by supplier 750
_____
Agreed balance 950
_____
550
Balance per purchase ledger 350
Invoices not yet posted 150
Goods received not invoiced 50
_______
Reconciled balance 550
_______
Accruals
 Review relevant invoiced after the statement of financial position date. If none are
received , compare with previous periods
 Obtain the list of accruals from the client, cast it to confirm arithmetical accuracy
 Agree the figure per the schedule to the general ledger and financial statement
 Agree the calculation of the accrual by reference to supporting documentation e.g.
previous period invoice
Text balances
 Corporation / profits taxes – agree computations.

 Payroll tax – agree to payroll records.
Overdrafts, loans, etc.
 Agree to bank confirmations.
Leased, hire purchase
 Agree details to underlying agreement.
Income statement entries related to accounts payable
 Accruals will have a direct impact on the income statement accounts they relate to – ensure the
postings have been put through correctly and any opening accruals have been properly reversed.
 Some accruals may themselves lead to additional accruals, e.g. accrued bonuses payable to
directors and staff, may lead to additional employer’s social security charges.
 For all interest bearing accounts, loans, overdrafts, etc. ensure the correct accrual is made for
interest payable.
6 The audit of bank and cash
BANK AND CASH
ASSERTIONS PROCEDURES
EXISTENCE
RIGHTS AND
OBLIGATIONS BANK LETTER BANK
RECONCILIATION CASH COUNT
VALUATION
COMPLETENESS
The bank letter (bank confirmation reports)
 Direct confirmation of bank balances gives the auditor indepent, third-party evidence.
 The format of the letter is usually standard and agreed between the banking and auditing
professions.
 Issues covered are:
- The client’s name
- The confirmation date.
- Balances on all bank accounts held
- Any documents or other assets held for safekeeping
- Details or any security arrangements-guarantees, forward currency purchases or sales, letters
of credit.
- Details of any security given
 The auditor needs the client to give the bank authorization to disclose the necessary information
(in some jurisdictions such disclosures are illegal so bank cannot be used at all).
 Ensure that all banks that the client deals with are circularized.
 When items on the bank letter are deal with, tick them off and cross reference to the relevant
working paper to make it easy to see that there are no outstanding items. The balances for each
bank account should be agreed to the relevant bank reconciliation at the year end. Interest charges
should be agreed to the interest expense account in the general ledger, details of loans should be
agreed to the disclosure in the statement of financial position to ensure it is correctly classified into
the current and non current elements.
Bank and cash- other evidence
 Obtain a list of all bank accounts, cash balances and bank loans and overdrafts and agree to totals
to figures included in current assets and current liabilities in the financial statements
 Obtain a copy of the client bank reconciliation , cash and agree the balances to the cash book and
bank letter
 Trace all outstanding lodgments and unpresented cheques to pre-year-end cash book and post-
year –end bank statement
 Ensure all accounts in the bank certificate are included in the financial statement
 Ensure bank loans and overdrafts are not offset against positive bank balances in the financial
statement
 Note. it is vital for an auditor conducting a cash count to do so in the presence of a member of the
client staff and to obtain a signature for the amount handed back in to the client custody
 Where there are multiple cash balances- a number of tills in a department store, etc – it is
important to ensure amounts cannot be moved between tills and that proper cut- off procedures is
in place.
Income statement and other account entries related to bank and cash
 Clearly , bank loans, overdrafts and bank deposits all the have interest implication
 The bank letter may reveal details of security, borrowing and contingent liabilities which need to
be disclosed in the financial statements.
 Ensure that bank and cash have been including in the financial statement in the heading of current
assets and overdraft loans presented in current liabilities and non-current liabilities.
 Ensure the financial statement amounts agree bank to the trial balance amount.
Existence
 Select a sample of assets from the non-current asset register and physically inspect them.
Completeness
 Select a sample of assets visible at the client premises and inspect the asset register to ensure they
are included.
 Examine the repairs and maintenance accounts in the general ledger for large and unusual items
that may be capital in nature.
Valuation
 Repertory depreciation calculations by :

- Selecting a sample of assets from the register and recalculating the charge for the year
- Recasting the list of individual asset depreciation charges
- Agreeing the total charge to the financial statement
 Alternatively, agree this year’s charge as reasonable by taking last year’s charge and amending it
for additions, disposals, revaluations, changes in method or policy, etc. compare the predicted
charge for the year with the actual charge, and seek explanations for any material differences.
 If any assets have been revalued during the year:
- Agree new valuation to value’s report
- Verify that all similar assets have also been revalued
- Repertory depreciation calculations to verify that change is based on new carried and agree to
supporting documentation (timesheets, materials invoices, etc.)
 When physically inspecting assets, take note of their condition and usage in case of impairment.
 For a sample of assets, agree cost to purchase invoice (or other relevant documentation) ensuring
all relevant costs have been included.
 If any assets have been constructed by the company, obtain analysis of costs incurred and agree to
supporting documentation (timesheets, materials invoices, etc).
Rights and obligations
 For a sample of recorded assets , obtain and inspect ownership documentation:

- Title deeds for properties
- Registration documents for vehicles
- Insurance documents may also help to verify ownership (and asset values).
 Where assets are leased, inspect document to assess whether the lease is operating or finance (if
the latter, the asset should be included on the company’s statement of financial position).
Disclosure
 Agree opening balances with prior year financial statements.

 Compare depreciation rates in use with those disclosed.
 For revalued assets, ensure appropriate disclosures made (e.g.name of values, revaluation police).
 Agree breakdown of assets between classes with the general ledger account totals.
8 The audit of non-current liabilities
NON-CURRENT LIABILITIES
ASSERITIONS PROCEDURES
PHYSICAL INSPECTION
EXISTENCE
REVIEW LIKELY ACCOUNS FOR

COMPLETENCESS MISPOSTINGDS
INSPECT TITLE DEEDS. ETC
RIGHTS AND
OBLIGATIONS INSPECT PURCHASE CONTRACTS
INSPECT INVOICE. ETC.
RECALCULATE DEPRECIATION CHARGE
VALUTATION CONFIRM VALUATION WITH EXPERT
CONSIDER IMPAIRMENT
Existence
 Select a sample of assets from the non- current asset register and physically inspect them.
Completeness
 Select a sample of assets visible at the client premises and inspect the asset register to
ensure they are included
 Examine the repairs and maintenance accounts in the general ledger for large and unusual
items that may be capital in nature.
Valuation
 Reperform depreciation calculations by:

- Selecting a sample of assets from the register and recalculating the charge for year
- Recasting the list of individual asset depreciation charges
- Agreeing the total charge to the financial statement.
 Alternatively, agree this year’s charge as reasonable by taking last year’s charge and
amending it for additions, disposals, revaluations, changes in method or policy, etc. compare the
predicted charge for the year with the actual charge. And seek explanations for any material
differences.
 Assess depreciation policies for reasonableness by:
- Comparing methods used with prior year
- Comparing methods used with similar companies
- Analyzing the recent trend of profits and losses on asset disposals.
 If any assets have been revalued during the year:
- Agree new valuation to value’s report
- Verify that all similar assets have also been revalued
- Reperform depreciation calculation to verify that charge is based on new caring value.
 When physically inspecting assets, taken note of their condition and usage in case of
impairment.
 For a sample of assets, agree cost to purchase invoice (or other relevant documentation)
ensuring all relevant costs have been included.
 If any assets have been constructed by the company, obtain analysis of costs incurred and
agree to supporting documentation (timesheets, materials invoices, etc.).
Rights and obligations
 For a sample of recorded assets, obtain and inspect ownership documentation:

- Title deeds for properties
- Registration documents for vehicles
- Insurance documents may also help to verify ownership (and asset values).
 Where assets are leased, inspect the lease document to assess whether the lease is
operating or finance (if the letter, the asset should be included on the company’s statement of
financial position).
Disclosure
 Agree opening balances with prior year financial statements.

 Compare depreciation rates in use with those disclosed.
 For revalued assets, ensure appropriate disclosures made (e.g. name of valued, revaluation
policy).
 Agree breakdown of assets between classes with the general ledger account totals.
CHAPTER 12
COMPLETION AND REVIEW
1 – DESCRIPTION AND PURPOSE OF THE COMPLETION AND REVIEW
 The completion and review stage of the audit is the final stage of the audit process. It is also
referred to as the “overall review stage” or “the final review stage”.
 It is a highly significant part of the whole audit process.
 The overall review stage of the audit is the point at which the final decisions are taken.
 Decisions are taken that:
 the firm’s procedures have been followed properly
 the quality of the work done (by the auditor) is up to standard
 the financial statements give (or not) a true and fair view, and
 they comply (or not) with the applicable accounting reporting framework.
2 – WHAT HAPPENS IN THE OVERALL REVIEW STAGE?
For final decisions to be taken, answers should be provided to the following questions:
 In relation to financial statements: Are they OK?
 In relation to audit evidence gathered so far: Are they OK?
 In relation to other completion procedures: Have they been carried out?
2.1 – Are the financial statements OK?
A similar or alternative question could be: Do the financial statements comply with the relevant reporting
framework? The answer involves comply with:
 Law;
 Applicable accounting standards;
 GAAP;
 Other regulations (e.g. Stock Exchange listing requirements);
 Does other information published with the financial statements (e.g. Directors’ report, Chairman’s
review) conflict with them in any way?
2.2 – Are audit evidence OK?
Here, the auditor is trying to find out whether the evidence gathered in the course of the audit supports
the audit opinion.
The answer to this question calls for the review/examination of the whole audit process, from planning
passing through substantive audit to completion. Sub-questions include:
 Was the audit plan followed?

 Has sufficient, appropriate audit evidence been gathered?
 Has the work been performed in accordance with professional standards and legal requirements?
 What issues arose? What errors were found?
 Have the matters been raised for future consideration?
 Was the plan suitably modified to allow for changing circumstances?
 Have necessary consultations taken place both within the firm and with outside experts?
 Has the file been adequately reviewed at lower levels within the firm (e.g. by the senior and the
manager)?
 Have the necessary checklists been completed?
 Work supports conclusions reached and is appropriately documented.
2.3 – Have the necessary completion procedures been carried out?

Relevant issues here include:
 Final analytical review;
 Consideration of the firm’s continued independence;
 Second partner review (if appropriate);
 Subsequent events review;
 Going concern review;
 Management representations obtained;
 Objectives of the engagement procedures have been achieved.
3 – HOW ERRORS DISCOVERED IN THE COURSE OF THE AUDIT DEALT WITH AT

THE FINAL REVIEW STAGE
During the course of the audit, the auditor will have identified errors within the account balances and
transactions. How these differences are dealt with impacts on their significance to the financial statements.
All identified errors should be recorded on a working paper set up for the purpose. Often referred to as:
 errors summary;
 overs and unders;
 schedule scoresheet.
At the review stage the auditor has the following options:
i. the auditor gives a true and fair audit report: at this juncture, the auditor must have informed the
client of the errors and the client must have adjusted the financial statements to correct these
errors. It is worth mentioning here that immaterial misstatements will not have an impact on the
financial statements, we only look at material items.
ii. the auditor must persuade the client to amend for material errors otherwise a qualified report
will be given. This option applies when the client has earlier refused to change errors.
Errors which end up not been changed are known as unadjusted differences. Unadjusted differences can
be of two types:
 individual material errors: It means they are significant enough in isolation to constitute a material
misstatement in the financial statements;
 individual immaterial errors: errors that are individually immaterial may in aggregate amount to a
material difference.
4 – THE TREATMENT OF ERRORS WITHIN THE COURSE OF THE AUDIT
 Errors identified through sampling need to be extrapolated so that the potential error in the
population as a whole can be estimated. If such errors reveal a potentially material adjustment, the
audit team should have carried out additional work to determine whether or not the error actually
is material, before the assignment reaches the review stage.
 ISA 260 Communication of audit matters with those charged with governance states that the
auditors would normally report:
 material audit adjustments whether or not recorded by the entity and
 aggregate uncorrected misstatements
to those charged with governance. ISA 260 allows for a threshold to be set to avoid the necessity for
reporting errors which are clearly trivial, but this reinforces the need for the “errors schedule” to be
completed methodically as the audit progresses.
Consideration of errors identified in the course of the audit will often provide useful input to the planning
process for the following year’s audit.
5 – SUBSEQUENT EVENTS REVIEW
5.1 – Definition of subsequent events

 Subsequent events are events occurring and facts discovered between the period end and the date
the financial statements are authorized for issue.
 Subsequent events are also referred to as “events after the reporting period”.
 Auditors must take steps to ensure that any such events are properly reflected in the financial
statements. This is done by what is referred to as “subsequent events review”, alternatively called
“events after the reporting period review”.
 Before tackling subsequent events review, it is wise knowing the different types of subsequent
events.
5.2 – Types of subsequent events
In financial accounting, subsequent events are dealt with according to IAS 10 Events after the reporting
period.
Adjusting events should be distinguished from non-adjusting events.
5.2.1 – Adjusting events

 Adjusting events are events after the reporting date which provide addition evidence of conditions
existing at the reporting date (balance sheet date).
 They require adjustments in the financial statements.
 Examples include:
 irrecoverable debts arising after the reporting date, which may help to quantify the
allowance for receivables as at the reporting date (in short, receivables going bad);
 Credit notes relating to sale invoices in the year end;
 allowances for inventories due to evidence of net realisable value;
 amounts received or receivable in respect of insurance claims which were being negotiated
at the reporting date;
 the discovery of fraud or errors.
5.2.2 – Non-adjusting events
 Non-adjusting events are events after the reporting date which concern conditions that arose after
the reporting date, but which may be of such materiality that their disclosure is required to ensure
that the financial statements are not misleading.
 Examples include:
 a major business combination (or takeover) after the reporting date;
 Legal issues after the year end;
 the destruction of a major production plant by a fire after the reporting date;
 abnormally large changes after the reporting date in asset prices or foreign exchange rates;
5.3 – Subsequent events review procedures
Audit procedures undertaken in performing a subsequent events review might include any of the
following:
 Obtaining documentation from bodies involved;
 Enquiring into management procedures/systems for the identification of subsequent events;
 Reading minutes of members’ and directors’ meetings, and of audit and executive committee
meetings, and enquiring about matters not yet minuted;
 Reviewing accounting records including budgets, forecasts and interim information;
 Making enquiries of directors to ask if they are aware of any subsequent events, adjusting or non-
adjusting, that have not yet been included or disclosed in the financial statements;
 “Normal” post reporting period work performed in order to verify year-end balances:
 checking after date receipts from receivables;
 verifying the value of accrued expenses by checking invoices when received;
 checking inventory valuations are at lower cost and net realisable value by testing to
eventual selling prices.
 Obtaining, from management, a letter of representation.
5.4 – Auditors’ responsibilities with respect to subsequent events
ISA 560 Subsequent Events details the responsibilities of the auditors with respect to subsequent events
and the procedures they can use. It spells out that as auditors are responsible for their audit work right up
to the date the financial statements are issued, they should perform subsequent event reviews until that
date has passed.
The auditors’ responsibilities change with the different sequences involved from the reporting date to the
date the financial statements are presented before the annual general meeting:
i. From the reporting date to the signing date of the audit report: The auditor has an active duty to
search for all material events.
Actions:
 Indulge in normal audit procedures to detect material misstatements;
 Discuss with management ask them to revise financial statements, if errors found;
 If client updates the financial statements the auditor would give a clean audit report;
 If the client refuses to change the financial statements the audit report will need to be
qualified.
ii. Between the signing date of the audit report and the issuing date of the financial statements:
Auditors have a passive duty. Auditors only have to act if they are aware of something – but once
they are aware, they have a duty to take the necessary action.
Actions:
 Discuss with management;
 Review the financial statements to ensure revised and redraft audit report;
 If client refuses:
 seek legal advice;
 attend Annual General Meeting;
 resign.
The auditor can equally report to the audit committee, to the government (when
business relationship exists with the client) and to professional body.
iii. Between the issuing date and the date of presenting the financial statements to the Annual
General Meeting: Auditors have passive duty similar to that of the previous sequence.
Actions:
 Discuss with management but the directors will have to recall the financial statements;
 Review the financial statements to ensure revised and redraft audit report;
 If client refuses:
 seek legal advice;
 attend Annual General Meeting;
 resign.
The auditor can equally report to the audit committee, to the government (when
business relationship exists with the client) and to professional body.
Illustration 1 – Events after the reporting period review
A few days after signing an audit report, but before the client’s financial statements have been approved
by the shareholders at the AGM, the auditors receive a phone call from a director indicating a material
error in the financial statements.
In such circumstances, a number of things may happen:
 Client produces a revised set of financial statements.
Where this happens, the auditor needs to produce a new audit report, as the audit report must always be
dated on or after the date that the financial statements are signed by the directors. The auditor will
therefore need to extend (to extend should be understood as “to carry out, to a certain extent, the normal
audit work”) “active duties” on all other matters from the original date of the audit report to the new date.
 Client refuses to change the financial statements.
Now the financial statements are materially wrong, but the initial audit report said they were true and fair.
The auditor should ask for the audit report back, so that a new qualified report can be issued. However, the
client may refuse this as well.
In such circumstances, the auditor should obtain legal advice, consider resignation, and speak at the AGM
to notify shareholders.
6 – GOING CONCERN
6.1 – Definition of the going concern concept
According to IAS 1 financial statements should be prepared on the basis that the company is a going
concern unless it is inappropriate to do so.
The going concern concept is defined in IAS 1 as the assumption that the enterprise will continue in
operational existence for the foreseeable future.
Management (and auditors) should generally look ahead at least one year from the date of the directors’
approval of the financial statements, in assessing the validity of the going concern basis.
There may be circumstances in which it is appropriate to look further ahead. This depends on the nature of
the business and the associated risks.
6.2 – The going concern concept – significance
Whether or not a company can be classed as a going concern affects how its financial statements are
prepared.
 Financial statements are usually prepared on the basis that the reporting entity is a going concern.
 IAS 1 states that “an entity should prepare its financial statements on a going concern basis, unless:
 the entity is being liquidated or has ceased trading, or
 the directors have no realistic alternative but to liquidate the entity or to cease trading”.
 Where the assumption is made that the company will cease trading, the financial statements are
prepared using the break-up basis under which:
 assets are recorded at likely sale values;
 inventory and receivables are likely to require more provisions, and
 additional liabilities may arise (severance costs for staff, the costs of closing down facilities,
etc.).
6.3 – Directors’ responsibilities with regards to going concern
 It is the directors’ responsibilities to assess the company’s ability to continue as a going concern
when they are preparing the financial statements.
 If they are aware of any material uncertainties (different from material misstatements) which may
affect this assessment, then IAS 1 requires them to disclose such uncertainties in the financial
statements.
6.4 - Auditor’s responsibility with regards to going concern
 ISA 570 Going Concern states that the auditor needs to consider the appropriateness of
management’s use of the going concern assumption. The auditor needs to assess the risk that the
company is not a going concern.
 Where there are going concern issues, the auditor needs to ensure that the directors have made
sufficient disclosure of such matters in the notes to the financial statements.
In a nutshell, the auditor needs to satisfy himself that the going concern assumption is reasonable,
and disclosures made by directors are adequate.
The auditor undertakes “going concern reviews” to obtain this assurance.
6.5 – Going concern review – review procedures
The review procedures include:
 Review correspondence with major customers, suppliers and the bank for evidence of disputes;
 Review post year-end management accounts to analyse trend in performance;
 Consider whether directors have taken all relevant factors into consideration in their going concern
review;
 Review cash flow forecasts produced by management for evidence of expected
improvement/deterioration in the coming year.
Comment and hints
The procedures that the auditors undertake for their going concern review will depend on the risk that the
company may not be a going concern.
 In a company where profits are high, cash flows are positive, finance is in place, and there is no
obvious exposure to large losses, going concern procedures are likely to be minimal.
 Where any doubts regarding going concern exist, procedures are more extensive.
 When companies go out of business, it is more likely to be due to a lack of cash than a lack of
profits. However, in the long term, profits are of course essential for survival.
 The auditor should remain alert for evidence of events or conditions which may cast significant
doubt on the entity’s ability to continue as a going concern, both in the planning stage and
throughout the audit.
6.6 – Indicators of going concern problems
Typical indicators of going concern problems include the following:
 Net current liabilities (or net liabilities overall!);

 Borrowing facilities not agreed;
 Default on loan agreements;
 Unplanned sales of non-current assets;
 Behind with tax payments;
 Behind with paying staff;
 Major cash outflows;
 Unable to obtain credit from suppliers;
 Major technology changes in the industry (and failure to adapt);
 Legal claims against the company;
 Loss of key management or staff;
 Over-reliance on a small number of products or staff.
6.7 – Revisiting the disclosure requirements imposed on directors
The directors should disclose any issues affecting the going concern status of the company. Such
disclosures should explain:
 the doubts;
 the possible effect on the company;
 the basis used where the financial statements are prepared on a basis other than the going
concern;
 other facts.
Where there is no going concern problem, no disclosure implications exist.
6.8 – Revisiting the reporting implications for the auditor
 After the going concern review, and where the going concern is used and is appropriate, the
auditor does not need to mention the fact in their report.
 If the auditor believes that the going concern basis is inappropriate or the disclosures given by
management about the going concern are inadequate, but the directors do not, the audit report
will need to be qualified, i.e. the auditors will be saying that the financial statements do not give a
true and fair view.
 If the going concern basis is not appropriate and the directors prepare the financial statements on
some other, appropriate basis, the auditors would normally refer to this in their report because it is
a matter of extreme significance – this is called an “emphasis of matter paragraph” for obvious
reasons.
7 – MANAGEMENT REPRESENTATIONS
7.1 – Definition of management representations
Management representations are a particular type of enquiry, whereby the auditor asks management to
confirm, in writing, a number of issues covered by or surrounding the financial statements.
 These may be general matters such as:
 the directors’ understanding their responsibility to produce financial statements that show
a true and fair view or
 whether all information that the auditors need for the purpose of the audit has been
communicated to the auditors.
 They may be specific to the client or this particular year’s financial statements such as:
 confirmation of values where there is a significant degree of estimation or judgement

involved, e.g. development expenditure on new products or the outcome of litigation;
 formal confirmation of the directors’ judgement on contentious issues, e.g. the recognition
of revenue, or the value of assets where there is a risk of impairment.
7.2 – How are management representations obtained
As the audit progresses, the audit team will assemble a list of those items about which it is appropriate to
seek management representations.
As part of the completion process the auditors will write to the client’s management stating the issues
about which they are seeking representations.
The representations themselves may take any of the following forms:
 A letter from the client’s management to the auditors covering the necessary points. Usually the
auditors will provide management with a draft of the letter for them to produce on the client’s
letterhead and sign.
 A letter from the auditors to management setting out the necessary points, which management
signs in acknowledgement and returns to the auditors.
 Minutes of the meeting at which representations were made orally which can be signed by
management as a true record of what was discussed.
7.3 – Why do auditors need management representations?
There are three good reasons why management representations are necessary:
i. Formal confirmation by management
It is management’s responsibility to produce financial statements that show a true and fair view, the most
obvious first source of audit evidence is to ask them whether or not they have done so.
ii. Perhaps the only evidence available
There may be circumstances where no other sufficient, appropriate audit evidence may reasonably be
expected to exist – the issues concerning estimation and judgement are the most obvious examples.
iii. Required by ISA 580 and other ISAs
ISA 580 Management representations and the requirements of a number of other ISAs make it compulsory
for the auditors to obtain management representations on a number of specific issues.
7.4 – The quality and reliability of management representations

We have earlier seen that the quality and reliability of audit evidence depends on a number of issues, in
particular:
 its source (independent, external or auditor generated evidence is better than evidence generated
internally by the client);
 how it is obtained (evidence obtained directly by the auditor is better than evidence obtained
indirectly by inference);
 its medium (documentary, particularly original rather than copied, evidence is better than oral
evidence).
Clearly written management representations are documentary evidence obtained directly by the auditor
which is the good news.
The bad news is that management representations are not independent.
The auditor will therefore have to make judgements about:

 management’s competence to make the representations;
 management’s integrity;
 whether circumstances are such that management’s behaviour may be expected to be different
from how it has been in the past.
If, for example the client was:
 under increased financial pressure because of difficult trading conditions;
 subject to being taken over, where the value of managements’ shareholdings could vary widely
depending on the terms of the takeover
the auditors might revise their judgement about the reliability of management representations. Therefore
need for written management representation to be corroborated by other evidence (see new text).
Exam hint
Always consider whether obtaining management representations is appropriate in answer to a question

about designing audit procedures or gathering audit evidence. It very often will be.
Possible representations to be obtained from management
1 Directors acknowledge responsibility for financial statements.

2 Directors acknowledge responsibility for design and implementation of internal control procedures.
3 All books of account and relevant supporting information made available.
4 Directors have assessed the risk of fraud and regard it as low.
5 No irregularities involving management or employees with significant role in preparing financial
statements.
6 All allegations of fraud have been disclosed.
7 All related parties have been identified.
8 There has been full compliance with contractual obligations.
9 There has been full compliance with laws and regulations.
10 Financial statements are free from material misstatements including omissions.
11 Uncorrected errors are immaterial.
12 All balances and transactions with related parties have been suitably disclosed.
CHAPTER 13
AUDIT REPORT
1 - AN AUDITOR’S REPORT, WHAT IT MEANS?
The auditor's report is a formal opinion, or disclaimer thereof, issued by either an internal auditor or an
independent external auditor as a result of an internal or external audit or evaluation performed on a legal
entity or subdivision thereof (called an “auditee”). The report is subsequently provided to a “user” (such as
an individual, a group of persons, a company, a government, or even the general public, among others) as
an assurance service in order for the user to make decisions based on the results of the audit.
An auditor’s report is considered an essential tool when reporting financial information to users,
particularly in business. Since many third-party users prefer, or even require financial information to be
certified by an independent external auditor, many auditees rely on auditor reports to certify their
information in order to attract investors, obtain loans, and improve public appearance. Some have even
stated that financial information without an auditor’s report is “essentially worthless” for investing
purposes.
Our focus here is on the independent external auditor’s report.
2 - THE AUDITOR’S OPINION
A company’s auditor must report their opinions to shareholders/members on two primary matters:
i. whether the financial statements give a true and fair view (or present fairly in all material
respects),
ii. whether the financial statements have been properly prepared in accordance with relevant rules,
e.g.:
 International Accounting Standards;
 a particular country’s legal requirements.
ISA 700 Forming an Opinion and Reporting on Financial Statements, makes it an obligation for the
auditor’s opinion to be clearly expressed through a written report.
In addition to the above requirement, the auditor should evaluate whether:
 the financial statements adequately disclose the significant accounting policies;
 the accounting policies selected are consistently applied and appropriate;
 accounting estimates are reasonable;
 information is relevant, reliable, comparable and understandable;
 the financial statements provide adequate disclosure to enable the users to understand the effects
of material transactions and events; and
 the terminology used is appropriate.
Reporting by exception, also referred to as implied reporting, requires that the following matters should be
reported on:
 where Returns are not received from all branches of the company
 where Accounting records are inconsistent with the FS
 where Proper accounting records have not been kept
 where all Information and explanations were not received
 where Director transactions with the company are missing from FS.
The above can be remembered using the mnemonic RAPID.
Reporting by exception is not the same as a qualification; however, as the matters dealt with are usually
legal requirements, non-compliance will probably lead to a qualification anyway. For instance, if all
information and explanations have not been received, there will most likely be a “limitation of scope”, a
situation whereby the auditor is unable to express an opinion because the information and explanations
needed were not provided.
3 - CONTENTS OF THE AUDITOR’S REPORT
ISA 700 provides guidance as to the nature and wording of the audit report, most importantly the report
must be in writing.
In addition it recommends that the audit report be broken into distinct sections that explain the purpose,
nature and scope of an audit. The main reason for this is to ensure that the users of the audit report
understand the nature of audit procedures and that only reasonable assurance is being offered. One of the
primary purposes of this is to reduce the “expectations gap”.
S/N° Recommended elements of the report Example of clean audit report
1 Title: INDEPENDENT AUDITOR’S REPORT

The title should be “appropriate”. The
use of “Independent Auditor’s Report”
distinguishes this report from any other
report produced internally or by other
non-statutory auditors.
2 Addressee: (APPROPRIATE ADDRESSEE)
The report should be addressed to the
intended user of the report which is
usually the shareholders, or other
parties as required by the
circumstances of the engagement.
3 Introductory paragraph: Introductory paragraph
 Identifies the entity whose We have audited the accompanying financial statements of
financial statements have been the ABC Company, which comprise the statement of financial
audited; position as at 31 December, 20X9, and the income statement,
 States that the financial statement of changes in equity and statement of cash flow
statements have been audited; for the year then ended, and a summary of significant
 Identifies the components of accounting policies and other explanatory information.
the financial statements (by
name and even page
reference);
 Refers to the accounting
policies applied to the financial
statements; and
 Specifies the date or period
covered by the financial
statements.
All what is provided here is to
distinguish such information from other
documents that have not been subject
to audit (e.g. the Directors’ Report,
Chairman’s Review)
4 Statement of responsibilities of Management responsibility for the Financial Statements
management:
 Preparation of the financial Management is responsible for the preparation and fair
statements in accordance with presentation of these financial statements in accordance with
the applicable financial International Financial Reporting Standards. This
reporting framework; responsibility includes, designing, implementing and
 Designing, implementing and maintaining internal control relevant to the preparation and
maintaining an effective fair presentation of financial statements that are free from
internal control system to material misstatement, whether due to fraud or error;
enable the preparation of selecting and applying appropriate accounting policies; and
financial statements that are making accounting estimates that are reasonable in the
free of material misstatement; circumstances.
 Applying appropriate
accounting policies; and
 Making reasonable accounting
estimates.
5 Statement of responsibilities of the Auditor’s responsibility
auditors:
 Express an opinion; Our responsibility is to express an opinion on these financial
 The audit was conducted in statements based on our audit. We conducted our audit in
accordance with ISAs; accordance with International Standards on Auditing. Those
 Requirement to comply with Standards require that we comply with ethical requirements
ethical standards; and plan and perform the audit to obtain reasonable
 The fact that the audit was assurance about whether the financial statements are free
planned and performed to from material misstatement.
obtain reasonable assurance An audit involves performing procedures to obtain audit
about whether the financial evidence about the amounts and disclosures in the financial
statements are free from statements. The procedures selected depend on the auditor’s
material misstatement. judgement, including the assessment of the risks of material
 Audit involves procedures misstatement of the financial statements, whether due to
designed to obtain evidence fraud or error. In making those risk assessments, the auditor
about amounts and disclosures considers internal control relevant to the entity’s preparation
in the financial statements; and fair presentation of the financial statements in order to
 The procedures are based upon design audit procedures that are appropriate in the
auditor judgement, including a circumstances, but not for the purpose of expressing an
risk assessment and opinion on the effectiveness of the entity’s internal control.
consideration of internal An audit also includes evaluating the appropriateness of
controls; accounting policies used and the reasonableness of
 Obtain sufficient, appropriate accounting estimates made by management, as well as
audit evidence on which to base evaluating the presentation of the financial statements.
the opinion. We believe that the audit evidence we have obtained is
sufficient and appropriate to provide a basis for our audit
opinion.
6 Auditor’s opinion (headed “Opinion” Opinion

When expressing an unmodified
opinion the auditor (unless otherwise In our opinion, the financial statements present fairly, in all
required by relevant laws or material respects (or give a true and fair view of) the financial
regulations) uses one of the following position of ABC Company as at December 31 20X9, and (of)
phrases: its financial performance and its cash flows for the year then
 “the financial statements ended in accordance with International Financial Reporting
present fairly, in all material Standards
respects.......”; or
 “the financial statements show
a true and fair view of
.................”.
7 Auditor’s signature: Auditor’s signature
 The report may be signed in the
name of the firm, or the
personal name of the auditor,
as appropriate for the particular
jurisdiction.
 There may also be a
requirement to state the
auditor’s professional
accountancy designation or that
the firm is recognised by the
appropriate licensing authority
(i.e. that the fim/partner is a
member of a body such as ACCA
and is registered to audit).
8 Date of report: [Date of auditor’s report]
 The audit report should be
dated no earlier than the date
on which the auditor has
obtained sufficient appropriate
evidence upon which to base
their opinion.
 This requires that all the
statements and
notes/disclosure that comprise
the financial statements are
finalised and that those with
responsibility for preparation of
the financial statements have
acknowledged their role.
 Practically this means that the
auditor should sign their report
after the directors have
approved the financial
statements.
9 Auditor’s address: Auditor’s address
The audit report should name a specific
location, which is normally the city
where the auditor maintains the office
that has responsibility for the audit.
Think about the scope paragraph
4 - TYPES OF AUDITOR’S REPORTS
There are four common types of auditor’s reports, each one presenting a different situation encountered
during the auditor’s work. The four main types of report include:
 the unqualified opinion report;

 the qualified opinion report;
 the adverse opinion report; and
 the disclaimer of opinion report.
4.1 - Unqualified (unmodified) Opinion report
An opinion is said to be unqualified when the Auditor concludes that the Financial Statements give a true
and fair view in accordance with the financial reporting framework used for the preparation and
presentation of the Financial Statements. An Auditor gives a Clean opinion or Unqualified Opinion when he
or she does not have any significant reservation in respect of matters contained in the Financial
Statements. The most frequent type of report is referred to as the Unqualified Opinion, and is regarded by
many as the equivalent of a “clean bill of health” to a patient, which has led many to call it the Clean
Opinion, but in reality it is not a clean bill of health, because the Auditor can only provide reasonable
assurance that there are no material misstatements within the Financial Statements. This type of report is
issued by an auditor when the financial statements presented are free of material misstatements and are
represented fairly in accordance with the Generally Accepted Accounting Principles (GAAP), which in other
words means that the company’s financial condition, position, and operations are fairly presented in the
financial statements. It is the best type of report an auditee may receive from an external auditor.
An Unqualified Opinion indicates the following --
(1) The Financial Statements have been prepared using the Generally Accepted Accounting Principles which
have been consistently applied;
(2) The Financial Statements comply with relevant statutory requirements and regulations;
(3) There is adequate disclosure of all material matters relevant to the proper presentation of the financial
information subject to statutory requirements, where applicable;
(4) Any changes in the accounting principles or in the method of their application and the effects thereof
have been properly determined and disclosed in the Financial Statements.
Consecrated Opinion:
In our opinion, the financial statements present fairly, in all material respects (or give a
true and fair view of) the financial position of ABC Company as at December 31,
20X9………………………………………………………………………………………
………………………………………
4.2 - Qualified Opinion report
A Qualified Opinion report is issued when the auditor encountered one of two types of situations:
 One or more areas of the financial statements is/are not free from material misstatement due to
e.g.:
 deviation from one of the requirements of the financial reporting framework;

 inappropriateness of the accounting policies selected;
 problem with the application of the accounting policies selected;
 wrong accounting treatment adopted for a particular transaction;
 inadequacy of financial statement disclosures.
These issues lead to a disagreement between the auditor and management. This is why this
situation is referred to by some scholars as “disagreement”. This disagreement is limited to one or
two areas of the financial statements and does not prevent the financial statements when taken as
a whole from being fairly presented. A concrete example of this is the incorrect calculation of
depreciation expense of the company’s buildings. As a result, the auditor qualifies his opinion by
describing the depreciation misstatement in the report and continues to issue a clean opinion on
the rest of the financial statements.
 Limitation of scope - this type of qualification occurs when the auditor could not audit one or more
areas of the financial statements, and although they could not be verified, the rest of the financial
statements were audited and they conform to the relevant financial reporting framework.
Examples of this include an auditor not being able to observe and test a company’s inventory of
goods. If the auditor audited the rest of the financial statements and is reasonably sure that they
conform with GAAP for example, then the auditor simply states that the financial statements are
fairly presented, with the exception of the inventory which could not be audited.
Format of the qualified opinion report
The format of the qualified opinion report is almost similar to that of the unqualified opinion report with
the little difference being the addition of a paragraph called “Basis of qualified opinion paragraph” which
describes the matter giving rise to the modification/qualification. This paragraph should be placed before
the opinion paragraph.
With a qualified opinion the auditor is basically stating that while there are, or may be, material
misstatements, they are confined to a specific element of the financial statements but the remainder may
be relied upon.
How is the opinion then formulated?
Accordingly the opinion usually states that “except for the matters described in the basis for qualification
paragraph, the financial statements present fairly (or give a true and fair view of).....”
Illustration: Qualified opinion for the financial statements with an area of material misstatement with the
rest being fairly presented.
Basis for Qualified Opinion
As discussed in Note X to the financial statements, no depreciation has been provided in the financial
statements which practice, in our opinion, is not in accordance with International Financial Reporting
Standards. The provision for the year ended 31 December, 20X9, should be XXX based on the straight-line
method of depreciation using annual rates of 5% for the building and 20% for the equipment. Accordingly,
the non-current assets should be reduced by accumulated depreciation of XXX and the loss for the year
and accumulated deficit should be increased by XXX and XXX, respectively.
Opinion
In our opinion, except for the effect on the financial statements of the matter referred to in the Basis for
Qualified Opinion paragraph, the financial statements present fairly in all material respects (or give a true
and fair view of) the financial position............. (remainder of wording as per an unqualified report).
Illustration: Qualified opinion where the auditor concludes that they have been unable to gather sufficient
appropriate evidence and the possible effects are deemed to be material but not pervasive (not affecting
the whole financial statements).
Basis for Qualified Opinion
We did not observe the counting of the physical inventories as at 31 December 20X9, since that date was
prior to our appointment as auditor to the company. Owing to the nature of the company’s records, we
were unable to satisfy ourselves as to inventory quantities by other audit procedures.
Qualified Opinion
In our opinion, except for the possible effects of the matter described in the Basis for Qualified Opinion
paragraph, the financial statements present fairly in all material respects (or give a true and fair view of)
the financial position............. (remainder of wording as per an unqualified report).
Because of the addition of the expression “except for” to the opinion paragraph for the qualified opinion
paragraph, the qualified opinion report is also referred to as “Except-For Opinion”.
4.3 - Adverse Opinion report
An Adverse Opinion is issued when the auditor finds a misstatement in the financial statements which is
both material and pervasive (i.e. affects entirely the financial statements).
Pervasive means that the matter is:
 not confined to specific elements of the financial statements;

 if confined represents a substantial proportion of the financial statements; or
 is fundamental to users understanding of the financial statements.
The adverse opinion is considered the opposite of an unqualified or clean opinion, essentially stating that
the information contained is materially incorrect, unreliable, and inaccurate in order to assess the
auditee’s financial position and results of operations. Investors, lending institutions, and governments very
rarely accept an auditee’s financial statements if the auditor issued an adverse opinion, and usually request
the auditee to correct the financial statements and obtain another audit report.
Generally, an adverse opinion is only given if the financial statements pervasively differ from GAAP. An
example of such a situation would be failure of a company to consolidate a material subsidiary.
Format of an adverse opinion report
The format of the unqualified opinion report changes in the following ways:
 addition of the Basis of Adverse Opinion paragraph before the opinion paragraph to explain the
reason for the adverse opinion.
 change of the wordings of the opinion paragraph; this time, the auditor clearly states that the
financial statements are not in accordance with the financial reporting framework, which means
that they, as a whole, are unreliable, inaccurate, and do not present a fair view of the auditee’s
position and operations. The wordings are the following:
“In our opinion, because of the situations mentioned above (in the explanatory paragraph), the
financial statements referred to in the first paragraph do not present fairly, in all material respects,
the financial position of…”
4.4 - Disclaimer of Opinion report
A Disclaimer of Opinion, commonly referred to simply as a Disclaimer, is issued when the auditor could
not form, and consequently refuses to present, an opinion on the financial statements. This type of report
is issued when the auditor tried to audit an entity but could not complete the work due to various reasons
and does not issue an opinion.
Statements on Auditing Standards (SAS) provide certain situations where a disclaimer of opinion may be
appropriate:
 A lack of independence, or material conflict(s) of interest, exist between the auditor and the
auditee;
 There are significant scope limitations, whether intentional or not, which hinder the auditor’s work
in obtaining evidence and performing procedures;
 There is a substantial doubt about the auditee’s ability to continue as a going concern or, in other
words, continue operating;
 There are significant uncertainties within the auditee.
Although this type of opinion is rarely used, the most common examples where disclaimers are issued
include audits where the auditee willfully hides or refuses to provide evidence and information to the
auditor in significant areas of the financial statements, where the auditee is facing significant legal and
litigation issues in which the outcome is uncertain (usually government investigations), and where the
auditee has going concern issues (the auditee may not continue operating in the near future). Investors,
lending institutions, and governments typically reject an auditee’s financial statements if the auditor
disclaimed an opinion, and will request the auditee to correct the situations the auditor mentioned and
obtain another audit report.
A disclaimer of opinion differs substantially from the rest of the auditor’s reports because it provides very
little information regarding the audit itself, and includes an explanatory paragraph stating the reasons for
the disclaimer. Although the report still contains the letterhead, the auditee’s name and address, the
auditor’s signature and address, and the report’s issuance date, every other paragraph is modified
extensively, and the scope paragraph is entirely omitted since the auditor is basically stating that an audit
could not be realized.
In the introductory paragraph, the first phrase changes from “We have audited” to “We were engaged to
audit” in order to let the user know that the auditee commissioned an audit, but does not mention that the
auditor necessarily completed the audit. Additionally, since the audit was not completely and/or
adequately performed, the auditor refuses to accept any responsibility by omitting the last sentence of the
paragraph. The scope paragraph is omitted in its entirety since, effectively, no audit was performed. Similar
to the qualified and the adverse opinions, the auditor must briefly discuss the situations for the disclaimer
in an explanatory paragraph. Finally, the opinion paragraph changes completely, stating that an opinion
could not be formed and is not expressed because of the situations mentioned in the previous paragraphs.
The following is a draft of the three main paragraphs of a disclaimer of opinion because of inadequate
accounting records of an auditee, which is considered a significant scope of limitation:
We were engaged to audit the accompanying balance sheet of ABC Company, Inc. (the “Company”) as of
December 31, 20XX and the related statements of income and cash flows for the year then ended. These
financial statements are the responsibility of the Company's management.
The Company does not maintain adequate accounting records to provide sufficient information for the
preparation of the basic financial statements. The Company’s accounting records do not constitute a
double-entry system which can produce financial statements.
Because of the significance of the matters discussed in the preceding paragraphs, the scope of our work
was not sufficient to enable us to express, and we do not express, an opinion of the financial statements
referred to in the first paragraph.
4.5 – Summary of the types of auditor’s report
Financial
Auditor’s Judgement Regarding the Pervasiveness
statements are free
of the Matter
and fair
Material but Not
Nature of Matter Immaterial Material and Pervasive
Pervasive
Financial statements are Unqualified opinion
free and fair report
Financial statements are
materially misstated Qualified opinion Adverse opinion
(Disagreement)
Inability to obtain sufficient
appropriate evidence Qualified opinion Disclaimer of opinion
(Limitation of scope)
5 – ADDITIONAL PARAGRAPHS
Having formed their opinion there are circumstances where the auditor must also draw the users attention
to additional matters that are significant to their understanding of the financial statements. These
circumstances are categorised as follows:
 matters already presented/disclosed in the financial statements that are fundamental to

understanding the financial statements. These are presented in “Emphasis of Matter” paragraphs;
and
 other matters relevant to either understanding the audit, the auditor’s responsibilities or the audit
report. These are presented in “Other Matter” paragraphs.
5.1 – Emphasis of Matter Paragraphs
These are presented immediately after the opinion paragraph. It is important to note that they do not
affect the audit opinion, nor are they a substitute for one.
These paragraphs simply draw the readers attention to a note already disclosed in the financial statements.
The matters referred to have to be fundamental to the readers’ understanding of the financial statements.
Widespread use of them would diminish their effectiveness.
Examples of where it may be necessary to add an Emphasis of Matter paragraph include:
 an uncertainty relating to the future outcome of exceptional litigation or regulatory action;
 early application of a new accounting standard that has a pervasive effect on the financial
statements;
 a major catastrophe that has had, or continues to have, a significant effect on the entity’s financial
position.
5.2 – Other Matter Paragraphs
Circumstances where these may be necessary include:
 when a pervasive inability to obtain sufficient appropriate evidence is imposed by management

but the auditor is unable to withdraw from the engagement;
 when national laws/regulations require, or permit, the auditor to elaborate on their

responsibilities;
 when the client issues another set of financial statements (e.g. one according to IFRS and one
according to UK GAAP) and the auditor has also issued a report on those financial statements;
 when a set of financial statements is prepared for a specific purpose and user group and the users
have determined that a general purpose framework meets their financial information needs; and
 if there is a material inconsistency between the audited financial statements and the “other
information” contained in the annual report (such as the Chairman’s Report).
Example – Additional Paragraph

The following is an example of an Emphasis of Matter Paragraph:
Emphasis of Matter
We draw attention to Note X to the financial statements. The company is the defendant in a lawsuit
alleging infringement of certain patent rights ad claiming royalties and punitive damages. The Company
has filed a counter action, and preliminary hearings and discovery proceedings on both actions are in
progress. The ultimate outcome of the matter cannot have been made in the financial statements. Our
opinion is not qualified in respect of this matter.
ESSENTIALS OF THE NOTE
CHAPTER 8 – INTERNAL CONTROL SYSTEM
It will be beneficial for the learner to know the concept within “Internal Control System” is being studied.
Internal control system is a component of risk management
Disclosure
Definition: A disclosure is additional information attached to an entity's financial statements,

usually as explanation for activities which have significantly influenced the entity's financial
results.

Audit Book April 2015 Adopt L5 Enset

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Audit Book April 2015 Adopt L5 Enset

Uploaded by

Copyright:

Available Formats

CHAPTER 1

AUDIT ENVIRONMENT AND ASSURANCE REPORTING

1 – WHAT IS AN ASSURANCE ENGAGEMENT?

1.1 – Definition of “assurance engagement”

Example of an assurance engagement

1.2 – Features of an assurance engagement

It has three people involved:

 A “responsible party” – the vendor who currently owns the house;

There is one further possible element to the engagement.

i. The practitioner who conducts the work

1.3 – International framework for assurance engagements

For this framework, an audit is a particular type of assurance engagement.

i. The auditor as the practitioner who reports to;

Subject matter – further considerations

1.4 Types of Assurance Engagements

The International Framework permits two types of assurance engagements to be performed.

- A reasonable assurance engagement, and

1.4.1 Reasonable assurance engagements

Here, the practitioner:

- Gathers sufficient appropriate evidence,

1.4.2 Limited assurance engagements

Here, the practitioner:

1.4.3 Not absolute assurance

It is not possible to give an absolute level of assurance because of:

1.5 The Level of Assurance

Assurance type Example Nature of key work Assurance Opinion/conclusion

You can see the elements of the assurance service as these:

The benefits of this service to Darlet Plc are that:

1.7 – The Practitioner’s role

Auditors describe themselves as Chartered Accountants, or Certified Accountants, or just as Accountants.

 Controlled by members of a suitably authorised supervisory body, or

 An officer of the company (Director or Secretary),

c) Objectivity (to provide more material on this point)

1.7.2 – The public interest

From this flows the need for:

The purposes of this letter are:

 To clearly define the responsibilities of the auditor.

 To all NEW clients before any professional work has to be commenced.

The contents of the engagement letter

 The objective and the scope of the audit;

 The sending of a letter of weakness to the management (management letter);

 The need for a letter of representation from the management;

 The identification of an applicable financial reporting framework; and

 Arrangements regarding the planning and performance of the audit;

 Any agreement for the auditor to carry out extra work;

 Restrictions to the auditor’s liability.

1.9. – Benefits of assurance (including audit)

 Enhances the credibility of the information being reported on

2 – AUDIT, AS AN ASSURANCE SERVICE

2.1 – Definition of Audit

An audit is a key example of an assurance service.

The principal: Primary agent:

2.3 – The concepts of stewardship, fiduciary relationship and accountability

2.3.1 – Notion of stewardship

2.3.2 - The notion of fiduciary relationship

2.3.3 - The concept of accountability

2.4 – Other audit related concepts

2.4.1 – The concept of materiality

E.g. a big amount of money is material (by its size).

2.5 – Objective of audit

2.6 – The audit report

2.7 – Value attached to audit by management

2.8 – Limitations and benefits of statutory audits