SCHOOL OF BUSINESS, ECONOMICS AND MANAGEMENT

BPS430: AUDIT PRACTICE AND PERFORMANCE REVIEW

CHAPTER 4: THE THEORY OF AUDITING
 Content One
• Definition
• Elements of an Audit Assurance
• Audit Risk
• Risk of Material Misstatement
• Types of Material Misstatement
• Auditors Response to Risk of Misstatement
• Detection Risk
• Conclusion
Introduction
External Auditing - is an independent
examination of the evidence from which the
financial statements of an enterprise are
derived, in order to give the reader of those
statements confidence as to the ‘truth and
fairness’ of the state of affairs which they
disclose.
Introduction Cont.
Internal Auditing on the other hand is an
independent, objective assurance and consulting
activity designed to add value and improve the
company operations. This is done through a
systematic, disciplined approach in evaluating and
proposing improvement on effective risk
management, control, and governance processes.
Introduction Cont.
The Auditing Practices Board describes the
objective of an audit as being’.. to enable
auditors to express an opinion whether the
financial statements give a true and fair view..’
and have been properly prepared in accordance
with the applicable reporting framework.
Introduction Cont.
The term true and fair is a standard one used by
auditors and is derived from legislation. Section
236, Companies Act 1985 requires auditors to
state whether in their opinion the balance sheet
and profit and loss show a true and fair view
without at any point defining what is meant by
true and fair view.
 Elements of an Assurance.
Firstly an assurance engagement will require a three-
party relationship comprising of: – The intended user
who is the person who requires the assurance report.
– The responsible party, which is the organisation
responsible for preparing the subject matter to be
reviewed. – The practitioner (i.e. an auditor) who is
the professional who will review the subject matter
and provide the assurance.
Elements of an Assurance.
Second element which is required for an
assurance engagement is suitable subject
matter. The subject matter is the data which
the responsible party has prepared and which
requires verification.Thirdly this subject matter
is then evaluated or assessed against suitable
criteria in order for it to be assessed and an
opinion provided.
Elements of an Assurance.
Fourth, the practitioner must ensure that they
have gathered sufficient appropriate evidence
in order to give the required level of assurance.
Last, an assurance report provides the opinion
which is given by the practitioner to the
intended user.
 Audit Risk
ISA 315: Audit Risk this standard
discusses the auditor's consideration of
audit risk in an audit of financial
statements as part of an integrated audit
or an audit of financial statements only.
 Audit Risk
ISA 315: The objective of the auditor is
to conduct the audit of financial
statements in a manner that reduces
audit risk to an appropriately low level.
 Audit Risk
To form an appropriate basis for
expressing an opinion on the financial
statements, the auditor must plan and
perform the audit to obtain reasonable
assurance about whether the financial
statements are free of material
misstatement due to error or fraud.
 Audit Risk
Reasonable assurance is obtained by
reducing audit risk to an appropriately
low level through applying due
professional care, including obtaining
sufficient appropriate audit evidence.
 Audit Risk
In an audit of financial statements, audit
risk is the risk that the auditor expresses
an inappropriate audit opinion when the
financial statements are materially
misstated, i.e., the financial statements
are not presented fairly in conformity
with the applicable financial reporting
 Audit Risk
Audit risk is a function of the risk of
material misstatement and detection
risk. Note: The auditor should look to the
requirements of the Securities and
Exchange Commission for the company
under audit with respect to the
accounting principles applicable to that
 Risk of Material Misstatement
The risk of material misstatement refers to
the risk that the financial statements are
materially misstated. AS 2110, Identifying and
Assessing Risks of Material Misstatement,
indicates that the auditor should assess the
risks of material misstatement at two levels:
(1) at the financial statement level and (2) at
 Risk of Material Misstatement
Risks of material misstatement at the financial
statement level relate pervasively to the financial
statements as a whole and potentially affect many
assertions. Risks of material misstatement at the
financial statement level may be especially relevant
to the auditor's consideration of the risk of material
misstatement due to fraud.
 Risk of Material Misstatement
For example, an ineffective control environment, a
lack of sufficient capital to continue operations, and
declining conditions affecting the company's
industry might create pressures or opportunities
for management to manipulate the financial
statements, leading to higher risk of material
misstatement.
 Risk of Material Misstatement
Risk of material misstatement at the assertion level
consists of the following components:
(a) Inherent risk, which refers to the susceptibility
of an assertion to a misstatement, due to error or
fraud, that could be material, individually or in
combination with other misstatements, before
consideration of any related controls.
 Risk of Material Misstatement
(b) Control risk, which is the risk that a
misstatement due to error or fraud that could
occur in an assertion and that could be material,
individually or in combination with other
misstatements, will not be prevented or detected
on a timely basis by the company's internal control.
Control risk is a function of the effectiveness of the
 Risk of Material Misstatement
Inherent risk and control risk are related to the
company, its environment, and its internal control,
and the auditor assesses those risks based on
evidence he or she obtains. The auditor assesses
inherent risk using information obtained from
performing risk assessment procedures and
considering the characteristics of the accounts and
 Risk of Material Misstatement
The auditor assesses control risk using evidence
obtained from tests of controls (if the auditor plans
to rely on those controls to assess control risk at
less than maximum) and from other sources.
 Types of Material Misstatement
There are three categories of misstatements:  
(i)Factual misstatements: a misstatement about 
which there is no  doubt. 
(ii)Judgemental misstatements: a difference in an 
accounting estimate 
that the auditor considers unreasonable, or the sel
ection or 
 Types of Material Misstatement
There are three categories of misstatements:  
(iii)Projected misstatements: a projected misstatem
ent is the auditor’s 
best estimate of the total misstatement in a popula
tion through the 
projection of misstatements identified in a sample. 
 Auditors response to Risk of Materiality

The auditor must amend the audit approach in

response to risk assessment. They can achieve this
by:
1. assigning more experienced staff to risk areas
2. increasing supervision levels
3. increasing the element of unpredictability in
sample selection
 Auditors response to Risk of Materiality

4. changing the nature, timing and extent of

procedures
5. increasing the emphasis on substantive tests of
detail
6. emphasising the need for professional
scepticism.
 Detection Risk
In an audit of financial statements, detection risk is
the risk that the procedures performed by the
auditor will not detect a misstatement that exists
and that could be material, individually or in
combination with other misstatements. Detection
risk is affected by (1) the effectiveness of the
substantive procedures and (2) their application by
 Detection Risk
The auditor uses the assessed risk of material
misstatement to determine the appropriate level of
detection risk for a financial statement assertion.
The higher the risk of material misstatement, the
lower the level of detection risk needs to be in
order to reduce audit risk to an appropriately low
level.
 Detection Risk
The auditor reduces the level of detection risk
through the nature, timing, and extent of the
substantive procedures performed. As the
appropriate level of detection risk decreases, the
evidence from substantive procedures that the
auditor should obtain increases.
 Conclusion
Risk of material misstatement is the risk that the
financial statements are materially misstated prior
to audit and consists of two components, inherent
risk and control risk.
Audit Risk = Inherent Risk X Control Risk X
Detection Risk
 Conclusion
Inherent risk is the susceptibility of an assertion
about a class of transaction, account balance or
disclosure to misstatement that could be material,
before consideration of any related controls.
Inherent risk is the risk of a material misstatement
in the financial statements because of the nature of
the industry, entity or the nature of the item itself.
 Conclusion
Control risk is the risk that a misstatement that
could occur and that could be material will not be
prevented, or detected and corrected on a timely
basis by the entity's internal controls. Control risk
may be high either because the design of the
internal control system is insufficient in the
circumstances of the business or because the
 Conclusion
Detection risk is the risk that the procedures
performed by the auditor to reduce audit risk to an
acceptably low level will not detect a misstatement
that exists and that could be material. Detection
risk comprises sampling risk and non-­sampling risk:
 Conclusion
Sampling risk is the risk that the auditor's
conclusion based on a sample is different from the
conclusion that would be reached if the whole
population were tested. Non­sampling risk is the
risk that the auditor's conclusion is inappropriate
for any other reason, e.g. the application of
inappropriate procedures or the failure to
 Content Two
• Audit Relationship
• Agency theory and Auditing
• Purpose of Auditing
• Advantages and Disadvantages of an audit
• Internal Auditing defined
• Internal Auditing Vs External Auditing
• Conclusion
Agency theory and Auditing
Modern organisational theory views an
organisation as being comprised of
various interest groups.
The relationship between the various
interested parties in the firm are often
described in terms of agency theory.
Agency theory and Auditing Cont.
Agency relationship occurs when one
party, the principal, employs another
party, the agent, to perform a task on
their behalf.
For example, directors can be seen as
the agents of shareholders, employees as
the agents of directors and auditors as
Agency theory and Auditing Cont.
Each principal needs to recognise that
although he is employing the agent, the
agent will have interests of his own to
protect and thus may not fully carry out
the requirements of the principal-a
conflict of interest may arise. Note the
debate on the level of directors pay and
 Purpose of Auditing
It was recognised many years ago that whenever
a fiduciary relationship with financial
implications existed there was a need for an
outsider with sufficient independent and
objectivity to review the accounts of
stewardship and to express an opinion as to
their honesty or otherwise.
Purpose of Auditing Cont.
A fiduciary relationship is a relationship of ‘good
faith’ such as that between a trustee and a
beneficiary, between insurers and the insured
and between directors and shareholders. This
latter application is the one with most direct
relevance to your examination, which is based
on company audits.
Purpose of Auditing Cont.
Modern auditing has developed since the
concept of a company as a separate legal entity
came into existence in the late nineteenth
century. This lead to the separation of
ownership (shareholders) from control(directors)
and a consequent need to safeguard the interest
of the owners , who in all but the smallest of
businesses (where shareholders and directors
Advantages and Disadvantages of an Audit

Advantages:
- 1.Reconciliatory :Disputes between management
may be more easily settled. For instance, a
partnership which has complicated profit- sharing
arrangements may require an independent
examination of those accounts to ensure as far as
possible an accurate assessment and divisions of
those profits.
 Advantages and Disadvantages of an Audit
Cont.

Advantages:
- 2. Source of continuous improvement: Major
changes in ownership may be facilitated if past
accounts contain an unqualified audit report, for
instance, where two sole traders merge their
business to form a new partnership. Application
to third parties for finance may be enhanced by
audited accounts.
 Advantages and Disadvantages of an Audit
Cont.

Advantages:

3.Enhances credibility :The audit is likely to

involve an in-depth examination of the
business and so may enable the auditor to
give more constructive advice to
management on improving the efficiency of
the business.
 Advantages and Disadvantages of an Audit
Cont.

Advantages:

3.An audit helps to identify weaknesses in

the accounting systems and enables us to
suggest improvements. The process keeps
Kingston Smith partners informed of
areas/situations where advice is useful.
 Advantages and Disadvantages of an Audit
Cont.

Advantages:

4.An audit assures directors not involved in

the accounting functions on a day-to-day
basis that the business is running in
accordance with the information they are
receiving, and helps reduce the scope for
fraud and poor accounting.
 Advantages and Disadvantages of an Audit
Cont.

Advantages:

5.An audit facilitates the provision of advice

that can have real financial benefits for a
business, including how the business is
running, what margins can be expected and
how these can be achieved. Advice can cover
anything from the tightening of internal
 Advantages and Disadvantages of an Audit
Cont.

Advantages:

6. An audit will enhance the credibility and

reliability of the figures being submitted to
prospective purchasers. If an owner manager
is planning on selling in the next 3 years, it
may be beneficial to carry out regular
audits.
Advantages and Disadvantages of an Audit

Disadvantages:

1. The audit fee! Clearly the services of an

auditor must be paid for. It is for this reason
that few partnerships and even fewer sole
traders are likely to have their accounts
audited.
Advantages and Disadvantages of an Audit

Disadvantages:

2. Time consuming: The audit involves the

client’s staff and management in giving time
to providing information to the auditor.
Professional auditors should therefore plan
their audit carefully to minimise the
disruption which their work will cause.
 Internal Auditing Vs External Auditing

It is important to understand and recognize the

differences and commonalities between internal
and external audit. Internal audit shares a
common history with external audit and has
grown out of the increasing focus on the need to
have effective internal controls within an
organization.
 Internal Auditing Vs External Auditing

The internal and external auditor should work

closely together. In particular to co-ordinate
activity and maximize effectiveness and where
appropriate external audit may rely on the work
of internal audit. However, there are a number of
fundamental differences in their objectives,
scope and responsibility.
 Internal Auditing Vs External Auditing

The internal and external auditor should work

closely together. In particular to co-ordinate
activity and maximize effectiveness and where
appropriate external audit may rely on the work
of internal audit. However, there are a number of
fundamental differences in their objectives,
scope and responsibility.
 Internal Auditing Vs External Auditing

Internal Auditing External Auditing

Objective To advise management on To provide an opinion on whether

whether the organization has the financial statements provide a
sound systems of internal true and fair view.
controls to protect the
organization against loss.

Legal Basis Generally not a legal Legal requirement for limited

requirement. However the companies and most public bodies.
latest corporate governance
advise recommends that if a
listed company does not have an
internal audit department, it
should regularly assess the need
for one.
Scope All areas of the organization, Financial focus
operational as well as financial.

Approach - Increasingly risk based - Increasingly risk based

- Assess risks - Test underlying transactions
- Evaluate system of that form the basis of the
controls financial statements.
- Test operations of
systems
- Make recommendations
of improvements
Responsibility To advise and make To form an opinion on whether the
recommendations on internal financial statements provide a true
control and corporate and fair view.
governance.
 Content Three
• Appointment of Auditors
• Removal of Auditors
• Auditors Rights, Duties and Responsibilities
• Types of Audit Opinions
• Types of Audits
• Audit Process Model
• Conclusion
 Appointment of Auditors
Under section S384 CA 85, the first auditors of a new
company are usually appointed by the directors to hold
office until the next AGM. If the directors fail to do this,
the company in general meetings may appoint the first
auditors. Under S384 CA 85 subsequent appointments are
usually made by the members at each AGM to hold office
from the conclusion of that meeting until the conclusion of
the next AGM.
 Removal of Auditors
The provisions of the companies Act were drafted to
ensure that auditors cannot simply because they have had
a disagreement with directors. Again, it is the members
who are empowered to remove an auditor or reject a
proposal by the directors that the auditor should be
removed where they (the members) believe that the
auditor has carried out their duties conscientiously.
 Removal of Auditors
The provisions of the companies Act were drafted to
ensure that auditors cannot simply because they have had
a disagreement with directors. Again, it is the members
who are empowered to remove an auditor or reject a
proposal by the directors that the auditor should be
removed where they (the members) believe that the
auditor has carried out their duties conscientiously.
 Auditors Rights, Duties and Resp.
Duties:

 To report to the members on whether the financial

statements of the company or group of companies) show
a true and fair view and have been properly prepared in
accordance with the Act.
 To consider whether the information in the Directors’
Report is consistent with the financial statements and,
if not, to state the fact in the audit report.
 Auditors Rights, Duties and Resp.
Duties:
 To give the following details required by statute in the audit report, if not
given in the financial statements themselves;
o Particulars of directors’ emoluments, pensions and compensation for
loss of office.
o Details of loan to officers
o Particulars of any directors’ emoluments waived
o Disclosure of transactions involving directors and other connected
persons.
 Auditors Rights, Duties and Resp.
Duties:
 To form an opinion as to whether;
o Proper accounting records have been kept by the company
o Proper returns adequate for their audit have been received from
branches not visited by them (where applicable).
o The company’s balance sheet and its profit and loss account are in
agreement with the accounting records and returns.
o Such information and explanations as the auditor thinks necessary for
the performance of their duties have been received from the
company’s officers.
 Auditors Rights, Duties and Resp.
Rights:
 The right of access at all times to the books, records, documents and
accounts of the company. The auditor must obviously exercise this right
with discretion so as not to disrupt unnecessarily the company’s
operations.
 Equally, if the client refuses access to the records, auditors would never
seek access to them forcibly, or even through the courts. They would
instead consider either resigning or qualifying their audit report.
 The right to require from the officers of the company such information and
explanation as they think necessary for the performance of their duties. An
officer wilfully making a false statement to an Auditor, knowing it to be
false, commits a criminal offence in many jurisdiction. right of access at
all times to the books, records, documents and accounts of the company.
 Auditor’s Opinion
There are generally three types of auditor's opinions. A "clean"
or unqualified opinion states that the financial statements
present a fair and accurate picture of the company and comply
with generally accepted accounting principles. A
qualified opinion contains exceptions, which may include the
scope of the audit.

An adverse opinion contains a major exception or warning. The

most well-known adverse opinion is the "going-concern"
exception, in which the accountant expresses doubts about the
company's ability to remain in business.
 Categories of Audits

Audits of financial statements examine financial

statements to determine if they give a true or fair view or
fairly present the financial statements in conformity with
specified criteria.

An operational audit is a study of a specific unit of an

organisation for the purposes of measuring its performance

A compliance audit is a review of an organisation’s

procedures performed to determine whether the
organisation is following specific procedures, rules, or
regulations set out by some higher authority.
 Audit Process Model
Phillip Wallage has likened the audit process to the
empirical scientific cycle. The audit process begins with a
client’s request for an audit of financial statements, is
followed by a plan of the audit and the tests of evidence,
culminating in a judgement or opinion. In this
arrangement we will use a four phase standard audit
process model based on the scientific empirical cycle.
 Audit Process Model
The common phases of an audit are:
 Phase 1: Assessment of risk
 Phase 2: Planning and Resource Allocation
 Phase 3: Testing and Evidence
 Phase 4: Evaluation and Judgement.
 Phase 1: Portfolio Risk Assessment
Assignment Score Factors Variables      
    Kwacha Complexity Personel Distance Risk Evalu Percentage Risk
    Volume of Activity   from controling Score of Risk Classification
    Contribution     Office      
                 
Shoprite Chekers Significance Weighting Factor 1 2 3 4      
  Descriptive Value 5 4 4 5      
  Extended Value 5 8 12 20 45 90.00 High
                 
National Botlers Significance Weighting Factor 1 2 3 4      
  Descriptive Value 4 5 4 3      
  Extended Value 4 10 12 12 38 76.00 High
                 
ZNBC Significance Weighting Factor 1 2 3 4      
  Descriptive Value 2 5 3 4      
  Extended Value 2 10 9 16 37 74.00 Medium
                 
Ministry of Healty Significance Weighting Factor 1 2 3 4      
  Descriptive Value 4 2 1 5      
  Extended Value 4 4 3 20 31 62.00 Medium
 Phase 1:Assignment Risk Assessment
Assignment Score Factors Variables      
    Kwacha Complexity Changes Distance Risk Evalu Percentage Risk
    Volume of Activity   from controling Score of Risk Classification
    Contribution     Office      
                 
Production Units Significance Weighting Factor 1 2 3 4      
  Descriptive Value 5 4 4 5      
  Extended Value 5 8 12 20 45 80.00 High
                 
Support Units Significance Weighting Factor 1 2 3 4      
  Descriptive Value 4 5 4 3      
  Extended Value 4 10 12 12 38 76.00 High
                 
Skills Mix Significance Weighting Factor 1 2 3 4      
  Descriptive Value 2 5 3 4      
  Extended Value 2 10 9 16 37 74.00 Medium
                 
Structure Significance Weighting Factor 1 2 3 4      
  Descriptive Value 4 2 1 5      
  Extended Value 4 4 3 20 31 62.00 Medium
Phase2:Planning/Resource Allocation
Resource Allocation

Time Other Resources

Annual Plan

Team Composition
Budget

Quarter 1
Quarter 2
Quarter 3 Team A Required skills
Quarter 4 Team B Required tools
Team C Required time
Phase 2: Assignment Planning Cont.
• Assignment Objectives
• Audit Program
• Audit Notice
Phase 3:Execution and Report Phase
• Testing and Evidence Gathering
• Audit Working Paper
• Exit meetings
Phase 4:Evaluation and Judgement

• Audit Opinion
• Management Letter/ Report
 End

• Any Clarifications?