ICPAK

QUALITY ASSURANCE VS. AUDIT:

What are the differences?
Presentation by: KIMEU, J Musyoki

Hilton Hotel, Nairobi, KENYA

Thursday 2nd October, 2014
Introduction

Background
 MBA (For Executives)
 BCom. (Hons)
 CISA
 CPAK
 FCCA
CPA KIMEU, J. Musyoki
 Over 16 years experience in Risk MD/Lead Consultant:
GAMAX Ltd
Management, Audit, Consultancy in +254 722 607157
Risk, Internal Controls, IT Audits and Jones_kimeu@yahoo.com

Corporate Governance

2
CONTENT

• Introduction
• Quality Assurance
• Quality Control
• Audit {Introduction, The Audit Process and Benefits
and limitations}
• Differences & Benefits
• Recap

Slide 3
QUALITY ASSURANCE (QA)

DEF.
• It is a process based approach whose prime objective
is to prevent defects in deliverables in the planning
process itself to avoid the rework, which costs a lot.

• It is a proactive process, and it starts at the very

beginning of the project to understand the product’s
stated and non-stated requirements and expectations,
and then develop the plan to meet these requirements
and expectations.
 ASSURANCE

Assurance has been defined by the American Institute of

Certified Public Accountants (AICPA) as 'Independent
Professional Services that improve information quality or
its context'.

Such services are very broad and could include

assessments of internet security and quality of health
facilities.
 QUALITY ASSUARANCE VS. AUDIT

The concepts of QA and Audits are two distinct ideas

that serve the same purpose:
 improving quality,
 consistency and
 reliability in operations.
 QA is more of an abstract concept, which can be
manifested through a number of operational policies and
systems. It is a process used to create the deliverables, and
can be performed by a manager, client, or even a third-party
reviewer {Eg. process checklists, project audits and
methodology and standards development}.
 QUALITY ASSUARANCE VS. AUDIT

 Audits are more specific. They are systematic,

disciplined approach to evaluate and improve the
effectiveness of risk management, control, and
governance processes {investigations of a specific area
of operations}.

 Audit involves performing assurance and consulting

activities designed to evaluate and improve the
effectiveness of the entity’s governance, risk
management and internal control processes.
 QUALITY ASSUARANCE

 QA techniques monitor operations and test outputs to

ensure consistent quality by identifying errors and
opportunities to improve.

 Some companies devote an entire department to quality

assurance, while others designate a quality assurance
manager to oversee a smaller program.

 It may be a part of everyone's job in some companies,

while it is distinctly separated in others.
 QUALITY ASSUARANCE

 QA initiatives can take a variety of forms, for instance;

 Randomly checking products coming off an
assembly line is an example of a quality assurance
effort; and
 Creating reports on trends in customer service
complaints for operations managers.
 helps an organization accomplish its objectives by
bringing a
 AUDIT BASICS

 Audits dig deep into all aspects of a specific facet of

company operations.

 Financial audits, for example, review accounting

systems and financial reporting systems by digging into
financial records such as cash register tapes, canceled
checks and bank deposit receipts. Companies can
perform their own internal audits to enjoy full control
over the audit process, or they can choose to contract
with third-party auditing specialists to uncover issues
the company may have missed in its own investigations.
 QA AUDITS

• QA audits review the official lines of authority put in

place to drive Q/A initiatives, the systems put in place to
continually drive product quality higher and the
monitoring systems used to review the effectiveness of
Q/A efforts.

• The main task of Q/A audits is to judge how effective a

Q/A program is at identifying and reducing mistakes and
to provide guidance for improving Q/A efforts.
 TOTAL QUALITY MANAGEMENT (TQM)

• This takes a comprehensive approach to quality

assurance, addressing the full range of factors that go
into final product quality rather than simply recording
and analyzing errors to develop quality performance
metrics.

• It can be compared to a continual quality assurance

audit, because TQM requires a rigorous and
continual review of factors such as;
• Communication and Ethics,
• Trust and Teamwork, which ultimately contribute to high
product and service quality.
COMPARISONS BETWEEN QA & QC
Quality Assurance
QA is a set of activities for
ensuring quality in the
processes by which
Definition
products are developed.
QA aims to prevent defects
with a focus on the process
Focus on used to make the product.
It is a proactive quality
process.
Quality Control
QC is a set of activities
for ensuring quality in
products. The activities
focus on identifying
defects in the actual
products produced.
QC aims to identify (and
correct) defects in the
finished product. Quality
control, therefore, is a
reactive process.
COMPARISONS BETWEEN QA & QC

Quality Assurance Quality Control

The goal of QA is to The goal of QC is to

improve development and identify defects after a
test processes so that product is developed and
Goal
defects do not arise when before it's released.
the product is being
developed.
Establish a good quality Finding & eliminating
management system and sources of quality
the assessment of its problems through tools &
How
adequacy. Periodic equipment so that
conformance audits of the customer's requirements
operations of the system. are continually met.
 COMPARISONS

Quality Assurance Quality Control

Prevention of quality The activities or

problems through techniques used to
planned and systematic achieve and maintain the
What
activities including product quality, process
documentation. and service.

Everyone on the team Quality control is usually

involved in developing the responsibility of a
the product is specific team that tests the
Responsibility
responsible for quality product for defects.
assurance.
COMPARISONS BETWEEN QA & QC
As a tool QA is a managerial tool
Verification is an example
Example of QA
Statistical Tools &
Techniques can be applied
in both QA & QC. When
they are applied to
Statistical
processes (process inputs
Techniques
& operational parameters),
they are called Statistical
Process Control (SPC); &
it becomes the part of QA.
QC is a corrective tool
Validation/Software
Testing is an example of
QC
When statistical tools &
techniques are applied to
finished products (process
outputs), they are called
as Statistical Quality
Control (SQC) & comes
under QC.
QUALITY CONTROL

 Quality Control (QC) refers to quality related activities

associated with the creation of project deliverables.
 It is used to verify that deliverables are of acceptable
quality and that they are complete and correct {E.g.
inspection, deliverable peer reviews and the testing process}.

 QC is about adherence to requirements (After production}.

 QA is generic and does not concern the specific requirements

of the product being developed.
 QA activities are determined before production work begins
and these activities are performed while the product is being
developed.
 AUDITING:
PRACTICES & PROCEDURES

18
 1. INTRODUCTION

■ An audit is an independent examination of and and

expression of an opinion on the financial statements of the
reporting entity by an appointed auditor in pursuance to his
appointment and in compliance to the statutory agreements.

A key aspect of the opinion is on true and fair view.

■ True: Information is factual and conforms with reality i.e.

not false
19
 1. INTRODUCTION
■ Fair : Information is free from discrimination and
bias and in compliance with expected standards and
rules.

■ Generally an audit is required by the law for

example the Companies Act and how it is
conducted is actually regulated by the professional
bodies (which guides the auditor) and International
Standards on Audit (ISAs) (which guide the audit
process). The ISAs are developed by the 20
International Audit and Assurance Standards Board
 OBJECTIVES OF AN AUDIT

Other objectives of an audit include:

1. Prevention and detection of errors and frauds in
financial systems and statements.
2. Advising the management on adherence to
framework of best practices or giving
recommendations on ways of improving the
accounting and internal control system based on
experience.
21
 1. INTRODUCTION

3. Providing assurance services such as;

■ Taxation
■ Internal control & systems
■ Due diligence
4. Nature of an audit
1. Searching and verifying accounting records
2. Examining other evidence supporting the
financial statements
22
 1. INTRODUCTION

3.The management assertions (what they are

claiming):
■The assets listed in the Statement of Financial
position really exist and that the company has
title or rights to the assets
■Valuations assigned to the assets have been
established with conformity with the generally
accepted accounting principles

23
 1. INTRODUCTION

That all the incomes and expenses shown were

actually earned or incurred and they are
correctly/valued in accordance with relevant
standards.

4. Gathering evidence to show that the SFP

contains all the liabilities of the company and that
all liabilities are properly stated.
24
 1. INTRODUCTION

5. Rationale for an audit

■ Directors are in charge of managing the company
therefore they are the stewards. They are also
accountable to the shareholders. One approach to
accountability is by preparing and presenting
financial statements.
■ An audit is required in order to enhance the
credibility of these financial statements.
25
 1. INTRODUCTION

■ Audit is one of the recommended solutions to

minimizing the problem that arises as explained
under the agency theory in other words, an audit
will help safeguard the interests of the company
(principal) incase directors (agents) try to engage in
activities that are to the detriment of the
shareholders.

26
 1. INTRODUCTION

■Contrary to what many users think, the responsibility to prepare

financial statements vests with the directors of a company.

■Additionally it is not the “sole” responsibility of the auditor to

check and prevent fraud.

An auditor only expresses an opinion though the auditor is required

to be aware of possibility of fraud. If a business wants the auditor
to check and detect fraud, then that will be a different type of
engagement (such as fraud examination or forensic auditing).
27
 2. AUDIT PROCESS

1. Planning the audit:

This entails developing a general strategy and a
detailed approach for the expected nature, timing and
extent of the audit. The auditor plans to perform the
audit in an efficient and timely manner.

28
 2. THE AUDIT PROCESS

Objectives of an audit:
1. Ensuring that appropriate attention is devoted to
important areas of the audit
2. Ensuring that potential problems are identified
3. Ensuring that the work is completed expeditiously
4. Proper assignment of work to assistants
5. Coordination of work done by other auditors and
experts; and facilitating review
29
 2. THE AUDIT PROCESS

2. Understanding the business: Perform audit procedures to

understand the entity and its environment.
The auditor should:
i. Know the nature of the entity
ii. Establish the objectives and strategies and related business
risks
iii. Measure and review the entity's financial performance and
Internal controls
iv. Assess the risk of material misstatement at the financial
statement and assertion level
v. Identify the industry, regulatory and other external factors,
including the applicable financial reporting framework 30
 2. THE AUDIT PROCESS

3. Carry out tests of internal controls:

Theses are the process designed and effected by

those charged with governance, management and
other personnel to provide reasonable assurance
about the achievement of the entity’s objectives
with regard to reliability of financial reporting,
effectiveness and efficiency of operations and
compliance with applicable laws and regulations.
31
 2. THE AUDIT PROCESS

The main purpose is to obtain sufficient and relevant audit

evidence that the controls were operating effectively during the
period. Approaches include:
1. Observation of the entity's procedures
2. Inspection of documents supporting controls or events to gain
audit evidence that controls have operated effectively
3. Examination of evidence of management reviews e.g. minutes
of board meetings
4. Re-performance of the application of a control to ensure it was
performed correctly
5. Testing of the control activities performed by a computer,
possibly using CAATs (computer-assisted audit techniques). 32
 2. THE AUDIT PROCESS

4. Carry out substantive tests

■ These are tests to check financial statement items.
■ The purpose is to detect material misstatements at the
assertion level. Include tests of details of transactions,
balances and disclosures, and substantive analytical
procedures.

{For example to confirm revenue, the auditor will check all

receipts and invoices, verify they are posted correctly, cut-off
(period end) dates, properly added and figures tally}.
33
 2. THE AUDIT PROCESS

5. Issue an audit report.

■ The auditor's report should contain a clear written
expression of opinion, in the financial statements taken as
a whole.

■ The auditor's report should include the following basic

elements, normally in this layout:

34
 2. THE AUDIT PROCESS

(a) Title
(b) Addressee
(c) Introductory paragraph
(d) Directors' responsibility for the financial statements
(e) Auditor's responsibility
(f) Auditor's opinion
(g) Other reporting responsibilities
(h) Auditor's signature
(i) Date of the auditor's report
(j) Auditor's address 35
 2. THE AUDIT PROCESS

■ Depending on the outcome of the auditor’s work

the audit report (opinion) can either be
unqualified-good or qualified-bad

■ An unqualified opinion is expressed when the

auditor concludes that the financial statements give
a true and fair view (or are presented fairly, in all
material respects) in accordance with the identified
financial reporting framework.
36
 2. THE AUDIT PROCESS

■ The report may be modified by adding an

emphasis of matter.
■ Emphasis of Matter Paragraph (EMP) has been
defined in International Standards on Auditing
(ISAs) as follows:
“A paragraph included in the auditor’s report that
refers to a matter appropriately presented or
disclosed in the financial statements that, in the
auditor’s judgment, is of such importance that it is
fundamental to users’ understanding of the financial
37
 2. THE AUDIT PROCESS

EM paragraph may be included in auditor’s report when:

i. Auditor believes that there is a need to draw user’s
attention to significant uncertainty surrounding
accounting estimates
ii. In case new or amended audit report has been issued
after the discovery of subsequent events.
iii. In case material uncertainty exists surrounding the
use of going concern assumption but the same has been
disclosed to the satisfaction of the auditor in the financial
statements.
38
 2. THE AUDIT PROCESS

iv. In case financial statements have been prepared under

two financial reporting frameworks then auditor shall
include Emphasis of Matter paragraph pointing to the
disclosure in respect of extent of compliance of
framework

v. In case of early application of accounting standard

that has pervasive effect on financial statements; thus
new accounting standard has been followed and applied
before its effective date.
39
 2. THE AUDIT PROCESS

vi. In case auditor discovered that prior period financial

statements contain material misstatements and also
amended audit report has not been issued but the
corresponding figures have been restated and
appropriate disclosures have been made in the current
period financial statements.
vii. In case financial statements are prepared under special
purpose framework
viii.An entity is facing major catastrophe and its  effects
are expected to propagate to future periods and it is and
will significantly affect the financial position of entity.
40
 2. THE AUDIT PROCESS

An auditor can issue a qualified report under two

circumstances:
1. There is a limitation on the scope of the auditor’s work
(For example denying the auditor access to financial
records or information).

2. There is a disagreement with management regarding the

acceptability of the accounting policies selected, the
method of their application or the adequacy of the financial
statement disclosures
41
 2. THE AUDIT PROCESS

Depending on the degree of the two issues regarding

limitation of scope or disagreement with management a
qualified report takes three forms:
1. A qualified report but stating clearly ‘except for’ if
matter is material but not fundamental.
2. No opinion (a disclaimer) if there is a limitation of
scope and it is material and fundamental
3. A bad opinion (an adverse opinion) if the
disagreement is material and fundamental.

42
BEST PRACTICE – Risk Based Audits (RBIA)
 3. TYPES OF AUDITS

1. Value For Money (VFM) audits: Concerned with

evaluating the three ‘Es’ {Economy, Efficiency &
Effectiveness}
2. IT Audits {Systems development process, Asset
management, Database management systems, e-business,
Networks and Access controls}
3. Financial Audits
4. Operational audits {management or efficiency audits}

44
 3.INTERNAL Vs EXTERNAL AUDIT

Differences between internal and external audit

■ Codes of corporate governance, such as the IFAC Code

highlight the need for businesses to maintain good systems
of internal control to manage the risks the company faces.

■ It is seen as part of good corporate governance to have an

internal audit function to assess and monitor internal
control policies and procedures.

45
 DIFFERENCES

Other differences:
Area External Audit (EA) Internal Audit (IA)
Objective To express an opinion as Wide ranging from value for
to the truth and fairness money, operational efficiency,
of the financial compliance with company
statements policies and other laws
Reports to Management (Where the Good Corporate Governance
auditor does a (also Treasury circular 16/2005
management report) and and 3/2009) requires that the IA
shareholders in the main reports directly to the audit
audit report committee of the Board of
Directors (Having mainly non-
executive directors)
46
 3.DIFFERENCES

Other differences:
Area External Audit Internal Audit

Status An independent person May be an employee of the

from the firm with no company though some
attachments. companies outsource the
internal audit work
Qualification Formal qualifications Need not be a member of a
s where auditor is a professional body, though in
member of a recent times there has been a
professional body and move towards an Institute of
the audit firm has a Internal Auditors (IIA)
practicing license from a
professional body 47
 4. BENEFITS OF AN AUDIT

1. The management of publicly quoted companies are

willing to incur millions of shillings (even Dollars) in
audit fees because they want continued access to capital
markets that offer cheap long term sources of capital.

2. The shareholders of those same companies are willing to

incur the audit fees because their level of trust is
increased. Small companies benefit from having regular
financial statement audits due to reduced information risk
which means availability of capital at lower cost.
48
 4. BENEFITS OF AN AUDIT

Bankers and other sources of credit would be willing to

lend to the organization at much lower interest rates.
3. The knowledge that regular independent audits will be
carried out acts as a deterrent to the misappropriation of
resources by the incumbent management

4. Auditors will usually highlight any material

weaknesses in the design and operation of internal
controls for free or at lower costs. These suggestions
could result in savings that could be worth several times
the audit fees. 49
 4. BENEFITS OF AN AUDIT
5. Through their accumulated experience with various
industries and businesses, auditors will give sound
business advice as a value added consideration,
something that could be of immense value to a client.
6. Tax authorities will be less troublesome on presentation
of audited accounts.
7. The sale or valuation of a business is much easier when
audited accounts exist
8. Shareholders and management will make decisions based
on information that is not materially misstated
50
BENEFITS OF QA & AUDIT AS RISK
MANAGEMENT TOOLS

i. Fewer surprises
ii. Articulation of risk appetite - and embedded
process to manage this
iii. Common risk language
iv. Better management reporting
v. More effective communication with stakeholders
on risk and return issues
vi. Adequate policies, procedures and limits
vii. Regulatory data management
BENEFITS OF QA & AUDIT AS RISK
MANAGEMENT TOOLS

vii. Better controlled operations

viii.Adequate risk monitoring and MIS
ix. Systems integration – finance and risk data
x. Lower risk-related costs
xi. Better targeting of resources
xii. Better outcomes on corporate objectives
xiii.Delivery of innovative projects
xiv. Better outcomes for service users
xv. Protection of reputation
 5. LIMITATIONS OF AN AUDIT
1. Does not guarantee the future viability of an entity-For
instance, rumours about the stability of a bank may surface in
the media just after an auditor issues an unqualified opinion.
Because banks thrive on the image of stability customers
have, the bank may be hit by a run and subsequently
collapse. These are issues that are clearly not covered by the
audit report

2. Does not guarantee management’s efficiency and

effectiveness: effectiveness is doing the right thing while
efficiency is doing it right. Such traits are limited to particular
individuals and an appraisal of the effectiveness and
53
efficiency of managers is dependent on the observer.
 5. LIMITATIONS OF AN AUDIT

3. An audit does not guarantee that there has not been fraud
perpetrated at the company.

4. Where an auditor has been auditing the client for several

years, independence may be compromised.

54
 I thank you

#0722 607157
jones_kimeu@yahoo.com