You are on page 1of 223

Advanced Auditing

Micro Link Mekele

Teklu K. Gizaw

April 2018
The primary purpose of this course is to build
understanding of audit theory and its
application to the audit of financial statements.
 Upon completion of this course, students will
explain the current issues in auditing; discuss
the development of audit programs; gain
proficiency in audit planning, evidence
collection and documentation, evaluation of
internal control, and assessment of fraud risks.
1. The Demand for Audit
2. Audit Reports
3. Audit Objectives
4. Types of Evidence and Documentation
5. Audit Planning, Analytical Review Procedure
6. Materiality and Risk
7. Internal Control
8. Overall Audit Plan & audit Program
9. Audit Sampling
10. Risk Assessment Strategies
11. Audit Reports
12. EDP System in Auditing

Individual Assignment……………..20
Group Assignment……………………30
Final ………………………………………..50
Fraud Cases: Violation of Accounting
Case 1 Waste Management: The Matching Principle
Case 2 WorldCom: The Revenue Recognition Principle
Case 3 Qwest: The Full Disclosure Principle
Case 4 Sunbeam: The Revenue Recognition Principle
Case 5 Waste Management: The Definition of an Asset
Case 6 Enron: The Revenue Recognition Principle
Case 7 WorldCom: The Matching Principle
Case 8 The Fund of Funds: The Conservatism Constraint
Case 9 Qwest: The Revenue Recognition Principle
Case 10 WorldCom: The Definition of an Asset
Ethics and Professional Responsibility
Case 1 Enron: Independence
Case 2 Waste Management: Due Care
Case 3 WorldCom: Professional Responsibility
Case 4 Enron: Quality Assurance
Case 5 Sunbeam: Due Care
Case 6 The Fund of Funds: Independence
Case 7 Enron: Audit Documentation
4 Internal Control Systems: Control
Activity Cases
Case 1 The Fund of Funds: Valuation of Investments
Case 2 Enron: Presentation and Disclosure of Special-
Purpose Entities
Case 3 Sunbeam: Completeness of the Restructuring
Case 4 Qwest: Occurrence of Revenue
Case 5 Waste Management: Valuation of Fixed
Case 6 Qwest: Occurrence of Revenue
Fraud and Inherent Risk Assessment Cases
Case 1 Enron: Understanding the Client's Business
and Industry
Case 2 WorldCom: Significant Business
Case 3 Sunbeam: Incentives and Pressure to
Commit Fraud
Case 4 Qwest: Understanding the Client's Business
and Industry
Case 5 The Fund of Funds: Related Party
Case 1 Enron
Case 2 Waste Management
Case 3 WorldCom
Case 4 Sunbeam
Case 5 Qwest
Case 6 The Fund of Funds
The Demand for Audit & Assurance
Teklu K
1.Basic concepts of auditing
The word 'audit' comes from the Latin
‘audire’ meaning to hear
Auditing: A systematic process of
objectively accumulating and evaluating
evidence about quantifiable information,
processes, and activities for the purpose of
reporting on the degree of
correspondence between the actual
information and established criteria .
2. Features of Auditing
1. Systematic Approach: Auditing is purposeful and logical
and it is based on the disciplines of a structured approach
to decision making. It is not haphazard, unplanned or
unstructured. Based on prescribed methods
2. Obtaining and evaluating evidence: auditing involves a
process of obtaining and evaluating evidence that
ultimately guides the auditor’s decision. Evidence is any
information used by the auditor’s to determine
whether the information being audited is stated in
accordance with the established criteria.
3. Assertions about Economic actions and events: In any
audit engagement, an auditor is given financial
statements and other disclosures by management.
Through these reports the auditor obtains managements’
explicit assertions about economic events.
2. Features of Auditing
4. Ascertain the degree of correspondence between the
assertions and established criteria: The purpose of
obtaining and evaluating evidence is to ascertain the degree
of correspondence between the assertions and
established criteria.
5. Established criteria: In auditing the auditor checks
if financial statements are prepared in accordance
with some established and accepted criteria or
standard. The criteria usually used are called
Generally Accepted Accounting
6. Communicating the results: Auditors will
ultimately communicate their findings to interested
users through their final audit report.
2. Features of Auditing
7. Auditors’ independence: independence is the
keystone upon which the respect and dignity of a
profession is based. Independence implies that the
judgment of a person is not subordinate to the wishes
and directions of another person who might have
engaged him or to his own self interest
8. True and fair: the phrase ‘true and fair’ in the auditors’
report signifies that the auditor is required to express
as to whether the state of affairs and the results of
the entity as ascertained by him in the course of audit
are truly and fairly represented in the accounts under
2. Features of Auditing
9. Audit evidence: It is the information used by
the auditor in arriving at the conclusions on
which the auditor’s opinion is based. Audit
evidence includes both information contained
in the accounting records underlying the
financial statements and other information.
Audit evidence should be sufficient and
3. Demand for audit(Why Audit)?
 Legal and Contractual Requirements
 Covenant in debt agreements
 Credibility (Dependable financial information )
 Improving economy and efficiency
 Monitoring Device
 Modern Corporation Setup –
 Absentee Stockholders and professional
 Principal –Agent Relationships
 Lack on information symmetry(balance)
4. The Expectations from Auditors
Public expectations go further and include questions such
1. Is the company a going concern?
2. Is it free of fraud ?
3. Is it managed properly
4. Is there integrity in its database?
5. Do directors have proper and adequate information
to make decisions? ?
6. Are there adequate controls ?
7. What effect do the company’s products and by-
products have on the environment ?
5. Theories on the demand for auditing
 There are different theories that explain the
demand for audit Services.
 The four important audit theories that explain the
demand for audit services are as follows:

1. The policeman theory

2. The lending credibility theory
3. The theory of inspired confidence
4. Agency Theory
1. The policeman theory
 The policeman theory claims that the
auditor is responsible for searching,
discovering and preventing fraud.
 In the early 20th century this was certainly
the case.
 However, more recently the main focus of
auditors has been to provide reasonable
assurance and verify the truth and
fairness of the financial statements.
1.The policeman theory
The detection of fraud is, however, still a
hot topic in the debate on the auditor's
responsibilities, and typically after events
where financial statement frauds have been
revealed, the pressure increases on
increasing the responsibilities of auditors in
detecting fraud.
Discussion question
 Assume you are an independent auditor of XYZ company. During
the past three audits, you have repeatedly warned the top management
of the company about the serious weakness of internal control over
cash disbursements. However, management has not taken any
corrective action. Shortly after the audit, XYZ company learned that
two employees in its accounting department had been embezzling
money for the last two years. The embezzlement scheme involved
authorizing cash disbursement in various expense accounts and then
arranging to have the checks cashed. The management of XYZ
company has brought suit against you for the amount of its losses in
this cash fraud.
A-Suggest at least three arguments that you as an auditor can defend your self to
lessen or eliminate the liability.
B-What arguments might XYZ company advance to indicate that you were
negligent in failing to discover the embezzlement scheme?
C-Briefly describe the auditors’ responsibility for the detection of errors and
2. The lending credibility theory
 The lending credibility theory suggests that
the primary function of the audit is to add
credibility to the financial statements.
 In this view the service that the auditors are
selling to the clients is credibility.
 Audited financial statements are seen to
have elements that increase the financial
statement users’ confidence in the figures
presented by management.
3.The theory of inspired confidence or Theory of
rational expectations
 States that the demand for audit services is
the direct consequence of the
participation of third parties or outside
stakeholders in the company.
 S.H demand accountability from the
management, in return for their investments
in the company.
 Accountability is realized through the
issuance of periodic financial reports.
The theory of inspired confidence or
Theory of rational expectations

 Though, information provided by the

management could be biased due to
conflict of interest, and outside parties do
not have direct means of monitoring, an
audit is required to assure the reliability
of this information.
4. Agency theory
 The task of the management is to coordinate
these groups and contracts and try to
optimize them by way of:
 low price for purchased supplies,
 high price for sold goods,
 low interest rates for loans,
 high share prices and
Agency problem
Managers should make decision consistent
with the corporate objectives of
maximizing value of S.H wealth. But this
rarely occur.

When Managers make decision

inconsistent with the corporate objectives
of maximizing value of S.H wealth agency
problem will occur..
Reasons for agency problem
1. Divergence of owner ship and control.
Those who owns the company (SH) do not
manage it. Appoint agent (manager) on
their behalf.
2. The goal of managers differ from those
owners. Manager may work to maximize
its own wealth(value) rather than S.H
3. Asymmetry of information may exist
between managers and S.H
Reasons for agency problem
Managers run the firm on day –to –day
They have access to management
accounting data and financial reports
S.H receive only financial report which may
be manipulated by managers.
The above things show that managers can
work for their own interest instead of
organizational interest
Possible management goals
Growth/ maximizing the size of the co.

Increasing managerial powers

Retaining job security

Increasing managerial pay and rewards

Perusing their own social objective/ pet

Dealing with agency problem
Jensen and Meckling(1976) : There are
two ways to optimize the behavior
managers toward goal congruence b/n
share holders and managers.
1. Use of control devices
Audited financial statement
Additional reporting
Use of external analysts
Dealing with agency problem cont…
2.Incorporate clauses which encourage goal
congruence to managerial contract
Incentives : like
PRP: Performance related Pay, give incentives to
managers based on profit, EPS,Return on asset
employed, etc.
Stock option: Allow managers to buy some
stocks at fixed price over time. If they increase
value of stock, they will get benefit from it.
Formalize constraints
6. Evolution of Auditing
The development of auditing is closely linked
to the development of organized system of
In the early stages of civilization, the number
of transactions was so small that an individual
was able to record the transactions
With the growth of civilization and
consequential growth in volume and
complexities of transactions, it became
necessary to delegate the job of recording the
transactions to other persons.
6.Evolution of Auditing cont…
Early civilization
Government accounting records were approved
only after a public reading where the accounts
were read aloud.
The purpose of the public reading was to
determine whether persons in official
responsibility were acting in an honest manner.
It was limited to verification of cash receipts and
It was merely a cash audit.
6.Evolution of Auditing cont…
The industrial revolution:
As a result of the emergence of large
businesses, owners were forced to use
services of hired managers. (Separation of
owners and managers)
Owners needed auditors to protect
themselves from the danger of unintentional
errors and fraud committed by managers and
At this stage, audit was primarily concerned
with detection of fraud and error.
6.Evolution of Auditing cont…
Since the first half of the 20th century
Users of financial statements increased: (banks,
government, shareholder, etc.)
As a result, the purpose of auditing shifted from
detection of errors and fraud to determination
of the fairness of financial statements.
As large-scale corporate entities developed
rapidly in Great Britain and the United States,
auditors started to use various sampling
techniques in the auditing practice.
7.Types of Audits and Auditors
Types of Audits: There are different types of audits
conducted by different types of auditors. Such
difference is based : Nature, objective, criteria,
out come and users.
 Auditors perform different types of audits. Mainly
there are four types of audits:
1. Financial statement audit,
2. Operational/performance audit,
3. compliance audit and
4. forensic audit.
7.Types of Audits and Auditors
1. Financial statement audit:
 This type of audit is conducted to
determine whether the overall financial
statements such as income statement,
balance sheet, statements of retained
earnings and cash flow statements are
stated in conformity with generally
accepted accounting principles
 Therefore, the contribution of an
independent auditor is to give credibility to
financial statements.
7.Types of Audits and Auditors
2. Operational audit:
An operational audit is a review of any part of an
organization’s operating procedures and
methods for the purpose of evaluating
efficiency and effectiveness.
At the completion of an operational audit,
recommendations to the management for
improving operations are normally expected.
This audit is designed to measure the
performance of an organization, which can be
evaluated in terms of efficiency and

7. Types of Audits and Auditors
3. Compliance Audit:
This type of audit helps to determine whether the
auditee is following specific procedures or
rules set out by some higher authority such as
management, government, board of directors
The performance of compliance audit is
dependent upon the existence of verifiable data
and of recognized criteria or standards established
by an authoritative body. A familiar example is the
audit of an income tax return by an auditor of the
Inland Revenue Authority (IRA).
Types of Auditors
External Auditors
Internal Auditors
Government Auditors

External auditors
The auditor has no connection to the
organization being audited.
S/he conducts the audit on a fee basis.
S/he is primarily responsible to third party
such as creditors and shareholders.
The type of audit carried out by an
independent auditor is financial statement

Internal auditor
Internal auditors are employees of the
companies they audit.
S/he conducts the audit on a salary basis.
S/he is part of and primarily responsible to the
management of the organization.
The type of audit carried out by an internal
auditor is compliance audit and operational
Government Auditors
They are employed by various local, state,
and federal governmental agencies.
In our country, the auditors from the office
of Auditor General, the Audit Service
Corporation, and the Ministry of revenue
are government auditors.
The Office of Auditor General is
responsible for conducting financial
statement audit, compliance audit and
operational audit of various Federal
Government Offices.
Government Auditors Cont’d…
The Audit Service Corporation audits the
financial statements of the public enterprises.
The ERCA and the regional and state revenue
agencies are responsible for administering the
tax laws.
Thus, tax the auditors examine the tax returns
of the taxpayer to ensure that it is prepared in
accordance with the tax laws and regulations.
Case for class room discussion
 Assume Mrs.. LYSA, a general manager of LYSA research & Consultancy,
applied for a bank loan to Dashen bank and was informed by the loan
officer in the bank that audited financial statements of the business must
be submitted before the bank could consider the loan application. Mrs .
LYSA agreed with DAILLY, CPA, to perform an audit. Mrs. LYSA informed
Daily that audited financial statements were required by the bank and
that the audit must be completed within two weeks and Mrs. LYSA
promised to pay Daily a fixed fee plus a bonus if the audit is completed
within two months and the bank approved the loan. Daily, CPA agreed
and accepted the engagement. The CPA, Daily, hired two fresh
accounting graduates to conduct the audit and spent several hours telling
them exactly what to do and he told them not to spend time reviewing
internal control but instead, to concentrate on proving the mathematical
accuracy of the ledger accounts and summarizing the data in the
accounting records that support the company’s financial statements. The
Income statement & Cash flow audit was completed within two weeks
and Daily issued unqualified audit report.
 Instruction: Identify any five auditing principles that were violated By
Dailly and support your answer with justification
GAAS & Audit Report
Micro Link Mekele
Teklu K.
April 2018
Generally Accepted Auditing
Standards (GAAS)
Types of Audit Reports
Conditions for issuing different audit
Parts of audit report

AICPA has set ten Generally Accepted

Auditing Standards classified in to three
major groups as
1. General standards (3)

2, Field work standards (3) and

3. Reporting standards(4).
 General standards deals with personal
integrity and professional qualifications of
 Field work standards deals with
accumulation and evaluating evidence sufficient for
the auditors to express an opinion on the financial
 Reporting standards are about report on the
findings of the audit.
1.1.1 Technical Training and proficiency

 An audit examination should be

performed by a person or persons
having adequate technical training
and proficiency as an auditor.

 Independence: In all matters relating

to the assignment; independence is
to be maintained by the auditors.
1.1.2. Independence aspects
1. Financial independence: financial independence
relates to not having a financial interest in the
2. Independence in mental attitude: Independence
in appearance usede to achieve independence in
3. Investigative independence: this means that the
auditor has the time and resources to obtain
competent and sufficient audit evidence
4. Reporting independence: If an auditor is
accountable to report to the management, then the
auditor would not have reporting independence.
1.1.2.Independence aspects
 Independence may be addressed by:
 Prohibiting owners of accounting firms and their staff
from holding shares in, lending to, or otherwise having a
beneficial interest , either directly or indirectly in audit
 Prohibiting owners and their staff from receiving any
benefits from client organizations, other than through
the receiving of audit fees.
 Prohibiting owners and their staff from holding any
office, including the office of director, in client
 Prohibiting the undertaking of consulting work such as
taxation and corporate advising work for the existing audit
1.1.1.Due professional care
 Auditor is professionally responsible for
fulfilling his /her duties diligently and
Field work standards related to
accumulation and evaluating
evidence sufficient for the auditors to
express an opinion on the financial
statements are the following.
Adequate planning
Sufficient understanding of internal
control and
Sufficient and competent evidence.
1.2.1.Adequate planning and supervision
 The engagement shall be sufficiently planned
to ensure an adequate audit and adequate
supervision of assistants. .

 Supervision is essential in auditing because a

considerable portion of the field work is
done by less experienced staff members.
1.2.2.Sufficient understanding of internal control
 An excellent internal control structure
provides strong assurance that the client’s
records are dependable and that its
assets are protected.
 A proper understanding of the internal
control helps the auditor to determine the
appropriate amount and quality of
1.2.3.Sufficient and competent evidence
An auditors should gather sufficient and
competent evidence to have a basis for
expressing an opinion on the financial

The term sufficient refers to the quantity of

information to be gathered while competency
refers to the quality of evidences
 The ultimate objective of independent auditors is
to report on the findings of the audit.
The reporting is guided by the following
reporting standards of GAAS.
Generally accepted accounting principles
Adequate disclosure and
 Report content.
1.3.1.Generally accepted accounting
principles (GAAP)

 The report shall state whether the

financial statements are presented in
accordance with GAAPs.
 The report shall identify those
circumstances in which such principles
have not been consistently observed in
the current period in relation to the
preceding period.
1.3.3.Adequate disclosure and

1. Informative disclosures in the financial

statements are to be regarded as
reasonably adequate unless otherwise
stated in the report.
1.3.4.Report content.
The report shall either contain an
expression of opinion regarding the
financial statements, taken as a whole,
or an assertion to the effect that an
opinion can not be expressed.
2.Types of Audit reports
There are four types of audit reports that
might be issued by the auditors.
These are:
1. Unqualified opinion
2. Qualified opinion
3. Adverse opinion
4. Disclaimer opinion
2.1. Unqualified report
The most common type of audit report is
the standard unqualified audit report.
This report represents a “clean bill of
health” and may be issued when
There are no material departures from
When no conditions requiring
explanatory language exist.
2.1.Unqualified report
All statements- balance sheet, income
statement, statement of retained earnings and
cash flow statements are included in the
audited financial statements
When GAAS is applied in all respects of
the engagement.
No significant scope limitations preventing the
gathering of necessary evidence and :When
sufficient evidence has been accumulated
and the auditor has conducted the audit in
2.2. Qualified opinion
This type of opinion is still a positive
opinion that the presentation in the
financial statements, viewed as a whole is
fair and may result from limitations on the
scope of the audit or failure to follow
generally accepted accounting
2.2. Qualified opinion
Auditors may issue this type of opinion when:
They do not agree with the accounting
principles used in preparing financial statements
or the disclosures in FS are inadequate.
A change in accounting principles is not applied
properly as per GAAP and is not adequately
disclosed in the financial statements
There are limitations on scope of examination
There is major uncertainty affecting a client’s
2.2.Qualified opinion
The qualified opinion has a separate explanatory
paragraph before the opinion paragraph
disclosing the reasons for the qualification.

When ever the auditor issues a qualified report, he/she

must use the term except for in the opinion
paragraph. The implication is that the auditor is
satisfied that the overall financial statements are fairly
stated except for a particular aspect of them
2.3.Adverse opinion
This is a negative opinion, asserting that the
financial statements are not fairly presented.
It is issued when the exceptions to the
presentations in the financial statements are so
significant that a qualified opinion would be an
inadequate warning to the users of those
This is a stronger form of except-for opinion –
the disagreement is so material that the
financial statements as a whole are misleading.
2.3.Adverse opinion
This type of statement is used only when
the auditor believes the overall financial
statements are so materially or extremely
misstated or misleading that they do not
present fairly the financial position or results
of operations and cash flows in conformity
with generally accepted accounting
2.3.Adverse opinion
when the auditors express an adverse opinion; they
must have accumulated sufficient appropriate
evidence to support their unfavorable opinion.
Presumably creditors and stockholders would not
provide debt or equity capital to the client if the
auditor issues adverse opinion to the financial
statements of the client.
Thus, the client usually will make whatever changes
in the financial statements that the auditors require
in order to avoid receiving an adverse opinion.
2.3.Adverse opinion
The adverse opinion like the qualified
opinion has a separate explanatory
paragraph, before the opinion paragraph to
state the reasons for issuing an adverse
opinion and the principal effect of the
adverse opinion on the client’s financial
position and operating results.
In the opinion paragraph of adverse
opinion the auditors use the negative word
“do not present fairly”.
2.4.Disclaimer Opinion
This opinion is also called denial opinion.
disclaiming an opinion may arise under the
following conditions:
If there has been a severe scope limitation that
prevents the auditor from obtaining sufficient
and competent audit evidence;
If the auditor cannot satisfy him self or herself
by applying other procedures;
If the effect of the scope limitation is so
significant that the auditor can not form an
opinion as to the fairness of the financial
2.4.Disclaimer Opinion
A disclaimer is distinguished from an adverse
opinion in that it can arise only from a lack of
knowledge by the auditor, where as to express
an adverse opinion the auditor must have
knowledge that the financial statements are
not fairly stated.
2.4.Disclaimer Opinion
When the auditor expresses a disclaimer of
opinion, he/she has to make sure that the
following conditions are met:
 An introductory paragraph is modified
The scope paragraph is omitted-since the
auditor does not undertake auditing.
An explanatory paragraph is included after
introductory paragraph
A third paragraph contains a denial of
3.Components of audit report
Auditors issue different types of reports based on
their findings.
 One of the reports auditors issue is the standard
unqualified audit report. The standard audit report
(Unqualified) contains three paragraphs, namely
the introductory paragraph, the scope paragraph,
and the opinion paragraph.
Each part of the auditor report is significant in
terms of the information conveyed to the user and
the responsibility assumed by the auditor.
3. Components of audit report
 Standard unqualified report has seven
1. Report Title
2. Address.
3. Introductory paragraph
4. Scope paragraph
5.Opinion Paragraph
6.Name of the audit firm and signature
7.Date of audit report
3.1. Report Title
The auditing standard requires that the
report be titled and that the title include the
word Independent.
The appropriate title would be “Independent
auditor’s report, or Report of independent
auditors.” The requirement that the title
include the word “independent” is intended
to convey to users that the audit was
unbiased in all aspects of the engagement.
3.2. Address

The report is usually addressed to the

company, its stockholders or the board
of directors or combinations of these.
3.3. Introductory paragraph
This is the first paragraph of the audit report and it
does three things:
A. It makes the simple statement that the audit firm has
done an audit. This is intended to distinguish the
report from a compilation or review report.
B. It lists the financial statements that were audited,
including the balance sheet, income statement,
statement of retained earnings and cash flow
C. The introductory paragraph states that the statements
are the responsibility of management and that the
auditor’s responsibility is to express an opinion on
the financial statements based on an audit.
3.4. Scope paragraph
The scope paragraph describes what the
auditor has performed during the audit.
Specifically, it states
Whether the audit was conducted in
accordance with (GAAS).
It also states the GAAS requirement that an
audit was planned to provide reasonable
assurance that the financial statements are
free of material misstatement.
3.4 .Scope paragraph
The inclusion of the word “material” conveys
that auditors are responsible only to search for
significant misstatements; not minor errors
that do not affect users’ decisions.

The use of the term “reasonable assurance” is

intended to indicate that an audit provides a high
level of assurance, but it is not a guarantee.
3.4.Scope paragraph
The scope paragraph also discusses the audit
evidence accumulated and states that the
auditor believes the evidence accumulated was
appropriate for the circumstances to express
the opinion presented.
The word test-basis indicates that sampling
was used rather than an audit of every
transaction and amount on the statements.
3.5. Opinion Paragraph
This paragraph contains the auditor’s opinion on
whether the financial statements are in conformity
with GAAP.
It describes the auditor’s findings. These findings
are expressed in terms of whether the financial
statements are presented in accordance with
generally accepted accounting principles.
The audit report must contain either an
expression of opinion or an assertion to the
effect that an opinion can not be rendered and
the reasons for this.
3.6. Name of the audit firm and signature:
The name and the signature identify the audit
firm or practitioner that has performed the
audit. Typically, the firm’s name is used, since
the entire audit firm has the legal and
professional responsibility to make certain the
quality of the audit meets professional
3.7. Date of audit report
The appropriate date of the audit report is
the one on which the field work has been
This date is important because it represents
the time limit on the auditors’ responsibility.
The auditor does not have any responsibility
to make any enquiries after this date.

Teklu K
M.L Mekele
1. Objectives of Financial Statement audit
The objective of an ordinary audit is “to
express an opinion as to the fairness with
which the financial statements present fairly,
in all material respects, the financial
position, results of operations, and cash
flows, in conformity with generally accepted
accounting principles.”
2.Auditor’s Responsibilities
Auditors are responsible to provide an
opinion as to the fairness of the F/S.
These responsibilities include:
planning and performing the audit and
providing reasonable assurance that the
statements are free of material
Reporting on internal control weaknesses.
2.Auditor’s Responsibilities
Auditor are specially responsible to evaluate:
1. Going-Concern
2. Contingencies
3. Subsequent events
4. Significant Estimates
5. Adequacy of Disclosures
6. Management representations
Audit objectives
There are different kinds of audit
1.Transaction-Related Audit Objectives (6)

2.Balance-Related Audit Objectives(9)

1.Transaction-Related Audit Objectives
1. Existence

2. Completeness

3. Accuracy

4. Classification

5. Timing

6. Posting and summarization

2.Balance-Related Audit Objectives
1. Existence
2. Completeness
3. Accuracy
4. Classification
5. Cutoff
6. Detail tie-in
7. Realizable value
8. Rights and obligations
9. Presentation and disclosure
Transaction-Related Audit Objectives
1. Existence—recorded transactions exist;

2. Completeness—existing transactions are


3. Accuracy—recorded transactions are stated

at the correct amounts
Transaction-Related Audit Objectives
4. Classification—transactions included in the
client's journals are properly classified;

5. Timing—transactions are recorded on the

correct dates;

6. Posting and summarization —recorded

transactions are properly included in the
master files and are correctly summarized.
2. Balance-Related Audit Objectives
1. Existence—amounts included exist
2. Completeness—existing amounts are
3. Accuracy—amounts included are stated at
correct amounts
4. . Classification—amounts included in the
client's listing are properly classified
2. Balance-Related Audit Objectives
5. Cutoff—transactions near the balance sheet
date are recorded in the proper period
6. Detail tie-in —details in the account
balance agree with related master file
amounts, foot to the total in the account
balance, and agree with the total in the
general ledger
2. Balance-Related Audit Objectives
7. Realizable value —assets are included at the
amounts estimated to be realized
8. Rights and obligations
9.Presentation and disclosure —account
balances and related disclosure requirements
are properly presented in the financial


Teklu K
M.L Mekele
4.1. Audit evidence
Audit evidence is any information used
by the auditor to determine whether the
quantitative information being audited is
stated in accordance with the established
The information varies widely in the extent
to which it persuades the auditor whether the
financial statements are stated in accordance
with generally accepted accounting principles.
Audit evidence cont…
• Audit evidence includes all the things that
influence the auditor’s judgment in evaluating
whether the financial statements are in conformity with
• Audit evidence is any information or document
that confirms or rejects a premise (a statement
or hypothesis).
• Thus most of the auditor’s work involves obtaining and
evaluating evidences.
Audit evidence cont…
• What makes audit evidence competent and
• Competency of evidence is related to its quality
and reliability.
• Evidence is said to be competent if it is both valid
and relevant.
• The quality of audit evidence is affected by
1. the source of the audit evidence,
2. the strength of the client’s internal control and
3. the ability of the auditor to gather firsthand information.
Factors that affect The quality of audit evidence
1. The source of the audit evidence: Evidence
obtained from independent sources outside the client is
more reliable than evidences obtained from the
2. The strength of the client’s internal control: The
quality and reliability of audit evidence increases
if the client has strong internal control
3. The ability of the auditor to gather first hand
information: Information obtained by auditors
through personal observation, computation or
using other techniques increases the reliability of
audit evidence.
Characteristics of competent evidence
1. Relevance--to the audit objective that the auditor is testing;
2. Independence of the provider--information received from
outside the entity is presumed to be more reliable than from
inside the entity.
3. Effectiveness of the client's internal controls--evidence from
a client whose internal controls are effective is more trustworthy.
4. Auditor's direct knowledge--data or calculations prepared by
someone inside the organization will not be as reliable as data
computed or discovered by the auditor directly.
5. Qualifications of the individuals providing the
information--reliability of the information is enhanced if the
person providing it is qualified to do so.
6. Degree of objectivity--objective evidence is more reliable than
evidence that is subjective.
7. Timeliness--data that are timely for the purpose intended are
considered more reliable.
Sufficiency of Audit evidence
• Sufficiency of evidence relates to the quantity of
evidence auditors should obtain.
• Though the sufficiency audit evidence is determined
by the auditor’s professional judgment, factors such as
• competence,
• materiality and
• risk are the determinants of the sufficiency of audit evidence.
• In general, more evidences are needed for accounts
that are material to the financial statements than for
accounts that are immaterial. Similarly, more
evidences are normally required for accounts that are
likely to be misstated than for accounts that are likely
to be correct. But still, the amount of evidence that is
considered sufficient to support the auditor’s opinion
is a matter of professional judgment.
Sufficiency of Audit evidence
• The amount of evidence that is sufficient in a specific
situation varies inversely with the appropriateness of the
available evidence.
• Thus the more appropriate the evidence, the
less the amount of evidence that is needed to
support the auditor’s opinion.
• In short sufficiency and competency of audit
evidences are inversely related.
Reliability & source of audit evidence
One of the factors affecting the reliability of
the audit evidence is its source.
Evidence is classified as follows:
• Evidence originated by the auditor,
• Evidence created by the third party and
• Evidence created by the management of the
Reliability & source of audit evidence
• Evidence created by the auditor: this type of
evidence is exceptionally reliable since
there is little risk of being manipulated by
• Analytical review procedures,
• physical inspection or observation and
• Re measurement of performance of
calculations are some of the reliable
evidences that might obtained by the
Reliability & source of audit evidence
• Evidences obtained from third parties:
Evidences obtained from third parties
independent of the client are more reliable
than evidence produced by the client.
• Examples may include:
– confirmation letter obtained from the client’s customer,
– confirmation of bank balances,
– reports produced by specialists such as property
valuations and legal opinions,
– documents provided by the client which were issued by
third parties such as invoices.
Reliability & source of audit evidence
• Evidences originated from client’s management: this
type of evidence is less reliable than evidence
obtained from outside party.
• The degree of reliance to be placed on such
evidence depends on
– the reliability of the client,
– internal control and
– materiality of the item.
• Examples of such evidence includes the client’s
accounting records, supporting schedules,
and the clients oral explanations.
4.2. Types of audit evidence
• When conducting audits, auditors gather a
combination of many types of evidences.
• The auditor should consider whether the
conclusions drawn from different types of
evidences are consistent with one another.
• Audit evidence is a fundamental concept in
auditing and the major types of evidences
that are gathered during an audit are
classified as follows:
Types of audit evidence
1. Physical evidence
2. Documentary evidence
3. Accounting Records
4. Written Representations
5. Mathematical evidence
6. Oral evidence
7. Analytical procedures.
1.Physical evidence:
Physical evidence is obtained from the
physical examination or inspection of
tangible assets.
• This form of evidence is widely used by
auditors in the verification of tangible
asset balances.
• Physical evidence is obtained from the actual
physical examination of the resources.
1.Physical evidence
• This type of evidence provides the auditor with
direct personal knowledge of the existence of
an item.
• How ever, this type of evidence does not
establish the ownership or valuation of the
• Physical evidence is also helpful in determining
quality of the asset.
• The auditor should supplement the evidence
obtained through physical examination by other
types of evidence to determine ownership and
proper valuation.
2.Documentary evidence:
This type of evidence includes checks, invoices,
contracts, minutes of the meetings and
• Such documentation is contained in the client’s
files and is available to the auditor on request.
• The reliability of a document depends on
• the manner in which the document is
• the way it was obtained by the auditor and
• the nature of the document it self.
2.Documentary evidence
• Documentary evidence may be created
outside the client organization or within
• Externally created documents may be sent
directly to the auditor by third party; or such
documentation may be held by the client.
• Externally created documents are viewed
as the highly reliable since the client does
not have an opportunity to alter the
3. Accounting Records:
An amount appearing in financial statements may be verified
by tracing it back through ledger, journal, and source
• When record is monitored by good internal
control, it provides reliable support for financial
• When different persons maintain general ledger,
subsidiary ledgers and journal, reliability will be
• However, the auditor must be careful about
alteration or misstatements.
4. Written Representations:
A written representation is a signed statement by
responsible and knowledgeable individual about a
particular account, circumstances or events.
Written representations are a form of documentary
evidence which might originate from with in the
client’s organization or external sources.
• The auditor is required by GAAS to obtain certain
written representations and such representations are
designed to document management’s replies to
inquiries made by the auditor during the engagement.
• Management representations commonly presented in the form
of representation letter may reveal information not shown in
the accounting records such as existence of contingencies that
may require further investigation.
4. Written Representations:
• At the end of field work auditors obtain a written letter of
representations from the client, verifying oral representations falling
in to the following categories.
• All relevant records have been made available to the
auditors, financial statements are complete and
prepared in conformity with generally accepted
accounting principles and all items requiring
disclosures have been disclosed properly.
• Auditors may also request written representations from out side
• An auditor is not expected to possess expertise of lawyers
in evaluating litigation pending against the client or
geologist in estimating the quantity of a mineral oil.
• When an auditor needs such evidence, they can use the
work of a specialist (lawyer or geologist) to obtain
competent evidential matter.
5. Mathematical evidence:
 This type of evidence is results from the auditor’s
computations or re-computations.
 Computations provide reliable evidence relevant
to the auditor objectives of clerical accuracy and
• Mathematical evidence may result from such
routine tasks as checking the footings of
journals and ledgers, or from complicated
calculations pertaining to pension plans and
earnings per share data.
6. Oral Evidence:
 Through out their examination the auditors will
ask a great many questions to the officers and
employees of the client’s organization.
• The answers to the auditors’ questions represent
another type of oral evidence.
• Generally oral evidence is not sufficient in it self,
but it may be useful in disclosing situations that
require investigation or in corroborating other
forms of evidence.
• Oral evidence serves the same audit objective as
written representation
7. Analytical evidence:
 These are used to establish reliability of
information by analyzing relationships
among financial and other information.
• It involves determining an expected or desired
balance and determining the tolerance level.
• This type of audit evidence involves the use of
ratios and comparisons of the client data with
industry trends, general economic conditions,
and prior or expected company results.
7. Analytical evidence:
• Analytical evidence provides a basis for supporting an inference
on the fairness of a specific financial statement item or
• Analytical evidence relates primarily to the
existence, completeness and valuation audit
• This type of evidence may help to understand
client’s strength and weakness in comparison to
similar companies.
• However, auditors must be careful of
comparability such as size, accounting methods adopted
and other business issues
Audit documentation &working papers
Audit Working papers refer to the papers
prepared by the auditor for audit work as well
as the documents, statements, and recorded
information obtained by the auditor from his
client and others connected with the business.
The documentation of audit evidence is
provided in working papers.
Working papers are kept by the auditor’s about
 the procedures applied,
 the tests performed,
the information obtained, and
The conclusions reached in the audit.
Audit working papers
The audit documentation is the auditor's
evidence that the audit conforms to
Generally Accepted Audit Standards.
Audit documentation is the property of
the auditor and is retained by the auditing
firm at the conclusion of the audit.
Audit working papers
Working papers are the written private
materials which an auditor prepares for each
Working papers provide basic evidence of
how the audit was conducted and helps the
auditor in writing the report.
Working papers are the connecting links
between the client’s accounting records and
the auditor’s report.
Functions of working papers
Audit working papers assist auditors in several ways
1. It helps to coordinate audit work.
2. It helps the seniors in supervising and receiving
the work of assistants.
3. It supports the audit report.
4. It helps the auditor to show his client the
weakness of the internal control system
5. It is a permanent record and is used as a defense in
case of any suit against him for negligence.
6. It helps for planning and conducting the next
7. It serves as an evidence to show that the audit
was made in accordance with GAAS.
Contents of working papers
Working papers normally include:
1. The audit plan and programs
2. Copies of the documents received
3. Schedules of receivables and payables, fixed
assets and investments
4. Copies of any correspondences concerning the
audit work
5. Contract letter from the client
6. Particulars of depreciation
Contents of working papers
7. Copies of the previous audit reports
8. Copies of the resolution passed in the meetings of
directors and shareholders.
9. Certificates of management assertions.
10. Details of the questions made during the course of
audit and their explanations given
12. Understanding of the client’s internal control
13. Recommended journal entries necessary to correct
the accounts
14. Other necessary documents received for the conduct
of the audit work.
Ownership of working papers
The audit working papers being the matters
documented and prepared by the auditors are the
property of the auditors, not of the client.
 The client doesn’t have the right to demand
access to the auditor’s working papers.
After the audit, the working papers are retained
by the auditors and the custody of working
papers rests with the auditor, and the auditor is
responsible for their safe keeping.
Ownership of working papers
To conduct the satisfactory audit, the auditors
must be given unrestricted access to all
information about the client’s business.
Much of this information is confidential in nature.
The information obtained and documented
through the working papers may be confidential
and hence working papers them selves are
confidential in nature.
 Hence auditors shall not disclose any confidential
information obtained in the course of a professional
engagement except with the consent of the client law.
Teklu K
M.L Mekele
5.5. Audit planning and its essentials
• Audit Planning means to think in advance before
work is performed.
• It involves making decisions about the work to be carried
• Audit planning requires making decisions about
whether to accept a client for audit in the first
place and this is called pre-engagement planning.
• Once the engagement is accepted, audit planning
involves making decision about specific steps that help
determine an over all audit strategy and this is called
engagement planning.
Audit planning and its essentials
• Adequate planning and supervision is the first and the important
auditing standards of field work.
• An audit plan is a broad overview of an audit engagement
prepared in the planning stage of the engagement.
• The first standard of field work states: “The work is to
be adequately planned and assistants, if any, are to be
properly supervised.”
• The concept of adequate planning includes investigating a
client before deciding whether to accept the engagement,
obtaining an understanding of the client’s business
operations, and developing an over all strategy to organize,
coordinate and schedule the activities of the audit staff.
• Q. why adequate audit planning is essential?.
Audit planning and its essentials
Accepting the Audit Engagement
• This is the first phase in the audit panning and it involves a
decision to accept or decline the opportunity to become the
auditor for the new client or to continue as an auditor for an
existing clients.
• The auditors should investigate the history of the prospective
client, including such matters as the identities and reputations
of the directors, officers and major shareholders, its financial
• The auditor can find the information about the client by
communicating with predecessor auditors, making enquiries
of other third parties and consulting the client’s legal cause.
• Thus a decision to accept the audit engagement should not be
taken lightly as it has a bearing on the quality of the audit.
Audit planning and its essentials
The following steps should be considered in
accepting the audit engagement. These are:
1. Evaluate the integrity of management
2. Identify special circumstances and unusual risks
3. Competence to perform the audit
4. Evaluate Independence
5. Obtaining the Engagement
6. Obtaining an understanding of the clients’
7. Developing an over all audit strategy
8. Designing Audit program
Audit planning and its essentials
Engagement letter: it is a formal letter sent
by the auditor to the client at the beginning of an
engagement. The letter normally includes the
following matters:
• Scope- a description of the services to be
provided, particularly whether there is to be an
audit in accordance with generally accepted
auditing standards or a more limited accounting
services are to be provided, and whether additional
services are to be provided such as preparation of
the tax returns or tax planning.
Audit planning and its essentials
• Responsibility-an explanation of the relative
responsibilities of management and the auditor for
assuring that financial statements are with all material
respects, in conformity with generally accepted
accounting principles and other matters that often
raise questions of responsibility such as fraud, illegal
acts, deficiencies in the design or operation of the
internal control structure and related party
• Procedural arrangements-this is a specification of
the schedules to be prepared by the client, the method
and frequency of billing the auditor’s fee and similar
matters are included.
Reasons for Audit planning
Auditors have to plan their audit work carefully before simply entering
in to it. Audit panning is required because it helps the auditors:
1. To weight the risks and rewards of taking on a new client in the
case of pre-engagement planning
2. To obtain knowledge of the nature of the client’s business
so that appropriate attention is devoted to important areas of the
3. To identify the potential problems in advance and deal with
them effectively.
4. To ensure that sufficient and competent evidence is
5. To complete the work quickly by controlling costs and to meet
important dead lines
6. To properly assign work to assistants and coordinate work
carried out by other auditors and experts.
Components of typical audit plan
 Although the audit plan differs in form and content among public accounting firms, a
typical audit plan includes the following:
1. Accept client and perform initial audit planning.
2. Understand the client’s business and industry
3. Assess client business risk.
4. Set materiality and assess acceptable audit risk and inherent risk.
5. Understand internal control and assess control risk.
6. Gather information to assess fraud risks.
7. Develop overall audit plan and audit program
8. Timing and scheduling of the audit work
9. Work to be done by the client’s staff
10. Staffing requirement during the engagement
11. Target dates for completing major segments of the engagement
12. Any special problems to be resolved in the course of the engagement
13. Preliminary judgments about materiality level for the engagement.
1. Make client acceptance decisions and
perform initial audit planning.
Initial Audit Planning
 Client acceptance and continuance
 Identify client’s reasons for audit
 Obtain an understanding with the
 Develop overall audit strategy
2. Understanding of the Client’s
Business and Industry
• Factors that have increased the
importance of understanding the client’s
business and industry:
1. Information technology
2. Global operations
3. Human capital
Understanding of the Client’s Business and Industry

Understand client’s business and industry

Industry and external environment

Business operations and processes

Management and governance

Objectives and strategies

Measurement and performance

Industry and External Environment
• Reasons for obtaining an understanding of the
client’s industry and external environment:
1. Risks associated with specific industries
2.Inherent risks common to all clients in
certain industries
3.Unique accounting requirements
Business Operations and Processes
• Factors the auditor should understand:
Major sources of revenue
 Key customers and suppliers
 Sources of financing
 Information about related parties
Tour the Plant and Offices
• By viewing the physical facilities, the auditor
can asses physical safeguards over assets and
interpret accounting data related to assets.
Identify Related Parties
• A related party is defined as an affiliated
company, a principal owner of the client
company, or any other party with which the
client deals, where one of the parties can
influence the management or policies of the
Management and Governance
• Management establishes the strategies and
processes followed by the client’s business.
• Governance includes the client’s
organizational structure, as well as the
activities of the board of directors and the
audit committee.
• Corporate charter and bylaws
• Code of ethics
• Meeting minutes
Client Objectives and Strategies
• Strategies are approaches followed by the
entity to achieve organizational objectives.
• Auditors should understand client
• objectives.
• Financial reporting reliability
• Effectiveness and efficiency of
• Compliance with laws and regulations
Measurement and Performance
• The client’s performance measurement system
includes key performance indicators.
• Examples:
 market share
 sales per employee
 unit sales growth
 web sit visitors
 same-store sales
 sales/square foot
• Performance measurement includes ratio analysis and
benchmarking against key competitors.
Assess Client Business Risk
Client business risk is the risk that the
client will fail to achieve its objectives.
What is the auditor’s primary concern?
Material misstatements in the financial
statements due to client business risk.
Client’s Business, Risk, and
Risk of Material Misstatement
Industry and external environment
Understand client’s
business and industry
Business operations and processes

Management and governance

Assess client business
Objectives and strategies

Assess risk of material Measurement and performance

Preliminary Analytical Procedures
• Comparison of client ratios to industry or
competitor benchmarks provides an
indication of the company’s performance.
• Preliminary tests can reveal unusual changes
in ratios.
Examples of Planning Analytical
Selected Ratios Client Industry
Short-term debt-paying ability:
Current ratio 3.86 5.20
Liquidity activity ratio:
Inventory turnover 3.36 5.20
Ability to meet long-term obligations:
Debt to equity 1.73 2.51
Profitability ratio:
Profit margin 0.05 0.07
Analytical Procedures
1. Required in the planning phase
2. Often done during the testing phase
3. Required during the completion phase
Five Types of Analytical Procedures
Compare client data with:

1. Industry data
2. Similar prior-period data
3. Client-determined expected results
4. Auditor-determined expected results
5. Expected results using nonfinancial data.
Compare Client and Industry Data

Client Industry
2009 2008 2009 2008
Inventory turnover 3.4 3.5 3.9 3.4
Gross margin 26.3% 26.4% 27.3% 26.2%
Compare Client Data with Similar Prior Period Data

2009 2008
(000) % of (000) % of
Prelim. Net sales Prelim. Net sales

Net sales $143,086 100.0 $131,226 100.0

Cost of goods sold 103,241 72.1 94,876 72.3
Gross profit $ 39,845 27.9 $ 36,350 27.7
Selling expense 14,810 10.3 12,899 9.8
Administrative expense 17,665 12.4 16,757 12.8
Other 1,689 1.2 2,035 1.6
Earnings before taxes $ 5,681 4.0 $ 4,659 3.5
Income taxes 1,747 1.2 1,465 1.1
Net income $ 3,934 2.8 $ 3,194 2.4
Common Financial Ratios

 Short-term debt-paying ability

 Liquidity activity ratios

 Ability to meet long-term debt obligations

 Profitability ratios
Short-term Debt-paying Ability

(Cash + Marketable securities)

Cash ratio =
Current liabilities

(Cash + Marketable securities

Quick ratio = + Net accounts receivable)
Current liabilities

Current assets
Current ratio =
Current liabilities
Liquidity Activity Ratios

Accounts receivable Net sales

turnover Average gross receivables
Days to collect 365 days
receivable Accounts receivable turnover
Inventory Cost of goods sold
turnover Average inventory
Days to sell 365 days
inventory Inventory turnover
Ability to Meet Long-term Debt
Total liabilities
Debt to equity =
Total equity

Times interest Operating income

earned Interest expense
Profitability Ratios

Earnings Net income

per share Average common shares outstanding

Gross profit (Net sales – Cost of goods sold)

percent Net sales

Operating income
Profit margin =
Net sales
Profitability Ratios

Return on Income before taxes

assets Average total assets

Return on (Income before taxes

common = – Preferred dividends)
equity Average stockholders’ equity

Teklu K
M.L Mekele
Materiality and Audit risk
The term materiality is used both often and loosely
in accounting and auditing.
The underlying concept is always essentially the
same- it is the criterion for distinguishing the trivial from
the important.
 It refers to the magnitude of an omission or
misstatement of accounting information that
makes it probable that the judgment of a
reasonable person relying on the information
would have been changed or influenced by the
omission or misstatement.
Materiality and Audit risk
Audit risk is the risk that the auditor may unknowingly fail to
appropriately modify his/her opinion on financial statements
that are materially misstated.
This means that the auditor will fail to qualify an
audit report that he should have qualified
There is always the risk that an auditor provides a
wrong audit opinion.
This arises when there is a material error in the
financial statements, which was not corrected
before the accounts were published and to which
the auditor did not refer in the audit report.
Materiality and Audit risk
Audit risk is composed of inherent risk, control
risk and detection risk
• Inherent risk: refers to the possibility of a material
misstatement occurring in an account assuming that there
are no related internal controls.
• Inherent risk exists independently of the audit of
financial statements.
• Thus the auditor cannot change the actual
level of inherent risk.
• However, the auditor can change the assessed
level of inherent risk.
Materiality and Audit risk
Control risk: is the risk that a material misstatement will
not be prevented or detected on a timely basis by the
company’s internal control.
• Effective internal controls over an assertion
reduce control risk.
• Control risk can never be zero because internal
controls cannot provide complete assurance that
all material misstatements will be prevented or
• Like inherent risk, the auditor cannot change
the actual level of control risk for an assertion.
Materiality and Audit risk
• Detection risk: is the risk that the auditor’s procedures will
lead them to conclude that a material misstatement does not
exist in an account balance, when in fact the account is
materially misstated.
• Detection risk is a function of the effectiveness of
auditing procedures and of their application by the
• Unlike inherent and control risk, the auditor can change
the actual level of detection risk by varying the nature,
timing and extent of substantive tests performed on
• Applying more effective audit procedures, use of larger
samples, adequate planning and adherence to quality
control standards result in lower levels of detection risk.
Materiality and Audit risk
• Note that while the detection risk related directly to
the effectiveness of the auditor’s procedures, inherent
risk and control risk are functions of the client and its
• In planning the audit the auditors must assess the
extent of inherent risk and control risk for each
material financial statement account and then plan
sufficient audit procedures to reduce detection risk to
the appropriate level.
• The lower the assessment of inherent and control
risks, the higher is the acceptable level of detection
risk. Thus the auditor controls the audit risk by
adjusting detection risk according to the assessed
levels of the inherent and control risks.

Teklu K
Meaning and objectives of ICS
Accounting and administrative controls.
Categories of IC System
The control process
Importance of IC
Basic Internal Control Structure
Limitations of IC
Evaluating IC
 Any organization wishing to conduct its business
in an organized and efficient manner and to
produce reliable financial accounting
information, both for its own and for others’ use
needs some controls to minimize the effects of
the endemic human failings(with the best
intentions or an intentional falsification).

1.What is It?
An internal control system encompasses the
policies, processes, tasks, behaviors and
other aspects of a company that, taken
together to facilitate its effective and efficient
operation by enabling it to respond appropriately to
significant business, operational, financial,
compliance and other risks to achieving the
company’s objectives 176
1.What is It?* COSO
Internal control is ‘a process, effected by an
entity’s board of directors, management, and
other personnel, designed to provide
reasonable assurance regarding the
achievement of objectives in the following
Effectiveness and efficiency of operations
Reliability of financial reporting
 Compliance with applicable laws and
regulations’. (COSO)
* Committee of Sponsoring Organizations of177
the Tread way Commission
1.What is It?
Internal control is is an activity what we do to
see that the things we want to happen will
happen …

 Andthe things we don’t want to happen

won’t happen.
1.What is It?
Internal Controls Are Common Sense
What do you worry
about going wrong?

What steps have been taken

to assure it doesn’t?

How do you know

things are under control?

1.What is it?
 Internal control is a process; it is a means
to an end, not an end itself.
 Internal control is effected by people; it’s
not merely policy manuals and forms but
done by people at every level of an
 Internal control can be expected to only
provide reasonable assurance, not
absolute assurance
2.Objectives of IC
Internal control is geared to the achievement of
objectives in one or more separate overlapping
categories. Objectives fall into four categories:
1. Operations – relating to effective and efficient
use of the entity’s resources
2. Financial reporting – relating preparation of
reliable published financial statements
3. Compliance – relating to the entity’s
compliance with applicable laws and
regulations; and
4. Safeguarding of assets
3.Components of internal control
ICS contains accounting and administrative
The internal accounting controls’, are designed,
in particular, to ensure that transactions which
give rise to the accounting data are;
1. properly recorded; that is, all relevant details of
transactions are recorded at the time the
transactions take place;
2. properly authorized; that is, all transactions are
authorized by a person with the requisite
2.Components of internal control
3. valid; that is, transactions recorded in the
accounting system represent genuine exchanges
with legitimate parties:
4. complete; that is, all genuine transactions are
input to the accounting system; none are
5. properly valued; that is, transactions are
recorded in the correct accounts;
6. Properly classified; that is, transactions are
recorded in the correct accounts;
7. Recorded in the correct accounting period
3.Categories of IC System
Preventive control: Prevent some thing bad
from happening

Detective Control : Detect problems that

passed through preventive control

Corrective control: aimed at correcting

problems detected by detective control
4.Common IC in our personal life
Lock-up valuable belongings
Keep copies of your tax returns,
Registration slip
Balance your checkbook
Keep your ATM/debit card PIN number
separate from your card
Lock-up your computer with pass word

5.Risks of Weak Internal Controls
 Weak Internal Controls Increase Risk
 Business Interruption
system breakdowns or catastrophes, excessive re-
work to correct for errors.
 Erroneous Management Decisions
based on erroneous, inadequate or misleading
 Fraud, Embezzlement and Theft
by management, employees, customers, vendors,
or the public-at-large.
 Statutory Sanctions
Penalties arising from failure to comply
with regulatory requirements, as well
as overt violations.
 Excessive Costs/Deficient Revenues
Expenses which could have been
avoided, as well as loss of revenues to
which the organization is entitled.

 Loss,Misuse or Destruction of Assets

Unintentional loss of physical assets
such as cash, inventory, and
equipment. 187
6.Benefits of Strong Internal Controls
 Reducing and preventing errors in a
cost- effective manner.
 Ensuring priority issues are identified and
 Protecting employees & resources.
 Providing appropriate checks and
 Having more efficient audits, resulting in
shorter timelines, less testing, and fewer
demands on staff.
 Contribute to the effectiveness of control
system 188
7.Effective Internal Controls
 Make sense within each organization’s
unique operating environment.

 Benefit rather than encumber(hinder)


 Are not stand-alone practices; they are

woven into day-to-day responsibilities.

 Are cost-effective.

8. Basic Internal Control Structure
The most widely accepted internal control
framework in the United States, describes
internal control as consisting of five
components that management designs and
implements to provide reasonable assurance
that its control objectives will be met.
Each component contains many controls, but
auditors concentrate on those designed to prevent
or detect material misstatements in the financial

8.Internal control components
The internal control components include
the following
1. Control environment
2. Risk assessment
3. Control activities
4. Information and communication
systems support
5. Monitoring
Five Inter-Related Standards: COSO’S



Information &
Communication Control

1. Control Environment
 Foundation for all other standards of internal
 Pervasive influence on all the decisions and
activities of an organization.
 Effective organizations set a positive “tone
at the top”.
 Factors include the integrity, ethical values
and competence of employees, and,
management’s philosophy & operating style
 The control environment serves as the umbrella
for the other four components.
The Control Environment
The control environment consists of the actions, policies,
and procedures that reflect the overall attitudes of top
management, directors, and owners of an entity about
internal control and its importance to the entity.
 To understand and assess the control environment, auditors
should consider the most important control
subcomponents, which are:
1. Integrity and Ethical Values
2. Commitment to competence
3. Board of Directors
4. Audit Committee Participation
5. The audit committee’s independence
6. Organizational Structure
7. Human resource polices and practices
2. Risk Assessment
 Risks are internal & external events (economic
conditions, staffing changes, new systems,
regulatory changes, natural disasters, etc.) that
threaten the accomplishment of objectives.

 Risk assessment is the process of identifying,

evaluating, and deciding how to manage these
 What is the likelihood of the event occurring? What
would be the impact if it were to occur? What can
we do to prevent or reduce the risk?

3. Control Activities
 Tools - policies, procedures, processes -
designed and implemented to help ensure
that management directives are carried out.
 Help prevent or reduce the risks that can
impede the accomplishment of objectives.
 Occur throughout the organization, at all
levels, and in all functions.
 Includes approvals, authorizations,
verifications, reconciliations, security of
assets, reviews of operating performance,
and segregation of duties.
4. Communication & Information
 Pertinent information must be
captured, identified and communicated
on a timely basis.

 Effective information and

communication systems enable the
organization’s people to exchange the
information needed to conduct,
manage, and control its operations.
5. Monitoring
 Internal control systems must be monitored
to assess their effectiveness… Are they
operating as intended?

 Ongoing monitoring is necessary to react

dynamically to changing conditions…Have
controls become outdated, redundant, or
 Monitoring occurs in the course of everyday
operations, it includes regular management &
supervisory activities and other actions
personnel take in performing their duties.
9. Key I C

1. Separation of Duties
 Divide responsibilities between
different employees so one individual
doesn’t control all aspects of a
 Reduce the opportunity for an
employee to commit and conceal
errors (intentional or unintentional) or
perpetrate fraud.

Adequate Separation of Duties

Custody of assets Accounting

Authorization The custody of

of transactions related assets

Operational Record-keeping
responsibility responsibility

IT duties User departments

2. Documentation
Document & preserve evidence to
 Critical decisions and significant events
typically involving the use, commitment, or
transfer of resources.
 Transactions…enables a transaction to be
traced from its inception to completion.
 Policies & Procedures…documents which set
forth the fundamental principles and
methods that employees rely on to do their
jobs. 202
Adequate Documents and Records

Prenumbered consecutively

Prepared at the time of transaction

Simple enough to ensure understanding

Designed for multiple use

Constructed to encourage correct preparation
3. Authorization & Approvals
 Management documents and
communicates which activities require
approval, and by whom, based on the
level of risk to the organization.
 Ensure that transactions are approved
and executed only by employees acting
within the scope of their authority
granted by management.

Proper Authorization of Transactions
and Activities

General authorization

Specific authorization

4. Security of Assets
 Secure and restrict access to equipment,
cash, inventory, confidential information,
etc. to reduce the risk of loss or
unauthorized use.
 Perform periodic physical inventories to
verify existence, quantities, location,
condition, and utilization.
 Base the level of security on the vulnerability
of items being secured, the likelihood of
loss, and the potential impact should a loss
Physical Control over Assets
and Records

The most important type of protective

measure for safeguarding assets and
records is the use of physical precautions.

5. Reconciliation & Review
 Examine transactions, information, and
events to verify accuracy, completeness,
appropriateness, and compliance.
 Base level of review on materiality, risk, and
overall importance to organization’s
 Ensure frequency is adequate enough to
detect and act upon questionable activities in
a timely manner.

Independent Checks on Performance

The need for independent checks arises

because internal control tends to change
over time unless there is a mechanism
for frequent review.

6. Information and Communication

The purpose of an accounting information

and communication system is to…

initiate, record, process, and report

the entity’s transactions and to maintain
accountability for the related assets.

10. Limitations of IC
Internal control; no matter how well designed,
implemented and conducted, can provide only
reasonable assurance to management and the
board of directors of the achievement of an
entity’s objectives.
In considering limitations of internal control, two
distinct concepts must be recognized.
 The first set of limitations acknowledges that
certain events or conditions are simply beyond
management’s control.
10.Limitations of IC
The second acknowledges that no system
of internal control will always do what it is
designed to do.
 The best that can be expected in any
system of internal control is that
reasonable assurance be obtained
The effectiveness of internal control is
limited by the realities of human weakness
in the making of business decisions.
10.Limitations of IC
Internal control may not result in the
intended objectives due to:

Human judgment;

External events;

Management override; and

10. Limitations of IC
Human judgment:
 Some decisions based on human
judgment may lacks clarity & found to
produce less than desirable results, and
may need to be changed.
External events
For objectives relating to the effectiveness
and efficiency of an entity’s operations
achieving its mission, value propositions
(e.g., productivity, quality, and customer
service), profitability goals, and the like—
internal control cannot provide reasonable
assurance of the achievement when
external events may have a significant
impact on the achievement of objectives
and the impact cannot be mitigated to an
acceptable level.
Management override:
The term “management override” is used
here to mean overruling prescribed
policies or procedures for illegitimate
purposes with the intent of personal gain
or an enhanced presentation of an entity’s
performance or compliance. Examples
Increase reported revenue to cover an
unanticipated decrease in market share
Management override:
Enhance reported earnings to meet
unrealistic budgets
Boost the market value of the entity prior
to a public offering or sale
Meet sales or earnings projections to
encourage bonus payouts tied to
Appear to cover violations of debt
covenant agreements
Hide lack of compliance with legal
Individuals acting collectively to commit
and conceal an action from detection often
can alter financial or other management
information so that it cannot be detected or
prevented by the system of internal control
Collusion can occur, for example, between an
employee who performs controls and a
Limitations of IC
 Staff size limitations may obstruct efforts to properly
segregate duties, which requires the implementation
of compensating controls to ensure that objectives
are achieved.
 A limited inherent in any system is the element of
human error, misunderstandings, fatigue/low
energy and stress.
 Employees are to be encouraged to take earned
vacation time in order to improve operations by
enabling employees to overcome or avoid stress and
11.Evaluating IC
Evaluating and improving internal control
are among the core competencies of many
professional accountants
Professional accountants can play a leading
role in ensuring that internal control forms
an important part of an organization’s
governance system and risk management.
IFAC(International Federation of Accountants)
provides the following key principles for
evaluating and improving IC
11.Evaluating IC
The organization should make internal control
part of risk management and integrate both in
its overall governance system.
The organization should determine the various
roles and responsibilities with respect to internal
control, including the governing body,
management at all levels, employees, and
internal and external assurance providers, as well
as coordinate the collaboration among
11.Evaluating IC
The governing body and management should foster
an organizational culture that motivates members
of the organization to act in line with risk
management strategy and policies on internal
The governing body and management should link
achievement of the organization’s internal control
objectives to individual performance objectives
The governing body, management, and other
participants in the organization’s governance system
should be sufficiently competent to fulfill the
internal control responsibilities associated with
their roles
11.Evaluating IC
Controls should always be designed, implemented,
and applied as a response to specific risks and their
causes and consequences
Management should ensure that regular
communication regarding the internal control
system, as well as the outcomes, takes place at all
levels within the organization
Both individual controls as well as the internal
control system as a whole should be regularly
monitored and evaluated.
The governing body, together with management,
should periodically report to stakeholders the
organization’s risk profile