Chapter One

Auditing an overview
1.1. Origin and Historical development of Auditing

The term “Audit” is derived from the Latin word “Audere” this means “to hear”. In the olden
days, whenever the proprietors of a business concern suspected a fraud, certain people were
appointed to hear verbal explanations given by the persons responsible for maintaining the books
of accounts and to judge the facts. Such persons were known as “Auditors”. Thus, the literal
meaning of audit is to hear and the auditor is the person who hears the explanations from the
persons accountable for keeping accounts.

Scope of audit was quite limited as the auditors during those days were interested in ascertaining
whether the persons responsible for keeping accounts had properly accounted for all cash
receipts and payments to his principal and in locating errors and fraudulent transactions, if any.
In simple words, the aim of audit was to know whether cash had been embezzled and if so, who
embezzled it and what amount was involved. Thus, it was merely a cash audit. But, the scope of
modern audit can not be confined to cash verifications as the principal object of modern audit is
to report on financial position of the undertaking as depicted by its financial statements, i.e.
Balance sheet and Profit and Loss account, and other financial and non-financial information that
are related to different aspects of organizations’ economic activities . Detection of errors and
fraud is an incidental object of modern audit.

As far as the historical development of auditing is concerned, although the objectives and
concepts that guide present day audit were almost unknown until the early years of the 20 th
century, audits of one type or another have been performed throughout the recorded history of
commerce and government finance. From medieval times on through the time of industrial
revolution, audits were performed to determine whether persons in position of official
responsibility in government and commerce were acting and reporting in an honest manner.
During the industrial revolution, as manufacturing concerns grew in size, their owners began to
use the service of hired managers. With this separation of the ownership and management
groups, the absentee owners turned increasingly to auditors to protect themselves against the
danger of an intentional errors as well as fraud committed by managers and employees. Bankers
were the primary out side users of financial reports and were concerned whether the repots were
distorted by errors or fraud.

Some of the major auditing developments undertaken since the 20th century are:

(1) A shift in emphasis to the determination of fairness of financial statements.

(2) Increased responsibility of the auditors to third parties, such as governmental agencies,
inventors, creditors, suppliers and other members of the society who depend on the
auditors report to make various economic decisions.
(3) A change in auditing method from detailed examination of individual transactions and
events to use of sampling technique, including statistical and non statistical samplings.
(4) Recognition of the need to consider the efficiency and effectiveness of internal control
as a guide to the direction and amount of testing and sampling to be performed.

1
 (5) Development of new auditing procedures applicable to sophisticated computer systems,
and use of the computer as an auditing tool.
(6) Recognition of the need for auditors to find means of protecting themselves from the
current wave of litigation.
(7) An increased in demand for prompt disclosure of both favorable and unfavorable
information concerning any publicly owned company.
(8) An increased responsibility to assess the risk of material fraud.
(9) Increased demand for attestation by CPAs to managements assertion about compliance
with laws and regulations and the effectiveness of internal control.

1.2 Definition of Auditing

Definition of Auditing- It is quite difficult to give a single and precise definition of the term
“Audit”. The word “audit” has been defined by many distinguished authors and other bodies, and
every one of them has attempted to highlight one aspect or the other, but the central idea is more
or less the same.

Definition 1: Some authors define auditing as an independent examination of and expression of

opinion on, the financial statements of a concern by an appointed auditor in pursuance of that
appointment and in compliance with any relevant statutory obligations.

Definition 2: Some scholars also define auditing as an independent examination of the books of
account and the related documentary evidence by a qualified person in order to ascertain the
accuracy of figures.

Definition 3: According to Montgomery, an American Accountant & author, auditing is a

systematic examination of the books and records of a business of other organizations in order to
ascertain or verify and to report upon the facts regarding the financial operations and the results
thereof.

Definition 4: Spicer and Pegler in Practical Auditing defines auditing as an examination of

books, accounts and vouchers of a business, as will enable the auditor to satisfy himself/herself
that, the balance sheet is properly drawn up so as to give a true and fair view of the state of
affairs of the business and whether profit and loss account gives a true and fair view of the profit
or loss for the financial period, according to the best of his information and the explanations
given to him and as shown by the books and if not in what respect he is not satisfied.

Definition-5: A special committee of the American Institute of Accountants has defined the term
‘audit’ as follows:
“An audit is an attest function where by a Certified Public Accountant (CPA) independently
examine financial information of an entity and produce a report on the subject matter or an
assertion about the subject matter which is the responsibility of another party ( e.g.
Management).”

To attest to information means to provide assurance as to its reliability. More formally, the
AICPA has defined an attest engagement as one in which:

2
 A practitioner is engaged to issue or does issue a written communication that
expresses a conclusion about the reliability of a written assertion that is the
responsibility of another party.

A financial statement audit is, by far, the most common type of attest engagement. However,
CPAs attest to the reliability of a wide range of other types of information, including financial
forecasts, internal control, compliance with laws and regulations, advertising claims, and the
like.
The amount of evidence obtained by the CPAs and the content of the attest report depends on the
nature of the engagement. The standards of the AICPA recognize three forms of attestation
engagements. These are:

(i) Examination- An examination referred to as an audit when it involves historical

financial statements provides the highest form of assurance that CPAs provide.
(ii) Review- A review is substantially lesser in scope of procedures than an
examination, and is designed to lend only a limited degree of assurance.
(iii) Agreed upon procedures-if an examination or review does not satisfy (meet) the
clients needs, the CPAs and the specified users of the information may mutually
decide on specified agreed upon procedures that the CPAs will perform.

1.3. Auditing differentiated from bookkeeping, and Accountancy

In order to diagnose auditing in its correct perspective, one must know how auditing different
from book keeping, and accountancy, and what relationship it has with other two.
Book keeping- As the expression implies it refers to keeping the financial records (books) of a
business or other economic entity, recording all the transactions in which it engages. In simple
words, book keeping is concerned with recording day to day business transactions in the books
of original entry and the ledger.

It is a part of accounting process, concerned only with the original record of the transactions,
which provides a base for accounting. The major activity of book keeping either be handle by
book keeper or accounting machines. Such activities involve:

i) Journalizing i.e. recording transactions in the books of original entry.

ii) Post them into different ledger kept for the purpose
iii) Taking total of different accounts in the ledger and
iv) Balancing

Accounting vs. auditing

Ideally, accounting begins where book keeping ends and auditing begins where accounting ends.
Accountancy is the work of an accountant and is confined mainly to the checking of the
arithmetical accuracy of the books of account, extraction of an agreed trial balance, and
preparation of financial statements in such a way that one can clearly know the state of affairs of
the business. Auditing involves a detailed and critical examination and verification of such

3
accounts by an independent expert for the purpose of ascertaining the true and correct position of
a concern. In short, an audit does not entail the preparation of the accounts at all but denotes
something much wider, namely, the examination of these accounts. The job of an accountant is to
record the transactions while an auditor has to check and verify such accounts. There cannot be
auditing without prior existence of accounts. Thus, the work of an auditor is to begin only when
the accountant has finished his work.

Some accounting activities involves

i) Checking the work done by the book keeper

ii) Preparing the trial balance
iii) Preparing the trading or profit and loss accounts, balance sheet, statements of owner’
equity or retained earning , statements of cash flows and other related reports
iv) Passing entries for rectification of errors (correcting entries) and making the necessary
adjustments.
v) Review and interpretation of financial statements with a view to help and guide
management in formulation of future policies of business

1.4. Objective of Auditing/The need for an audit

Dependable information is essential to the very existence of our society. This is because, reliable
information such as accounting and financial reporting aid the society in allocating the limited
resources in an efficient manner so that the intended goal could be effectively achieved by the
end of the day. Individual or group society members such as the following depend on
information provided by others in the course of decision making activities.

Investors- to make decision to buy or sell securities.

Bankers and creditors-to decide whether to approve a loan or not
Suppliers- to decide whether to supply goods and/ or services on credit basis
Managers-to make wise economic decisions and to monitor the performance of management
at every level within the organization.
Government agencies-to undertake various regulatory actions
Labor unions –to inter different contracts on the behave of the employees
Other members of the society -to make decisions of their respective interest.

Thus, directly or indirectly, almost everyone has a financial stake in corporate enterprises, and
the public interest demands prompt, reliable financial reporting on the operations and the
financial healthiness of publicly owned corporations.
However, in many of these situations, the goals of the providers of information run directly
counter to those of the users of the information. Implicit in this line reasoning is the recognition
of the social needs for independent public accountants-individuals of professional competence
and integrity who can tell us whether the information that we use constitutes a fair picture of
what is really going on.
The contribution of the independent auditor is, therefore, to provide credibility to information used by
outsiders such as stockholders, creditors, government regulators, customers, and other interested parties to
make decisions of various kinds. Credibility in this case is used to mean that the information can be
believed by its users.

4
Economic decisions are made under condition of uncertainty. There is always a risk that the
decision makers select the wrong alternative and incur a significant loss. The creditability added
to the information by auditors actually reduces the decision maker’s risk. To be more precise, the
auditors reduce information risk, which is the risk that the financial information used to make
decisions is materially misstated.

Audited financial statements are the accepted means by which business organization report their
operating results and financial positions. The word audited when applied to financial statements,
means that the balance sheet and the statement of income, retained earnings, and cash flows are
accompanied by an audit report prepared by independent public accountants, expressing their
professional opinion as to the fairness of company’ financial statements.
Financial statements prepared by management and transmitted to outsiders without first being
audited by independent auditors (unaudited financial statements) leave a credibility gap for all of
the reasons such as (accidental errors, lack of knowledge of accounting principles, unintentional
bias, and deliberate falsification). Due to such reasons, financial statements may depart from
Generally Accepted Accounting Principles (GAAP), and some other appropriate accounting base.
Auditors provide users with assurance that the financial statements are free from all the above-
mentioned problems and thus, showing a true and fair picture of a business affair. However,
auditors cannot give certificate or guarantee as to the correctness or accuracy of these statements,
because, they only depend on sample population.

Illustrations- A decision by a bank loan officer about whether to make a loan to a business can be
used to illustrate the demand for auditing. Since the banks objective is to get appropriate rate of
interest and to collect the principal of the loan at maturity, the loan officer is making two related
decisions i.e.

i) Whether to make the loan at all and,

ii) What rate of interest adequately compensates the bank for the level of risk
assumed
The loan officer will make these decisions based on a careful study of the company’s financial
statements along with other information. Therefore, the risk assumed by the banker actually has
two components.

1) Business Risk- the risk that the company will not be able to make periodic interest payments
and repay the principal at maturity because, because of economic condition, poor management
decisions and for some other reason. Such risks are assessed by considering factors such as:
- Financial position of the companies
- The nature of its operation
- The characteristics of the industry in which it is working
- Quality and integrity of management
2) Information Risk- the risk that the information used to assess business risk is not accurate.
Information risk includes the possibility that the financial statements might contain material
departure from GAAP and other appropriate accounting basis.

If the loan officer has assurance from the auditors that the company’s financial statements are
prepared in accordance with generally accepted accounting principles, he will have confidence in
his assessment of business risk. Moreover, the periodic audits made after the loan has been made
5
provide the loan officer with a way of monitoring management performance and compliance
with the various loan provisions.
On the other hand, by reducing information risk, the auditors reduce the overall risk to the bank;
the company is more likely to obtain the loan and it will be made at a lower rate of interest.
Therefore, management of the company has an incentive to provide audited financial statements
to the loan officer to obtain the loan and to get the best possible interest rate.

NB. While auditing normally has only a limited effect on a company’s business risk, it can
significantly reduce the level of information risk. The primary objective of auditing is
verification of accounts and statements while the subsidiary objective is detection and prevention
of errors and frauds.

Generally, some of the advantages of auditing my be summarized as follows

1. Audited accounts are more readily accepted as correct and authentic record of the
transactions
2. Errors and frauds are detected and rectified in time
3. A regular audit would exercise a great moral influence on the client a staff and thus
prevent frauds and errors. The staff will also keep the books of account up to date.
4. An auditor possesses practical knowledge of business finance, contract laws. He can
therefore be an adviser on these matters, which will help clients
5. An auditor acts as trustee (a person who has charge of property in trust) of the
shareholders and safeguards their financial interest in the case of as Joint Stock
Company. Shareholders are assured that the accounts have been properly maintained
and directors and manager of the company have not taken any undue advantage of
their position.
6. Audited accounts are considered more reliable for taxation purposes sales tax, income
tax etc.)
7. Audited accounts facilitate the settlement of accounts between the partners, at the
time of retirement or death of partners.
8. Audited accounts are helpful in claiming reasonable compensation from the insurance
companies.
9. Comparison can be made between the accounts of the current year and other years.
10. Audited accounts can be very useful to secure loan, to obtain extend credit, to admit a
partner, to sell the business or to convert it into a joint stock company or to absorb or
amalgamate different business or to determine the purchase consideration.
11. As an appraisal function, audit reviews the existence and operations of various
controls and points out the weaknesses and inadequacies.
12. Audit safeguards the interest of the worker since audited accounts are useful to settle
workers claim for higher wages and bonus.

1.5. Types of audits and auditors.

1.5.1. Types of audits-The various types of audit that might be undertaken by the auditor can be
categorized as:

6
 i) Audit of financial statements
ii) Compliance audits
iii) Operational audits

i) Audit of financial statements- an audit of financial statements ordinarily covers the

balance sheet and the related income statements, retained earnings /owner’s equity/,
statements of cash flows. The goal is to determine whether these statements have been
prepared in conformity with generally accepted accounting principles. Financial
statement audits are normally performed by firms of certified public accountants. Users
of auditors’ reports include management, investors, bankers, creditors, financial analysts,
government regulators and other members of the society.

ii) Compliance Audits- Society has always concerned about compliance with laws and
regulations by all types of organizations. As a result, compliance auditing has evolved to
become an important part of the work of both external and internal auditors. Compliance
auditing is, therefore, the testing and reporting on whether an organization has complied
with the requirements of various laws, regulations, polices, procedures, and agreements.
E.g. The audit of an income tax return by auditors of internal revenue services to test
whether tax returns are in compliance with tax laws and internal revenue service
regulations.

iii) Operational Audits-the term operational audit refers to a comprehensive examination of

an operating unit or a complete organization to evaluate its systems, controls, and
performance, as measured by management objectives. An operational audit focuses on
the efficiency and effectiveness of operations. Efficiency is success in using the available
resources to the best advantage of the organization. Effectiveness is success in meeting
one’s stated goal and responsibility. Operational audit is usually performed by internal
auditors of the organizations.

1.5.2. Types of Auditors-There are four types of auditors. Among these well known types of auditors
are:
I) certified public accountants (External auditors),
II) Internal auditors,
III) Auditors of the general accounting office, and
IV) Internal revenue auditors (tax auditors)

(I) Certified public accountants (External auditors)-These are a group of auditors who
examine the records supporting the financial reports of an enterprise and give an opinion
regarding their fairness and reliability. They are independent professionals who perform
or render professional service on a fee base, but not the employee of the company being
audited. They report their findings to stockholders.
(II) Internal auditors- The principal goal of the internal auditors is to investigate and
appraise the efficiency and effectiveness with which the various organization units of the
company are carrying out their assigned functions.
-Even though internal auditors are not independent as in the same sense as the
independent public auditors, they should be independent of the
department heads and other line executives whose work they review.
7
 -Internal auditors report to the audit committee of the board of directors, to the
president or to other high executives.

-Internal auditors are employee of the organization in which they work and, thus, subject
to rules and regulations inherent in the employer- employee relation ships.
-Large part of the work of internal auditors consists of operational audit, they also
conduct compliance audit

Internal auditing: Internal auditing is conducted by employees of the business engaged in work
on be half of the organization. He is a salaried employee of the business. Internal audit has been
defined as the “ independent appraisal of activity within an organization for the view of
accounting, financial and other business practices as a protective end constructive arm of
management” It is type of control which functions by measuring and evaluating the effectiveness
of other types of internal control. Internal audit can be either pre-audit or post-audit. It deals
primarily with accounting and financial matters; it may also properly deal with matters of an
operating nature. From the definition, it is clear that internal audit not only includes the
verification of accounting maters but also financial & other matters.
The Internal auditor is responsible to:

a) Establish rules and procedures of the internal accounting system.

b) Review the day-to-day financial operating procedures, and to check of there is
adequate supervision with a clear and up to date supply of information to the
management.
c) Evaluate the system of internal control.
d) Give periodic report to the management about the financial condition of the
organization.
e) Give recommendations about the improvement of procedures.
f) Appraising the quality of performance in carrying out assigned responsibilities.
g) Ascertain whether assets of the businesses are accounted for & safeguarded form
losses of all kinds.

III) Auditors of the general accounting office- Congress or federal government has long had its
own auditing staff, headed by the controller general and known as general accounting office,
GAO auditor. The work of GAO auditors includes audits of government agencies to determine
the spending programs, evaluate the efficiency and effectiveness of selected government
programs; audit of financial statements of a number of federal agencies and others.

IV) Internal revenue auditors (tax auditors) - The internal revenue service is responsible for
enforcement of the federal tax laws. Thus, internal revenue auditors conduct compliance audits of
the income tax return of individual and corporations to determine that income has been computed
and taxes paid as required by the federal law.

1.6. Generally Accepted Auditing Standards (GAAS)-The existence of generally accepted

auditing standards is evidence that the accounting profession is very concerned with
maintaining a uniformity and high quality of audit work by all independent public

8
 accountants. This will increase the prestige of the professional and attributers increased
significance by the public to the auditor’s opinion attached to financial statements.
According, the AICPA has set forth the basic frame work in the following 10- generally accepted
auditing standards which are grouped under three major categories.

A. General standards
(1) The audit is to be performed by a person or persons having adequate technical
training and proficiency as an auditor.
(2) In all matters relating to the assignment, independence in mantel attitude is to be
maintained by the auditor or auditors.
(3) Due professional care is to be exercised in the planning and performance of the
audit and the preparation of the report.

B. Standards of field work

(1) The work is to be adequately planned and assistants if any are to be properly
supervised.
(2) Sufficient understanding of internal-control is to be obtained to plan the audit and
to determent the nature, timing, and extent of tests to be performed.
(3) Sufficient competent evidential matter is to be obtained through inspection,
observation, inquiries, and confirmation to afford reasonable bases for an opinion
regarding the financial statements under audits.
C. Standards of reporting
(1) The report shall state whether the financial statements are presented in accordance
with generally accepted accounting principles.
(2) The report shall identify those circumstances in which such principles have not
been consistently observed in the current period in relation to the preceding
period.
(3) Informative disclosures in the financial statements are to be regarded as
reasonably adequate unless other wise stated in the report.
(4) The report shall either contain an expression of opinions regarding the financial
statements taken as a whole, or an assertion to the effect that an opinion can not
be expressed. When an overall opinion can not be expressed, the reason therefore
should be stated.

Brief explanation of the standards

(1) Training and proficiency- this requirement is usually interpreted to mean college or
university education in accounting and auditing; participation in continuing education programs
and substantial public accounting experience. A technical knowledge of the industry in which the
client operates is also part of the personal qualifications of the auditors. It follow that a CPA firm
must not accept an audit engagement without first determining that members of its staff have the
proficiency needed to function efficiently and effectively in a given particular industry

(2) Independence- An opinion by independent public accountant as to the fairness of a

company’s financial statements is of a questionable value unless the accountant is truly
independent. Consequently, the auditing standard that states in all matters relating to the

9
assignment, an “independence in mental attitude is to be maintained by the auditors” is perhaps
the most essential factors in the existence of a public accounting profession.
E.g. If an auditor own shares of stock in a company that they audit, or if they serve as
members of board of directors, they might subconsciously biased in the performance of an
auditing duties.
An auditor is, therefore, expected to avoid any relationship with a client that would cause an
outsiders who had a knowledge of all the facts to doubt the CPA’s independence (independence
in fact and independence in appearance should be maintained).

(3) Due professional care- This standard requires the auditors to plan and carry out every step of
the audit engagement in an alert and diligent manner. Full compliance with these standards
would avoid or minimize any negligent acts or material omissions by the auditors.
(4) Adequate planning and supervision-is essential to a satisfactory audit. The appropriate
number of audit staff of various levels of skill and the time required for each need to be
determined in advance of the field work. Staff members with limited experience and new staff
members if any should be closely supervised while they are on work.
(5) Sufficient understanding of internal control- effective internal control provides assurance
that the client’s records are dependable and that its assets are protected. When the auditors find
this type of internal control, the quantity of other evidence required is much less than if control is
weak. Thus, the auditor’s assessment of internal control has great impact on the length and nature
of the audit process.

(6) Sufficient competent evidential matter-this standard of field work requires that the auditors
gather sufficient competent evidence to have bases for expressing an opinion on the financial
statements. The term competent refers to the quality of the evidence. Some evidential matters are
stronger and more convincing than others.

(7-10) Standards of reporting-The four reporting standards establish some specific directives for
preparation of the auditors report i.e.
- The reports must specifically state whether the financial statements are inconformity with
GAAP.
- Consistency in the application GAAP and adequate informative disclosure in the financial
statements is to be assumed unless the audit report states otherwise.
-The report must contain an opinion on the financial statements as a whole, or must disclaim an
opinion.

10
 Chapter-two
Professional Ethics and Legal liabilities of Auditors
2.1. The need for professional ethics

All recognized professions have recognized the importance of ethical behavior and have
developed codes of professional ethics. The fundamental purpose of such codes is to provide
members with guidelines for maintaining a profession attitude and conduct them in a manner that
will enhance the professional stature of their discipline. Our purpose in this chapter is to discuss
the nature of professional ethics, to present and discuss the AICPA code professional conduct,
and auditors’ legal liabilities and responsibilities
The mature of Ethics- ethics has been defined as the study of moral judgment and standards of
conduct. While personal ethics vary from individual to individual, at a point in time, most within
the society are able to agree as to what is considered ethical and unethical behavior. In fact a
society posses laws that define what its citizens consider to be the more extreme forms of
unethical behavior.
But much of what is considered unethical in a particular society is not specifically prohibited.
Thus, a good starting point to considering whether a given behavior is ethical or not is to
examine the context in which most ethical questions arise- relationships among people. Any
relationship between two or more individuals such as a CPA and client carries with it sets of
expectation by each of the individuals involved.
Ethical Dilemmas- ethical dilemma is a situation that an individual faces involving a decision
about appropriate behavior. A simple example of an ethical dilemma is presented below
Assume that a student at your University finds an expensive watch in the University compound.
What action, if any, does the student take to find the original owner?

Ethical dilemmas generally involve situations in which the welfare of one or more other
individuals is affected by the results of the decision. In the dilemma presented above, the welfare
of the original owner of the watch is affected by the student’s decision.

Ethical dilemmas faced by auditors often have an effect on the welfare of a large member of
individuals or groups. For example, if an auditor made an unethical decision about the content of
an audit report, the welfare of thousands of investors, creditors and other members of the society
would be affected.
It is therefore essential for professions to have ethical and moral standards in addition to other
professional and technical standards so that the profession can provide quality services that can
properly address the interest and welfare of its users.

To understand the importance of a code of ethics to public accountants and other professionals,
one must understand the nature of a profession as opposed to other vocations. There is no
universally accepted definition of what constitutes a profession; yet, for generations, certain
types of activities have been recognized as professions while others have not.

Characteristics of a profession
The development of audit as a profession is tied to the involvement of the importance of
independence in audit. Thus, this is the reason for naming professional auditing as independent

11
audit. All of the generally recognized professions such as auditing, medicine, engineering,
theology, architecture and the like are characterized by the following elements/ features/.
I) Specialized body of knowledge- A highly developed profession has a very highly
specialized written body of knowledge. The more the profession is highly developed, the
more specialized the body of knowledge and voluminous requiring, longer period of time
to absorb. The body of knowledge is dynamic and in continuous development and growth
and not static. The body of knowledge here goes far beyond general education
knowledge. Always, there is need for technical competence and familiarity with
current/contemporary/ standards of practice that might be embodied in the code of
professional conducts.
II) Standards of qualification for admission- A profession to be a profession must have well
recognized and accepted predetermined criterion of qualification for admission into the
profession. The standards include educational requirements as well as other moral and
legal criteria fulfillment. The educational requirement is composed of theoretical
knowledge and practical experience. Thus, attaining a license to practice as a certified
public accountant requires an individuals or group members, to meet minimum standards
of education and experience.
III) Standards of conduct of behavior- A profession has a standard of conduct of behavior to
be observed by the professionals through prescribed code of ethics that attempt to enforce
general rules of conducts, and maximum and minimum rules on competence and
responsibility to client and colleagues.
IV) Level of status recognition- The quality and level of professional services demanded by
society determines the level of status and recognition to the profession. The level of status
and recognitions earned in a society is a function of the quality of professional services
rendered which in turn is a function of the standards of profession qualification and the
degree of the social, moral, and legal responsibility assumed. (They have direct relation
ship). Thus, careless work or lack of integrity on part of any auditor(s) may lead the
public to negative view towards the entire profession. Accordingly, reasonable level of
competence to practice their service as required by standards and to give clients and the
public an assurance that the profession intends to maintain high standards and enforce
compliance by individual members broads the reputation of the profession.
V) Acceptance of social responsibility/ Responsibility to serve the public/ – A professional to
be a profession must accept responsibility for the consequence of its action. Not only
legal responsibilities which arises out of contractual obligation, but also moral
responsibility to the profession it self and to the society at large. Accordingly, auditors are
representatives of the public-creditors, stockholders, consumers, employees, and others-in
the financial reporting process. The role of the independent auditors is to ensure that
financial statements are fair to all parties and not biased to benefit one group at the at the
expense of another. This responsibility to serve the public interest must be a basic
motivation for the professional.

Significance of professional ethics in accounting- Careless work or lack of integrity on the part
of any public auditor is a reflection upon the entire profession. Consequently, the members of the
public accounting profession / auditing profession/ have acted in unison through the certain
appropriate code of conduct such as the AICPA code of conduct. This code provides practical
guidance to the individual members in maintaining a professional attitude. In addition, this code

12
gives assurance to clients and to the public that the profession intends to maintain high standards
and to enforce compliance by individual members.
Evidence that public accounting has achieved the status of a profession is found in the
willingness of its members to accept voluntarily standards of conduct more rigorous than those
imposed by law. These standards of conduct set forth the basic responsibilities of auditors to the
public, clients and fellow practitioners. To be effective, a body professional ethics must be
attainable and enforceable; it must be consists not merely of abstract ideals but of attainable
goals and practical working rules that can be enforced.

2.2. The AICPA code of professional conduct

The AICPA code of professional conduct is designed to provide a framework for expanding
professional services and responding to other changes in the profession, such as the increasingly
competitive environment.
The AICPA code of professional conduct consists of two sections. These are:
Section-1: Principles- is a goal oriented, positively stated discussion of the profession’s
responsibilities to the public, clients and fellow practitioners. It provides overall frame work for
the rules.

Section- 2: Rules- are enforceable applications of the principles. They define acceptable behavior
and identify sources of authority for performance standards.

Additional Interpretations-provide guidelines as to the scope and

guidance applications of rules to particular
issued by factual circumstances
AICPA Ethical Rulings-summarizes applications of rules and
interpretations to particular factual circumstances
The relation ships among the principles, Rules, interpretations and Ethical rulings is summarized
in the following figures
Fig 2.1: AICPA professional Ethics

Code of
Professional
Conduct
Principles-provide overall frame work for rules
Rules- govern performance of professional
additional services
guidance Interpretations-provide guidelines as to the
scope and application of rules

Ethics rulings-summarize application of rules

and interpretations to particular factual
13
circumstace
Section-I: Principles
These principles of AICPA express the profession’s recognition of its responsibilities to the
public to clients, and to colleges. They guide members in the performance of their professional
responsibilities and express the basic tents of the ethical and professional conduct. The principles
call for an unlimited commitment to honorable behavior, even at the sacrifice of personal
advantages. These principles are explained below article by article.

Article-I: Responsibilities

In carrying out their responsibilities as professionals, members should exercise sensitive

professional and moral judgments in all their activities.

Article-II: The public interest

Members should accept the obligation to act in a way that will serve the public interest,
honor the public trust and demonstrate commitment to professionalism

A distinguishing mark of a profession is acceptance of its responsibilities to the public. The

accounting profession’s public consists of clients, credit grantors, governments, employers,
investors, the business and financial community and others who rely on the objectivity and
integrity of certified public accountants to maintain the orderly functioning of their business.
The public interest is thus defined as the collective well being of the community of peoples and
institutions the profession serves. Those who rely on certified public accountants expect them to
discharge their responsibilities with integrity, objectivity, due professional, and a genuine interest
in serving the public i.e. they are expected to provide quality services, enter into fee
arrangements, and offer a range of services- all in a manner that demonstrates a level of
professionalism consistent with these principles of the code of professional conduct.

Article-III: Integrity
To maintain and broaden public confidence, members should perform all professional
responsibilities with the highest sense of integrity, i.e. a member shall be free of conflict of
interest, and /or not deliberately misrepresent facts or subordinate his/ her judgments to others.

Article-IV: Objectivity and independence

A member should maintain objectivity and be free of conflicts of interest in discharging
professional responsibilities. A member in public practice should be independent in fact and
appearance when providing auditing and other attestation services.

Article-V: Due professional care

A member should observe the professions technical and ethical standards, strive continually to
improve competence and the quality of services, and discharge professional responsibilities to
the best of the member’s ability.

Article-VI: Scope and Nature of services

A member in public practice should observe the scope and nature of services to be provided.

14
 Each of these principles should be considered by members in determining whether or not to
provide specific services in individual circumstances. As there is no hard- and-fast rules that can
be developed to help members reach these judgments, they must be sure whether they are
satisfied that they are meeting the spirit of the principles in this regards.
Section-II-Rules

Applicability-the bylaws of AICPA require that members adhere to the rules of the code of
professional conduct. Members must be prepared to justify departures from these rules.

Rule -101: Independence

A member in public practice shall be independent in the performance of professional services as
required by standards promulgated by bodies designated by council.
Interpretation 101-1 of the code contains examples of transactions, interests, and relationships
that result in lack of independency during the period covered by financial statements, during the
period of professional engagements, and / or at the time of expressing opinion. These
circumstances include the following:

1) If a member or member’s firm had or was committed to acquire any direct financial
interest such as investment in the client ( owning capital stock) and/ or acquire any
material indirect financial interest (direct and indirect financial interest)
2) If a member or member’s firm was a trustee of any trust or executor or administer of
any estate if such trust or estate, had or was committed to acquire any direct or
material indirect financial interest in the enterprise to be audited.
Independency of partners and staff requires partners (or stockholders), managerial
employees and all professional staff be free from any interest of the client enterprise.
Thus, not all employees of an audit firm are required to be independent.
3) If a member or member’s firm had any joint, closely held business investment with
the enterprise or with any officer, director, or principal stockholders thereof that was
material in relation to the member’s net worth, or to the net worth of the member’s
firm.
4) If a member or member’s firm had any loan to or from the enterprise or any officer,
director, or principal stockholders to the enterprise.
5) If a member or members firm was connected with the enterprise as promoter,
underwriter, or voting trustee, a director or officer or in any capacity equivalent to
that of a member of management or of an employee.
6) If a member or member’s firm was a trustee for any pension or profit-sharing trust of
the enterprise.

Lack of independency may also arise from financial interests that may result from past
employment relationship with the client, interest of a close relatives of an auditor such as her or
his spouse and dependents. Other situations that may impair independency of auditor are past
due fees, gifts from client, and client auditor or CPA litigation if any.

Two distinct ideas are involved in the concept of independency. These are:

15
 1) Independence in fact- A CPA (auditor) must in fact be independent of any enterprise for
which they provide attestation services i.e. an auditor must be able to maintain an
objective and impartial mental attitude throughout the engagement.
2) Independent in appearance- The relationship between the CPAs and their client must be
such that the auditor will appear independent to third party i.e. an auditor must be able to
maintain an objective and impartial mental attitude throughout the engagement.

NB. The independency rule does not apply to all services performed by public auditor(s).
Services in which the client is a major beneficiary such as management consultancy service, tax
services, accounting/compilation/ service and the like do not require independency.
The independency rule applies to auditing, and other attestation services such as review of
financial statements, examination of financial forecasts, performance of agreed up on procedures
and the like.
Independency - a matter of degree i.e. the concept of independency is not absolute; no
CPA/auditor/ can claim complete independence of a client. Rather, independence is relative i.e. a
matter of degree. Thus, CPAs must strive for the greatest degree of independence consistent with
this business environment.

Rule-102: Integrity and objectivity

In the performance of any professional service, a member shall maintain objectivity and
integrity, shall be free of conflicts of interest, and shall not knowingly misrepresent facts or
subordinate his/her professional judgments to others.
Interpretation 102-1 states that a CPA or auditor(s) will be found to have knowingly
misrepresented facts in violation of rule102, when he/she knowingly:
 Makes, or permits or directs another to make, materially incorrect entries in a client’s
financial statements or records.
 Fail to correct financial statements that are materially false or misleading when the
member has such authority.
 Signs or permits or directs another to sign, a documents containing materially false and
misleading information.

Rule-201: General standards

A member shall comply with the following standards and with any interpretations thereof by
bodies designated by council.
a) Professional competence- undertakes only those professional services that the member
or member’s firm can reasonably expect to be completed with professional competence.
b) Due professional care- Exercise due professional care in the performance of
professional services.
c) Planning and supervision- adequately plan and supervise the performance of
professional services.
d) Sufficient relevant data- Obtain sufficient relevant data to afford a reasonable basis for
conclusions or recommendations in relation to any professional services performed.

Rule-202: Compliance with standards

16
A member who performs auditing, review, compilation, management consultancy, tax return
preparation, or other professional services shall comply with standards promulgated by bodies
designated by council.

Rule-203: Accounting principles

A member shall not (1) express an opinion or state affirmatively that the financial statements or
other financial data of any entity are presented in conformity with GAAP or (2) state that he/she
is not aware of any material modification that should be made to such statements or data in
order for them be in conformity with GAAP, if such statements or data contain any departure
from accounting principles promulgated by bodies designated by council.
If however, the statements or data contain such departure and the members can demonstrate that
due to unusual circumstance, the financial statements or data would otherwise have been
misleading, the members can comply with the rule by describing the departure, its approximate
effects, if practicable; and the reasons why compliances with the principle would result in
misleading statements.

Rule-304: Confidential client information

A member in public practice shall not disclose any confidential client information without the
specific consent of the client.
This rule shall not be construed:
(1) To relieve a member of the member’s professional obligations under rule 202 and 203
presented above.
(2) To affect in any way the member’s obligation to comply with a validity issued and
enforceable subpoena or summons
(3) To prohibit review of a member’s professional practice under AICPA or state CPA
society authorization, or
(4) To preclude a member from initiating with or responding to any inquiry by a
recognized investigative or disciplinary bodies.
Thus, except for the above mentioned circumstances and other related interpretation,
members of a recognized investigative or disciplinary bodies and professional practice
reviewers shall not use to their own advantage or disclose any member’s confidential client
information that comes to their attention in carrying out their professional responsibilities.

Confidential vs. privileged communications-The communication between CPAs and their

clients are confidential, but not privileged. This is because; legally privileged
communications can not be required by a subpoena or court order. Thus, CPAs may be
compelled to disclose their communication with clients in certain types of court proceedings

Reporting illegal act – many countries have adopted laws that require members in a public
practice (auditors) to reports illegal acts committed by organizations when ever they come
across it if:
A) It has a material effect on the financial statements

17
 B) Senior management and the board directors have not taken appropriate remedial
action
C) The failure to take remedial action is reasonably expected to warrant a departure from
standards of audit report or a resignation by the auditors.
Under such circumstances, the auditor must as soon as possible communicate their
conclusion directly to the client’s board of directors or if that is not possible directly
communicate the matter to the appropriate authoritative bodies.

Rule-302: Contingent fees

A member in public practice shall not perform for an contingent fee any professional services
for, or receive such a fee from a client for whom the member or member’s firm performs services
such as:
(a) An audit or review of financial statements
(b) Compilation of financial information expected to be used by third party,
(c) An examination of prospective financial information or
(d) Prepare an original or amended tax return or claim for a tax refund.
A contingent fee is a fee established for the performance of any service pursuant, or an
arrangement in which no fee will be charged unless a specified finding or result is attained, or in
which the amount of the fee is otherwise dependent upon the finding or result of such services.

Rule-501: Acts Discreditable

A member shall not commit an act discreditable to the profession.
Rule-501 gives the AICPA the authority to discipline those members who act in a manner
damaging to the reputation of the profession. The three circumstances outlined in interpretation
101-1 presented above relating to misleading entries and financial statements are considered
discreditable acts
An interesting practices have been interpreted to be discreditable is failure to return client
records, may be when the auditors discharges their responsibilities and not been paid for their
services. To refuse to return a clients ledger or other records is clearly wrong but refusing to
return audit work papers needed by client is not constitutes acts discreditable, because, audit
work paper is the property of the auditors not the property of the client company.

Rule-502: Advertising and other forms of solicitation

A member in public practice shall not seek to obtain clients by advertising or other forms of
solicitations in a manner that is false, misleading, or deceptive. Solicitation by the use of
coercion, overreaching or harassing conduct is prohibited.

Rule-503: Commission and Referral fees

1) Prohibited commissions- a member in public practice shall not for a commission

recommend or refer to client any product or service, or for a commission recommend or
refer any product or service to be supplied by a client, or receive a commission, when the
member or the member’s firm also performs for that client, services such as auditing and

18
 review of financial statements, a compilations of financial statements and/ or
examination of financial statements.

2) Disclosure of permitted commissions and referral fees- a member of CPA or auditor who
receive/or paid a permitted commission and/or referral fees shall disclose such
acceptance or payments to the client.

Rule-505: Form of organization and Name

A member may practice public accounting in a form of organization permitted by law or
regulation whose characteristics conform to resolution of council.
A member shall not practice public accounting under a firm name that is misleading.

2-4: Legal liabilities and responsibilities of auditors

We live in an era of litigation in which persons with real or fancied grievances are likely to take
their complaints to curt. In this environment, investors and creditors who suffer financial
damages or reversals find CPAs, as well as attorneys and corporate directors, tempting targets for
lawsuits alleging malpractice.

Thus, CPAs must approach every engagement with the prospect that they may be required to
defend their work in court. Even if the court finds in favor of the CPAs, the costs of defending a
legal action can be very high. Moreover, lawsuits can be extremely damaging to a professional’s
reputation. In extreme cases, the CPA may even be held criminal for professional malpractice.
Thus, every member considering a career in public accounting should be aware of the legal
liability inherent in the practice of this profession and should conduct the audit with reasonable
skill and care. Though audit report is not a guarantee that the figures are free from error, the
auditor must conduct the audit that it stands a reasonable chance of discovering a material error
in the figure. It is difficult to determine what is meant by reasonable skill and care. The
auditors’ principal duties center around the report on the truth and fairness of the financial
statements. The auditors are not required to make any positive statement if they are satisfied
with the audit matters. They must, however state any reservations in the audit report. There is
always a possibility that someone will disagree with some of the assumptions upon which the
figures have been based. The auditors are also required to form an opinion on several matters ant
properly report them in their report.

Discussion of Auditors liabilities is best prefaced by a definition of some of the common

business law terms such as negligence, liability for gross negligence, liabilities for fraud, and
liabilities for constructive fraud.

Negligence- also referred to as ordinary or simple negligence is violation of a legal duty to

exercise a degree of care that an ordinary prudent person would exercise under similar
circumstances. For an auditor, negligence is failure to perform a duty in accordance with
applicable standards such as failure to exercise due professional care.

19
Gross Negligence- is the lack of even slight care, indicative of reckless disregards for one’s
professional responsibilities. Substantial failures on the part of an auditor to comply with GAAS
might be interpreted as gross negligence.

Fraud-is defined as misrepresentation by a person of a material fact, known by that person to be

untrue or made with reckless indifferences as to whether the fact is true with the intention of
deceiving the other party and with the result that the other party is injured.

Constructive fraud- differs from fraud as defined above in that constructive fraud does not
involve a misrepresentation with intent to deceive. Gross negligence on the part of an auditor as
been interpreted by the courts is constructive fraud.
Privity- is the relationship between parties to contract. A CPA firm is in privity with the client it
is serving, as well as with any third party beneficiary.

Breach of contract- is failure of one or both parties to a contract to perform in accordance with
the contacts provisions. E.g. Failure by auditors(s) to perform in accordance with contractual
specifications indicated in the engagement letter.

Proximate/immediate/ cause-exists when damage to another is directly attributable to a wrong

doer’s act. The issue of proximate cause may be raised as a defense in litigation cases. Even
though the CPA firm might have been negligent in rendering services, it will not be liable for the
plaintiff’s loss if its negligence was not the proximate cause of the said loss.

Contributory negligence-is negligence on the part of the plaintiff that has contributed to his or
her having incurred loss.
Comparative negligence- is a concept used by courts to allocate damages between negligent
parties based on the degree to which each party is at fault. The allocation of damages is also
referred to as proportionate liabilities.
The plaintiff-is the party claiming damages and bringing suit against the defendant.

A third party beneficiary- is a person or institution not a contracting party who is named in a
contract or intended by the contracting parties to have definite rights and benefits under the
contract
. E.g. If W-Thomas audit firm is engaged to audit the financial statements of Shell- Ethiopia and
if it is indicated in the contract that a copy of the audit report will be sent to Awash International
Bank as a support for a loan, then, the bank is a third-third party beneficiary under the
contractual agreement between W-Thomas Audit firm and Shell-Ethiopia company.

An engagement letter- is the written contract summarizing the contractual relationships between
the CPA and client. It typically specifies the nature and scope of professional services to be
rendered , expected completion date of the engagement, the amount of audit fees, responsibility
of auditors and responsibility of client/manager/ and other related matters.

An auditor holds position of great responsibility and has to perform a given duties, statutory or
otherwise, allotted to him. In performance of his duties, he has to exercise reasonable care and
skill. His client expects him to follow generally accepted auditing standards and he/she may be

20
 held liable in case he does not act with reasonable care and skill required from him in the
particular circumstances.

In other words, if his client suffers any loss due to his negligence or breach of trust or duty and,
the errors or frauds remain undetected, he would be held liable for the same and may be called
upon to pay the damages suffered by the client on account of his negligence or breach of duty.
The auditor may be penalized for failing to apply reasonable care and skill. This could take the
form of a disciplinary action by the professional body or civil or criminal proceedings.

Auditor’s liability can be classified as:

1. Auditor’s civil liability- An auditor is appointed to perform certain specific duties and in
performing his duties he must exercise reasonable care and skill to perform his duties for
which he is employed. If he acts negligently on account of which the client is made to suffer
loss, the auditor may be held liable and may be called upon to make good the damages,
which the client suffered due to this negligence. The auditor can be held liable if the
following conditions are satisfied.

i. There should be sufficient ground for holding him liable for negligence. A general charge
will not be enough and the specific matter in respect of which he failed must be indicated
ii. It must be proved that the client has suffered a loss on account of this negligence

The auditor cannot be held liable if there is loss to the client without his negligence or there has been
negligence of the auditor but it has not resulted into the loss to the client. At the same time, it must be
proved that the auditor has acted negligently, i.e. he did not exercise the reasonable care and skill in
the performance of his duties. What is reasonable care and skill should be determined on the basis of
the particular circumstances of the each case. It should be largely determined by a comparison with
the standard, which the members in this profession generally observe. It may be noted that the auditor
does not act as an insurer and does not guarantee the accuracy of the books of account

2. Auditor’s criminal liability: Criminal liability of an auditor arises because of offences

against the statutory provisions specifically laid down. In such cases, an auditor is liable not
only to the shareholders but also to the state. It may arise because of some criminal at on his
part or gross neglect of certain provisions of the statute. In case of criminal liability, an
auditor is punishable with fine or imprisonment or both as might be provided in the relevant
statute.

3. Auditor’s contractual liability: The contractual liability arises out of the contract entered
between the auditor and the client. This arises when there is no statute governing the rights or
duties of an auditor. Since there are no statutory provisions, the question of liability has to be
settled in accordance with the terms and conditions settled by the auditor with his client in
the agreement. Hence the agreement with the auditor has to be in written clearly specifying
the terms of duties, responsibilities and scope of the audit. The auditor will be liable if he
does not observe high standards of his profession and work honestly. Sometimes, the auditor
will be in a delicate situation because of the frauds or irregularities carried on by the client’s
21
 parents or close relatives. In such cases, he must not give way to emotions. He must honestly
and truthfully report the matter to his client in clear words without any hesitation, laying
aside all other considerations. If he does not do so, he fails in the performance of his duties
and may be held liable for the same.

Liabilities to clients fro audits often arise from a failure to uncover an embezzlement or
defalcation being performed against the client by client employees and also failure to provide
reasonable assurance of detecting misstatements due to errors and fraud that are material to
the financial statements.
In general, to establish auditors’ liabilities, a client must prove

a) Duty- that the auditor(s) or audit firm accepted a duty of care to exercise skill,
prudence, and diligence.
b) Breach of duty- that the auditor(s) or audit firm breached his/her/its duty of care
through negligent performance.
c) Loss-that the client suffered a loss.
d) Proximate-cause- that the loss is resulted from the auditor(s) negligent act or
performance
 Auditors Defense against client Suits-As defendants, auditors’ basic defense is ordinarily
that the audit was performed with reasonable care and that they were not negligent in the
performance of their duties. Alternatively, they, might attempt to prove that, regardless of
whether negligence was involved, such alleged negligence was not the proximate cause
of the client loss. Moreover, demonstrating contributory negligence by the client is one
means of showing that the auditors’ negligence was not the sole cause of the client’s loss.

4. Auditor’s third party liability- In addition to being sued by clients under common law,
auditors may be liable to third parties under common law. This is due the fact that the audited
financial statements are used be many people other than the client. These users of financial
statements may completely rely upon the audited statements and enter into transactions with
the company without any further enquiry. This are known as third parities which includes
individual and group society members such as potential stockholders/investors/, venders,
bankers, and other creditors, employers, employees, and customers, tax authorities and
others.
An audit firm may be liable to such third parities if a loss was incurred by the claimant due
to reliance on misleading financial statements. A typical suit might occur when a bank is
unable to collect a major loan from an insolvent customer. The bank may claim that the
misleading audited financial statements were relied on in making the loan and that the audit
firm should be held responsible because it failed to perform the audit with due care. Some
real world cases on liability of auditors to third parties are given below.

22
 Ultramares cooperation vs. Touché (1931)-Liability to third parties case

The creditors of an insolvent corporation (Ultramares) relied on the audited financials and subsequently
sued the auditors, alleging that they were guilty of negligence and fraudulent misrepresentation. The
accounts receivable had been falsified by adding to approximately $650,000 in accounts receivable
another item of over $700,000. The creditors alleged that careful investigation would have shown the
$700,000 to be fraudulent. The accounts payable contained similar discrepancies.

The court held that the auditors had been negligent but ruled that auditors woul not be liable to third
parities for honest blunders beyond the bounds of the original contact unless they were primary
beneficiaries. The court held that only one who enters into a contract with an auditor for services can sue

In this case, the court held that although the auditors were negligent, they were not liable to
the creditors because the creditors were not deemed to be primary beneficiaries. In this
context, a primary beneficiary is one about whom the auditors was informed before
conducting the audit ( a known third party). The key aspect of the Ultrmares case was that
the creditors lacked privity of contract with the auditors. This case established a precedent,
commonly called the Ultramers doctrine, that ordinary negligence is insufficient for liability
to third parties because of the lack of privity of contract between the third party and the
auditor unless the third party is a primary beneficiary. However, in a subsequent trial of the
Ultramares case, the court pointed out that had there been fraud or gross negligence on the
part of the auditors, the auditors could be held liable to more general third parties.

In recent years, many courts have broadened the Ultramares doctrine to allow recovery by
third parties in more circumstances than previously by introducing the concept of foreseen
users. Generally a foreseen user is a member of a limited class of users whom the auditors are
aware will rely on the financial statements. For example, a bank that has loans outstanding to
a client at the balance sheet date may be a foreseen user. Under this concept, a foreseen user
would be treated the same as known third party.

Although the concept of foreseen users may seen straightforward, its application is not and
has developed differently in different jurisdictions. At present, three approaches have
emerged: The credit Alliance approach, the Restatement of Torts approach, and the
Foreseeable Users approach

Credit Alliance approach- Credit Alliance vs Arthur Andersen Co. (1986), was a case in
New York in which a lender brought suit against the auditor of one of its borrowers, alleging
that it relied on the financial statements of the borrower, who was in default, in granting the
loan. The New York State Court of Appeals reversed t=a lower court’s decision that
prevented the defendant auditor from using absence of privity as a defense. In so doing, the
appellate court upheld the basic concept of privity established by Ultraares, and sated that to
be liable (1) an auditor must know and intend that his or her work product would be used by
the plaintiff third party for a specific purpose, and (2) the knowledge and intent must be
evidenced by the auditor’s conduct.

23
 Restatement of Tort approach- The approach followed by most states is to apply the rule cited
in the Restatement of Torts, an authoritative compendium of legal principles. The
Restatement rule is foreseen user must be members of a reasonably limited and identifiable
group of user that have relied on the auditor work, such as creditors, even though those
persons were not specifically known to the auditor at the time the work was done. A leading
case supporting the application of this rule is Rush Factors vs. Levin, presented in the
following table.

The plaintiff, a lender, asked the defendant auditor to audit the financial statements of a company
seeking a loan. The auditor issued an unqualified opinion on the financial statements, indicating that
the company was solvent when, in fact, it was insolvent. The plaintiff loaned the company money,
suffered a subsequent loss, and sued the auditors for recovery.

The auditor’sUsers-
Foreseeable defenseThe
in the case was
broadest based on the
interpretation absence
of the of third-party
right of privity on the part of Rusch
beneficiaries is toFactors.
The court
use the found of
concept in foreseeable
favor of thisusers.
plaintiff.
UnderAlthough the court
this concept, could that
any users havethefound in favor
auditor shouldof Rusch
Factors under Ultramars in that it was a primary beneficiary, it chose to rely
have reasonable been able to foresee as being likely users of financial statements have on the Restatment
the of
Torts, statingasthat
same rights thewith
those auditor should
privity be liable
of contract. for ordinary
These users are negligence
often calledinanaudit whereclass.
unlimited the financial
statements
Although aare relied on number
significant by actually foreseen
of states andfollowed
have limited classes of persons.
this approach in the past, there are
now only few countries that apply this approach.

 Auditors Defense against Third Party Suits- Three of the four defenses available to
auditors in suits by client are also available in third party lawsuits. Contributory negligence is
ordinarily not available because a third party is not in a position to contribute to misstated
financial statements. The preferred defense in third party suits is no negligent performance. If
the auditor performed the engagement in accordance with GAAS, the other defenses are
unnecessary.

2-5. Appointment, remuneration and removal of auditors

Appointment of auditors- in most cases the audit of business concerns other than corporate
entity is voluntary and not compulsory. But with regard to corporate entities, many countries have
set laws that make their audit mandatory. Therefore, provisions regarding appointment of
auditors, his/her qualification, powers, duties etc are governed. To assure independence, auditors
are appointed by the highest body and are solely responsible to this body who appoints them. In a
corporation such responsibility is given to the stockholders meetings or the board of directors at
the suggestion to the management, and it is to this body that the independent auditors submit his
audit report for approval. This is to avoid compromises; nowadays this function is one of the
functions given to audit committees. In principles, it is this body that should be responsible to
determine or negotiate the fee payable to independent auditors.

The primary objective of appointment of auditor(s) in a corporate entity is to safeguard the interest
of the absentee owner (shareholders) and investors as it is not possible for every shareholder or
investors to inspect the books of accounts of the company. Hence an auditor is a representative of
shareholders and work on their behalf. Company auditors may by appointed by board of directors,
shareholders, central government and /or by other special resolutions.

24
 Chapter-Three
Audit Evidence
3.1. Audit evidence
Audit evidence is the information obtained by the auditor in arriving at conclusions on which
their reports are based. During financial statement audits, the auditors gather and evaluate
evidence to form an opinion about whether the financial statements follows the appropriate
criteria, usually, generally accepted accounting principles. The auditors must gather sufficient
competent evidence to provide an adequate basis for their opinion on the financial statements.
The audit evidence is intended to assure the users of accounting information that the financial
statements are a credible source of information about the organization. The users may not accept
the auditor’s opinion on the truth and fairness of financial statements unless the auditor has
collected sufficient competent evidence about the material misstatements. Hence, the collection
of evidence lies in the heart of the audit.
3.2. The relationship of audit risk and audit evidence
Audit risk-refers to the possibility that the auditors may unknowingly fail to appropriately
modify their opinion on financial statements that are materially misstated. In other words, it is
the risk that the auditors will issue an unqualified opinion on financial statements that contain a
material departure from generally accepted accounting principles. Thus, the more sufficient and
competent the audit evidence obtained, the less will be the audit risk.
For each financial statement account, audit risk consists of the possibility that
(1) A material misstatement in an assertion about the account has occurred, and
(2) The auditors do not detect the misstatement.

The first risk, the risk of occurrence of a material misstatement, may be separated into two
components-inherent risk and control risk. The risk that auditors will not detect the
misstatement is called detection risk.
Inherent Risk- The possibility of a material misstatement of an assertion before considering the
client’s internal control is referred to as inherent risk. Factors that affect inherent risk related to
either the nature of the client and its industry or to the nature of the particular financial
statements account.
Inherent risk also varies by the nature of the account. For instance, if we consider two balance
sheet accounts-cash accounts and building account and if we assume that the balance of cash
account is only one tenth that of building account, this does not mean that the inherent risk
associated with cash account will also be one-tenth as much that of the building accounts. Rather,
the inherent risk associated with the cash account may be much more than one-tenth of the
inherent risk associated with the building accounts. This is due to susceptible nature of cash
account to error or theft than are building accounts.
Thus, auditors may spend much more time in auditing cash accounts than the assumed
proportion of their inherent risk.
Inherent risk also varies with the assertion about a particular account. As an example, valuation
of assets is often a more difficult assertion to audit than is existence of the assets.
The auditor use their knowledge of the clients industry and the nature of its operations, including
information obtained in prior years audits to assess inherent risk for the financial statement
assertions

25
Control risk- The risk that a material misstatement will not be prevented or detected on a timely
basis by the client’s internal control is referred to as control risk. This risk is entirely based on the
effectiveness of the client’s internal control.
To assess control risk, auditors consider the client’s control that affects the reliability of
financial reporting. Well designed controls that operate effectively increase the reliability of
accounting data.
To obtain an understanding of the client’s internal control and to determine whether it is designed
and operating effectively, the auditors use a combination of inquiry, inspection, observation, and
performance of audit procedures.
If the auditors find that the client has designed effective internal control for a particular account
and that the prescribed practice operate effectively in day-to-day operation, they will assess
control risk for the related assertions to be low, and there by accept a higher level of detection
risk, i.e. the more effective internal control is, the lesser will be the control risk and the higher
will be the detection risk. That is because, effective internal control leads to the use of low
substantive testing procedure by auditors which may in turn lead to high detection risk.
Detection risk-The risk that the auditors will fail to detect the misstatement with their audit
procedures is called detection risk. In other words, detection risk is the possibility that the
auditors’ procedures will lead them to conclude that material misstatement does not exist in an
account or assertion when in fact such misstatement does exist.
Detection risk is restricted by performing substantive tests. For each account, the scope of the
auditors’ substantive tests, including their nature, timing and extent determines the level of
detection risk.

The interrelationship between the three components of audit risk can be described as follows

Inherent Risk S Misstatement likely to occur

Risk of a in the client’s financial
material n statements
misstatements and d

Control risk Misstatements prevented or

detected by controls

Misstatements that bypass

The client’s controls.

Risk that Detection Misstatements that are

Auditors fail risk detected by the auditors’
to detect procedures
material
misstatement Misstatement undetected by the
Audit Risk auditors’ procedures

26
* The bag of sand in the figure represents inherent risk, the susceptibility of an account balance
to material misstatements.
* The sieves represent the ways by which the client and the auditors attempt to remove the
misstatements from the financial statements. The first sieve represents the client’s internal
control, and the risk that it fails to detect or prevent a misstatement is control risk. The auditors’
audit procedures are represented by the second sieve, and the risk that it will fail to detect a
misstatements is detection risk. The risk that the misstatement wills get through both sieve is
audit risk.
Measuring audit risk- In practice, the various components of audit risk are not typically
quantified. Instead, the auditors usually use qualitative categories, such as low risk, moderate
risk, and maximum risk. Statements of Auditing Standards (SAS-47), allows the use of either
quantified or non quantified approach. In any way, the relationships among audit risk, inherent
risk, control risk, and detection risk can be put generally as follows:

AR=IR×CR×DR , where, AR = Audit risk

IR = Inherent risk
CR = Control risk
DR= Detection risk

To illustrate how audit risk may be quantified, assume that auditors have assessed inherent risk
for a particular assertion at 50% and control risk at 40%. In addition, they have performed audit
procedures that they believe have a 20% risk of failing to detect a material misstatement in the
assertion. The audit risk for the assertion may be computed as follows:
AR = IR × CR × DR
= .50 × .40 × .20
=.04
Thus, the auditors face a 4% audit risk that a material misstatement has occurred and evaded
both the client’s controls and the auditors’ procedures.
It is important to realize that while auditors gather evidence to assess inherent risk and control
risk, they gather evidence to restrict detection risk to the appropriate level. Inherent risk and
control risk are a function of the client’s nature of internal control structure and its operation
environment. Regardless of how much evidence the auditors gather, they cannot change these
risks. Therefore, evidence gathered by the auditors is used to assess the levels of inherent and
control risks.

Detection risk on the other hand, is a function of the effectiveness of the audit procedures
performed. If the auditors wish to reduce the level of detection risk, they need to obtain
additional competent evidence. As a result, detection risk is the only risk that is completely a
function of the sufficiency of the procedures performed by the auditors.

3.3. Sufficient competent evidential matter

It is to be obtained through inspection, observation, inquires, and confirmation to afford a
reasonable basis for an opinion regarding the financial statements under audit.
Evidential matter is any information that corroborates or refutes an assertion. The evidential
matter supporting the assertions in a company’s financial statements consists of the underlying
accounting data and all corroborating information available to the auditors. The third fieldwork

27
standard states that sufficient competent evidential matter should be obtained to afford a
reasonable basis for an opinion regarding the financial statements under audit. So the evidence
obtained by the auditor should be
a. Sufficient
b. Competent

Sufficiency-the term sufficient relates to the quantity of evidence the auditor should obtain. The
amount of evidential matter that is considered sufficient to support the auditors’ opinion is a
matter of professional judgment. The considerations that should be followed in evaluating the
sufficiency of audit evidence are
1. The amount of evidence that is sufficient in a specific situation varies inversely with the
competence of the evidences that are available. The more competent the evidence matter is,
the less the amount of evidence needed to support the auditor’s opinion
2. The need for the evidential matter is closely related to the concept of materiality. The more
the need for the materiality the more the evidence is required
3. The risk that the material misstatements in the financial statements may vary from
engagement to engagement and it depends on the factors such as the financial condition of
the client, the line of business, the internal control structure, the integrity of the management
etc.
Competency -the competency of the evidential matter refers the quality of the evidence which
depends on its relevance and its validity. For the evidence to be relevant, it must apply/related/ to
the audit objective being tested. The validity of the evidence refers to its credibility or
believability which depends on the circumstances in which it is obtained.
The factors that generally affect the validity of the evidential matter are:
 The source from where the evidence is obtained i.e. whether external or internal
 The effectiveness of the internal control system of the client company
 The collection procedure of the evidence i.e. whether the evidence is obtained directly or
indirectly
 The types of evidence i.e. whether they are documents or written representations or oral
evidence
The competence of the evidential matter is increased when the auditors are able to obtain
additional information to support the original evidence. Thus, several pieces of related evidence
may form a package of evidence that has greater competence than do any of the pieces viewed
individually

Methods of obtaining audit evidence

Auditing procedures-are steps of actions taken in the process of gathering audit evidence to
verify or accomplish specific task or audit objective. Auditors use a variety of audit procedures
to obtain corroborating information. Some of the common types of audit procedures are as
follows:
 Physical examination: it means to view physical evidence of asset. For example, the
auditors might physically examine plant, equipment, or inventory items to obtain
evidence as to their existence or condition.
 Confirmation: it is the process of obtaining and evaluating a response from a debtor,
creditor or other parties in reply to a request for information about a particular item
affecting the financial statements.

28
  Comparison: it is the process of agreeing or contrasting two different sources of
information. Auditors often use comparison to test information at various stages of
processing within the accounting system.
 Tracing: it is the process of establishing the completeness of transaction processing by
following a transaction forward through the accounting records i.e. from the source
document to the recorded transaction.
 Vouching: it is the process of establishing the occurrence or valuation of recorded
transactions by following transaction back to supporting document from a subsequent
processing step
 Reperformance: is the process of repeating a client activity. For example the auditors may
recalculate the depreciation or reperform the bank reconciliation statement.
Reperformance may include:
1. Footing is the process of proving the totals of a vertical column of figures
2. Cross-footing is the proves of proving the totals of horizontal row
3. Extending is the process of recomputing by multiplication.
 Observation: it is the process of viewing a client activity. For example, the auditors may
observe the application of internal control procedures such as the client’s inventory taking
procedures.
 Inspection: it involves a reading or point-by-point review of a document or record. For
example the auditor may inspect the loan agreement document.
 Reconciliations: it is used to establish agreement between two sets of independently
maintained by related records. For example, the cash in bank in the ledger account is
reconciled with the bank statement.
 Inquiries: these are the questions directed towards the appropriate client personnel. The
response to the questions may be written or oral. The term inquiry is also sometimes used
to refer to the technique of questioning parties outside the organization.
 Analytical procedures: they are the evaluations of financial information made by a study
of expected relationships among financial and nonfinancial data. For example, the auditor
may analyze the financial ratios of the current year with the ratios of the previous years.

3.4. Types of audit evidences

The major types of audit evidences gathered by the auditor during audit are the following:
1. Physical evidence: Actual physical examination or observation provides the best evidence of
the existence of certain assets. The existence of the property may be established through
physical examination. For example, the existence of plant assets, inventory, cash etc can be
verified by the physical examination. It might seem that physical examination of an asset
would be conclusive verification of all assertions relating to that asset. It may not be always
true. Physical verification gives evidence of the existence of the asset to the auditor
2. Documentary evidence: Another types of evidence relied upon by the auditor is the
documents. The worth of the documentary evidence depends on whether the documents are
created within the company (sales invoices) or it came from outside the company (vendors
invoice). Some times the documents created within the organization are sent outside for
endorsement and processing and these documents are regarded as very reliable evidence. In
accepting the reliability of the documentary evidence, the auditor should consider whether
the document is of a type that could easily be forged or created in its entirety by a dishonest
employee. The documentary evidence is classified into three categories and they are

29
 a. Documents created outside the organization and transmitted directly to the auditor- the
most reliable documentary evidence consists of documents created by independent
parties outside the organization and transmitted directly to the auditors without passing
through the client’s hands. For example, the verification of accounts receivable
b. Documents created outside the organization and held by the organization-many of the
externally created documents referred to by the auditors will be in the possession of
organization. For example, bank statements, vendor’s invoices and statements, property
tax bills notes receivables etc.
c. Documents created and held within the organization- most documents created within
the organization represent a lower quality of evidence because they circulate only
within the company and do not receive critical review by an outsider. For example, the
sales invoices, shipping notices, purchase orders etc. The degree of reliance to be
placed on documents created and used only within the organization depends on the
effectiveness of the internal control. If the accounting procedures are so designed that
another person must critically review a document prepared by one person and if all
documents are serially numbered and all numbers in the series accounted for, these
documents may represent reasonably good evidence. Adequate internal control will also
provide for extensive segregation of duties so that no one handles a transaction from
beginning to end.
3. Accounting records as evidence: the dependability of ledgers and journals as evidence is
indicated by the extent of internal control covering their preparation. An auditor will attempt
to verify an amount in the financial statements by tracing it back through the accounting
records. They will ordinarily carry this process through the ledgers to the journals and vouch
the item to such basic documentary evidence. To some extent, the ledger and journals
constitute worthwhile evidence in themselves to the auditors
4. Evidence from the analytical procedures: analytical procedures involve evaluations of the
financial statements by a study of relationships among financial and nonfinancial data. The
process of analytical procedures consists of four steps
a. Develop an expectation of an account balance
b. Determine the amount of difference from the expectation that can be accepted without
investigation
c. Compare the account balances with the expected account balance
d. Investigate the significant deviations from the expected account balance
Techniques used in performing analytical procedures range from complex models
involving many relationships and data from many years. For example, comparison of
revenue and expense amounts for the current year to those of the previous years and to
the industries average.
5. Evidence from computations: to prove the arithmetical accuracy of the client’s records, the
auditor make computations independently as another form of audit evidence. Computations
verify the mathematical processes and used to prove the calculation of the client.
6. Evidence provided by the specialists: since the auditors may not be experts in all the fields
of business of the client, he may get the services of the experts in performing highly technical
tasks such as valuation of inventory, or making the actuarial computations to verify liabilities
for postretirement benefits. The expert should be independent person. If the auditor feels that
the expert is not an independent person, he may perform additional procedures or engage
another specialist.

30
7. Oral evidence: during the examination of records, the auditor may ask many questions to the
officers and the employees of the organization on the endless topics ranging from the
location of records and documents, the reasons underlying an unusual accounting procedures,
the probabilities of collecting a long past due accounting receivables etc. The answers the
auditor receives to the questions constitute another type of evidence.
8. Evidence from client representation letters: The auditor should get a representation letter
from the client summarizing the most important oral representations made during the
engagement. These letters are dated as the last day of the fieldwork and usually signed by the
chief executive officer and chief finance officer. Most of the representations fall into the
following categories
1. All accounting records, financial data and minutes of the directors meetings have
been made available to the auditors
2. The financial statements are complete and prepared in conformity with the generally
accepted accounting principles
3. All items requiring disclosure have been properly disclosed
3.5. Evidences about accounting estimates
The auditor must be very careful in considering financial statement accounts that are affected by
estimates made by the management, particularly those for which a wide range of accounting
methods are considered acceptable. For example, the estimates of obsolete inventory, allowances
for loan losses, estimates of warranty liabilities etc. though the making of estimates are the
responsibility of the management, the auditor should determine that
a. All necessary estimates have been developed
b. The accounting estimates are reasonable and
c. The accounting estimates are properly accounted for and disclosed

3.6. Evidence for related party transactions

Related parties refer to the client entity and any other party with which the client may deal where
one party has the ability to influence the other to the extent that one party to the transaction may
not pursue its own separate interests. Examples of related parties are officers, directors, principal
owners, members of the immediate families, affiliated companies, subsidiary companies etc. A
related party transaction is a transaction between the company and these parties. The primary
concern for the auditor is that significant materials of related party transactions are adequately
disclosed in the client’s financial statement or the related notes. Disclosure of related party
transactions should include the nature of the relationship, the description of the transactions etc.

31
 Chapter-Four
Audit planning process
There are several purposes of the planning procedures discussed in this section. A major purpose
is to provide information to aid the auditor in assessing acceptable audit risk and inherent risk.
These assessments will affect the auditor’s client acceptance or continuation decision, the
proposed audit fee, and the auditor’s evidence. A second purpose is to obtain information that
requires follow-up during the audit. Doing so is one step in obtaining sufficient competent
evidences. Examples include identifying approvals in the minutes such items as dividends and
officer’s salaries, and searching for the names of related parties to help the auditor determine
whether related party transactions exists. Others, purposes includes staffing the engagement and
obtain and engagement letter.

Generally, planning is very important:

a) To enable the auditors to obtain sufficient competent evidence for the
circumstances
b) To keep audit costs reasonable
c) To avoided misunderstandings with the client.

Obtaining sufficient competent evidence is essential if the audit firm is to minimize legal liability
and maintain a good reputation in the business community. Keeping costs reasonable helps the
audit firm remains competitive and thereby retains or expand its client base, assuming the firm
has a reputation for doing high-quality work.

Avoiding misunderstandings with the client is important for good client relations and for
facilitating high-quality work at reasonable costs. For example, suppose that the auditor informs
the client that the audit will be completed before June-30 but is unable to finish it until August
because of inadequate scheduling of staff. The client is likely to be upset with the audit firm and
may even sue for breach of contract.

4.1. Client acceptance procedure

I. Obtaining clients-As a starting point, it is essential for an auditor or auditors/audit firms/

to maintain its integrity, objectivity, and reputation for providing high-quality services.
No auditor can afford to be regularly associated with clients who are engaging in
management fraud or other misleading practices. The continuing wave of litigation
involving auditor underscores the need for audit firms to develop quality control policies
for thoroughly investigating prospective clients before accepting an engagement. The
auditor should investigate the history of prospective client, including such matters as the
identities and reputations of the directors, officers and major stockholders, financial
strength and credit rating of a prospective client to help assess the overall risk associated
with particular business (business risk).

In addition to considering business risk the auditors should consider:

- Whether they can complete the audit in accordance with generally accepted auditing
standards

32
 - Whether there are any conditions that would prevent them from performing an
independent audit of the client.
- Whether the partners and staff have appropriate training and experience to competently
complete the engagement.

III. Submitting a proposal- To obtain the audit, the auditors may be asked to submit a
competitive proposal that will include information on the nature of services that the firm
offers, the qualifications of the firm’s personnel, anticipated fees, and other information
to convince the prospective client to select the firm.
IV. Communication with audit committees- Arrangements for the audit may be made
through contact with the company’s audit committee (if any). An audit committee must
be composed of at least three independent directors. During the course of the audit the
discussions with the audit committee members will focus on:
- Weakness in internal control
- Proposed audit adjustments
- Disagreement with management as to accounting principles
- The quality of accounting principles used by the company
- Indications of management fraud other illegal acts by corporate officer.

V. Fee Arrangements-when the business engages in the services of independent public

accountants, it will usually ask for an estimate of the cost of the audit. Staff time is the
basic unit of measurements for audit fees. It involves the application of the audit firm’s
daily or hourly rates to the estimated time required. Other direct costs such as staff travel
costs, report processing costs and other out-of-pocket expenditures are also included in
the cost of audit.

VI. Communication with predecessor auditors – According to Statement of Auditing

Standards (SAS-84) “Communication between predecessor and successor Auditors”
requires the successor auditors to communicate with the predecessor before accepting an
engagement. When predecessor auditor is permitted by the client company to
communicate (When there is the consent of client’s to give confidential information), the
successor auditors’ inquiries may include questions about:

- Disagreement with management over accounting principles

- The predecessor’s understanding of the reasons for the change in auditors
- On the nature of client’s internal control structure
- Other matters that will assist the successor auditors in deciding whether to accept the
engagement

VII. Engagement Letters- The auditors should establish an understanding with the client
regarding the services to be performed, the objectives of the engagement, management’s
responsibilities, auditor’s responsibilities, scope and/or limitations of the engagements
and other related issues.

33
4.2. Phases of audit planning

The following presents the seven major parts of audit planning. Each of the fist six parts is
intended to help the auditor develop the last part, and effective and efficient overall audit pan and
audit program.
Before beginning the discussion of the first four parts of the planning phase, it is useful to briefly
introduce two risk terms: acceptable audit risk and inherent risk. These two risks have a
significant effect on the conduct and cost of audits. Much of early planning on audit deals with
obtaining information to help auditor assess these risks.

Acceptable audit risk-is a measure of how willing the auditor is to accept that the financial
statements may be materially misstated after the audit is completed and an unqualified opinion
has been issued. When the auditor decides on a lower acceptable audit risk, it means that the
auditor wants to be more certain that the financial statements are not materially misstated. Zero
risk would be certainty, and a 100 percent risk would be complete uncertainness.

Inherent risk-is a measure of the auditor’s assessment of the likelihood that there are material
misstatements in an account balance before considering the effectiveness of internal control. If
for example, the auditor concludes that there is a high likelihood of material misstatements in an
account such as accounts receivable, the auditor would conclude that inherent risk for accounts
receivable is high.
When the auditor concludes that there is a high inherent risk for an account or a class of
transactions, the same three potential effects are appropriate as for he lower acceptable audit risk.
However, it is easier and more common to implement increased evidence accumulation for
inherent risk than it is for acceptable audit risk because inherent risk can usually be isolated to
one or two accounts. For example, if inherent risk is high only for accounts receivable, the
auditor can restrict the evidence expansion to the audit of accounts receivable
When the auditor decides that a lower acceptable audit risk on an audit is appropriate, there are
three potential actions, where all three, two or just one can be done, depending on the auditor’s
judgments.
a) More evidence is required to increase audit assurance that there are no material
misstatements; it is difficult to implement increased evidence accumulation because
acceptable audit risk applies to the entire audit. It is expensive and often impractical to
increase evidence in every part of an audit
b) The engagement may require more experienced staff. Audit firms should staff all
engagements with qualified staff, but for low acceptable audit risk client’s special care is
appropriate in staffing.
c) The engagement will be reviewed more carefully than usual. Audit firm need to be sure that
the working papers that document the auditors planning, evidence accumulation and
conclusion, and other matters in the audit are adequately reviewed. When acceptable audit
risk is low, there is often more extensive review, including a review by personnel who were
not assigned to the engagement.

4.2.1. Preplan the audit-It involves three things, all of which should be done early in audit. First,
the auditor decides whether to accept a new client or continue serving an existing one. This is
typically done by an experienced auditor who is in a position to make important decisions. The
auditor wants to make that decision early, before incurring any significant costs that can not be
34
recovered. Second, the auditor identifies why the client wants or need an audit. This information
is likely to affect the remaining part of the planning process. Thirdly, the auditor obtains an
understanding with the client about the terms of the engagements to avoid misunderstandings
and staff the engagements.

4.2.2. Obtain background information- An extensive understanding of the client’s business and
industry and knowledge about the company’s operations are essential for doing an adequate
audit. Most of this information is obtained at the client’s premises, especially for a new client.

a) Obtain knowledge about the client’s industry and business-There are three primary reasons for
obtaining a good understanding of the client’s industry. First, many industries have unique
accounting requirements that he auditor must understand to evaluate whether the client’s
financial statements are in accordance with generally accepted accounting principles. For
example, if an auditor is doing an audit of a city, the auditor must understand governmental
accounting and auditing requirements. There are also unique accounting requirements for
construction companies, rail road’s, non for profit organizations, financial institutions, and many
other organizations.
Second, the auditor can often identify risks in the industry that may affect the auditor’s
assessments of accepting audit risk, or even whether auditing companies in the industry is
advisable. As stated earlier, certain industries are more risky than others, such as the savings and
loan and health insurance industries.

Thirdly, there are inherent risks that are typically common to all clients in certain industries.
Understanding those risk aids the auditor in identifying the client’s inherent risks. Examples,
include potential inventory obsolescence inherent risk in the fashion clothes industry, accounts
receivable inherent risk in the consumer loan industry, and reserve for loss inherent risk and
causality insurance industry

Knowledge of the client’s industry can be obtained in different ways. These include discussions
with the auditor who was responsible for the engagement in previous years and auditors currently
on similar engagements, as well as conferences with the client’s personnel. Knowledge about the
client’s business that differentiates it from other companies in its industry is also needed. That
knowledge will help the auditors more effectively assess acceptable audit risk and inherent risk
and will be useful in designing analytical programs.

b) Tour the client plant and offices-A tour of the client’s facilities is helpful in obtaining
understanding of the client’s business and operations because it provides opportunity to observe
operations firsthand and to meet key personnel. The actual viewing of the physical facilities aids
in understanding physical safeguards over assets and in interpreting accounting data by providing
a frame of reference in which to visualize such assets as inventory in process and factory
equipment. Knowledge of the physical layout also facilities getting answers to questions later in
the audit. The tour may also help the auditors identify inherent risks. For example, if the auditor
observe unusual inventory, it will affect the assessment of inherent risks for equipment and
inventory. Discussion with non accounting employees during the tour and throughout the audit is
useful in maintaining a board perspective.

35
c) Identify related parties-Transactions with related parties are important to auditors because
generally accepted accounting principles require that they be disclosed in the financial statements
if they are material. Transactions with a related party are not arm’s length transactions.
Therefore, there is a risk that they were not valued at the same amount as they would have been
if the transactions had been with an independent third party. The disclosure requirements include
the nature of the related party relationships; a description of transactions, including dollar
amounts; and amounts due from and to related parties. Most auditor assess inherent risk as high
for related parties and related party transactions, both because of the accounting disclosure
requirements and the lack of independent between the parties involved in the transactions.

A related party is defined in SAS-45 as an affiliated company, a principal owner of the client
company, or any other party with which the client deals where one of the parties can influence
the management or operating policies of the other. A related party transaction is any transaction
between the client and a related party. Common examples include sales or purchase transactions
between a parent company and subsidiary, exchange of equipment between two companies
owned by the same person, and loans to officers. A less common example is the exercise of
significant management influence on an audit client by its most important customers.
Because material related party transactions must be disclosed, it is important that all related
parties be identified and included in the permanent files early in the engagement. Finding
undisclosed related party transactions is thereby enhanced. Common way of identifying related
parties include inquiry of management, review of SEC filings, and examinations of stockholder’s
listings to identify principal stockholders.

d) Evaluate need for outside specialists-when the auditor encounters situations requiring
specialized knowledge, it may be necessary to consult a specialist. SAS-73 establishes the
requirement for selecting specialists and reviewing their work. Examples include using a
diamond expert in evaluating the replacement cost of diamonds and an actuary for determining
the appropriateness of the recorded value of insurance loss reserves. Another common use of
specialist is consulting with attorneys on the legal interpretations of contracts and titles. In the
case of a large inventory of computer and computer parts, the audit firm may deicide to engage a
specialist if no one within the firm is qualified to evaluate whether the inventor is obsolete or not.

The auditor should have a sufficient understanding of the client’s business to recognize the need
for a specialist. The auditor should also evaluate the specialist’s professional qualifications and
understand the objectives and scope of the specialist’s work. The auditor should also consider the
specialists relationship with the client, including circumstances that might impair the specialist’s
objectivity.

4.2.4. Perform preliminary analytical procedures- Auditors are required to perform analytical
procedures while planning the audit to assist in determining the nature, timing, and extent of
auditing procedures. Analytical procedures performed during the planning phases enhance the
auditor’s understanding of the client’s business and events occurring since the prior year’s audit.
Planning analytical procedures also help the auditors identify areas that may represent specific
risks of material misstatements warranting further attention.

Analytical procedures used in planning are often based on aggregate, companywide data. For
some clients, reviewing changes in account balances on the trial balance may be sufficient for

36
 planning purposes. Along with comparative industry information, auditors might consider key
financial ratios such as efficiency ratio, return on assets, liquidity ratio, inventory and accounts
receivable turn over ratios and other similar rations. The collectability of accounts receivable and
inventory obsolescence may also receive additional attention of the auditor.

4.2.5. Set materiality and assess acceptable audit risk and inherent risk - The scope paragraph
in auditors’ reports includes two important phrases that are directly related to materiality and
risk. These phrases are emphasized in bold italic print in the following two sentences of a
standard scope paragraph.

We conducted our audits in accordance with generally accepted auditing standards. Those
standards require that we plan and perform the audit to obtain reasonable assurance about whether
the financial statements are free of material statements.

The phrase obtained reasonable assurance is intended to inform users that auditors do not guarantee
or ensure the fair presentation of the financial statements. The phrase communicate that there is
some risk that the financial statements are not fairly stated even when the opinion is unqualified.

The phrase free of material misstatement is intended to inform users that the auditor’s responsibility
is limited to material financial information. Materiality is important because it is impractical for
auditors to provide assurance on immaterial amounts.

Thus, materiality and risk are fundamental concepts that are important to planning the audit and
designing the audit approach. Materiality is a major consideration in determining the appropriate
audit report to issue.

FASB has defined materiality as:

The magnitude of an omission or misstatements of accounting information that, in the light of

surrounding circumstances, makes it probable that the judgment of a reasonable person relying on
the information would have been changed or influenced by the omission or misstatement.
The auditor’s responsibility is to determine whether financial statements are materially misstated. If
the auditor determines that there is a material misstatement, he or she will bring it to the client’s
attention so that there is a material misstatement, he or she will bring it to the client’s attention so
that a correction can be made. If the client refuses to correct the statements, a qualified or an
adverse opinion must be issued, depending on how material the misstatement is. Therefore, auditors
must have a thorough knowledge of the application of materiality.

A careful reading of the FASB definition reveals the difficulty that auditors have in applying
materiality in practice. The definition emphasizes reasonable users who rely on the statements to
make decisions. Therefore, auditors must have knowledge of the likely users of their client’s
statements and the decisions that are being made. For example, if an auditor knows that financial
statements will be relied on in a buy- sell agreement for the entire business, the amount that the
auditor’s material may be smaller than for an otherwise similar audit. In practice, the auditors may
not know who all users are or what decisions will be made.

37
4.2.6. Understand internal control and assess control risk-To effectively assess internal control for
the purpose of reducing planned audit evidence, auditors need to understand key internal control
and control risk concepts. As discussed in previous chapter, a system of internal control consists of
policies and procedures designed to provide managements with reasonable assurance that the
company achieves its objective and goals. These policies and procedures are often called control
especially those controls related to the reliability of financial reporting , are important to the
auditors purpose.

4.2.7: Develop over all audit plan and audit program-It deals the last step in the planning phase of
audit. It is critical step because it results in the entire audit program the auditors’ plans to follow in
the audit, including all audit procedures, sample size, items to select, and timing. It is the process of
making correct decisions in both the effectiveness of evidences and the efficiency of the audit
process.

The audit planning process is documented in the audit working paper through the preparation of
audit plans, time, budgets and audit programs. An audit plan is an overview of the engagement,
outlining the nature and characteristics of the client’s business operations and the overall audit
strategy. Although audit plans differ in form and content among public accounting firms, a typical
plan includes details on the following.

1) Description of the client company-its structure, business and organization

2) Objective of the audit (e.g. audit for stockholders, special purpose audit, SEC filing some
other purpose.
3) Nature and extent of other services, such as preparation of tax returns and other services
that might be performed for the client.
4) Timing and scheduling of the audit work, including determining which procedures may
be performed before the balance sheet date, what must be done on or after the balance
sheet date and setting dates for such critical procedures as cash counts, accounts
receivables confirmations, and inventory observation.
5) Work to be done by the client’s staff
6) Staffing requirements during the engagements
7) Target dates for completing major segments of the engagements, such as the
consideration of internal control, tax returns verifications, the audit report, and
presentation of the report to share holders, or to SEC other authoritative bodies.
8) Any special audit risks for the engagement
9) Preliminary judgment about materiality level for the engagement and
10) Other related issues
NB. The audit plan is normally drafted before starting field work. However, the plan may be
modified throughout the engagement as special problems are encountered and as the auditors’
consideration of internal control leads to identification of areas requiring more or less audit
work.

4.3. Audit program

An audit program is a detailed list of the audit procedures to be performed in the course of the
audit. A tentative audit program is developed as part of the advance planning of an audit. This

38
tentative program however requires frequent modification as the audit progresses. For example,
the nature, timing, and extent of substantive test procedures are influenced by the auditor’s
assessment of control risk. Thus, not until the consideration of internal control has been
completed can a relatively final version of the audit program be drafted. Even this version may
require modification if the auditors revises their preliminary estimates of materiality or risk for
the engagements tests disclose unexpected problems.

An audit program is designed to accomplish audit objectives with each major account of the
financial statements. These objectives follow directly from management assertions that are
contained in the client’s financial statements.

These management assertion are:

1. Existence or occurrence
2. Completeness
3. Right and obligation
4. Valuation or allocation
5. Presentation and disclosure

From these assertions, general objectives may be developed for each major type of balance sheet
accounts including assets, liabilities, and owners’ equity and other financial statements items
such as revenue, expense and the like.

Relationship between financial statements, management assertions and the various audit
concepts is given by the following diagram.

Financial statements
(Follow GAAP)

-Existence or occurrence
Management -Right and obligations
Assertions -Completeness
-Valuations/allocation
-Presentations and disclosure

Audit objectives Designed based on

Management assertions

Audit procedures
Audit program is detailed
List of auditing procedures

Audit Evidence
Summarized in audit
Working papers

Audit report on
financial statements
39
Explanation on general audit program objectives
A) Existence of assets-The first step in substantiating the balance of an asset account is to
verify the existence of the asset.
-Existence of cash on hand, marketable securities, and inventories can be verified by physical
observation or inspection, and by vouching from the recorded entry to the documents created
upon their acquisitions.
- Assets under the custody of others, such as cash in bank and inventory on consignment, can be
verified by directing confirmation with the appropriate outside party.
- Existence of Accounts receivables can be verified by confirmation with customers
-Existence of intangible assets can be verified by gathering evidence on whether costs are
incurred for probable future benefits

B) Rights to the assets-usually, the same procedures that verify existence also establish the
company’s rights to the asset. For example, confirming cash balance in bank account
establishes existence of the cash and company’s ownership right to that cash. Similarly,
inspecting marketable securities verify both existence and ownership because the registered
owner’s name usually appears on the face of the security certificate.
For other assets such as plant and equipment, physical examination establishes existence but
not ownership. Thus, the auditors need to inspect documentary evidence such as property tax
bills, purchase documents and other legal ownership documents such as deeds.
C) Establishing completeness –Effective internal control provides assurance that acquisitions
are recorded and helps the auditors to establish the completeness of recorded assets. When there
is ineffective internal control system, auditors need to increase the scope of their substantive
testing to prove the completeness of assets (i.e. whether all the assets that have been acquired are
recorded in accounting records or not). For this, auditors may follow different approaches such
as:
- Tracing or cross checking source documents created upon acquisition of assets with
entries made to record assets in the accounting records. E.g. tracing shipping documents
with details to record sales transaction for account receivables.
- Observation and physical examination to test completeness of recorded physical assets
such as inventory (whether counted or included in inventory), whether purchase of
equipment is properly recoded and so on.

Verifying the cutoff of transaction- As a part of the auditors’ procedure for establishing
completeness as well as existence of recorded assets, the auditors verify the client’s cutoff
transactions included in the period. The financial statements should reflect all transactions
occurring through the end of the period and none that occur subsequently. The term cutoff refers
to the process of determining that transactions occurring near the balance sheet date are assigned
to the proper accounting period.
To verify the client’s cutoff of transactions, the auditors should review transactions recorded
shortly before and after the balance sheet date to ascertain that these transactions are assigned to
the proper period.
D) Valuation of assets-The auditors should establish or test whether

(i) The proper accounting method such as Generally Accepted Accounting

Principles (GAAP) and some other appropriate standard is followed.

40
 (ii) The method of valuation used is appropriate for the circumstance at hand.
(iii) Perform procedures to test the accuracy of the client application of the method
of valuation to the assets.

E.g. -Many assets are valued at cost. Therefore, a common audit procedure is to vouch the
acquisition cost of assets to paid checks and other documentary evidence.
-If the acquisition cost is subject to depreciation or amortization, the auditors must evaluate the
reasonableness of the cost allocation program and verify the computation of the remaining
unallocated cost.
- For assets valued at market value or at lower of cost or market, investigation of current market
prices is necessary.

E). Clerical Accuracy of records- The amount appearing as an asset on a financial statement is
almost always the accumulation of many smaller items. For example, the amount of inventory on
financial statements might consist of the cost of thousands or, perhaps, hundreds of thousands of
individual products.
The auditors must test the clerical accuracy of the underlying records to determine that they
accumulate to the total appearing in the general ledger and therefore the amount in the financial
statements by applying generalized audit programs and/or other appropriate means.
F). Financial statement presentation and disclosure-Even after the dollar amounts have been
substantiated, the auditors must perform procedures to ensure that the financial statements
presentation conforms to the requirements of authoritative accounting pronouncements and the
general principles of adequate disclosure. Procedures that may be performed by auditors for such
case may include:
- view of subsequent events
- Search for related party transactions
- Investigation of loss contingencies
- Review of disclosure of such items as accounting policies, lease, compensating balances,
and pledged assets
- Consideration of the categories and descriptions used on all of the financial statements.

An illustration of audit program design-The above general objectives apply to all types of assets.
Audit procedures for a particular asset account must be designed to accomplish the specific audit
objectives regarding that asset. These specific objectives vary with the nature of the asset and the
generally accepted accounting principles that govern its valuation and presentation.

In designing an audit program for a specific account, the auditors start by developing general
objectives from the financial statement assertions. Then specific objectives are developed for the
account under audit and, finally audit procedures are designed to accomplish each specific audit
objectives.
- In actual practice, audit program must be tailored to each client’s business environment and
internal control. The audit procedure comprising audit programs may vary substantially from one
engagement to the next.

The organization of audit program usually is divided into two major sections. The first section
deals with the procedures to assess the effectiveness of the client’s internal control (the “systems

41
portions”), and the second deals with the substantive testing of financial statements amounts, a
well as the adequacy of financial statements disclosure.

Test of the system or internal control of the audit program (systems-portion) - the systems
portion of the audit program is generally organized around the major transactions cycle of the
client’s accounting system. For example, the systems portion of the audit program for
manufacturing company might be subdivided into separate programs for such areas as (1)
revenue/sales and collections/cycle, (2) acquisition /purchase and disbursements/cycle, (3)
conversion /production/cycle, (4) payroll cycle, (5) investing cycle, and (6) financing cycle.

To illustrate one of these transaction cycles, let us consider sales and collection. The activities
used in processing sales transactions might include- receiving a customer’s purchase order, credit
approval, and shipment of merchandise, preparation of sales invoice/billing /, recording revenue
and accounts receivables, and handling and recording cash receipts.

Audit procedures in the system portion of the program typically include obtaining an
understanding of the controls for each transaction cycles, preparation of flowchart for each cycle,
testing the significant controls, and assessing control risk for the related financial statement
assertions.

The substantive test portion of the program-the portion of audit program aimed at
substantiating financial statement amounts usually is organized in terms of major balance sheet
accounts, such as cash, accounts receives, inventories, and plant and equipment. Even though the
present day auditors are very much concerned with the reliability of the income statements, they
still find the balance sheet approach to be an effective method of organizing their substantive
audit procedures. One advantage of the balance sheet approach is that highly, competent
evidence generally is available to substantiate assets and liabilities. Assets usually, are subject to
direct verification by such procedures as physical examination, inspection of externally created
documentary evidences, and confirmation by outside parties.
Liabilities usually can be verified by examination of externally created documents, confirmation,
and inspection of canceled checks after the liability has been paid.

Since revenue and expenses have no tangible form, they exist only as entries (double entry; one
to recognize revenues and expenses and the other to record corresponding changes in asset or
liability account) in the client’s accounting records, representing changes in owner’s equity.
Consequently, the best evidence supporting the existence of revenues or expenses usually is the
verifiable changes in the related asset or liabilities

The relationship between test of controls and substantive tests – Test of controls provide
auditors with evidence as to whether prescribed controls are in use and operating effectively. The
result of these tests assists the auditors in evaluating the likelihood of material misstatements
having occurred. Substantive tests on other hand are designed to detect material misstatements if
they exist in the financial statements. The amount of substantive testing done by the auditors is
greatly influenced by their assessment of the likelihood that material misstatements exist. The
stronger the internal control is, the less will be the likelihood of material misstatements which in
turn will lead to less degree of substantive testing and vice-versa.

42
 Time budgets for audit engagements-a time budget for an audit is constructed by estimating
the time required for each step in the audit program for each of the various levels of auditors and
totaling these estimated amounts. A detailed time budgets can assist auditors in estimating the
audit fees and other functions as communicating with audit staff about those areas the manager
or partner believe are critical and require more time, and to measure the efficiency of staff
members.

Analytical review procedures-The direction of audit test procedures can be performed by tracing
information:
i) Back ward from financial statements to ledgers to journal and finally, vouching them to the
original source documents such as invoices and receiving reports. By doing so, the auditors
may identify journal entries that are not supported and possibly are not valid. This procedure
provides evidences that financial statements figures are based upon valid transactions. It is
tests of the existence assertions.
ii) Forward from source documents to the journals, ledgers and financial statements. This
approach provides the auditor with assurance that all transactions have been properly
interpreted and processed. It is a test of the completeness assertion. Un supported transactions
can not be found.

Finish Test for existence (avoids overstatements) Start

Accounting system

Journ Ledger
Source
Source als s Financial
Docume
Source
ntsDocume Statemen
ntsDocume t
nt
Test for completeness (avoids understatements)
Start Finish

NB. Although, the techniques of working the audit trail in such a way are a useful one, auditors must
acquire evidence from sources other than the clients accounting records.

43
 Chapter-Five
Internal control systems

Our consideration of internal control in this chapter has three major objectives: first, to explain
the meaning and significance of internal control; second, to discuss the major components of a
client’s internal control structure; and third, to show how auditors go about obtaining and
understanding of internal control to meet the requirements of the second standard of field work.
No attempt is made in this chapter to present in detail the internal control procedures applicable
to particular kinds of assets or liabilities or to particular types of transactions.

5.1. Definition of internal control

Differences of opinion have long existed about the meaning and objectives of internal control.
Many people interpret the term internal control as the steps taken by a business to prevent fraud-
both employee fraud and fraudulent financial reporting. Others, while acknowledging the
importance of internal control for fraud prevention, believe that internal control has an equal role
in assuring control over manufacturing and other processes.

The system of internal control is the plan of the organization and all the methods and procedures
adopted by the management of an entity to assist in achieving management’s objective of
ensuring, as far as practicable, the orderly and efficient conduct of its business.
In other words internal control is defined as a process, effected by the entity’s board of directors,
management, and other personnel, designed to provide reasonable assurance regarding the
achievement of objectives in the following categories:
 Effectiveness and efficiency of operations
 Reliability of financial reporting
 Compliance with applicable laws and regulations

It includes the methods by which top management delegates authority and assigns responsibility
fro such functions as selling, purchasing, accounting, and production. Internal control also
includes the program for preparing, verifying and distributing to various levels of management
those current reports and analyses that enable executives to maintain control over the variety of
activities and functions that are used by a large organization.

Although internal control is broadly defined, not all of the internal control structure polices and
procedures are relevant to a given engagement at hand i.e. they may vary depending on the type,
nature and scope of engagement, areas of concern and so on. Generally the internal control
structure policies and procedures that are relevant to an audit are those that pertain to the
reliability of financial reporting. That is, those that affects the preparation of financial
information for external reporting purpose. However, other policies and procedures may be
relevant if they affect the reliability of data that the auditors use to apply auditing procedures.
For example, controls applicable to non financial data that the auditors use in performing
analytical procedures (e.g. production statistics) may be relevant to an audit. The internal control
structure policies and procedures designed to safeguard assets against loss from errors and
irregularities are ordinarily relevant to audit.

44
Objectives of internal control systems

The responsibility for establishing an internal control system is that of the management of an
enterprise and the objectives of internal control system are determined by the management
keeping in view its specific requirements, which in turn, depend on the nature of business,
volume of operations etc. The following are the objectives of internal control system:
a. Adherence to the policies and procedures laid down by the management i.e. proper
authorization of transactions and activities.
b. Safeguarding the assets of the enterprise i.e. access to assets and records is
authorized and recorded assets are compared with existing assets at reasonable
intervals and appropriate action is taken with respect to any difference.
c. Prevention and detection of fraud and error
d. Accuracy and completeness of records i.e. all transactions are recorded correctly
and as necessary to permit the preparation of reliable financial statements and
maintain accountability for assets (timely and accurate recording of transactions in
the correct period)
e. Timely presentation of reliable financial and other information

Purpose of internal control

To aid management in information, protection and control.

To protect assets from theft, loss, damage, spoilage wastage etc…
To prevent errors and frauds in advance before they occur
To assure accuracy and dependability of personnel and financial operation
To monitor operating efficiency
To monitor adherence to prescribed policy and procedures
To provide evidence of responsibility.

Essential elements of sound internal control

 Adequate and competent personnel

 Separation of custodianship, operations and record keeping
 Proof of work done (documentary evidence)
 Adequate and appropriate physical protections of assets and records
 Assurance of mechanical accuracy
 Assurance of efficiency and effectiveness

Specific internal control procedures include:

 Reporting, reviewing and approving reconciliations

 Checking the arithmetical accuracy of the records
 Controlling applications and the environment of computer information.
 Maintaining and reviewing control accounts and trial balances
 Approval and control of documents
 Comparing internal data with external sources of information

45
  Comparing the results of cash, security and inventory counts with accounting
records
 Limiting direct physical access to assets and records
 Comparing and analyzing the financial results with budgeted amounts and so on.

5.2. Types of internal control

An internal control system has a wide coverage that extends beyond those matters, which relate
directly to the functions of the accounting system and from this angle, the internal control system
can be divided into two categories.
 Accounting controls
 Administrative controls

1) Accounting controls-Those controls which are related to the accounting system is known
as the accounting controls and has the following objectives:
a. Transactions are executed in accordance with the management’s authorization, i.e.
in accordance with the laid down policies and procedures
b. Transactions are promptly recorded in a proper manner and the purpose is to
facilitate the timely preparation and communication of reliable financial
information.
c. Accountability for assets is maintained and assets are safeguarded from
unauthorized access, use or disposal.
To achieve the objectives of internal control system, it is necessary to establish adequate policies
and procedures. While the specific control policies and procedures depend on the nature of the
transactions, manner of information processing and similar factors, most of these policies and
procedures generally fall into the following categories
1. Segregation and rotation of duties
2. Authorization of transactions
3. Maintenance of adequate records and documents
4. Accountability for and safeguarding of assets
5. Independent checks on performance

2) Administrative controls-It comprises of internal controls other than accounting controls.

The maintenance of records giving details of customers contacted by the salesmen is the
example of administrative control. Another example of an administrative control is the
system of a periodic review, by specially designated authorities, of the adequacy of the action
taken on the customer’s complaints.

Means of achieving Internal Control- For purposes of financial audits, the policies and
procedures used by an entity to achieve internal control are referred to as the entity’s internal
control structure. Internal control structure vary significantly from one organization to the next,
depending on such factors as the size, nature of operations, and objectives of the organization for
which the structure was designed. Yet certain features are essential to satisfactory internal control
in almost any large organization. The internal control structures of all organizations include five
components. These are:

46
 1. The control environment
2. Risk assessment
3. The accounting information and communication system
4. Control activities; and
5. Monitoring

5.3. Control environment

The control environment sets the tone of an organization by influencing the control
consciousness of the people. It is viewed as the foundation for the other components of internal
control. The following are the major control environment factors

5.3.1. Integrity and Ethical values-the effectiveness and efficiency of the internal control
structure depends directly upon the integrity and ethical values of the personnel who are
responsible for creating, administrating, and monitoring that structure. Management should
establish behavioral and ethical standards that discourage employees from engaging in activities
that would be considered dishonest, unethical or illegal. The standards must be communicated by
appropriate means and also remove and reduce the temptations and incentives to engage in such
behavior.

5.3.2. Commitment to competence-the employees employed must be competent enough to

perform the assigned tasks. They must posses the skills and knowledge essential for the
performing the jobs and also in applying the internal control policies and procedures. The
employees appointed should have adequate education and experience and also should provide
adequate training and supervision.

5.3.3. Board of Directors or Audit Committee-the effectiveness of the Board of Directors or

Audit Committee will significantly influence the control environment. The extent of its
independence from the management, the experience and stature of its members, the extent to
which it raises and pursue the difficult questions with the management and its interaction with
the internal and external auditors will improve the effectiveness of the internal control system.
The independence of the Board of Directors or the Audit Committee enables it to be effective at
overseeing the quality of the organization’s financial reports, and act as a deterrent to
management override of internal controls and to management fraud.

5.3.4. Management’s philosophy-management philosophies will differ towards financial

reporting and towards taking business risks. Some may be very aggressive in financial reporting
and may be willing to take great risks, while others may be conservative and risk adverse. The
differing attitudes and styles may have an impact on the overall reliability of the financial
statements. The internal control in an informal organization will be implemented by face to face
contact with employees and in formal organization, it will establish written policies, performance
reports, and exception reports to control its various activities.
5.3.5. Organizational structure-another factor affecting the control environment is the
organizational structure. A well-designed organizational structure provides a basis for planning,
directing, and controlling operations. It divides authority, responsibilities and duties among
members of the organization by dealing with such issues as centralized versus decentralized

47
decision-making and appropriate segregation of duties among the various departments. When the
management decision-making is centralized and dominated by one individual, that the
individual’s moral character is extremely important to the auditors. When decentralized style is
used, procedures to monitor the decision making of the many managers involved become equally
important.

5.3.6. Human resource polices and procedures-the effectiveness of the internal control is
affected by the nature and characteristics of the people working in the organization. The
management’s policies and practice pf hiring, training, evaluating, promoting and compensating
employees have a significant effect on the effectiveness of the control environment. Effective
human resource policies often can reduce or sometimes remove other weaknesses in the control
environment.

5.3.7. Assignment of Authority and responsibility- The employees in the organization should
have a clear understanding of their responsibilities and rules and regulations that govern their
actions. To enhance the control environment, the management should develop employee job
descriptions and should define clearly the authority and responsibility within the organization.
Policies should be established describing appropriate business practices, knowledge and
experience of the key personnel and the use of resources.

5.4. Risk assessment

The second component of internal control is the risk assessment. The management should
carefully consider the factors that affect the risk of an organization. The risks affecting the
preparation of financial statements in accordance with the generally accepted accounting
principles (GAAP) should be considered in the financial reporting objective. The factors that
affect the increased financial reporting risks are the following:
 Changes in the organization’s regulatory or operating environment
 Changes in personnel
 Implementation of a new or modified information system
 Rapid growth of the organization
 Changes in technology affecting production process or information system
 Introduction of new lines of business, products or process
The scope of management’s risk assessment is more comprehensive and it considers all factors
affect the organization. But the auditors are concerned with the levels of inherent risk and control
risk that affect the organization’s ability to produce financial statements that are in accordance
with the generally accepted accounting principles.

5.5. Control activities

The policies and procedures that help the management to carry out the directives are known as
the control activities. These policies and procedures will help the management to ensure that the
actions are taken to address the risks that affect the organization. The following are the control
activities that are relevant to an audit of the organizations financial statements:
 Performance reviews
 Information processing
 Physical controls

48
  Segregation of duties
5.5.1. Performance review- these controls include reviews of actual performance as compared to
budgets, forecasts, and prior period performance: relating different sets of data to one another;
and performing overall review of performance. Performance review provides management with
an overall indication whether personnel at various levels are effectively pursuing the objectives
of the organization. By investigating the reasons for unexpected performance, management may
make timely changes in strategies and plans, or take other appropriate corrective actions.
5.5.2. Information processing-the control activities are performed to check the accuracy,
completeness, and authorization of transactions and information processing control is one of
them. The information processing control has two broad categories and they are:
 General control: which apply to all information processing activities and
 Application control: which apply only to single application
For example, general controls include those that restrict access to the entire accounting
information system. To understand the nature of application controls, consider the controls over
payroll, that help to ensure that (1) only authorized payroll transactions are processed, and (2)
authorized payroll transactions are processed completely and accurately.
An important aspect of information processing controls is the proper authorization of all types of
transactions. Authorization of transaction may be either general or specific. General
authorization occurs when management establishes criteria for acceptance of a certain type of
transaction. For example, top management may establish general price lists and credit policies
f0or new customers. Transaction with customers that meet these criteria can then be approved by
the credit department. Specific authorization occurs when transaction are authorized on an
individual basis. For example, top management may consider individually and specifically
authorize any sales transaction in excess of a specified amount, say $100,000.
Another control over information processing is a system of well, designed forms and documents.
In the case of a credit sales transaction, the accounting department receives copies of internal
documents prepared by the sales, credit, and shipping departments to properly record the
transaction.

5.5.3. Physical controls- These control activities include the physical security over both records
and other assets. Safeguarding of records may include maintaining control at all times over un
issued renumbered documents, as well as other journals and ledgers, and restricting access to
computer programs and data files.
Only individuals who are authorized should be allowed access to the company’s assets. Direct
physical access to assets may be controlled through the use of safes, locks, fences, and guards.
Improper indirect access to assets, generally accomplished by falsifying financial records, must
also be prevented. This may be accompanied by safeguarding the financial records, as described
above.
Periodic comparisons should be made between accounting records and the physical assets on
hand. Investigation as to the cause of any discrepancies will uncover weakness either in
procedures for safeguarding assets or in maintaining the related accounting and records. Without
these comparisons waste, loss, or theft of the related assets may go undetected.

5.5.4. Segregation of duties- a fundamental concept of internal control is that no one department
or person should handle all aspects of a transaction from beginning to end. In similar manner, no
one individual should perform more than one of the functions of authorizing transactions,

49
recording transactions, and maintaining custody over assets. Also, to the extent possible,
individuals executing the specific transaction should be segregated from these functions. The
goal is to reduce the opportunities for any one person to be in a position to both perpetrate and
conceal errors or irregularities in the normal course to his or her duties.
A credit sale transaction may be used to illustrate appropriate authorization and segregation
procedures. Top management may have generally authorized the sale of merchandise at specified
credit terms to customers who meet certain requirements. The credit department may approve the
sales transactions by ascertaining that the extension of credit and terms of sale are in compliance
with company policies. Once the sale is approved, the shipping department executes the
transaction by obtaining custody of the merchandise from the inventory stores department and
shipping it to the customer. The accounting department uses copies of the documentation created
by the sales, credit, and shipping departments as a basis for recording the transaction and billing
the customer. With this segregation of duties, no one department or individual can initiate and
execute an unauthorized transaction.

5.6. Monitoring
Monitoring is a process that assesses the quality of the internal control structure over time and it
is the last component of internal control. The monitoring of the internal control structure is
important to determine whether it is operating as intended and whether any modifications are
necessary. Monitoring can be achieved by
a. Ongoing monitoring activities include regularly performed supervisory and management
activities such as continuous monitoring of customer complaints or reviewing the
reasonableness of the management reports.
b. Separate evaluations are monitoring activities that are performed on a non-routing basis,
such as periodic audits by the internal auditors. Internal auditors investigate and appraise
the internal control structure and the efficiency with which the various units of the
organization are performing their assigned functions, and report their findings and
recommendations to the top management.

The internal audit function- An important aspect of the organization’s monitoring system is the
internal audit function. Internal auditors investigate and appraise the internal control structure
and the efficiency with which the various units of the organization are performing their assigned
functions, and report their findings and recommendations to top management. As representatives
of top management, the internal auditors are interested in determining whether each branch or
department has a clear understanding of its assignment, is adequately staffed, maintains, good
records, properly safeguards cash, inventories, and other assets, and cooperates harmoniously
with other departments.

Limitations of internal control- Internal control can do much to protect against both errors and
irregularities and ensure the reliability of accounting data. Still, it is important to recognize the
existence of inherent limitations in any internal control structure.
- Internal control is not simple; it could be complex as it involves divisions of functions and
allocation of responsibilities into many different people and units involving greater paper work
leading to excessive control. This way, many people in fact think of more control but not better
control. More control brings bottle neck, therefore, inefficiency not efficiency, and delays and

50
loss in productivity. Thus there is control risk that must be assumed to balance between risk and
safeguards to be implemented. Internal control can only provide reasonable assurance not
complete reliance to be placed.
- Mistakes may be made in the performance of internal control policies and procedures as a result
of misunderstanding of instructions, mistakes of judgment, carelessness, distraction, or fatigue.
- The internal control adopted by a business also is limited by cost considerations. It entails
increased personnel and /or sophisticated techniques of control. Thus, cost- benefit analysis must
be made to see if the costs of control can justify the benefits to be derived. In this regard, internal
controls may be more viable to implement in large organizations rather than in small ones.

5.7. Auditors consideration and evaluation of internal control

A sufficient understanding of the internal control structure is to e obtained by the auditors to

plan the audit and to determine the nature, timing and extent of the tests to be performed.

The auditors’ understanding of their clients’ internal control provides a basis both to
(1) Plan the audit, and (2) assess control risk.

In planning an audit it is essential that the auditors have a sufficient understanding of the client’s
internal control structure. This encompasses both an understanding of the design of the policies,
procedures, and records, and knowledge of whether they have been placed in operation by the
client. It is difficult to imagine designing tests of financial statement balances without an
understanding of the internal control structure. For example, auditors who do not understand the
client’s policies and procedures for executing and recording credit sale would have a difficult
time substantiating the balances of accounts receivable and sales.
The auditors’ consideration of the internal control structure also provides a basis for their
assessment of control risk- the risk that material misstatements will not be prevented or detected
by the client’s internal control structure. If the auditor determine that the client’s internal control
is effective, they will assess control risk to be low. They can then accept a higher level of
detection risk, and substantive testing can be decreased. Conversely, if internal controls are
weak, control risk is high and the auditors must increase the scope of their substantive tests to
limit the level of detection risk. Therefore, the auditors’ understanding of internal control is a
major factor in determining the nature, timing, and extent of substantive testing necessary to
verify the financial statements assertions.

Obtaining understanding of the internal control structure – In every audit the auditors must
obtain an understanding of the internal control structure sufficient to plan the audit. This
understanding should include knowledge about the design of relevant internal control policies
and procedures and whether they have been placed in operation by the entity. In planning the
audit, that knowledge is used to:

1) Identify types of potential misstatements

2) Consider factors that affect the risk of material misstatements
3) Design substantive tests.
In making a judgment about the necessary understanding of the internal control structure, the
auditors consider knowledge related to the above three factors that has been obtained through
other sources, such as previous audits and their understanding of the industry in which the client
51
operates. They also consider their assessment of inherent risk, judgments about materiality, and
the nature of the entity’s operations. In any case, the auditors’ understanding of the internal
control structure must encompass issues such as:
- The control environment
- Risk assessment
- The accounting information and communication system,
- Control activities and,
- Monitoring

Sources of information about internal control-Auditors obtain information about internal

control:
- By holding inquiry with appropriate client personnel
- By inspecting various entity documents and records, organizational charts, job
descriptions etc
- By observing control activities and operations as they are performed
- From prior period (s) audit work papers (in case of repeated engagements)
- By reviewing reports, working papers, and audit programs of the client’s
internal auditing staff.
- Through some other means

The auditors’ understanding of the internal control structure encompasses not only the design of
the policies and procedures, but also whether they have been placed in operation. The term
placed in operation means that policy or procedure actually exists and is in use; that is, it does
not just exist in theory or on paper.
While obtaining an understanding of internal control, the auditors may also obtain evidence
about the operating effectiveness of various controls. Operating effectiveness deal with:
 How a control is applied,
 The consistency with which it is applied, and
 Who applies the control

The distinction between knowing that a control has been placed in operation and obtaining
evidence on its operating effectiveness is important.
To properly plan the audit, auditors are required to determine that the major controls have been
placed in operation. However, if the auditors wish to assess control risk at a level lower than the
maximum, they must have evidence of the operating effectiveness of the controls. This evidence
is obtained by performing tests of controls.

Documentation of the understanding of the internal control structure-As the independent

auditors obtaining a working knowledge of the internal control structure to pan the audit, they
must document the information in their working papers. The form and extent of this
documentation is affected by the size and complexity of the client, as well as the nature of the
client’s internal control structure. The documentation usually takes the form of internal control
questionnaires, written narratives, or flowcharts.
Walk-Through Test-After describing internal control in their working papers, the auditors will
generally verify that the system has been placed in operation by performing a walk-through of
each transaction cycle. The term walk-through refers to tracing several transactions (perhaps only
one or two) through each step in the cycle. The term transaction cycle refer to the policies ant the
52
sequence of procedures for processing a particular type of transaction. For example, the
accounting system in a manufacturing business might be subdivided into the following major
transaction cycles:

 Revenue ( or sales and collections) cycle-including procedures and policies for

obtaining orders from customers, approving credit, shipping merchandize,
preparing sales invoices (billing), recording revenue and accounts receivable, and
handling and recording cash receipts.
 Acquisition ( or purchases and disbursements ) cycle- including procedures and
policies for initiating purchased of inventory, other assets, and services; placing
purchase orders, inspecting goods upon receipt, and preparing receiving reports;
recording liabilities to vendors; authorizing payments; and making and recording
cash disbursements.
 Conversion (Transaction) cycle-including procedures and policies for storing
materials, placing materials into production, assigning production cost of
inventories, and accounting for the cost of goods sold.
 Payroll cycle-including procedures and polices for hiring, terminating, and
determining pay rates; timekeeping; computing gross payroll, payroll taxes, and
amounts withheld from gross pay; maintaining payroll records and preparing and
distributing paychecks.
 Financing cycle-including procedures and policies for authorizing, executing, and
recording transactions involving bank loans, leases, bonds payable, and capital
stock.
 Investing cycle-including procedures and polices for authorizing, executing, and
recording transactions involving investments in fixed assets and securities.
Assess control Risk-Assessing control risk involves evaluating the effectiveness of a client’s
internal control policies and procedures in preventing or detecting material misstatements in the
financial statements. The auditors asses control risk in terms of the management’s assertions in
the financial statement such as existence /occurrence/, completeness, rights and obligations;
valuation or allocation; and presentation and disclosure. The auditors’ assessment of control risk
is an iterative process that is reined as the auditors obtain more and more evidence about the
effectiveness of various internal controls polices and procedures. It may be summarized as the
following steps:
(1) Determine the planned assessed level of control risk,
(2) Design and perform additional test of controls
(3) Reassess control risk and modify planned substantive tests
(4) Document the assessed level of control risk

Audit program modification-modification of audit program for various levels of control risk
should be made with having in mind the consideration that should be given to other factors such
as levels of materiality and inherent risk.

Consideration of the work of internal auditors -Many of the procedures performed by internal
auditors are similar in nature to those employed by independent auditors. SAS No. 65 “The
auditor’s consideration of the Internal Audit Function in an Audit of Financial Statements.”
Because, the internal function is an important aspect of the client’s monitoring system, the

53
independent auditors consider the existence and quality of the function in their assessment of the
client’s internal control structure. Through its contribution to internal control, the work of the
internal auditors may reduce the amount of audit testing performed by the independent auditors
given that it is relevant to the engagement at hand.
In addition to reducing the extent of the independent auditors’ substantive procedures, the
internal auditors’ work may affect the independent auditors’ procedures when obtaining an
understanding of the client’s internal control structure and assessing risk

Communication of control structure related matters – establishing and maintaining an effective

internal control structure is an important responsibilities of management. However, the auditors
may provide assistance by communicating significant deficiencies in the internal control
structure identified by their procedures, along with the auditors’ recommendations for corrective
action. This is a service in addition to issuance of the audit report. Auditors may communicate on
those significant deficiencies orally to audit committee, to management or to some body with
equivalent responsibilities. They often communicate operational suggestions and less significant
weaknesses in a greater detail to management in a report called a management letter.

Internal control in small companies – The preceding discussion of internal control and its
consideration by the independent auditors has been presented in the terms of large corporations.
In the large company concern excellent internal control may be achieved by extensive
segregation of duties so that no one person handles transactions completely from beginning to
end. In the case very small concern, with only one or two office employees, there is little or no
opportunity for division of duties and responsibilities. Consequently, internal control tends to be
weak, if not completely absent, unless the owner/manager recognize the importance of internal
control and participate in key activities. Because of the absence of strong internal control in
small concerns, the independent auditors must rely much more on substantive tests of account
balances and transactions than is required in large organizations.

54
 Chapter seven
Audit working papers
7.1. Working papers
Working papers are the connecting link between the client’s accounting records and the auditors’
report. They document all of the work performed by the auditors and provide the justification for
the auditors’ report. Information such as audit contact entered to, audit plans, audit programmers
and data gathered , description of work performed , documents received, peoples interviewed,
items traced and reconciled , events and incidents encountered , evidences gathered , schedules,
experts and photocopies of financial statements and accounts, references comments and
observations noted --- etc, are documented in auditors work papers. The sufficient, competent
evidential matter required by the third standard of field work must be clearly documented in the
auditors work papers.

7.2. Functions of audit work papers

Audit working papers assist auditors in several major ways such as the following.
Assigning and coordination the audit work: The audit work may be conveniently delegated by
assigning different auditors responsibility for completing different working papers. In case of
joint audit, the work done by different auditors can be coordinated through the working papers

Supervising and reviewing the work of the assistants: The audit assistants complete audit
working papers and the seniors, supervising the audit work, can review it. If the senior finds any
shortcoming, the senior can write review notes to the assistants describing additional procedures
to be performed or how the working papers should be revised. The review of working papers by
seniors will help to ensure that the work of audit staff is carefully reviewed and supervised.

Support for the report: the working papers must contain adequate evidence and documentation
to convince the auditors’ engagement. This will help the auditors to arrive at appropriate opinion
on the client’s financial statements. The auditors want some evidence to support their reports and
audit working papers can rely on the evidence contained in the working papers

Compliance with the three standards of fieldwork: the auditors may find themselves liable for
the losses sustained by the users of the financial statements if the audit was not conducted in
accordance with generally accepted auditing standards. The working papers are the principal
means by which auditors can demonstrate their compliance with the standards of fieldwork.

Planning and conduction the next audit: The audit working papers from the previous audit of
the particular client provide valuable information that is useful in planning and conducting the
next audit. The working papers from the previous audit may be used as a starting point for
designing current year working papers. Before using the previous year’s working papers, the
auditor should determine that the design is still appropriate and should try to improve it.

In addition, working papers provides information useful in rendering additional professional

services, such as preparing income tax returns, making recommendations for improving internal
control, and providing consulting services

55
Ownership of the audit work papers-Audit working papers are the property of the auditors and
not of the client. At no time does the client have the right to demand access to the auditor’s
working papers. After the audit, the auditors retain the working papers. Clients may sometimes
find it helpful to refer to information from the auditor’s working papers from prior years.
Auditors usually are willing to provide this information, but their working papers should not be
regarded as a substitute for the clients own accounting records.

Confidential nature of working papers- to conduct a satisfactory audit, the auditors must be
given unrestricted access to all information about the client’s business. Much of this information
is confidential, such as the profit margin on individual products, tentative plans for business
combinations with other companies, and the salaries of officers and key employees and other
similar issues.
Much of the information gained in confidential way by the auditors is recorded in their working
papers’ consequently; the working papers are confidential in nature. Thus, they must be
safeguarded at all times. Safeguarding working papers usually means keeping them locked in a
file cabinet or an audit case during lunch and after working hours.

7.3. Types of audit work papers

There are numerous types of working papers as the audit working papers document a variety of
information gathered by the auditors. The general categories into which most working papers
may be grouped are

1. Audit Administrative Working Papers: auditing is a sophisticated activity requiring planning,

supervision, control and coordination. The working papers designed to aid the auditors in the
planning and administration of the engagement are called as administrative working papers
2. Working Trial Balance: It is the schedule listing the balances of the accounts in the general
ledger for the current and previous year and also providing columns for the auditors’
proposed adjustments and reclassifications and for the final amounts that will appear in the
financial statements
3. Lead Schedules: these are also called as the grouping sheets or summary schedules and are
set up to combine similar general ledger accounts. The totals will be appearing on the
working trial balance as a single amount.
4. Adjusting Journal Entries and Reclassification Entries: To correct material errors or
irregularities discovered in the financial statements and accounting records, the auditors draft
adjusting journal entries.
5. Supporting Schedules: Auditors use this term to describe a listing of the elements or details
comprising the balance in an asset or liability account at a specific date.
6. Analysis of Ledger Accounts: An analysis of a ledger account is another common type of
audit working paper. The purpose of an analysis is to show on one paper all changes in an
asset, liability, equity, revenue, or expense account during the period covered by the audit.
7. Reconciliations: is the relationship between amounts obtained from different sources.
Reconciliations provide evidence as to the accuracy of one or both of the amounts and are
important to the audit of many accounts including cash, accounts receivable, and inventories.

56
8. Computational working papers: The auditors approach to verifying certain types of accounts
and other figures is to make an independent computation and compare their results with the
amounts shown by the client’s record.
9. Corroborating Documents: Auditing is not limited to the examination of financial records,
and working papers are not confined to schedules and analyses. During the course of an
audit, the auditor gathers much purely expository material to substantiate their report.

7.4. Organization of audit work papers

The auditors usually maintain two files of working papers for each client:
1. Current files for every completed audit and
2. A permanent file of relatively unchanging data.

The Current files: - The auditor’s report for a particular year is supported by the working
papers contained in the current files. Many CPA firms have found it useful to organize the
current files around the arrangement of the accounts in the client’s financial statement. Each
working paper in a file is assigned an index number, and information is tied together through
a system of cross-referencing.

The Permanent File: - The permanent file serves three purposes

a) To refresh the auditor’s memories on items applicable over a period of many years
b) To provide for new staff members a quick summery of the policies and organization of
the client and
c) To preserve working papers on items that show relatively few or no changes, thus
eliminating the necessity for their preparation year after year.

7.5. Examination of general records

In the different stages of audit; the independent auditor must become familiar with the many
aspects of the business of the client. The internal activities of the client are not in itself sufficient.
If the information is to be interpreted and evaluated in a proper perspective, the auditor must also
understand the business environment in which the client operates. The auditors can gain
considerable information about both the client’s business environment and internal operations by
examining the client’s general records. The term general records is used to include the following
categories:
1. Non-financial records
(a) Articles of incorporation and by-laws
(b) Partnership contracts
(c) Minutes of directors and shareholders meetings,
(d) Contracts with suppliers and customers.
(e) Contracts with employees
(f) Government regulations effecting the business
(g) Correspondence files

2. Financial Records
(a) Income Tax returns of previous years
57
 (b) Financial statements and annual reports of previous years
(c) Registration statements and periodic reports, files with government agencies
3. Accounting records
(a) Ledgers
(b) Journals
Articles of Incorporations and Bylaws: - It is a basic document filed with the government to
evidence the legal existence of the organization. By laws are the internal administrative
structures of the organizations. They include the organizational structures, rules and procedures
adopted by the corporate shareholders. Copies of both the articles of incorporations and by laws
are retained in the auditor’s permanent files for convenient reference during the repeated audit
engagements.
Partnership Contract: - The partnership contract represents an agreement among the partners
on the rules to be followed in the operations of a partnership organization. The auditor should
examine the partnership contract in the same manner as the articles of incorporation and by laws
of corporate clients while auditing a partnership firms.
Minutes Book: - A minute’s book is an official record of the actions taken at the meetings. It
will contain certain authorizations, more important transactions and contractual arrangements
etc. In addition, the minutes may document discussions of pending litigations, investigations by
regulatory agencies etc., and the auditor should read the minutes of the meetings in order to
gather more information about the client’s business and the environment in witch the client
operates.

Contracts held or issued by the client: - During audit engagements, the auditor should obtain
the copies of all major contracts, to which the client is a party. The terms of existing contracts
are often the material factors in arriving at certain decisions while expressing the opinion. The
skill in analyzing and interpreting the financial aspects of contracts is an additional qualification
to independent auditors, as it will increase their importance.
Laws and Regulations: - The independent auditor must be familiar with the laws and
regulations that might effect the client’s financial statements. The audit must be designed to
provide reasonable assurance of detecting illegal acts having a material direct effect on the
financial statements. While an audit does not generally provide a basis for detecting violations
of laws and regulations which have an indirect effect on the financial statements, the auditor
must be aware of the possibilities that such violations have occurred. When the information that
indicates a violation comes to the attention of the auditors, the auditor should apply audit
procedures towards ascertaining whether a material illegal act has occurred.

Correspondence Files: - The general correspondence files of the client may contain more
information which will be important to the independent auditors. Correspondence may be
generally accepted as authentic one. But if reason for doubt exists the auditor may wish to
conform the contents of correspondence with the responsible persons directly.

Financial Statements of Previous Years: - The auditors can gain general background
knowledge of the financial history and problems of the business by studying the financial
statements and annual reports of the previous years. If the independent auditors have submitted
the audit reports in previous years, these documents may be useful in drawing attentions in
matters requiring special considerations.

58
Tax returns of previous years: - A review of tax returns of previous years will aid the auditors
in planning the tax services if required by the terms of engagement. The possibility of
assessment of additional taxes may exist with respect to returns of previous years and this will
help the auditor to analyze the threat of additional assessment.

Registration Certificates and Periodic Reports: - The registration statement and periodic
reports filed with the government agencies will contain valuable information necessary for the
auditors. It may contain information about the client’s capital structure, summary of the earnings
of the previous years, identity of the affiliated companies, description of the business of the
property of the client, pending legal proceedings, names of directors and executive officers of the
client and their remuneration, principal shareholder etc.

Review and testing of Accounting Records: - A review of these records will help the auditor to
understand the clients accounting system thorouly and to assess the quality of accounting
records, the accounting procedures, the control procedures, in effect etc. If the client’s accounting
records and procedures are well designed and efficiently maintained it is reasonable to devote
less audit time to verify the accuracy of the records than would be required. The extent to which
the auditors test the accounting records will depend on two factors i.e., the general conditions of
the records and the frequency and related importance of any misstatements discovered during the
actual testing.

General Ledger: - Auditors should test the general ledger by performing tests to determine
whether
1. Account balances are mathematically correct.
2. Entries in the ledger were posted from journal entries and
3. Journal entries were properly posted to the appropriate ledger accounts.

General Journal: - Entries in the general journal are those for which special journals have not
been provided accordingly a variety of infrequently occurring transactions is normally included.
The auditor should
(i) Check the total column of the journal
(ii) Vouch selected entries to the original documents
(iii) Scan the journals for unusual entries
(iv) Determine the entries that have been with proper approval of concerned
officer.

59