MINI

FINANCIAL
AUDIT
MANUAL
BY:
ZAHEER AHMAD HASHMI
AUDIT-IV SECTION,
CMP,LAHORE CANTT.
0300-4170656
 INTRODUCTION
SYLLABUS
 15 Chapters of Financial Audit Manual (FAM)
 Appendices
 2 Ordinances (AGP Ordinance 2001 & CGA Ordinance 2001)
 Article No. 168 to 171 of Constitution of Pakistan 1973.
FAM is also called Certification Audit. FAM is prescribed by Auditor General of
Pakistan in 2006 and used for audit purpose by D.G. Defence Audit.

PIFRA Project for Improvement of Financial Reports &

Audit
PIFR A

NAM FAM

SAP (System Application Project) FAM uses ACL (Audit

can audit of Federation, Provinces Command Language). Section of
and Districts. 7 of AGP Ordinance 2001.

Above project has been ended since 30-06-2013.

PURPOSES OF FAM
Purposes of FAM are to provide:
 A set of Audit Standards.
 Concepts of Audit.
 Techniques of Audit.
 Quality Assurance Arrangement.

IFRS for private Sector International Financial Reporting Standards.

IPSAS for private Sector International Public Sector Accounting
Standards.
IFAC International Federation of Accountants.
IAS International Accounting Standards.

Page | 1
INTOSAI International Organization of Supreme Audit
Institutes.

INTOSAI:
All audit departments are controlled by INTOSAI in the whole world because
it sets the standards of Audit.
INTOSAI has formed the auditing standards cell which is called as ISSAI.

ISSAI International Standards of Supreme Audit

Institutions.
It has four levels of Audit. 3rd level of audit is named as INTOSAI Auditing
Standards. 3rd level discussed Govt. Auditing.

AAGP Additional Auditor General of Pakistan

AGP Auditor General of Pakistan

Dy. AGP Deputy Auditor General of Pakistan

AGPR Accountant General Pakistan Revenues

AG Accountant General (Provincial)

 Management Letter: is a report which is presented to PAO for revision purposes. It
is signed by Directorate General.
 Draft Reports: are such reports which are presented to PAC signed by AGP.

 Entity Communication letters: DAGP has a legal mandate to perform audit work
of Government institutions/ entities. So there is no need of communication letter to
inform entity for its audit. The entity is legally bound to be audited.

Page | 2
 AGP ORDINANCE 2001
According to Section 7: AGP certifies the accounts of CGA. He performs mandatory
Audit i.e. Audit of each year. This audit is also called Statutory Audit.
According to Section 8: AGP will audit all the expenditures of Federation, Province,
Districts & Trading Concerns with respect to compliance with applicable laws. Expenditures
are appropriately spent.
According to Section 12: AGP will also audit all the receipts of Federation, Provinces,
Districts & Trading Concerns. It includes receiving of proper collection assessment, deposits.
Main focus is on ASSESSMENT.
According to Section 14: AGP can inspect any accounts of every department and
ministry.
 He can perform unhidden audit.
 He can check unhidden accounts and information to do proper auditing
work.
 He can conduct audit in his office i.e. Auditor General of Pakistan’s
office.
 He can call explanation in non-cooperation of DDO officers.

CGA ORDINANCE 2001

According to Section 5: Functions and Powers of CGA are discussed in this section:-
 Pre-audit of Accounts of AGs and AGPR by CGA.
 Maintain the accounts prescribed by the AGP in form of consolidation.
 Reports to the AGP within deadline provided by the AGP.
 To control the accounts offices and departments of accounts.
INTERNAL CONTROL: Internal Audit is a part of internal control.
 Providing advice regarding the maintenance of accounts.

Page | 3
 

Draft Para (DP) Proposed Draft Para (PDP)

Departmental Accounts Committee

Ordinary Para Advance Para (Serious)

Observation

Audit Work

Page | 4
 ROLE OF THE AUDITOR GENERAL
Auditor General of Pakistan is a public servant who implements his policies of
accounts and audit in Pakistan. He works on the behalf of Parliament and public to audit/
check the utilization of financial resources properly. Auditor General submits his audit
reports to the President of Pakistan for federal government and submits his audit report to the
governors of provinces for provincial Government. They present the audit report in National
and Provincial assemblies.
Reports Audit Reports

Reports Parliament PAC Audit

DAGP
Legal/
Statutory
Audit Government

PAC IS SETTLEMENT AUTHORITY.

BUDGET:
Budget is an estimation of incomes and expenditures for next year. Budget must have
following two characteristics.
1. Complete means that budget amount is used within current financial year.
2. Valid means:
i. Existence i.e. Assets and liabilities physically exist or not.
ii. Occurrence i.e. income & expenses properly received and spent.
AUDITING:
Auditing is a process by which the Auditor General of Pakistan evaluates the
Financial Statements, submitted by ministries, departments and agencies to state, to form an
opinion on the Financial Statements.
LEGISLATIVE BASIS OF ROLE:
The constitutions of the Islamic Republic of Pakistan, article 168 to 171
relates to the work of the Auditor General of Pakistan.
Most of audit works was performed by the Auditor General under article 168
to 171 of the constitution of Pakistan Order 1973 (Audit & Accounts) upto 01-07-2001. It is
constitutional post.

Page | 5
Article 168:
This article is related with the appointment of Auditor General of Pakistan. So,
the President has the power to appoint AGP.
Article 169:
In this article, the powers and functions of AGP are presented and discussed.
i.e. What kind of work and power can be exercised by the AGP.
Article 170:
Article 170 presents and relates the powers and methodology of preparing and
maintaining the accounts of Federal and Provincial Governments. In article 170, he applies
the policies of accounting.
Article 171:
According to article 171, the AGP will submit his audit report to the President
of Pakistan in case of Federal Government and to the governors of each province in case of
Provincial Governments. After providing audit report, the job of AGP will be completed/
finished.
After 01-07-2001, the Pakistan (Audit & Accounts) Order 1973 was replaced
by the following two ordinances:
 AGP Ordinance 2001 {Functions, Powers, Terms & Conditions}
 CGA Ordinance 2001 {Appointment, Functions, Powers}

Page | 6
 ACCOUNTING RESPONSIBILITY
STRUCTURE OF THE GOVERNMENT OF
PAKISTAN.
There are two types of government prevailing in Pakistan.
i. Federal Government ii. Provincial Government.
Following is the accounting structure of the Government.

CGA
(Primary responsibility is accuracy of Accounts)

Provincial Government Federal Government

AG of every Province (AG is responsible AGPR (receives reports of accounts from

for the centralized accounting entities and sub offices, PAO and report to CGA.)
reporting to CGA.)

District Governments (Distt.

Coordination Officer is the Principal
Accounts Officer of each District, who is Sub offices in big cities Principal Accounting
supported by EDO & DDO.) at provincial level Officer is responsible for
Self Accounting Entity’s
Accounts and Reports to
District Accounts Officer (He is CGA through AGPR on
responsible to pre-audit the bill and issue monthly basis.
payments and record Govt. Transactions
at District level.)

Departmental Treasuries (to record

specific accounting transactions such as
Income Tax, Sales Tax and Custom Duty
etc.

Drawing and Disbursement Officer

( He is responsible for the accounting,
cash & personnel functions.)

Page | 7
CHAPTER NO. 1
AUDITING:
Auditing is a process by which the Auditor General of Pakistan evaluates the
Financial Statements, submitted by ministries, departments and agencies to state, to
form an opinion on the Financial Statements.
KINDS OF AUDIT:
Basically, there are 2 kinds of Audit.
1. Regularity Audit 2. Performance Audit.
1. REGULARITY AUDIT.
This kind of Audit is further divided into 2 kinds.
a. Financial Audit/ Certification Audit/ Attestation Audit;
This audit is related with financial reports. In this audit, the auditor certifies
the financial assets, liabilities, income and expenses physically existed and
spent. It stops the fraudulent payments, valued the liabilities and assets
properly.
(Chapter 9 covers the Techniques of Financial Audit)
b. Compliance Audit with Authority/ Audit of Laws & Rules;
This kind of audit is most important. This audit focuses that constitutions, laws
and rules are properly implemented and followed and not to check their
significance.
2. PERFORMANCE AUDIT.
This audit basically checks the:
 Efficiency
 Economy 3Es at Pakistan level
 Effectiveness
 Ethics
5Es at International level
 Environment

EFFICIENCY relates with input to output.

ECONOMY means contract is given on merit basis to related contractor,
price, quality, quantity of products.
EFFECTIVENESS means objectives are achieved or not.

Page | 8
 CHAPTER NO. 2.
Vision:
The vision of DAGP is to add value to Public resources.
Mission:
The mission of DAGP is to develop the department on a credible professional
institution that promotes good governance and public accountability.
Value:
1. Accountability:
AGP is accountable for the achievement of its vision, mission and stated values.
2. Professionalism:
AGP conducts its activities in an open, transparent and discipline and highly
ethical manner.
3. Integrity:
AGP takes an objective, fair, honest and balanced approach to all of its activities.
4. Excellence:
DAGP strives for excellence in all of its activities.
5. Reliability:
DAGP produces/ prepares its audit reports clear, useful, timely and accurate.
6. Co-operative and Constructive Spirit:
DAGP works on behalf of Parliament, so it must be co-operative, professional
with its audit entities, staff, supplies, consultants and third parties.
7. Partnership:
There is only relationship between DAGP and Government that DAGP is the only
Auditor of Govt. and both work for the good governance of the country.
8. Innovative Spirit:
DAGP always tries to improve its audit work/ activities, practice and operations.
9. Making a Difference:
DAGP always tries to improve the work of its audit entities due to its integrity and
efficient work. Due to DAGP’s honest work, no audit entity will try to embarrass
the money and properly maintain the accounts.
10. Risk Managers:
DAGP must encourage its officers and staff to accept the challenges and take
required risk for DAGP to achieve its mission, vision and values.

Page | 9
11. Open Communications:
DAGP should communicate openly and timely to Parliament and its audit entities,
staff, suppliers, consultants and their parties.
12. A Respectful Workplace:
DAGP must provide a respectful workplace and facilitate its staff and workforce
where individuals perform their duties and their full potential and professional
competence.

SUMMARY
Chapter No. 1 & 2.
Types of Audit:
1. Regularity Audit Financial Audit/ Certification Audit/ Attestation
Audit
Compliance Audit with Authority/ Audit of
Laws & Rules
2. Performance Audit
Types of Audit Entities:
1. Self Accounting Entities.
2. Centralized Accounting Entities.
3. Exempt Entities.
All entities are audited by AGPR.
Accounting Responsibility Structure:
1. AGPR Manages the Federation Accounts.
2. AG’s Manages the Provisional Accounts.
3. DAO Manages the Districts, Federal and Provisional Accounts and sent these
receipts/ payments accounts to related departments separately on
monthly basis.
Stages of Audit Work and FAM.
 Planning (Ch. No. 7 & 8)
 Field Work/ Execution of Audit (Ch. No. 9)
 Evaluation of Field Work (Ch. No. 10)
 Reporting (Ch. No. 11 & 12)
 Follow up (Ch. No. 14)

NOTE: Combination of all above stages are also called Audit Cycle.

Page | 10
CHAPTER NO. 3.

JOB OF AN AUDITOR:
Auditor is back-bone of the DAGP. Auditor performs his duty on the behalf of
DAGP. Auditor plays a vital role in ensuring the integrity of the operations of the
Government of Pakistan and safeguarding/ protecting its assets.
Expectations:
Auditors work in team. No one can perform his duty individually in effective
manners. It is the requirement of audit work i.e. works in team.
i. At least one auditor must be fully conversant with rules and regulations of
audit.
ii. Auditors must be rotated except one because if all would be rotated, then no
one can perform duty effectively. So, at least one auditor must be continued.
iii. Audit team should perform complete and thorough check according to the
audit program of audit entity. Audit teams must complete the audit within
prescribed time and report to audit officer.
iv. Each auditor should use his professional judgment i.e. knowledge, integrity
and experience to carry on all audit programs.
v. Auditor’s responsibility is not to detect the frauds. Every auditor, however,
should take appropriate action where fraud is suspected.

CODE OF ETHICS:
Code of ethics is derived from Lima Declaration. It is also called INTOSAI
Code of Ethics. In Pakistan, code of ethics is implemented in June 2002.
1. Trust:
Auditor works on the behalf of AGP. AGP works on the behalf of Parliament. So,
the Parliament and general public completely trust on AGP regarding its audit
activities and reports.
2. Confidence:
Auditors must be confident, in knowledge and experience, while performing audit
activities. Each auditor must have good/ sufficient professional knowledge and co-
operative with his team members.

Page | 11
3. Credibility:
Credibility means that the reports and opinions of the DAGP are considered to be
thoroughly accurate and reliable by knowledgeable third parties. Third party can
not point out the reports as un-reliable.
4. Integrity:
Integrity includes financial, moral and intellectual integrity. Auditors should make
decisions with the public interest. Auditor audits the report correctly in figure,
performs audit work with positive approach and decides which is true to audit
entity. Auditors have a duty to adhere to high standards of behavior and to be
above suspicious and reproach.
5. Independence:
Auditors should be independent and objective. Auditors should be free from
undue influence of audit entities and third parties. Auditors should be independent
and impartial in appearance.
6. Objective:
Auditor’s main objective is to perform audit duties in fair and true manners and
make decisions in favour of public interest.
7. Impartiality:
Auditor while performing his duty must be neutral in approach and appearance.
He must perform his duty honestly and effectively.
8. Political Neutrality:
There is no undue influence of politicians on auditors while performing his duty.
So auditor must be free and independent while performing his duty.
9. Conflicts of Interest:
Auditor should protect his independence and avoid the conflicts of interest by
refusing gifts, avoiding all relations for personal purposes. Management should
not assign the audit work to those auditors who have their own personal interest in
audit entity. Auditor should not show his biasness against the audit entities whose
wrong information is provided by its competitive entity.
10. Professional Secrecy:
The auditors should not disclose the audit information or reports to any person
except competent authority in auditing process. e.g. DAGP will submit its audit
reports only to the President/ Governors of any province.

Page | 12
 11. Competence:
The auditors should know auditing, accounting and financial management
standards, policies, procedures and practices. The auditors should not undertake
work which they are not competent to perform.
12. Professional Development:
Auditors should develop themselves professionally by attending seminars,
workshops and training programs. They should use new methodologies and
processes to conduct an audit of audit entity. They must exercise due professional
care in their work.
PROTECTION OF THE AUDITORS:
To conduct audit of an audit entity is very sensitive nature for auditors. So,
there are a lot of chances to create conflicts between audit team and audit entity. In case of
conflicts, officer must take following steps to protect his auditors for smooth and excellent
audit work.
 Audit team must jointly attend/ conduct meetings with audit entity in positive
manners.
 Auditors should inform his supervisor/ audit officer in written form.
 Audit officer should propose an action plan in consultation with senior
management in DAGP.
 Depending on seriousness of matter, all or one of the following actions may be
implemented.
i. Audit manager raise the issue with PAO.
ii. A letter is signed by the AGP or Dy. AGP and submitted to PAO or
CGA.
iii. The composition of audit team can be changed.
iv. Legal action can be taken if necessary after consultation with AGP.
v. When an individual auditor is not satisfied with the action taken, he
has a right to report AAGP, Dy. AGP or AGP.

Page | 13
 CHAPTER NO. 4

DAGP AUDIT STANDARDS.

DAGP audit standards are the level of ISSAI (International Standards of Supreme
Audit Institutions) which are presented by INTOSAI. Audit standards constitute the yardstick
of quality of audit valued.
The INTOSAI auditing standards consists of 4 parts.
1. Basic Principles.
2. General Standards (Ethical Standards).
3. Field Standards.
4. Reporting Standards.
1. BASIC PRINCIPLES:
The basic principles for auditing standards are basic assumptions, consistent
premises, logical principles and requirements which help in developing auditing standards.
Following are the basic principles.
i. Ensure Compliance with Auditing Standards.
Material is defined as compliance with auditing standards. Material is a benchmark
and is in form of;
a. Value (Amount) b. Nature c. Context.
So, here materiality focuses only on value means amount. Materiality is accepted
level of errors. To ensure high quality is done, appropriate standards must be followed.
ii. Apply Judgment.
DAGP should apply its own judgment in crucial situations. Audit evidences play vital
role to apply its own judgment. The DAGP must judge the compatibility of fulfillment of its
mandate with the audit standards.
iii. Accountability Process.
In modern days, the public demands for accountability of persons who use the
financial resources of the government. So, there is a needful requirement of accountability
process.
Public enterprises are also required to fulfill public accountability obligations. Public
enterprises may include commercial undertaking i.e. entities established by executive order or
in which the government has a controlling interest.

Page | 14
 iv. Facilitation of Accountability Process.
Management of audit entity is liable to provide adequate information, financial
reports and statement to run accountability process smoothly. A system must be developed by
the entity which will provide the relevant and reliable information to audit team.
v. Establishment of Accounting Standards.
DAGP should ensure the establishment of accounting standards policies to perform
the audit work in correct and smooth manners. DAGP should recommend the audit entities to
maintain and prepare their accounts in the light of its established policies. Audit entities
should develop specific and measurable objectives and performance targets.
vi. Application of Accounting Standards.
DAGP should investigate either accounting standards are being applied in
maintaining and preparing the accounts or not by the audited entities consistently. Minimum
requirement for an auditor’s obligation is not to emphasis the accounting standards follow or
not. He must use his personal experience to perform his duty.
vii. Internal Control.
The existence of an adequate internal control minimizes the risk of errors and
irregularity of financial statements & reports. Internal control will help the auditor to draw a
fair and accurate audit report. The audit team should compare:-
 Where control should be?
 Where controls are?
 Either control is adequate or not?
 Control is operational?
 Identify the missing control.
viii. Legislative Requirement.
It is the legal requirement that every audit entity is liable to co-operate and provide
access to all relevant documents and information to audit party. Legally, every entity is to be
audited by DAGP in each year. Therefore, it is called statutory audit. Any audit entity cannot
refuse to be audited.
ix. Audit Mandate.
All audit activities should be within the audit mandate of the AGP. This essential and
jurisdictional function requires the department to make sure who is dealing with the public
fund and accountable for it.

Page | 15
 Audit mandate includes:-
a. Regularity Audit (Financial Audit & Compliance with Authority Audit)
b. Performance Audit
It means to check efficiency of utilization of financial, human and other resources,
economy of administration and effectiveness of performance.
x. Improving Auditing Techniques.
The DAGP shall improve the techniques for the validity of performance measures.
Time is saved due to improving techniques and new methodologies of auditing, less human
resources are involved to perform audit work. e.g Manual audit to Computerized audit.
So, DAGP should manage seminars to develop professional auditors, conduct
training programs and workshop to prone its staff for effective and efficient work.
2. GENERAL STANDARDS (ETHICAL STANDARDS):
General Standards also include the Ethical Standards. General Standards describe the
qualification of auditors and auditing institution so that they may carry out the task in
competent and effective manners.
The General Audit Standards includes:-
i. Recruitment:
Recruit personnel with suitable academic and professional education and be
equipped with appropriate training & experience.
ii. Training and Development:
The department should frame the policies to train and develop employees in
effective and professional manners.
iii. Provision of Instructions and Guidance:
Prepare manual, other written guidance and instructions concerning to conduct
the audit. (Proper communication in form of circulars, letters and office orders
etc.)
iv. Supporting of Skills and Experience:
Support the skill and experience available within the department of the AGP
and also identify the skills of personnel in the planning of audit as well as
identify professional development needs.
v. Review:
Review the efficiency and effectiveness of the department’s internal standards
and procedures.

Page | 16
 The DAGP shall establish a system and procedures to:
 Confirm that internal quality assurance process have operated satisfactory.
 Ensure the quality of the audit report; and
 Secure improvements and avoid repetition of weaknesses.
STANDARDS WITH ETHICAL SIGNIFICANCE:
The General Standards with Ethical Significance include:-
1. Independence.
2. Conflict of Interests.
3. Competence.
4. Due Care.
1. Independence:
The DAGP and the auditors must be independent from:
a. Parliament / Legislature.
b. Executive / Government.
c. Audited Entities.
a. Parliament / Legislature:
The legislature is one of the main user of the services of the DAGP. The
department’s reports are presented in the legislature through the President of Pakistan. So, the
department must be independent from legislature & the government to conduct audit and
credibility of its results.
The DAGP may be given its representatives who give factual briefings on audit
reports to the legislature. The legislature forms a special committee which examines the audit
services and other representatives. So there will not be undue influence and political pressure
from the government.
The DAGP must perform its duty according to its programs, plans, conduct of its
work according to his mandate and adopt methodologies appropriate to audit.
The legislature should specify minimum reporting requirements including reasonable
time within which reports should be made. So the DAGP should provide sufficient resources
for effective exercise of its mandates.
b. Executive / Government:
The executive branch of government and SAI have common interest in the promotion
of public accountability. The relationship between the DAGP & the Government is an

Page | 17
external auditor. So, the executives must not to interfere and disturb the work of DAGP
through its undue influence.
The DAGP should not oblige to carry out, modify, alteration in audit findings,
conclusions and recommendations. The DAGP performs audit under CCCECR model:
C = Criteria
C = Condition
C = Cause
E = Effect
C = Conclusion
R = Recommendation.
The DAGP shall be ready to advise the executive regarding accounting policies,
standards and the financial statements. The Government may request to the SAI for the audit
of a special institution but the AGP may be or may not be accepted the request.
The executive must provide the financial resources to conduct the fair audit work.
The AGP can disclose the audit secret relevant information to the executives under
exceptions of law to discharge the responsibility of the department. The DAGP shall ensure
that its mandate and status is well understood in the community.
c. Audited Entities:
The DAGP must remain independent from audited entities. But the representatives of
the DAGP must be polite and co-operative with audited entities to receive the relevant
information regarding financial reports and statements.
The audited entities do not need to Engagement Letters of audit because they are
legally bound to be audited. Those entities can never refuse to be audited and also provide
relevant material and documents. These entities can be audited at any time when the AGP
requires.
The DAGP will not participate in the management of the audited entities. Audit
personnel should not become the members of management committee.
Any personnel of the AGP should not have any close affiliation with the management
of audited entities such as social, kinship or other relations.
Audit personnel should not instruct the personnel of audited entities how to work?
etc. The DAGP may co-operate with academic institutions and enter formal relationship with
professional bodies.

Page | 18
 2. Conflicts of Interests:
The DAGP should avoid the conflicts of interests between the audit and the audit
entity under audit. The auditor should not use his official position for personal purposes. He
shall refuse to audit the entity if he has personal interest, kinship or other relationship with
the audit entity which is not in knowledge of management. He shall refuse to receive the gifts
etc, to avoid the conflicts of interests. If there will be conflicts of interests, then the auditor/
DAGP is not independent and cannot perform assigned task honestly, efficiently and
effectively.
3. Competence:
Competence means the DAGP/ auditor has plenty of experience regarding audit work
in different dimensions. It is very important general standards of audit. The auditor must
possess the required qualification, experience and skills to perform the audit.
The auditor has a duty to form and report audit opinions. He also makes decisions on
the basis of his opinions relating to conclude findings and recommendations. The duties and
responsibilities of DAGP are very crucial but the DAGP must apply its audit methodologies
and techniques of the highest quality. It is possible only if there are competent auditors in
DAGP. The DAGP can fulfill its audit mandate through competency of auditors. The
competence may be considered as a “Tool of Audit Work” to get Audit Mandate.
4. Due Care:
The auditor/ The DAGP must exercise due care and concern in complying with the
auditing standards. The due care must exist while specifying, gathering and evaluating
evidence and reporting findings, conclusions and recommendations.
The DAGP must follow the accounting standards while auditing and reporting by
Public Enterprises. It must use its technical skills and expertise on qualification basis. The
DAGP plays its role as “External Experts” as consultants. So, as consultant, it suggests and
gives its opinions by exercising due care. The DAGP can seek advice from other specific and
professional audit departments to perform better and enhance its skills. The DAGP maintain
confidentiality regarding audit matters and information arising from its task. The department
should report of offences against the law to proper prosecuting authorities.

Page | 19
3. FIELD STANDARDS:
The objective / purpose of field standards is to establish the criteria for the
purposeful, systematic and balanced steps that the auditor has to follow. These steps/ actions
represent the rules of research that the auditor implements to achieve a specific result.
The following field standards are applicable to all types of audit.
a. Planning
b. Supervision and Review
c. Evaluation of Internal Control
d. Compliance with Applicable Laws and Regulations
e. Audit Evidence
f. Analysis of Financial Statements
a. Planning:
The auditor should plan the audit in such manner which ensures that high quality audit
is carried out in an economic, efficient, effective way and timely manners.
The DAGP shall give priority to any audit tasks which fall within its mandate. The
auditor should plan an audit by following ways:-
i. Identify important aspects of environment.
ii. Develop an understanding of the accountability relationship.
iii. Consider the form, content and users of audit opinions, conclusion or reports.
iv. Specify the audit objectives.
v. Identify key management systems and controls.
vi. Determine the materiality of matters.
vii. Review the internal audit.
viii. Determine the most efficient and effective audit approach.
ix. Appropriate action has been taken on previous reported audit findings and
recommendations.
x. Provide appropriate audit plan documentation.
Planning steps in an audit:
Following planning steps are included in an audit:-
 Collect information about the audited entity.
 Define the objective and scope of audit.
 Undertake preliminary analysis to determine adopted approach and the
nature and extent of inquiries.

Page | 20
  Prepare budget and schedule of audit.
 Indentify staff requirements.
b. Supervision and Review:
Supervision means the work of audit staff is properly supervised / checked by the
team leader. Supervisor should maintain quality of audit, control on the individual auditor
regardless of his competence.
Following are the guidelines regarding supervisions:-
1. Members of audit team have a clear and consistent knowledge of audit
plan.
2. Follow the audit standards and practice.
3. Audit program and action steps are specified in that plan.
4. Conclusions, recommendations and opinions are properly supported by
evidence i.e. working papers.
5. Achievements of audit objectives.
6. Audit report includes the audit conclusions, recommendations and
opinions, as appropriate.
Review means just go through the audit report. Audit report must be checked by a
senior member before its finalization. Review should ensure that:-
a) All evaluations and conclusions are soundly based and are supported by
competent, reliable, relevant and reasonable audit evidence.
b) All errors, deficiencies and unusual matters have been properly identified
and documented.
c) Changes and improvements necessary to the conduct of future audits are
identified.

c. Evaluation of Internal Control:

To determine the scope of audit, the auditor should evaluate the reliability of the
internal controls. The auditor should determine whether internal controls are functioning
properly to ensure the integrity, reliability and completeness of the data in computerized
accounting or other information if any.
In case of regularity (financial) audit, the evaluation is made on safeguarding assets
and resources and accuracy and completeness of accounting records. In case of compliance
audit, the evaluation is made on management in complying with laws and regulations.

Page | 21
 In case of performance audit, evaluation is made on conducting the business of the
audited entity in an economic, efficient and effective manners and producing timely and
reliable financial and management information.
d. Compliance with Applicable Laws and Regulations:
In conducting mandatory (regular) audit, a test should be made of compliance with
applicable laws and regulations. The auditor should design audit steps and procedure to
provide reasonable assurance of detecting errors, irregularities and illegal acts.
In conducting performance audit, an assessment should be made of compliance with
applicable laws and regulations when necessary to satisfy the audit objectives.
Reviewing compliance with laws and regulations is especially important for auditing
government programs because decisions makers need to know if the Laws and Regulations
are being followed. The auditor should exercise professional judgment to determine that laws
and regulations have significant impacts on the audit objections.
e. Audit Evidence:
Reliable, relevant and competent evidence should be obtained to support the auditor’s
judgment and conclusion regarding the organization’s functions under audit.
The audit findings, conclusions and recommendations must be based on adequate
evidences. Evidence helps to satisfy the auditors about the reliability and relevancy of data.
Auditor should adequately document the audit evidence in working papers including
work performed and the findings of the audit.
Auditor should have a sound understanding of techniques and procedures such as
inspection, observation, enquiry and confirmation to collect audit evidence.
f. Analysis of Financial Statements:
It is the final standard of Field Standards. In this standard, financial audit regarding
financial statements and reports are properly checked and verified with accounting standards.
The auditor should thoroughly analyze the financial statements in following way:
1. Financial statements are prepared according to accounting standards.
2. Financial statements are presented with due consideration to the
circumstances of audited entity.
3. Sufficient disclosures and working notes are presented about various
elements of financial statements.
4. The various elements are properly evaluated, measured and presented.

Page | 22
4. REPORTING STANDARDS IN GOVT. AUDITING:
At the end of each audit, the auditor should prepare a written opinion or report which
shows the findings during audit work. Its contents should be easy to understand and free from
ambiguity. It also includes only information which is supported by competent, reliable,
relevant and reasonable audit evidence and be independent, objective, fair and constructive.
The word “Opinion” is used to auditor’s conclusions as a result of a regularity audit.
However, the word “Report” is used to the auditor’s conclusions as a result of performance
audit.

Types of Reports:
 Management Letter: is a report which is presented to PAO for revision
purposes. It is signed by Directorate General.
 Draft Reports: are such reports which are presented to PAC signed by
AGP.
Contents of Reports:
Following are the contents of reports or opinions founded on the general principles.
1. Title:
The opinion or report shall be prescribed by a suitable title or heading.
2. Signature and Date:
The opinion / report shall be properly signed. The date is also mentioned for the
information of reader about financial audit’s period of audits i.e. Financial Year
2011-12.
3. Objective and Scope:
The opinion / report shall include reference to the objective and scope of audit.
4. Completeness:
The auditor’s opinion / report shall be presented as prepared by him. Regularity
(Financial) audit’s opinion must be completed and established to the stake holders
immediately after ending of audit of a financial year. In case of performance audit,
it may be free standing.
5. Addressee:
The opinion / reports shall be addressed as per requirements of applicable laws
and procedures i.e. PAC.

Page | 23
6. Identification of Subject Matters:
The opinion / reports shall identify the financial statements (in case of financial
audit) or area (in case of performance audit) to which it relates. This includes
information such as the name of audited entity, the date and period covered by
financial statements and subject matters.
7. Legal Basis:
Audited opinions / reports shall identify the legislation or other authority
providing for the audit.
8. Compliance with Standards:
Audited opinions / reports shall indicate the auditing standards or practice
followed in conducting the audit. It assures to reader that the audit has been
carried out with general accepted procedures.
9. Timelines:
The auditor’s opinion / report shall be available within prescribed / available time
for the greatest use to the readers & users.

Page | 24
CHAPTER NO. 5

DAGP’S ANNUAL PLANNING PROCESS

According to Section 7 of AGP Ordinance 2001,
“The Auditor General shall certify the accounts on the basis of such audit as he may
consider appropriate and necessary.”
According to Section 8 of AGP Ordinance 2001,
“The Auditor General will audit the expenditures of Federation and each of province
and district.”
According to Section 12 of AGP Ordinance 2001,
“The Auditor General will conduct the audit of the receipts of Federation and each
province and district.”
Objective:
These sections establish two primary objectives:
1. Certification audits / Financial Attestation.
2. Compliance with Authority Audits to ensure either rules and regulations
and ISA are followed or not.
SCOPE OF AUDIT
The AGP will certify the financial statements of the Federation, the entity to be
audited is the aggregate of all the Ministries, Departments, Agencies etc, that the accounting
policies are considered while preparing the financial statements of Federation i.e. Centralized
Accounting Entities, Self Accounting Entities & Exempt Entities.
At least, audit activities must cover all entities whose operations are material in
context of the financial statements of Federation. The AGP can extend the audit activities if
he considers significant.
Centrally Led Audit:
Centrally led audit is audit which is conducted by the Directorates but in the
management of CENTRAL TEAM. Central Team is responsible for such kind of audit to
the AGP. This team is formed by the AGP to manage the audit work for getting results in the
same direction.
Example: The Annual Audit of Financial Statements of Federation.
Responsibilities:-
Followings are the responsibilities of Central Team:-

Page | 25
 a. Setting the basic planning parameters. (Materiality Planned Precisions,
Audit Risk, Components.)
b. Setting inherent risk, control risk, other substantive procedures risk and
substantive test of detail risk for each component and each specific
financial audit objective and compliance with authority objective and error
conditions.
c. Determine the optimum mix of tests of internal control, analytical
procedures and substantive tests of details for each component.
d. Drafting the audit programmes, forms and checklists to be used by audit
teams performing the work.
e. Performing the overall error evaluation.
f. Reporting the results of the audit.
Audit Team of Directorates:
Audit team which is formed by the AGP/ Central Team to perform the audit
under the management of Central Team. Members of audit team are selected from different
directorates.
Responsibilities:-
Followings are the responsibilities of directorates:-
a. Providing advice to assist Central Team to plan the audit.
b. Reviewing the material received from the Central Team to ensure audit
programme, forms, checklists to reflect the optimum mix of tests.
c. Performing the audit work.
d. Reporting the results of the work, including individual errors to the central
team.
DAGP STRATEGIC AUDIT PLANS
The AGP is responsible to decide what kind of audit work is necessary to fulfill his
mandate. So, the AGP should develop a multi-year strategic plan for DAGP audit activities.
The Strategic Plan will include:
1. Mandatory and Centrally Led:-
This audit is required to be performed each year according to mandate of DAGP.
However, the work performed by an individual directorate is part of a larger audit.
Example: The annual audit of financial statements of the Federation.

Page | 26
 2. Not Mandatory and Centrally Led:-
This audit is not required to be performed each year according to DAGP mandate.
However, the work performed by an individual directorate is part of a larger audit.
Example: Government-wide audit of contracting.
3. Mandatory and Not Centrally Led:-
This audit is required to be performed each year according to DAGP’s mandate,
whereas, the work performed by the individual directorate is not part of larger audit. The
audit work is performed by directorate itself without the management of central team.
Example: The annual audit of financial statements of a commercial entity / a
foreign aided project etc.
4. Not Mandatory and Not Centrally Led:-
This audit is not required to be performed each year according to DAGP’s mandate
and the work performed by the individual directorate is not the part of larger audit.
Example: Audit of Compliance with authority work being performed by the
directorate on the entities for which it is responsible.
CONTENTS OF AUDIT PLAN
A proposed audit plan is submitted for approval from AGP. The plan is approved only
for one financial year. It contains:
1) A summary of directorate’s mandate (i.e. previous year audit mandate / plan)
2) A plan / status of current audit activities i.e. mandatory or non-mandatory audit.
3) A summary of audit that the directorate wants to perform in the following year:-
a. Financial Audits (Including CWA audit)
b. Compliance with Authority audits (where additional compliance with
authority work is planned.)
c. Audits of Internal Controls.
d. Audits of Foreign-Aided projects.
e. Performance Audits.
f. Other functional, systems, programs and fraud audits and
g. Special assignments.
4) Details with respect to each of the planned audits. i.e.
a. The revenue and expenditure to be audited.
b. The person days required.

Page | 27
 c. The staff members to be assigned to the audit.
d. TA/DA is required.
e. A time schedule showing the dates for planning, execution and reporting
of audit.
5) A summary of unallocated resources available within the directorate or the audit
work for which staff is not available.
INTEGRATION OF AUDIT WORK
It is a basic principle of DAGP’s audit activities that no audit entity should be audited
more than once in a financial year. So, DAGP has to integrate the audit work to get the result
of mandatory and non-mandatory audit.
To achieve this target, DAGP must plan the audit work in such a way that its audit
team should be able to achieve the target i.e.
 Mandatory Audit i.e. Financial Audit & CWA audit.
 Non-mandatory Audit i.e. Performance Audit.
Integration includes:-
 Performing the work at the same time.
 Re-using the sample items selected for the financial audit work when
performing the compliance with authority, internal controls and
performance audit work (with additional necessary items.)
Above mentioned techniques can be used to fulfill the integration for
achieving targets i.e. Regularity Audit & Performance Audit.
BENEFITS OF INTEGRATION:
Following are the benefits of integration:-
a. Time saves due to draw the sample for financial audit and compliance with
authority audit. Performance audit can be worked on that sample.
b. All audits can be performed collectively.
c. While performing the financial audit, compliance with authority audit is
automatically performed because auditor normally relies on larger amount.
However, CWA audit is not mandatory, so it may not be performed for
several years.
d. While auditors performing compliance with authority audit work on Year
1 transactions in Year 4, there is a risk that the auditors could discover
significant errors in Year 4 with respect to the accounts for Year 1. DAGP
could then be in the embarrassing position.
e. Timely identification of deficiencies.
f. Relax the entity officials for providing the records.
g. Prevention of frauds due to presence of auditors in an organization for
longer period.

Page | 28
Chapter No. 6
AUDIT CYCLE FOR INDIVIDUAL AUDITS

Establish audit objectives and scopes

Understand the entity's business

A
U Assess materiality, planned precision,
D and audit risk
I
T
Understand the entity's internal control structure

P
L
A Determine components
N
N
I Determine financial audit and compliance with authority objectives and
N error/irregularity conditions
G

Assess inherent and control risk

Determine mix of tests of internal control, analytical procedures and

substantive tests of details

Develop audit programmes

ACTIVITY AND
RESOURCE
PLANNING
Establish resource requirements and timing

FIELDWORK Execute audit programmes

EVALUATION Conclude on results of work

REPORTING Issue reports

FOLLOW UP Follow up matters in reports

Page | 29
Chapter No. 7

PLANNING THE AUDIT

This planning is for individual audit of entity. A new plan is made for audit work for
every entity. So, individual audit must be properly planned to ensure:

 Appropriate and sufficient evidence is obtained to support the auditor’s

opinion;

 DAGP’s auditing standards are complied with; and

 Only necessary work is performed.

STEPS FOR PLANNING OF AUDIT:
Following steps are taken to plan individual audit of an audited entity. It is a general
principle of DAGP that every entity will be audited once in a year. Therefore, following steps
are necessary for planning:-
1. ESTABLISH AUDIT OBJECTIVE AND SCOPE:
Objectives:
Following are the objectives of audit;
 Express an opinion of financial statement.
 Expressing an opinion regarding CWA audit.
 Testing CWA or Controls on selected transactions with no opinion
expressed.
 Evaluating operational performance (3 Es).
Scope:
Audit scope is determined by accounting policies. So, each auditor must have the
knowledge regarding the accounting policies of audited entities.
Audited entities must be clearly mentioned either centralized accounting entity, self
accounting entity or exempt entity. The auditor can negotiate with the management for
collection of related & valuable information.
The scope of audit determines that financial audit work is required to complete
financial attest audit covered.
2. UNDERSTAND THE ENTITY’S BUSINESS:
Audit objectives are developed on the basis of an understanding of entity’s business.
The auditor should have the detail knowledge of entities’ activities relating to audit work.

Page | 30
 Auditor should provide:-
i. An understanding of the users of the entity’s services and the size of the entity
is needed to assess materiality.
ii. An understanding of the parliament / legislature authorities affecting the
entity’s operations, that what components of operations should be audited.
iii. An understanding of the industry in which the entity operates to assess
inherent risk.
Level of Effort:
Level of effort means efforts to prepare permanent file of an entity. The information
regarding audited entities is collected with the passage of time while performing the audit.
Level of effort will be very high while collecting information of an entity for the first
time.
3. ASSESS MATERIALITY, PLANNED PRECISION AND AUDIT
RISK:
I. Materiality:
Materiality means, “An error is material if the error is big enough to influence the
users of the financial statements.”
Materiality is important in the context of the auditor’s report on the financial
statements. Materiality is used by two ways.
i. For planning => to determine sample size i.e. 80%
ii. For reporting => to express the opinion on financial statements i.e. 100%
Guidelines:
Followings are the guidelines to determine the materiality:-
 Identify the probable users of financial statements,
 Identify the information in the financial statements, i.e. (Total expenditure,
Total Assets, Annual surplus or deficit). One or more of these amounts may be
considered as base amount for computing materiality.
 Estimates the highest percentage on base amount could be misstated without
effecting the user decisions on financial statements,
 Multiply the percentage times the base amount,
 Select the lowest amount – this is the materiality amount. Errors exceeding
this value are material.

Page | 31
 The auditor normally selects the lowest amount of materiality which helps the user to
make realistic decision on financial statements. The lowest amount enhances the correctness
and reliability of financial statements.
Materiality amount is determined for all components of financial statements for audit
purposes.
Identification of Materiality %age Materiality %age
Information for small entity for large entity
Total Expenditure 2% 0.5%
Normalized Pre-Tax Income 10% 5%
Total Revenue 2% 0.5%
Equity 1% 1%
Assets 0.5% 0.5%
Annual Surplus / Deficit vary case to case vary case to case

Available audit resources should not be a factor setting “Materiality”. It is determined

with the users in mind. It is upto the auditor to ensure that how much resources are required to the
work? Separate materiality amount will be determined for each entity i.e. self accounting
entity, centralized accounting entity, exempt entity and commercial entity.
Materiality is purely quantitative aspect. It has no concern with qualitative aspects
due to financial statements. Qualitative errors are not detected in auditing process of financial
statements. However, it is taken into account while presenting the reports on results.
Qualitative aspects are ignored by the auditors while planning the audit work, however, he
takes into account of these aspects at the time of reporting results.
II. Planned Precision:
Planned Precision is the auditor’s planned allowance for further possible errors (FPE).
In precision, the auditor needs to assure that there is sufficient assurance and less
errors than the materiality errors in the population. So, by testing a sample, he can determine
the Most Likely Errors (MLE).By planning and performing many analytical procedures, the
auditor reduces the amount of materiality by his estimated Most Likely Errors (MLE). This
estimate is referred as “Expected Aggregate Error”.
To Determine Expected Aggregate Errors, the auditor should consider:
i. The errors found in previous year;
ii. Changes made by the entity in the internal control structure to prevent these
errors.

Page | 32
 iii. Other changes to entity’s business which can effect the size of errors.
Example: Planned precision may be got by following:
Materiality 3,000,000
(-) Aggregate Expected Errors 816,500
Planned Precision 2,183,500
The auditor expects that the organization has good internal control while auditing.
There are large errors found. So, he will change its precision and issue qualified opinion /
report. Planned Precision may be expressed by following equation:
Planned Precision = Materiality – Aggregate Expected Errors.
III. Audit Risks:
Audit Risk refers:
“The auditor is not completely confident that the financial statements are not
materially misstated. The auditor has some degree of assurance that is less than 100%.”
When an auditor takes some risks to issue the unqualified opinion on financial
statements that misstates materiality. This risk is referred to “Audit Risk”.
Example: If the auditor wants to be 95% confident that the financial statements are
not materially misstated. This means auditor takes risk of 5% for materiality errors. So 5% is
the “Audit Risk”.
RISK ASSESSMENT
The auditor focuses on the areas of greatest materiality, significance and risk. So, the
assessment of risk is critical to the development of an audit plan.
Example: In case of financial audit, the auditor is concerned only with the risk of
material misstatement exists in financial statements or not. In case of compliance audit, the
auditor is concerned only with risk of the laws/ rules & regulations are followed by preparing
financial statement or not. So, it is very difficult to assess the risk while developing the audit
plan.
It can be divided into three categories:
i. Inherent Risk iii. Detection Risk
ii. Control Risk
i. Inherent Risk:
Inherent Risk is the chance of Material Errors occurring assuming that there are no
internal controls. In general, the higher the inherent risk, the higher effort required detecting
errors.

Page | 33
 Table for Professional Judgment of Inherent Risk
Level of Inherent Risk Risk Resulting Assurance
High Inherent Risk 60% 40%
Moderate Inherent Risk 50% 50%
Low Inherent Risk 40% 60%
There is positive relation between level of Inherent Risk and Risk.
ii. Control Risk:
“Control Risk is the chance that the Internal Controls will not prevent or detect Material
Error.”
This is the risk that material error is not prevented and detected on timely basis by the
Internal Control structure.
Note: The cost of Internal Control should not exceed the potential losses that could
occur without those controls.
Cost of Internal Control < Prevented losses.
Rs. 10,000 < Rs. 20,000
Then, Rs. 10,000 must be spent for Internal Controls

Table for Professional Judgment of Control Risk.

Level of Control Risk Risk Resulting
Assurance
High (Poor Internal Controls) 80% Up to 20%
Moderate (Moderate Internal Controls) 50% Up to 50%
Low (High Internal Controls) 20% Up to 80%

There is negative relation between level of Internal Controls and Risk.

iii. Detection Risk:
This is the risk of Material Errors going undetected by the auditor’s
substantive audit procedures. It is a function of the effectiveness of the substantive audit
procedures and audit effort.
The causes of Detection Risk are:-
a. Less experience of Auditors
b. Less knowledge of Auditors
c. Incompetency of Auditors
d. Carelessness of auditors while audit is in processing.

Page | 34
 So, above mentioned causes increase the Detection Risk.
Note: So, it may be said that audit risk is a combination of above three risks. The risk
assessment is very important to determine the extent to which audit will examine the
system procedures and practices. THEN
Lower the overall Risk = Lower the Audit Cost.
a. Identification of Risk
The auditor should enable to indentify the risk, which can be faced during audit
process. Following steps are helpful to identify the risks:
 List the Program Objectives i.e. Assets to be safeguard.
 Identify threats of risks.
 Identify the risk with the probability of occurrence i.e. Inherent Risk.
 List control and assurances which exist within the system.
 Identify the risk which may occur even existing of control i.e. Control Risk
 Recommendations regarding controls and assurances.
This activity should be documented in permanent file.
b. Indicators of Risk
Indicator of risk refers; the auditor should be alerted while conducting audit process.
Analysis of data may produce information that does not look correct.
Following are the indicators of risk:-
i. Processing Risk,
ii. Program Risk,
iii. Regulatory Risk, and
iv. Risk of Fraud.
i. Processing Risk:
Errors can occur unintentionally/ unwillingly, especially in following situations:-
a. A new government program with low experience administration,
b. New systems / procedures are introduced,
c. Changes in management i.e. high turnover of staff (Administrative procedures
are poorly documented)
d. Unclear responsibilities.
ii. Program Risk:
Certain government programs are particularly sensitive to significant losses i.e.
intended or unintended. Following examples of programs that should be given a careful
assessment of risk are:-

Page | 35
 a. Loans or guarantees,
b. Unclear terms and conditions of contracts,
c. Research and Development Projects
d. Programs with vague outputs and outcomes. Huge expenditures, which have
been spent on these programs, should be given the high priority by the auditor
to examine.
iii. Regulatory Risk:
The usual purpose of regulations is to protect the public i.e. health protection,
transportation safety or other law enforcement.
Failure in this program can occur at various points within regulatory system. This risk
can drive from:-
a. Inadequate laws,
b. Inadequate inspection / detection i.e. untrained inspector, poor supervision of
inspection etc,
c. Inadequate penalties,
d. Poor record and inadequate statistics,
e. Environment factors outside of the regulatory process.
iv. Risk of Fraud:
There are many classical indicators of weakness that can contribute to fraud. Some of
these are:-
a. Insufficient separation of duties,
b. Only person can access the financial information,
c. Weak controls,
d. Inadequate management supervision, inspection or review,
e. Inadequate and untimely reports,
f. Non-existent reconciliation.
c. Factors affecting Audit Risk
These factors show how much risk is accepted by the auditor to provide assurance of
non-misstatement of material in financial statements. Following factors are helpful to the
auditor for issuance of unqualified opinion:
i. Professional Exposure:
If the auditor has a risk of his reputation then he will accept deeper audit work for the
sake of his reputation. If there will be a chance that the financial statements and the audit

Page | 36
report will undergo a lot of scrutiny then the auditor will consider the financial statements at
high level. This could occur in following cases:-
a. Receiving a lot of bad publicity,
b. Chancing of being privatized, transferred etc,
c. Issuing new debt,
d. Getting into financial difficulty.
For the audit entities, the auditor may reduce their audit risk to reduce their
professional exposures risk.

ii. Reporting Considerations:

These considerations usually include the number of users rely on the financial
statements and audit report.
iii. Ease of Auditing:
Practical availability of audit evidence will become the audit work and report
authenticated and easy.
d. Determining the Audit Risk
Determination of audit risk is the responsibility of auditors. Following factors
affecting the audit risk and assessed level directly with the users.
i. Extensive Reliance:
If the users placing extensive reliance on the financial statements, then the auditor has
to use lower level of audit risk to obtain higher level of overall assurance.
ii. Awareness of Govt. Planners:
If the auditor knows that the government managers, planners, as well as legislatures
has awareness regarding financial statements and audit reports, then he will accept
lower level of audit risk to obtain high level of overall assurance to maintain his
reputation.
Table for Professional Judgment of Determination of
Audit Risk
Situation Audit Risk Overall Assurance
Entities perceived to be high risk 3% 97%
(therefore, the auditor wants to achieve a
high level of overall assurance and set

Page | 37
 low level of audit risk)
All other entities 5% 95%
Increasing the overall assurance will increase the required amount of audit work.
Going 95% assurance to 97% assurance could add 20% to the required amount of audit work.
There is a negative relationship between audit risk and overall assurance.

e. Auditor’s Responsibility to Detect Errors/ Frauds

The auditor is providing reasonable and not absolute assurance regarding correctness
of financial statements and audit report. Following are responsibilities of the auditor
regarding detecting of frauds / errors:

i. Start audit in good faith on the management.

ii. Questioning minded and alert for evidence.
iii. Adopt analytical procedure technique.
iv. Detailed review of specific project.
v. Avoid sampling technique to detect fraud.

4. UNDERSTAND THE ENTITY’S INTERNAL CONTROL

STRUCTURE:
INTOSAI defines,
“the plans and actions of an organization including management’s attitude, methods,
procedures and other measures that provide reasonable assurance for achieving of following
general objectives:-
 Assets are safeguarded against loss due to waste, abuse, mismanagement and
fraud etc.
 Laws, regulations and management directives are compiled with.
 Reliable financial and management data are developed and maintained.
If the internal controls of the management will weak then it will be very difficult for
an audit to perform audit. He should make recommendations for improvement.

Page | 38
 I. General Standards of Internal Control
INTOSAI describes 5 general standards of internal control:
i. Reasonable assurance: Internal Control should prevent and detect errors for
management and provide assurance to auditor.
ii. Supportive attitude: All the members of organization should show the
supportive and acceptable attitude.
iii. Integrity and Competence: Managers and staff members should show
competence and integrity to develop, maintain and implement the internal
controls.
iv. Control Objectives: It is too much expensive. Specific control objectives
should be developed for each activity. It should be appropriate,
comprehensive, reasonable and integrated with each other.
v. Monitoring Control: Managers should monitor the internal controls and take
action at the spot of time in case of errors, frauds and mismanagement,
ineffective, inefficient and insufficient operations.

II. Detailed Standards of Internal Control

INTOSAI also describes six detailed standards of internal control. These standards
provides to control on micro level. Discuss below:
i. Documentation: Each and every event and transaction must be clearly
documented / filed. These documents are available at any time required by the
auditor.
ii. Prompt and Proper Record of Transactions and Events: Every transaction /
event must be recorded and classified properly and promptly after its
occurrence.
iii. Authorization and Execution of Transactions and Events: Transactions /
events are properly authorized and executed by the authorized person.
iv. Separation of Duties: Each duty should be assigned to each individual i.e.
authorization, processing, recording and reviewing etc.
v. Supervision: Proper and competent supervision is required to ensure that
internal control objectives are achieved.

Page | 39
 vi. Access to Accountability For Resources and Records: An individual, who is
authorized and accountable for his authority, should provide limited access to
resources and records.

III. Responsibility of Maintaining the Internal Control

Entity management is responsible to maintain the internal control within an
organization. CGA is responsible to maintain internal control within government
organizations with the help of Ministry of Finance and Provisional Finance departments.
CGA should lay down the principles governing the internal financial controls for
Government sector.

IV. Elements of Internal Control

There are five elements of Internal Controls:
i. Control Environment,
ii. Risk Assessment,
iii. Control Activities,
iv. Information and Communication, and
v. Monitoring.

i. Control Environment:
Control environment is created by the management to influence the control
consciousness of the staff. It includes:-
a. Manager’s philosophy and operating style.
b. Delegation of powers i.e. Methods to assign the job.
c. The organizational structure.
d. HRM policies and practices.
e. Integrity and ethical values.
f. Commitments to competence.
g. Reaction to change influences.
h. Existence of an Internal Control Unit.

Page | 40
 ii. Risk Assessment:
Risk assessment is very much helpful to implement the internal controls. It identifies
and highlights the area where the internal control is required. Risk can be minimized by
implementing risk assessment.
iii. Control Activities:
Control activities are the policies and procedures which are helpful to manage and
ensure the internal control.
Control activities occur throughout all the levels of organization. It includes:-
a. Proper authorization of transactions;
b. Physical control over assets and records;
c. Independent checks on performance;
d. Adequate segregation of duties.
iv. Information and Communication:
Important information must be identified and communicated to the management as
well as staff member. Communication and information plays a vital role to carry on the
organization’s functions / activity in proper manners.

v. Monitoring:
Monitoring is the crux of internal controls. If the proper action is not taken while
monitoring, against violation of internal controls then it is just wastage of money to develop
internal controls. It involves the ongoing and periodic assessment of internal control
performance.

V. Kinds of Internal Controls

Following are different forms and objectives of Internal Controls.

a. Input VS Output Controls:

Input Controls mean the initial input data control i.e. password etc. Output
Controls are controls over the output from system i.e. comparing cheques, cash
disbursements etc.

b. Independent VS Interrelated Controls:

Independent Controls mean a control which independently can control and
manage the record i.e. reconciliation is an independent control. Interrelated Control
is a control on processing and output i.e. input data regarding reconciliation.

Page | 41
 c. Manual VS Electronic Controls:
Manual Control is operated by staff. It includes misjudgment, human errors,
carelessness, fatigue etc. Such control is visible. Electronic Control is invisible
control. It is built on computer programs, soft wares, etc. i.e. the report
electronically generated with no signature, biometric attendance.
d. General VS Applications Controls:
General Controls are applicable to the accounting systems i.e. password
restricting access to a computer network. Application Controls relate to protect a
specific process function to ensure transactions are complete, accurate and authorized.
e. Documented VS Undocumented Controls:
Documented Controls means the evidences of controls are performed i.e.
signature & initial. Undocumented Controls means the evidences of controls are not
performed i.e. electronic generated reports where signature is not required.
f. Preventive VS Detective Controls:
Preventive Controls means identification of errors before transaction is taken
place. Most data entry controls are preventive controls i.e. Pre-audit of documents.
Detective Controls means to identify the errors after happening of events /
transactions. Most output controls and reconciliation are detective controls i.e. Post
Audit of documents.
Preventive controls are usually less costly than detective controls.
g. Compensating Controls:
Compensating Controls means a control is implemented in a weak control. For
example, a cheque is recorded for incorrect amount then it can be ascertained at the
time of reconciliation.

Limitations of Internal Controls:

1. Achieve its objectives
2. Comply with laws and regulations.
3. Ensure reliable financial reporting.
4. Prevent loss of resources.

VI. Role of Internal Audit

Internal Audit is itself an internal control. It should be independent in its work.
Management should not have undue influence on internal audit unit. So, in this way, internal

Page | 42
audit can play its role and achieve its objective. Therefore, its report will be very much
helpful for the management for decision making and monitoring.
Following ways the internal audit can play a vital role:
1. Not the Part of Operational Management:
Internal audit must not the part of operational management. If it will participate in
operational control, then it cannot perform its duty and audit work in effective and efficient
manners because every decision and operation will be taken with its consent.
2. Review and Audit of Management / Organization:
The internal audit should not perform the checks on current basis. Management
cannot work properly if checks are performed on current basis.
It should check the audit work and review independently after passing time to monitor
the duties of management are properly performed or not.
3. Co-ordination and Co-operation:
There is a relationship between DAGP and internal audit due to co-ordination, co-
operation and professional reliance. If the DAGP understands that internal audit is
independent, so DAGP can rely its audit work up to 80%. This relationship can be enhanced
by following ways:-
 Internal audit and DAGP will co-ordinate each other in audit efforts by
knowledge and amendments in their plans.
 Having access to each other’s plans and programs.
 Access to internal audit’s working papers.
 Exchange of audit reports and management letters.
 Common, understanding of audit techniques, methods and terminologies.
 Rely on internal audit work & report and reduce additional requirement of
DAGP i.e. additional testing, etc.
4. Provide Effectiveness of the Internal Controls:
Internal audit should provide adequate assessment and effectiveness of the internal
control. If the auditors of DAGP monitor the internal audit and impress from internal control,
then DAGP will prefer and may certify their work. DAGP may re-perform their audit work
which it is considered by them.
5. Internal Audit as Team Member:
If the audit party is impressed by the internal audit unit, then it can become its team
member. The audit party will check and review its work like its own member’s work.
Internal audit will help the DAGP to perform its audit work and objectives.
Page | 43
VII. Documenting Our Understanding Of Controls
The auditor should understand the internal controls on organization. He should
prepare the documents regarding internal control which reflects his ability to assess the
controls. The documentation of internal controls should be the part of audit. It helps in
supervision and improves the communication between the audit team.
There are 4 methods of documentation. It will be the part of permanent file.
1. Narrative:
It is a written descriptive material of documentation. There are four characteristics:
 Origin of every document and record in system,
 Description / detail of all process,
 Disposition of every document,
 Indication of control.
It is very laborious and bore working for reader.

2. Flow Chart:
It is time consuming exercise. To draw a flow chart, all symbols must be identified
and recognized. It is very convenient for a reader to understand the information than
narrative. It:-
 Provides a concise overview,
 Helps to identify inadequacy,
 Shows clearly the separation of duties, and
 Is easier to follow a diagram.
3. Internal Control Questionnaires (ICQs):
It is the method which FAM recommends to make documentation of understanding. It
is very easy and understandable. The auditor answers just in “Yes” or “No”. ICQ requires a
thorough check of internal controls to answer the questionnaires. Questionnaires are not
updated. These may be answered without thorough check of internal controls.
4. Walk Through (Cradle to Grave Test):
It is a method which is adopted from start to end. All information from beginning to
end is disclosed. To conduct this method, an auditor select 3-6 transactions and tracing all the
transactions into the audit cycle until it is summarized and included in audit report.

Page | 44
5. DETERMINE COMPONENTS:
The auditor divides the financial statements into different parts or components. Each
component is audited separately. Risk is assessed for each component i.e. Inherent Risk,
Control Risk, Detection Risk, etc.
For a financial statement audit, financial statements are logically dividing into parts/
components by considering “Line Item”. So, Line Item is a component which shows the
amount reported in financial statements disclosing the notes.
Some items are shown in different groups i.e. expenditures may be grouped by:-
 Ministries, Departments, Agencies’ expenses.
 Appropriation Accounts.
 Economic Functions (General Public Services)
 Object Element (Pay Roll expenditure, etc.)
In expenditure group, object element or ministries expenses will be considered as
separate components.

Individual Significant Transactions & Events:

Individual significant transactions include:
I. Very large transactions & events.
II. High risk transactions & events.
Both transactions will be audited 100% by auditor due to their significance. High
value items may be found errors, so there will be high risk of errors.
Large transactions are normally easy to find and detect. The auditor will focus on
such amounts seriously.

6. DETERMINE FINANCIAL AUDIT AND COMPLIANCE

WITH AUTHORITY OBJECTIVES AND ERROR/
IRREGULARITY CONDITIONS.

There are certain specific financial audit objections:

 Validity (Existence of Assets & Liabilities, Occurrence of Expenditure)
 Ownership,
 Completeness of transactions,
 Valuation / measurements,

Page | 45
  Presentation,
 Compliance with relevant laws.

I. Related Compliance with Authority Objectives:

Reviewing compliance with laws and regulations is very important. The auditor
should prepare a procedure and steps to meet the audit objectives of compliance with
authority. It is a necessary for an auditor to test for compliance with related rules, laws and
procedures according to DAGP’s auditing standards.
Basically, there are 3 objectives of CWA audit:-
 Spend:
Determine that:
a. The services are actually performed or the goods are received,
b. The expenditure is consistent with the nature to which is charged,
c. The expenditure does not exceed in total approved expenditure.
d. The expenditure is in accordance with the legislation and the rules and
regulations.

 Borrow:
Determine that the amounts and debt terms (period, interest rates, repayment
schedule, etc) are according to the appropriate law.
 Revenue:
Determine that the cash received is:
• For an approved tax or approved revenue source.
• In accordance with applicable legislation.
NOTE:
 Federal and Provincial governments are generally considered to be audited
for all above objectives because the governments have been authorized to
borrow.

 District Government has not been authorized to borrow, so it will be audited

only for spending and revenue rising, not for borrowings.

II. Potential Error Condition:

Error conditions are ways in which an asset, liability, revenue or expenditure item
may not be valid and complete.

Example 1: (Financial Audit)

Page | 46
 For the completeness of Payroll expenditure, the auditor considers how Payroll
expenditure figure might not be complete and may identify 3 errors:-

i. Services performed but yet not paid.

ii. Payment made but not recorded in Payroll Register.
iii. The amount of Payroll has not been included in Financial Statements.

Example 2: (Compliance with Authority Audit)

i. The work performed was not properly approved.

ii. The payments were not properly approved.
iii. In case of receipt, following 3 errors are found:-
 Income Tax receipts are not deposited into Bank.
 Income Tax receipts are not recorded in Cash Receipt register.
 The amounts in cash receipt register are not included in financial statements
amounts.

7. ASSESS INHERENT AND CONTROL RISKS.

INHERENT RISK:

“Inherent Risk is chance of material error assuming there are not internal controls”.
Higher the inherent risk, higher audit effort required. It is assessed in a hypothetical
environment.

Factors of Inherent Risk:

Following are factors of Inherent Risk:-
I. The Nature of Component: It means chance of lost in high i.e. cash have
many chances of lost than fixed assets.
II. Homogeneous Items: There are many chairs of same size and design in store
room, so there are more chances of lost due to same size and design.
III. Volume of Activity: There are lot of transaction processes, so chances of
occurring errors are huge.
IV. Competency of the Staff Processing the Transactions: If incompetent staff
has been appointed to process the transactions then the chances of occurring
errors will be large due to carelessness and incompetency.

Page | 47
 V. Number of Locations: If the transactions are recorded at more than one
location then the chances of occurring errors will be high and difficult to avoid
the risk.
VI. Accounting Policies: If the Accounting Policies are not properly followed by
the audited entities, then the chance of occurring errors may be larger i.e. Cash
basis accounting policy has more chances of embezzlement of cash than
accrual basis accounting policy.
VII. Risk of Frauds: An error could be intentional one. The Auditor should be
questioning mind. If he will not able to detect fraud, then he may be
considered incompetent. If the management will misrepresent the record, it
will be factor of inherent risk.

Guidelines for Professional Judgment of Inherent Risk

Level of Inherent Risk Risk Resulting Assurance
High Inherent Risk 60% 40%
Moderate Inherent Risk 50% 50%
Low Inherent Risk 40% 60%
There is positive relation between level of Inherent Risk and Risk.
Control Risk:
“Control Risk is the chance that the Internal Controls will prevent or detect Material
Error.”
Internal Controls are assessed in the planning stage and it can be modified according
to requirements. There is a risk that the material errors are not detected / prevented by
Internal Controls, so risk can be minimized but not eliminated.
Indicators of Positive Control Risk.
 Policies and procedures relating to Internal Control.
 Appropriate Organizational Structure.
 Senior Management Role.
 Actions of Management.
 Positive Attitude i.e. dedicating efforts of auditor, disciplinary action against
defaulters, etc.
If Control Risk is high, then more audit efforts are required to detect errors.
Note: The cost of Internal Control should not exceed the potential losses that
could occur without those controls.

Page | 48
 Cost of Internal Control < Prevented losses.
Rs. 10,000 < Rs. 20,000
Then, Rs. 10,000 must be spent for Internal Controls

Table for Professional Judgment of Control Risk.

Level of Control Risk Risk Resulting
Assurance
High (Poor Internal Controls) 80% Up to 20%
Moderate (Moderate Internal Controls) 50% Up to 50%
Low (High Internal Controls) 20% Up to 80%
There is negative relation between level of Control Risk and Risk.

8. DETERMINE MIX OF TESTS OF INTERNAL

CONTROLS, ANALYTICAL PROCEDURE AND
SUBSTANTIVE TESTS OF DETAILS.
Financial Audit Procedures usually includes tests of internal controls, substantive tests
of details and analytical procedures.

 Test of Internal Controls: means to get assurance that the internal controls
are operating effectively and efficiently.
 Substantive Tests: are used to check and verify the accuracy and
completeness of data produced by the accounting system. It can be divided
into:
 Analytical / Substantive Procedure.
 Substantive Tests of Details (STD).
Audit procedure is applicable on financial statements. It is used to assure the internal
controls and substantive assurance. It is called “dual purpose tests”.
Above three tests are discussed below:

I. TESTS OF INTERNAL CONTROLS

It includes:
• Inquiries of entity personnel,
• Observation of policies and procedures,
• Walk through procedures,
Selecting a sample of transactions and verifying that the internal controls’
procedures were followed.

Page | 49
 Test of internal Controls are also called “Compliance Testing or Audit of
Internal Controls”.
Note: Last method is normally used to test the individual control.

Limitation of Internal Controls:

Followings are the limitations of internal controls:
 Management may override the specific control,
 Collusion can deceive internal controls,
 Inexperience entity officials can perform their duties ineffective manners i.e.
chance of human errors.
 Unusual transactions may not cover by the internal controls i.e. transactions
arise from new activities.
 Due to high cost, management is not in position to apply internal controls.

II. ANALYTICAL / SUBSTANTIVE PROCEDURE

There are three techniques used by the auditor to:

1. Expectations should be formed regarding recorded amounts should be due to

relationship among the elements of financial and nonfinancial information.
2. Compare the expectation with recorded amounts.
3. Draw conclusion about entity operations, inherent risk and control risk,
accuracy and completeness of the recorded amount.

Types of Analytical Procedure:

There are several types of analytical procedure which are as follows:
1. General Review for Reasonableness/ Scanning:
General view of reasonableness is a process of eyeballing of financial
statements. In this procedure, a high level comparison is made for current
period’s information with previous period’s information. No pre-determined
initial amount is specified for identifying significant fluctuations.
2. Comparative Analysis:
Comparative analysis involves a comparison between current year reports
with previous year reports. It is assumed that prior year’s amount is
sufficiently accurate on which current year’s amount is estimated. A pre-
determined initial amount is specified for identifying significant fluctuation.
3. Predictive Analysis:
In this analysis, the current year’s reported amount is compared with
predicted amount should be on the basis of previous year’s amount. This
analysis usually results in a more precise estimate than comparative analysis.
A predetermined initial amount is specified for identifying significant
fluctuation.

Page | 50
 4. Statistical Analysis:
Statistical analysis is similar to predictive analysis. Co-relation and
Regression line method are used for analysis in this technique. This analysis is
made by drawing / identifying variables and developing an equation model.
5. Overall Verification Procedures:
An estimate of on account balance from known and verified data is built
up in this analytical procedure. It usually results in an accurate estimate of the
account. A predetermined initial amount is specified for identifying significant
fluctuation to investigate. For example, the auditor can verify the number of
rental units by type of units, average rent by type of units and vacancy rate.

All above methods are also called “Other Substantive Procedure Risk”
(OSPR)

TABLE FOR RISK AND ASSURANCE

Types of Analytical Procedure Risk Assurance

Overall reviews for Reasonableness 100% 0%

Comparative Analysis 70% or more Up to 30%

Predictive Analysis 50% or more Up to 50%

Statistical Analysis 30% or more Up to 70%

Overall Verification Procedure 10% or more Up to 90%

III. SUBSTANTIVE TESTS OF DETAILS (STD)

Physically inspecting an asset, checking transactions record to supporting

documentation and confirming amounts with third party is called STD.

Methods of Substantive Tests of Details (STD)

Followings are the methods of Substantive Tests Details:
 Recalculation,
 Inspection,
 Confirmation,
 Cut-off Procedure.
STD involves more than sampling of transactions and events that the auditor wants to
examine. These could be:-

o Very large transactions and events.

Page | 51
 “OR”
o High risk transactions and events.

STD also identifies the compliance with Authority test i.e. rules and regulations that
apply to an entity.

AUDIT RISK MODEL

Audit Risk Model is very helpful to draw sample of transaction. It is a useful way to
tie together all of the various sources of audit assurance.

Audit risk model involves all kind of risks i.e. Inherent Risk, Control Risk, Detection
Risk.

Detection Risk is combination of Substantive/Analytical Procedure and Substantive

Test of Details.

AR = IR x CR x DR.

Where AR = Audit Risk, IR = Inherent Risk, CR = Control Risk, DR = Detection Risk

DR = Other Substantive Procedure Risk (OSPR) X Substantive Tests of Details Risk (STDR)

So,

AR = IR x CR x OSPR x STDR

AR
STDR =
IR x CR x OSPR
Confidence Level = 1 – STDR

Auditor can afford high STDR because other risks are providing assurance.
Audit risk has inverse relation with assurance. IR and CR have direct relation with
assurance.

Page | 52
EXAMPLE:
If AR = 5%, IR = 50%, CR = 50%, OSPR = 50% then STDR =?

AR
STDR =
IR x CR x OSPR

0.05
STDR =
0.50X0.50X0.50
0.05
STDR = = 0.40 or 40%
0.125
So
Confidence Level = 1 – STDR

Confidence Level = 1 – 0.40 = 0.60 or 60%

NOTE:

Auditor can afford high STDR because other components of Audit Risk
Model provide assurance.

Page | 53
 Chapter No. 8

ACTIVITY AND RESOURCE

PLANNING FOR INDIVIDUAL AUDITS
There are four stages of detailed planning.
1. Staff Requirements
2. Timing of Audit includes (Interim Audit)
3. Budget Requirements
4. Formulate / Update Audit Programs.
1. STAFF REQUIREMENTS:
Staffing means those auditors who have the skills should assign the audit work.
Skilled and experienced staff will perform audit work efficiently and effectively. Staffing
requirement can be fulfilled by calculating person days as following:
Person days = No. of Persons X No. of days
Level of staffing can be affected by changing in nature, extension and timing of audit.
Factors for allocating staffing:
 Mixture of required skills: Technical & Supervisory skills are required to
complete audit.
 Risky Assignment: Risky and difficult assignments are assigned to
efficient and better auditors.
 Audit Dead-Lines: Audit must be completed within prescribed dates. So,
if there are much work to perform, then staff members can be increased to
finish the audit within due date.
 Audit Continuity: Some auditors should resend to perform the audit work
of the entity who conducted the audit of that particular entity last year. It
will be helpful while conducting audit of the entity. So, auditor will have
knowledge about the entity.
 Rotation Policy: Audit must be rotated every year. It will enhance the
auditor’s personal judgement and professional skills. It will show the
planning and performance of audit.

Page | 54
  Learning and Advancement: Due to rotation policy, it will be very helpful
to junior staff members who assist the senior members and get knowledge,
method, skills and experience regarding audit work.
2. TIMING OF AUDIT:
Financial year of all government entities ends on 30th June of each year. So, according
to NAM, these entities has to submit their accounts to AGP for audit purpose up to 30th
August of each year and AGP must issue report on or before 30th October.
So, AGP has to introduce an “Interim Audit” to provide his report to Parliament due
to shortage of time.
INTERIM AUDIT:
It is an audit performed at an interim date. Interim date is a date in advance of the year
end date. The auditor will perform audit for first 6 months (i.e. 1st July to 31st Dec) in
February and March. Next 3 months’ audit (1st Jan to 31st March) in May and remaining 3
months’ audit will be performed after 30th June. So, Interim Audit is performed in three
stages i.e. First six months, second quarter and third quarter.
Factors for Determining the Time / Benefits of Interim Audit:
i. Interim Audit: It improves the timeliness of audit report.
ii. Change the Planning & Decisions: Interim Audit provides the indications
that the auditor can change / update his decision and planning which he has
standardised i.e. verification of Internal Controls.
iii. Staff Problems: Interim Audit solves the staffing problems. Audit work can be
performed effectively and efficiently by conducting interim audit in spite of
lack of staff members.
iv. High Cost: Interim Audit’s drawback is that, it enhances the audit cost. So, it
is not adopted by the AGP.
3. BUDGET REQUIREMENTS:
Budget requirements are third most important activity of audit planning and most
important. No audit work can be performed without allocating budget for audit purposes. Any
change in nature, extent and timing effect the budget allocation. The audit budget includes:
i. Cost of travel, accommodation and subsistence while visiting audit sites. (i.e.
Daily Allowance)
ii. Cost of any purchase (i.e. Stationery)
iii. Level of effort of audit team members (i.e. Honorarium)

Page | 55
Factors for Allocation of Budget:
Following factors must be considered while allocating the budget:
 Size of entity:
Size (large or small scale) of entity has a limited effect on budget
requirement. According to size of entity, budget requirement may be
increased or decreased due to incurring of expenditures.
 Complexity of the entity & its transactions:
Some entity’s nature of work is very complex and its transactions are not
easy to understand and audit. So, these entities require more expenditure
than straightforward entities. So budget requirements for complex entities
will be larger than other entities.
 Audit Risk:
Audit risk and audit assurance have a negative relation with each other. If
the audit risk is higher then audit assurance will be low for audit, so the
auditor has to perform more work. If the audit risk is lower then the audit
assurance will be high, so the auditor has to perform less work to provide
the audit assurance.
Audit Risk Audit Assurance Required
3% 97%
5% 95%
So, higher audit risk will affect the budget requirement due to more
expenditure and the higher audit risk has positive relation with budget
requirements.
 Inherent Risk:
Inherent Risk and audit assurance has negative relation with each other. If
there is high inherent risk, then audit assurance will be low and vice versa.
Due to high rate of inherent risk, assurance will be low and much work
will be performed to achieve required assurance and vice versa.
Audit Inherent Risk Audit Assurance Required
High 60% 40%
Moderate 50% 50%
Low 40% 60%
So, High inherent risk has positive relation with budgeted requirements.

Page | 56
  Control Risk:
Control risk and audit assurance has also positive relation between each
other. High control risk means low level of efforts is required to credible
and reliable audit report. There is negative relation with budgeted
requirement and control risk.
Control Risk Audit Assurance Required
High 80% up to 20%
Moderate 50% up to 50%
Low 20% up to 80%
 Experience of the Staff performing the Audit:
Auditor’s knowledge, skills, integrity and experience is cause of low
budgeting requirements. Trained staff will perform audit work effectively
and efficiently within short span of time. If work load will be reduced then
the budget requirement will automatically be reduced.
4. FORMULATE / UPDATE AUDIT PROGRAMS / EXECUTION OF
AUDIT PROGRAMS:
Audit programs are formulated for substantive audit. Audit programs contain
procedures necessary to obtain sufficient, relevant, reliable, timely and objective evidence to
support audit findings. Followings are the components of audit programs:
i. Internal Control Questionnaires (ICQs) and test of Internal Control
ii. Analytical Procedures / Substantive Analysis.
iii. Substantive Tests of Details.
After planning phase, the auditor must update:
1. The Permanent File.
2. The Planning File.
3. Audit Planning Memorandum.
4. Audit Program.
5. Staffing Requirements.
6. Budget Requirements.
7. Timing Consideration.
8. List of information to be obtained from officials of entities.

Page | 57
Chapter No. 9
CONDUCTING THE AUDIT
Conducting the audit means the auditor is in field to perform the audit work. The
updated audit programs will guide the detailed activities of the auditors. Audit activities are
performed for regularity audit. The auditors have to conduct three types of audit for regularity
audit.
• Compliance testing
• Substantive Testing/ Analytical Procedure.
• Substantive Test of details.
 Compliance Testing:
Compliance testing is the first step of conducting the audit. Compliance test means to
evaluate the effectiveness of internal controls.
In planning phase, a judgement regarding internal controls are made (i.e. internal
controls are good and working effectively) and rely on internal controls. So, the judgement
can be modified by verification or audit of internal controls through sample size.
If the auditor assures that there are 0% error rate and 5% tolerable rate of errors, then
the auditor will take sample size between 30 and 60.
Compliance testing minimizes the substantive audit (financial audit).
 Substantive Testing/ Analytical Procedure.
After performing compliance testing, the auditor has to provide more assurance
regarding accuracy of financial statements. So, assurance can be provided through detailed
testing of sampling transactions. The reliance of substantive analysis depends upon the
following factors.
• Materiality:
Materiality of items means verification of amount / value shown in financial
statements. The auditor does not depend upon analytical procedures only for heavy amount.
He has to perform the thorough check of amount from vouchers to financial statement.
• Other Audit Procedures:
Adopt other audit procedures i.e.
i. General reviews for reasonableness.
ii. Predictive Analysis.
iii. Statistical Analysis.
iv. Comparative Analysis.

Page | 58
 v. Overall verification procedure.
• Level of Precision:
Precision can be made if there is a certainty of an event. It can be obtained by
adopting any above mentioned procedures.
• Results of the Evaluation of Internal Control:
Reports of audit normally depend on results of evaluating internal controls. If results
show the weak internal controls, then assurance / reliability can be obtained by adopting
Tests of Details.
 Substantive Tests of Details:
More reliability and assurance can be obtained by adopting following techniques of
tests of details.
• Re-computation / Recalculation:
This technique is used to verify the arithmetical accuracy of financial statements. It
provides the strong evidence of the tested operations. It cannot provide the evidence
regarding completeness, accuracy, existence or authorization of components of the
computation.
• Confirmation:
This technique is used to provide strong evidence from external source. This
procedure is used to confirm cash at bank or amount owing from creditors.
• Inspection:
This technique is used for verification of physical existence of assets and
documentation of transactions (i.e. date, price, quantity, total amount, authorized person’s
signature on vouchers). It does not provide evidence about ownership, completeness or
valuation of assets.
• Cut-off Procedures:
Cut-off Procedures are normally adopted to insure the proper recording of
transactions i.e. only current financial year’s transactions, not last year’s transactions. This
technique is used to find errors of omission and commission.

Page | 59
SELECTION OF ITEM FOR TESTS OF DETAILS
I. Selection of Items:
Generally, some of the all items are selected from prescribed data for audit purposes
but the opinions / reports are generated about the whole data. Items can be selected by
following ways:
• Selecting key (risky) and high value.
• Taking a representative sample from whole data.
• A combination of both.
II. Substantive Sampling Plan:
It is very important that how a sample will be selected? Without using scientific
techniques, s sufficient and representative sample cannot be selected for assurance of
financial statements. The total level of errors in population is deducted from the sample on
scientific basis. In implementing a substantive plan, following steps should be considered.
• Decide what is to be tested?
• Define and select the sample.
• Audit the sample items.
• Evaluate and interpret the results.
III. What is to be tested?
First of all, auditor will decide the objectives of the test. It includes defining,
acceptable risk of material error, the population from which sample will be selected. Larger
the sample size, occurrence of sample items will have more chances.
Completeness of the population cannot be verified by using a sample because omitted
items have no chance to be selected.
IV. Define and select the sample:
It is necessary for accurate and reliable conclusions to select a representative sample
from whole population. To determine sample size, following levels should be considered.
• Acceptable level of Materiality. (compared to the value of the population)
• Level of confidence i.e. 95%
• Expected aggregate errors / assumed level of error i.e. 20% (Cannot be
known until sample has been taken)
Monetary Unit Sampling (MUS) method is preferred for selecting samples. This
method is used in form of currency i.e. Pak Rupee, Dollars etc. The Auditor can sometimes
reduce the sample size by using a Stratified Sample.

Page | 60
 Stratified Sample means large value transactions will be tested 100% and sample
will be taken from small value transactions at the ratio of 80:20. 80 represent the large
transaction’s ratio where 20 show the small transaction’s ratio. 80% transactions in total
population are larger values. Samples are taken from population by fixed intervals.
V. Audit the sample item:
There is no compromise while conducting audit of transactions of large value and
representative samples of small value. Both will be audited at 100%.

VI. Evaluate and interpret the results:

The auditors must conclude a result for the population on the basis of samples.
Because the auditors have to submit a report / opinions regarding audit works and audit
findings and reliability of financial statements.
The errors which are derived while auditing from a representative sample will be
estimated / considered 100 times heavy as the errors are discovered.
EXAMPLE:
Population : 100,000 Items.
Sample Taken: 1,000 Items. (divide by 100)
After Verification Rs. 50,000 has been discovered as error. Then this error will be
considered for population 100 times more than discovered in sample:-
i.e. Rs. 50,000 x 100 = 5,000,000 rupees (Approx)
This means errors in population = Rs. 5 Million

EVIDENCE
“The auditor requires evidence to support all information presented in the audit
report.” Observation without evidence has no value and is not considered by the higher
authorities.
Essentials / Attributes / Characteristics:
Evidence has 4 essentials:
• Sufficient
• Relevant
• Reliable
• Objective

Page | 61
  Sufficient:
Evidence should be very strong and clear for understanding of a common man for his
conclusion. It should be sufficient to lead a reasonable person to the same conclusion. The
sufficiency will be influenced by:
• The auditor’s knowledge of the entity & its environment.
• Materiality / Significance of matters.
• Depth of audit either limited area or cover the whole population.
• Assurance provided by the auditor.
• Quality and quantity of evidence.
• Acceptance of the evidence by the management.

 Relevant:
Evidence must be related with audit programs. Relevancy refers a relationship of the
evidence to its use and applicability. Relevant information regarding evidence must be
collected. Audit evidence must support audit statements directly and timely.
 Reliable:
Collected information must be reliable which will cause of reliable evidence.
Evidence will be considered reliable if:
• Based on facts not on opinion.
• An accurate reflection of reality.
• From a reliable source.
• Consistent with other evidence (to support by other evidence)
• Remains true and valuable for all situations within audit domain.
Observations and interviews are not considered as reliable source of collecting
evidence. Occasionally, documented evidence may be un-reliable.
 Objective:
Evidence should be objective and free from bias. Evidence should be neutral and
impartial. Evidence should not base on assumptions and close-mind.
Evidence should be evaluated objectively. Alternative interpretation of the same
evidence should not be considered and inconsistencies in the evidence should also be
resolved before reaching the final conclusions.
TYPES OF EVIDENCE:
Evidence can be classified into 5 categories:-
i. Documentary;
ii. Observational;

Page | 62
 iii. Physical;
iv. Oral; and
v. Analytical.
1. Documentary:
Document is most reliable source of evidence. It is the main source of audit evidence.
Documentary evidence can be further divided into:
a) Internal Evidence: Internal evidence is provided by the management i.e. accounting
record, copies of outgoing correspondence, budget, internal reports etc.
b) External Evidence: External evidence is provided by the supplier, bank and other
stake holders (third parties) i.e. letter, memorandum etc.
2. Observational:
Observational evidence is obtained by observing people, events or examining
property. Observational evidence will be more reliable if it is obtained by 2 auditors. At the
time of inspection, if observational evidence is not proved then the auditor will be liable who
provides observational evidence.
3. Physical:
Physical evidence consists of photographs and videos of assets. Physical evidence is
normally collected in copy, not in original. But, some special standards require the original
physical evidence to support the audit objection.
4. Oral:
Oral evidence means evidence is collected through interviews, inquiries and quotes.
Interview plays vital role to collect oral evidence. Followings are the source of oral evidence.
• Various levels of management.
• Person directly involved in operations.
• Suppliers & Contractors.
• Recipient of Government Services.
• Experts and consultants.
• Members of general public.
• Other ministries / departments, etc.
5. Analytical:
Analysis of data can provide important information. Strong analytical skills of
auditors provide the information to management which is unknown by it. This evidence is
collected by analysing data. Uses of analytical evidence:-
• Calculating variability in levels of efficiency.
• Ensuring interest payments are properly calculated.

Page | 63
 • Confirming the payroll and expenditure are accurate.
COLLECTION OF EVIDENCE
Evidence can be collected by the following ways:-
• Broad Approach
• Specific Approach
• Expanded Approach
 Broad Approach:
In Broad Approach, in planning stage at the time of starting audit, data is collected as
evidence. Interviews or inquiries are the main source of collection of evidence. More open
questions are asked to collect evidence.
 Specific Approach:
In Specific Approach, the collected evidences are gathered and highlighted in Broad
Approach. Then specify the key questions regarding related audit findings and analyse their
answers. More précised and specific questions are asked for collecting evidence.
 Expanded Approach:
In Expanded Approach, specific questions are expanded for further and detail
collection of evidence data. The auditor should apply his judgement that what evidence
should collect and what should ignore.
DEALING WITH THE MATTERS DURING FIELD WORK.
Audit is very difficult task to perform. Therefore, auditor has to face and handle the
matters during field work. Main task of audit is to find audit objections and relevant reliable
evidence to support the audit findings.
In this process to obtain evidence, auditor should deal with the following matters:-
I. Un-anticipated Matters:
Audit programs have already approved by the authority and it should not assume that
these cannot be changed. Audit programs can be changed and modified according to
difference situations.
If there are minor un-anticipated matters then auditor can change the audit program
without prior permission. However, if the matter is more significant then the auditor has to
obtain approval for modification in audit program.

Page | 64
 Examples:
1. If auditor assumes 80% Control Risk in planning phase but he has no enough time
to audit Internal Controls in field work then he can assume 100% Control Risk.
No approval is required for modification.
2. Change in audit programs is required approval of management i.e. increase in
number of days, increase in number of auditors etc.
II. The Substance of Transactions:
The auditor should verify that the transactions, which have shown in financial
statements, were actually performed or not. Identify that what is the result of transactions.
Example:
 A bribe is shown as commission.
 Purchase of assets is shown as long term lease.

III. Inadequately Supported Transactions:

It means if the management is not providing the required document which will become
the evidence and support the audit findings then the auditor should make reasonable efforts to
locate it.
If the auditor will not make reasonable efforts then the official and management will
prove the negligence of auditor on later date.
Example:
If the management purchases equipments, Invoice and Purchase Order is supporting
the transactions but receiving report of equipments is missing then the auditor should
physically examine the equipment. If he finds the equipments then it will support transactions
that equipments have actually received.
IV. Conflicting Audit Evidence:
When the auditor gets evidence regarding a particular balance, transaction or event
that is not supported by other evidence is called Conflicting Audit Evidence.
Examples:
1. Material errors are identified in analytical procedures but substantive tests of
details show no material error.
In this example, the auditor should ignore the results of analytical procedure. So
he should re-conduct the analytical procedure and tests of detail to solve the
conflict in evidence.

Page | 65
 2. One entity official provides information which is not supported by the information
of another official of entity.
In this example, when the auditor receives conflicting information from officials, he
should consider following steps:
 Both officials’ information is reliable.
 To identify the reason of providing different information.

3. The auditor identifies the material error and asks the management to investigate.
But the official provides after analysis that there is no material errors.

In this example, when auditor’s analysis does not support the auditor’s estimates then
the auditor should audit the entity’s analysis with supporting documents.
The auditor should not provide the assurance of audit until the conflicting evidence is
resolved.

CAUSE AND EFFECT ANALYSIS

CAUSE:
Cause is the main source which helps to audit the documents i.e. financial statements.
If an observation found is weak or erroneous, then one of the following causes will be
happened:
• Inexperienced individual carrying out the transactions.
• Insufficient training of that individual.
• Lack of proper systems and procedures.
• Insufficient management involvement.
• Unclear accountability.
EFFECT:
The auditor needs to identify the actual or potential effect of the observation. The
observations which are identified then what kind of effects will be happened on correctness
of financial statements.
Therefore, Cause and Effect Analysis are very difficult. Sometimes, the relationship
between underlying cause and effect cannot be proved.

Page | 66
CONCLUSION AND RECOMMENDATIONS
CONCLUSION:
Conclusion refers comparing of actual findings of audit with expected findings
(accounting standards, criteria) and identifying the deviations or differences.
Auditor has to face unanticipated evidences during field work while collecting the
evidence. Audit reports generally depend upon conclusion and recommendations.
Conclusions should focus on significant and important issues. Following are points of
important issues:
i. In-efficient or in-effective operations.
ii. Failure to measure and report on the efficiency of operations and effectiveness
of the programs.
Performance audits are also concerned with:-
i. Failure to acquire resources economically and to safeguard.
ii. Lack of accountability.
iii. Inadequate Control and excessive risk.
iv. In-efficiencies, errors, waste & misuse.
RECOMMENDATIONS:
After clearing the actual findings at different level of management of the entity then
the auditor should explore potential recommendations. Those are supported by the
management and then these will be implemented effectively and efficiently.
Recommendations should underlie the cause of errors or deficiencies.
i. Alternative courses of remedies.
ii. Effects, positive or negative, while adopting recommendations.
iii. Feasibility & cost of recommendation adopting.

QUALITY ASSURANCE DURING FIELD WORK

Quality can be assured during field work by:-
• Supervision
• Review
• Timely Reporting
 Supervision:
Supervision is essential to ensure the quality of the audit work. The work should be
properly supervised by the supervisor. Any observation which has weak evidence will be

Page | 67
deleted by the supervisor and also identifies the observations which are not raised by the
auditor.
Proper supervision varies situation to situation as follows:-
 Junior Staff will supervise effectively as Senior Staff.
 Inexperienced auditors should supervise more closely than experienced staff.
 The auditors who are performing audit services on a complex organisation
should be supervised more closely than those auditors who are auditing simple
and routine audit.
Benefits of Supervision:
i. The auditor should understand all of the planning decisions before starting
field work.
ii. The audit work should be completed within prescribed time, unless
changes are required.
iii. Only essential work is performed.
iv. Sufficient audit evidence should be obtained.
v. Audit findings are supported by the sufficient reliable and relevant
evidence.
 Review:
A senior officer should review the working paper files of audit performed. Review
will be helpful to ensure that:-
i. All evaluations and conclusions are authenticated and supported by reliable
evidence.
ii. All errors, deficiencies and unusual matter are properly identified, documented
and evaluated.
iii. Changes and improvements for conducting audit in future should be identified
and recorded.
A preliminary review at an interim date could detect the problems with the work at an
earlier date to save the audit hours and to make amendments.
 Timely Reporting and Monitoring:
Only proper supervision and review is not sufficient for quality assurance. Monitoring
is also helpful for quality assurance i.e. timely reporting and monitoring. Quality assurance is
provided by sufficient and efficient audit work and effective monitoring. It should be
provided within budget and required deadline date. Proper supervision and monitoring will
help to generate the audit reports within prescribed date.

Page | 68
Chapter No. 10
EVALUATING AUDIT RESULTS
Errors are evaluated in three stages and the conclusion is made on results:
a) Of each test
b) Of each component
c) Of financial statements as a whole.
CAATs (Computer Assisted Auditing Techniques):
CAAT is a technique which is helpful in computerized audit. This technique is useful
to determine and calculate MLE (Most Likely Error), UEL (Upper Error Limit), MPDR
(Maximum Possible Deviation Rate) and MLDR (Most Likely Deviation Rate).
Advantages of CAATs
Following are the advantages of CAATs:-
i. Calculations are performed quickly.
ii. Various analytical procedures are performed.
iii. Various calculations are performed.
iv. Identify unusual, duplicate or missing items.
v. Comparing of data from one file to another file.
vi. Determine a sample size, select a sample and evaluate sample results.
IMPORTANT TERMINOLOGIES
1. Known Error:
Error which is found during audit work is called known error.
2. Sample Error:
A sample error is an error which is found in sample of population during audit work.
3. Sample Unit:
The sample unit is the specific item of which the population is assumed to be
composed for sampling purpose.
Example:
A population is of purchases for a year. Purchases are recorded on cash disbursement
after receiving several supplier invoices. Each supplier’s invoices contain several
purchases. In this example, sample unit could be:-
i. Each cash disbursement.
ii. Each supplier invoice within each cash disbursement.
iii. Each purchase within each supplier invoice.
iv. Each rupee of value within each purchase.

Page | 69
4. Physical Unit:
Physical unit is the specific document to which the sampling unit is assumed to relate.
Physical unit is normally the same as sample unit (i.e. cash disbursement, individual
supplier invoice, individual purchase)
5. Population Size:
Population size is the number of sampling units in the population i.e. cash
disbursement, supplier invoice, purchase or rupee.
Population size does not influence the related sample size except for small population
size. Selection of sample size depends on confidence level i.e. 95% normally.
Example:
Our population of purchases for a year may be composed of 16000 cash
disbursements, 3000 supplier’s invoices, 7000 purchases and 100,000,000 individual
rupees. Any one of them may be constituted as population size. It depends upon
sample unit.
6. Population Value:
The population value is the monetary amount of the population being sampled. In
above example Rs. 100,000,000 is population value.
There may be individually large transactions in the population then the auditor has to
audit 100% of those transactions due to high risk. Sample will be selected after
deducting large amount transactions from population.
7. Tainting:
Tainting is a percentage by which each unit is in error. MUS is a technique which
uses tainting to arrive at MLE.
8. Monetary Unit Sampling (MUS):
MUS is a technique to select a sample in a population. MUS gives importance to
transactions of high monetary values. MUS is based on possibility population to size
(PPS). MUS can be used for substantive test and may be used for compliance test.
9. Attribute Sampling:
Attribute sampling is a technique which is used for compliance testing. It cannot be
for substantive test. Attribute sampling gives equal importance to each transaction that
every transaction has equal chance of selection. Attribute sampling is helpful to verify
that either internal control is working properly or not.

Page | 70
 10. Most Likely Error (MLE):
The MLE is auditor’s best estimates of the error in the population based on result of
sample.
HOW MLE IS CALCULATED?
Example:
Population value = 500,000,000 (Materiality is 1% of Population Value)
Materiality = 500,000,000 X 1% = 5,000,000
Sample size = 325
There are high value items in 7 transactions, no error in 318 transactions.
Calculate MLE from above data.
1 2 3 4 5
Sr. No. Book Value Audit Value Error (2-3) Tainting (4/2*100%)
1 70000 35000 35000 35000/70000 X 100 = 50%
2 33000 12000 21000 21000/33000 X 100 =
63.63%
3 1500 0 1500 1500/1500 X 100 = 100%
4 11200 3300 7900 7900/11200 X 100 = 70.53%
5 4400 0 4400 4400/4400 X 100 = 100%
6 96000 91320 4680 4680/96000 X 100 = 4.875%
7 56133 20000 36133 36133/56133 X 100 =
64.37%
Total 272233 161620 110613 453.40%

Average Error Tainting = Tainting / Sample Size

Average Error Tainting = 453.40 % / 325 = 1.3950 %
MLE = Population Value X Average Error Tainting
MLE = 500,000,000 x 1.3950 % = Rs. 6,975,000
OR
MLE = Tainting x Population Value / Sample Size
MLE = 500,000,000 x 453.40 % / 325 = Rs. 6,975,384.62
IF

Page | 71
 MLE > Materiality then qualified opinion will be issued i.e. 6,975,384.62 >
500,000,000
IF
MLE < Materiality but UEL> Materiality then qualified opinion will also be issued.
Where UEL = MLE + FPE

11. Further Possible Error (FPE):

The further possible error is the difference between MLE & UEL.
FPE = UEL – MLE
FPE = Basic Precision + Precision Gap Widening
FPE is divided into two types:
i. Basic Precision (BP):
Basic Precision is the possible error that exists in population even no error is
found in sample. Basic Precision will never be zero i.e. BP ≠ 0. So, if there is
no MLE and PGW, then it will always equal to UEL i.e. UEL = BP.

ii. Precision Gap Widening (PGW):

BP does not represent the further possible error without PGW. So, PGW is the
additional Further Possible Error that results from finding errors. There is a
direct relationship between MLE, Sample Error and PGW. If MLE & Sample
Error will increase then PGW will also be increased and vice versa. If MLE is
zero, then PGW will be equal to zero.
MLE = 0, then PGW = 0.
PGW is calculated if Sample Error is > 0.
12. Upper Error Limit (UEL) OR Maximum Possible Errors(MPE):
The Upper Error Limit is the maximum possible error that could exist in the
population at a given confidence level. It can be defined as:-
UEL = MLE + FPE
Where FPE = BP + PGW
So, UEL = MLE + BP + PGW
If, MLE = 0 and PGW = 0
Then, UEL = BP.

Page | 72
 13. Maximum Possible Deviation Rate (MPDR):
In substantive test, Upper Error Limit is calculated. So in compliance testing a maximum
possible deviation rate regarding internal control is calculated by attribute sampling in
CAATs.
14. Most Likely Deviation Rate (MLDR):
In substantive test, MLE is calculated on the basis of sample size. So, in compliance
testing, MLDR is calculated to define how much internal controls are weak?

15. Tolerable Deviation Rate (TDR):

TDR is a rate which is calculated to show how much errors can be tolerated by the
users. However, materiality is determined to interpret the results of financial audit in
substantive test. A lower rate of TDR is 1% and lower rate of materiality is 2%. TDR
can be calculated from the following formula:
Materiality X Multiplier X 100
TDR =
Population Value
Where
Multiplier remains always equal to “3”.
So, in above formula, TDR is totally based on Materiality and Population Value.

Dealing with unacceptable results for substantive test and test of

details
There may be two kinds of unacceptable results regarding substantive test and test of
details:
• MLE < Materiality but UEL > Materiality.
• MLE > Materiality and UEL > Materiality.
1. If MLE is less than Materiality but UEL is greater than Materiality
In this case, the auditor has four options:
i. Increase the Materiality amount
ii. Increase the sample size
iii. Requesting entity officials to record a correcting entry
iv. Requesting entity officials to perform a detailed investigation and then re-
audit
Note: Review option is not available.
i. Increase the Materiality amount:

Page | 73
 Determination of materiality is not an exact science. It is determined only on
professional judgment of the auditor. So, it may be increased or decreased. Normally,
increasing the materiality amount up to 25% is acceptable but in some special case, it
can be acceptable up to 50% of population value.
ii. Increase the sample size:
If the sample size of the population is its representative then increase the
sample size will normally provide the same results. It will enhance the auditors work
load. So, this option will be exercised when:
MLE < Materiality or UEL > Materiality (Slightly high)

iii. Requesting entity officials to record a correcting entry:

In this option, the officials are requested to make correcting entry not for
sample size but for whole population. If only sample size will be corrected, then the
population will contain the errors. The MLE & UEL can be decreased by amount of
any corrections. So MLE and UEL will be less than Materiality, then unqualified
opinion will be issued.
iv. Requesting entity officials to perform a detailed investigation and then re-
audit.:
Entity officials will usually be prepared to correct known errors. So, the
auditor requests to the official to perform a detailed investigation to decrease the
errors and then the auditor must conduct the re-audit and requests entity officials to
make correcting entry of known errors.
2. If MLE is greater than the Materiality but UEL is greater than Materiality
In this case, the auditor has only two options which have been already discussed in
first unacceptable results i.e.
i. Request entity to record a correcting entry
ii. Request entity officials to perform a detailed investigation and then re-audit
I. Requesting entity officials to record a correcting entry:
In this option, the officials are requested to make correcting entry not for
sample size but for whole population. If only sample size will be corrected, then the
population will contain the errors. The MLE & UEL can be decreased by amount of
any corrections. So MLE and UEL will be less than Materiality, then unqualified
opinion will be issued.

Page | 74
 II. Requesting entity officials to perform a detailed investigation and then re-
audit.:
Entity officials will usually be prepared to correct known errors. So, the
auditor requests to the official to perform a detailed investigation to decrease the
errors and then the auditor must conduct the re-audit and requests entity officials to
make correcting entry of known errors.

Note: If all above options are not possible, then the auditor will issue the qualify
opinion.

Unacceptable Results for Compliance Testing

The results of compliance testing will be unacceptable if,
MPDR > TDR
Where
TDR (Tolerable Deviation Rate)
MPDR (Maximum Possible Deviation Rate)
Example:
MPDR = 12.11%,
TDR and MLDR are calculated as below = 9% and 4.55% respectively

Internal Control Deviation X 100

Where MLDR =
Sample Size
If Internal Control Deviation = 2 Sample Size = 44,
Population Value = 100,000,000 Materiality = 3,000,000
Then MLDR = 2/44 X100% = 4.55%

Materiality X Multiplier X 100

TDR =
Population Value
Where
Multiplier remains always equal to “3”.
So
TDR = 3,000,000 X 3 X 100 / 100,000,000 = 9%
MPDR > TDR
12.11% > 9%
In above case, the auditor has three options
Page | 75
 i. Increase the Upper Error Limit (UEL).
ii. Increase the sample size.
iii. Request the officials to perform the “Missing Control” adjust the books
for all identified errors and audit the work performed.
I. Increase the Upper Error Limit:
This is equivalent to increase the materiality amount in case of monetary error.
Tolerable Deviation Rate is dependent on Materiality and Population Value. So,
increase in Materiality is the increase in TDR.
II. Increase the Sample Size:
Assuming that the sample size is the representative of the population, then the
result will not change by increasing the sample size except increasing in work
load.
III. Request the officials to perform the “Missing Control” adjust the books for
all identified errors, and audit the work performed:
Entity officials just prepare only known errors. Therefore, the auditor
should re-audit the components and request entity official to record a
correcting entry.

Page | 76
Chapter No. 11

THE REPORTING PROCESS

Following different types of reports are prepared after completion of Audit.
1. Reports for Certification:
These reports are generally followed a standard format to deliver the opinion
regarding financial audit. These reports are shorter and brief.
2. Reports on Management Controls:
These reports are delivered to the entity management. These reports identify the
weakness of controls, compliance with laws, regulations and administrative procedures.
These reports require more developed writing and reporting skills. These reports are lengthy
than certification reports and opinions.
Audit reports must be well written and supported with evidences (substantiated).
DIFFERENCE BETWEEN “OPINION” & “REPORT”
According to DAGP’s Auditing Standards the term “opinion” refers to the auditor’s
conclusions as:

a) The financial statements properly present, in all material respects, the government’s
financial position, the results of its operations, its cash flows and its expenditures and
receipts by appropriation; and

b) The sums expended have been applied, in all material respects, for the purposes
authorised by parliament and have, in all material respects, been booked to the
relevant grants and appropriations.
The term “Reports” refers to performance and compliance with authority audit.

a) At the end of each audit, the auditor shall prepare a written opinion or report, as
appropriate, setting out the findings in an appropriate form; its contents should be
easy to understand and free from vagueness or ambiguities. It should be
supported by competent, reliable, and relevant audit evidence, and be
independent, objective, fair and constructive.

b) It is for the Department of the AGP to decide finally on the action to be taken in
relation to fraudulent practices or serious irregularities discovered by the
auditors.

Page | 77
 DIFFERENCE:

The opinion is made by the auditor after completion of financial audit.

However, the reports are normally prepared and generated regarding
performance audit and compliance with authority audit.

FOCUS ON THE REPORTING PROCESS

The reporting stage of the audit often takes longer than estimated. The process of
writing the report, cross referencing to the working paper files and finalizing the working
paper files, is time consuming. Therefore, the auditor should write report during audit work.
The DAGP must ensure following points during reporting process:

• A high quality report, with clear, unambiguous messages; and

• The existence of sufficient evidence to support the wording contained within the report.

Clearing Observation, Conclusion and Recommendations.

The auditor should discuss the observations and findings with the management to
clear the objections before publishing the report. It is normally to clear the observations up
the management chain. When visiting local office, it is usual to brief the senior manager
before leaving the site.
Guidelines:
The effectiveness of the communication of the contents of an audit report is influenced
by:
i. Facts;
ii. Opinions; and
iii. Wordings.

MANAGEMENT REPRESENTATION LETTER.

The auditor prepares the management representation letter on the behalf of the entity. The
entity’s head and PAO acknowledge in writing and sign it. In this letter, the entity officials are
asked to acknowledge their responsibilities for the proper presentation, completeness and
accuracy of financial statements.
It contains following points:
1. All relevant information will be available to the auditors.

Page | 78
 2. The officials are not aware of irregularities of management or employees and
policies, rules then they have to record and disclose in financial statements.
3. List of valid and properly valued assets, liabilities, revenue and expenditure.
4. All required disclosures have been recorded.
5. There are no significant matters which are required to be disclosed in financial
statements.
6. There are no significant subsequent events which required to be disclosed in
financial statements.
The letter should normally be addressed to those persons who will sign the audit
opinion i.e. AGP, Dy. AGP (Senior) or the responsible Dy. Auditor General.
The letter should normally be signed by the:
 Head of entity.
 Principal Accounting Officer.
 Financial Advisor, and
 Finance and Accounts Officer.
WHO IS INTERESTED IN AUDIT REPORT?
Once DAGP publishes an opinion and audit report, it becomes available for review to
following parties:
1. Public Accounts Committee (PAC):
PAC is first user of opinion and report. PAC can give its recommendations on the
audit after going through the audit report. The auditor should prepare his
“Briefing Book” before discussing the matters of audit report with PAC.
Briefing Book should contain:
a. A copy of the report.
b. The key evidence (i.e. extracts of important documents).
c. Anticipated question with pre-determined answers.
2. Police, National Accountability Bureau (NAB) and Other Similar
Organizations:
Any kind of fraud is discovered in audit report. Information regarding fraud
should be intimated to above mentioned organizations for investigation,
punishment, fines and recovery from the entity.

Page | 79
3. Other External Parties:
The contents of specific audit reports may be reported by the media, reviewed
directly by the general public etc. if the auditor wishes to attract the attention of
the media and the general public. It is also important that the audit report must be
concise and clear. The use of press releases, videos, and media briefing sessions
could also be beneficial.

Page | 80
Chapter No. 12

THE AUDIT REPORT

The audit reports are presented after completion of audit work. It is compulsory to
prepare and present the audit reports.
The DAGP produces three main types of report:
1. Financial certification report: This report expresses an audit opinion.
2. Individual reports: These reports focus on investigations, compliance or
performance during audit work.
3. Annual Report (Key document)
Whatever the audit type, the following key points should be applied while preparing audit
reports:
• Audit reports should be easy for entity management to read.
• The Annual Report will be read by Parliamentarians, the media and the public. It
should be written with a minimal technical terminology.
• The contents of the report should focus only on material and significant matters.
• Any assurances, conclusions and recommendations should be useful.
• All statements should be fully supported by reliable and sufficient evidence.

 OPINION:
According to DAGP’s Auditing Standards the term “opinion” refers to the auditor’s
conclusions as:

a) The financial statements properly present, in all material respects, the

government’s financial position, the results of its operations, its cash flows
and its expenditures and receipts by appropriation; and
b) The sums expended have been applied, in all material respects, for the purposes
authorized by parliament and have, in all material respects, been booked to the
relevant grants and appropriations.

TYPES OF AUDIT OPINIONS

There are four types of audit reports.
1. Unqualified Opinion.
2. Qualified Opinion.

Page | 81
 3. Adverse Opinion.
4. Disclaimer of Opinion.
1. UNQUALIFIED OPINION:
An unqualified opinion is given when the auditor is satisfied in all material aspects
that:
i. The financial statements have been prepared using acceptable accounting basis
and policies.
ii. The statements comply with statutory requirements.
iii. The presentation of financial statements is consistent with the auditor’s
knowledge.
iv. Adequate disclosure of all materials provided properly.
Format of unqualified opinion:
The unqualified opinion should consist of following contents:
 Title
 Addressee
 Signature and date
 Three standard paragraphs:
o An Introductory Paragraph,
o A Scope Paragraph,
o An Opinion Paragraph
o Emphasis of Matter (additional paragraph)
o Introductory Paragraph:
It identifies the financial statements covered by the auditor’s opinion and
distinguishes the responsibilities of the management and the auditor.
o Scope Paragraph:
In this paragraph, the auditor informs that the audit was planned and performed
according to professional standards and the auditor has made the judgment in applying these
standards. It also provides the degree of assurance, extent and explanation of the nature of
audit.

Page | 82
 o Opinion Paragraph:
In this paragraph, the auditor provides his opinion regarding:
a) The financial statements are properly presented, in all material aspects, the
government financial position, the results of its operation, its cash flow
and its expenditures and receipts by appropriation.
b) The sums expended have been applied, in all material aspects for the
purposes authorized by the Parliament. (This paragraph may also state
whether, in the auditor’s opinion certain statutes and regulations have been
complied with.)
o Emphasis of Matter:
It is an additional paragraph and it is used in very rare cases. The auditor just
wants to insert a reference in the opinion to an unusual or important matter that is
properly disclosed in the financial statements. This paragraph is not used to express a
reservation of opinion on the financial statement and not use to rectify a lack of
appropriate disclosure in the financial statements.
2. QUALIFIED OPINION:
A qualified opinion is given by the auditor when he is not satisfied in all material respects
that:
i. A scope of limitation.
ii. A departure from the government’s accounting principles
iii. Uncertainty affecting the financial statements.
i. A scope of limitation:
A scope of limitation has occurred when the auditor has not been able to apply
all the tests and procedures considered necessary in the circumstances. The auditor
does not have sufficient and appropriate evidence to form an opinion whether the
financial statements give true and fair view.
Causes of Scope Limitation.
Following are the causes of scope limitation:
a) Circumstances beyond the control of entity and auditors; such as
destruction of accounting record.
b) Limitation imposed by the entity; such as refusing to allow the auditors to
perform different audit procedures.
c) Limitation created by the entity; such as failure in maintenance of proper
accounting record.

Page | 83
 ii. A departure from the government’s accounting principles:
It occurs when there is:
a) An inappropriate accounting treatment; such as failure to record certain
assets and liabilities.
b) An inappropriate valuation of an item in financial statement; such as
recording of fixed assets at a high cost.
c) A failure to disclose all the information required, such as not to segregate
expenditures into all categories.
It can be said “Non Observation of Accounting Principles.”
iii. Uncertainty affecting the financial statements:
An uncertainty normally involves a significant contingency or other event that is
primarily dependent on future developments or future decisions by parties other than
entity officials.
Example:
The government may have guaranteed loans to third parties who are now facing
financial difficulties. In this case, the auditor might not have sufficient information to
determine what amount, if any, the government may ultimately be required to pay.
Format of Qualified Opinion:
The qualified opinion should contain:
i. Title
ii. Addressee
iii. Signature and Date
iv. Four Standard Paragraphs:
o Introductory Paragraph
o Scope Paragraph
o Reservation
o Opinion Paragraph
o Introductory Paragraph:
It identifies the financial statements covered by the auditor’s opinion and
distinguishes the responsibilities of the management and the auditor.
o Scope Paragraph:
In this paragraph, the auditor informs that the audit was planned and performed
according to professional standards and the auditor has made the judgment in applying these
standards. It also provides the degree of assurance, extent and explanation of the nature of
audit.

Page | 84
 o Reservation:
Any kind of reservation i.e. scope of limitation, departure from Govt’s accounting principles
or uncertainty.
o Opinion Paragraph:
In this paragraph, the auditor provides his opinion regarding:
a) The financial statements are properly presented, in all material aspects,
the government financial position, the results of its operation, its cash
flow and its expenditures and receipts by appropriation.
b) The sums expended have been applied, in all material aspects for the
purposes authorized by the Parliament. (This paragraph may also state
whether, in the auditor’s opinion certain statutes and regulations have
been complied with.)

3. ADVERSE OPINION:
An adverse opinion is issued when there is a departure from government’s accounting
principles as follows:

a) So fundamental that the auditor is unable to describe clearly how the financial
statements are affected; or

b) So significant that it overshadows a clear description of how the financial statements

are affected.

In other words, “A failure to disclose all the information required.”

4. DISCLAIMER OF OPINION:
When the auditor is unable to arrive at an opinion regarding the financial statements due
to:
a) Scope of limitation:
i. Due to circumstances beyond the control of entity or auditor.
ii. Due to limitation imposed by the entity.
iii. Due to limitation created by the entity.
b) Uncertainty affecting the financial statements:
Uncertainty is dependent on happening of future event, i.e. contingency and
future decisions.

Page | 85
  REPORTS:
The term “Reports” refers to performance and compliance with authority
audit.

a) At the end of each audit, the auditor shall prepare a written opinion or
report, as appropriate, setting out the findings in an appropriate form; its
contents should be easy to understand and free from vagueness or
ambiguities. It should be supported by competent, reliable, and relevant
audit evidence, and be independent, objective, fair and constructive.
b) It is for the Department of the AGP to decide finally on the action to be
taken in relation to fraudulent practices or serious irregularities
discovered by the auditors.

Audit reports other than opinions on financial

statements
Generally there are two types of reports:
1. Audit reports
2. Management reports / Letter
1. AUDIT REPORTS:
Audit reports are the reports which are presented to PAC or other external parties (i.e.
World Bank, IMF, etc). The most important and significant matters are discussed in these reports
which must become into the knowledge of MNAs, MPAs and members of District Assembly.
It also deals with the matters that acquire the attention of the Police, NAB and other
similar organizations. Matters to be reported to these organisations include fraudulent
payments, vague practices or serious irregularities.
Structure of Audit Reports:
A useful structure of Audit Reports is as follows:
• Background material – a description of the area audited etc.
• A description of the work performed.
• A description of what entity officials should have been doing, and why?
• A description of what was found, and the cause.
• What can be concluded?

Page | 86
 • The auditor’s recommendation to deal with the matter.
• The entity’s response (if shown in a separate section).
2. MANAGEMENT REPORTS / LETTERS:
Management reports are reports addressed to entity officials. These contain matter of
less significance.
Both audit reports may deal with:
1. Reservation being expressed in the auditor’s opinion.
2. Such matter which are decided by DAGP, not expressed as reservation.
3. Comments on Financial Statements.
4. Comments on Accounting Policies.
5. Compliance with Authority violation.
6. Internal Control weakness.
7. Performance matters (Value for money).
COMPLIANCE AND PERFORMANCE REPORTS:
A report on compliance or performance should draw attention to the key issues and
concerns raised by the audit.
C = Criteria,
Structure of the Management Report is as follow: C = Condition,
The audit report should normally state the “CCCECR Model” C = Cause,
E = Effect,
1. The context (Background and description of area audited). C = Conclusion,
2. What was done? (Audit objectives and scope). R = Recommendation

3. What was expected to be found? (Audit criteria and / or laws and regulations).
4. What was found? (Findings and observation).
5. What can be concluded?
6. What should be done to improve the management of the area?
(Recommendation)
7. In some cases, management comments but not necessary always.

Page | 87
Chapter No. 13

DOCUMENTATION AND WORKING

PAPERS
WORKING PAPERS:
The auditor’s documentation in form of audit files is known as “Working Papers”. It
must be completed and always maintained.
Kinds of working papers:
Usually, there are three categories of working papers.
1. Permanent file
2. Current file
3. Briefing file
1. Permanent File:
Permanent file usually contains the information regarding audit entity. It remains
permanently within DAGP but it is updated each time. Entity’s all necessary information is
provided in the permanent file. This file always kept in safe record and destroyed when entity
is abolished.
2. Current File:
Current file usually contains the supporting documents for a specific audit. It should
be kept for a specific time after the completion of audit work, after which, it should be
archived according to DAGP records management policies. It contains further three files:
i. Planning File
ii. Execution File/ Working Paper File
iii. Reporting File
3. Briefing File:
Briefing file is a crux of all information provided in other files to support the contents
of the Annual Audit Report. This file is used to provide support to the Auditor General and
other officials of DAGP when appearing before the PAC. All statements of annual report
should be cross-referenced to the specific evidence that support each statement.
PURPOSES OF WORKING PAPER FILES.
Following are the purposes of Working Paper Files.
1. Provide evidence to support all matters included in the audit report.

Page | 88
 2. Helpful in supervision of the work.
3. Facilitate review of work performed.
4. Helpful in planning of next audit assignment.
5. Lead to accurate and complete the findings and conclusions in the audit report.
6. Protect DAGP’s reputation.
7. Help to review the audit work and supervision of the audit.
8. Demonstrate adherence to auditing standards and procedures.
CUSTODY AND MAINTENANCE OF THE WORKING PAPER FILES
Working Paper Files are confidential and the DAGP’s property. So, it is the auditor’s
responsibility to keep working paper files in a safe custody at all time. Access to audit files
should be controlled and the storage area should be secure. While maintaining the working
paper file; following guidelines should be followed:

1. No copies of working paper files should be given or shown to the audit entity

2. Working papers should not available to the third parties except in special cases

3. DAGP can provide working papers to the third parties, if necessary, only with the
consent of the audit entity

4. Files and papers should be reviewed before providing to the third party

5. DAGP should always retain control over the working paper files and inspection
should be taken place under the supervision of a representative of DAGP

6. A legal advice should be obtained before producing the working paper file in the
court for legal proceedings and investigations;

7. When original papers are required by the court for legal proceedings then copies
of the papers must be retained by DAGP.

Page | 89
Chapter No. 14

AUDIT FOLLOW UP
FOLLOW UP:
Follow up is an integral part of audit cycle. Follow up of PAC ensures that:-
“Entity officials take action to correct all errors found and
consider to perform the recommendations that are made /
provided”
There should be a follow up after completion of every financial audit.
Follow up can be made at three different stages.
1. Timing of the Follow Up.
2. Determining the Desired Level of Assurance.
3. Performing the Follow Up.
1. Timing Of The Follow Up:
To perform correction of errors, it should be corrected during audit work. If it is not
possible then it must be corrected and rectified before the start of next audit.
Example:
If material errors are found in financial year 2012-2013 and the audit of next financial
year 2013-14 will be start on 01-09-2014, then it is necessary to rectify all the errors before
01-09-2014.
Implementation of Recommendations:
There is no specific prescribed time to implement recommendations. It can be
implemented at any time but for the serious matters:-
i. A realistic time period for entity officials to the recommendation
should be provided.
ii. The realistic time period is reflected in the entity’s audit plan and
agreed by the DAGP and PAC.
2. Determining The Desired Level Of Assurance:
Correction of Errors:
There are basic two levels of assurance that the auditor can plan to achieve.
i. An audit level of assurance; and
ii. A review level of assurance.

Page | 90
 To achieve the audit level of assurance, he would need to conduct an audit of the error
investigation performed by the entity to ensure that:
a) The work performed was sufficient and appropriate and done correctly.
b) The entity’s estimate of the error was calculated correctly.
c) The correcting entry was properly recorded.
Implementation of Recommendations:
Recommendations can be implemented on audit level of assurance and review
level of assurance. The auditor will decide to:-
i. Implement the recommendations to provide audit level assurance; it
will have to perform re-audit of the area at which recommendation are
provided to see either recommendations are implemented or not.
ii. To provide at review level assurance; the auditor just reviews the
action of management taken for recommendation to correct error. No
audit will be conducted.
Normally, the cost of audit level assurance is much higher than the cost of
review. But it depends upon the nature of recommendation either assurance should be
provided at audit level or review level.
3. Performing The Follow Up:
Correction of Errors:
When at audit level of assurance is desired, the auditor should determine what
job entity’s officials have performed to investigate the errors. Then perform the audit
on their investigation of errors.
When a review level of assurance is desired, the auditor’s procedures
primarily involve asking the entity officials, “What action they have taken and what
the results were?” without verifying the work performed.
Implementation of Recommendations:
At this stage, the auditor will audit or review the work performed by entity’s
officials. During follow up, the auditor should review the status of management
actions against the plan and where appropriate and validate the reports on action taken
and identify any other issues that need to be reported. The auditor should also assess
the effectiveness of the actions.

Page | 91
Chapter No. 15

QUALITY ASSURANCE
Quality Assurance means:
“Follow up all errors and deviations after performing audit effectively and
efficiently.”
Quality assurance is a tool which is used to minimize the errors and deviations occur
during maintaining the accounts by accounting entities and exempt entities. So,
something must be assured at every step of audit work.
ELEMENTS OF QUALITY ASSURANCE:
Following elements will help to improve quality assurance:
i. DAGP’s Auditing Standards
ii. Annual Planning Processes
iii. Supervision instruments and tools which are used by the auditor. How
to plan, perform evaluate report and follow up the audit.
Quality assurance can be provided at different following phases:
I. GENERAL QUALITY ASSURANCE TECHNIQUES
There are different techniques which are going to be described in following ways:
 Quality Assurance Through DAGP’s Stated Values:
DAGP’s stated values (Accountability, Reliability and Professionalism etc.)
help to provide quality assurance during audit work. So, there values are
important components of DAGP’s Quality Assurance Foundation.
 Quality Assurance Through DAGP’s Auditing Standards:
DAGP’s auditing standards (Field Standards, Ethical Standards and General
Standards etc.) provide the support to auditor how to perform audit with
quality assurance. The auditors will perform the audit according to prescribed
standards to provide quality assurance of each audit.
 Quality Assurance Through DAGP’s Annual Planning Process:
The annual planning process helps to provide quality assurance either the
limited resources are properly utilized to perform audit or not.

Page | 92
 II. QUALITY ASSURANCE DURING PLANNING PHASE
Quality assurance procedures during planning processes are provided by
following manners:
 Quality Assurance Through A Logical Framework:
The audit cycle provides to the auditor a logical planning process to perform
audit and provide quality assurance by following ways:
i. Firstly, the most critical planning decisions are made.
ii. All required planning decisions are made.
iii. The end result of audit plan i.e. Audit Plan was followed or not.
 Quality Assurance Through Documentation And Approval of

Planning Documents:
Different documents are prepared to perform audit. It is called audit plan. It is
necessary to approve the audit plan documents. Audit plan is approved by Dy.
AGP. Audit work is performed according to approved audit plan to provide
quality assurance.
 Quality Assurance Through Assigning Appropriate Staff:
Experienced and skilled staff should be assigned according to audit work. This
staff will help to audit effective manners according to rules and regulation,
assigning of appropriate staff is a key factor to provide quality assurance.
Assigning appropriate staff means right auditor for right job.
 Quality Assurance Through Budget:
Budget plays a vital role to perform audit work with quality assurance. Budget
is allocated through the monitoring of the time consumed and numbers of
auditors are required.
III. QUALITY ASSURANCE DURING FIELD WORK PHASE
Quality assurance can be provided during the filed work by following ways:
i. Planning decisions regarding unanticipated matters should be revised
during field work.
ii. Applying minimum documentation standards.
iii. Reviewing audit working paper files.
iv. On job supervision.

Page | 93
 v. Reporting and monitoring time spent by each resource on every audit
activity.
IV. QUALITY ASSURANCE DURING THE EVALUATION
PHASE
Quality assurance during evaluation phase may be achieved b following ways:
i. All monetary errors, compliance with authority violations, ineffective
or missing internal controls and the assessment of their causes.
ii. The calculation of MLE and UEL for each test.
iii. The calculation of MLE and UEL for each component.
iv. The calculation of MLE and UEL for financial statement as a whole.
v. The assessment of the achieved level of assurance.
vi. The follow up work was performed by the entity officials.
vii. How unacceptable results were dealt with?
viii. The assessment of the reasonableness of the overall results.
V. QUALITY ASSURANCE DURING THE REPORTING
PHASE
Following tools are used to ensure the quality of auditor’s opinions, reports
and statements:
i. Management Representation Letters.
ii. Audit Completion Check Lists.
iii. Memoranda Recommending Signature.
Above documents help to ensure that DAGP is signing the most authenticated
and appropriate opinion which is supported bye required audit evidences. A
formal process is adopted by DAGP to discover report and clear the observations.
This process also helps to ensure the reports are correct. The findings, conclusions
and recommendations in these reports are easily understood, recognized and
realized by the readers.
VI. QUALITY ASSURANCE DURING THE FOLLOW UP
PHASE
Follow up phase is a major and important component for quality assurance.
This phase helps how the work is performed by quality assurance procedures
for planning, field work, evaluation and reporting phases? It improves the
quality of audit work in positive manners during all other phases.

Page | 94
VII. OTHER QUALITY ASSURANCE PROCEDURES
All following procedures help to improve the overall quality of the audit
operations:
o On Going Supervision and Review:
Appropriate and adequate supervision and review plays a vital role for
quality assurance during all phases of audit work process.
o On Going Involvement by Senior Audit Officials:
Senior audit officials are responsible to generate and write audit
opinions and reports. So, their involvement at critical stages of the
audit process provides a chance to improve the skills of inexperienced
audit staff.
On going involvement also helps to decrease the communication gap
between senior audit management and audit staff. It also helps to
monitor the audit staff effectively and efficiently.
o Audit Staff Development:
Audit work is performed by the human beings. So, experienced staff
will perform audit in effective manners than inexperienced staff.
Training and advancement should be a key factor while assigning
specific audit assignments to the audit staff. So, training programs and
workshops must be conducted by DAGP to enhance the skills of audit
staff.
o Outside Experts:
If complicated matters are faced by audit staff during audit work then
the services of outside experts can be hired.
Example:
Additional expertise are required in the area of law, engineering or
actuarial science. When audit teams require specific skills that are not
available in house then DAGP can hire the expertise form private
sector.
o Quality Assurance Reviews:
The DAGP should conduct a regular review process of its activities.
The DAGP should ensure that its internal audit standards and
procedures are followed or not because these standards are according

Page | 95
 to highly professional level standards. These reviews should be
conducted on periodic basis, selecting a few audits or activities each
year. These reviews should reflect the continuous improvement to the
quality, efficiency and effectiveness of audit work.

o Entity Feedback:
Entity’s feedback is another technique which is used to assess the
quality assurance regarding audit work. This feedback can be obtained
as part of the quality assurance reviews.
Entity officials can be asked to comment on audit work performed such
as:
i. The extent to which the auditors performed the audit work
while understanding of entity?
ii. The extent to which the auditor has unethical and unlawful
relations with internal audit department of the entity.
iii. The extent to which the senior and experience DAGP officials
were on site?
iv. The extent to which entity input was requested on error found?
v. The qualification of auditors.
vi. How much time spent by the auditor during audit of entity?
vii. The fairness of the audit opinion and reports.
viii. The reliability various audit reports.
o Information Technology And Audit Methods Specialist:
Information technology is need of every department to perform any
work in these days. So, computer assisted audit techniques (CAATs)
are used to conduct the audit work. All staff members should have
sufficient knowledge and experience to operate the CAATs.
These techniques should be available to audit team as required. If the
auditors have not experience to operate the CAATs then the services of
Information Technology Specialists can be hired to assist the audit
teams. Various audit offices have created:
i. Information technology specialists groups to assist the audit
team by using CAATs.

Page | 96
ii. Audit method specialists to provide advice and assistance to
audit team in performance of analytical procedures, statistical
sampling and modern audit techniques.
The above specialists are responsible to keep the audit offices’
methodology up to date in their areas of expertise, developing and
teaching courses etc.

Page | 97