Professional Documents
Culture Documents
INTRODUCTION
Audit is being conceived as an assurance engagement. That is a process whereby a person (or body)
provides another person (or body) with an assurance or expresses a conclusion that is intended to increase
the confidence that the latter can place in a given subject matter or information.
In our day-to-day life, when you dress up for an outing, you would like to get the assurance from a person
next to you, that your dress fits you. By asking: Am I ok in the dress? An alternative approach would be for
to look yourself into the mirror.
Auditing is out here to provide assurance to the users of financial statements of their truth and fairness.
“Truth and fairness” is a concept that we will study later in text. For now, this concept simply means
“sincere”.
It now appears wise for us to know what is meant by “assurance” or better still “assurance engagement”.
An assurance engagement is one in which a practitioner expresses a conclusion designed to enhance the
degree of confidence of the intended users other than the responsible party about the outcome of the
evaluation or measurement of a subject matter against criteria.
The house purchase example has most of the attributes of an assurance engagement.
It has a “subject matter” – the house about which the report is written.
It has a report which contains a “conclusion” about the state of the property.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 1
It would also be possible for there to be “subject matter information”, estate agents’ particulars for
example, and the report, rather than being designed to tell you about the house itself, might instead have
been intended to confirm the details contained in the particulars.
Summary of features:
Assurance engagements are governed by the International Framework for Assurance Engagements. The
framework has been promulgated by IFAC (the International Federation of Accountants).
An audit has:
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 2
The company’s emissions of greenhouse gases are within the limits set by the XYZ Act or law or
again regulation”; or again
The financial statements give a true and fair view of the state of the company’s affairs as at 31
December 20X9 and of its profit (loss) for the year then ended and have been properly
prepared in accordance with the OHADA Uniform relative to Accountancy”.
The identified suitable criteria for the last example are the provisions of the OHADA Uniform relative to
Accountancy.
- Gathers sufficient appropriate evidence to be satisfied that the subject matter is plausible (apparent
noticeable, perceivable) in the circumstance.
- Gives his report in the form of negative assurance.
A negative assurance report takes the form: “nothing has come to our attention that causes us to believe
that the financial statements are not prepared, in all material respects, in accordance with an applicable
financial reporting framework”.
- The lack of precision often associated with the subject matter. For instance financial statements are
often subject to estimation and judgments.
- The nature, timing and extent of procedures.
- The fact that the evidence is usually persuasive rather than conclusive.
- The fact that evidence is gathered on a test basis.
- Even if everything reported on was examined and found to be satisfactory, there may be other items
which should have been included – the completeness problem.
In the nutshell, no report on an assurance engagement can ever provide absolute assurance, because of
the nature of the evidence available.
The framework states that the level of assurance given by a reasonable assurance engagement is high,
where as a limited assurance engagement gives a moderate level of assurance. This implies that the
confidence inspired in the user by the report produced after a reasonable assurance engagement is
designed to be greater than the outcome of a limited assurance engagement. It follows therefore that the
procedures carried out will be more intensive and the evidence gathered needs to be of higher quality for a
reasonable assurance engagement. This is reflected in the nature of the opinion given.
Summary/ overview
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 3
1.6 – Worked example: Assurance engagement
Darlet Plc, a large listed company at the Douala Stock Exchange, is considering taking over Edouard Ltd, a
small, family owned company.
Darlet Plc has asked Abege Chartered Accountants (ACA), an accounting firm, to carry out due diligence
(where a report is requested on an acquisition target) in relation to this prospective purchase. They want
them to review the financial statements of the last three years and ensure that they were prepared under
generally accepted accounting practice in the member-states of OHADA (Uniform Act OHADA relative to
Accountancy). They also want them to review the budgets for the coming 12 months and ensure that they
are reasonably and internally consistent.
Practitioner: ACA
Responsible party: Edouard Ltd
Users: Darlet Plc management
Subject matter: performance and financial position of Edouard Ltd
Subject matter information: Financial statements/budgets
Criteria: Uniform Act OHADA relative to Accountancy/reasonably and internally consistent.
ACA will plan and carry out work to obtain sufficient appropriate evidence to support their assurance
opinion, which will be given in a written report.
They are given assurance that the financial statements are in line with the Uniform Act OHADA
relative to Accountancy and therefore are understandable and comparable with other companies
they might be considering for takeover.
They are given assurance that the budgets are reasonable and internally consistent and therefore
can be trusted as an indicator of the company’s future operating ability.
They can therefore make an informed decision about whether to buy Edouard Ltd and for how
much.
1.7.1 – Qualities
Individuals who are authorised to conduct audit work may be sole practitioners, partners in a
partnership, or directors of an audit firm. To be qualified to act as an auditor, a person must be:
A member of a Recognised Supervisory Body (RSB), for instance ONECCA, ACCA, CIMA ......., and
Be allowed by the rules of that body to be an auditor, or
Someone directly authorised by the state.
To be eligible to act as auditor, a firm must be:
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 4
Those whose objectivity and independence might be questioned by external parties because of
business relations, personal relationships, long association with the client, fee dependency, or non
audit services provided.
An auditor needs to possess four main qualities: independence, competence, integrity, and confidentiality.
a) Independence
An auditor cannot give an unbiased opinion unless he is independent of all the parties involved. Total
independence is impossible in that the auditor receives his fees from the client. Nonetheless,
independence is very important. Not only must the auditor be independent in fact and in attitude of mind,
but must also be seen to be independent.
b) Competence
An auditor must have been thoroughly trained and proven his competence before he can sign an audit
report. By law, only members of certain professional bodies can become auditors of limited companies.
These professional bodies include:
The Association of Certified Chartered Accountants of CEMAC, The National Council of Auditors and
the National Order of Chartered Certified Accountants of Cameroon (ONECCA) – for Cameroon and
the CEMAC zone)
The French Order of Chartered Accountants and the French Association of Auditors – for France,
The Chartered Institute of Management Accountants (CIMA), the Association of Chartered Certified
Accountants (ACCA) – for the United Kingdom,
The American Institute of Chartered Public Accountants (AICPA) – for the United States,
Etc.
These professional bodies have developed competence in their members by using difficult examinations,
post qualifying education, the publication of auditing standards and guidelines and the insistence of at
least a certain number of years of practice before a practising certificate is given.
d) Integrity
Qualified accountants are renowned for their honesty, discretion and tactfulness. Auditors authorised by
their professional bodies to conduct audits are known as Registered Auditors. Registered Auditor firms are
supervised and inspected by their professional bodies acting as supervisory bodies.
e) Confidentiality
According to this rule of professional conduct, information acquired in the course of professional work
should not be disclosed except where consent have been obtained from the client or other proper source
to do so, or where there is a public duty to disclose, or where there is a legal or professional right or duty
to disclose. A member acquiring information in the course of professional work should neither use nor
appear to use that information for his personal advantage or for the advantage of a third party.
The practitioner (the auditor in the case of the audit of financial statements) needs to bear in mind that the
role which he or she plays has little meaning if it is not conducted in the public interest. It also needs to be
perceived in this way by interested parties.
Professional standards governing the conduct of assurance engagements, dealt with in a different
chapter; and
Standards governing the ethical behaviour practitioners, dealt with in a different chapter.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 5
1.8 – Terms of Engagement
The terms of the engagement are established through the signing of the engagement letter. The
Companies Acts and the OHADA Uniform Act state that the auditor may be asked to perform additional
work in areas such as taxation, accountancy, and such others. Before commencing any professional work,
an accountant should agree, in writing, the precise scope and nature of the work to be undertaken and this
is done through the medium of an engagement letter.
Many firms of auditors choose to send a new letter every year, to emphasise its importance to
clients.
The contents of a letter of engagement for audit services are listed in ISA 210 Agreeing the Terms of Audit
Engagements. They should include the following:
The responsibilities of management: the client’s statutory duties such as on accounting records to
be made available and financial statements which show a true and fair view and comply with the
Act;
The auditor’s statutory and professional responsibilities (to report on the accounting records and
financial statements and to follow auditing standards respectively);
The audit fees and the basis on which they are charged;
Reference to the expected form and content of any reports to be issued (not absolute assurance).
In addition to the above the engagement letter may also make reference to:
The unavoidable risk that some material misstatements may go undetected due to the
inherent limitations in audit;
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 6
The agreement of management to make available to the auditor draft financial statements and
other information in time to complete the audit in accordance with the proposed timetable;
The agreement of management to inform the auditor of facts that may affect the financial
statements;
The request for management to acknowledge receipt to the engagement letter and to agree
the terms outlined;
Agreements concerning the involvement of auditors experts and internal auditors; and
A key feature of assurance services is that they are provided by independent professionals who therefore
give an objective, unbiased opinion. They give the following benefits to users:
Assurance services also give added credibility to the wider share market:
They ensure that high quality, reliable information circulates in the market
They give investors added faith in the market
They improve the reputation of organizations trading in the market.
An audit is such an investigation into a set of books, and into the documentary evidence from which such
books have been compiled, as will enable an auditor to satisfy himself whether the balance sheet and/or
other statements have been drawn up in such a manner as to give a true and fair view of the state of
affairs of the concern (the business unit), and whether the profit and loss account or revenue account gives
a true and fair view of the profit or loss for the financial period under review, and to report thereon.
What should be retained from the above definition is that audit is an investigation into the accounting
records (books of original entry, journal, ledger accounts) and financial statements (balance sheet, profit
and loss accounts …). This investigation is made on the basis of evident documents such as source
documents and others. It is aimed at stating whether or not the financial statements show a true and fair
view of the transactions of the business, giving that many persons rely on financial statements for decision
making.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 7
2.2 – The general principles of external audit engagements: the agency theory
Invests
Gives assurance
Audits
Secondary agent:
Auditor
Agency theory – The shareholders delegate the direction of the company to directors who act as
primary agents for the shareholders of the company.
This marks the separation of the ownership of the company from its management (direction). The direction
of the company could only be assessed through the financial statements prepared by the directors. Do
these financial statements reflect the state of affairs of the company? Is the financial information therein
genuine? Do the financial statements contain lies? In typical audit terms, the question should be: “do the
financial statements show a true and fair view?”
Auditors – But in order to obtain assurance that the financial statements do show a true and fair view,
shareholders also appoint an auditor as a secondary agent. The first agent of the shareholders was the
directors.
Audit – The auditor then audits the financial statements essentially by going through the financial
statement line by line, examining each account balance.
Evidence – The evidence generated by these tests (series of examinations) then gives the auditor the
picture that financial statements show a true and fair view.
Assurance – The auditor then delivers this opinion to shareholders in the form of an audit report and
thereby delivers assurance.
The above details explain the general principles of audit which revolves around the concept of agency.
Stewardship is the responsibility to take good care of resources. A steward is a person entrusted with the
management of another person’s property, for example when one person is paid to look after another
person’s house while the owner goes abroad on holiday.
Owners who appoint managers to look after their property will be concerned to know what has happened
to their property. The process whereby the managers of a business account or report to the owners of the
business is called Stewardship accounting and stewardship is the name given to the practice by which
productive resources owned by one person or group are managed by another person or group of persons.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 8
This relationship, where one person has a duty of care towards someone else is known as a “Fiduciary
relationship”.
A fiduciary relationship is a relationship of “good faith” such as that existing between the directors of a
company and the shareholders of the company. There is a “separation of ownership and control” in the
sense that the shareholders own the company, while the directors take the decisions at the company. The
directors must take their decisions in the interests of the shareholders rather than in their own selfish
personal interests.
This fiduciary relationship leads to the stewards being accountable for the way they carry out their roles of
stewards.
Accountability means that people in positions of power can be held to account for their action; that is, they
can be compelled to explain their decisions and can be criticized or punished if they have abused their
position. The directors account to shareholders via financial statements.
“Information is material if its omission or misstatement could influence the economic decisions of users
taken on the basis of the financial statements”. ISA 320 para 3
If the availability of additional information on an issue does not affect you or does not change the earlier
decision you have made, then the information is immaterial; you do consider it to have any impact.
The idea here is that material items could affect users. And therefore immaterial items could not affect
users.
2.4.2 – The concept of true and fair view (truth and fairness)
Directors have a statutory duty to produce financial statements which give a true and fair view, and the
auditors are required by law to report whether, in their opinion the financial statements give a true ad fair
view. There is no official definition of “true and fair” in the IAASB Glossary of terms or in any individual ISA
but:
“Truth” in accounting terms can be taken to mean not factually incorrect, and
“Fairness” means on the one hand clear, distinct and plain, and on the other hand impartial/unbiased,
just and equitable.
Other scholars provide the following definitions:
“true” stands to represent the arithmetical accuracy of the figures (within materiality).
“fair” stands to represent the honest and clear presentation of the financial information (for the
purpose of effective communication with stakeholders).
The objective of audit is to produce a report by the auditor of his opinion of the truth and fairness of
financial statements so that any person reading and using them can have belief in them.
This is achieved by the expression of an opinion by the auditor on whether the financial statements are
prepared, in all material respects, in accordance with an applicable financial reporting framework.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 9
Communication means used by the auditor to express his opinion at the end of the audit.
Could be either an unmodified (unqualified) or a modified (qualified) report.
If the auditor agrees the financial statements are true and fair he would give an unmodified report
(also known as a clean audit report unqualified).
Example of such a report/opinion
In our opinion, the financial statements give a true and fair view of (or “present
fairly, in all material respects”,) the financial position of the Company as of 31
December, 20X9, and of its financial performance and its cash flows for the year
then ended in accordance with International Financial Reporting Standards.
If the auditor is unable to state the true and fair view or disagrees with some aspects of the
financial statements, a modified (also known as unqualified) report is required.
A report states:
- The responsibilities of the management and those of the auditors within the introductory
paragraph;
- The scope of the audit focusing on the standards, the fact that only a reasonable assurance
could be provided and the meaning of an audit;
- The opinion of the auditor as shown above;
- Signature, address of auditors and date.
NB: The audit report is studied in details in the last chapter of this text.
They value having their business scrutinized by another set of professional eyes.
It provides additional assurance to third parties such as taxation authorities concerning the
reliability of the financial statements.
A growing business will one day require an audit.
Audit may have subsidiary benefits, such as the auditors recommending improvements in company
systems.
Limitations
Financial information includes subjective and judgemental matters.
Inherent limitations of controls used as audit evidence.
Representations from management may have to be relied upon as the only source of evidence in
some areas.
Evidence is persuasive not conclusive.
Do not review 100% of the transactions.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 10
All assurance assignments follow the same basic outline with the key difference being the level of
assurance given in the final opinion.
This has practical implications at various stages of the assignment.
A review engagement has all the attributes of any assurance engagement, such as:
It is clear that far less evidence is obtained during a review assignment, and the evidence is generally less
reliable as some of the most reliable sources, such as third party confirmations and evidence generated by
the assurance provider are not required.
In some cases, the nature and quality of the evidence that can be obtained is further affected by the nature
of the subject matter of the assignment. If the firm (the auditor) is appointed to carry out a review of
forecast figures to be presented to potential lenders then again analytical procedures and inquiry will be
employed but the reliability of the evidence will be even lower due to the uncertainties involved. The
figures being reviewed relate to transactions and events, some or all of which have not yet occurred at the
time the opinion is given. The information is based on subjective estimates.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 11
3.5 – Review engagement and reporting
At the end of a review engagement, the assurance provider can give only a low level of assurance and may
include additional warnings to readers of the assurance opinion about the nature of the information and
the assurance that can be given.
Examples of other assurance engagements, where the terms of the engagement will be agreed between
the practitioner and the person commissioning the report, include:
Many believe that responsibility for preparing financial statements lies with the auditor, rather
than with management;
It is widely believed by the general public that the auditor’s principal duty is to detect fraud, when
in fact the duty is to make a report as to whether or not the financial statements are materially
misstated, irrespective of whether such misstatement arises as a result of fraud;
In most cases the users of financial statements will also have little perception of the concept of
materiality and believe that the auditors check all the transactions that the company undertakes;
The public generally perceives that an audit report attached to the financial statements means that
they are ‘correct’, rather than just meaning that there is reasonable assurance that they show a
true and fair view.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 12
In the case of listed companies the report has been expanded further to explain to the users of financial
statements that the auditors review statements made by the company about its corporate governance
procedures, and consider other information included with financial statements to ensure it is consistent.
b) Engagement letter
When the firm (of auditors) issues an engagement letter, the letter includes a paragraph reminding the
directors of their responsibilities and setting out the firm’s responsibilities.
c) Directors’ responsibilities
The reporting requirement was extended by the guidance on the preparation of audit reports, to include a
statement of the directors’ responsibilities.
This serves to make the respective responsibilities of management and auditors clearer to the users of the
financial statements.
d) Audit committees
Various statements of the principles of corporate governance developed for listed companies have
recommended that companies should establish an audit committee of the board to liaise with and receive
reports from both external and internal auditors. (Internal auditors are people who work for a company
and help the directors to ensure that accounts are properly kept and business risks are minimized.
‘External auditors’ is the phrase used to describe those involved in the independent Company Act audit.).
The existence of an audit committee serves as a reminder of the division of responsibilities between
auditors and management. The disclosures made in the company’s annual report about its corporate
governance practices should include comments about the operations of its audit committee.
Sometimes companies fail. Sometimes people commit fraud. Sometimes people make genuine mistakes
when financial statements are being prepared.
These events are never the fault of the auditor – although as we have seen, the expectation gap means
that the users of financial statements do not necessarily understand this.
Sometimes – and these tend to be the most difficult cases – events like this occur, the auditors do not
detect them, but no audit failure takes place.
If:
The effect is immaterial; or
The accounts, in spite of the event taking place, still show a true and fair view; or
The auditor’s procedures were properly planned, executed and documented but the event could
not be detected for some reason, perhaps a carefully executed fraud or a sudden, cataclysmic
change leading to the company’s collapse;
the auditors may not be at fault.
Nevertheless, corporate collapses do happen and the auditors are found to have been negligent in some
way. Clearly, in these cases, something must have gone wrong in:
Planning the audit;
Performing the audit;
Drawing conclusion from the work done.
The first two of these causes are dealt with in a subsequent chapter(s) (xx), dealing with the detail of
auditing.
The last two points are dealt with in a subsequent chapter (xx) on Professional Ethics.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 13
CHAPTER REVIEW QUESTIONS
True False
Question 6
The auditor’s opinion on the financial statements is based on the concept of reasonable assurance.
Question 7
Your client is the parent company of a diverse group with several subsidiaries, some of which are below the
threshold required a statutory audit.
The client has suggested that costs could be saved if these companies were not subjected to audit, and has
asked for your views.
Set out the benefits that these companies may obtain from an audit that you will explain to the directors.
(2 marks)
Question 8
Question 9
An audit conducted under the Companies Act provides reasonable, not absolute, assurance that the
financial statements are free from material misstatements.
List the reasons why an audit cannot provide absolute assurance that the financial statements are free
from material misstatements. (4 marks)
During the night of 25 March 20X9 strong gales caused the brick chimney of the factory to crash through
the roof of Hancock Ltd’s assembly area. Production was severely disrupted for a period of two months.
In addition to claiming from its insurers for the cost of repairing the premises and for the equipment and
inventories destroyed in the accident, the company is also including a considerable claim under the loss of
profits provision of its policy. The directors have prepared detailed calculations of the loss of profit and
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 14
have requested the company’s auditors to review this claim and provide an assurance report which they
will submit with it to the insurers.
What advantages would the directors expect to gain from having this report?
The directors of Gony Ltd are concerned about the reliability and usefulness of the monthly financial
management information that they receive.
As a result, the company’s auditors have been engaged to review the system and the information it
generates, and to report their conclusions.
Contrast this assignment with the statutory audit of the company’s financial statements with regard to the
scope of the assignment and to the report issued.
Question 12
There has been considerable concern over the lack of understanding amongst the users of the accounts
over the level of assurance being given in a statutory audit report of a company.
Requirement
Discuss the steps that the accountancy profession has taken to resolve this issue.
Aristide Ltd was established in June 20X0 to produce aristide products which are used as display units in
retail industry. The shares are owned equally by two executive and two non-executive directors.
The company’s revenue increased steadily over the first two years of trading. The results for the first year
of trading indicated an operating profit margin of 15%, and the management accounts for the second year
of trading indicate that this has increased to 18%. The directors are currently negotiating a contract worth
600 million CFAF to supply a major retailer which has over 100 outlets throughout Cameroon. The
company will require an increased overdraft facility to fulfill the order.
The finance director of Aristide Ltd has prepared a business plan for submission to the company’s bankers
in support of a request for a larger overdraft facility. The plan includes details of the company’s products,
management, markets, method of operation and financial information. The financial information includes
profit and cash flow forecasts for the six months ending 31 December 20X2, together with details of the
assumptions on which the forecasts are based and the accounting policies used in compiling the profit
forecast. The company’s bankers require this financial information to be reviewed and reported on by
independent accountants.
Although the company’s revenue was below the threshold (or is not required by law to be audited) for a
statutory audit for its first year of trading, the company was required by its bankers to have an audit of its
financial statements for the year ended 30 June 20X1. Your firm conducted this audit in accordance with
auditing standards and issued an unqualified report.
Requirements
(a) Describe the benefits, in addition to continuance of its overdraft facility, to the company and its
directors and shareholders from having an audit of its annual financial statements.
(b) Explain how and why the level of assurance provided by a report on profit and cash flow forecasts
differs from the level of assurance provided by an audit report on annual financial statements.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 15
CHAPTER 2
STATUTORY AUDIT
The regulatory environment establishes the requirements which are all about the legal backing for audits
to be performed and its conduct.
As an obligation, all publicly quoted and large companies are required by law to produce annual financial
statements and have them audited by an external auditor. Other organizations such as small private
companies and partnerships may choose to be audited even if there is no legal requirement. The objective
of an external audit engagement is to enable the auditor to express an opinion on whether the financial
statements:
- Give a true and fair view (or are presented fairly in all material respects).
- Are prepared, in all material respects, in accordance with an applicable financial reporting
framework.
N.B: The financial reporting framework to be applied will vary from country to country.
In the conduct of an external audit, the auditor should follow the following general principles:
Compliance with applicable ethical principles; that is, the IFAC (International Federation of
Accountants) code of ethics for Professional Accountants and the ethical pronouncements of the
auditor’s professional body (for example, the ACCA’s rules of Professional Conduct).
Compliance with applicable auditing standards as established by international bodies such as the
International Auditing and Assurance Standards Board (IAASB’s) and ISAs (International Standards on
Auditing).
Planning and performing the audit with an attitude of Professional Scepticism that recognizes that
financial statements being audited may be materially misstated. For instance, the auditor should not
simply accept an explanation about a matter given by management but should seek further evidence
about the matter that confirms or contradicts management’s explanation.
Expandable text: audit threshold (in Cameroon, to be provided as extracted from the OHADA Uniform Act if it
exists)
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 16
2 – International Standards on Auditing (ISAs)
IFAC
The International Federation of Accountants (IFAC) is the global organization for the accountancy
profession. It was formed in 1977 and is based in New York. IFAC has more than 160 member bodies of
accountants (including ACCA), representing 2.5 million accountants from 120 separate countries.
IFAC’s overall mission is to serve the public interest, strengthen the worldwide accountancy profession,
and contribute to the development of strong international economies by establishing and promoting
adherence to high-quality professional standards.
IFAC
International Federation of Accountants
International International
Standards on Standards on Quality
Auditing (ISAs) Control (ISQCSs)
IFAC publishes a code of ethics governing all assurance engagements carried out under IAASB
standards.
IAASB publishes International Standards on Quality Control 1 (ISQC1) setting out quality control
principles for all assurance engagements (including audits) conducted under its standards.
IAASB sets standards for other types of assurance engagements in addition to audits.
IFAC has no legal standing in individual countries. Countries therefore need to have arrangements in place
for:
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 17
Have disciplinary powers to enforce quality of audit work
There are two possible schemes for regulation at the national level:
Statutory regulations on auditors govern the appointment, rights, removal and resignation of auditors.
Individuals who are authorised to conduct audit work may be sole practitioners, partners in a
partnership, or directors of an audit firm. To be qualified to act as an auditor, a person must be:
A member of a Recognised Supervisory Body (RSB), for instance ONECCA, ACCA, CIMA ......., and
Be allowed by the rules of that body to be an auditor, or
Someone directly authorised by the state.
To be eligible to act as auditor, a firm must be:
An auditor needs to possess four main qualities: independence, competence, integrity, and confidentiality
(as studied in the previous chapter).
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 18
3.2 – Appointment of auditors
In most jurisdictions, auditors are only appointed by members or shareholders in general meetings.
Appointment at General Meetings: at each general meeting at which the accounts of a company are
to be laid before the members, the company shall appoint an auditor to hold office from the
conclusion of that meeting until the conclusion of the next general meeting at which accounts are laid
before the members. A retiring auditor may be reappointed at the general meeting.
Appointment other than at general meetings: Directors can appoint the first auditor, or should the
office of auditor become vacant during the year, then the directors may appoint someone to fill what is
described as the “casual vacancy”. This needs the approval of members at the next AGM.
Once appointed, it is the auditor’s duty to report to the members of the company on the accounts
examined by him and laid before the company in general meetings. To enable him to carry out this duty,
the law gives the auditor a right of access to the records of the company and the right to require
information and explanations from the directors and other officials of the company.
An officer or servant of the company; where in this connection an officer of the company includes a
director, manager or secretary.
A person who is a partner of, or is the employee of, an officer or servant of the company.
The provision for removal of the auditor places the authority for removal with members in general
meeting. The aims of this provision are:
To preserve the right of the members to appoint the auditor of their choice;
To preserve the auditor’s independence of the directors by not permitting directors who may be in
disagreement with the auditor, to dismiss him.
In practice, if the auditor and management find it difficult to work together, the auditor will usually resign.
To prevent the circumstances of the resignation being hidden from the members of the company, the
auditor have to submit a statement of the circumstances surrounding his resignation.
On appointment:
– To obtain clearance from the client to write to the existing auditor, if denied, the appointment
should be declined.
– To write to the existing auditor asking if there are any reasons why the appointment should not be
accepted.
On removal / resignation:
– To deposit at the company’s registered office a statement of the circumstances connected with the
resignation or removal; or
– A statement that there are no such circumstances.
– To deal promptly with requests for clearance from new auditors.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 19
3.6 - The rights of auditors
A right of access at all times to the accounting records, accounts and vouchers of the company and any
such information and explanations as the auditor considers necessary for the performance of his
duties.
A right to attend any general meeting of the company and to receive all notices of, and communication
relating to, any general meeting which any member of the company is entitled to receive.
A right to be heard at any general meeting which he attends on any part of the business of the meeting
which concerns him as auditor.
On resignation, a right to request an EGM of the company to explain the circumstances of the
resignation and to request the company to circulate the notice of circumstances relating to the
resignation.
These rights are given to the auditor to enable him to carry out his duties to the members. He can
visit his client’s offices at any time, without formal prior notice, inspect the company’s accounting records
or to carry out surprise checks. The matters on which the auditor has a right to require information and
explanations are left to the direction of the auditor rather than that of the directors.
The remuneration of the auditor shall be fixed by the company in general meeting, or in such manner as
the company in general meeting may determine. However, if appointed by the directors, this may be fixed
by the directors.
To form an opinion on whether the financial statements give a true and fair view and are prepared in
accordance with applicable reporting framework,
To issue an audit report.
Matters implicit in the audit report and which the auditor has a duty to check are that:
The company’s financial statements agree with the underlying accounting records,
Proper accounting records have been kept.
All necessary information and explanation have been obtained.
Information issued with the financial statements is consistent with the financial statements.
Other information required by law if not included in the financial statements is included in the audit
report.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 20
CHAPTER 3
PROFESSIONAL ETHICS
Within the framework of any assurance engagement, the end-user of the subject matter needs to trust the
practitioner.
A high level of trust can only be established if the user is reassured and believes that assurance
practitioners act in accordance with a code of ethics.
The practitioner needs a code of ethics to make sure that he or she is worthy of that level of trust. The
code of ethics gives value to their work.
In order to be trusted the auditor needs to be independent of their client. Independence is defined in APB
Ethical Standard 1 as “freedom from situations and relationships which make it probable that a reasonable
and informed third party would conclude that objectivity either is impaired or could be impaired.”
Independence and objectivity are key features of the Code of ethics and they are fundamental to the
provision of assurance services.
IFAC has issued a code of ethics, as has the ACCA. These codes have the same roots and are, to all intents
and purposes identical.
A conceptual framework relies on a principles rather than a rules based approach. That means that the
spirit of the cod is followed rather than a strict set of rules. It is guidance so the actual application will
depend on the individual circumstances of a specific situation.
2 - Fundamental Principles
Objectivity
Professional behaviour
Professional competence and due care
Integrity
Confidentiality
These attributes are defined as follows:
a. Objectivity: Members should not allow bias, conflicts of interest or undue influence of others to
override professional or business judgements. Objectivity is the state of mind which has regard to
all considerations relevant to the task in hand but no other. It presupposes intellectual honesty.
This attribute promotes “justness and equity”.
Example: The owners of a private company have the opportunity to sell their shareholdings to a
large listed company and have asked for your advice. It looks like an excellent deal, but which will
almost certainly mean that your firm will lose the audit to a larger competitor. Your advice might
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 21
not be impartial – you may be tempted to advise against the deal in order to keep the client. If this
is the case, then objectivity has not prevailed.
b. Professional behaviour: Members should comply with relevant laws and regulations and should
avoid any action that discredits the profession.
Example: This is possibly the most difficult principle to illustrate. Clearly you, as a professional,
would not indulge in illegal behaviour. But does it matter what you do in the evenings or on your
lunch break?
c. Professional competence and due care: Members have a continuing duty to maintain professional
knowledge and skill at a level required to ensure that a client or employer receives competent
professional service based on current developments in practice, legislation and techniques.
Members should act diligently and in accordance with applicable technical and professional
standards when providing professional services.
In other words, members should not accept or perform work which they are not competent to undertake
unless they obtain such advice and assistance as will enable them competently to carry out the work.
Example: A client is starting to expand into areas where there are complex tax issues. You have no
direct experience of this area, but you know that a larger firm in the town does have a number of
specialists in this field. You might be tempted to think that you can “get yourself up to speed” quite
quickly.
d. Integrity: Members should be straightforward and honest in all professional and business
relationships.
Example: You find out that one of your listed audit clients is shortly to be taken over, or has access
to technological advances which will give it a fantastic competitive advantage. You might be
tempted to buy some shares or encourage your friends to do so.
Example: You are tempted to share your knowledge of the takeover or technical advances
mentioned above, or even of the level of director’s salaries, with your friends on a night out on the
town.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 22
3 - Threats to fundamental principles of ethical behaviour
“Threats are situations where a practitioner tempted not to follow code of ethics”. In ordinary human life,
eating without washing your hands is a threat to your health. Health is a treasury which should not be
tampered with.
The ethical professional behaviour of the practitioner should not be tampered with throughout the
conduct of an audit. In the review of the ethical professional behaviour of the practitioner, the
consideration is not only the practitioner’s view as to whether his or her integrity is under real threat, but
how the situation might appear to a third party.
The framework has identified five potential threats to ethical professional behaviour which include:
Self-interest threat;
Self-review threat;
Advocacy threat;
Familiarity threat;
Intimidation threat.
a. Self-interest threat: This is expressed by the existence of financial or other interests of the auditor
(including the members of his/her family or any close relationship) in the client. Examples of such
interests include:
b. Self-review threat: A self-review threat occurs when the auditor has to re-evaluate work
completed by himself e.g. if the external auditor prepared the financial statements and then
audited them, or if the external auditor advised on the implementation of the financial reporting
system of the client. Here there is a risk that the auditor does not identify the shortcomings in his
own work because he does not review it thoroughly, assuming that it is up to standard because he
did the work in the first instance.
Alternatively, the auditor may identify shortcomings in his work but may not highlight them
because it will imply that his work was not up to standard.
Other self-review threat include the completion of accounting services, IT, valuation services and
tax services mostly when they involve judgment or management roles or if they are likely to have a
material effect on the financial statements. Corporate finance services are allowed when they are
aimed at assisting the client raise finance/develop corporate strategies and when they do not
involve making decisions. Internal audit services should not be undertaken. A former employee of
client joining assurance firm should not be involved in the audit until 2 years have elapsed.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 23
c. Advocacy threat: This may occur when the auditor is asked to promote the client’s position or
represent them in some way. In this situation the auditor would have to be biased in favour of the
client and therefore cannot be objective. This could happen if the client asked the auditor to
promote their shares for a stock exchange listing or if the client asked the auditor to represent
them in court. Other examples include:
Corporate finance services: advising on debt restructuring (entering negotiations with the
bank on clients’ behalf;
Contingent fees;
Dealing in clients shares.
d. Familiarity threat: A familiarity threat occurs when the auditor is too sympathetic or trusting of the
client because of a close relationship with them. This may be because a close friend or relative of
the auditor works in a key financial role for the client. The auditor may trust their friend or relative
to not make mistakes and therefore not review their work as thoroughly as they should and as a
result allow material errors to go undetected in the financial statements. Here, the auditor loses
professional scepticism. Examples of familiarity threats includes:
e. Intimidation threat: The client may harass or bully the auditor into giving an unqualified opinion
when a qualified opinion is appropriate.
If the auditor is dependent on fees from a client the client may use this to their advantage and
threaten to take their business elsewhere unless the auditor gives in to their demands.
The auditor should not give in to such pressure and may choose to resign from such a client.
f. Management (APB ethical standard): This occurs when the auditor undertakes any work which
involves making judgements and taking decisions that are responsibility of management. Examples
include:
Serving on the board of directors of any engagement partner or employee of the assurance
firm;
Performing other services is also a management threat.
“Safeguards are guidance or course of action aimed at reducing or eliminating threats”. In ordinary human
life, a possible safeguard against a cool weather is to put a pullover.
In order to guard against the threats or perceived threats the firm (the auditing team) needs procedures to
enable it to:
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 24
evaluate the risk arising from the threat;
evaluate whether the necessary safeguards are in place;
take corrective action if necessary.
Usually this will be done through the use of checklists and the issues need to be considered:
The procedures operated by the firm will normally consist of the following:
“Fit and proper” or “independence” forms to be completed by all staff on a regular basis, disclosing
financial interests and other relevant factors.
A checklist of procedures to be filled in when a new appointment is accepted covering such issues
as:
Consideration of independence issues when files are reviewed as part of the firm’s quality control
process.
These might include education, training and experience requirements for entry into the profession,
professional development requirements, corporate governance regulations, professional standards,
monitoring, external review of work and reports.
These might include oversight structures, ethics and conduct programmes, good recruitment procedures,
strong internal controls, disciplinary procedures, strong ethical leadership, policies and procedures to
promote quality control, culture of strong ethics in the organisation.
These might include professional development requirements, keeping records of contentious issues,
keeping a broader perspective, using a mentor, keeping in contact with professional bodies.
self-interest threats;
self-review threats;
advocacy threats;
familiarity threats;
intimidation threats;
management threats.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 25
6 – Other issues
While shareholders appoint auditors, the Directors typically seek out a potential firm for the shareholders
to vote on. The Board might be tempted to interview several firms until it found one that accepted its
accounting methods.
Any firm of auditors aware that a potential client is engaged in this process (known as “opinion shopping”)
should not accept nomination.
6.2 – Confidentiality
External auditors are in a unique position of having a legal right of access to all information about their
clients. It goes without saying that the client must be able to trust the auditor not to disclose anything
about their business to anyone as it could be detrimental to their operations. As a basic rule, members of
an audit team should not disclose any information to those outside of the audit team, whether or not they
work for the same firm. There is little point using different teams for different work assignments if staff
from different teams are disclosing information to each other!
if there is an obligation to disclose, e.g. if the client is suspected of money laundering, terrorism,
drug trafficking;
This latter point is difficult to prove and the audit must proceed with caution if thinking of disclosing
information for this reason. Such examples could include fraud, environmental pollution, or simply
companies acting against the public good.
Legal advice should be sought beforehand to avoid the risk of being sued. Matters to consider before
disclosing information in the public interest are whether that matter is likely to be repeated and how
serious the effects of the client’s actions are.
Where an auditor feels the need to disclose information, they should consider disclosing to the company’s
Audit Committee (or Board of Directors, if there is no Audit Committee).
In certain circumstances auditors may be required by law to disclose information. For example, where
money laundering is suspected, UK auditors must disclose their suspicions to the Serious Organised Crime
Agency (SOCA).
On some occasions, auditors may come under pressure to disclose information (e.g. to customers,
suppliers, tax authorities). There is no duty for the auditor to disclose to these parties therefore should
only do so if a court order has been obtained.
Members should place their clients’ interests before their own and should not accept or continue
engagements which threaten to give rise to conflicts of interest between the firm and the client. Any
advice given should be in the best interests of the client. Where clients’ interests conflict (for example,
clients in the same line of business), the firm’s work should be arranged to avoid the interests of one being
adversely affected by those of another.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 26
The steps to be taken by the auditor are:
once a conflict is noted, you should advise both clients of the situation
reassure the client that adequate safeguards will be implemented, e.g. separate engagement
leaders for each, separate teams, ‘Chinese walls’ to prevent the transfer of client information
between teams and a second partner review.
Safeguards can help to avoid or manage a problem situation, but problems are often hard to foresee as the
auditor may have no knowledge that two clients are related in some way until a problem comes to light.
Before accepting a new audit engagement, think of potential issues which include ethical considerations.
a) From the ethical view point, the new auditor need to ask permission to get in contact with existing
auditor, then wait for clearance. If no response, consider the new appointment carefully.
Risk analysis: the auditor may not want to accept client if risk deemed to high; consider
the following: management integrity, past performance of business, internal controls,
environment (good/bad), complexity of transactions, unusual transactions, money
laundering risks, etc
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 27
The review procedure is best carried out by means of a standard checklist. A client may exhibit some of the above risk
factors and yet still be accepted due to the relatively high level of the proposed audit fee. It is very much a commercial
decision to be made by the audit firm.
The most common way of obtaining an audit engagement is by recommendation. It is not uncommon for
up to 90% of a firm’s new business to come from its existing client base. The second most common way of
obtaining new work is by submitting a successful tender.
‘Tendering’ is the process of quoting a fee for work before the work is carried out. It usually involves a
number of firms competing by submitting tender proposals to the prospective client.
In addition to the risk associated with any other new client the specific risks of being involved with the
tender include:
Setting an uncommercially low fee in order to win the contract (lowballing for example)
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 28
Chapter 4
RESPONSIBILITIES
INTRODUCTION
The distinction between the responsibilities of company’s management and its external auditors should be
clear.
However, as discussed previously, misconceptions, particularly about the role of audit, can lead to a
phenomenon known as the ‘expectation gap’. It is therefore crucial that clearly defined distinctions
between the respective responsibilities of management and external auditors be established and that both
parties understand (and agree upon) these prior to the commencement of work.
1 – Responsibilities of Management
- Managing the business so as to achieve company objectives: producing suitable returns for
shareholders or achieving other targets;
- Assessing business risks to those objectives being achieved : devising necessary strategies
to deal with the business risks, e.g. business risks;
- Safeguarding the company’s assets: taking reasonable steps for the prevention and
detection of fraud and other irregularities. To carry out this responsibility they need to
implement systems and controls to safeguard the company’s assets and they need to
ensure that the systems and controls (internal control systems) operate effectively. Such
procedures may include: (i) the safekeeping of documents of title to land and buildings and
other assets (ii) the setting of authority limits, i.e. the limitation of what any one individual
can do without consulting someone else (iii) implementing other procedures to prevent
fraud and reduce the likelihood of error.
- Keeping proper accounting records: this requires records of (i) the cash payments and
receipts (ii) what the payments and receipts relate to (iii) the assets which include non-
current assets and inventory (iv) the liabilities.
- Preparing company financial statements: which give a true and fair view of the affairs of
the company at the end of the accounting period and of the profit or loss of the company
for that period. In preparing those financial statements, the directors are required to: (i)
select suitable accounting policies and then apply them consistently (ii) make judgements
and estimates that are reasonable and prudent (iii) comply with applicable accounting
standards (iv) prepare the financial statements on the going concern basis unless it is
inappropriate to presume that the company will continue in business. Once the financial
statements have been prepared, it is the directors’ responsibility to ensure that they,
together with the auditor’s report, are laid before the members of the company in general
meeting.
- Ensuring the company complies with applicable laws and regulations: laws and regulations
concerning: (i) money laundering (ii) health and safety (iii) employer’s liability (iv) paye and
payroll matters.
2.1 – General
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 29
The requirements of any legislation or regulation under which the engagement is conducted;
and/or
The terms of engagement for the assignment, which will specify the services to be provided;
Ethical and professional standards;
Quality control standards”. (International Framework for Assurance Engagements)
a) Main responsibility
The auditor’s main responsibility is to form an opinion on whether the company’s financial statements give
a true and fair view.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 30
It therefore follows that the precise responsibilities of internal auditors will be defined by whoever
determine the objectives of the assignments they conduct. However, ISA 610 Using the Work of Internal
Auditors lists the main activities of the internal audit function as:
Monitoring of internal control;
Examination of financial and operating information;
Review of the operating activities;
Review of compliance with laws and regulations;
Risk management; and
Governance.
While some of the work performed by internal and external auditors may be similar it must be
remembered that the external auditor is solely responsible for the audit opinion. This responsibility can
never be reduced by the use of the work of the internal auditors.
If the external auditor wishes, at any point, to use the work of internal audit to assist with their procedures,
they must firstly determine:
Whether the work of internal audit is adequate for the purpose of the audit;
The effect of the work of internal auditors on the nature, timing and extent of the external
auditor’s own procedures;
The objectivity of internal audit;
The technical competence of internal audit;
Whether the work of internal audit is carried out with due professional care; and
Whether there is likely to be effective communication between the internal and external auditors.
4 – ERROR
Auditors are responsible for detecting material misstatements in the financial statements, some of
which may be caused by error.
Management are responsible for designing and implementing a system of internal control which is
capable of preventing, or detecting and correcting, errors in the financial records.
Auditors are required to assess the system of internal control as part of their audit in order to
determine whether to rely on the system of controls or carry out extended tests of details.
Auditors are required to report to those charged with governance on material weaknesses in
controls which could adversely affect the entity’s ability to record, process, summarise and report
financial data potentially caused material misstatements in the financial statements.
Auditors are responsible for giving an opinion whether the financial statements are free from
material misstatements caused by error. This means that they should design procedures that are
capable of detecting errors.
The two types of test generally carried out as part of an audit are tests of control and tests of detail
(to be studied in detail later on). The more reliance that can be placed on controls (assessed by
testing controls), the fewer tests of details may be carried out.
Definition of internal control
A process designed and effected by those charged with governance, management, and other personnel to
provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of
financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and
regulations. It follows that internal control is designed and implemented to address identified business
risks that threaten the achievement of any of these objectives.
Internal controls are designed in part to prevent errors occurring in financial information, or to detect
errors and correct them.
5 – FRAUD
The auditor is responsible for drawing a conclusion as to whether the financial statements are free
from material misstatements caused by fraud.
The auditor’s responsibilities with regard to fraud are set out in ISA 240 The Auditor’s
Responsibilities Relating to Fraud in an Audit of Financial Statements and include:
- Assessing risks of material misstatement;
- Discussing the susceptibility of the financial statements to material misstatement caused
by fraud.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 31
A key issue in relation to discovering material misstatements caused by fraud is professional
skepticism.
When the auditors become aware of possible non-compliance, they should evaluate the possible
effect on the financial statements and on other audit evidence obtained and need to make reports
to management.
More on “fraud” is provided in the next Chapter which focuses on “Responsibilities 2 – Detection of fraud
and errors”. You are advised to read it for more knowledge on ‘responsibilities and fraud’.
As part of their risk assessment procedures, auditors should assess the risk that the company is not
complying with any relevant law or regulation. Risk assessment procedures will be considered in more
detail in Chapter xxxxxxx.
The auditor is required by ISA 250 Consideration of Laws and Regulations in an Audit of Financial
Statements to obtain evidence about compliance with laws and regulations. It states that the auditors
should:
Ask those charged with governance if they are on notice of any non-compliance.
The auditors should obtain written representations that management has disclosed all known instances of
actual or possible non-compliance with laws and regulations.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 32
6.6 – Reporting of non-compliance
The ISA requires that the auditors should communicate discovered instances of non-compliance with laws
and regulations to those charged with governance (the directors) without delay, and make appropriate
reports, as set out below:
THIRD PARTIES The auditor shall determine whether the auditor has a responsibility to
e.g. regulatory and report the identified or suspected non-compliance to parties outside the
enforcement authorities entity.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 33
Chapter 5
RESPONSIBILITIES 2 – DETECTION OF FRAUD AND ERROR
1 – Definition of fraud
For audit purposes, ISA 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial
Statements, identifies two types of risk of misstatement which can arise from fraud:
Misstatements arising from fraudulent financial reporting (fraudulent manipulation of accounts not
involving defalcation also known as window dressing);
In order to have a reasonable expectation of detecting fraud or error, auditors should follow the
procedures in ISA 240.
Fraud
The following are the methods of defalcation involving misappropriation of cash or goods:
2. By destroying the carbon copy or counter foil of the receipt and misappropriating the cash received
3. By entering lesser amount on the counterfoil and misappropriating the difference between money
actually received and the amount entered on the counterfoil of the receipt book
4. By not recording the receipt of sale of a casual nature for example sale of scrap, sale of old
newspapers, etc.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 34
5. By omitting to record cash donations received by non-profit making charitable institutions
6. By misappropriating the cash received on discounting the bills receivable and showing them as bills
outstanding on hand
7. By misappropriating cash received from debtors and concealing the same by giving artificial credit
to the debtors in the form of bad debts, discount or sales return, etc.
8. By adopting the method of “teeming and lading” or “lapping process”. Under this method cash
received from one debtor is misappropriated and deficiency in that debtors account is made good
when another payment is received from second debtor by crediting the second debtors account
less by that amount. This process is carried out round the year.
9. By suppressing the cash sales by not recording them or by treating the cash sales as credit sales.
12. By recording more payments that actual amounts paid by altering the figures on the vouchers.
14. By showing credit purchases as cash purchases and misappropriating the amount
16. By not recording discounts and allowances given by the creditors and misappropriating the
amounts
18. Recording fictitious and inflated purchases and misappropriating that amount
19. By suppressing the credit notes for returns and showing the full payment to creditors
20. By including the names of dummy workers or the workers who have left the job and
misappropriating the money offered as salaries
21. By over casting the total of wages sheets and drawing that amount for misappropriation.
It implies presentation of accounts more favorably than what they actually are. Window dressing means
showing a wrong picture. The fraud through manipulation of accounts is also known as window dressing
because accounts are manipulated to show a wrong picture of the profit or loss of the business and its
financial state of affairs. Generally this type of fraud is committed by the people at the top management
level. This does not involve any misappropriation of cash of goods but it is either over statement of profit
or understatement of the same. Such fraud is committed with certain objective and is relatively difficult to
detect.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 35
3 – Responsibilities regarding fraud
ISA 240 sets out management and auditor responsibilities regarding fraud.
Regarding management, ISA states that the primary responsibility for the prevention and detection of
fraud rests with both those charged with governance of the entity and with management. To fulfil this
responsibility, various actions can be taken including:
Demonstrating that management follow a culture of honesty and ethical behaviour and
communicating that they expect all employees to adhere to this culture;
From the point of view of those charged with governance, ensuring that management implement
policies and procedures to ensure, as far as possible, the orderly and efficient conduct of the
company’s business.
Regarding the auditor, the ISA states that the auditor must obtain reasonable assurance that the financial
statements, taken as a whole, are free from material misstatement, whether caused by fraud or error. The
auditor does not therefore offer complete assurance that the financial statements are free from fraud
and/or error as audit testing is not designed to provide this assurance.
4 – Risk assessment
Part of an auditor’s work must include assessing the risk of a fraud existing (discussed in Chapter 9).
ISA 240 sets out that auditors are:
Entitled to accept representations as truthful and records as genuine, unless there is evidence to
the contrary; but also
Required to bring professional skepticism to work.
Auditors should also carry out a discussion of the susceptibility of the entity’s financial statements to fraud.
This will usually include a consideration of:
Where the company’s system is weak and how management could perpetrate fraud;
The circumstances that could indicate earnings management which could lead to fraudulent
financial reporting;
The known internal and external factors that could be an incentive to fraud being carried out;
Management’s involvement in overseeing employees with access to cash or other assets which
could be misappropriated;
Any unusual or unexplained changes in behaviour/lifesthle of management or employes;
The need for professional skepticism;
The type of circumstances that could lead to suspicions of fraud;
How unpredictability will be incorporated into the way the audit is carried out;
What audit procedures might be responsive to fraud;
Any allegations of fraud that have been made;
The risk of management override of controls.
4.1 – The auditor can suspect fraud under the following circumstances
(concrete cases)
1. When vouchers, invoices, cheques, contracts are missing, etc.
2. When control account does not agree with subsidiary books.
3. When the difference in trial balance is difficult to locate.
4. When there are greater fluctuation in Gross Profit and Net Profit ratios.
5. When there is difference between the balance and the confirmation of the balance by the parties.
6. When there is difference between the stock as per records and the stock physically counted.
7. When the explanation given by the client is not satisfactory.
8. When there is a overwriting of some figures.
9. When there is a contradiction in the explanation given by different parties.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 36
4.2 – Procedure to be followed to detect errors
The following procedures may be adopted by the auditor to detect the errors:
1. Check the opening balances from the balance sheet of the last year;
2. Check the posting into respective ledger accounts;
3. Check the total of the subsidiary books;
4. Verify all the castings and the carry forwards;
5. Ensure that the list of debtors and creditors tally with the ledger accounts;
6. Make sure that all accounts from the ledger are taken into accounts;
7. Verify the total of the trial balance;
8. Compare the various items from the trial balance with that of the previous year;
9. Find out the amount of difference and see whether an item of half or such amount is entered
wrongly;
10. Check difference involving round figures as 1 000 000 CFAF and 100 000 CFAF etc.
11. See where there is misplacement or transposition of figures that is 45 for 54: or 81 for 18, etc;
12. Ultimately careful scrutiny is the only remedy for detection of errors.
13. See that on entry of the original book has remained unposted.
4.3 – The auditor should perform the following duties in respect of fraud
1. Examine all aspects of the finance.
2. Vouch all the receipts from the counterfoils or carbon copies or cash memos, sales mart report,
etc.
3. Check thoroughly the salary and wages register.
4. Verify the methods of valuation of stocks.
5. Check up stock register, goods inwards notes, goods outward books and delivery challans, etc.
6. Calculate various ratios in order to detect fraudulent manipulation of accounts.
7. Go through the details of unusual items.
8. Probe into the details of the problems when there is a suspicion.
9. Exercise reasonable skill and care while performing the duty.
10. Make surprise visit to check the accounts.
If the auditors identify misstatements which might indicate that fraud has taken place, they should
consider the implications of this for other aspects of the audit, particularly management representations
which may not be trustworthy if fraud is indicated. This may lead to a limitation in the scope of the audit.
6 – Management representations
Auditors are required to obtain particular written representations from management acknowledges its
responsibility to design and implement internal controls to prevent and detect fraud and that management
has disclosed any known or suspected frauds by management, employees with a significant role in internal
control, or any other frauds which might have a material impact on the financial statements to the auditor.
In addition, management confirm in writing that it has disclosed the results of its own assessment of
whether the financial statements may be materially affected by fraud.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 37
7 – Reporting frauds or suspected frauds
The ISA requires that the auditors should discuss suspected or actual fraud with management and those
charged with governance and make the appropriate reports, as set out below:
THIRD PARTIES
The auditor shall determine whether there is a responsibility to report the
e.g. regulatory and
occurrence or suspicion to a party outside the entity.
enforcement authorities
If fraud or error causes the financial statements to not give a true and fair view or there is a fundamental
uncertainty, it should be included in the audit report in the usual way, thereby notifying the shareholders.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 38
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 39
Chapter 6
It is all about knowing when to say no to a client when approached for an assurance
engagement.
The question is: “Why the auditor accepts some clients (companies) and why does he rejects
others?”
The focus of this chapter is on the procedures that should be followed by a firm (auditor) before
accepting a new client, a new engagement for an existing client, or agreeing the terms of any new
engagement.
Acceptance decisions are crucially important, because new clients and/or engagements can pose
threats to objectivity, or create risk exposure to the firm, which must be carefully evaluated. One of
the current issues being debated in the profession is whether there should be an outright ban on the
provision of non-audit services to audit clients. In addition, new International Standard on Auditing
(ISA) requirements compel the firm to establish whether preconditions for an audit are present
when faced with a potential new audit engagement. All of these factors mean that acceptance
decisions must be taken with care.
Procedures spell out the prior work to be done before accepting or not a new clients. The concept of
continuance relates to existing or recurring engagement – engagements that are either repeated or
continuing relationships.
There are basically three principles to follow or respect within the acceptance and continuance
procedures.
Principle 1: it requires the auditor to undertake new or recurring (continuing) work only where
the auditor has:
Principle 2: this principle requires the auditor to “identify and resolve conflicts of interest”.
Principle 3: this principle requires the auditor to be alert to changes in circumstances that may
obligate the auditor to withdraw (where possible) from an engagement.
The various components of these principles must be developed thanks to the material gathered so
far before the third section. INCLUDED:
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 40
3 – PRECONDITIONS FOR AN AUDIT (What do the standards say?)
Once a firm (auditor) has decided to go ahead with an audit engagement, it must comply with the
requirements of ISA 210, Agreeing the Terms of Audit Engagements. ISA 210 was revised as part
of the International Auditing and Assurance Standards Board’s Clarity Project, with new
requirements to perform specific procedures in order to establish whether the preconditions for an
audit are present.
ISA 210 Agreeing the terms of the audit engagement establishes the preconditions for accepting an
audit, which are:
an acceptable financial reporting framework has been used in the preparation of the
financial statements
those charged with governance agree that they acknowledge and understand their
responsibilities.
If the preconditions for an audit are not present, the auditor must discuss the matter with those
charged with governance. Unless required by law or regulation to do so, the auditor must not accept
the engagement.
If the preconditions for an audit are not present, the auditor must discuss the matter with those
charged with governance. Unless required by law or regulation to do so, the auditor must not accept
the engagement.
‘The use by management of an acceptable financial reporting framework in the preparation of the financial statements and the
agreement of management and, where appropriate, those charged with governance to the premise on which an audit is
conducted’. This means that the auditor must do two things. First, the auditor must determine the acceptability of the financial
reporting framework to be applied in the preparation of the financial statements. This includes evaluating whether law or
regulation prescribes the applicable financial reporting framework, considering the purpose of the financial statements, and the
nature of the reporting entity (for example, whether a listed company or a public sector entity). In most cases this will simply be a
matter of confirming with the client that the financial statements will be prepared under International Financial Reporting
Standards, or other national reporting framework.
Second, the auditor must obtain the agreement of management that it acknowledges and understands its responsibility:
For the preparation of the financial statements in accordance with the applicable financial reporting framework.
For internal controls to enable the preparation of financial statements which are free from material misstatement,
whether due to fraud or error.
To provide the auditor with access to all information necessary for the purpose of the audit.
In relation to the final bullet point, if management impose a limitation on the scope of the auditor’s work in the terms of a
proposed audit engagement, the auditor should decline the audit engagement if the limitation could result in the auditor having to
disclaim the opinion on the financial statements. The engagement should also be declined if the financial reporting framework is
unacceptable, or if management fail to provide the agreement outlined above. (ISA 580, Written Representations also requires
that management provide written representations regarding its responsibilities in relation to the preparation of financial
statements.)
ISA 220 Quality control for an audit of financial statements deals with those aspects of engagement
acceptance that are within the control of the auditor. The engagement partner must be satisfied that
appropriate procedures regarding the acceptance and continuance of client relationships and audit
engagements have been followed, and must determine that conclusions reached in this regard are
appropriate.
Engagement letter
Establishing the terms of the engagement
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 41
The terms of the engagement are established through the signing of the engagement letter.The Companies
Acts and the OHADA Uniform Act state that the auditor may be asked to perform additional work in areas
such as taxation, accountancy, and such others. Before commencing any professional work, an accountant
should agree, in writing, the precise scope and nature of the work to be undertaken and this is done
through the medium of an engagement letter.
Many firms of auditors choose to send a new letter every year, to emphasise its importance to
clients.
The contents of a letter of engagement for audit services are listed in ISA 210 Agreeing the Terms of Audit
Engagements. They should include the following:
The responsibilities of management: the client’s statutory duties such as on accounting records to
be made available and financial statements which show a true and fair view and comply with the
Act;
The auditor’s statutory and professional responsibilities (to report on the accounting records and
financial statements and to follow auditing standards respectively);
The audit fees and the basis on which they are charged;
Reference to the expected form and content of any reports to be issued (not absolute assurance).
In addition to the above the engagement letter may also make reference to:
The unavoidable risk that some material misstatements may go undetected due to the
inherent limitations in audit;
The agreement of management to make available to the auditor draft financial statements and
other information in time to complete the audit in accordance with the proposed timetable;
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 42
The agreement of management to inform the auditor of facts that may affect the financial
statements;
The request for management to acknowledge receipt to the engagement letter and to agree
the terms outlined;
Agreements concerning the involvement of auditors experts and internal auditors; and
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 43
CHAPTER 7
PLANNING THE AUDIT PROCESS
Introduction
Planning plays a vital role in any assurance service whose purpose is to increase the confidence of the end
users of information by reducing their level of risk.
It is often said: “If you fail to plan then you are planning to fail”. This quotation which is full of meaning,
perfectly and adequately applies to the conduct of an audit. Planning an audit highly contributes in
ensuring that the risk that the financial statements may be misstated is reduced to an acceptable level. In
other terms, it helps the auditor to avoid the audit risk: the risk of formulating a wrong opinion.
Still in connection with planning, Laurence J. Peter says: “If you don’t know where you are going, you’ll
probably end up somewhere else.”
ISA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements
ISA 315 Identifying and Assessing the Risks of Material Misstatements through Understanding the
Entity and its Environment
1 – WHY PLAN?
Organises and manages the audit so that it is performed in an effective and efficient manner.
Efficiency refers to the amount of time spent gathering audit evidence while effectiveness refers to
the minimization of audit risk.
Directs and supervises the team and reviews their work; and
Effectively coordinates the work of others, such as experts and internal auditors.
Therefore the ultimate purpose of planning is to ensure that the risk of performing a poor quality audit
(and ultimately giving an inappropriate audit opinion) is reduced to an acceptable level.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 44
ISA 300 Planning an Audit of Financial Statements equally makes it an obligation for auditors to plan their
work. This standard states that: “The objective of the auditor is to plan the audit so that it will be
performed in an effective manner”.
Two persons are involved in a motor accident and they now need medical attention. The first person,
named Kwallar is bleeding through the nose while the second person, Fai, has a fracture at the level of the
leg. For the Medical Doctor the knowledge of these individual specific situations of these two persons is
important to enable him to focus attention on the affected areas before any other thing. Kwallar will be
administered a medical care different from that of Fai.
This section describes the stages in the planning process of an audit. These stages include:
- general understanding of the client (background research or knowledge of the business);
- preliminary analytical review;
- risk assessment;
- materiality calculation;
- tolerable errors calculations for material areas;
- the audit approach to be adopted for all areas;
- assessment of auditor’s independence
- Budget and staffing;
- Timetable and deadlines.
The understanding of the organization, its environments and its internal controls is used to identify the
risks that the business is exposed to and, ultimately, how could these lead to a risk of material
misstatement in the financial statements.
In modern audits, the process is often referred to as Knowledge of the business, or “KOB”.
Before commencing the audit proper the auditor must try to know as much as possible about:
- The present condition and future prospects of the industry where his client operates;
- The past history, the present condition, and the future prospects of his client;
- The management and key personnel of the enterprise and any recent changes;
- The products / goods and the manufacturing and/or trading processes of the enterprise and any
recent changes;
- The locations of all the operations of the business;
- Any difficulty encountered by the enterprise in manufacturing, trading, expanding, contracting or
financing;
- Any problems in accounting or in internal control system;
- Any problem likely to lead to audit risk. For example the difficulty of assessing the value of long
term contracts in an engineering business;
- Any problem likely to be met in carrying out the audit, for example distant locations, tight timing
problems, or large staff requirement;
- Any changes in law or accounting practice which may affect the business.
-
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 45
the nature of the entity
the industry in which the client operates and the level of competition within that industry
the client’s customers and suppliers
the client’s management, governance, objectives and strategies, and business processes
the regulatory environment in which the client operates.
How to obtain understanding of the client / what tools can the auditor use?
The auditor can use relatively simple and well known tools to frame its knowledge of clients, including:
PEST analysis: this helps to assess a company’s external environment by considering the significant
political, economical, social and technological factors affecting it;
Michael Porter’s 5 Forces analysis: this is another external analysis tool that considers the power
of buyers, the powers of suppliers, the threat of existing competitors, the threat of new entrants to
the market and the threat posed by substitute products;
SWOT analysis: this considers a business from a more internal perspective and requires the
assessor to consider the business’s strengths, weaknesses, opportunities and threats.
i. Information from the auditor’s firm: the auditor gathers information by reading last year’s
audit files (working papers file); consulting last year’s team; consulting partner, manager of
the audit firm and industry experts;
iii. Information from the external sources: the auditor gathers information by making research
in the internet, trade press; by consulting industry surveys; by reading published material
covering the company and the industry; by making use of information from the companies
House;
iv. Information from the client: the auditor asks questions to the management of the
company; discusses with staff; observes; consults website; reads brochures.
v. Discussion among the engagement team on the susceptibility of the client’s financial
statements to material misstatements; this discussion – effectively a planning meeting – is
required by ISA 315 which equally required the minutes to developed and kept for
evidence of its holding.
vi. Perform analytical procedures at the planning stage of the audit to identify any unsual or
unexpected relationships that may highlight where risks exists. Analytical procedures are a
study of plausible relationships between both financial and non-financial data.
vii. Perform observation and inspection to corroborate the responses made by management
and others within the organization. These procedures also provide information about the
entity and its environment. Examples of such audit procedures include observation or
inspection of the entity’s operations, premises, and facilities, business plans and strategies,
internal control manuals, and any reports prepared and reviewed by management (such as
management reports, interim financial statements, and minutes of board of directors’
meetings).
By performing these activities, the auditor will gain an understanding of the issues at the entity level, the
industry level, and the economy level.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 46
Although not expressly mentioned in this section, analytical procedures constitute an important source for
KOB. This is the subject of the next point.
Analytical procedures are techniques of evaluation of financial information by studying the relationship
between this information and other financial and non-financial data. They include comparison of financial
information with prior periods, budgets and forecasts and similar industries.
At the planning stage, analytical procedures are used for two main reasons:
If errors look possible, the audit work will be directed towards those errors.
Basic analytical procedures could involve simply looking at the client’s trial balance or draft financial
statements to see if they appear in line with the auditor’s expectations (considering what could be seen as
normal/standard).
Typically, the auditor goes further than the above analysis by:
Computer programs are often used to select those balances that appear furthest from expectations.
NB: Analytical procedures are mandatory at the planning stage and final review stage of the audit. At the
substantive testing stage, they may not be appropriate is some circumstances.
When planning an audit, performing an audit, and evaluating the results of an audit, an auditor will
consider whether it is appropriate to assume that their client will remain as a going concern (ISA 570).
The going concern assumption is made when it is believed that a company will remain in business for the
foreseeable future. Under this assumption, assets are valued on the basis that they will continue to be
used for the purpose of conducting a business, and liabilities are recorded and classified as current and
non-current on the basis that the client will pay its debts as they fall due in the years to come. It is the
responsibility of management and those charged with governance to assess whether their company is
likely to remain a going concern. It is the responsibility of the auditor to obtain sufficient appropriate
evidence to assess the validity of the going concern assumption made by their client’s management and
those charged with governance when preparing the financial statements.
1 – Going concern risk – indicators (for the assessment of going concern assumption)
For each client, an auditor will use their professional judgement to assess whether the going concern
assumption is valid. There are a number of indicators that, alone or combined, can suggest that the going
concern assumption may be at risk. A comprehensive list of events and conditions that place doubt on
the going concern assumption is provided in ISA 570. Indicators include:
prolonged losses
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 47
supplier reluctance to provide goods on credit
If the auditor identifies risk factors that indicate that the going concern assumption is in doubt, they will
undertake procedures (when performing the audit) to gather evidence regarding each risk factor.
Example
If a client has lost a number of key, long-standing personnel, an auditor may assess the quality of the
remaining staff and the likelihood that the client will be able to hire suitable replacements in the near
future. If the auditor believes that there is an unresolved going concern issue outstanding, an
assessment is made of the appropriateness of management disclosures in the notes to the financial
statements regarding that issue.
c) Risk assessment
At this juncture of the planning process, the KOB and the preliminary analytical reviews must have
provided the auditor with the understanding of the client, the client’s environments and the client’s
internal control. It is now possible for the auditor to identify the risks the client is exposed to. This process
is known as “risk assessment”.
It is important to mention that the auditor’s assessment of risk underpins the whole of audit; that is, it
forms the basis for the success of the audit work.
It is the assessment of risk which determines the nature of the procedures to be carried out based on the
potential impact of fraud, the significant risk, how much evidence needs to be gathered.
Significant risks are particulars issues which affects the client and which require special consideration, e.g.
cash flow problems, imminent takeover, major customers or suppliers in difficulties, quality or
marketability issues with particular products.
So everything in the planning process is about the auditor’s response to assessed risk.
d) Materiality calculation
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 48
What is materiality?
“Information is material if its omission or misstatement could influence the economic decisions of users
taken on the basis of the financial statements”. ISA 320 para 3
- triggers a threshold;
- indicates future developments or other significant events;
- whose disclosure is compulsory (material by nature) including: transaction which means
the client makes a loss rather than a profit; a noteworthy threshold – 100 billion CFAF
profit; transactions with directors e.g. salary and benefits, personal use of assets, etc;
If financial statements contain a material misstatement they cannot show a true and fair view.
Auditors should therefore consider materiality when determining the nature, timing and extent of
audit procedures (for financial statements not to contain material misstatements or reduce the risk
of material misstatement to an acceptable level).
The materiality level determined at the preliminary materiality assessment helps auditors decide
such questions as what items to examine and whether to use sampling techniques. This enables
them to select audit procedures that, in combination, reduce audit risk to an acceptable low level.
This means that auditors must decide on what they mean by “material” before they design their
procedures – hence its place in the planning of an audit.
What are the implications for the work the auditors do?
Auditors will:
Need to examine all items in the financial statements which are material
BUT
they will also need to design tests to give assurance that material amounts have not been omitted
from the financial statements.
AND
they will need to allow for the fact that a number of immaterial errors could together add up to a
material misstatement.
Auditors plan and perform the audit to be able to provide reasonable assurance that the financial
statements are free of material misstatement and give a true and fair view. There are no hard and fast
rules for determining materiality. What is material is a matter of pure professional judgement. For
example, an amount that is material to the financial statements of one entity may not necessarily be
material to the financial statements of another entity of a different size or nature. Further, what is material
to the financial statements of a particular entity might change from one period to another.
Therefore, as earlier said, the assessment of what is material is a matter of professional judgment. This
assessment equally includes consideration of both the amount (quantity) and the nature (quality) of
misstatements.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 49
Auditors consider the possibility of misstatements of relatively small amounts that, cumulatively, could
have material effect on the financial statements. For example, a relatively small error in a month-end
procedure could be an indication of a potential material misstatement if that error is repeated each month.
Auditors are also alert to the nature of misstatements relating to qualitative aspects of a matter. Examples
include:
the inadequate or inaccurate (improper) description of an accounting policy when it is likely that a
user of the financial statements could be misled by the description;
failure to disclose consequent imposition of regulatory restrictions, which may significantly impact
the entity’s ability to continue as a going concern.
However, firms typically have a standard method for calculating a baseline materiality figure as part of the
planning process.
½ - 1% of turnover
5 – 10% of results
1 – 2 of assets (gross)
but these are up to the judgment of the auditor who may use different measures.
Materiality is considered at both the overall financial statement level and in relation to individual account
balances, classes of transactions and disclosures. Materiality may be influenced by considerations such as
legal and regulatory requirements and considerations relating to individual financial statement account
balances and relationships. This process may result in different materiality considerations being applied depending
on the aspect of the financial statements being considered. For example, the expected degree of accuracy of certain
statutory disclosures, such as directors’ emoluments, may make normal materiality considerations irrelevant.
Client n°1
Client n° 2
Management is driven by “doing the deal” and are not averse to “cutting the odd corner”.
Management ‘s interest in the accounts is limited to a focus on top lines sales numbers.
Staff are underpaid, poorly motivated and expected to “pick up the systems as they go along”.
The auditors spend a huge amount of time trying to “get things to agree”, tend to find a large number of errors,
and experience resistance to any adjustments, particularly those which reduce the level of reported profits.
It is not too hard to see that Client n° 2 is more risky than Client n° 1.
It is also true to say that, strictly speaking, the user of the financial statements of both clients would probably put the
same value on a misstatements of both clients would probably put the same value on a misstatement to be regarded as
material in both companies.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 50
From the auditor’s point of view, however, it is highly likely that the level of materiality set for Client n°1 would be
higher than for Client n° 2, because the level of risk is lower (for Client N°1).
e) Tolerable error
It is: “The maximum error in a population that the auditor is willing to accept”. ISA 530
This means that in the case of tests of control, the auditors will accept a certain number of instances of a
failure to apply a control procedure and will still conclude that the procedure is operating properly.
Tolerable error is considered during the planning stage, and for substantive procedures, is related to the
auditor’s judgement about materiality.
The “knowledge of the business” and the “analytical review” stages have led to the “risk assessment stage”
which would now serves as a basis for the setting up/definition of an audit strategy.
The audit strategy, also referred to as “the general strategy” or “overall audit plan” is a comprehensive
plan that governs decisions on the nature, extent and timing of the audit procedures to be carried out, so
that adequate audit evidence can be obtained on the assertions for the various items presented in the
financial statements that have to be audited.
The audit strategy sets the overall approach of the audit and covers:
The scope (of the audit): general factors influencing the overall approach to the audit:
Industry specific (special) reporting requirements (ltd companies, charities, other regulated
businesses such as banks and insurance companies);
The timing (of the audit): deadlines for: final reporting, any interim report, reports to
management, reports to those charged with governance; the timing of interim and final audit
visits. The overall aim is to enable these deadlines to be met.
The direction (of the audit): It covers the overall approach and concerns (to mean relies on) such
issues as:
The impact of recent developments at the client, in its industry, in regulatory or financial
reporting requirements.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 51
Expandable text – Interim vs final audits
Material to be provided.
Once the audit strategy has been decided upon, the next stage is to decide how it is going to be carried
out – we need the audit plan.
The plan is based on the assessed risk and the calculated/defined materiality. Thanks to the plan, it is
possible to decide:
The relationship between the audit strategy and the audit plan
STRATEGY
PLAN
What evidence do we
need?
Design procedures to
get it
Whilst the strategy sets the overall approach to the audit, the plan fills in the operational details of how
the strategy is to achieved.
ISAs require that all the elements of the audit should be documented, and so it is clearly necessary to
produce a record of the audit strategy and plan, which can be referred to as the audit progresses and can
be used in the completion stages to ensure that everything has been done which ought to have done.
Most firms will use “audit packs” – pre-printed or computerized documents and checklists to ensure that
the requirements of ISAs have been followed.
For large audits much of the KOB information may be kept on a permanent file and the audit plan
may contain a summary or simply cross refer to the permanent file.
Increasingly KOB is being summarized in a planning memorandum which is updated each year.
With computerized audit systems where all background documents may be scanned in, the
distinction between current and permanent audit files is being eroded.
For large audits, the planning may be so complex that it needs to be summarized in a separate
memorandum.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 52
For small audits the summary may be all that is necessary.
The permanent file usually contains documents and matters of continuing importance which will be
required for more than one audit. This file usually carries
a) Statutory Material Governing the Conduct, accounts and audit of the enterprise (big or small
companies, local government etc)
b) The rules and regulations of the enterprise (memorandum of association for companies,
partnership agreement for partnerships, club rules for clubs, etc)
c) Copies of Documents containing important and relevant information to the auditor such a:
The current file contains the documentation and evidence for the current audit.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 53
CHAPTER 8
AUDIT RISK
1 - INTRODUCTION
Identifying and assessing audit risk is a key part of the audit process, and ISA 315, Obtaining an
Understanding of the Entity and its Environment and Assessing the risk of material misstatement, gives
extensive guidance to auditors about audit risk assessment.
This typically means that the auditor states that the financial statements are true and fair, when in fact
they are not.
In the previous section, we have made mention of the risk-based approach to audit work. What is it all
about?
The risk-based approach requires that the audit work be performed under ISAs and particularly ISA 315,
Obtaining an Understanding of the Entity and its Environment and Assessing the risk of material
misstatement. It says when you do an audit you have to:
Why all this? The auditor should plan the audit around the risks that the client’s financial statements may
contain misstatements, whether as a result of fraud or not. The risks to which company A is exposed to are
different from those company B is. As such, each audit will involve different priorities, different tests, and
will take different lengths of time. These are the features of the risk-based approach.
The risk-based approach minimizes the chance of the auditor giving the wrong opinion. It also helps to
ensure that audit work is carried out as efficiently as possible, as assurance is obtained using the most
effective tests.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 54
4.2 - Procedural approach
This is an alternative approach to risk-based approach. Here the auditor carries out a set of standard
procedures and tests regardless of the particular nature of the client. This approach is not recommended
by ISAs.
ISA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance
with ISAs;
ISA 315 Obtaining an Understanding of the Entity and its Environment and Assessing the Risks of
Material Misstatement.
5.1 - ISA 200, Overall Objectives of the Independent Auditor and the Conduct of
an Audit in Accordance with ISAs
ISA 200 sets out the overall objectives of the auditor, and the standard explains the nature and scope of an
audit designed to enable an auditor to meet those objectives. References to audit risk are frequently made
by ISA 200, and the standard also requires that the auditor shall plan and perform an audit with
professional scepticism, recognising that circumstances might exist that may cause the financial statements
to be materially misstated. Professional scepticism is defined as an attitude that includes a questioning
mind and a critical assessment of evidence.
5.2 - ISA 315 Obtaining an Understanding of the Entity and its Environment and
Assessing the Risks of Material Misstatement
ISA 315 deals with the auditor’s responsibility to identify and assess the risks of material
misstatement in the financial statements through an understanding of the entity and its environment,
including the entity’s internal controls and risk assessment process. The first
version of ISA 315 was originally published in 2003 after a joint audit risk project had been carried out
between the IAASB, and the United States Auditing Standards Board. Changes in the audit risk
standards have arguably been the single biggest change in auditing standards in recent years, so
the significance of ISA 315, and the topic of audit risk, should not be underestimated by
auditing students.
The auditor shall perform risk assessment procedures in order to provide a basis for the
identification and assessment of the risks of material misstatement.
The auditor is required to obtain an understanding of the entity and its environment,
including the entity’s internal control systems.
The auditor shall identify and assess the risks of material misstatement, and determine whether
any of the risks identified are, in the auditor’s judgement, significant risks. This is in order to
provide a basis for designing and performing further audit procedures.
ISA 330 then deals with the required responses to assessed risks.
The
Let us consider each of these four stages in more detail.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 55
i. Making inquiries of management and others within the entity
Auditors must have discussions with the client’s management about its objectives and expectations, and its
plans for achieving those goals.
b) - Understanding an entity
ISA 315 gives detailed guidance about the understanding required of the entity and its environment by
auditors, including the entity’s internal control systems. Understanding of the entity and its environment is
important for the auditor in order to help identify the risks of material misstatement, to provide a basis for
designing and implementing responses to assessed risk (see reference below to ISA 330, The Auditor’s
Responses to Assessed Risks), and to ensure that sufficient appropriate audit evidence is collected.
c) - Identification and assessment of significant risks and the risks of material misstatement
In exercising judgement as to which risks are significant risks, the auditor is required to consider the
following:
Whether the risk is a risk of fraud.
Whether the risk is related to recent significant economic, accounting or other developments, and
therefore requires specific attention.
The complexity of transactions.
Whether the risk involves significant transactions with related parties.
The degree of subjectivity in the measurement of financial information related to the risk,
especially those measurements involving a wide range of measurement uncertainty.
Whether the risk involves significant transactions that are outside the normal course of business
for the entity, or that otherwise appear to be unusual.
Although the key to risk assessment is to do it as part of the planning process, it is important to understand that:
Rick can be uncovered at any stage of the audit.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 56
In the light of the work done the level of risk may be reappraised.
The review and completion phase of the audit has to confirm that the risk of material misstatement has been
reduced to an acceptable level.
IT can play an important part in risk analysis because it enables auditors to carry out analytical procedures (see the
sessions on audit procedures) in a cost effective way to highlight:
Unusual relationships
Unusual trends in the components of financial statements.
The use of IT also enables the auditor to process high volumes of data through computer-assisted audit techniques
(CAATS), to screen for unusual relationships or unexpected repetition of data in a way which would be impossible
without such technology. More in one of the forthcoming chapters related to audit procedures.
Inherent risk;
Control risk;
Detection risk.
Detection is split between two components: sampling risk and non-sampling risk.
Sampling risk is the risk that the sample selected by the auditor does not properly reflect the
population of the data being sampled. The conclusion drawn from such a sample will therefore not
be applicable to the entire population.
For ISA 530 para 7 is the risk which “arises from the possibility that the auditor’s conclusion,
based on a sample may be different from the conclusion reached if the entire population were
subjected to the same audit procedure”.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 57
In other words it is the risk that the sample may not be representative.
Non-sampling risk is the detection risk other than sampling risk that the auditor will not detect a
material misstatement. This could be due to a variety of reasons e.g.:
human error;
misinterpretation of the results of a test;
use of inappropriate procedures;
failure to investigate a particular balance or transaction;
misleading of the auditor by a member of the client’s staff.
Audit risk
Audit risk refers to the chance of an error slipping through an audit, usually a financial audit, and resulting
in a flawed audit report. Generally, audit risk is represented by the following formula: Audit Risk (AR) = IR x
CR x DR. In the formula, IR, or inherent risk, refers to the susceptibility of misstatement, assuming that
there are no internal controls to counter that chance of misstatement. Control risk (CR) expresses the
chance that internal controls won't catch a misstatement, and detection risk (DR) refers to the chances
that the auditor won't detect the misstatement in his or her audit.
Business risk
‘A risk resulting from significant conditions, events, circumstances, actions or inactions that could
adversely affect an entity’s ability to achieve its objectives and execute its strategies, or from the
setting of inappropriate objectives and strategies.’
Entity risk
The entity risk is the risk that cannot be influenced by auditor. It includes the inherent risk and the control
risk which relate to the nature of the entity and its systems.
8 - ASSESSMENT OF RISK
AR = IR x CR x DR
It is well known the entity risk (inherent risk and control) cannot be directly influenced by the auditor, as it
relates to the nature of the entity and its systems. The only risk that the auditor can change is detection
risk.
The think that auditors are required to do is to assess inherent risk and control risk on three levels:
maximum or high risk, moderate or medium risk and low risk.
Therefore, once inherent and control risks have been assessed, and with a maximum overall audit risk
“score” in mind, detection risk can be manipulated to make the audit risk an acceptable level.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 58
Detection risk will be a major variable in determining the extent of audit procedures, e.g. sample sizes for
audit tests.
If control risk and inherent risks are deemed low because the entity is not particularly risky and its controls
are effective, the auditor will place reliance on these factors. Detection risk can be allowed to be higher
and still give an acceptably low level of audit risk. If detection risk needs to be low because the client is
inherently risky or controls are not effective, the auditor will increase the sample size and/or use more
experienced staff.
If the inherent and control risks are high, the detection risk must be low in order to have a low overall audit
risk. Therefore, the auditor has to carry out more detection procedures to be reasonably assured that the
financial statements are free of material misstatements.
Significance
A low audit risk is important because it is not possible for auditors to verify all transactions. Auditors tend
to focus on key risk areas -- for example, overstated revenues or understated costs, where it is more likely
that errors will lead to material misstatements on the financial statements. Auditing standards require
auditors to plan and perform audits with professional skepticism because there is always the possibility
that the financial statements are materially misstated. Professional skepticism involves a questioning mind
and a critical evaluation of evidence.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 59
CHAPTER 9
INTERNAL CONTROL SYSTEM
In managing a business, directors need to have strong risk management processes in place as one of the
requirements of good corporate governance. There are a number of ways of managing risks which include
four basic methods, memorized thanks to the mnemonic TARA:
Internal control systems are engrained or enshrined within good corporate governance through
guidance/reports and acts (laws) corresponding respectively to the UK approach and US approach to
internal control systems.
This approach is highly influenced by the Turnbull report-1999 issued by the Turnbull Committee put in
place the UK government to establish the requirements for a strong internal control system to businesses.
This report simply provided recommendations, advice, and guidance on what a good, strong internal
control system should be. These requirements are not enforceable by law.
The Committee of Sponsoring Organisations (COSO), formed in 1985 to sponsor the national
commission on fraudulent reporting. The sponsoring organisations included the American
Accounting Association and the American Institute of Certified Public Accountants. COSO now
produces guidance on the implementation of internal control system for large and small
companies.
(1) Effectiveness and efficiency of operations – that is the base business objectives including
performance goals and safeguarding resources.
(2) Reliability of financial reporting – including the preparation of any published financial
information.
(3) Compliance with applicable laws and regulations to which the company is subject.
Sarbanes Oxley Act 2002 (SOX) – the US corporate governance made up of a set of laws,
enforceable to businesses.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 60
provide almost the same principles and elements of sound internal control systems as developed
in this chapter.
Systems in organisations
Businesses have in place systems which enable them to achieve their objectives.
collect data
summarise data
produce useful information, and
aid the directors in complying with the following obligations:
effective management of the business
safeguard of the business’ assets
prevention and detection of errors and frauds.
From management’s view, the more reliable a system is the more accurate its output will be as more
reliable information will lead to better decision making.
For a system to be reliable, there is a need for a sound system of internal control should be embedded in it.
Procedures explain the how, why, what, where and when of any set of actions.
In the United States many organizations have adopted the internal control concepts presented in the
report of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Published in
1992, the COSO report defines internal control as:
“ process, effected by an entity's board of directors, management and other personnel, designed to provide
reasonable assurance regarding the achievement of objectives in the following categories:
In the nutshell, internal control system is the set of processes put in place to make sure things stay on the
right track.
NB: It is worth distinguishing between internal control and internal control system. An internal control is
an individual process, measure or action; while internal control system is a set of many processes,
measures or actions. Internal control system equally means “the whole network of systems in an
organization to provide reasonable assurance that organizational objectives will be achieved.”
Another concept worth knowing and distinguishing is ‘internal management control’; it is procedures and
policies in place to ensure that company objectives are achieved. Therefore, it represents an organ of
oversight of internal control system.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 61
It is for management to determine the extent to which internal controls are to be applied within the
organization. There are numerous factors to be considered:
Thus the auditor’s approach to evaluating the internal control system will depend on the type of business.
The following factors will need to be considered:
i. Smaller businesses
Are the proprietors able to intervene directly? This will assist in preventing and detecting errors.
However, if this is the case, there is the risk that internal controls may be overridden for the proprietor’s
benefit, to the detriment of the business.
Procedures are likely to be more formalized than for a smaller business, so that direct intervention, with its
attendant benefits and risks, is less likely.
The purpose of internal control is implied by the definition given earlier, to help management achieve the
entity’s objectives, especially in terms of ensuring:
By creating internal controls, managers establish protocols and procedures their staff must follow in
performing their day-to-day work duties. These established protocols help bring order and cohesiveness to
companies, as everyone knows what's expected, as outlined in the internal controls.
Not allowing assets to be broken, stolen or lost. Procedures are always devised to safeguard them, such as:
usage of cameras, locks, physical barriers, keeping of a plant register, regular reviews of debtor balances,
having firewalls and protective devises on computer systems, etc.
Establishing internal controls can help companies prevent or reduce fraud and theft within their
organizations. Internal controls can include activities such as reconciling bank statements and internal
audit reviews, which can uncover whether the company's money is being misappropriated by management
or employees.
Ensuring the financial statements accurately reflect the affairs of the business: all assets and liabilities
actually exist, all rights and obligations are included through the following types of controls: number
documents such as cheques sequentially to avoid duplication, regular reconciliation of accounts, etc
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 62
the timely preparation of reliable financial information
Compliance with the adequate financial reporting framework which defines the time and manner of
reporting
The Sarbanes-Oxley Act stresses the importance of public companies maintaining internal controls when it
comes to their financial reporting. The act requires that public companies, small and large, include details
on the company's internal controls inside of their annual reports. This information is beneficial to investors
and helps prove the integrity of a company's financial data and the management of it.
In 1992, COSO published the report Internal Control--Integrated Framework as a "basis for developing
business control systems and assessing their effectiveness" (Internal Control Issues). This report provides
the following five components of internal control (equally contained in the Turnbull report 1999):
Control Environment;
Risk Assessment;
Control Activities;
Information and Communication;
Monitoring.
In simple terms, all this is all about what is needed or what should be in place for internal control systems
to be effective.
i. The control environment: The control environment relates to the control consciousness of the
people within the organization. The control environment is the basis (foundation) for all other
components of internal control, providing both discipline and structure to the organization.
“The control environment is concerned with the actions, policies, and procedures that reflect the
overall attitude of the client’s top management, directors, and owners of an entity about internal
control and its importance”.
The control environment is all about management having a right attitude. (ISA 315)
The control environment is often referred to as “the tone at the top” referring to top
management.
The following values play key parts in the control environment component:
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 63
- management’s philosophy and operating style;
- management need to have awareness and action in place;
- organizational structure;
- assignment of authority and responsibility;
- human resource policies and practices – staff training, recruitment procedures etc.
ii. Risk Assessment – There is a connection between the objectives of an organization and the risks to
which it is exposed. In order to make an assessment of risks, objectives for the organization must
be established. Having established the objectives, the risks involved in achieving those objectives
should be identified and assessed, and this assessment should form the basis for deciding how the
risks should be managed.
The risk assessment should be conducted for each business within the organization, and should
consider, for example:
- Internal factors, such as the complexity of the organization, organizational changes, staff
turnover levels, and the quality of staff
- External factors, such as changes in the industry and economic conditions, technological
changes, and so on.
- Risks that are controllable: management should decide whether to accept the risk, or take
measures to control or reduce the risk
- Risks that are not controllable: management should decide whether to accept the risk, or
whether to withdraw partially or entirely from the business activity, so as to avoid the risk.
In a nutshell, risk assessment is all about putting mechanisms in place to identify the right risk and
establishing the right control and this is a permanent and an ongoing process.
iii. Control Activities - the organization's policies and procedures which help ensure that necessary
actions are taken to address the potential risks involved in accomplishing the entity's objectives
(including financial reporting objectives).
Control activities simply referred to as “measures put in place by management to prevent irregularities”.
The table below through the mnemonic ACCAMAP summarises control activities:
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 64
4 Arithmetic controls Check procedure: recalculating an employee work, sequence checking.
5 Maintain and review control Like receivables, wages, PAYE, bank.
accounts
6 Account reconciliations
7 Physical controls Measures and procedures to protect physical assets against theft or
unauthorised access and use. They include:
For example, in the system for purchases and purchase accounting, the
same individual should not have responsibility for:
If one individual did have responsibility for more than one of these
activities, there would be potential for fraud. The individual could record
fictitious purchases (e.g. the purchase of goods ordered for personal use)
and pay for transactions that had not occurred.
At board of director level, corporate governance codes state that the duties
of the chairman of the board and the CEO should be segregated, to prevent
one individual from acquiring a dominant position on the board.
The above control activities can be easily memorised while making use of the mnemonic “ACCAMAPS”.
This is made up of the first letters of the eight above control activities as follows:
A= Approval or Autorisation
C= Computer controls
C= Comparison
A= Arithmetic controls
M = Maintain and review control accounts
A= Account reconciliation
P= Physical controls
S= Segregation
According to the Auditing Practices Committee (APC) – now APB (Auditing Practices Board of UK origin),
control activities include the following:
S Segregation of duties: (as explained above)
P Physical: (as explained above)
A Authorisation and approval: (as explained above)
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 65
M Management: management exercising controls on the basis of information they receive.
S Supervision: supervision is oversight of the work of other individuals, by someone in a positioin of
responsibility. Supervisory controls help to ensure that individuals do the tasks they are recruited to
and perform them properly.
O Organisation: organisation controls refer to the controls provided by the organisation’s structure,
such as:
Staff should also be given training in the purpose of controls and the need to apply them. Specific
training about controls should help to increase employee awareness and understanding of the risks
of failing to apply them properly.
These control activities are placed into three groups to show how they work together.
Internal control (control activity) Explanation
Group 1 Set the structure of the company providing
Organisational, Segregation of duties responsibility for different areas of the company
(organisational) as well as ensuring tasks are split
between various people to minimise the risk of
fraud and collusion (segregation of duties).
Group 2 Detailed controls embedded into the operational
Physical, authorisation and approval, Arithmetic and systems ensuring assets are safeguarded (physical),
accounting transactions are legitimate to the company
(authorisation and approval) and that the
accounting records are correct (arithmetical and
accounting).
Group 3 Controls over the human resources of the company
Personnel, Supervision, Management including selection of appropriate staff (personnel),
ensuring those staff are working correctly
(supervision) and management are checking the
whole control environment (management) normally
using internal audit.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 66
- Prepared as near to transaction time as possible
- Good design with instructions and appropriate spaces*
Independent checks on performance: Personnel are likely to forget or intentionally fail to follow
procedures, or they may become careless unless someone observes and evaluates their
performance.
iv. Information and Communication - focuses "on the nature and quality of information needed for
effective control, the systems used to develop such information, and reports necessary to
communicate it effectively" (Internal Control Issues).
Methods used to initiate, record, process, and report an entity’s transactions and to maintain
accountability for related assets.
For a small company with active involvement by the owner, a simple computerized accounting
system that involves one honest, competent accountant may provide an adequate accounting
system.
A larger company requires a more complex system that includes carefully defined responsibilities
and written procedures.
v. Monitoring - involves assessing the quality and effectiveness of the organizations internal control
process over time. It includes assessing the design and operation of controls, and assessing
compliance with policies and procedures. It also provides for the implementation of appropriate
actions when necessary.
For many companies, especially larger ones, an internal audit department is essential for effective
monitoring.
To conclude, it is a CRIME not to have good internal controls. The word CRIME enables the memorization
of the five components of internal control. The letters it carries stand for:
C = Control activities
R = Risk assessment
I = Information and communication
M = Monitoring of controls
E = Environment
Everyone in the organization has a responsibility in the internal control structure. The COSO designates
each party’s role and responsibility as follows:
i. Management – the chief executive officer (the top manager) of the organisation is
ultimately responsible and should assume “ownership” of the system. He has overall
responsibility for designing and implementing effective internal control to:
enable financial statements which give a true and fair view to be produced;
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 67
prevent and detect fraud.
More than any other individual, the chief executive sets the “tone at the top” that affects
integrity and ethics and other factors of a positive control environment.
ii. Audit Committee – management is accountable to the audit committee which provides
governance, guidance and oversight.
iii. Internal Auditors – internal auditors play an important role in evaluating the effectiveness
of control systems and contribute to ongoing effectiveness. The internal audit function
also plays a significant monitoring role.
iv. Other personnel – internal control is, to some degree, the responsibility of everyone in an
organization and therefore should be part of each person’s job description. Virtually all
employees produce information used in the internal control system or take other actions
needed to effect control. All personnel should be responsible for communicating problems
in operations, noncompliance with the code of conduct, policy violations or illegal acts.
The external auditor does not assume any level of responsibility for internal control. They measure the effectiveness of internal
control through their efforts. They assess whether the controls are properly designed, implemented and working effectively such
that the risk of material misstatement in the financial statements is reduced, and make recommendations on how to improve
internal control.
They equally test controls in the systems to determine the extent of the procedures they will carry out in the conduct of the audit.
No matter how well internal controls are designed, they can only provide reasonable assurance (not
absolute assurance) that objectives have been achieved. Some limitations are inherent in all internal
control systems. These include:
a) Judgment
The effectiveness of controls will be limited by decisions made with human judgment under pressures to
conduct business based on the information at hand.
b) Breakdowns
Even well designed internal controls can break down. Employees sometimes misunderstand instructions or
simply make mistakes. Errors may also result from new technology and the complexity of computerized
information systems.
c) Management Override
High level personnel may be able to override prescribed policies and procedures for personal gain or
advantage. This should not be confused with management intervention, which represents management
actions to depart from prescribed policies and procedures for legitimate purposes.
d) Collusion
Control systems can be circumvented by employee collusion. Individuals acting collectively can alter
financial data or other management information in a manner that cannot be identified by control systems.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 68
8 – TESTING INTERNAL CONTROL FOR MANAGEMENT PURPOSES
An organization's operating procedures, processes and mechanisms are the backbone of its risk
management system. These procedures, often known as internal controls, ensure that employees abide by
top management's recommendations, industry practices and regulatory guidelines when performing their
tasks.
Internal control testing is like placing the procedures of the company under a microscope.
An internal auditor tests controls to ensure they are adequate and effective.
Control Adequacy
A control is adequate if it clearly details procedures and steps that an employee must follow to perform
tasks.
To illustrate, a control may instruct a shipping clerk on how to record goods stored at the warehouse and
sign the bill of lading. An adequate control also explains procedures for decision making and problem
reporting. The shipping control could, for instance, require the clerk to notify a manager if goods received
are worth more than 100,000,000 CFAF.
Control Effectiveness
A control is effective if it provides appropriate solutions to internal control problems (i.e. it really meets
the control objectives).
For example, the accounts receivable department's manager at a small retail store believes an employee
may be stealing cash because sales revenue amounts do not match cash received. He can establish a
procedure requiring customer checks to be sent to a new address and asking three employees in different
departments to record cash payments. The new control is effective if the manager notes that cash balances
now match sales amounts.
Areas of testing
An internal auditor may test various controls, depending on the audit objective, the company size and
industry. An auditor may test procedures in financial reporting mechanisms to ensure that financial
statements are accurate and complete, and conform to generally accepted accounting principles (GAAP).
Operational control testing helps an auditor evaluate control adequacy and effectiveness at the segment
level. An auditor also could test information technology (IT) systems to prevent losses resulting from IT
malfunction.
Testing Significance
“Testing significance” is the conclusion the auditor should arrive at after having performed the control
tests while typically applying generally accepted auditing standards (GAAS). The conclusion could be that,
internal controls are:
Either “high”: capable of preventing operating losses resulting from error or system breakdowns;
or ensuring that employees abide by internal rules, laws and regulations when performing their
duties;
Or “medium”: average possibility of error or system breakdowns occurring, thus allowing operating
losses; or 50% possibility for employees not abiding by internal rules, …
Or again “low”: high possibility of error or system breakdowns occurring, thus allowing operating
losses; or above 90 % possibility for employees not abiding by internal rules, …
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 69
9 - INTERNAL CONTROL AND THE CONDUCT OF A STATUTORY AUDIT
In conducting an audit, specifically within the framework of audit planning, the auditor needs to
understand and document the system:
“The auditor should obtain an understanding of the information systems, including the related business
processes, relevant to financial reporting.”
This is achieved thanks to a process known as “tests of control”. These are audit tests meant to test a control
or control procedure.
Test of control means tests performed to obtain audit evidence regarding the suitability of design and
effective operation of the accounting and internal control systems, and their operation throughout the
period. Details on test of control are provided below.
At the end of the process, the auditor should rate the internal control systems as “high”, “medium” and
“low” based on loss expectation. A high internal control systems would mean that the systems are capable
to producing accurate financial information and that other forms of audit procedures (e.g. substantive
testing) could be neglected or performed lightly.
Information about the system comes from a process known as “tests of control” and which includes the
following:
i. Previous knowledge/experience;
ii. Observation of elements such as management’s philosophy, operating style, integrity, and ethics.
Interview of the organisation’s human resources staff to determine how management recruits
competent employees, assigns them responsibility, and develops them. Find out the level of
direction provided by the board of directions. All of this is about gaining understanding of the
company’s control environment.
Interview questions include why the owner created certain internal controls, what the controls are
for, do managers understand the purpose of the controls and what corrective measures are taken
when a control violation is found.
iii. Interview of client’s management to see if they have established objectives by whch the
organization can be measured and evaluated. Without such objectives, internal and external risks
that threaten them cannot yet be identified, analysed, an overcome.
iv. Interview of client’s employees: Employee interviews serve another important evaluation process.
Auditors use employee interviews to determine how well individuals are trained for their jobs. The
interviews can also shed more light on how well business owners and managers educate
employees on the importance of safeguarding business operations. Auditors may ask employees
what is their job responsibility, how do they protect the company’s business and financial
information, have they been given a manual outlining the company’s standard operating
procedures and who is responsible for reviewing the employee’s completed work.
v. Review of client’s system manuals to gain an understanding of control activities; are policies and
procedures that help ensure that management’s directions for important activities at all levels of
the organization followed?
viii. Walk-through tests (where transactions are traced through system to confirm understanding).
Section summary
This section covers examples of tests of control which are meant to gain an understanding of the reliability
of the control system and include, as mentioned above, the following: (i) enquiry and confirmation, (ii)
inspection, (iii) observation, (iv) walk-through tests, and (v) to a certain extent, recalculation and
reperformance.
What are Internal Control Questionnaire (ICQ) and Internal Control Evaluation Questionnaire (ICE)?
ICQs
An ICQ is a list of all possible controls for each area of the Financial Statements. The client’s staff are asked
questions and systems documentation reviewed, to establish which controls exist for the later appraisal of
the system.
ICEs
ICE (sometimes referred to as ICEQ) does not attempt to record ALL controls like an ICQ.
Instead, for each control objective, it asks for the controls which achieve that objective.
As such, an ICE may not record the entire system – but it is far more use as an evaluation tool for
the auditor, as its focus is on whether IC objectives are being met.
It concentrates on the most serious weaknesses that could occur within a system through the use
of “key” questions.
Each major accounting system should have control objectives and control procedures. The auditor can then
perform tests of control to ensure the controls are working.
Control objectives are conditions which the system of internal control should satisfy.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 71
If these objectives/conditions are achieved, then the potential that waste, loss, unauthorized use
or misappropriation to occur will be minimize.
The control objectives include authorization, completeness, accuracy, validity, physical safeguards and
security, error handling and segregation of duties.
i. Authorisation
The objective is to ensure that all transactions are approved by responsible personnel in accordance with
specific or general authority before the transaction is recorded.
ii. Completeness
The objective is to ensure that no valid transactions have been omitted from the accounting records.
iii. Accuracy
The objective is to ensure that all valid transactions are accurate, consistent with the originating
transaction data and information is recorded in a timely manner.
iv. Validity
The objective is to ensure that all recorded transactions fairly represent the economic events that actually
occurred, are lawful in nature, and have been executed in accordance with management's general
authorization.
The objective is to ensure that access to physical assets and information systems are controlled and
properly restricted to authorized personnel.
The objective is to ensure that errors detected at any stage of processing receive prompt corrective action
and are reported to the appropriate level of management.
The objective is to ensure that duties are assigned to individuals in a manner that ensures that no one
individual can control both the recording function and the procedures relative to processing the
transaction.
A well designed process with appropriate internal controls should meet most, if not all of these control
objectives.
These are procedures, measures that should be in place to ensure that the control objectives are achieved.
Inter
11 – EXAMPLES OF CONTROLS WITHIN A TRANSACTION CYCLES
Objectives of controls
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 72
sales are made to valid customers
sales are recorded accurately
all sales are recorded
cash is collected within a reasonable period
This is a summary of the sales cycle, showing the possible problems and the related controls:
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 73
appropriated correctly and are valid up properly
Authorised by manager,
sequence check done on a
regular basis
Sale is
Review receivables ledger for
recorded Invoice sales may be To ensure that all sales
credit balances(paid for goods
inaccurately are recorded
but no debtor recorded)
recorded, missed or
recorded for the
To ensure that the sale Perform a receivable ledger
wrong customer
is recorded at the reconciliation(check info in
correct amount individual ledger matches that
in nominal)
To ensure that the sale
is recorded in the right Computer controls
debtor’s ledger
Double check back to invoice
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 74
money received is
banked promptly
Segregation of duties
Test of control should be designed to check that control procedures are being applied and that objectives
are being achieved. Tests may be appropriate under the following broad headings.
Carry out sequence tests checks on invoices, credit notes, despatch notes and orders. Ensure that
all items are included and that there are no omissions or duplications.
- Obtain goods despatch notes and ensure each note is signed by the warehouse foreman to
confirm despatch of goods listed on the GDN to the customer.
- Obtain simple credit notes and ensure each document is signed by the accounts clerk to
confirm the arithmetical accuracy of the note has been checked.
- Obtain a sample of despatch notes and goods returned notes; ensure that they are signed by
a responsible official to confirm that details have been agreed with the relevant sales
invoices and credit notes.
This is often done by the grid stamp containing several signatures on the face of the documents.
Ensure that the control has been applied by checking the accuracy of each invoices and credit
notes.
Observe that control account reconciliations have been preformed and reviewed. By reviewing the
work done by the client through observation
In all cases, test should be performed on sample basis. Aspects of sampling are dealt with in
chapter 9
Objectives of controls
This is a summary of the purchases cycle, showing the possible problems and the related controls:
the table shows the various stages of the purchases cycle together with:
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 75
payables ledger) To ensure that it is cost Preferred suppliers/agreed
effective price lists/terms
Order is placed Invalid or incorrect orders To ensure that order is Have sequentially numbered
made or recorded raised for all requisition pads, copies filed
requisitions numerically with copy of
The most favourable order stapled to it.
terms not obtained To ensure orders are Periodically check that all
accurately recorded by are there
supplier
Ask them to repeat the
To ensure items are order back to you (on the
correctly costed phone)
Goods received Goods may be To ensure goods receive Have one delivery area kept
misappropriated for own for all orders secure)
use or not receive at all
Goods may be accepted To ensure that the Copy of purchase order sent
that have not been goods received are as to warehouse, sequentially
ordered/wrong ordered + correct numbered, filed, matched to
quantity/inferior quality quality GRN stapled, checked all
there.
Copy of sequentially
Invoices may not be To ensure that an
Invoice received numbered GRNs sent to
recorded resulting in non invoice is received for
invoicing department, filed
payment and loss of all goods received
and matched to copy of
supplier goodwill
invoice(stapled), checked to
see if all there.
To ensure that do not
Invoices may be logged get invoices for things As above-if no GRN ask
for goods not received we have not received, supplier for proof of delivery
and valid business + match to PO (authorised
purchases as mentioned above)
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 76
incorrectly leading to loss To ensure that all indicate recorded, check all
of goodwill invoices are recorded at filed invoices are stamped
the correct amount
To ensure recorded in Suppliers send in monthly
right supplier ledger statements, reconcile these
to suppliers ledger
account(may need to
consider cash/goods in
transit)
Supplier statement
reconciliation
Invoices may not be To ensure all invoices
Cash paid paid/the incorrect paid (and only once) Stamp invoices when paid
amount paid or may be check all invoices stamped
paid twice
To ensure paid correct Keep paid invoices
amount separately from unpaid ones
As already noted, tests of control should be designed to check that the control procedures are being
applied and that objectives are being achieved. One suggested way to design tests of control for a
particular situation is to list the documents in a transaction cycle and generate appropriate tests of control
for each document. This approach is illustrated here in connection with the purchase cycle – note that a
similar technique could be applied to other transaction cycles.
Obtain the ledger recording purchase orders; ensure each page has been signed by a responsible
official to confirm all orders have been recorded there are no gaps in the sequence of orders.
Obtain a sample of purchase invoices; ensure each invoice has been signed by a responsible official
to confirm checks on the invoice have been completed and the invoice is passed for payment.
Obtain samples of credit notes; ensure each credit note is signed by a responsible official to
confirm the details of the credit notes (goods descriptions and quality) have been agreed to the
relevant goods returned note.
Review the purchase order for the relevant signature for approval.
Review purchase invoice for evidence that the invoice has been reviewed and checked.
Review/observe the supplier reconciliation note to ensure the control has been complied with
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 77
11.3 – Payroll
Objectives of controls
The objectives of controls for the payroll cycle are to ensure that the company will:
And
This is a summary of the payrolls cycle, showing the possible problems and the related controls:
The table shows the various stages of the payroll cycle together with:
clockcards/timesheets cards may be missed to ensure all cards are check number of cards
submitted ,bogoes employees paid received to number of employees
or employees paid for
to ensure that no keep all spare cards
hour not worked
bogoes clock cards locked in cupboards
submitted
get departmental
to ensure the hours managers to sign clock
noted have actually cards as authorised
been worked hours(and especially any
overtime)
hierarchical password
control to payroll system
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 78
to those responsible for
the monthly
processing(segration of
duties)
standing data input Standing data could be to ensure leavers are managers should
compromised. not paid after they have complete a
unprocessed updates left/joiners are paid leavers/joiners form
may mean employees when they start noting date of
who have left are paid departure/arrival and
or joiners are missed send promptly to payroll
dept
to ensure standing data
input is accurate standing data files
regurlarly printed out
and send to department
managers for them to
sign and return
confirming all staff there
inputter to sign
joiner/leaver form/wage
rise form to say checked
to input
sample of wages
processing of data inaccurate processing of
to ensure correct wage recalculated manually,
data could lead to wages
is calculated print out signed as
and taxes being
checked
incorrectly calculated to ensure correct tax is
calculated exception report
produced automatically
for anyone paid over
&xxx, or paid under
&xxx
sample of
deductions(PAYE?
NIC)recalculated
manually print out
to ensure correct wages, signed as checked
recording of payroll recorded payroll may
not match actual payroll NIC, PAYE recorded nominal ledger clerk
signs payroll print out to
confirm entries double-
checked t print
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 79
senior management
review wages expenses
to ensure that all staff
for reasonableness
are paid(employees will
staff paid staff may not be paid complain if not!!!) have two people
present where cash
wages are paid.(see
to ensure no bogus controls above over
employees are paid standing data)
responsible individual
should review any BACS
payroll summary prior to
paying staff-sign to
confirm reviewed
A suggested programme of tests of control is set out below. this would, of course, be modified to
suit the particular circumstances of the client.
test a sample of timesheets, clock cards or other records, for approval by a responsible official .pay
particular attention to the approval of overtime there relevant.
Observe wages distribution for adherence to procedures ensuring employees sign for wages, that
unclaimed wages are rebanked, etc.
Test control over payroll amendments by reviewing changes and seeing whether they have been
authorised.You could also do a dummy transaction to see how the system handles the change
obtain the payment sheet for casual labour payments and ensure this has been signed by the chief
accountant to authorise the payment made.
Obtain the weekly payroll and ensure this have been signed by a responsible official to approval
those payments
inspect payroll reconciliation done regularly,clearing wage control account, tying the PAYE liability
up to the inland Revenue records.Review the client working papers or observe the reconciliation
process happening.
Test authorisation for payroll deductions by reviewing the employees records, looking at who is
authorised to place through amendments, and observes the process.
Test controls over unclaimed wages.You could do a dummy transaction to see how the system
works, what happens to the wages unclaimed, are they placed in a safe, if so tick the clients
working to the amount in the safe.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 80
11.4 - Inventory
Objectives of controls
- excessive
The table shows the various stages of the inventory cycle together with:
Inventory arrives because Inventory stolen on arrival All goods inward received at set locations
it has been purchased, or a and signed for/logged in by stores
sale has been returned New purchases mixed up manager.
with returns.
All returns sent to a returns department for
Poor quality inventory
checking.
accepted.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 81
storage areas.
materials over-ordered t o
enable theft
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 82
authorised by management.
Observe physical security of inventories and environment in which they are held
Obtain inventory records. Where quantity of inventory has been changed without reference to
GDN and GRN, ensure that amendment is signed by a responsible official to authorise that change.
In the client’s warehouse, observe client staff ensuring that where a movement in inventory
occurs, that movement is recorded on the appropriate GDN or GRN;
Test for evidence of authorisation to write off or scrapping of inventories (existence of signature).
Observe the procedures for the authorisation for inventory movements i.e. the use made of
authorised goods received and despatch notes.
Inspect reconciliations of inventory counts to inventory records (this gives overall confort on the
adequacy of controls over the recording of inventory)
Test for evidence of sequence checks of despatch and goods received noted for completeness.
Assess adequacy of inventory counting procedures and attend the count to ensure that procedures
are complied with.
This area looks at expenditure on items other than purchases. However, the controls are virtually identical
to controls over purchases as seen above.
Capital expenditure is often for substantial amounts. As such, most companies would require such
items to be included in the budget and authorised by very senior level management.
Regular revenue expense items may be monitored by simple variance analysis (i.e. actual versus
budget ) on a monthly basis.
capital item are like to be stored on an asset register, which records details of supplier, price,
insurance details; current location, responsible employee, etc
Just as inventory is counted,assets are likely to be checked against the register on a regular basis.
When assets are sold second hand , the items will be checked against similar items or price guides
to ensure the company receives fair value.
Ownership documents (title deeds, vehicle registration documents) will be safely stored.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 83
11.6 - Bank and cash
Objectives of controls
The objective of controls over bank and cash are to ensure that:
POSSIBLE CONTROLS
Security locks.
Night safes.
Imprest system.
Money can only be extracted from bank accounts Restricted list of cheque signatories.
for authorised purposes.
Dual signatories for large amounts.
Cash receipts:
observe that mail is opened by two staff to minimise the possibility of fraud (cash being stolen on
receipt)
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 84
test independent check of cash receipts to bank lodgements
tests for evidence of a sequence check on any pre-numbered receipts for cash
Cash payments:
test(to avoid double payment ) to ensure that paid invoices are marked paid
test for evidence of arithmetical checks on cash payment records, including cash book
Bank reconciliations:
examine evidence of regular bank reconciliations,at least once per month, but in large
organisations this should done daily or weekly
Examine evidence of follow up of outstanding items on the bank reconciliation .Pay particular
attention to old outstanding reconciling items that should be written back such as old,
unpresented cheques.
Petty cash:
Perform a surprise petty cash count and reconcile to petty cash records
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 85
Expendable Test – control weaknesses and what to do about
Control weaknesses and what to do about them
Managements role
As we have seen, any business faces risks of various types and it is managements responsibility to implement procedures
to mitigate those risk.
The risk assessment process will depend to large extend on:
the nature
the size
the complexity of the business. However, for larger businesses it will normally consist of:
agreed programmes of work for the internal audit department to regularly review the company’s financial
systems for internal control weaknesses
supervision of the process by , and reports to, the audit committee
liaison with the external auditors.
The external auditors role
we know that the external auditor is not responsible for implementing or maintaining internal controls. The auditor needs
to:
assess internal controls as a source of assurance
report material weaknesses in internal controls to those charged with governance.
Auditors should communicate material weaknesses in internal control in writing to “those charged with
governance” – the audit committee (if one exists) or management in general.
The form, timing and addressees of this communication should be agreed at the start of the audit, as part
of the terms of the engagement.
This report has traditionally been known as a management letter or report to management (they use to
call it weakness letter) and is usually sent at the end of the audit process.
Recent revision of audit standards has added other matters that should be communicated.
A report at the planning stage, identifying key audit risks and the work to be performed.
However, this section of the notes will concentrate on internal control issues.
the report is not a comprehensive list of weaknesses, but only those that have come to light during
normal audit procedures;
no disclosure should be made to a third party without written agreement of the auditor;
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 86
The usual structure of the report is:
appendix, noting the weaknesses, consequences, and recommendations (often with a space left for
management to respond with their planned action).
In the exam, an internal control question may require you to analyse controls and report weaknesses in
the form of a management letter. If so, it is the appendix (see below) that you need to produce. A
covering letter would be specifically requested by your examiner.
Consequence What could happen if the weakness is not corrected. Focus on what
matters to the client – the risk of lost profits, stolen assets, extra costs,
errors in the accounts.
Recommendation This must deal with the specific weakness you have observed! It must also
provide greater benefits than the cost of implementation.
Try to suggest who should carry out the control procedures, and when.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 87
Illustration
(A table format is the best format to be used within an exam context).
The Directors
Chinje CO
Commercial Avenue
Dear Sirs
Management letter
As usual at the end of our audit, we write to bring to your attention weaknesses in your company’s internal
control systems and provide recommendations to alleviate those weaknesses.
If you require further information on the above, please do not hesitate to contact us.
Yours faithfully
NB: The above letter has highlighted only on weakness for illustration purpose; in practice such letters
highlights many weaknesses with their related consequences and recommendations.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 88
Question Dean
You are the senior in charge of the audit of Dean. To assist you in your audit planning, one of the audit
team has provided the following description of the purchasing system. No other controls exist apart from
those described.
“The company has no buying department, so employees place orders in their own area of responsibility.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 89
Internal Control: Test Your Knowledge
Today many companies recognize the desirability as well as the requirement to have an effective system of internal
control. Yet, designing and implementing a cost-effective system of internal control is a daunting, if not overwhelming,
task.
One way to overcome resistance to internal control is to educate stakeholders at every level of the organization about its
advantages.
Try the following quiz to test your knowledge of internal control and consider using it as a teaching tool for others in
your organization.
1. Houston Helpers, a faith-based group that offers help to people in need, has hired Janet Wells, a local CPA, to train
its professional staff in the basics of internal control. As Wells begins her presentation, a participant interrupts by
saying, “We are not like other organizations. How can we talk about common elements of internal control when we are
a faith-based service provider?”
a. The participant is correct; there are no generally accepted frameworks for internal control.
b. The participant is incorrect; there are generally accepted frameworks for internal control, regardless of industry.
2. Internal control is a process designed to provide reasonable assurance regarding the achievement of which objective?
3. CS Inc. has asked you to join its board of directors. Before agreeing to do so, you realize that it is important that you
understand the company’s approach to Enterprise Risk Management (ERM). Which of the following is NOT true about
ERM?
4. The directors of Evans Corp. are reevaluating their “tone at the top.” They realize the phrase “tone at the top” is used
to describe the example set by directors, officers and executives through their statements and daily actions. The board
members also realize written policies need to reinforce the tone, but are unsure how to integrate written policies into the
“tone at the top.” If you were advising the board, what would you tell them is the cornerstone of these policies?
5. Your employer has asked you to develop controls to help prevent duplicate payments. Which of the following steps
would NOT be appropriate in developing such a policy?
a. Create a form for updates to the master vendor file, which should be completed by the person requesting the change
and signed off by someone at a higher level.
b. Purge inactive vendors.
c. Periodically run reports showing the daily changes to the master vendor file.
d. Prohibit the sharing of passwords for the master vendor file.
6. As part of a training exercise for a corporate controller’s staff, Jeri Lee breaks the group into teams and asks each
team to gain (and document) their understanding of a potential acquisition’s system of internal control. When she
returns to check on their progress, she discovers that one team is working on integrating the use of narratives,
flowcharts and internal control questionnaires. What should Lee tell this team about using all three approaches
simultaneously?
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 90
a. The team is correct in using all three approaches simultaneously.
b. The team only needs to use one approach.
c. Combining the use of narratives and flowcharts together is inefficient.
d. Combining the use of flowcharts and internal control questions together is ineffective.
e. b and c
COSO FRAMEWORK
The COSO framework consists of five elements of control: the control environment, risk assessment, control activities,
information and communication, and monitoring. The remaining questions refer to these elements.
7. The owner of Austin Marina has approached the managing partner of a CPA firm about conducting a first-time
independent audit. While discussing the nature and scope of the audit, the owner of Austin Marina asks if it is really
necessary for the auditor to gain an understanding of Austin Marina’s system of internal control. Which of the
following responses would NOT be correct?
a. The auditor needs to gain an understanding of the client’s internal control in order to assess risk.
b. An understanding of internal control is necessary to support the audit opinion.
c. Audit standards do not require the auditor to gain an understanding of the client’s system of internal control since
risk can be assessed by other means.
d. Independent auditors can no longer assess control risk at a maximum without having support for that assessment.
a. External events
b. Internal events
c. Circumstances that might affect reliable financial reporting
d. All of the above
a. A means to an end
b. Authorized procedures
c. The particular category in which a control is placed
d. The actions of people to help ensure that management directives necessary to address risks are carried out
10. Evans & Co. has been struggling to implement the monitoring component of the COSO Internal Control—
Integrated Framework. Which of the following is NOT correct in how the company can implement the monitoring
component?
ANSWERS
1. (b) While the staff at Houston Helpers may not be aware of it, there are frameworks available to evaluate the
effectiveness of internal control in any type of organization. The industry standard used by most U.S. companies is
Internal Control—Integrated Framework, which was issued in 1992 by the Committee of Sponsoring Organizations
(COSO), and is a blueprint for organizations to assess and enhance internal control systems. COSO was formed in
1985. The sponsoring organizations are the American Accounting Association, the AICPA, Financial Executives
International, the Institute of Management Accountants, and the Institute of Internal Auditors.
2. (d) Effectiveness relates to the ability of the entity to accomplish its goals. Efficiency is concerned with maximizing
the best use of resources. Reliability of financial reporting includes the accuracy of financial statement balances and
adequate and complete disclosure. Compliance with applicable laws and regulations refers to all laws and regulations
that apply to the entity.
3. (a) ERM provides “a process that provides a robust and holistic top-down view of key risks facing the organization.”
(Effective Enterprise Risk Oversight: The Role of the Board of Directors, COSO, 2009). Thus ERM is significantly
different from the more traditional risk management approaches. Board members need to understand the entity’s
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 91
strategy for managing risks to ensure that day-to-day operations are aligned with stakeholder expectations. The other
answers are true.
4. (a) “The code of conduct should be a source of guidance on daily behavior and set the minimum standards for that
behavior,” according to the AICPA On-Site Training course Financial Fraud, Forensics, and the CPA. The “tone at the
top” applies to everyone as they carry out their business and personal responsibilities. The other answers (a conflict-of-
interest policy, organization communications, and protection of the organization’s assets) are normally considered for
inclusion in the code of conduct.
5. (b) Accounts payable expert Mary Schaeffer recommends that inactive vendors be deactivated, not purged. This
allows vendor activity to be researched if needed. The other steps are appropriate. Using forms for updates to the
master vendor file allows accountability for changes. Schaeffer also recommends executive review of reports, which
show daily changes to the master vendor file. Passwords to the master vendor file should never be shared. For more
information, see “Fight Fraud and Duplicate Payments” (Dec. 4, 2008), by Mary Schaeffer, available at
tinyurl.com/yfc7jog.
6. (e) A narrative is a written description of a system of internal control. A flowchart is a diagram of the documents and
their sequential flow within an organization. A narrative and a flowchart present the same information. While one well-
executed approach can be sufficient to gaining an understanding of internal control, a flowchart and an internal control
questionnaire can be used together effectively, as the internal control questionnaire offers checklists that include the
many types of controls available.
7. (c) Current audit standards require the independent auditor to obtain an understanding of the entity and its
environment, including internal control. Moreover, the auditor is required to evaluate the design of controls and
whether or not they have been implemented. Also, the auditor must document significant processes and their basis for
assessing control risk.
8. (d) Risk assessment is the process of identifying and analyzing relevant risks in order to manage and mitigate the
risks. External and internal events, as well as any other circumstance that could affect reliable financial reporting
should play a part in risk assessment.
9. (d) The COSO definition of control activities recognizes that internal control is affected by people at every level of
the organization. Control activities are more than a means to an end, and are not limited to authorized procedures.
Control activities are often in overlapping categories.
10. (d) Management is responsible for establishing and maintaining the entity’s internal control, and an independent
auditor cannot perform management functions. Monitoring can be an ongoing process or be conducted as a separate
evaluation. For many larger entities, internal audit departments are essential for effective monitoring. In fact, AU
section 322 addresses the effect of internal auditors on the external auditor’s evidence accumulation, provided the
internal audit function is performed by staff independent of both the operating and accounting departments and reports
either to top management or the audit committee.
SCORING
An effective system of internal control is one of the best ways to prevent the fraudulent misstatement of financial
statements. If you answered all 10 questions correctly, you are an internal control guru. If you answered eight or nine
questions correctly, your knowledge of internal control is competent.
If you answered seven or fewer questions correctly, you may want to build on your internal control skills. Fortunately,
no one needs to “reinvent the wheel” when implementing or upgrading a system of internal controls. The resources
listed on the previous page will help you stay competent in internal control.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 92
CHAPTER 10
AUDIT EVIDENCE
INTRODUCTION
ISAs state that: "The auditor must obtain sufficient appropriate audit
evidence by performing audit procedures to afford a reasonable basis for an
opinion regarding the financial statements under audit." The opinion to be form by the auditor is worth
something which requires valid evidence.
The auditor needs evidence to corroborate or refute the assertions made by management in the financial
statements.
ISA 315 (IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH
UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT) defines assertion as representations by
management, explicit or otherwise, that are embodied in the financial statements, as used by the
auditor to consider the different types of potential misstatements that may occur.
Assertions or management assertions in audit or auditing simply means what management claims.
For example, if a management states that internal controls are effective then it is a claim or
assertion made by management.
Example 1: Through an item, say “receivables: 12 00 000 cfaf”, contained in the statement of financial
position management is making an assertion. Here, management is making an assertion that the
company’s customers owe the company 12 000 000 cfaf.
Example 2: If a balance sheet of an entity shows buildings with carrying amount of 800 million cfaf, the
auditor shall assume that the management has claimed that:
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 93
The buildings recognized in the balance sheet exist at the period end;
The entity owns or controls those buildings;
The buildings are valued accurately in accordance with the measurement basis;
All buildings owned and controlled by the entity are included within the carrying amount of 800
million cfaf.
Given that management is responsible for the preparation of financial statements that gives a true and fair
view, they make assertions on all the accounts balances appearing on the financial statements, which
include the following for the balance sheet and the income statement:
ISA 315 points out that in preparing financial statements management make direct or indirect assertions
regarding the recognition, measurement, presentation of elements of financial statements and disclosures
made in the financial statements. If these assertions are correct then financial statements will
automatically be reliable.
ISA 315 categorizes the different assertions in three categories which are further classified as follows:
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 94
3. Presentation and disclosure:
o Occurrence — the transactions have occurred
o Rights and Obligations — the transactions pertained to the entity
o Completeness — all disclosures that should have been included in the financial statements
have been included
o Classification and Understandability — financial statements are appropriately presented
and described, and information in disclosures are clearly expressed.
o Accuracy and Valuation — financial and other information is disclosed fairly and at
appropriate amounts.
Assertions are important to the auditor; they have an impact on how the auditor gathers evidence.
The auditor should use relevant assertions for classes of transactions, account balances, and presentation
and disclosures in sufficient detail to form a basis for the assessment of risks of material misstatement and
the design and performance of further audit procedures. The auditor should use relevant assertions in
assessing risks by considering the different types of potential
misstatements that may occur, and then designing further audit procedures that are responsive to the
assessed risks.
Relevant assertions are assertions that have a meaningful bearing on whether the account is fairly stated.
For example, valuation may not be relevant to the cash account unless currency translation is involved;
however, existence and completeness are always relevant. Similarly, valuation may not be relevant to the
gross amount of the accounts receivable balance but is relevant to the related allowance accounts.
Additionally, the auditor might, in some circumstances, focus on the presentation and disclosure assertion
separately in connection with the period-end financial reporting process.
For each significant class of transactions, account balance, and presentation and disclosure, the auditor
should determine the relevance of each of the financial statement assertions. To identify relevant
assertions, the auditor should determine the source of likely potential misstatements in each significant
class of transactions, account balance, and presentation and disclosure. In
determining whether a particular assertion is relevant to a significant account balance or disclosure, the
auditor should evaluate:
a. The nature of the assertion;
b. The volume of transactions or data related to the assertion; and
c. The nature and complexity of the systems, including the use of information technology, by which the
entity processes and controls information supporting the assertion.
Further explanation/summary
Remember that the audit evidence required depends on both:
the nature of the item being tested
And
the assertion being tested.
the auditor chooses suitable procedures based on the nature of the item in the financial
statements being audited.
The procedures will be refined further depending on which assertion about the item the auditor is
testing.
The audit approach to testing receivables will be different from testing payroll.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 95
e.g.
Item Audit tests e.g.
Accounts receivable Carry out third party confirmation (requires customers to
confirm)
Review correspondence and aged analysis for evidence of
delinquent receivables.
Test subsequent receipt of cash from customers.
Payroll Inspect timesheets
Inspect authorized pay rates
Verify employees are genuine through contracts of
employment
Check tax and other deductions.
For a single item in the financial statements – e.g. property, the auditor may need to use different
approaches for different assertions
Note: The completeness assertion tends to be the most difficult assertion to test. It is usually easier to verify
items we know about than to think about what should be there, but is not.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 96
6- AUDIT PROCEDURES FOR OBTAINING AUDIT EVIDENCE
The auditor should obtain audit evidence to draw reasonable conclusions on which to base the audit
opinion by performing audit procedures to:
a. Obtain an understanding of the entity and its environment, including its internal control, to assess the
risks of material misstatement at the financial statement and relevant assertion levels (audit procedures
performed for this purpose are referred to as risk assessment procedures);
b. When necessary, or when the auditor has determined to do so, test the operating effectiveness of
controls in preventing or detecting material misstatements at the relevant assertion level (audit
procedures performed for this purpose are referred to as tests of controls); and
c. Detect material misstatements at the relevant assertion level (audit procedures performed for this
purpose are referred to as substantive procedures and include tests of details of classes of transactions,
account balances, and disclosures, and substantive analytical procedures).
The auditor must perform risk assessment procedures7 to provide a satisfactory basis for the assessment
of risks at the financial statement and relevant assertion levels. Risk assessment procedures by themselves
do not provide sufficient appropriate audit evidence on which to base the audit opinion and must be
supplemented by further audit procedures in the form of tests of controls, when relevant or necessary, and
substantive procedures.
Tests of controls are necessary in two circumstances. When the auditor's risk assessment includes an
expectation of the operating effectiveness of controls, the auditor should test those controls to support
the risk assessment.
In addition, when the substantive procedures alone do not provide sufficient appropriate
audit evidence, the auditor should perform tests of controls to obtain
audit evidence about their operating effectiveness.
As described in section 318, Performing Audit Procedures in Response to Assessed Risks and Evaluating the
Audit Evidence Obtained, the auditor should plan and should perform substantive procedures to be
responsive to the related planned level of detection risk, which includes the results of tests of controls, if
any. The auditor's risk assessment is judgmental, however, and
may not be sufficiently precise to identify all risks of material misstatement.
Further, there are inherent limitations in internal control, including the risk of management override, the
possibility of human error, and the effect of systems changes. Therefore, regardless of the assessed risk of
material misstatement, the auditor should design and perform substantive procedures for all relevant
assertions related to each material class of transactions, account balance, and disclosure to obtain
sufficient appropriate audit evidence.
The auditor should use one or more types of the audit procedures described in paragraphs .27 through .41
of this section. These audit procedures, or combinations thereof, may be used as risk assessment
procedures, tests of controls, or substantive procedures, depending on the context in which they are
applied by the auditor. Paragraph .05 of section 314, Understanding the
7 See paragraph .05 of section 314, Understanding the Entity and Its Environment and Assessing
the Risks of Material Misstatement, for an explanation of risk assessment procedures.
The nature and timing of the audit procedures to be used may be affected by the fact that some of the
accounting data and other information may be available only in electronic form or only at certain points or
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 97
periods in time.11 Source documents, such as purchase orders, bills of lading, invoices, and checks, may be
replaced with electronic messages. For example, entities may use electronic commerce or image
processing systems. In electronic commerce, the entity and its customers or suppliers use connected
computers over a public network, such as the Internet, to transact business electronically. Purchasing,
shipping, billing, cash receipt, and cash disbursement transactions are often consummated entirely by the
exchange of electronic messages between the parties. In image processing systems, documents are
scanned and converted into electronic images to facilitate storage and reference, and the source
documents
may not be retained after conversion. Certain electronic information may exist at a certain point in time.
However, such information may not be retrievable after a specified period of time if files are changed and
if backup files do not exist. An entity's data retention policies may require the auditor to request retention
of some information for the auditor's review or to perform audit procedures at a time when the
information is available.
AUDIT PROCEDURES
(1) Test of control means tests performed to obtain audit evidence regarding the suitability of
design and effective operation of the accounting and internal control systems, and their
operation throughout the period.
(2) Substantive procedures means tests performed to obtain audit evidence to detect material
misstatements in the financial statements. Substantive procedures refer to the techniques
described below such as inspection of tangible assets, inspection of documents, inquiries,…
Some documents represent direct audit evidence of the existence of an asset, for example, a document
constituting a financial instrument such as a stock or bond. Inspection of such documents may not
necessarily provide audit evidence about ownership or value. In addition, inspecting an executed contract
may provide audit evidence relevant to the entity's application of accounting principles, such as revenue
recognition. Inspection of Tangible Assets
(c) Observation
Observation consists of looking at a process or procedure being performed by others. Examples include
observation of the counting of inventories by the entity's personnel and observation of the performance of
control activities.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 98
Observation provides audit evidence about the performance of a process or procedure but is limited to the
point in time at which the observation takes place and by the fact that the act of being observed may affect
how the process or procedure is performed. See section 331, Inventories, for further guidance on
observation of the counting of inventory.
(d) Inquiry
Inquiry consists of seeking information of knowledgeable persons, both financial and nonfinancial, inside or
outside the entity. Inquiry is an audit procedure that is used extensively throughout the audit and often is
complementary to performing other audit procedures. Inquiries may range from formal written inquiries to
informal oral inquiries. Evaluating responses to inquiries is an integral part of the inquiry process.
In some cases, the auditor should obtain replies to inquiries in the form of written representations from
management. For example, when obtaining oral responses to inquiries, the nature of the response may be
so significant that it warrants obtaining written representation from the source. See section 333,
Management Representations, for further guidance on written representations.
Responses to inquiries may provide the auditor with information not previously possessed or with
corroborative audit evidence. Alternatively, responses might provide information that differs significantly
from other information that the auditor has obtained, for example, information regarding the possibility of
management override of controls. In some cases, responses to inquiries provide a basis for the auditor to
modify or perform additional audit
procedures. The auditor should resolve any significant inconsistencies in the information obtained.
The auditor should perform audit procedures in addition to the use of inquiry to obtain sufficient
appropriate audit evidence. Inquiry alone ordinarily does not provide sufficient appropriate audit evidence
to detect a material misstatement at the relevant assertion level. Moreover, inquiry alone is not sufficient
to test the operating effectiveness of controls.
Although corroboration of evidence obtained through inquiry is often of particular importance, in the case
of inquiries about management's intent, the information available to support management's intent may be
limited. In these cases, understanding management's past history of carrying out its stated intentions with
respect to assets or liabilities, management's stated reasons for choosing a particular course of action, and
management's ability to pursue a specific course of action may provide relevant information about
management's intent.
(e) Confirmation
Confirmation, which is a specific type of inquiry, is the process of obtaining a representation of information
or of an existing condition directly from a third party. For example, the auditor may seek direct
confirmation of receivables by communication with debtors. Confirmations are frequently used in relation
to account balances and their components but need not be restricted to these items. A confirmation
request can be designed to ask if any modifications have been made to the agreement, and if so, what the
relevant details are. For example, the auditor may request confirmation of the terms of agreements or
transactions an entity has with third parties. Confirmations also are used to obtain audit evidence about
the absence of certain conditions, for example, the absence of an undisclosed agreement that may
influence revenue recognition.
See section 330, The Confirmation Process, for further guidance on confirmations.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 99
(f) Recalculation
Recalculation consists of checking the mathematical accuracy of documents or records. Recalculation can
be performed through the use of information technology, for example, by obtaining an electronic file from
the entity and using CAATs to check the accuracy of the summarization of the file.
(g) Reperformance
Reperformance is the auditor's independent execution of procedures or controls that were originally
performed as part of the entity's internal control, either manually or through the use of CAATs, for
example, reperforming the aging of accounts receivable.
An analytical procedure might be scanning, which is the auditor's use of professional judgment to review
accounting data to identify significant or unusual items and then to test those items. This includes the
identification of anomalous individual items within account balances or other data through the reading or
analysis of entries in transaction listings, subsidiary ledgers, general
ledger control accounts, adjusting entries, suspense accounts, reconciliations, and other detailed reports.
Scanning includes searching for large or unusual items in the accounting records (for example, nonstandard
journal entries), as well as in transaction data (for example, suspense accounts, adjusting journal entries)
for indications of misstatements that have occurred. CAATSmay assist an auditor in identifying anomalies.
Since the auditor tests the items selected by scanning, the auditor obtains audit evidence about those
items. The auditor's scanning also may provide some audit evidence about the items not selected
since the auditor has used professional judgment to determine that the items not selected are less likely to
be misstated.
Further explanation: Audit tests: the difference between tests of control and substantive tests
The purpose of audit tests
The purpose of audit tests, or audit procedures, is to allow the auditor to collect sufficient appropriate audit evidence to be able to
conclude with reasonable assurance that the financial statements (FS) are free of material misstatement. If sufficient appropriate
audit evidence cannot be obtained, or the evidence points to a material misstatement in the FS, the auditor will have to issue a
modified audit opinion.
Misstatements will find their way into published financial statements only if three events all happen:
1. An error is made in the first place. The risk of that happening is known as ‘inherent risk’, and assessing that is a very big
part of audit planning (not the subject of this article).
2. The client’s internal control system does not prevent, identify or correct the error. This is known as ‘control risk’.
3. The auditor does not detect the error during the audit. This is known as ‘detection risk’.
There are therefore two lines of defence preventing an error that has occurred from ending up in the published FS: the internal
control system and the work auditor carries out.
If the client’s internal control system is good, there is a reduced likelihood that there will be an error in the FS and the auditor will
reduce the amount of audit work to be carried out. If the internal control system is poor, the auditor will have to perform much more
work as the audit is the only defence left against a material misstatement appearing in the published FS.
1. Assess the effectiveness of the internal control system. This means investigating both its design and its operation. The
operation of the internal controls is assessed by carrying out tests of control.
2. Obtain additional, direct evidence about the amounts shown in the FS. This evidence is obtained using substantive testing.
Consider the receivables amount in the SOFP. One way in which this could be misstated would be if it were incorrectly valued,
perhaps because a large balance was owed by a customer who was unlikely to pay.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 100
Take up credit references on new customers.
Establish a credit limit.
Producing aged receivables analyses.
The follow up amounts that are not paid on time.
Look at the client’s files where credit references are kept to ensure that every customer was investigated. The auditor
would inspect the references.
Look for evidence of new orders being rejected if they would breach the credit limit. This could be tested by inspecting
copies of notifications sent to customers. The auditor might also consider using test data to observe if an order exceeding
the credit limit is actually rejected.
Inspecting notes made by the credit controller of conversations held with slow payers and perhaps enquiring about the
follow-up procedures that are carried out.
Each of these audit tests are testing a control or control procedure. They are therefore tests of control. These tests are not
investigating the receivables balance in the SOFP. I repeat, a test of control tests controls, not amounts in the FS.
Enquiry and confirmation. For example, ask the credit controller about the way in which customers are encouraged to pay and ask
how these customers are identified and how often they are followed up. This is a relatively weak source of evidence because the
credit controller might exaggerate his or her efforts.
Inspection. For example, the credit references or notes made by the credit controller of conversations.
Recalculation and reperformance. For example, ensuring that the aged receivables analysis seems to be accurate.
Even when internal control systems are very good, the auditor will always carry out tests on the figures in the FS. The work has to
address all the assertions made by each material figure. For example, valuation, completeness, existence etc. These tests are
substantive tests and consist of:
So, staying with receivables, the auditor would calculate the receivables collection period. If this were not too large and broadly in
line with previous periods, the auditor would have gained some evidence about valuation (ie most debts not very old).
Writing to customers asking them to confirm the amount owed (existence and ownership).
Tracing, by inspection, some sales invoices to the Dr side of customers’ accounts (existence and ownership).
Observation/inspection of amounts received after year end. This gives evidence about valuation because if a payment is
received subsequently the debt was obviously not bad.
Recalculation of bad debt provisions.
Substantive tests therefore include analytical procedures in addition to the four classes of audit procedures available for testing
controls, so giving the well-known mnemonic AEIOU:
Analytical procedures
Enquiry and confirmation
Inspection
Observation
RecalcUlation and reperformance
Remember if the tests of control show that controls are now operating correctly, the auditor will have to increase the substantive
tests. For example, if the client does little to assess customers’ credit worthiness to ensure, as far as possible, that debts are
recoverable, the auditor will have to do much more work on the receivables figure in the SOFP to be satisfied that the amount is
valued at a true and fair amount.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 101
7 - THE QUALITY OF EVIDENT – “SUFFICIENT APPROPRIATE AUDIT EVIDENCE”
“The auditor should obtain sufficient appropriate audit evidence to be able to draw reasonable
conclusions on which to base the audit opinion.” ISA 500 para 2
SUFFICIENT APPROPRIATE
RELIABLE RELEVANT
The quantity of audit evidence needed is affected by the risk of misstatement (the greater the risk, the
more audit evidence is likely to be required) and also by the quality of such audit evidence (the higher the
quality, the less the audit evidence that may be required). Accordingly, the sufficiency and appropriateness
of audit evidence are interrelated. However, merely obtaining more audit evidence may not compensate if
it is of a lower quality.
A given set of audit procedures may provide audit evidence that is relevant to certain assertions but not to
others. For example, inspection of records and documents related to the collection of receivables after the
period end may provide audit evidence regarding both existence and valuation, although not necessarily
the appropriateness of period-end cutoffs. On the other hand, theauditor often obtains audit evidence
from different sources or of a different nature that is relevant to the same assertion. For example, the
auditor may analyze the aging of accounts receivable and the subsequent collection of receivables to
obtain audit evidence relating to the valuation of the allowance for doubtful accounts. Furthermore,
obtaining audit evidence relating to a particular assertion, for example, the physical existence of inventory,
is not a substitute for obtaining audit evidence regarding another assertion, for example, rights
and obligations.
The reliability of audit evidence is influenced by its source and by its nature and is dependent on the
individual circumstances under which it is obtained. Generalizations about the reliability of various kinds of
audit evidence can be made; however, such generalizations are subject to important exceptions. Even
when audit evidence is obtained from sources external to the entity, circumstances may exist that could
affect the reliability of the information obtained. For example, audit evidence obtained from an
independent external source may not be reliable if the source is not knowledgeable. While recognizing
that exceptions may exist, the following generalizations about the reliability of audit evidence are useful:
Audit evidence is more reliable when it is obtained from knowledgeable independent sources
outside the entity.
Audit evidence that is generated internally is more reliable when the related controls imposed by
the entity are effective.
Audit evidence obtained directly by the auditor (for example, observation of the application of a
control) is more reliable than audit evidence
obtained indirectly or by inference (for example, inquiry about the application of a control).
Audit evidence is more reliable when it exists in documentary form, whether paper, electronic, or
other medium (for example, a contemporaneously written record of a meeting is more reliable
than a subsequent oral representation of the matters discussed).
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 102
Audit evidence provided by original documents is more reliable than audit evidence provided by
photocopies or facsimiles.
The auditor should consider the reliability of the information to be used as audit evidence, for example,
photocopies; facsimiles; or filmed, digitized, or other electronic documents, including consideration of
controls over their preparation and maintenance where relevant. However, an audit rarely involves the
authentication of documentation, nor is the auditor trained as or expected to be an expert in such
authentication.
When information produced by the entity is used by the auditor to perform further audit procedures, the
auditor should obtain audit evidence about the accuracy and completeness of the information.3 In order
for the auditor to obtain reliable audit evidence, the information upon which the audit procedures are
based needs to be sufficiently complete and accurate. For example, in auditing revenue by applying
standard prices to records of sales volume, the auditor should consider the accuracy of the price
information and the completeness and accuracy of the sales volume data. Obtaining audit evidence about
the completeness and accuracy of the information produced by the entity's information system may be
performed concurrently with the actual audit procedure applied to the information when obtaining such
audit evidence is an integral part of the audit procedure itself. In other situations, the auditor may have
obtained audit evidence of the accuracy and completeness of such information by testing controls over the
production and maintenance of the information. However, in some situations the auditor may determine
that additional audit procedures are needed. For example, these additional procedures may include using
computer-assisted audit techniques (CAATs) to recalculate the information.
The auditor ordinarily obtains more assurance from consistent audit evidence obtained from different
sources or of a different nature than from items of audit evidence considered individually. In addition,
obtaining audit evidence from different sources or of a different nature may indicate that an individual
item of audit evidence is not reliable. For example, corroborating information obtained from a source
independent of the entity may increase the assurance the auditor obtains from a management
representation. Conversely, when audit evidence obtained from one source is inconsistent with that
obtained from another, the auditor should determine what additional audit procedures
are necessary to resolve the inconsistency.
The auditor may consider the relationship between the cost of obtaining audit evidence and the usefulness
of the information obtained. However, the matter of difficulty or expense involved is not in itself a valid
basis for omitting an audit procedure for which there is no appropriate alternative.
In forming the audit opinion, the auditor does not examine all the information available (evidence) because
conclusions ordinarily can be reached by using sampling approaches and other means of selecting items for
testing. Also, the auditor may find it necessary to rely on audit evidence that is persuasive rather than
conclusive; however, to obtain reasonable assurance,4 the auditor must not be satisfied with audit
evidence that is less than persuasive.
The auditor should use professional judgment and should exercise professional
skepticism in evaluating the quantity and quality of audit evidence, and thus
its sufficiency and appropriateness, to support the audit opinion.
Types of Evidence
Physical evidence
Third-party representations
Documentary evidence
Computations
Data Interrelationships
Client representations
Accounting records
To envisaged:
1. Sampling; 2 Documentation; 3 Audit of small entities
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 103
CHAPTER 11
When you have completed this chapter you will be able to:
ANALYICAL
PROCEDURES INVENTORIES
CAATs PAYABLES
NON-CURRENT ASSETS
NON-CURRENT LIABILITIES
ACCOUNTING ESTIMATES
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 104
1 - GENERAL PRINCIPLE
A word of warning: chapter 9 dealt the principles of audit evidence. This chapter deals with how those
usually tested. You may be tempted to learn these by heart. Whatever you do.
DO NOT DO THIS!!!
The examiner is not stupid. He or she knows that auditing is a matter of professional skill and judgment. If
you can answer an exam question simply by learn a few pages of a book. It is not a very good test of
whether you are a competent auditor.
So the questions may not ask about standard situations and you will have to apply your knowledge to the
demands of the question.
Nevertheless, there are some things which, on way or another, will always apply (and which, if you
mention them, will gain you mark):
Asset
Liability
Revenue
Expense
Existence
Occurrence
Valuation
Cut-off, etc.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 105
2 - ANALYTICAL PROCEDURES
Why do they?
Analytical procedures as substantive must be used at the planning stage to identify risk, and at the
completions stage audit as a final review of the FS.
They may also be used at the substantive stage when the auditor as auditing the draft financial statements.
Analytical procedures are not just the comparison of one year with another.
Ratio analysis
Trend analysis
Proof in total
Create your own expectation of what you think the figure should be
Compare your expectation to the actual figure
Investigate any significant differences
- Example 1- create an expectation of payroll costs for the year by taking last year’s cost and
inflating for pay rise and change in staff numbers- proof in total.
- Examples 2- calculate the receivable day’s ratio and compare it with prior year and credit terms
given to customers. If the figure is higher than expected it may indicate overstatement of
receivable – ratio analysis.
- Example 3- plot monthly sales data for the prior year and plot against the current year and
investigates any unusual trends. You would expect the business to follow the same pattern
month on month especially if they have a seasonal business – trend analysis.
- Example 4- using the client’s depreciation policy, re- computes the expected depreciation
charge and compares it with the actual depreciation charge. If there is a significant difference it
should be investigated- proof in total.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 106
unusual items that can then be further investigated to ensure that a misstatement doesn’t exist in the balance.
In order to use analytical procedures effectively you need to be able to create an expectation. It will be different
from last and expectation if operations are significantly different from last year, more so if changes haven’t been
planned for. If the changes were planned, we can compare the actual with the forecast. However, there is no
point comparing the actual with prior year since it bears no relation to be the current year.
It will also be difficult to use analytical procedures if there have been lots of one-off events in there as the will
be nothing to compare them with.
The ratios
GROSS PROFIT %
PROFITABILITY
NET PROFIT%
RECEIVABLES DAYS
EFFICIENCY INVENTORY TURNOVER
PAYABLES DAYS
Purpose
Profit before tax is what is left all costs and at its simplest enables dividends to be paid to shareholders.
It is also what enables the business to grow from its own resources.
Receivables days.
Receivables / sales revenue 365
Indicates how quickly or slowly the business is generating cash by collecting it in from its customers.
Deterioration may be an indication of disputes with customers or non-recoverability of, and therefore overstatement,
of receivables.
NB. Care needs to be taken where the profile of sales revenue is inconsistent from year to year. Where there are high
sales at the end of the year, receivable days would be expected to be higher than for a similar company of another
year where sales occurred earlier in the year and tailed off towards the year end.
Payables days
Payables/ purchases x 365
Purpose
To show how long the company is taking to pay its suppliers.
May be indicative of cash- flow problems, or, extended credit terms taken.
Inventory turnover
Inventory / cost of sales x 365
(How many days worth of cost of sales are tied up in inventory?) Or in the year
Cost of sales/ inventory
(How many times the year end inventory could have been sold in the year)
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 107
Purpose
To show how much the business has invested in its inventory.
Slower inventory turnover may indicate excessive inventory holdings, or building for the launch of a new
product.
The current ratio
Current assets/ current liabilities
The quick ratio
Current assets-inventory / current liabilities
Purpose.
A refinement of the current ratio, which eliminates less liquid assets. Inventory, from the equation.
Leverage or gearing
Share capital + reserves / Borrowings or Borrowings/ share capital + reserves + borrowings’ 100
Purpose
To show the relative reliance of the business on external or internal sources of finances.
Businesses with higher leverage are usually regarded as more risky-greater danger of being financially
overstretched, but the opportunity of greater rewards for individual shareholders.
Return on capital employed (ROCE)
Profit before interest and tax/ share capital + reserves + borrowings.
Purpose
Is the business giving sufficient return compared with other possible investments?
ROCE is a useful measure for a large diversified group that can switch where it invests its funds. It is less use
for a small, owner- managed business where choice of investment is limited.
Calculating the ratios is just the start. Analytical procedures are audit procedures in their own right,
designed to enable the auditor to reduce the risk of coming to the wrong opinion about the financial
statements.
This means that the auditor needs to use analytical procedures to identify anomalies in the figures, which
may make indicate problems.
ISA 520 states that the auditor may use analytical procedures as substantive procedures.
Some example
(1) Suitability
- Analytical procedures are clearly unsuitable for testing the- existence of inventories- to do this
you need to go and count the items on the shelves in the warehouse.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 108
- Analytical procedures may well be suitable for testing the value-of labor carried forward in
inventory – by comparing direct labor costs for the year with value in inventory, in the context
of the costs of raw materials and overheads in inventory.
(2) Reliability
- If controls over sales order processing is week, it will-probably be necessary to rely on tests of details
rather than analytical procedures.
(3) Precision
- There is likely to be greater consistency in gross margins over-time than in discretionary expenditure like
advertising or R&D.
- Variations in sales revenue, which may have a minor impact-on the results for the year, will be regarded
differently from receivables, which, if uncollectible will have a proportionately greater impact.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 109
3 The audit of receivables
PEOPLE WHO OWE US
MONEY (treads and loan
receivables, etc.)
WHAT ARE THEY?
Key assertions
Assertions – receivables
Audit procedures
Obtain a list of receivables, cast this and agree it to the receivables control total at the year. Ageing
of receivables may also be verified at this time.
Determine an appropriate sampling method (cumulative monetary amount value- weighted
selection, random, etc.) using materiality for the receivable balanced to determine the sampling
interval or number of receivables to include in the sample.
Select the balance to be tested, with specific reference to the categories’ of receivable noted
below.
Extract details of each receivable selected from the ledger and prepare circularization letters.
Ask the chief accountant at the company (or other responsible official) to sign the letters.
The auditor posts or faxes the letters to the individual receivables, explanations from management.
Purpose
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 110
Independent evidence.
External evidence.
Relatively efficient (if successful)
Disadvantages:
Method
After comparing this with your records will you please be kind enough to sign the confirmation below and return a
copy to them in the enclosed prepaid envelope. We shall be grateful if you would do this even if the account has since
been settled. If the balance is not in agreement, with your records, will you please note on the confirmation the details
of the items making up the difference in the space provided.
Please note that this request is made for audit purposes only and has no further significance. Remittances should be
sent to us in the normal way.
Yours faithfully
Chief Accountant
Auditor & Co
Auditor’s address
Dear Sirs
Signed
Position held
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 111
Recoverability / provision for doubtful debts (Valuation)
Discuss the assumptions underlying the general provision with management to ensure reasonable
Recalculate the provision based on management’s assumptions and agreed to the figure in the
financial statements
Compare the prior year provision to the amounts actually written off as bad in they year to test
how accurate management usually are in estimating possible bad debts
Obtain a list of aged receivables and investigate the recoverability of any old balances.
For a sample of year end balances, agree outstanding showing receipt of money after year end
Discuss invoices more than 3 months old with management to consider recoverability of amount.
Where overdue receivables have not paid. Trace the balances to the provision for doubtful debts.
Where the balances are not included in the provision to be recoverable.
Agree receivables figure in the financial statements to the receivables control account total and the
nominal ledger
Analytical review
Calculate the trade receivables collection period and compare to last year to assess
reasonableness.
Cut- off
Select a sample of GDN’s immediately prior to the year – end and immediately after the year end
and ensure that they have been recorded in the correct period.
For prepayment review invoices to calculation of prepayment and ensure that payment has
actually been made by agreeing it to the bank statements.
Ensure doubtful receivables and recoveries identified from other audit work are properly reflected in the
income statement.
INVENTORIES
KEY QUESTIONS
Are the quantities correct?
Is the valuation correct?
The audit of inventories is usually regarded as one of the higher risk areas of the audit.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 112
It is usually crucial to assurance about an entity’s profit
It may be complex
It is usually subject to a degree of estimation.
KEY PRINCIPLE
D
VALUED AT THE
LOWER OF COST AND
NET REALISABLE
VALUE (NRV)
OBJECTS ON SHELVES, IN
BINS , IN CUPBOARDS IN THESE CAN BE COUNTED, CONSIDERATIONS:
SHOPS, WAREHOUSES, ON MEASURED WEIGHED, ETC. PRICING OBSOLESCENCE
LORRIES, ETC. SALEABILITY DAMAGE
NET REALISABLE VALUE
MATERIALS CONTENT
LABOUR CIBTENT
OVERHEAD CONTENT
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 113
Work in progress
WORK IN PROGRESS
PARTLY- COMPLETED
OBJECTS AT
THESE CAN BE
WORKSTATIONS, ON
COUNTED AND
THE FACTORY FLOOR
ESTIMATES MADE OF CONSIDERATIONS: STAGE
OR STORED AWATING
STAGE OF COMPLETION OF COMPLETION COSTS TO
COMPLETION
COMPLETION NET
REALISABLE VALUE
PARTLY- COMPLETED THESE CAN BE INSPECTED MATERIALS CONTENT
MAJOR CONTRACTS- AND ESTMATES MADE OF LABOUR CONTENT
STAGE OF COMPLETION OVERHEAD CONTENT
ROADS, BULDINGS, OR EXPERT OPINIONS
SHIPS, AIRCRAT, ETC. SOUGHT
Assertions again
ASSERTIONS PROCEDURES
EXISTENCE CONFIRMATION
PRICING TESTS
VALUATION OBSOLESCENCE
REVIEW
NRV TESTS
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 114
Inventory Procedures
Principles
The inventory count is a ‘one off. It is a single opportunity to establish what is and what is not in
inventory
Because of the crucial impact of inventory levels on the result for the year, it must be tested both
for existence and completeness. ( for most other areas the emphasis is likely to be on one or other
of these assertions rather than both)
Inventory can consist of almost anything with different properties (see the list above). It can
therefore be quite complex and so needs to be well organized by the client. The auditor needs to
be equally well organized to ensure that sufficient, appropriate evidence is gather
It is the client’s responsibility to establish the correct value of the inventory the auditor’s job is to
form an opinion as to whether that value is materially correct or not . it is therefore not the
auditor’s responsibility to count the inventory , only to check that it has been done correctly.
Procedures
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 115
Evidence of damaged or slow moving inventory is being recorded
Cut – off is observed – no dispatches or deliveries occur count is taking place, and there is no
movement of inventory within the client premises which may confuse the count
Inventory sheets (or whatever method is used to record the count handheld devices, barcode
readers, etc) are properly controlled.
Conduct test counts on a suitably random basis whilst gearing the tests toward material items:
- Existence – it will be necessary to check from the client’s inventory records to your test data,
so you need to ensure that you record sufficient details or the location and the items to be
able to trace them later.
- Completeness – you will need to be able to trace the items from your counts, into the client
inventory records and will therefore need to record sufficient details to enable you to do this.
Note. These aspects of the count are crucial – the auditor needs to know in advance:
Obtain a list showing each individual line of inventories categorized between finished goods, WIP
and raw materials. Cast and agree the total to the inventories figures in the financial statements.
Check that the figures disclosed in the financial statements agree to the audited figures and that
inventories have been correctly analyzed between finished goods, raw materials and work in
progress.
Valuation
Trace some items of inventory in the inventory sheets back to original purchase invoices to agree
the cost
Trace the same items of inventory post – end sales to determine the net realizable value of
inventory
For items that have been sold trace to the provision for slow- moving inventory or discuss with
management why these have not been provided for
Ensure that inventory is stated in the accounts at the lower of cost and net realizable value by
reviewing the relevant purchase invoices and after year end sales invoices.
Analytical review
Cut – off
Select a sample of GDN’s from immediately prior to the year end and included in year – end
payable, and ensure that the goods are included in year- end inventories.
Select samples of GDN are from immediately prior to the year end and included in year- end
receivables, and ensure that the goods are not included in year – end invoice was raised in the
correct period.
The procedure suggested above apply to all inventory counts whether as a one- off year end exercise or
where inventory is counted on a rolling basis through the year.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 116
The objective is the same:
To know what the client has in inventory at the count took place.
Where the client has a continuous inventory, where a theoretical book inventory figure is always know,
there are both advantages and disadvantages for the auditor.
Advantages
The auditor is less time constrained and can pick and choose particular location and inventory lines
at any time to ensure the system is working properly.
Slow moving and damaged inventory should be identified and adjusted for in the client records on
a continuous basis therefore the inventory valuation should be more reliable.
Disadvantages
The auditor will need to gain sufficient evidence that the system operates correctly at all time. Not
just at the time of the count.
Additional procedures will need to be devised to ensure that the year end inventory figure is
reliable, even though it may not have been counted at that date.
Where the client has inventory at locations not visited by the auditor, the auditor normally
obtains confirmation of the quantities, value and condition from the holder. The auditor
needs to consider whether the holder is sufficient independent to be able to provide
relevant, reliable evidenced.
As with confirmations from receivables, the auditor requests details from the party holding
the inventory on behalf of the client to confirm its existences.
The confirmation request will be sent by the client to those parties identified by the client.
The reply should be sent directly to the auditor to prevent it being tampered with by client.
Problems can occur if the third party uses a different description to that of the client and
as always, a response is not guaranteed.
For specialized inventory – livestock, property, food in restaurants, and significant work in progress
– it will be necessary to obtain evidence from experts- see section 9 of this chapter.
The auditor needs to obtain evidence of the value of the inventory.
- Cost information can be obtained from invoices and price lists.
- The costs of manufactured can be obtained from invoices and costing records.
- The opinion of independent experts may be obtained.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 117
5 The audit of payables and accruals
Principles
The main thrust of the testing of payables is usually to test for completeness.
Testing for existence, valuation, etc. is still important, but the major consideration, is
for the auditor to gain assurance that all liabilities which should be include, are
included.
You therefore have to think of the best indicators that additional liabilities may exist. If as result of this,
none are revealed, the testing of the values, right and obligations of the payables we know about id
relatively straightforward.
Include all the major suppliers the client dealt with during the year?
Include all significant suppliers from the equivalent list year?
Include all expected accruals? Rent, utilities, telephone etc.
Include expected sources of financing for non- current assets? Leasing, hire purchase, mortgages,
etc.
Include all expected tax balances? Profits/corporation after the year end?
Include all suppliers revealed by a review unpaid invoices at and after the year end?
Include all supplies revealed by a review of unpaid invoices at and after the year end?
Ensure that payables have been included in the financial statement in the heading of current
liabilities and agree to the working papers of payables
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 118
Existence
Circularize a sample of trade payables to confirm the balance at the end of the year ( this is not a
usual audit test, and is more or less the same formations as for receivables confirmation except
that negative confirmation are more acceptable)
Reconcile supplies statement balance to the payables ledger
Completeness
Investigate any supplied names that were shown on last year ‘s pebbles listing but do not have a
balance showing in this year’s list of balances
Review after date invoices and payments and ensure they have been provided for at the year- end
as appropriate
Perform analytical procedure on the list of payables. Determine reasons for any unusual change in
the total balance of individual payables in the list.
Calculate the trade payables payment period and compare to last year to assess reasonableness
Obtain a list of the individual balances from the payables ledger, check the cast and agree the total
to the trade payables figure in the draft financial statement
Obtain a list of debit balances in the payables ledger and obtain explanations from management
Agree brought forward figure to last year’s audit file
Cut-off
Select a sample of GRN’s immediately prior to the year end to test that they are in year-end
payable , and ensure that the goods are in year-end inventories , also test GRN’s post year end to
test that they are not in inventory at the year end
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 119
Cheques in the drawer – not a good idea to have signed cheques lying around, but
sometimes for relatively short periods there may be a deal in sending out the
cheque. Sometimes, with systems with automated payment runs, the accounts staff
does not know how to prevent cheques being produced and the number of cheques
in the drawer can be quite about the accounting staff’s competence, idea, and raises
questions about the accounting staff competence. And, on assumption the amounts
are material, will mean the amounts will have to be added back to both bank and
payables.
Suggested layout a supplier’s statement reconciliation
Reconciliation
Supplier limited
$ $
(xx)
xxx
Solution
Trombone Ltd state ment réconciliation $ $
Balance per supplier statement 1, 500
Less :
Returns / credit not yet credited 200
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 120
Payments not yet received by supplier 750
_____
Agreed balance 950
_____
550
Balance per purchase ledger 350
Invoices not yet posted 150
Goods received not invoiced 50
_______
Reconciled balance 550
_______
Accruals
Review relevant invoiced after the statement of financial position date. If none are
received , compare with previous periods
Obtain the list of accruals from the client, cast it to confirm arithmetical accuracy
Agree the figure per the schedule to the general ledger and financial statement
Agree the calculation of the accrual by reference to supporting documentation e.g.
previous period invoice
Text balances
Accruals will have a direct impact on the income statement accounts they relate to – ensure the
postings have been put through correctly and any opening accruals have been properly reversed.
Some accruals may themselves lead to additional accruals, e.g. accrued bonuses payable to
directors and staff, may lead to additional employer’s social security charges.
For all interest bearing accounts, loans, overdrafts, etc. ensure the correct accrual is made for
interest payable.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 121
6 The audit of bank and cash
ASSERTIONS PROCEDURES
EXISTENCE
RIGHTS AND
OBLIGATIONS BANK LETTER BANK
RECONCILIATION CASH COUNT
VALUATION
COMPLETENESS
Direct confirmation of bank balances gives the auditor indepent, third-party evidence.
The format of the letter is usually standard and agreed between the banking and auditing
professions.
Issues covered are:
- The client’s name
- The confirmation date.
- Balances on all bank accounts held
- Any documents or other assets held for safekeeping
- Details or any security arrangements-guarantees, forward currency purchases or sales, letters
of credit.
- Details of any security given
The auditor needs the client to give the bank authorization to disclose the necessary information
(in some jurisdictions such disclosures are illegal so bank cannot be used at all).
Ensure that all banks that the client deals with are circularized.
When items on the bank letter are deal with, tick them off and cross reference to the relevant
working paper to make it easy to see that there are no outstanding items. The balances for each
bank account should be agreed to the relevant bank reconciliation at the year end. Interest charges
should be agreed to the interest expense account in the general ledger, details of loans should be
agreed to the disclosure in the statement of financial position to ensure it is correctly classified into
the current and non current elements.
Obtain a list of all bank accounts, cash balances and bank loans and overdrafts and agree to totals
to figures included in current assets and current liabilities in the financial statements
Obtain a copy of the client bank reconciliation , cash and agree the balances to the cash book and
bank letter
Trace all outstanding lodgments and unpresented cheques to pre-year-end cash book and post-
year –end bank statement
Ensure all accounts in the bank certificate are included in the financial statement
Ensure bank loans and overdrafts are not offset against positive bank balances in the financial
statement
Note. it is vital for an auditor conducting a cash count to do so in the presence of a member of the
client staff and to obtain a signature for the amount handed back in to the client custody
Where there are multiple cash balances- a number of tills in a department store, etc – it is
important to ensure amounts cannot be moved between tills and that proper cut- off procedures is
in place.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 122
Income statement and other account entries related to bank and cash
Clearly , bank loans, overdrafts and bank deposits all the have interest implication
The bank letter may reveal details of security, borrowing and contingent liabilities which need to
be disclosed in the financial statements.
Ensure that bank and cash have been including in the financial statement in the heading of current
assets and overdraft loans presented in current liabilities and non-current liabilities.
Ensure the financial statement amounts agree bank to the trial balance amount.
Existence
Select a sample of assets from the non-current asset register and physically inspect them.
Completeness
Select a sample of assets visible at the client premises and inspect the asset register to ensure they
are included.
Examine the repairs and maintenance accounts in the general ledger for large and unusual items
that may be capital in nature.
Valuation
Disclosure
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 123
8 The audit of non-current liabilities
NON-CURRENT LIABILITIES
ASSERITIONS PROCEDURES
PHYSICAL INSPECTION
EXISTENCE
RIGHTS AND
OBLIGATIONS INSPECT PURCHASE CONTRACTS
CONSIDER IMPAIRMENT
Existence
Select a sample of assets from the non- current asset register and physically inspect them.
Completeness
Select a sample of assets visible at the client premises and inspect the asset register to
ensure they are included
Examine the repairs and maintenance accounts in the general ledger for large and unusual
items that may be capital in nature.
Valuation
Alternatively, agree this year’s charge as reasonable by taking last year’s charge and
amending it for additions, disposals, revaluations, changes in method or policy, etc. compare the
predicted charge for the year with the actual charge. And seek explanations for any material
differences.
Assess depreciation policies for reasonableness by:
- Comparing methods used with prior year
- Comparing methods used with similar companies
- Analyzing the recent trend of profits and losses on asset disposals.
If any assets have been revalued during the year:
- Agree new valuation to value’s report
- Verify that all similar assets have also been revalued
- Reperform depreciation calculation to verify that charge is based on new caring value.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 124
When physically inspecting assets, taken note of their condition and usage in case of
impairment.
For a sample of assets, agree cost to purchase invoice (or other relevant documentation)
ensuring all relevant costs have been included.
If any assets have been constructed by the company, obtain analysis of costs incurred and
agree to supporting documentation (timesheets, materials invoices, etc.).
Disclosure
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 125
CHAPTER 12
COMPLETION AND REVIEW
The completion and review stage of the audit is the final stage of the audit process. It is also
referred to as the “overall review stage” or “the final review stage”.
The overall review stage of the audit is the point at which the final decisions are taken.
the financial statements give (or not) a true and fair view, and
they comply (or not) with the applicable accounting reporting framework.
For final decisions to be taken, answers should be provided to the following questions:
A similar or alternative question could be: Do the financial statements comply with the relevant reporting
framework? The answer involves comply with:
Law;
Applicable accounting standards;
GAAP;
Other regulations (e.g. Stock Exchange listing requirements);
Does other information published with the financial statements (e.g. Directors’ report, Chairman’s
review) conflict with them in any way?
Here, the auditor is trying to find out whether the evidence gathered in the course of the audit supports
the audit opinion.
The answer to this question calls for the review/examination of the whole audit process, from planning
passing through substantive audit to completion. Sub-questions include:
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 126
Have the necessary checklists been completed?
Work supports conclusions reached and is appropriately documented.
During the course of the audit, the auditor will have identified errors within the account balances and
transactions. How these differences are dealt with impacts on their significance to the financial statements.
All identified errors should be recorded on a working paper set up for the purpose. Often referred to as:
errors summary;
overs and unders;
schedule scoresheet.
i. the auditor gives a true and fair audit report: at this juncture, the auditor must have informed the
client of the errors and the client must have adjusted the financial statements to correct these
errors. It is worth mentioning here that immaterial misstatements will not have an impact on the
financial statements, we only look at material items.
ii. the auditor must persuade the client to amend for material errors otherwise a qualified report
will be given. This option applies when the client has earlier refused to change errors.
Errors which end up not been changed are known as unadjusted differences. Unadjusted differences can
be of two types:
individual material errors: It means they are significant enough in isolation to constitute a material
misstatement in the financial statements;
individual immaterial errors: errors that are individually immaterial may in aggregate amount to a
material difference.
Errors identified through sampling need to be extrapolated so that the potential error in the
population as a whole can be estimated. If such errors reveal a potentially material adjustment, the
audit team should have carried out additional work to determine whether or not the error actually
is material, before the assignment reaches the review stage.
ISA 260 Communication of audit matters with those charged with governance states that the
auditors would normally report:
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 127
to those charged with governance. ISA 260 allows for a threshold to be set to avoid the necessity for
reporting errors which are clearly trivial, but this reinforces the need for the “errors schedule” to be
completed methodically as the audit progresses.
Consideration of errors identified in the course of the audit will often provide useful input to the planning
process for the following year’s audit.
Auditors must take steps to ensure that any such events are properly reflected in the financial
statements. This is done by what is referred to as “subsequent events review”, alternatively called
“events after the reporting period review”.
Before tackling subsequent events review, it is wise knowing the different types of subsequent
events.
In financial accounting, subsequent events are dealt with according to IAS 10 Events after the reporting
period.
Examples include:
irrecoverable debts arising after the reporting date, which may help to quantify the
allowance for receivables as at the reporting date (in short, receivables going bad);
amounts received or receivable in respect of insurance claims which were being negotiated
at the reporting date;
Non-adjusting events are events after the reporting date which concern conditions that arose after
the reporting date, but which may be of such materiality that their disclosure is required to ensure
that the financial statements are not misleading.
Examples include:
the destruction of a major production plant by a fire after the reporting date;
abnormally large changes after the reporting date in asset prices or foreign exchange rates;
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 128
5.3 – Subsequent events review procedures
Audit procedures undertaken in performing a subsequent events review might include any of the
following:
Reading minutes of members’ and directors’ meetings, and of audit and executive committee
meetings, and enquiring about matters not yet minuted;
Making enquiries of directors to ask if they are aware of any subsequent events, adjusting or non-
adjusting, that have not yet been included or disclosed in the financial statements;
“Normal” post reporting period work performed in order to verify year-end balances:
checking inventory valuations are at lower cost and net realisable value by testing to
eventual selling prices.
ISA 560 Subsequent Events details the responsibilities of the auditors with respect to subsequent events
and the procedures they can use. It spells out that as auditors are responsible for their audit work right up
to the date the financial statements are issued, they should perform subsequent event reviews until that
date has passed.
The auditors’ responsibilities change with the different sequences involved from the reporting date to the
date the financial statements are presented before the annual general meeting:
i. From the reporting date to the signing date of the audit report: The auditor has an active duty to
search for all material events.
Actions:
Discuss with management ask them to revise financial statements, if errors found;
If client updates the financial statements the auditor would give a clean audit report;
If the client refuses to change the financial statements the audit report will need to be
qualified.
ii. Between the signing date of the audit report and the issuing date of the financial statements:
Auditors have a passive duty. Auditors only have to act if they are aware of something – but once
they are aware, they have a duty to take the necessary action.
Actions:
Review the financial statements to ensure revised and redraft audit report;
If client refuses:
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 129
seek legal advice;
resign.
The auditor can equally report to the audit committee, to the government (when
business relationship exists with the client) and to professional body.
iii. Between the issuing date and the date of presenting the financial statements to the Annual
General Meeting: Auditors have passive duty similar to that of the previous sequence.
Actions:
Discuss with management but the directors will have to recall the financial statements;
Review the financial statements to ensure revised and redraft audit report;
If client refuses:
resign.
The auditor can equally report to the audit committee, to the government (when
business relationship exists with the client) and to professional body.
A few days after signing an audit report, but before the client’s financial statements have been approved
by the shareholders at the AGM, the auditors receive a phone call from a director indicating a material
error in the financial statements.
Where this happens, the auditor needs to produce a new audit report, as the audit report must always be
dated on or after the date that the financial statements are signed by the directors. The auditor will
therefore need to extend (to extend should be understood as “to carry out, to a certain extent, the normal
audit work”) “active duties” on all other matters from the original date of the audit report to the new date.
Now the financial statements are materially wrong, but the initial audit report said they were true and fair.
The auditor should ask for the audit report back, so that a new qualified report can be issued. However, the
client may refuse this as well.
In such circumstances, the auditor should obtain legal advice, consider resignation, and speak at the AGM
to notify shareholders.
6 – GOING CONCERN
According to IAS 1 financial statements should be prepared on the basis that the company is a going
concern unless it is inappropriate to do so.
The going concern concept is defined in IAS 1 as the assumption that the enterprise will continue in
operational existence for the foreseeable future.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 130
Management (and auditors) should generally look ahead at least one year from the date of the directors’
approval of the financial statements, in assessing the validity of the going concern basis.
There may be circumstances in which it is appropriate to look further ahead. This depends on the nature of
the business and the associated risks.
Whether or not a company can be classed as a going concern affects how its financial statements are
prepared.
Financial statements are usually prepared on the basis that the reporting entity is a going concern.
IAS 1 states that “an entity should prepare its financial statements on a going concern basis, unless:
the directors have no realistic alternative but to liquidate the entity or to cease trading”.
Where the assumption is made that the company will cease trading, the financial statements are
prepared using the break-up basis under which:
additional liabilities may arise (severance costs for staff, the costs of closing down facilities,
etc.).
It is the directors’ responsibilities to assess the company’s ability to continue as a going concern
when they are preparing the financial statements.
If they are aware of any material uncertainties (different from material misstatements) which may
affect this assessment, then IAS 1 requires them to disclose such uncertainties in the financial
statements.
ISA 570 Going Concern states that the auditor needs to consider the appropriateness of
management’s use of the going concern assumption. The auditor needs to assess the risk that the
company is not a going concern.
Where there are going concern issues, the auditor needs to ensure that the directors have made
sufficient disclosure of such matters in the notes to the financial statements.
In a nutshell, the auditor needs to satisfy himself that the going concern assumption is reasonable,
and disclosures made by directors are adequate.
Review correspondence with major customers, suppliers and the bank for evidence of disputes;
Consider whether directors have taken all relevant factors into consideration in their going concern
review;
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 131
Review cash flow forecasts produced by management for evidence of expected
improvement/deterioration in the coming year.
The procedures that the auditors undertake for their going concern review will depend on the risk that the
company may not be a going concern.
In a company where profits are high, cash flows are positive, finance is in place, and there is no
obvious exposure to large losses, going concern procedures are likely to be minimal.
Where any doubts regarding going concern exist, procedures are more extensive.
When companies go out of business, it is more likely to be due to a lack of cash than a lack of
profits. However, in the long term, profits are of course essential for survival.
The auditor should remain alert for evidence of events or conditions which may cast significant
doubt on the entity’s ability to continue as a going concern, both in the planning stage and
throughout the audit.
The directors should disclose any issues affecting the going concern status of the company. Such
disclosures should explain:
the doubts;
the possible effect on the company;
the basis used where the financial statements are prepared on a basis other than the going
concern;
other facts.
After the going concern review, and where the going concern is used and is appropriate, the
auditor does not need to mention the fact in their report.
If the auditor believes that the going concern basis is inappropriate or the disclosures given by
management about the going concern are inadequate, but the directors do not, the audit report
will need to be qualified, i.e. the auditors will be saying that the financial statements do not give a
true and fair view.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 132
If the going concern basis is not appropriate and the directors prepare the financial statements on
some other, appropriate basis, the auditors would normally refer to this in their report because it is
a matter of extreme significance – this is called an “emphasis of matter paragraph” for obvious
reasons.
7 – MANAGEMENT REPRESENTATIONS
Management representations are a particular type of enquiry, whereby the auditor asks management to
confirm, in writing, a number of issues covered by or surrounding the financial statements.
the directors’ understanding their responsibility to produce financial statements that show
a true and fair view or
whether all information that the auditors need for the purpose of the audit has been
communicated to the auditors.
They may be specific to the client or this particular year’s financial statements such as:
formal confirmation of the directors’ judgement on contentious issues, e.g. the recognition
of revenue, or the value of assets where there is a risk of impairment.
As the audit progresses, the audit team will assemble a list of those items about which it is appropriate to
seek management representations.
As part of the completion process the auditors will write to the client’s management stating the issues
about which they are seeking representations.
A letter from the client’s management to the auditors covering the necessary points. Usually the
auditors will provide management with a draft of the letter for them to produce on the client’s
letterhead and sign.
A letter from the auditors to management setting out the necessary points, which management
signs in acknowledgement and returns to the auditors.
Minutes of the meeting at which representations were made orally which can be signed by
management as a true record of what was discussed.
There are three good reasons why management representations are necessary:
It is management’s responsibility to produce financial statements that show a true and fair view, the most
obvious first source of audit evidence is to ask them whether or not they have done so.
There may be circumstances where no other sufficient, appropriate audit evidence may reasonably be
expected to exist – the issues concerning estimation and judgement are the most obvious examples.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 133
iii. Required by ISA 580 and other ISAs
ISA 580 Management representations and the requirements of a number of other ISAs make it compulsory
for the auditors to obtain management representations on a number of specific issues.
how it is obtained (evidence obtained directly by the auditor is better than evidence obtained
indirectly by inference);
its medium (documentary, particularly original rather than copied, evidence is better than oral
evidence).
Clearly written management representations are documentary evidence obtained directly by the auditor
which is the good news.
management’s integrity;
whether circumstances are such that management’s behaviour may be expected to be different
from how it has been in the past.
subject to being taken over, where the value of managements’ shareholdings could vary widely
depending on the terms of the takeover
the auditors might revise their judgement about the reliability of management representations. Therefore
need for written management representation to be corroborated by other evidence (see new text).
Exam hint
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 134
CHAPTER 13
AUDIT REPORT
The auditor's report is a formal opinion, or disclaimer thereof, issued by either an internal auditor or an
independent external auditor as a result of an internal or external audit or evaluation performed on a legal
entity or subdivision thereof (called an “auditee”). The report is subsequently provided to a “user” (such as
an individual, a group of persons, a company, a government, or even the general public, among others) as
an assurance service in order for the user to make decisions based on the results of the audit.
An auditor’s report is considered an essential tool when reporting financial information to users,
particularly in business. Since many third-party users prefer, or even require financial information to be
certified by an independent external auditor, many auditees rely on auditor reports to certify their
information in order to attract investors, obtain loans, and improve public appearance. Some have even
stated that financial information without an auditor’s report is “essentially worthless” for investing
purposes.
A company’s auditor must report their opinions to shareholders/members on two primary matters:
i. whether the financial statements give a true and fair view (or present fairly in all material
respects),
ii. whether the financial statements have been properly prepared in accordance with relevant rules,
e.g.:
ISA 700 Forming an Opinion and Reporting on Financial Statements, makes it an obligation for the
auditor’s opinion to be clearly expressed through a written report.
the financial statements provide adequate disclosure to enable the users to understand the effects
of material transactions and events; and
Reporting by exception, also referred to as implied reporting, requires that the following matters should be
reported on:
where Returns are not received from all branches of the company
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 135
where all Information and explanations were not received
where Director transactions with the company are missing from FS.
Reporting by exception is not the same as a qualification; however, as the matters dealt with are usually
legal requirements, non-compliance will probably lead to a qualification anyway. For instance, if all
information and explanations have not been received, there will most likely be a “limitation of scope”, a
situation whereby the auditor is unable to express an opinion because the information and explanations
needed were not provided.
ISA 700 provides guidance as to the nature and wording of the audit report, most importantly the report
must be in writing.
In addition it recommends that the audit report be broken into distinct sections that explain the purpose,
nature and scope of an audit. The main reason for this is to ensure that the users of the audit report
understand the nature of audit procedures and that only reasonable assurance is being offered. One of the
primary purposes of this is to reduce the “expectations gap”.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 136
4 Statement of responsibilities of Management responsibility for the Financial Statements
management:
Preparation of the financial Management is responsible for the preparation and fair
statements in accordance with presentation of these financial statements in accordance with
the applicable financial International Financial Reporting Standards. This
reporting framework; responsibility includes, designing, implementing and
Designing, implementing and maintaining internal control relevant to the preparation and
maintaining an effective fair presentation of financial statements that are free from
internal control system to material misstatement, whether due to fraud or error;
enable the preparation of selecting and applying appropriate accounting policies; and
financial statements that are making accounting estimates that are reasonable in the
free of material misstatement; circumstances.
Applying appropriate
accounting policies; and
Making reasonable accounting
estimates.
5 Statement of responsibilities of the Auditor’s responsibility
auditors:
Express an opinion; Our responsibility is to express an opinion on these financial
The audit was conducted in statements based on our audit. We conducted our audit in
accordance with ISAs; accordance with International Standards on Auditing. Those
Requirement to comply with Standards require that we comply with ethical requirements
ethical standards; and plan and perform the audit to obtain reasonable
The fact that the audit was assurance about whether the financial statements are free
planned and performed to from material misstatement.
obtain reasonable assurance An audit involves performing procedures to obtain audit
about whether the financial evidence about the amounts and disclosures in the financial
statements are free from statements. The procedures selected depend on the auditor’s
material misstatement. judgement, including the assessment of the risks of material
Audit involves procedures misstatement of the financial statements, whether due to
designed to obtain evidence fraud or error. In making those risk assessments, the auditor
about amounts and disclosures considers internal control relevant to the entity’s preparation
in the financial statements; and fair presentation of the financial statements in order to
The procedures are based upon design audit procedures that are appropriate in the
auditor judgement, including a circumstances, but not for the purpose of expressing an
risk assessment and opinion on the effectiveness of the entity’s internal control.
consideration of internal An audit also includes evaluating the appropriateness of
controls; accounting policies used and the reasonableness of
Obtain sufficient, appropriate accounting estimates made by management, as well as
audit evidence on which to base evaluating the presentation of the financial statements.
the opinion. We believe that the audit evidence we have obtained is
sufficient and appropriate to provide a basis for our audit
opinion.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 137
The report may be signed in the
name of the firm, or the
personal name of the auditor,
as appropriate for the particular
jurisdiction.
There may also be a
requirement to state the
auditor’s professional
accountancy designation or that
the firm is recognised by the
appropriate licensing authority
(i.e. that the fim/partner is a
member of a body such as ACCA
and is registered to audit).
8 Date of report: [Date of auditor’s report]
The audit report should be
dated no earlier than the date
on which the auditor has
obtained sufficient appropriate
evidence upon which to base
their opinion.
This requires that all the
statements and
notes/disclosure that comprise
the financial statements are
finalised and that those with
responsibility for preparation of
the financial statements have
acknowledged their role.
Practically this means that the
auditor should sign their report
after the directors have
approved the financial
statements.
9 Auditor’s address: Auditor’s address
The audit report should name a specific
location, which is normally the city
where the auditor maintains the office
that has responsibility for the audit.
Think about the scope paragraph
There are four common types of auditor’s reports, each one presenting a different situation encountered
during the auditor’s work. The four main types of report include:
An opinion is said to be unqualified when the Auditor concludes that the Financial Statements give a true
and fair view in accordance with the financial reporting framework used for the preparation and
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 138
presentation of the Financial Statements. An Auditor gives a Clean opinion or Unqualified Opinion when he
or she does not have any significant reservation in respect of matters contained in the Financial
Statements. The most frequent type of report is referred to as the Unqualified Opinion, and is regarded by
many as the equivalent of a “clean bill of health” to a patient, which has led many to call it the Clean
Opinion, but in reality it is not a clean bill of health, because the Auditor can only provide reasonable
assurance that there are no material misstatements within the Financial Statements. This type of report is
issued by an auditor when the financial statements presented are free of material misstatements and are
represented fairly in accordance with the Generally Accepted Accounting Principles (GAAP), which in other
words means that the company’s financial condition, position, and operations are fairly presented in the
financial statements. It is the best type of report an auditee may receive from an external auditor.
(1) The Financial Statements have been prepared using the Generally Accepted Accounting Principles which
have been consistently applied;
(2) The Financial Statements comply with relevant statutory requirements and regulations;
(3) There is adequate disclosure of all material matters relevant to the proper presentation of the financial
information subject to statutory requirements, where applicable;
(4) Any changes in the accounting principles or in the method of their application and the effects thereof
have been properly determined and disclosed in the Financial Statements.
Consecrated Opinion:
In our opinion, the financial statements present fairly, in all material respects (or give a
true and fair view of) the financial position of ABC Company as at December 31,
20X9………………………………………………………………………………………
………………………………………
A Qualified Opinion report is issued when the auditor encountered one of two types of situations:
One or more areas of the financial statements is/are not free from material misstatement due to
e.g.:
These issues lead to a disagreement between the auditor and management. This is why this
situation is referred to by some scholars as “disagreement”. This disagreement is limited to one or
two areas of the financial statements and does not prevent the financial statements when taken as
a whole from being fairly presented. A concrete example of this is the incorrect calculation of
depreciation expense of the company’s buildings. As a result, the auditor qualifies his opinion by
describing the depreciation misstatement in the report and continues to issue a clean opinion on
the rest of the financial statements.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 139
Limitation of scope - this type of qualification occurs when the auditor could not audit one or more
areas of the financial statements, and although they could not be verified, the rest of the financial
statements were audited and they conform to the relevant financial reporting framework.
Examples of this include an auditor not being able to observe and test a company’s inventory of
goods. If the auditor audited the rest of the financial statements and is reasonably sure that they
conform with GAAP for example, then the auditor simply states that the financial statements are
fairly presented, with the exception of the inventory which could not be audited.
The format of the qualified opinion report is almost similar to that of the unqualified opinion report with
the little difference being the addition of a paragraph called “Basis of qualified opinion paragraph” which
describes the matter giving rise to the modification/qualification. This paragraph should be placed before
the opinion paragraph.
With a qualified opinion the auditor is basically stating that while there are, or may be, material
misstatements, they are confined to a specific element of the financial statements but the remainder may
be relied upon.
Accordingly the opinion usually states that “except for the matters described in the basis for qualification
paragraph, the financial statements present fairly (or give a true and fair view of).....”
Illustration: Qualified opinion for the financial statements with an area of material misstatement with the
rest being fairly presented.
As discussed in Note X to the financial statements, no depreciation has been provided in the financial
statements which practice, in our opinion, is not in accordance with International Financial Reporting
Standards. The provision for the year ended 31 December, 20X9, should be XXX based on the straight-line
method of depreciation using annual rates of 5% for the building and 20% for the equipment. Accordingly,
the non-current assets should be reduced by accumulated depreciation of XXX and the loss for the year
and accumulated deficit should be increased by XXX and XXX, respectively.
Opinion
In our opinion, except for the effect on the financial statements of the matter referred to in the Basis for
Qualified Opinion paragraph, the financial statements present fairly in all material respects (or give a true
and fair view of) the financial position............. (remainder of wording as per an unqualified report).
Illustration: Qualified opinion where the auditor concludes that they have been unable to gather sufficient
appropriate evidence and the possible effects are deemed to be material but not pervasive (not affecting
the whole financial statements).
We did not observe the counting of the physical inventories as at 31 December 20X9, since that date was
prior to our appointment as auditor to the company. Owing to the nature of the company’s records, we
were unable to satisfy ourselves as to inventory quantities by other audit procedures.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 140
Qualified Opinion
In our opinion, except for the possible effects of the matter described in the Basis for Qualified Opinion
paragraph, the financial statements present fairly in all material respects (or give a true and fair view of)
the financial position............. (remainder of wording as per an unqualified report).
Because of the addition of the expression “except for” to the opinion paragraph for the qualified opinion
paragraph, the qualified opinion report is also referred to as “Except-For Opinion”.
An Adverse Opinion is issued when the auditor finds a misstatement in the financial statements which is
both material and pervasive (i.e. affects entirely the financial statements).
The adverse opinion is considered the opposite of an unqualified or clean opinion, essentially stating that
the information contained is materially incorrect, unreliable, and inaccurate in order to assess the
auditee’s financial position and results of operations. Investors, lending institutions, and governments very
rarely accept an auditee’s financial statements if the auditor issued an adverse opinion, and usually request
the auditee to correct the financial statements and obtain another audit report.
Generally, an adverse opinion is only given if the financial statements pervasively differ from GAAP. An
example of such a situation would be failure of a company to consolidate a material subsidiary.
The format of the unqualified opinion report changes in the following ways:
addition of the Basis of Adverse Opinion paragraph before the opinion paragraph to explain the
reason for the adverse opinion.
change of the wordings of the opinion paragraph; this time, the auditor clearly states that the
financial statements are not in accordance with the financial reporting framework, which means
that they, as a whole, are unreliable, inaccurate, and do not present a fair view of the auditee’s
position and operations. The wordings are the following:
“In our opinion, because of the situations mentioned above (in the explanatory paragraph), the
financial statements referred to in the first paragraph do not present fairly, in all material respects,
the financial position of…”
A Disclaimer of Opinion, commonly referred to simply as a Disclaimer, is issued when the auditor could
not form, and consequently refuses to present, an opinion on the financial statements. This type of report
is issued when the auditor tried to audit an entity but could not complete the work due to various reasons
and does not issue an opinion.
Statements on Auditing Standards (SAS) provide certain situations where a disclaimer of opinion may be
appropriate:
A lack of independence, or material conflict(s) of interest, exist between the auditor and the
auditee;
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 141
There are significant scope limitations, whether intentional or not, which hinder the auditor’s work
in obtaining evidence and performing procedures;
There is a substantial doubt about the auditee’s ability to continue as a going concern or, in other
words, continue operating;
There are significant uncertainties within the auditee.
Although this type of opinion is rarely used, the most common examples where disclaimers are issued
include audits where the auditee willfully hides or refuses to provide evidence and information to the
auditor in significant areas of the financial statements, where the auditee is facing significant legal and
litigation issues in which the outcome is uncertain (usually government investigations), and where the
auditee has going concern issues (the auditee may not continue operating in the near future). Investors,
lending institutions, and governments typically reject an auditee’s financial statements if the auditor
disclaimed an opinion, and will request the auditee to correct the situations the auditor mentioned and
obtain another audit report.
A disclaimer of opinion differs substantially from the rest of the auditor’s reports because it provides very
little information regarding the audit itself, and includes an explanatory paragraph stating the reasons for
the disclaimer. Although the report still contains the letterhead, the auditee’s name and address, the
auditor’s signature and address, and the report’s issuance date, every other paragraph is modified
extensively, and the scope paragraph is entirely omitted since the auditor is basically stating that an audit
could not be realized.
In the introductory paragraph, the first phrase changes from “We have audited” to “We were engaged to
audit” in order to let the user know that the auditee commissioned an audit, but does not mention that the
auditor necessarily completed the audit. Additionally, since the audit was not completely and/or
adequately performed, the auditor refuses to accept any responsibility by omitting the last sentence of the
paragraph. The scope paragraph is omitted in its entirety since, effectively, no audit was performed. Similar
to the qualified and the adverse opinions, the auditor must briefly discuss the situations for the disclaimer
in an explanatory paragraph. Finally, the opinion paragraph changes completely, stating that an opinion
could not be formed and is not expressed because of the situations mentioned in the previous paragraphs.
The following is a draft of the three main paragraphs of a disclaimer of opinion because of inadequate
accounting records of an auditee, which is considered a significant scope of limitation:
We were engaged to audit the accompanying balance sheet of ABC Company, Inc. (the “Company”) as of
December 31, 20XX and the related statements of income and cash flows for the year then ended. These
financial statements are the responsibility of the Company's management.
The Company does not maintain adequate accounting records to provide sufficient information for the
preparation of the basic financial statements. The Company’s accounting records do not constitute a
double-entry system which can produce financial statements.
Because of the significance of the matters discussed in the preceding paragraphs, the scope of our work
was not sufficient to enable us to express, and we do not express, an opinion of the financial statements
referred to in the first paragraph.
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 142
4.5 – Summary of the types of auditor’s report
Financial
Auditor’s Judgement Regarding the Pervasiveness
statements are free
of the Matter
and fair
Material but Not
Nature of Matter Immaterial Material and Pervasive
Pervasive
Financial statements are Unqualified opinion
free and fair report
Financial statements are
materially misstated Qualified opinion Adverse opinion
(Disagreement)
Inability to obtain sufficient
appropriate evidence Qualified opinion Disclaimer of opinion
(Limitation of scope)
5 – ADDITIONAL PARAGRAPHS
Having formed their opinion there are circumstances where the auditor must also draw the users attention
to additional matters that are significant to their understanding of the financial statements. These
circumstances are categorised as follows:
other matters relevant to either understanding the audit, the auditor’s responsibilities or the audit
report. These are presented in “Other Matter” paragraphs.
These are presented immediately after the opinion paragraph. It is important to note that they do not
affect the audit opinion, nor are they a substitute for one.
These paragraphs simply draw the readers attention to a note already disclosed in the financial statements.
The matters referred to have to be fundamental to the readers’ understanding of the financial statements.
Widespread use of them would diminish their effectiveness.
early application of a new accounting standard that has a pervasive effect on the financial
statements;
a major catastrophe that has had, or continues to have, a significant effect on the entity’s financial
position.
when the client issues another set of financial statements (e.g. one according to IFRS and one
according to UK GAAP) and the auditor has also issued a report on those financial statements;
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 143
when a set of financial statements is prepared for a specific purpose and user group and the users
have determined that a general purpose framework meets their financial information needs; and
if there is a material inconsistency between the audited financial statements and the “other
information” contained in the annual report (such as the Chairman’s Report).
Emphasis of Matter
We draw attention to Note X to the financial statements. The company is the defendant in a lawsuit
alleging infringement of certain patent rights ad claiming royalties and punitive damages. The Company
has filed a counter action, and preliminary hearings and discovery proceedings on both actions are in
progress. The ultimate outcome of the matter cannot have been made in the financial statements. Our
opinion is not qualified in respect of this matter.
ESSENTIALS OF THE NOTE
It will be beneficial for the learner to know the concept within “Internal Control System” is being studied.
Internal control system is a component of risk management
Disclosure
AUDITING FOR HND, BACHELOR DEGREE, DIPET 2 CERTIFICATES/DIPLOMAS – SUH CHARLES TEL 677 94 95 89 144