Professional Documents
Culture Documents
FINANCIAL
AUDIT
MANUAL
BY:
ZAHEER AHMAD HASHMI
AUDIT-IV SECTION,
CMP,LAHORE CANTT.
0300-4170656
INTRODUCTION
SYLLABUS
15 Chapters of Financial Audit Manual (FAM)
Appendices
2 Ordinances (AGP Ordinance 2001 & CGA Ordinance 2001)
Article No. 168 to 171 of Constitution of Pakistan 1973.
FAM is also called Certification Audit. FAM is prescribed by Auditor General of
Pakistan in 2006 and used for audit purpose by D.G. Defence Audit.
Audit
PIFR A
NAM FAM
Page | 1
INTOSAI International Organization of Supreme Audit
Institutes.
INTOSAI:
All audit departments are controlled by INTOSAI in the whole world because
it sets the standards of Audit.
INTOSAI has formed the auditing standards cell which is called as ISSAI.
Entity Communication letters: DAGP has a legal mandate to perform audit work
of Government institutions/ entities. So there is no need of communication letter to
inform entity for its audit. The entity is legally bound to be audited.
Page | 2
AGP ORDINANCE 2001
According to Section 7: AGP certifies the accounts of CGA. He performs mandatory
Audit i.e. Audit of each year. This audit is also called Statutory Audit.
According to Section 8: AGP will audit all the expenditures of Federation, Province,
Districts & Trading Concerns with respect to compliance with applicable laws. Expenditures
are appropriately spent.
According to Section 12: AGP will also audit all the receipts of Federation, Provinces,
Districts & Trading Concerns. It includes receiving of proper collection assessment, deposits.
Main focus is on ASSESSMENT.
According to Section 14: AGP can inspect any accounts of every department and
ministry.
He can perform unhidden audit.
He can check unhidden accounts and information to do proper auditing
work.
He can conduct audit in his office i.e. Auditor General of Pakistan’s
office.
He can call explanation in non-cooperation of DDO officers.
Page | 3
Observation
Audit Work
Page | 4
ROLE OF THE AUDITOR GENERAL
Auditor General of Pakistan is a public servant who implements his policies of
accounts and audit in Pakistan. He works on the behalf of Parliament and public to audit/
check the utilization of financial resources properly. Auditor General submits his audit
reports to the President of Pakistan for federal government and submits his audit report to the
governors of provinces for provincial Government. They present the audit report in National
and Provincial assemblies.
Reports Audit Reports
DAGP
Legal/
Statutory
Audit Government
Page | 5
Article 168:
This article is related with the appointment of Auditor General of Pakistan. So,
the President has the power to appoint AGP.
Article 169:
In this article, the powers and functions of AGP are presented and discussed.
i.e. What kind of work and power can be exercised by the AGP.
Article 170:
Article 170 presents and relates the powers and methodology of preparing and
maintaining the accounts of Federal and Provincial Governments. In article 170, he applies
the policies of accounting.
Article 171:
According to article 171, the AGP will submit his audit report to the President
of Pakistan in case of Federal Government and to the governors of each province in case of
Provincial Governments. After providing audit report, the job of AGP will be completed/
finished.
After 01-07-2001, the Pakistan (Audit & Accounts) Order 1973 was replaced
by the following two ordinances:
AGP Ordinance 2001 {Functions, Powers, Terms & Conditions}
CGA Ordinance 2001 {Appointment, Functions, Powers}
Page | 6
ACCOUNTING RESPONSIBILITY
STRUCTURE OF THE GOVERNMENT OF
PAKISTAN.
There are two types of government prevailing in Pakistan.
i. Federal Government ii. Provincial Government.
Following is the accounting structure of the Government.
CGA
(Primary responsibility is accuracy of Accounts)
Page | 7
CHAPTER NO. 1
AUDITING:
Auditing is a process by which the Auditor General of Pakistan evaluates the
Financial Statements, submitted by ministries, departments and agencies to state, to
form an opinion on the Financial Statements.
KINDS OF AUDIT:
Basically, there are 2 kinds of Audit.
1. Regularity Audit 2. Performance Audit.
1. REGULARITY AUDIT.
This kind of Audit is further divided into 2 kinds.
a. Financial Audit/ Certification Audit/ Attestation Audit;
This audit is related with financial reports. In this audit, the auditor certifies
the financial assets, liabilities, income and expenses physically existed and
spent. It stops the fraudulent payments, valued the liabilities and assets
properly.
(Chapter 9 covers the Techniques of Financial Audit)
b. Compliance Audit with Authority/ Audit of Laws & Rules;
This kind of audit is most important. This audit focuses that constitutions, laws
and rules are properly implemented and followed and not to check their
significance.
2. PERFORMANCE AUDIT.
This audit basically checks the:
Efficiency
Economy 3Es at Pakistan level
Effectiveness
Ethics
5Es at International level
Environment
Page | 8
CHAPTER NO. 2.
Vision:
The vision of DAGP is to add value to Public resources.
Mission:
The mission of DAGP is to develop the department on a credible professional
institution that promotes good governance and public accountability.
Value:
1. Accountability:
AGP is accountable for the achievement of its vision, mission and stated values.
2. Professionalism:
AGP conducts its activities in an open, transparent and discipline and highly
ethical manner.
3. Integrity:
AGP takes an objective, fair, honest and balanced approach to all of its activities.
4. Excellence:
DAGP strives for excellence in all of its activities.
5. Reliability:
DAGP produces/ prepares its audit reports clear, useful, timely and accurate.
6. Co-operative and Constructive Spirit:
DAGP works on behalf of Parliament, so it must be co-operative, professional
with its audit entities, staff, supplies, consultants and third parties.
7. Partnership:
There is only relationship between DAGP and Government that DAGP is the only
Auditor of Govt. and both work for the good governance of the country.
8. Innovative Spirit:
DAGP always tries to improve its audit work/ activities, practice and operations.
9. Making a Difference:
DAGP always tries to improve the work of its audit entities due to its integrity and
efficient work. Due to DAGP’s honest work, no audit entity will try to embarrass
the money and properly maintain the accounts.
10. Risk Managers:
DAGP must encourage its officers and staff to accept the challenges and take
required risk for DAGP to achieve its mission, vision and values.
Page | 9
11. Open Communications:
DAGP should communicate openly and timely to Parliament and its audit entities,
staff, suppliers, consultants and their parties.
12. A Respectful Workplace:
DAGP must provide a respectful workplace and facilitate its staff and workforce
where individuals perform their duties and their full potential and professional
competence.
SUMMARY
Chapter No. 1 & 2.
Types of Audit:
1. Regularity Audit Financial Audit/ Certification Audit/ Attestation
Audit
Compliance Audit with Authority/ Audit of
Laws & Rules
2. Performance Audit
Types of Audit Entities:
1. Self Accounting Entities.
2. Centralized Accounting Entities.
3. Exempt Entities.
All entities are audited by AGPR.
Accounting Responsibility Structure:
1. AGPR Manages the Federation Accounts.
2. AG’s Manages the Provisional Accounts.
3. DAO Manages the Districts, Federal and Provisional Accounts and sent these
receipts/ payments accounts to related departments separately on
monthly basis.
Stages of Audit Work and FAM.
Planning (Ch. No. 7 & 8)
Field Work/ Execution of Audit (Ch. No. 9)
Evaluation of Field Work (Ch. No. 10)
Reporting (Ch. No. 11 & 12)
Follow up (Ch. No. 14)
NOTE: Combination of all above stages are also called Audit Cycle.
Page | 10
CHAPTER NO. 3.
JOB OF AN AUDITOR:
Auditor is back-bone of the DAGP. Auditor performs his duty on the behalf of
DAGP. Auditor plays a vital role in ensuring the integrity of the operations of the
Government of Pakistan and safeguarding/ protecting its assets.
Expectations:
Auditors work in team. No one can perform his duty individually in effective
manners. It is the requirement of audit work i.e. works in team.
i. At least one auditor must be fully conversant with rules and regulations of
audit.
ii. Auditors must be rotated except one because if all would be rotated, then no
one can perform duty effectively. So, at least one auditor must be continued.
iii. Audit team should perform complete and thorough check according to the
audit program of audit entity. Audit teams must complete the audit within
prescribed time and report to audit officer.
iv. Each auditor should use his professional judgment i.e. knowledge, integrity
and experience to carry on all audit programs.
v. Auditor’s responsibility is not to detect the frauds. Every auditor, however,
should take appropriate action where fraud is suspected.
CODE OF ETHICS:
Code of ethics is derived from Lima Declaration. It is also called INTOSAI
Code of Ethics. In Pakistan, code of ethics is implemented in June 2002.
1. Trust:
Auditor works on the behalf of AGP. AGP works on the behalf of Parliament. So,
the Parliament and general public completely trust on AGP regarding its audit
activities and reports.
2. Confidence:
Auditors must be confident, in knowledge and experience, while performing audit
activities. Each auditor must have good/ sufficient professional knowledge and co-
operative with his team members.
Page | 11
3. Credibility:
Credibility means that the reports and opinions of the DAGP are considered to be
thoroughly accurate and reliable by knowledgeable third parties. Third party can
not point out the reports as un-reliable.
4. Integrity:
Integrity includes financial, moral and intellectual integrity. Auditors should make
decisions with the public interest. Auditor audits the report correctly in figure,
performs audit work with positive approach and decides which is true to audit
entity. Auditors have a duty to adhere to high standards of behavior and to be
above suspicious and reproach.
5. Independence:
Auditors should be independent and objective. Auditors should be free from
undue influence of audit entities and third parties. Auditors should be independent
and impartial in appearance.
6. Objective:
Auditor’s main objective is to perform audit duties in fair and true manners and
make decisions in favour of public interest.
7. Impartiality:
Auditor while performing his duty must be neutral in approach and appearance.
He must perform his duty honestly and effectively.
8. Political Neutrality:
There is no undue influence of politicians on auditors while performing his duty.
So auditor must be free and independent while performing his duty.
9. Conflicts of Interest:
Auditor should protect his independence and avoid the conflicts of interest by
refusing gifts, avoiding all relations for personal purposes. Management should
not assign the audit work to those auditors who have their own personal interest in
audit entity. Auditor should not show his biasness against the audit entities whose
wrong information is provided by its competitive entity.
10. Professional Secrecy:
The auditors should not disclose the audit information or reports to any person
except competent authority in auditing process. e.g. DAGP will submit its audit
reports only to the President/ Governors of any province.
Page | 12
11. Competence:
The auditors should know auditing, accounting and financial management
standards, policies, procedures and practices. The auditors should not undertake
work which they are not competent to perform.
12. Professional Development:
Auditors should develop themselves professionally by attending seminars,
workshops and training programs. They should use new methodologies and
processes to conduct an audit of audit entity. They must exercise due professional
care in their work.
PROTECTION OF THE AUDITORS:
To conduct audit of an audit entity is very sensitive nature for auditors. So,
there are a lot of chances to create conflicts between audit team and audit entity. In case of
conflicts, officer must take following steps to protect his auditors for smooth and excellent
audit work.
Audit team must jointly attend/ conduct meetings with audit entity in positive
manners.
Auditors should inform his supervisor/ audit officer in written form.
Audit officer should propose an action plan in consultation with senior
management in DAGP.
Depending on seriousness of matter, all or one of the following actions may be
implemented.
i. Audit manager raise the issue with PAO.
ii. A letter is signed by the AGP or Dy. AGP and submitted to PAO or
CGA.
iii. The composition of audit team can be changed.
iv. Legal action can be taken if necessary after consultation with AGP.
v. When an individual auditor is not satisfied with the action taken, he
has a right to report AAGP, Dy. AGP or AGP.
Page | 13
CHAPTER NO. 4
Page | 14
iv. Facilitation of Accountability Process.
Management of audit entity is liable to provide adequate information, financial
reports and statement to run accountability process smoothly. A system must be developed by
the entity which will provide the relevant and reliable information to audit team.
v. Establishment of Accounting Standards.
DAGP should ensure the establishment of accounting standards policies to perform
the audit work in correct and smooth manners. DAGP should recommend the audit entities to
maintain and prepare their accounts in the light of its established policies. Audit entities
should develop specific and measurable objectives and performance targets.
vi. Application of Accounting Standards.
DAGP should investigate either accounting standards are being applied in
maintaining and preparing the accounts or not by the audited entities consistently. Minimum
requirement for an auditor’s obligation is not to emphasis the accounting standards follow or
not. He must use his personal experience to perform his duty.
vii. Internal Control.
The existence of an adequate internal control minimizes the risk of errors and
irregularity of financial statements & reports. Internal control will help the auditor to draw a
fair and accurate audit report. The audit team should compare:-
Where control should be?
Where controls are?
Either control is adequate or not?
Control is operational?
Identify the missing control.
viii. Legislative Requirement.
It is the legal requirement that every audit entity is liable to co-operate and provide
access to all relevant documents and information to audit party. Legally, every entity is to be
audited by DAGP in each year. Therefore, it is called statutory audit. Any audit entity cannot
refuse to be audited.
ix. Audit Mandate.
All audit activities should be within the audit mandate of the AGP. This essential and
jurisdictional function requires the department to make sure who is dealing with the public
fund and accountable for it.
Page | 15
Audit mandate includes:-
a. Regularity Audit (Financial Audit & Compliance with Authority Audit)
b. Performance Audit
It means to check efficiency of utilization of financial, human and other resources,
economy of administration and effectiveness of performance.
x. Improving Auditing Techniques.
The DAGP shall improve the techniques for the validity of performance measures.
Time is saved due to improving techniques and new methodologies of auditing, less human
resources are involved to perform audit work. e.g Manual audit to Computerized audit.
So, DAGP should manage seminars to develop professional auditors, conduct
training programs and workshop to prone its staff for effective and efficient work.
2. GENERAL STANDARDS (ETHICAL STANDARDS):
General Standards also include the Ethical Standards. General Standards describe the
qualification of auditors and auditing institution so that they may carry out the task in
competent and effective manners.
The General Audit Standards includes:-
i. Recruitment:
Recruit personnel with suitable academic and professional education and be
equipped with appropriate training & experience.
ii. Training and Development:
The department should frame the policies to train and develop employees in
effective and professional manners.
iii. Provision of Instructions and Guidance:
Prepare manual, other written guidance and instructions concerning to conduct
the audit. (Proper communication in form of circulars, letters and office orders
etc.)
iv. Supporting of Skills and Experience:
Support the skill and experience available within the department of the AGP
and also identify the skills of personnel in the planning of audit as well as
identify professional development needs.
v. Review:
Review the efficiency and effectiveness of the department’s internal standards
and procedures.
Page | 16
The DAGP shall establish a system and procedures to:
Confirm that internal quality assurance process have operated satisfactory.
Ensure the quality of the audit report; and
Secure improvements and avoid repetition of weaknesses.
STANDARDS WITH ETHICAL SIGNIFICANCE:
The General Standards with Ethical Significance include:-
1. Independence.
2. Conflict of Interests.
3. Competence.
4. Due Care.
1. Independence:
The DAGP and the auditors must be independent from:
a. Parliament / Legislature.
b. Executive / Government.
c. Audited Entities.
a. Parliament / Legislature:
The legislature is one of the main user of the services of the DAGP. The
department’s reports are presented in the legislature through the President of Pakistan. So, the
department must be independent from legislature & the government to conduct audit and
credibility of its results.
The DAGP may be given its representatives who give factual briefings on audit
reports to the legislature. The legislature forms a special committee which examines the audit
services and other representatives. So there will not be undue influence and political pressure
from the government.
The DAGP must perform its duty according to its programs, plans, conduct of its
work according to his mandate and adopt methodologies appropriate to audit.
The legislature should specify minimum reporting requirements including reasonable
time within which reports should be made. So the DAGP should provide sufficient resources
for effective exercise of its mandates.
b. Executive / Government:
The executive branch of government and SAI have common interest in the promotion
of public accountability. The relationship between the DAGP & the Government is an
Page | 17
external auditor. So, the executives must not to interfere and disturb the work of DAGP
through its undue influence.
The DAGP should not oblige to carry out, modify, alteration in audit findings,
conclusions and recommendations. The DAGP performs audit under CCCECR model:
C = Criteria
C = Condition
C = Cause
E = Effect
C = Conclusion
R = Recommendation.
The DAGP shall be ready to advise the executive regarding accounting policies,
standards and the financial statements. The Government may request to the SAI for the audit
of a special institution but the AGP may be or may not be accepted the request.
The executive must provide the financial resources to conduct the fair audit work.
The AGP can disclose the audit secret relevant information to the executives under
exceptions of law to discharge the responsibility of the department. The DAGP shall ensure
that its mandate and status is well understood in the community.
c. Audited Entities:
The DAGP must remain independent from audited entities. But the representatives of
the DAGP must be polite and co-operative with audited entities to receive the relevant
information regarding financial reports and statements.
The audited entities do not need to Engagement Letters of audit because they are
legally bound to be audited. Those entities can never refuse to be audited and also provide
relevant material and documents. These entities can be audited at any time when the AGP
requires.
The DAGP will not participate in the management of the audited entities. Audit
personnel should not become the members of management committee.
Any personnel of the AGP should not have any close affiliation with the management
of audited entities such as social, kinship or other relations.
Audit personnel should not instruct the personnel of audited entities how to work?
etc. The DAGP may co-operate with academic institutions and enter formal relationship with
professional bodies.
Page | 18
2. Conflicts of Interests:
The DAGP should avoid the conflicts of interests between the audit and the audit
entity under audit. The auditor should not use his official position for personal purposes. He
shall refuse to audit the entity if he has personal interest, kinship or other relationship with
the audit entity which is not in knowledge of management. He shall refuse to receive the gifts
etc, to avoid the conflicts of interests. If there will be conflicts of interests, then the auditor/
DAGP is not independent and cannot perform assigned task honestly, efficiently and
effectively.
3. Competence:
Competence means the DAGP/ auditor has plenty of experience regarding audit work
in different dimensions. It is very important general standards of audit. The auditor must
possess the required qualification, experience and skills to perform the audit.
The auditor has a duty to form and report audit opinions. He also makes decisions on
the basis of his opinions relating to conclude findings and recommendations. The duties and
responsibilities of DAGP are very crucial but the DAGP must apply its audit methodologies
and techniques of the highest quality. It is possible only if there are competent auditors in
DAGP. The DAGP can fulfill its audit mandate through competency of auditors. The
competence may be considered as a “Tool of Audit Work” to get Audit Mandate.
4. Due Care:
The auditor/ The DAGP must exercise due care and concern in complying with the
auditing standards. The due care must exist while specifying, gathering and evaluating
evidence and reporting findings, conclusions and recommendations.
The DAGP must follow the accounting standards while auditing and reporting by
Public Enterprises. It must use its technical skills and expertise on qualification basis. The
DAGP plays its role as “External Experts” as consultants. So, as consultant, it suggests and
gives its opinions by exercising due care. The DAGP can seek advice from other specific and
professional audit departments to perform better and enhance its skills. The DAGP maintain
confidentiality regarding audit matters and information arising from its task. The department
should report of offences against the law to proper prosecuting authorities.
Page | 19
3. FIELD STANDARDS:
The objective / purpose of field standards is to establish the criteria for the
purposeful, systematic and balanced steps that the auditor has to follow. These steps/ actions
represent the rules of research that the auditor implements to achieve a specific result.
The following field standards are applicable to all types of audit.
a. Planning
b. Supervision and Review
c. Evaluation of Internal Control
d. Compliance with Applicable Laws and Regulations
e. Audit Evidence
f. Analysis of Financial Statements
a. Planning:
The auditor should plan the audit in such manner which ensures that high quality audit
is carried out in an economic, efficient, effective way and timely manners.
The DAGP shall give priority to any audit tasks which fall within its mandate. The
auditor should plan an audit by following ways:-
i. Identify important aspects of environment.
ii. Develop an understanding of the accountability relationship.
iii. Consider the form, content and users of audit opinions, conclusion or reports.
iv. Specify the audit objectives.
v. Identify key management systems and controls.
vi. Determine the materiality of matters.
vii. Review the internal audit.
viii. Determine the most efficient and effective audit approach.
ix. Appropriate action has been taken on previous reported audit findings and
recommendations.
x. Provide appropriate audit plan documentation.
Planning steps in an audit:
Following planning steps are included in an audit:-
Collect information about the audited entity.
Define the objective and scope of audit.
Undertake preliminary analysis to determine adopted approach and the
nature and extent of inquiries.
Page | 20
Prepare budget and schedule of audit.
Indentify staff requirements.
b. Supervision and Review:
Supervision means the work of audit staff is properly supervised / checked by the
team leader. Supervisor should maintain quality of audit, control on the individual auditor
regardless of his competence.
Following are the guidelines regarding supervisions:-
1. Members of audit team have a clear and consistent knowledge of audit
plan.
2. Follow the audit standards and practice.
3. Audit program and action steps are specified in that plan.
4. Conclusions, recommendations and opinions are properly supported by
evidence i.e. working papers.
5. Achievements of audit objectives.
6. Audit report includes the audit conclusions, recommendations and
opinions, as appropriate.
Review means just go through the audit report. Audit report must be checked by a
senior member before its finalization. Review should ensure that:-
a) All evaluations and conclusions are soundly based and are supported by
competent, reliable, relevant and reasonable audit evidence.
b) All errors, deficiencies and unusual matters have been properly identified
and documented.
c) Changes and improvements necessary to the conduct of future audits are
identified.
Page | 21
In case of performance audit, evaluation is made on conducting the business of the
audited entity in an economic, efficient and effective manners and producing timely and
reliable financial and management information.
d. Compliance with Applicable Laws and Regulations:
In conducting mandatory (regular) audit, a test should be made of compliance with
applicable laws and regulations. The auditor should design audit steps and procedure to
provide reasonable assurance of detecting errors, irregularities and illegal acts.
In conducting performance audit, an assessment should be made of compliance with
applicable laws and regulations when necessary to satisfy the audit objectives.
Reviewing compliance with laws and regulations is especially important for auditing
government programs because decisions makers need to know if the Laws and Regulations
are being followed. The auditor should exercise professional judgment to determine that laws
and regulations have significant impacts on the audit objections.
e. Audit Evidence:
Reliable, relevant and competent evidence should be obtained to support the auditor’s
judgment and conclusion regarding the organization’s functions under audit.
The audit findings, conclusions and recommendations must be based on adequate
evidences. Evidence helps to satisfy the auditors about the reliability and relevancy of data.
Auditor should adequately document the audit evidence in working papers including
work performed and the findings of the audit.
Auditor should have a sound understanding of techniques and procedures such as
inspection, observation, enquiry and confirmation to collect audit evidence.
f. Analysis of Financial Statements:
It is the final standard of Field Standards. In this standard, financial audit regarding
financial statements and reports are properly checked and verified with accounting standards.
The auditor should thoroughly analyze the financial statements in following way:
1. Financial statements are prepared according to accounting standards.
2. Financial statements are presented with due consideration to the
circumstances of audited entity.
3. Sufficient disclosures and working notes are presented about various
elements of financial statements.
4. The various elements are properly evaluated, measured and presented.
Page | 22
4. REPORTING STANDARDS IN GOVT. AUDITING:
At the end of each audit, the auditor should prepare a written opinion or report which
shows the findings during audit work. Its contents should be easy to understand and free from
ambiguity. It also includes only information which is supported by competent, reliable,
relevant and reasonable audit evidence and be independent, objective, fair and constructive.
The word “Opinion” is used to auditor’s conclusions as a result of a regularity audit.
However, the word “Report” is used to the auditor’s conclusions as a result of performance
audit.
Types of Reports:
Management Letter: is a report which is presented to PAO for revision
purposes. It is signed by Directorate General.
Draft Reports: are such reports which are presented to PAC signed by
AGP.
Contents of Reports:
Following are the contents of reports or opinions founded on the general principles.
1. Title:
The opinion or report shall be prescribed by a suitable title or heading.
2. Signature and Date:
The opinion / report shall be properly signed. The date is also mentioned for the
information of reader about financial audit’s period of audits i.e. Financial Year
2011-12.
3. Objective and Scope:
The opinion / report shall include reference to the objective and scope of audit.
4. Completeness:
The auditor’s opinion / report shall be presented as prepared by him. Regularity
(Financial) audit’s opinion must be completed and established to the stake holders
immediately after ending of audit of a financial year. In case of performance audit,
it may be free standing.
5. Addressee:
The opinion / reports shall be addressed as per requirements of applicable laws
and procedures i.e. PAC.
Page | 23
6. Identification of Subject Matters:
The opinion / reports shall identify the financial statements (in case of financial
audit) or area (in case of performance audit) to which it relates. This includes
information such as the name of audited entity, the date and period covered by
financial statements and subject matters.
7. Legal Basis:
Audited opinions / reports shall identify the legislation or other authority
providing for the audit.
8. Compliance with Standards:
Audited opinions / reports shall indicate the auditing standards or practice
followed in conducting the audit. It assures to reader that the audit has been
carried out with general accepted procedures.
9. Timelines:
The auditor’s opinion / report shall be available within prescribed / available time
for the greatest use to the readers & users.
Page | 24
CHAPTER NO. 5
Page | 25
a. Setting the basic planning parameters. (Materiality Planned Precisions,
Audit Risk, Components.)
b. Setting inherent risk, control risk, other substantive procedures risk and
substantive test of detail risk for each component and each specific
financial audit objective and compliance with authority objective and error
conditions.
c. Determine the optimum mix of tests of internal control, analytical
procedures and substantive tests of details for each component.
d. Drafting the audit programmes, forms and checklists to be used by audit
teams performing the work.
e. Performing the overall error evaluation.
f. Reporting the results of the audit.
Audit Team of Directorates:
Audit team which is formed by the AGP/ Central Team to perform the audit
under the management of Central Team. Members of audit team are selected from different
directorates.
Responsibilities:-
Followings are the responsibilities of directorates:-
a. Providing advice to assist Central Team to plan the audit.
b. Reviewing the material received from the Central Team to ensure audit
programme, forms, checklists to reflect the optimum mix of tests.
c. Performing the audit work.
d. Reporting the results of the work, including individual errors to the central
team.
DAGP STRATEGIC AUDIT PLANS
The AGP is responsible to decide what kind of audit work is necessary to fulfill his
mandate. So, the AGP should develop a multi-year strategic plan for DAGP audit activities.
The Strategic Plan will include:
1. Mandatory and Centrally Led:-
This audit is required to be performed each year according to mandate of DAGP.
However, the work performed by an individual directorate is part of a larger audit.
Example: The annual audit of financial statements of the Federation.
Page | 26
2. Not Mandatory and Centrally Led:-
This audit is not required to be performed each year according to DAGP mandate.
However, the work performed by an individual directorate is part of a larger audit.
Example: Government-wide audit of contracting.
3. Mandatory and Not Centrally Led:-
This audit is required to be performed each year according to DAGP’s mandate,
whereas, the work performed by the individual directorate is not part of larger audit. The
audit work is performed by directorate itself without the management of central team.
Example: The annual audit of financial statements of a commercial entity / a
foreign aided project etc.
4. Not Mandatory and Not Centrally Led:-
This audit is not required to be performed each year according to DAGP’s mandate
and the work performed by the individual directorate is not the part of larger audit.
Example: Audit of Compliance with authority work being performed by the
directorate on the entities for which it is responsible.
CONTENTS OF AUDIT PLAN
A proposed audit plan is submitted for approval from AGP. The plan is approved only
for one financial year. It contains:
1) A summary of directorate’s mandate (i.e. previous year audit mandate / plan)
2) A plan / status of current audit activities i.e. mandatory or non-mandatory audit.
3) A summary of audit that the directorate wants to perform in the following year:-
a. Financial Audits (Including CWA audit)
b. Compliance with Authority audits (where additional compliance with
authority work is planned.)
c. Audits of Internal Controls.
d. Audits of Foreign-Aided projects.
e. Performance Audits.
f. Other functional, systems, programs and fraud audits and
g. Special assignments.
4) Details with respect to each of the planned audits. i.e.
a. The revenue and expenditure to be audited.
b. The person days required.
Page | 27
c. The staff members to be assigned to the audit.
d. TA/DA is required.
e. A time schedule showing the dates for planning, execution and reporting
of audit.
5) A summary of unallocated resources available within the directorate or the audit
work for which staff is not available.
INTEGRATION OF AUDIT WORK
It is a basic principle of DAGP’s audit activities that no audit entity should be audited
more than once in a financial year. So, DAGP has to integrate the audit work to get the result
of mandatory and non-mandatory audit.
To achieve this target, DAGP must plan the audit work in such a way that its audit
team should be able to achieve the target i.e.
Mandatory Audit i.e. Financial Audit & CWA audit.
Non-mandatory Audit i.e. Performance Audit.
Integration includes:-
Performing the work at the same time.
Re-using the sample items selected for the financial audit work when
performing the compliance with authority, internal controls and
performance audit work (with additional necessary items.)
Above mentioned techniques can be used to fulfill the integration for
achieving targets i.e. Regularity Audit & Performance Audit.
BENEFITS OF INTEGRATION:
Following are the benefits of integration:-
a. Time saves due to draw the sample for financial audit and compliance with
authority audit. Performance audit can be worked on that sample.
b. All audits can be performed collectively.
c. While performing the financial audit, compliance with authority audit is
automatically performed because auditor normally relies on larger amount.
However, CWA audit is not mandatory, so it may not be performed for
several years.
d. While auditors performing compliance with authority audit work on Year
1 transactions in Year 4, there is a risk that the auditors could discover
significant errors in Year 4 with respect to the accounts for Year 1. DAGP
could then be in the embarrassing position.
e. Timely identification of deficiencies.
f. Relax the entity officials for providing the records.
g. Prevention of frauds due to presence of auditors in an organization for
longer period.
Page | 28
Chapter No. 6
AUDIT CYCLE FOR INDIVIDUAL AUDITS
A
U Assess materiality, planned precision,
D and audit risk
I
T
Understand the entity's internal control structure
P
L
A Determine components
N
N
I Determine financial audit and compliance with authority objectives and
N error/irregularity conditions
G
Page | 29
Chapter No. 7
Page | 30
Auditor should provide:-
i. An understanding of the users of the entity’s services and the size of the entity
is needed to assess materiality.
ii. An understanding of the parliament / legislature authorities affecting the
entity’s operations, that what components of operations should be audited.
iii. An understanding of the industry in which the entity operates to assess
inherent risk.
Level of Effort:
Level of effort means efforts to prepare permanent file of an entity. The information
regarding audited entities is collected with the passage of time while performing the audit.
Level of effort will be very high while collecting information of an entity for the first
time.
3. ASSESS MATERIALITY, PLANNED PRECISION AND AUDIT
RISK:
I. Materiality:
Materiality means, “An error is material if the error is big enough to influence the
users of the financial statements.”
Materiality is important in the context of the auditor’s report on the financial
statements. Materiality is used by two ways.
i. For planning => to determine sample size i.e. 80%
ii. For reporting => to express the opinion on financial statements i.e. 100%
Guidelines:
Followings are the guidelines to determine the materiality:-
Identify the probable users of financial statements,
Identify the information in the financial statements, i.e. (Total expenditure,
Total Assets, Annual surplus or deficit). One or more of these amounts may be
considered as base amount for computing materiality.
Estimates the highest percentage on base amount could be misstated without
effecting the user decisions on financial statements,
Multiply the percentage times the base amount,
Select the lowest amount – this is the materiality amount. Errors exceeding
this value are material.
Page | 31
The auditor normally selects the lowest amount of materiality which helps the user to
make realistic decision on financial statements. The lowest amount enhances the correctness
and reliability of financial statements.
Materiality amount is determined for all components of financial statements for audit
purposes.
Identification of Materiality %age Materiality %age
Information for small entity for large entity
Total Expenditure 2% 0.5%
Normalized Pre-Tax Income 10% 5%
Total Revenue 2% 0.5%
Equity 1% 1%
Assets 0.5% 0.5%
Annual Surplus / Deficit vary case to case vary case to case
Page | 32
iii. Other changes to entity’s business which can effect the size of errors.
Example: Planned precision may be got by following:
Materiality 3,000,000
(-) Aggregate Expected Errors 816,500
Planned Precision 2,183,500
The auditor expects that the organization has good internal control while auditing.
There are large errors found. So, he will change its precision and issue qualified opinion /
report. Planned Precision may be expressed by following equation:
Planned Precision = Materiality – Aggregate Expected Errors.
III. Audit Risks:
Audit Risk refers:
“The auditor is not completely confident that the financial statements are not
materially misstated. The auditor has some degree of assurance that is less than 100%.”
When an auditor takes some risks to issue the unqualified opinion on financial
statements that misstates materiality. This risk is referred to “Audit Risk”.
Example: If the auditor wants to be 95% confident that the financial statements are
not materially misstated. This means auditor takes risk of 5% for materiality errors. So 5% is
the “Audit Risk”.
RISK ASSESSMENT
The auditor focuses on the areas of greatest materiality, significance and risk. So, the
assessment of risk is critical to the development of an audit plan.
Example: In case of financial audit, the auditor is concerned only with the risk of
material misstatement exists in financial statements or not. In case of compliance audit, the
auditor is concerned only with risk of the laws/ rules & regulations are followed by preparing
financial statement or not. So, it is very difficult to assess the risk while developing the audit
plan.
It can be divided into three categories:
i. Inherent Risk iii. Detection Risk
ii. Control Risk
i. Inherent Risk:
Inherent Risk is the chance of Material Errors occurring assuming that there are no
internal controls. In general, the higher the inherent risk, the higher effort required detecting
errors.
Page | 33
Table for Professional Judgment of Inherent Risk
Level of Inherent Risk Risk Resulting Assurance
High Inherent Risk 60% 40%
Moderate Inherent Risk 50% 50%
Low Inherent Risk 40% 60%
There is positive relation between level of Inherent Risk and Risk.
ii. Control Risk:
“Control Risk is the chance that the Internal Controls will not prevent or detect Material
Error.”
This is the risk that material error is not prevented and detected on timely basis by the
Internal Control structure.
Note: The cost of Internal Control should not exceed the potential losses that could
occur without those controls.
Cost of Internal Control < Prevented losses.
Rs. 10,000 < Rs. 20,000
Then, Rs. 10,000 must be spent for Internal Controls
Page | 34
So, above mentioned causes increase the Detection Risk.
Note: So, it may be said that audit risk is a combination of above three risks. The risk
assessment is very important to determine the extent to which audit will examine the
system procedures and practices. THEN
Lower the overall Risk = Lower the Audit Cost.
a. Identification of Risk
The auditor should enable to indentify the risk, which can be faced during audit
process. Following steps are helpful to identify the risks:
List the Program Objectives i.e. Assets to be safeguard.
Identify threats of risks.
Identify the risk with the probability of occurrence i.e. Inherent Risk.
List control and assurances which exist within the system.
Identify the risk which may occur even existing of control i.e. Control Risk
Recommendations regarding controls and assurances.
This activity should be documented in permanent file.
b. Indicators of Risk
Indicator of risk refers; the auditor should be alerted while conducting audit process.
Analysis of data may produce information that does not look correct.
Following are the indicators of risk:-
i. Processing Risk,
ii. Program Risk,
iii. Regulatory Risk, and
iv. Risk of Fraud.
i. Processing Risk:
Errors can occur unintentionally/ unwillingly, especially in following situations:-
a. A new government program with low experience administration,
b. New systems / procedures are introduced,
c. Changes in management i.e. high turnover of staff (Administrative procedures
are poorly documented)
d. Unclear responsibilities.
ii. Program Risk:
Certain government programs are particularly sensitive to significant losses i.e.
intended or unintended. Following examples of programs that should be given a careful
assessment of risk are:-
Page | 35
a. Loans or guarantees,
b. Unclear terms and conditions of contracts,
c. Research and Development Projects
d. Programs with vague outputs and outcomes. Huge expenditures, which have
been spent on these programs, should be given the high priority by the auditor
to examine.
iii. Regulatory Risk:
The usual purpose of regulations is to protect the public i.e. health protection,
transportation safety or other law enforcement.
Failure in this program can occur at various points within regulatory system. This risk
can drive from:-
a. Inadequate laws,
b. Inadequate inspection / detection i.e. untrained inspector, poor supervision of
inspection etc,
c. Inadequate penalties,
d. Poor record and inadequate statistics,
e. Environment factors outside of the regulatory process.
iv. Risk of Fraud:
There are many classical indicators of weakness that can contribute to fraud. Some of
these are:-
a. Insufficient separation of duties,
b. Only person can access the financial information,
c. Weak controls,
d. Inadequate management supervision, inspection or review,
e. Inadequate and untimely reports,
f. Non-existent reconciliation.
c. Factors affecting Audit Risk
These factors show how much risk is accepted by the auditor to provide assurance of
non-misstatement of material in financial statements. Following factors are helpful to the
auditor for issuance of unqualified opinion:
i. Professional Exposure:
If the auditor has a risk of his reputation then he will accept deeper audit work for the
sake of his reputation. If there will be a chance that the financial statements and the audit
Page | 36
report will undergo a lot of scrutiny then the auditor will consider the financial statements at
high level. This could occur in following cases:-
a. Receiving a lot of bad publicity,
b. Chancing of being privatized, transferred etc,
c. Issuing new debt,
d. Getting into financial difficulty.
For the audit entities, the auditor may reduce their audit risk to reduce their
professional exposures risk.
Page | 37
low level of audit risk)
All other entities 5% 95%
Increasing the overall assurance will increase the required amount of audit work.
Going 95% assurance to 97% assurance could add 20% to the required amount of audit work.
There is a negative relationship between audit risk and overall assurance.
Page | 38
I. General Standards of Internal Control
INTOSAI describes 5 general standards of internal control:
i. Reasonable assurance: Internal Control should prevent and detect errors for
management and provide assurance to auditor.
ii. Supportive attitude: All the members of organization should show the
supportive and acceptable attitude.
iii. Integrity and Competence: Managers and staff members should show
competence and integrity to develop, maintain and implement the internal
controls.
iv. Control Objectives: It is too much expensive. Specific control objectives
should be developed for each activity. It should be appropriate,
comprehensive, reasonable and integrated with each other.
v. Monitoring Control: Managers should monitor the internal controls and take
action at the spot of time in case of errors, frauds and mismanagement,
ineffective, inefficient and insufficient operations.
Page | 39
vi. Access to Accountability For Resources and Records: An individual, who is
authorized and accountable for his authority, should provide limited access to
resources and records.
i. Control Environment:
Control environment is created by the management to influence the control
consciousness of the staff. It includes:-
a. Manager’s philosophy and operating style.
b. Delegation of powers i.e. Methods to assign the job.
c. The organizational structure.
d. HRM policies and practices.
e. Integrity and ethical values.
f. Commitments to competence.
g. Reaction to change influences.
h. Existence of an Internal Control Unit.
Page | 40
ii. Risk Assessment:
Risk assessment is very much helpful to implement the internal controls. It identifies
and highlights the area where the internal control is required. Risk can be minimized by
implementing risk assessment.
iii. Control Activities:
Control activities are the policies and procedures which are helpful to manage and
ensure the internal control.
Control activities occur throughout all the levels of organization. It includes:-
a. Proper authorization of transactions;
b. Physical control over assets and records;
c. Independent checks on performance;
d. Adequate segregation of duties.
iv. Information and Communication:
Important information must be identified and communicated to the management as
well as staff member. Communication and information plays a vital role to carry on the
organization’s functions / activity in proper manners.
v. Monitoring:
Monitoring is the crux of internal controls. If the proper action is not taken while
monitoring, against violation of internal controls then it is just wastage of money to develop
internal controls. It involves the ongoing and periodic assessment of internal control
performance.
Page | 41
c. Manual VS Electronic Controls:
Manual Control is operated by staff. It includes misjudgment, human errors,
carelessness, fatigue etc. Such control is visible. Electronic Control is invisible
control. It is built on computer programs, soft wares, etc. i.e. the report
electronically generated with no signature, biometric attendance.
d. General VS Applications Controls:
General Controls are applicable to the accounting systems i.e. password
restricting access to a computer network. Application Controls relate to protect a
specific process function to ensure transactions are complete, accurate and authorized.
e. Documented VS Undocumented Controls:
Documented Controls means the evidences of controls are performed i.e.
signature & initial. Undocumented Controls means the evidences of controls are not
performed i.e. electronic generated reports where signature is not required.
f. Preventive VS Detective Controls:
Preventive Controls means identification of errors before transaction is taken
place. Most data entry controls are preventive controls i.e. Pre-audit of documents.
Detective Controls means to identify the errors after happening of events /
transactions. Most output controls and reconciliation are detective controls i.e. Post
Audit of documents.
Preventive controls are usually less costly than detective controls.
g. Compensating Controls:
Compensating Controls means a control is implemented in a weak control. For
example, a cheque is recorded for incorrect amount then it can be ascertained at the
time of reconciliation.
Page | 42
audit can play its role and achieve its objective. Therefore, its report will be very much
helpful for the management for decision making and monitoring.
Following ways the internal audit can play a vital role:
1. Not the Part of Operational Management:
Internal audit must not the part of operational management. If it will participate in
operational control, then it cannot perform its duty and audit work in effective and efficient
manners because every decision and operation will be taken with its consent.
2. Review and Audit of Management / Organization:
The internal audit should not perform the checks on current basis. Management
cannot work properly if checks are performed on current basis.
It should check the audit work and review independently after passing time to monitor
the duties of management are properly performed or not.
3. Co-ordination and Co-operation:
There is a relationship between DAGP and internal audit due to co-ordination, co-
operation and professional reliance. If the DAGP understands that internal audit is
independent, so DAGP can rely its audit work up to 80%. This relationship can be enhanced
by following ways:-
Internal audit and DAGP will co-ordinate each other in audit efforts by
knowledge and amendments in their plans.
Having access to each other’s plans and programs.
Access to internal audit’s working papers.
Exchange of audit reports and management letters.
Common, understanding of audit techniques, methods and terminologies.
Rely on internal audit work & report and reduce additional requirement of
DAGP i.e. additional testing, etc.
4. Provide Effectiveness of the Internal Controls:
Internal audit should provide adequate assessment and effectiveness of the internal
control. If the auditors of DAGP monitor the internal audit and impress from internal control,
then DAGP will prefer and may certify their work. DAGP may re-perform their audit work
which it is considered by them.
5. Internal Audit as Team Member:
If the audit party is impressed by the internal audit unit, then it can become its team
member. The audit party will check and review its work like its own member’s work.
Internal audit will help the DAGP to perform its audit work and objectives.
Page | 43
VII. Documenting Our Understanding Of Controls
The auditor should understand the internal controls on organization. He should
prepare the documents regarding internal control which reflects his ability to assess the
controls. The documentation of internal controls should be the part of audit. It helps in
supervision and improves the communication between the audit team.
There are 4 methods of documentation. It will be the part of permanent file.
1. Narrative:
It is a written descriptive material of documentation. There are four characteristics:
Origin of every document and record in system,
Description / detail of all process,
Disposition of every document,
Indication of control.
It is very laborious and bore working for reader.
2. Flow Chart:
It is time consuming exercise. To draw a flow chart, all symbols must be identified
and recognized. It is very convenient for a reader to understand the information than
narrative. It:-
Provides a concise overview,
Helps to identify inadequacy,
Shows clearly the separation of duties, and
Is easier to follow a diagram.
3. Internal Control Questionnaires (ICQs):
It is the method which FAM recommends to make documentation of understanding. It
is very easy and understandable. The auditor answers just in “Yes” or “No”. ICQ requires a
thorough check of internal controls to answer the questionnaires. Questionnaires are not
updated. These may be answered without thorough check of internal controls.
4. Walk Through (Cradle to Grave Test):
It is a method which is adopted from start to end. All information from beginning to
end is disclosed. To conduct this method, an auditor select 3-6 transactions and tracing all the
transactions into the audit cycle until it is summarized and included in audit report.
Page | 44
5. DETERMINE COMPONENTS:
The auditor divides the financial statements into different parts or components. Each
component is audited separately. Risk is assessed for each component i.e. Inherent Risk,
Control Risk, Detection Risk, etc.
For a financial statement audit, financial statements are logically dividing into parts/
components by considering “Line Item”. So, Line Item is a component which shows the
amount reported in financial statements disclosing the notes.
Some items are shown in different groups i.e. expenditures may be grouped by:-
Ministries, Departments, Agencies’ expenses.
Appropriation Accounts.
Economic Functions (General Public Services)
Object Element (Pay Roll expenditure, etc.)
In expenditure group, object element or ministries expenses will be considered as
separate components.
Page | 45
Presentation,
Compliance with relevant laws.
Borrow:
Determine that the amounts and debt terms (period, interest rates, repayment
schedule, etc) are according to the appropriate law.
Revenue:
Determine that the cash received is:
• For an approved tax or approved revenue source.
• In accordance with applicable legislation.
NOTE:
Federal and Provincial governments are generally considered to be audited
for all above objectives because the governments have been authorized to
borrow.
Error conditions are ways in which an asset, liability, revenue or expenditure item
may not be valid and complete.
Page | 46
For the completeness of Payroll expenditure, the auditor considers how Payroll
expenditure figure might not be complete and may identify 3 errors:-
“Inherent Risk is chance of material error assuming there are not internal controls”.
Higher the inherent risk, higher audit effort required. It is assessed in a hypothetical
environment.
Page | 47
V. Number of Locations: If the transactions are recorded at more than one
location then the chances of occurring errors will be high and difficult to avoid
the risk.
VI. Accounting Policies: If the Accounting Policies are not properly followed by
the audited entities, then the chance of occurring errors may be larger i.e. Cash
basis accounting policy has more chances of embezzlement of cash than
accrual basis accounting policy.
VII. Risk of Frauds: An error could be intentional one. The Auditor should be
questioning mind. If he will not able to detect fraud, then he may be
considered incompetent. If the management will misrepresent the record, it
will be factor of inherent risk.
Page | 48
Cost of Internal Control < Prevented losses.
Rs. 10,000 < Rs. 20,000
Then, Rs. 10,000 must be spent for Internal Controls
Test of Internal Controls: means to get assurance that the internal controls
are operating effectively and efficiently.
Substantive Tests: are used to check and verify the accuracy and
completeness of data produced by the accounting system. It can be divided
into:
Analytical / Substantive Procedure.
Substantive Tests of Details (STD).
Audit procedure is applicable on financial statements. It is used to assure the internal
controls and substantive assurance. It is called “dual purpose tests”.
Above three tests are discussed below:
It includes:
• Inquiries of entity personnel,
• Observation of policies and procedures,
• Walk through procedures,
Selecting a sample of transactions and verifying that the internal controls’
procedures were followed.
Page | 49
Test of internal Controls are also called “Compliance Testing or Audit of
Internal Controls”.
Note: Last method is normally used to test the individual control.
Page | 50
4. Statistical Analysis:
Statistical analysis is similar to predictive analysis. Co-relation and
Regression line method are used for analysis in this technique. This analysis is
made by drawing / identifying variables and developing an equation model.
5. Overall Verification Procedures:
An estimate of on account balance from known and verified data is built
up in this analytical procedure. It usually results in an accurate estimate of the
account. A predetermined initial amount is specified for identifying significant
fluctuation to investigate. For example, the auditor can verify the number of
rental units by type of units, average rent by type of units and vacancy rate.
All above methods are also called “Other Substantive Procedure Risk”
(OSPR)
Page | 51
“OR”
o High risk transactions and events.
STD also identifies the compliance with Authority test i.e. rules and regulations that
apply to an entity.
Audit risk model involves all kind of risks i.e. Inherent Risk, Control Risk, Detection
Risk.
AR = IR x CR x DR.
DR = Other Substantive Procedure Risk (OSPR) X Substantive Tests of Details Risk (STDR)
So,
AR = IR x CR x OSPR x STDR
AR
STDR =
IR x CR x OSPR
Confidence Level = 1 – STDR
Auditor can afford high STDR because other risks are providing assurance.
Audit risk has inverse relation with assurance. IR and CR have direct relation with
assurance.
Page | 52
EXAMPLE:
If AR = 5%, IR = 50%, CR = 50%, OSPR = 50% then STDR =?
AR
STDR =
IR x CR x OSPR
0.05
STDR =
0.50X0.50X0.50
0.05
STDR = = 0.40 or 40%
0.125
So
Confidence Level = 1 – STDR
NOTE:
Auditor can afford high STDR because other components of Audit Risk
Model provide assurance.
Page | 53
Chapter No. 8
Page | 54
Learning and Advancement: Due to rotation policy, it will be very helpful
to junior staff members who assist the senior members and get knowledge,
method, skills and experience regarding audit work.
2. TIMING OF AUDIT:
Financial year of all government entities ends on 30th June of each year. So, according
to NAM, these entities has to submit their accounts to AGP for audit purpose up to 30th
August of each year and AGP must issue report on or before 30th October.
So, AGP has to introduce an “Interim Audit” to provide his report to Parliament due
to shortage of time.
INTERIM AUDIT:
It is an audit performed at an interim date. Interim date is a date in advance of the year
end date. The auditor will perform audit for first 6 months (i.e. 1st July to 31st Dec) in
February and March. Next 3 months’ audit (1st Jan to 31st March) in May and remaining 3
months’ audit will be performed after 30th June. So, Interim Audit is performed in three
stages i.e. First six months, second quarter and third quarter.
Factors for Determining the Time / Benefits of Interim Audit:
i. Interim Audit: It improves the timeliness of audit report.
ii. Change the Planning & Decisions: Interim Audit provides the indications
that the auditor can change / update his decision and planning which he has
standardised i.e. verification of Internal Controls.
iii. Staff Problems: Interim Audit solves the staffing problems. Audit work can be
performed effectively and efficiently by conducting interim audit in spite of
lack of staff members.
iv. High Cost: Interim Audit’s drawback is that, it enhances the audit cost. So, it
is not adopted by the AGP.
3. BUDGET REQUIREMENTS:
Budget requirements are third most important activity of audit planning and most
important. No audit work can be performed without allocating budget for audit purposes. Any
change in nature, extent and timing effect the budget allocation. The audit budget includes:
i. Cost of travel, accommodation and subsistence while visiting audit sites. (i.e.
Daily Allowance)
ii. Cost of any purchase (i.e. Stationery)
iii. Level of effort of audit team members (i.e. Honorarium)
Page | 55
Factors for Allocation of Budget:
Following factors must be considered while allocating the budget:
Size of entity:
Size (large or small scale) of entity has a limited effect on budget
requirement. According to size of entity, budget requirement may be
increased or decreased due to incurring of expenditures.
Complexity of the entity & its transactions:
Some entity’s nature of work is very complex and its transactions are not
easy to understand and audit. So, these entities require more expenditure
than straightforward entities. So budget requirements for complex entities
will be larger than other entities.
Audit Risk:
Audit risk and audit assurance have a negative relation with each other. If
the audit risk is higher then audit assurance will be low for audit, so the
auditor has to perform more work. If the audit risk is lower then the audit
assurance will be high, so the auditor has to perform less work to provide
the audit assurance.
Audit Risk Audit Assurance Required
3% 97%
5% 95%
So, higher audit risk will affect the budget requirement due to more
expenditure and the higher audit risk has positive relation with budget
requirements.
Inherent Risk:
Inherent Risk and audit assurance has negative relation with each other. If
there is high inherent risk, then audit assurance will be low and vice versa.
Due to high rate of inherent risk, assurance will be low and much work
will be performed to achieve required assurance and vice versa.
Audit Inherent Risk Audit Assurance Required
High 60% 40%
Moderate 50% 50%
Low 40% 60%
So, High inherent risk has positive relation with budgeted requirements.
Page | 56
Control Risk:
Control risk and audit assurance has also positive relation between each
other. High control risk means low level of efforts is required to credible
and reliable audit report. There is negative relation with budgeted
requirement and control risk.
Control Risk Audit Assurance Required
High 80% up to 20%
Moderate 50% up to 50%
Low 20% up to 80%
Experience of the Staff performing the Audit:
Auditor’s knowledge, skills, integrity and experience is cause of low
budgeting requirements. Trained staff will perform audit work effectively
and efficiently within short span of time. If work load will be reduced then
the budget requirement will automatically be reduced.
4. FORMULATE / UPDATE AUDIT PROGRAMS / EXECUTION OF
AUDIT PROGRAMS:
Audit programs are formulated for substantive audit. Audit programs contain
procedures necessary to obtain sufficient, relevant, reliable, timely and objective evidence to
support audit findings. Followings are the components of audit programs:
i. Internal Control Questionnaires (ICQs) and test of Internal Control
ii. Analytical Procedures / Substantive Analysis.
iii. Substantive Tests of Details.
After planning phase, the auditor must update:
1. The Permanent File.
2. The Planning File.
3. Audit Planning Memorandum.
4. Audit Program.
5. Staffing Requirements.
6. Budget Requirements.
7. Timing Consideration.
8. List of information to be obtained from officials of entities.
Page | 57
Chapter No. 9
CONDUCTING THE AUDIT
Conducting the audit means the auditor is in field to perform the audit work. The
updated audit programs will guide the detailed activities of the auditors. Audit activities are
performed for regularity audit. The auditors have to conduct three types of audit for regularity
audit.
• Compliance testing
• Substantive Testing/ Analytical Procedure.
• Substantive Test of details.
Compliance Testing:
Compliance testing is the first step of conducting the audit. Compliance test means to
evaluate the effectiveness of internal controls.
In planning phase, a judgement regarding internal controls are made (i.e. internal
controls are good and working effectively) and rely on internal controls. So, the judgement
can be modified by verification or audit of internal controls through sample size.
If the auditor assures that there are 0% error rate and 5% tolerable rate of errors, then
the auditor will take sample size between 30 and 60.
Compliance testing minimizes the substantive audit (financial audit).
Substantive Testing/ Analytical Procedure.
After performing compliance testing, the auditor has to provide more assurance
regarding accuracy of financial statements. So, assurance can be provided through detailed
testing of sampling transactions. The reliance of substantive analysis depends upon the
following factors.
• Materiality:
Materiality of items means verification of amount / value shown in financial
statements. The auditor does not depend upon analytical procedures only for heavy amount.
He has to perform the thorough check of amount from vouchers to financial statement.
• Other Audit Procedures:
Adopt other audit procedures i.e.
i. General reviews for reasonableness.
ii. Predictive Analysis.
iii. Statistical Analysis.
iv. Comparative Analysis.
Page | 58
v. Overall verification procedure.
• Level of Precision:
Precision can be made if there is a certainty of an event. It can be obtained by
adopting any above mentioned procedures.
• Results of the Evaluation of Internal Control:
Reports of audit normally depend on results of evaluating internal controls. If results
show the weak internal controls, then assurance / reliability can be obtained by adopting
Tests of Details.
Substantive Tests of Details:
More reliability and assurance can be obtained by adopting following techniques of
tests of details.
• Re-computation / Recalculation:
This technique is used to verify the arithmetical accuracy of financial statements. It
provides the strong evidence of the tested operations. It cannot provide the evidence
regarding completeness, accuracy, existence or authorization of components of the
computation.
• Confirmation:
This technique is used to provide strong evidence from external source. This
procedure is used to confirm cash at bank or amount owing from creditors.
• Inspection:
This technique is used for verification of physical existence of assets and
documentation of transactions (i.e. date, price, quantity, total amount, authorized person’s
signature on vouchers). It does not provide evidence about ownership, completeness or
valuation of assets.
• Cut-off Procedures:
Cut-off Procedures are normally adopted to insure the proper recording of
transactions i.e. only current financial year’s transactions, not last year’s transactions. This
technique is used to find errors of omission and commission.
Page | 59
SELECTION OF ITEM FOR TESTS OF DETAILS
I. Selection of Items:
Generally, some of the all items are selected from prescribed data for audit purposes
but the opinions / reports are generated about the whole data. Items can be selected by
following ways:
• Selecting key (risky) and high value.
• Taking a representative sample from whole data.
• A combination of both.
II. Substantive Sampling Plan:
It is very important that how a sample will be selected? Without using scientific
techniques, s sufficient and representative sample cannot be selected for assurance of
financial statements. The total level of errors in population is deducted from the sample on
scientific basis. In implementing a substantive plan, following steps should be considered.
• Decide what is to be tested?
• Define and select the sample.
• Audit the sample items.
• Evaluate and interpret the results.
III. What is to be tested?
First of all, auditor will decide the objectives of the test. It includes defining,
acceptable risk of material error, the population from which sample will be selected. Larger
the sample size, occurrence of sample items will have more chances.
Completeness of the population cannot be verified by using a sample because omitted
items have no chance to be selected.
IV. Define and select the sample:
It is necessary for accurate and reliable conclusions to select a representative sample
from whole population. To determine sample size, following levels should be considered.
• Acceptable level of Materiality. (compared to the value of the population)
• Level of confidence i.e. 95%
• Expected aggregate errors / assumed level of error i.e. 20% (Cannot be
known until sample has been taken)
Monetary Unit Sampling (MUS) method is preferred for selecting samples. This
method is used in form of currency i.e. Pak Rupee, Dollars etc. The Auditor can sometimes
reduce the sample size by using a Stratified Sample.
Page | 60
Stratified Sample means large value transactions will be tested 100% and sample
will be taken from small value transactions at the ratio of 80:20. 80 represent the large
transaction’s ratio where 20 show the small transaction’s ratio. 80% transactions in total
population are larger values. Samples are taken from population by fixed intervals.
V. Audit the sample item:
There is no compromise while conducting audit of transactions of large value and
representative samples of small value. Both will be audited at 100%.
EVIDENCE
“The auditor requires evidence to support all information presented in the audit
report.” Observation without evidence has no value and is not considered by the higher
authorities.
Essentials / Attributes / Characteristics:
Evidence has 4 essentials:
• Sufficient
• Relevant
• Reliable
• Objective
Page | 61
Sufficient:
Evidence should be very strong and clear for understanding of a common man for his
conclusion. It should be sufficient to lead a reasonable person to the same conclusion. The
sufficiency will be influenced by:
• The auditor’s knowledge of the entity & its environment.
• Materiality / Significance of matters.
• Depth of audit either limited area or cover the whole population.
• Assurance provided by the auditor.
• Quality and quantity of evidence.
• Acceptance of the evidence by the management.
Relevant:
Evidence must be related with audit programs. Relevancy refers a relationship of the
evidence to its use and applicability. Relevant information regarding evidence must be
collected. Audit evidence must support audit statements directly and timely.
Reliable:
Collected information must be reliable which will cause of reliable evidence.
Evidence will be considered reliable if:
• Based on facts not on opinion.
• An accurate reflection of reality.
• From a reliable source.
• Consistent with other evidence (to support by other evidence)
• Remains true and valuable for all situations within audit domain.
Observations and interviews are not considered as reliable source of collecting
evidence. Occasionally, documented evidence may be un-reliable.
Objective:
Evidence should be objective and free from bias. Evidence should be neutral and
impartial. Evidence should not base on assumptions and close-mind.
Evidence should be evaluated objectively. Alternative interpretation of the same
evidence should not be considered and inconsistencies in the evidence should also be
resolved before reaching the final conclusions.
TYPES OF EVIDENCE:
Evidence can be classified into 5 categories:-
i. Documentary;
ii. Observational;
Page | 62
iii. Physical;
iv. Oral; and
v. Analytical.
1. Documentary:
Document is most reliable source of evidence. It is the main source of audit evidence.
Documentary evidence can be further divided into:
a) Internal Evidence: Internal evidence is provided by the management i.e. accounting
record, copies of outgoing correspondence, budget, internal reports etc.
b) External Evidence: External evidence is provided by the supplier, bank and other
stake holders (third parties) i.e. letter, memorandum etc.
2. Observational:
Observational evidence is obtained by observing people, events or examining
property. Observational evidence will be more reliable if it is obtained by 2 auditors. At the
time of inspection, if observational evidence is not proved then the auditor will be liable who
provides observational evidence.
3. Physical:
Physical evidence consists of photographs and videos of assets. Physical evidence is
normally collected in copy, not in original. But, some special standards require the original
physical evidence to support the audit objection.
4. Oral:
Oral evidence means evidence is collected through interviews, inquiries and quotes.
Interview plays vital role to collect oral evidence. Followings are the source of oral evidence.
• Various levels of management.
• Person directly involved in operations.
• Suppliers & Contractors.
• Recipient of Government Services.
• Experts and consultants.
• Members of general public.
• Other ministries / departments, etc.
5. Analytical:
Analysis of data can provide important information. Strong analytical skills of
auditors provide the information to management which is unknown by it. This evidence is
collected by analysing data. Uses of analytical evidence:-
• Calculating variability in levels of efficiency.
• Ensuring interest payments are properly calculated.
Page | 63
• Confirming the payroll and expenditure are accurate.
COLLECTION OF EVIDENCE
Evidence can be collected by the following ways:-
• Broad Approach
• Specific Approach
• Expanded Approach
Broad Approach:
In Broad Approach, in planning stage at the time of starting audit, data is collected as
evidence. Interviews or inquiries are the main source of collection of evidence. More open
questions are asked to collect evidence.
Specific Approach:
In Specific Approach, the collected evidences are gathered and highlighted in Broad
Approach. Then specify the key questions regarding related audit findings and analyse their
answers. More précised and specific questions are asked for collecting evidence.
Expanded Approach:
In Expanded Approach, specific questions are expanded for further and detail
collection of evidence data. The auditor should apply his judgement that what evidence
should collect and what should ignore.
DEALING WITH THE MATTERS DURING FIELD WORK.
Audit is very difficult task to perform. Therefore, auditor has to face and handle the
matters during field work. Main task of audit is to find audit objections and relevant reliable
evidence to support the audit findings.
In this process to obtain evidence, auditor should deal with the following matters:-
I. Un-anticipated Matters:
Audit programs have already approved by the authority and it should not assume that
these cannot be changed. Audit programs can be changed and modified according to
difference situations.
If there are minor un-anticipated matters then auditor can change the audit program
without prior permission. However, if the matter is more significant then the auditor has to
obtain approval for modification in audit program.
Page | 64
Examples:
1. If auditor assumes 80% Control Risk in planning phase but he has no enough time
to audit Internal Controls in field work then he can assume 100% Control Risk.
No approval is required for modification.
2. Change in audit programs is required approval of management i.e. increase in
number of days, increase in number of auditors etc.
II. The Substance of Transactions:
The auditor should verify that the transactions, which have shown in financial
statements, were actually performed or not. Identify that what is the result of transactions.
Example:
A bribe is shown as commission.
Purchase of assets is shown as long term lease.
Page | 65
2. One entity official provides information which is not supported by the information
of another official of entity.
In this example, when the auditor receives conflicting information from officials, he
should consider following steps:
Both officials’ information is reliable.
To identify the reason of providing different information.
3. The auditor identifies the material error and asks the management to investigate.
But the official provides after analysis that there is no material errors.
In this example, when auditor’s analysis does not support the auditor’s estimates then
the auditor should audit the entity’s analysis with supporting documents.
The auditor should not provide the assurance of audit until the conflicting evidence is
resolved.
Page | 66
CONCLUSION AND RECOMMENDATIONS
CONCLUSION:
Conclusion refers comparing of actual findings of audit with expected findings
(accounting standards, criteria) and identifying the deviations or differences.
Auditor has to face unanticipated evidences during field work while collecting the
evidence. Audit reports generally depend upon conclusion and recommendations.
Conclusions should focus on significant and important issues. Following are points of
important issues:
i. In-efficient or in-effective operations.
ii. Failure to measure and report on the efficiency of operations and effectiveness
of the programs.
Performance audits are also concerned with:-
i. Failure to acquire resources economically and to safeguard.
ii. Lack of accountability.
iii. Inadequate Control and excessive risk.
iv. In-efficiencies, errors, waste & misuse.
RECOMMENDATIONS:
After clearing the actual findings at different level of management of the entity then
the auditor should explore potential recommendations. Those are supported by the
management and then these will be implemented effectively and efficiently.
Recommendations should underlie the cause of errors or deficiencies.
i. Alternative courses of remedies.
ii. Effects, positive or negative, while adopting recommendations.
iii. Feasibility & cost of recommendation adopting.
Page | 67
deleted by the supervisor and also identifies the observations which are not raised by the
auditor.
Proper supervision varies situation to situation as follows:-
Junior Staff will supervise effectively as Senior Staff.
Inexperienced auditors should supervise more closely than experienced staff.
The auditors who are performing audit services on a complex organisation
should be supervised more closely than those auditors who are auditing simple
and routine audit.
Benefits of Supervision:
i. The auditor should understand all of the planning decisions before starting
field work.
ii. The audit work should be completed within prescribed time, unless
changes are required.
iii. Only essential work is performed.
iv. Sufficient audit evidence should be obtained.
v. Audit findings are supported by the sufficient reliable and relevant
evidence.
Review:
A senior officer should review the working paper files of audit performed. Review
will be helpful to ensure that:-
i. All evaluations and conclusions are authenticated and supported by reliable
evidence.
ii. All errors, deficiencies and unusual matter are properly identified, documented
and evaluated.
iii. Changes and improvements for conducting audit in future should be identified
and recorded.
A preliminary review at an interim date could detect the problems with the work at an
earlier date to save the audit hours and to make amendments.
Timely Reporting and Monitoring:
Only proper supervision and review is not sufficient for quality assurance. Monitoring
is also helpful for quality assurance i.e. timely reporting and monitoring. Quality assurance is
provided by sufficient and efficient audit work and effective monitoring. It should be
provided within budget and required deadline date. Proper supervision and monitoring will
help to generate the audit reports within prescribed date.
Page | 68
Chapter No. 10
EVALUATING AUDIT RESULTS
Errors are evaluated in three stages and the conclusion is made on results:
a) Of each test
b) Of each component
c) Of financial statements as a whole.
CAATs (Computer Assisted Auditing Techniques):
CAAT is a technique which is helpful in computerized audit. This technique is useful
to determine and calculate MLE (Most Likely Error), UEL (Upper Error Limit), MPDR
(Maximum Possible Deviation Rate) and MLDR (Most Likely Deviation Rate).
Advantages of CAATs
Following are the advantages of CAATs:-
i. Calculations are performed quickly.
ii. Various analytical procedures are performed.
iii. Various calculations are performed.
iv. Identify unusual, duplicate or missing items.
v. Comparing of data from one file to another file.
vi. Determine a sample size, select a sample and evaluate sample results.
IMPORTANT TERMINOLOGIES
1. Known Error:
Error which is found during audit work is called known error.
2. Sample Error:
A sample error is an error which is found in sample of population during audit work.
3. Sample Unit:
The sample unit is the specific item of which the population is assumed to be
composed for sampling purpose.
Example:
A population is of purchases for a year. Purchases are recorded on cash disbursement
after receiving several supplier invoices. Each supplier’s invoices contain several
purchases. In this example, sample unit could be:-
i. Each cash disbursement.
ii. Each supplier invoice within each cash disbursement.
iii. Each purchase within each supplier invoice.
iv. Each rupee of value within each purchase.
Page | 69
4. Physical Unit:
Physical unit is the specific document to which the sampling unit is assumed to relate.
Physical unit is normally the same as sample unit (i.e. cash disbursement, individual
supplier invoice, individual purchase)
5. Population Size:
Population size is the number of sampling units in the population i.e. cash
disbursement, supplier invoice, purchase or rupee.
Population size does not influence the related sample size except for small population
size. Selection of sample size depends on confidence level i.e. 95% normally.
Example:
Our population of purchases for a year may be composed of 16000 cash
disbursements, 3000 supplier’s invoices, 7000 purchases and 100,000,000 individual
rupees. Any one of them may be constituted as population size. It depends upon
sample unit.
6. Population Value:
The population value is the monetary amount of the population being sampled. In
above example Rs. 100,000,000 is population value.
There may be individually large transactions in the population then the auditor has to
audit 100% of those transactions due to high risk. Sample will be selected after
deducting large amount transactions from population.
7. Tainting:
Tainting is a percentage by which each unit is in error. MUS is a technique which
uses tainting to arrive at MLE.
8. Monetary Unit Sampling (MUS):
MUS is a technique to select a sample in a population. MUS gives importance to
transactions of high monetary values. MUS is based on possibility population to size
(PPS). MUS can be used for substantive test and may be used for compliance test.
9. Attribute Sampling:
Attribute sampling is a technique which is used for compliance testing. It cannot be
for substantive test. Attribute sampling gives equal importance to each transaction that
every transaction has equal chance of selection. Attribute sampling is helpful to verify
that either internal control is working properly or not.
Page | 70
10. Most Likely Error (MLE):
The MLE is auditor’s best estimates of the error in the population based on result of
sample.
HOW MLE IS CALCULATED?
Example:
Population value = 500,000,000 (Materiality is 1% of Population Value)
Materiality = 500,000,000 X 1% = 5,000,000
Sample size = 325
There are high value items in 7 transactions, no error in 318 transactions.
Calculate MLE from above data.
1 2 3 4 5
Sr. No. Book Value Audit Value Error (2-3) Tainting (4/2*100%)
1 70000 35000 35000 35000/70000 X 100 = 50%
2 33000 12000 21000 21000/33000 X 100 =
63.63%
3 1500 0 1500 1500/1500 X 100 = 100%
4 11200 3300 7900 7900/11200 X 100 = 70.53%
5 4400 0 4400 4400/4400 X 100 = 100%
6 96000 91320 4680 4680/96000 X 100 = 4.875%
7 56133 20000 36133 36133/56133 X 100 =
64.37%
Total 272233 161620 110613 453.40%
Page | 71
MLE > Materiality then qualified opinion will be issued i.e. 6,975,384.62 >
500,000,000
IF
MLE < Materiality but UEL> Materiality then qualified opinion will also be issued.
Where UEL = MLE + FPE
Page | 72
13. Maximum Possible Deviation Rate (MPDR):
In substantive test, Upper Error Limit is calculated. So in compliance testing a maximum
possible deviation rate regarding internal control is calculated by attribute sampling in
CAATs.
14. Most Likely Deviation Rate (MLDR):
In substantive test, MLE is calculated on the basis of sample size. So, in compliance
testing, MLDR is calculated to define how much internal controls are weak?
Page | 73
Determination of materiality is not an exact science. It is determined only on
professional judgment of the auditor. So, it may be increased or decreased. Normally,
increasing the materiality amount up to 25% is acceptable but in some special case, it
can be acceptable up to 50% of population value.
ii. Increase the sample size:
If the sample size of the population is its representative then increase the
sample size will normally provide the same results. It will enhance the auditors work
load. So, this option will be exercised when:
MLE < Materiality or UEL > Materiality (Slightly high)
Page | 74
II. Requesting entity officials to perform a detailed investigation and then re-
audit.:
Entity officials will usually be prepared to correct known errors. So, the
auditor requests to the official to perform a detailed investigation to decrease the
errors and then the auditor must conduct the re-audit and requests entity officials to
make correcting entry of known errors.
Note: If all above options are not possible, then the auditor will issue the qualify
opinion.
Page | 76
Chapter No. 11
a) The financial statements properly present, in all material respects, the government’s
financial position, the results of its operations, its cash flows and its expenditures and
receipts by appropriation; and
b) The sums expended have been applied, in all material respects, for the purposes
authorised by parliament and have, in all material respects, been booked to the
relevant grants and appropriations.
The term “Reports” refers to performance and compliance with authority audit.
a) At the end of each audit, the auditor shall prepare a written opinion or report, as
appropriate, setting out the findings in an appropriate form; its contents should be
easy to understand and free from vagueness or ambiguities. It should be
supported by competent, reliable, and relevant audit evidence, and be
independent, objective, fair and constructive.
b) It is for the Department of the AGP to decide finally on the action to be taken in
relation to fraudulent practices or serious irregularities discovered by the
auditors.
Page | 77
DIFFERENCE:
Page | 78
2. The officials are not aware of irregularities of management or employees and
policies, rules then they have to record and disclose in financial statements.
3. List of valid and properly valued assets, liabilities, revenue and expenditure.
4. All required disclosures have been recorded.
5. There are no significant matters which are required to be disclosed in financial
statements.
6. There are no significant subsequent events which required to be disclosed in
financial statements.
The letter should normally be addressed to those persons who will sign the audit
opinion i.e. AGP, Dy. AGP (Senior) or the responsible Dy. Auditor General.
The letter should normally be signed by the:
Head of entity.
Principal Accounting Officer.
Financial Advisor, and
Finance and Accounts Officer.
WHO IS INTERESTED IN AUDIT REPORT?
Once DAGP publishes an opinion and audit report, it becomes available for review to
following parties:
1. Public Accounts Committee (PAC):
PAC is first user of opinion and report. PAC can give its recommendations on the
audit after going through the audit report. The auditor should prepare his
“Briefing Book” before discussing the matters of audit report with PAC.
Briefing Book should contain:
a. A copy of the report.
b. The key evidence (i.e. extracts of important documents).
c. Anticipated question with pre-determined answers.
2. Police, National Accountability Bureau (NAB) and Other Similar
Organizations:
Any kind of fraud is discovered in audit report. Information regarding fraud
should be intimated to above mentioned organizations for investigation,
punishment, fines and recovery from the entity.
Page | 79
3. Other External Parties:
The contents of specific audit reports may be reported by the media, reviewed
directly by the general public etc. if the auditor wishes to attract the attention of
the media and the general public. It is also important that the audit report must be
concise and clear. The use of press releases, videos, and media briefing sessions
could also be beneficial.
Page | 80
Chapter No. 12
OPINION:
According to DAGP’s Auditing Standards the term “opinion” refers to the auditor’s
conclusions as:
Page | 81
3. Adverse Opinion.
4. Disclaimer of Opinion.
1. UNQUALIFIED OPINION:
An unqualified opinion is given when the auditor is satisfied in all material aspects
that:
i. The financial statements have been prepared using acceptable accounting basis
and policies.
ii. The statements comply with statutory requirements.
iii. The presentation of financial statements is consistent with the auditor’s
knowledge.
iv. Adequate disclosure of all materials provided properly.
Format of unqualified opinion:
The unqualified opinion should consist of following contents:
Title
Addressee
Signature and date
Three standard paragraphs:
o An Introductory Paragraph,
o A Scope Paragraph,
o An Opinion Paragraph
o Emphasis of Matter (additional paragraph)
o Introductory Paragraph:
It identifies the financial statements covered by the auditor’s opinion and
distinguishes the responsibilities of the management and the auditor.
o Scope Paragraph:
In this paragraph, the auditor informs that the audit was planned and performed
according to professional standards and the auditor has made the judgment in applying these
standards. It also provides the degree of assurance, extent and explanation of the nature of
audit.
Page | 82
o Opinion Paragraph:
In this paragraph, the auditor provides his opinion regarding:
a) The financial statements are properly presented, in all material aspects, the
government financial position, the results of its operation, its cash flow
and its expenditures and receipts by appropriation.
b) The sums expended have been applied, in all material aspects for the
purposes authorized by the Parliament. (This paragraph may also state
whether, in the auditor’s opinion certain statutes and regulations have been
complied with.)
o Emphasis of Matter:
It is an additional paragraph and it is used in very rare cases. The auditor just
wants to insert a reference in the opinion to an unusual or important matter that is
properly disclosed in the financial statements. This paragraph is not used to express a
reservation of opinion on the financial statement and not use to rectify a lack of
appropriate disclosure in the financial statements.
2. QUALIFIED OPINION:
A qualified opinion is given by the auditor when he is not satisfied in all material respects
that:
i. A scope of limitation.
ii. A departure from the government’s accounting principles
iii. Uncertainty affecting the financial statements.
i. A scope of limitation:
A scope of limitation has occurred when the auditor has not been able to apply
all the tests and procedures considered necessary in the circumstances. The auditor
does not have sufficient and appropriate evidence to form an opinion whether the
financial statements give true and fair view.
Causes of Scope Limitation.
Following are the causes of scope limitation:
a) Circumstances beyond the control of entity and auditors; such as
destruction of accounting record.
b) Limitation imposed by the entity; such as refusing to allow the auditors to
perform different audit procedures.
c) Limitation created by the entity; such as failure in maintenance of proper
accounting record.
Page | 83
ii. A departure from the government’s accounting principles:
It occurs when there is:
a) An inappropriate accounting treatment; such as failure to record certain
assets and liabilities.
b) An inappropriate valuation of an item in financial statement; such as
recording of fixed assets at a high cost.
c) A failure to disclose all the information required, such as not to segregate
expenditures into all categories.
It can be said “Non Observation of Accounting Principles.”
iii. Uncertainty affecting the financial statements:
An uncertainty normally involves a significant contingency or other event that is
primarily dependent on future developments or future decisions by parties other than
entity officials.
Example:
The government may have guaranteed loans to third parties who are now facing
financial difficulties. In this case, the auditor might not have sufficient information to
determine what amount, if any, the government may ultimately be required to pay.
Format of Qualified Opinion:
The qualified opinion should contain:
i. Title
ii. Addressee
iii. Signature and Date
iv. Four Standard Paragraphs:
o Introductory Paragraph
o Scope Paragraph
o Reservation
o Opinion Paragraph
o Introductory Paragraph:
It identifies the financial statements covered by the auditor’s opinion and
distinguishes the responsibilities of the management and the auditor.
o Scope Paragraph:
In this paragraph, the auditor informs that the audit was planned and performed
according to professional standards and the auditor has made the judgment in applying these
standards. It also provides the degree of assurance, extent and explanation of the nature of
audit.
Page | 84
o Reservation:
Any kind of reservation i.e. scope of limitation, departure from Govt’s accounting principles
or uncertainty.
o Opinion Paragraph:
In this paragraph, the auditor provides his opinion regarding:
a) The financial statements are properly presented, in all material aspects,
the government financial position, the results of its operation, its cash
flow and its expenditures and receipts by appropriation.
b) The sums expended have been applied, in all material aspects for the
purposes authorized by the Parliament. (This paragraph may also state
whether, in the auditor’s opinion certain statutes and regulations have
been complied with.)
3. ADVERSE OPINION:
An adverse opinion is issued when there is a departure from government’s accounting
principles as follows:
a) So fundamental that the auditor is unable to describe clearly how the financial
statements are affected; or
Page | 85
REPORTS:
The term “Reports” refers to performance and compliance with authority
audit.
a) At the end of each audit, the auditor shall prepare a written opinion or
report, as appropriate, setting out the findings in an appropriate form; its
contents should be easy to understand and free from vagueness or
ambiguities. It should be supported by competent, reliable, and relevant
audit evidence, and be independent, objective, fair and constructive.
b) It is for the Department of the AGP to decide finally on the action to be
taken in relation to fraudulent practices or serious irregularities
discovered by the auditors.
Page | 86
• The auditor’s recommendation to deal with the matter.
• The entity’s response (if shown in a separate section).
2. MANAGEMENT REPORTS / LETTERS:
Management reports are reports addressed to entity officials. These contain matter of
less significance.
Both audit reports may deal with:
1. Reservation being expressed in the auditor’s opinion.
2. Such matter which are decided by DAGP, not expressed as reservation.
3. Comments on Financial Statements.
4. Comments on Accounting Policies.
5. Compliance with Authority violation.
6. Internal Control weakness.
7. Performance matters (Value for money).
COMPLIANCE AND PERFORMANCE REPORTS:
A report on compliance or performance should draw attention to the key issues and
concerns raised by the audit.
C = Criteria,
Structure of the Management Report is as follow: C = Condition,
The audit report should normally state the “CCCECR Model” C = Cause,
E = Effect,
1. The context (Background and description of area audited). C = Conclusion,
2. What was done? (Audit objectives and scope). R = Recommendation
3. What was expected to be found? (Audit criteria and / or laws and regulations).
4. What was found? (Findings and observation).
5. What can be concluded?
6. What should be done to improve the management of the area?
(Recommendation)
7. In some cases, management comments but not necessary always.
Page | 87
Chapter No. 13
Page | 88
2. Helpful in supervision of the work.
3. Facilitate review of work performed.
4. Helpful in planning of next audit assignment.
5. Lead to accurate and complete the findings and conclusions in the audit report.
6. Protect DAGP’s reputation.
7. Help to review the audit work and supervision of the audit.
8. Demonstrate adherence to auditing standards and procedures.
CUSTODY AND MAINTENANCE OF THE WORKING PAPER FILES
Working Paper Files are confidential and the DAGP’s property. So, it is the auditor’s
responsibility to keep working paper files in a safe custody at all time. Access to audit files
should be controlled and the storage area should be secure. While maintaining the working
paper file; following guidelines should be followed:
1. No copies of working paper files should be given or shown to the audit entity
2. Working papers should not available to the third parties except in special cases
3. DAGP can provide working papers to the third parties, if necessary, only with the
consent of the audit entity
4. Files and papers should be reviewed before providing to the third party
5. DAGP should always retain control over the working paper files and inspection
should be taken place under the supervision of a representative of DAGP
6. A legal advice should be obtained before producing the working paper file in the
court for legal proceedings and investigations;
7. When original papers are required by the court for legal proceedings then copies
of the papers must be retained by DAGP.
Page | 89
Chapter No. 14
AUDIT FOLLOW UP
FOLLOW UP:
Follow up is an integral part of audit cycle. Follow up of PAC ensures that:-
“Entity officials take action to correct all errors found and
consider to perform the recommendations that are made /
provided”
There should be a follow up after completion of every financial audit.
Follow up can be made at three different stages.
1. Timing of the Follow Up.
2. Determining the Desired Level of Assurance.
3. Performing the Follow Up.
1. Timing Of The Follow Up:
To perform correction of errors, it should be corrected during audit work. If it is not
possible then it must be corrected and rectified before the start of next audit.
Example:
If material errors are found in financial year 2012-2013 and the audit of next financial
year 2013-14 will be start on 01-09-2014, then it is necessary to rectify all the errors before
01-09-2014.
Implementation of Recommendations:
There is no specific prescribed time to implement recommendations. It can be
implemented at any time but for the serious matters:-
i. A realistic time period for entity officials to the recommendation
should be provided.
ii. The realistic time period is reflected in the entity’s audit plan and
agreed by the DAGP and PAC.
2. Determining The Desired Level Of Assurance:
Correction of Errors:
There are basic two levels of assurance that the auditor can plan to achieve.
i. An audit level of assurance; and
ii. A review level of assurance.
Page | 90
To achieve the audit level of assurance, he would need to conduct an audit of the error
investigation performed by the entity to ensure that:
a) The work performed was sufficient and appropriate and done correctly.
b) The entity’s estimate of the error was calculated correctly.
c) The correcting entry was properly recorded.
Implementation of Recommendations:
Recommendations can be implemented on audit level of assurance and review
level of assurance. The auditor will decide to:-
i. Implement the recommendations to provide audit level assurance; it
will have to perform re-audit of the area at which recommendation are
provided to see either recommendations are implemented or not.
ii. To provide at review level assurance; the auditor just reviews the
action of management taken for recommendation to correct error. No
audit will be conducted.
Normally, the cost of audit level assurance is much higher than the cost of
review. But it depends upon the nature of recommendation either assurance should be
provided at audit level or review level.
3. Performing The Follow Up:
Correction of Errors:
When at audit level of assurance is desired, the auditor should determine what
job entity’s officials have performed to investigate the errors. Then perform the audit
on their investigation of errors.
When a review level of assurance is desired, the auditor’s procedures
primarily involve asking the entity officials, “What action they have taken and what
the results were?” without verifying the work performed.
Implementation of Recommendations:
At this stage, the auditor will audit or review the work performed by entity’s
officials. During follow up, the auditor should review the status of management
actions against the plan and where appropriate and validate the reports on action taken
and identify any other issues that need to be reported. The auditor should also assess
the effectiveness of the actions.
Page | 91
Chapter No. 15
QUALITY ASSURANCE
Quality Assurance means:
“Follow up all errors and deviations after performing audit effectively and
efficiently.”
Quality assurance is a tool which is used to minimize the errors and deviations occur
during maintaining the accounts by accounting entities and exempt entities. So,
something must be assured at every step of audit work.
ELEMENTS OF QUALITY ASSURANCE:
Following elements will help to improve quality assurance:
i. DAGP’s Auditing Standards
ii. Annual Planning Processes
iii. Supervision instruments and tools which are used by the auditor. How
to plan, perform evaluate report and follow up the audit.
Quality assurance can be provided at different following phases:
I. GENERAL QUALITY ASSURANCE TECHNIQUES
There are different techniques which are going to be described in following ways:
Quality Assurance Through DAGP’s Stated Values:
DAGP’s stated values (Accountability, Reliability and Professionalism etc.)
help to provide quality assurance during audit work. So, there values are
important components of DAGP’s Quality Assurance Foundation.
Quality Assurance Through DAGP’s Auditing Standards:
DAGP’s auditing standards (Field Standards, Ethical Standards and General
Standards etc.) provide the support to auditor how to perform audit with
quality assurance. The auditors will perform the audit according to prescribed
standards to provide quality assurance of each audit.
Quality Assurance Through DAGP’s Annual Planning Process:
The annual planning process helps to provide quality assurance either the
limited resources are properly utilized to perform audit or not.
Page | 92
II. QUALITY ASSURANCE DURING PLANNING PHASE
Quality assurance procedures during planning processes are provided by
following manners:
Quality Assurance Through A Logical Framework:
The audit cycle provides to the auditor a logical planning process to perform
audit and provide quality assurance by following ways:
i. Firstly, the most critical planning decisions are made.
ii. All required planning decisions are made.
iii. The end result of audit plan i.e. Audit Plan was followed or not.
Quality Assurance Through Documentation And Approval of
Planning Documents:
Different documents are prepared to perform audit. It is called audit plan. It is
necessary to approve the audit plan documents. Audit plan is approved by Dy.
AGP. Audit work is performed according to approved audit plan to provide
quality assurance.
Quality Assurance Through Assigning Appropriate Staff:
Experienced and skilled staff should be assigned according to audit work. This
staff will help to audit effective manners according to rules and regulation,
assigning of appropriate staff is a key factor to provide quality assurance.
Assigning appropriate staff means right auditor for right job.
Quality Assurance Through Budget:
Budget plays a vital role to perform audit work with quality assurance. Budget
is allocated through the monitoring of the time consumed and numbers of
auditors are required.
III. QUALITY ASSURANCE DURING FIELD WORK PHASE
Quality assurance can be provided during the filed work by following ways:
i. Planning decisions regarding unanticipated matters should be revised
during field work.
ii. Applying minimum documentation standards.
iii. Reviewing audit working paper files.
iv. On job supervision.
Page | 93
v. Reporting and monitoring time spent by each resource on every audit
activity.
IV. QUALITY ASSURANCE DURING THE EVALUATION
PHASE
Quality assurance during evaluation phase may be achieved b following ways:
i. All monetary errors, compliance with authority violations, ineffective
or missing internal controls and the assessment of their causes.
ii. The calculation of MLE and UEL for each test.
iii. The calculation of MLE and UEL for each component.
iv. The calculation of MLE and UEL for financial statement as a whole.
v. The assessment of the achieved level of assurance.
vi. The follow up work was performed by the entity officials.
vii. How unacceptable results were dealt with?
viii. The assessment of the reasonableness of the overall results.
V. QUALITY ASSURANCE DURING THE REPORTING
PHASE
Following tools are used to ensure the quality of auditor’s opinions, reports
and statements:
i. Management Representation Letters.
ii. Audit Completion Check Lists.
iii. Memoranda Recommending Signature.
Above documents help to ensure that DAGP is signing the most authenticated
and appropriate opinion which is supported bye required audit evidences. A
formal process is adopted by DAGP to discover report and clear the observations.
This process also helps to ensure the reports are correct. The findings, conclusions
and recommendations in these reports are easily understood, recognized and
realized by the readers.
VI. QUALITY ASSURANCE DURING THE FOLLOW UP
PHASE
Follow up phase is a major and important component for quality assurance.
This phase helps how the work is performed by quality assurance procedures
for planning, field work, evaluation and reporting phases? It improves the
quality of audit work in positive manners during all other phases.
Page | 94
VII. OTHER QUALITY ASSURANCE PROCEDURES
All following procedures help to improve the overall quality of the audit
operations:
o On Going Supervision and Review:
Appropriate and adequate supervision and review plays a vital role for
quality assurance during all phases of audit work process.
o On Going Involvement by Senior Audit Officials:
Senior audit officials are responsible to generate and write audit
opinions and reports. So, their involvement at critical stages of the
audit process provides a chance to improve the skills of inexperienced
audit staff.
On going involvement also helps to decrease the communication gap
between senior audit management and audit staff. It also helps to
monitor the audit staff effectively and efficiently.
o Audit Staff Development:
Audit work is performed by the human beings. So, experienced staff
will perform audit in effective manners than inexperienced staff.
Training and advancement should be a key factor while assigning
specific audit assignments to the audit staff. So, training programs and
workshops must be conducted by DAGP to enhance the skills of audit
staff.
o Outside Experts:
If complicated matters are faced by audit staff during audit work then
the services of outside experts can be hired.
Example:
Additional expertise are required in the area of law, engineering or
actuarial science. When audit teams require specific skills that are not
available in house then DAGP can hire the expertise form private
sector.
o Quality Assurance Reviews:
The DAGP should conduct a regular review process of its activities.
The DAGP should ensure that its internal audit standards and
procedures are followed or not because these standards are according
Page | 95
to highly professional level standards. These reviews should be
conducted on periodic basis, selecting a few audits or activities each
year. These reviews should reflect the continuous improvement to the
quality, efficiency and effectiveness of audit work.
o Entity Feedback:
Entity’s feedback is another technique which is used to assess the
quality assurance regarding audit work. This feedback can be obtained
as part of the quality assurance reviews.
Entity officials can be asked to comment on audit work performed such
as:
i. The extent to which the auditors performed the audit work
while understanding of entity?
ii. The extent to which the auditor has unethical and unlawful
relations with internal audit department of the entity.
iii. The extent to which the senior and experience DAGP officials
were on site?
iv. The extent to which entity input was requested on error found?
v. The qualification of auditors.
vi. How much time spent by the auditor during audit of entity?
vii. The fairness of the audit opinion and reports.
viii. The reliability various audit reports.
o Information Technology And Audit Methods Specialist:
Information technology is need of every department to perform any
work in these days. So, computer assisted audit techniques (CAATs)
are used to conduct the audit work. All staff members should have
sufficient knowledge and experience to operate the CAATs.
These techniques should be available to audit team as required. If the
auditors have not experience to operate the CAATs then the services of
Information Technology Specialists can be hired to assist the audit
teams. Various audit offices have created:
i. Information technology specialists groups to assist the audit
team by using CAATs.
Page | 96
ii. Audit method specialists to provide advice and assistance to
audit team in performance of analytical procedures, statistical
sampling and modern audit techniques.
The above specialists are responsible to keep the audit offices’
methodology up to date in their areas of expertise, developing and
teaching courses etc.
Page | 97