Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Auditing an overview
1.1. Origin and Historical development of Auditing
The term “Audit” is derived from the Latin word “Audere” this means “to hear”. In the olden
days, whenever the proprietors of a business concern suspected a fraud, certain people were
appointed to hear verbal explanations given by the persons responsible for maintaining the books
of accounts and to judge the facts. Such persons were known as “Auditors”. Thus, the literal
meaning of audit is to hear and the auditor is the person who hears the explanations from the
persons accountable for keeping accounts.
Scope of audit was quite limited as the auditors during those days were interested in ascertaining
whether the persons responsible for keeping accounts had properly accounted for all cash
receipts and payments to his principal and in locating errors and fraudulent transactions, if any.
In simple words, the aim of audit was to know whether cash had been embezzled and if so, who
embezzled it and what amount was involved. Thus, it was merely a cash audit. But, the scope of
modern audit can not be confined to cash verifications as the principal object of modern audit is
to report on financial position of the undertaking as depicted by its financial statements, i.e.
Balance sheet and Profit and Loss account, and other financial and non-financial information that
are related to different aspects of organizations’ economic activities . Detection of errors and
fraud is an incidental object of modern audit.
As far as the historical development of auditing is concerned, although the objectives and
concepts that guide present day audit were almost unknown until the early years of the 20 th
century, audits of one type or another have been performed throughout the recorded history of
commerce and government finance. From medieval times on through the time of industrial
revolution, audits were performed to determine whether persons in position of official
responsibility in government and commerce were acting and reporting in an honest manner.
During the industrial revolution, as manufacturing concerns grew in size, their owners began to
use the service of hired managers. With this separation of the ownership and management
groups, the absentee owners turned increasingly to auditors to protect themselves against the
danger of an intentional errors as well as fraud committed by managers and employees. Bankers
were the primary out side users of financial reports and were concerned whether the repots were
distorted by errors or fraud.
Some of the major auditing developments undertaken since the 20th century are:
1
(5) Development of new auditing procedures applicable to sophisticated computer systems,
and use of the computer as an auditing tool.
(6) Recognition of the need for auditors to find means of protecting themselves from the
current wave of litigation.
(7) An increased in demand for prompt disclosure of both favorable and unfavorable
information concerning any publicly owned company.
(8) An increased responsibility to assess the risk of material fraud.
(9) Increased demand for attestation by CPAs to managements assertion about compliance
with laws and regulations and the effectiveness of internal control.
Definition of Auditing- It is quite difficult to give a single and precise definition of the term
“Audit”. The word “audit” has been defined by many distinguished authors and other bodies, and
every one of them has attempted to highlight one aspect or the other, but the central idea is more
or less the same.
Definition 2: Some scholars also define auditing as an independent examination of the books of
account and the related documentary evidence by a qualified person in order to ascertain the
accuracy of figures.
Definition-5: A special committee of the American Institute of Accountants has defined the term
‘audit’ as follows:
“An audit is an attest function where by a Certified Public Accountant (CPA) independently
examine financial information of an entity and produce a report on the subject matter or an
assertion about the subject matter which is the responsibility of another party ( e.g.
Management).”
To attest to information means to provide assurance as to its reliability. More formally, the
AICPA has defined an attest engagement as one in which:
2
A practitioner is engaged to issue or does issue a written communication that
expresses a conclusion about the reliability of a written assertion that is the
responsibility of another party.
A financial statement audit is, by far, the most common type of attest engagement. However,
CPAs attest to the reliability of a wide range of other types of information, including financial
forecasts, internal control, compliance with laws and regulations, advertising claims, and the
like.
The amount of evidence obtained by the CPAs and the content of the attest report depends on the
nature of the engagement. The standards of the AICPA recognize three forms of attestation
engagements. These are:
In order to diagnose auditing in its correct perspective, one must know how auditing different
from book keeping, and accountancy, and what relationship it has with other two.
Book keeping- As the expression implies it refers to keeping the financial records (books) of a
business or other economic entity, recording all the transactions in which it engages. In simple
words, book keeping is concerned with recording day to day business transactions in the books
of original entry and the ledger.
It is a part of accounting process, concerned only with the original record of the transactions,
which provides a base for accounting. The major activity of book keeping either be handle by
book keeper or accounting machines. Such activities involve:
Ideally, accounting begins where book keeping ends and auditing begins where accounting ends.
Accountancy is the work of an accountant and is confined mainly to the checking of the
arithmetical accuracy of the books of account, extraction of an agreed trial balance, and
preparation of financial statements in such a way that one can clearly know the state of affairs of
the business. Auditing involves a detailed and critical examination and verification of such
3
accounts by an independent expert for the purpose of ascertaining the true and correct position of
a concern. In short, an audit does not entail the preparation of the accounts at all but denotes
something much wider, namely, the examination of these accounts. The job of an accountant is to
record the transactions while an auditor has to check and verify such accounts. There cannot be
auditing without prior existence of accounts. Thus, the work of an auditor is to begin only when
the accountant has finished his work.
Dependable information is essential to the very existence of our society. This is because, reliable
information such as accounting and financial reporting aid the society in allocating the limited
resources in an efficient manner so that the intended goal could be effectively achieved by the
end of the day. Individual or group society members such as the following depend on
information provided by others in the course of decision making activities.
Thus, directly or indirectly, almost everyone has a financial stake in corporate enterprises, and
the public interest demands prompt, reliable financial reporting on the operations and the
financial healthiness of publicly owned corporations.
However, in many of these situations, the goals of the providers of information run directly
counter to those of the users of the information. Implicit in this line reasoning is the recognition
of the social needs for independent public accountants-individuals of professional competence
and integrity who can tell us whether the information that we use constitutes a fair picture of
what is really going on.
The contribution of the independent auditor is, therefore, to provide credibility to information used by
outsiders such as stockholders, creditors, government regulators, customers, and other interested parties to
make decisions of various kinds. Credibility in this case is used to mean that the information can be
believed by its users.
4
Economic decisions are made under condition of uncertainty. There is always a risk that the
decision makers select the wrong alternative and incur a significant loss. The creditability added
to the information by auditors actually reduces the decision maker’s risk. To be more precise, the
auditors reduce information risk, which is the risk that the financial information used to make
decisions is materially misstated.
Audited financial statements are the accepted means by which business organization report their
operating results and financial positions. The word audited when applied to financial statements,
means that the balance sheet and the statement of income, retained earnings, and cash flows are
accompanied by an audit report prepared by independent public accountants, expressing their
professional opinion as to the fairness of company’ financial statements.
Financial statements prepared by management and transmitted to outsiders without first being
audited by independent auditors (unaudited financial statements) leave a credibility gap for all of
the reasons such as (accidental errors, lack of knowledge of accounting principles, unintentional
bias, and deliberate falsification). Due to such reasons, financial statements may depart from
Generally Accepted Accounting Principles (GAAP), and some other appropriate accounting base.
Auditors provide users with assurance that the financial statements are free from all the above-
mentioned problems and thus, showing a true and fair picture of a business affair. However,
auditors cannot give certificate or guarantee as to the correctness or accuracy of these statements,
because, they only depend on sample population.
Illustrations- A decision by a bank loan officer about whether to make a loan to a business can be
used to illustrate the demand for auditing. Since the banks objective is to get appropriate rate of
interest and to collect the principal of the loan at maturity, the loan officer is making two related
decisions i.e.
1) Business Risk- the risk that the company will not be able to make periodic interest payments
and repay the principal at maturity because, because of economic condition, poor management
decisions and for some other reason. Such risks are assessed by considering factors such as:
- Financial position of the companies
- The nature of its operation
- The characteristics of the industry in which it is working
- Quality and integrity of management
2) Information Risk- the risk that the information used to assess business risk is not accurate.
Information risk includes the possibility that the financial statements might contain material
departure from GAAP and other appropriate accounting basis.
If the loan officer has assurance from the auditors that the company’s financial statements are
prepared in accordance with generally accepted accounting principles, he will have confidence in
his assessment of business risk. Moreover, the periodic audits made after the loan has been made
5
provide the loan officer with a way of monitoring management performance and compliance
with the various loan provisions.
On the other hand, by reducing information risk, the auditors reduce the overall risk to the bank;
the company is more likely to obtain the loan and it will be made at a lower rate of interest.
Therefore, management of the company has an incentive to provide audited financial statements
to the loan officer to obtain the loan and to get the best possible interest rate.
NB. While auditing normally has only a limited effect on a company’s business risk, it can
significantly reduce the level of information risk. The primary objective of auditing is
verification of accounts and statements while the subsidiary objective is detection and prevention
of errors and frauds.
1. Audited accounts are more readily accepted as correct and authentic record of the
transactions
2. Errors and frauds are detected and rectified in time
3. A regular audit would exercise a great moral influence on the client a staff and thus
prevent frauds and errors. The staff will also keep the books of account up to date.
4. An auditor possesses practical knowledge of business finance, contract laws. He can
therefore be an adviser on these matters, which will help clients
5. An auditor acts as trustee (a person who has charge of property in trust) of the
shareholders and safeguards their financial interest in the case of as Joint Stock
Company. Shareholders are assured that the accounts have been properly maintained
and directors and manager of the company have not taken any undue advantage of
their position.
6. Audited accounts are considered more reliable for taxation purposes sales tax, income
tax etc.)
7. Audited accounts facilitate the settlement of accounts between the partners, at the
time of retirement or death of partners.
8. Audited accounts are helpful in claiming reasonable compensation from the insurance
companies.
9. Comparison can be made between the accounts of the current year and other years.
10. Audited accounts can be very useful to secure loan, to obtain extend credit, to admit a
partner, to sell the business or to convert it into a joint stock company or to absorb or
amalgamate different business or to determine the purchase consideration.
11. As an appraisal function, audit reviews the existence and operations of various
controls and points out the weaknesses and inadequacies.
12. Audit safeguards the interest of the worker since audited accounts are useful to settle
workers claim for higher wages and bonus.
1.5.1. Types of audits-The various types of audit that might be undertaken by the auditor can be
categorized as:
6
i) Audit of financial statements
ii) Compliance audits
iii) Operational audits
ii) Compliance Audits- Society has always concerned about compliance with laws and
regulations by all types of organizations. As a result, compliance auditing has evolved to
become an important part of the work of both external and internal auditors. Compliance
auditing is, therefore, the testing and reporting on whether an organization has complied
with the requirements of various laws, regulations, polices, procedures, and agreements.
E.g. The audit of an income tax return by auditors of internal revenue services to test
whether tax returns are in compliance with tax laws and internal revenue service
regulations.
1.5.2. Types of Auditors-There are four types of auditors. Among these well known types of auditors
are:
I) certified public accountants (External auditors),
II) Internal auditors,
III) Auditors of the general accounting office, and
IV) Internal revenue auditors (tax auditors)
(I) Certified public accountants (External auditors)-These are a group of auditors who
examine the records supporting the financial reports of an enterprise and give an opinion
regarding their fairness and reliability. They are independent professionals who perform
or render professional service on a fee base, but not the employee of the company being
audited. They report their findings to stockholders.
(II) Internal auditors- The principal goal of the internal auditors is to investigate and
appraise the efficiency and effectiveness with which the various organization units of the
company are carrying out their assigned functions.
-Even though internal auditors are not independent as in the same sense as the
independent public auditors, they should be independent of the
department heads and other line executives whose work they review.
7
-Internal auditors report to the audit committee of the board of directors, to the
president or to other high executives.
-Internal auditors are employee of the organization in which they work and, thus, subject
to rules and regulations inherent in the employer- employee relation ships.
-Large part of the work of internal auditors consists of operational audit, they also
conduct compliance audit
Internal auditing: Internal auditing is conducted by employees of the business engaged in work
on be half of the organization. He is a salaried employee of the business. Internal audit has been
defined as the “ independent appraisal of activity within an organization for the view of
accounting, financial and other business practices as a protective end constructive arm of
management” It is type of control which functions by measuring and evaluating the effectiveness
of other types of internal control. Internal audit can be either pre-audit or post-audit. It deals
primarily with accounting and financial matters; it may also properly deal with matters of an
operating nature. From the definition, it is clear that internal audit not only includes the
verification of accounting maters but also financial & other matters.
The Internal auditor is responsible to:
III) Auditors of the general accounting office- Congress or federal government has long had its
own auditing staff, headed by the controller general and known as general accounting office,
GAO auditor. The work of GAO auditors includes audits of government agencies to determine
the spending programs, evaluate the efficiency and effectiveness of selected government
programs; audit of financial statements of a number of federal agencies and others.
IV) Internal revenue auditors (tax auditors) - The internal revenue service is responsible for
enforcement of the federal tax laws. Thus, internal revenue auditors conduct compliance audits of
the income tax return of individual and corporations to determine that income has been computed
and taxes paid as required by the federal law.
8
accountants. This will increase the prestige of the professional and attributers increased
significance by the public to the auditor’s opinion attached to financial statements.
According, the AICPA has set forth the basic frame work in the following 10- generally accepted
auditing standards which are grouped under three major categories.
A. General standards
(1) The audit is to be performed by a person or persons having adequate technical
training and proficiency as an auditor.
(2) In all matters relating to the assignment, independence in mantel attitude is to be
maintained by the auditor or auditors.
(3) Due professional care is to be exercised in the planning and performance of the
audit and the preparation of the report.
(1) Training and proficiency- this requirement is usually interpreted to mean college or
university education in accounting and auditing; participation in continuing education programs
and substantial public accounting experience. A technical knowledge of the industry in which the
client operates is also part of the personal qualifications of the auditors. It follow that a CPA firm
must not accept an audit engagement without first determining that members of its staff have the
proficiency needed to function efficiently and effectively in a given particular industry
9
assignment, an “independence in mental attitude is to be maintained by the auditors” is perhaps
the most essential factors in the existence of a public accounting profession.
E.g. If an auditor own shares of stock in a company that they audit, or if they serve as
members of board of directors, they might subconsciously biased in the performance of an
auditing duties.
An auditor is, therefore, expected to avoid any relationship with a client that would cause an
outsiders who had a knowledge of all the facts to doubt the CPA’s independence (independence
in fact and independence in appearance should be maintained).
(3) Due professional care- This standard requires the auditors to plan and carry out every step of
the audit engagement in an alert and diligent manner. Full compliance with these standards
would avoid or minimize any negligent acts or material omissions by the auditors.
(4) Adequate planning and supervision-is essential to a satisfactory audit. The appropriate
number of audit staff of various levels of skill and the time required for each need to be
determined in advance of the field work. Staff members with limited experience and new staff
members if any should be closely supervised while they are on work.
(5) Sufficient understanding of internal control- effective internal control provides assurance
that the client’s records are dependable and that its assets are protected. When the auditors find
this type of internal control, the quantity of other evidence required is much less than if control is
weak. Thus, the auditor’s assessment of internal control has great impact on the length and nature
of the audit process.
(6) Sufficient competent evidential matter-this standard of field work requires that the auditors
gather sufficient competent evidence to have bases for expressing an opinion on the financial
statements. The term competent refers to the quality of the evidence. Some evidential matters are
stronger and more convincing than others.
(7-10) Standards of reporting-The four reporting standards establish some specific directives for
preparation of the auditors report i.e.
- The reports must specifically state whether the financial statements are inconformity with
GAAP.
- Consistency in the application GAAP and adequate informative disclosure in the financial
statements is to be assumed unless the audit report states otherwise.
-The report must contain an opinion on the financial statements as a whole, or must disclaim an
opinion.
10
Chapter-two
Professional Ethics and Legal liabilities of Auditors
2.1. The need for professional ethics
All recognized professions have recognized the importance of ethical behavior and have
developed codes of professional ethics. The fundamental purpose of such codes is to provide
members with guidelines for maintaining a profession attitude and conduct them in a manner that
will enhance the professional stature of their discipline. Our purpose in this chapter is to discuss
the nature of professional ethics, to present and discuss the AICPA code professional conduct,
and auditors’ legal liabilities and responsibilities
The mature of Ethics- ethics has been defined as the study of moral judgment and standards of
conduct. While personal ethics vary from individual to individual, at a point in time, most within
the society are able to agree as to what is considered ethical and unethical behavior. In fact a
society posses laws that define what its citizens consider to be the more extreme forms of
unethical behavior.
But much of what is considered unethical in a particular society is not specifically prohibited.
Thus, a good starting point to considering whether a given behavior is ethical or not is to
examine the context in which most ethical questions arise- relationships among people. Any
relationship between two or more individuals such as a CPA and client carries with it sets of
expectation by each of the individuals involved.
Ethical Dilemmas- ethical dilemma is a situation that an individual faces involving a decision
about appropriate behavior. A simple example of an ethical dilemma is presented below
Assume that a student at your University finds an expensive watch in the University compound.
What action, if any, does the student take to find the original owner?
Ethical dilemmas generally involve situations in which the welfare of one or more other
individuals is affected by the results of the decision. In the dilemma presented above, the welfare
of the original owner of the watch is affected by the student’s decision.
Ethical dilemmas faced by auditors often have an effect on the welfare of a large member of
individuals or groups. For example, if an auditor made an unethical decision about the content of
an audit report, the welfare of thousands of investors, creditors and other members of the society
would be affected.
It is therefore essential for professions to have ethical and moral standards in addition to other
professional and technical standards so that the profession can provide quality services that can
properly address the interest and welfare of its users.
To understand the importance of a code of ethics to public accountants and other professionals,
one must understand the nature of a profession as opposed to other vocations. There is no
universally accepted definition of what constitutes a profession; yet, for generations, certain
types of activities have been recognized as professions while others have not.
Characteristics of a profession
The development of audit as a profession is tied to the involvement of the importance of
independence in audit. Thus, this is the reason for naming professional auditing as independent
11
audit. All of the generally recognized professions such as auditing, medicine, engineering,
theology, architecture and the like are characterized by the following elements/ features/.
I) Specialized body of knowledge- A highly developed profession has a very highly
specialized written body of knowledge. The more the profession is highly developed, the
more specialized the body of knowledge and voluminous requiring, longer period of time
to absorb. The body of knowledge is dynamic and in continuous development and growth
and not static. The body of knowledge here goes far beyond general education
knowledge. Always, there is need for technical competence and familiarity with
current/contemporary/ standards of practice that might be embodied in the code of
professional conducts.
II) Standards of qualification for admission- A profession to be a profession must have well
recognized and accepted predetermined criterion of qualification for admission into the
profession. The standards include educational requirements as well as other moral and
legal criteria fulfillment. The educational requirement is composed of theoretical
knowledge and practical experience. Thus, attaining a license to practice as a certified
public accountant requires an individuals or group members, to meet minimum standards
of education and experience.
III) Standards of conduct of behavior- A profession has a standard of conduct of behavior to
be observed by the professionals through prescribed code of ethics that attempt to enforce
general rules of conducts, and maximum and minimum rules on competence and
responsibility to client and colleagues.
IV) Level of status recognition- The quality and level of professional services demanded by
society determines the level of status and recognition to the profession. The level of status
and recognitions earned in a society is a function of the quality of professional services
rendered which in turn is a function of the standards of profession qualification and the
degree of the social, moral, and legal responsibility assumed. (They have direct relation
ship). Thus, careless work or lack of integrity on part of any auditor(s) may lead the
public to negative view towards the entire profession. Accordingly, reasonable level of
competence to practice their service as required by standards and to give clients and the
public an assurance that the profession intends to maintain high standards and enforce
compliance by individual members broads the reputation of the profession.
V) Acceptance of social responsibility/ Responsibility to serve the public/ – A professional to
be a profession must accept responsibility for the consequence of its action. Not only
legal responsibilities which arises out of contractual obligation, but also moral
responsibility to the profession it self and to the society at large. Accordingly, auditors are
representatives of the public-creditors, stockholders, consumers, employees, and others-in
the financial reporting process. The role of the independent auditors is to ensure that
financial statements are fair to all parties and not biased to benefit one group at the at the
expense of another. This responsibility to serve the public interest must be a basic
motivation for the professional.
Significance of professional ethics in accounting- Careless work or lack of integrity on the part
of any public auditor is a reflection upon the entire profession. Consequently, the members of the
public accounting profession / auditing profession/ have acted in unison through the certain
appropriate code of conduct such as the AICPA code of conduct. This code provides practical
guidance to the individual members in maintaining a professional attitude. In addition, this code
12
gives assurance to clients and to the public that the profession intends to maintain high standards
and to enforce compliance by individual members.
Evidence that public accounting has achieved the status of a profession is found in the
willingness of its members to accept voluntarily standards of conduct more rigorous than those
imposed by law. These standards of conduct set forth the basic responsibilities of auditors to the
public, clients and fellow practitioners. To be effective, a body professional ethics must be
attainable and enforceable; it must be consists not merely of abstract ideals but of attainable
goals and practical working rules that can be enforced.
The AICPA code of professional conduct is designed to provide a framework for expanding
professional services and responding to other changes in the profession, such as the increasingly
competitive environment.
The AICPA code of professional conduct consists of two sections. These are:
Section-1: Principles- is a goal oriented, positively stated discussion of the profession’s
responsibilities to the public, clients and fellow practitioners. It provides overall frame work for
the rules.
Section- 2: Rules- are enforceable applications of the principles. They define acceptable behavior
and identify sources of authority for performance standards.
Code of
Professional
Conduct
Principles-provide overall frame work for rules
Rules- govern performance of professional
additional services
guidance Interpretations-provide guidelines as to the
scope and application of rules
Article-I: Responsibilities
Members should accept the obligation to act in a way that will serve the public interest,
honor the public trust and demonstrate commitment to professionalism
Article-III: Integrity
To maintain and broaden public confidence, members should perform all professional
responsibilities with the highest sense of integrity, i.e. a member shall be free of conflict of
interest, and /or not deliberately misrepresent facts or subordinate his/ her judgments to others.
14
Each of these principles should be considered by members in determining whether or not to
provide specific services in individual circumstances. As there is no hard- and-fast rules that can
be developed to help members reach these judgments, they must be sure whether they are
satisfied that they are meeting the spirit of the principles in this regards.
Section-II-Rules
Applicability-the bylaws of AICPA require that members adhere to the rules of the code of
professional conduct. Members must be prepared to justify departures from these rules.
1) If a member or member’s firm had or was committed to acquire any direct financial
interest such as investment in the client ( owning capital stock) and/ or acquire any
material indirect financial interest (direct and indirect financial interest)
2) If a member or member’s firm was a trustee of any trust or executor or administer of
any estate if such trust or estate, had or was committed to acquire any direct or
material indirect financial interest in the enterprise to be audited.
Independency of partners and staff requires partners (or stockholders), managerial
employees and all professional staff be free from any interest of the client enterprise.
Thus, not all employees of an audit firm are required to be independent.
3) If a member or member’s firm had any joint, closely held business investment with
the enterprise or with any officer, director, or principal stockholders thereof that was
material in relation to the member’s net worth, or to the net worth of the member’s
firm.
4) If a member or member’s firm had any loan to or from the enterprise or any officer,
director, or principal stockholders to the enterprise.
5) If a member or members firm was connected with the enterprise as promoter,
underwriter, or voting trustee, a director or officer or in any capacity equivalent to
that of a member of management or of an employee.
6) If a member or member’s firm was a trustee for any pension or profit-sharing trust of
the enterprise.
Lack of independency may also arise from financial interests that may result from past
employment relationship with the client, interest of a close relatives of an auditor such as her or
his spouse and dependents. Other situations that may impair independency of auditor are past
due fees, gifts from client, and client auditor or CPA litigation if any.
Two distinct ideas are involved in the concept of independency. These are:
15
1) Independence in fact- A CPA (auditor) must in fact be independent of any enterprise for
which they provide attestation services i.e. an auditor must be able to maintain an
objective and impartial mental attitude throughout the engagement.
2) Independent in appearance- The relationship between the CPAs and their client must be
such that the auditor will appear independent to third party i.e. an auditor must be able to
maintain an objective and impartial mental attitude throughout the engagement.
NB. The independency rule does not apply to all services performed by public auditor(s).
Services in which the client is a major beneficiary such as management consultancy service, tax
services, accounting/compilation/ service and the like do not require independency.
The independency rule applies to auditing, and other attestation services such as review of
financial statements, examination of financial forecasts, performance of agreed up on procedures
and the like.
Independency - a matter of degree i.e. the concept of independency is not absolute; no
CPA/auditor/ can claim complete independence of a client. Rather, independence is relative i.e. a
matter of degree. Thus, CPAs must strive for the greatest degree of independence consistent with
this business environment.
In the performance of any professional service, a member shall maintain objectivity and
integrity, shall be free of conflicts of interest, and shall not knowingly misrepresent facts or
subordinate his/her professional judgments to others.
Interpretation 102-1 states that a CPA or auditor(s) will be found to have knowingly
misrepresented facts in violation of rule102, when he/she knowingly:
Makes, or permits or directs another to make, materially incorrect entries in a client’s
financial statements or records.
Fail to correct financial statements that are materially false or misleading when the
member has such authority.
Signs or permits or directs another to sign, a documents containing materially false and
misleading information.
A member shall comply with the following standards and with any interpretations thereof by
bodies designated by council.
a) Professional competence- undertakes only those professional services that the member
or member’s firm can reasonably expect to be completed with professional competence.
b) Due professional care- Exercise due professional care in the performance of
professional services.
c) Planning and supervision- adequately plan and supervise the performance of
professional services.
d) Sufficient relevant data- Obtain sufficient relevant data to afford a reasonable basis for
conclusions or recommendations in relation to any professional services performed.
16
A member who performs auditing, review, compilation, management consultancy, tax return
preparation, or other professional services shall comply with standards promulgated by bodies
designated by council.
A member shall not (1) express an opinion or state affirmatively that the financial statements or
other financial data of any entity are presented in conformity with GAAP or (2) state that he/she
is not aware of any material modification that should be made to such statements or data in
order for them be in conformity with GAAP, if such statements or data contain any departure
from accounting principles promulgated by bodies designated by council.
If however, the statements or data contain such departure and the members can demonstrate that
due to unusual circumstance, the financial statements or data would otherwise have been
misleading, the members can comply with the rule by describing the departure, its approximate
effects, if practicable; and the reasons why compliances with the principle would result in
misleading statements.
A member in public practice shall not disclose any confidential client information without the
specific consent of the client.
This rule shall not be construed:
(1) To relieve a member of the member’s professional obligations under rule 202 and 203
presented above.
(2) To affect in any way the member’s obligation to comply with a validity issued and
enforceable subpoena or summons
(3) To prohibit review of a member’s professional practice under AICPA or state CPA
society authorization, or
(4) To preclude a member from initiating with or responding to any inquiry by a
recognized investigative or disciplinary bodies.
Thus, except for the above mentioned circumstances and other related interpretation,
members of a recognized investigative or disciplinary bodies and professional practice
reviewers shall not use to their own advantage or disclose any member’s confidential client
information that comes to their attention in carrying out their professional responsibilities.
Reporting illegal act – many countries have adopted laws that require members in a public
practice (auditors) to reports illegal acts committed by organizations when ever they come
across it if:
A) It has a material effect on the financial statements
17
B) Senior management and the board directors have not taken appropriate remedial
action
C) The failure to take remedial action is reasonably expected to warrant a departure from
standards of audit report or a resignation by the auditors.
Under such circumstances, the auditor must as soon as possible communicate their
conclusion directly to the client’s board of directors or if that is not possible directly
communicate the matter to the appropriate authoritative bodies.
A member in public practice shall not perform for an contingent fee any professional services
for, or receive such a fee from a client for whom the member or member’s firm performs services
such as:
(a) An audit or review of financial statements
(b) Compilation of financial information expected to be used by third party,
(c) An examination of prospective financial information or
(d) Prepare an original or amended tax return or claim for a tax refund.
A contingent fee is a fee established for the performance of any service pursuant, or an
arrangement in which no fee will be charged unless a specified finding or result is attained, or in
which the amount of the fee is otherwise dependent upon the finding or result of such services.
A member in public practice shall not seek to obtain clients by advertising or other forms of
solicitations in a manner that is false, misleading, or deceptive. Solicitation by the use of
coercion, overreaching or harassing conduct is prohibited.
18
review of financial statements, a compilations of financial statements and/ or
examination of financial statements.
2) Disclosure of permitted commissions and referral fees- a member of CPA or auditor who
receive/or paid a permitted commission and/or referral fees shall disclose such
acceptance or payments to the client.
We live in an era of litigation in which persons with real or fancied grievances are likely to take
their complaints to curt. In this environment, investors and creditors who suffer financial
damages or reversals find CPAs, as well as attorneys and corporate directors, tempting targets for
lawsuits alleging malpractice.
Thus, CPAs must approach every engagement with the prospect that they may be required to
defend their work in court. Even if the court finds in favor of the CPAs, the costs of defending a
legal action can be very high. Moreover, lawsuits can be extremely damaging to a professional’s
reputation. In extreme cases, the CPA may even be held criminal for professional malpractice.
Thus, every member considering a career in public accounting should be aware of the legal
liability inherent in the practice of this profession and should conduct the audit with reasonable
skill and care. Though audit report is not a guarantee that the figures are free from error, the
auditor must conduct the audit that it stands a reasonable chance of discovering a material error
in the figure. It is difficult to determine what is meant by reasonable skill and care. The
auditors’ principal duties center around the report on the truth and fairness of the financial
statements. The auditors are not required to make any positive statement if they are satisfied
with the audit matters. They must, however state any reservations in the audit report. There is
always a possibility that someone will disagree with some of the assumptions upon which the
figures have been based. The auditors are also required to form an opinion on several matters ant
properly report them in their report.
19
Gross Negligence- is the lack of even slight care, indicative of reckless disregards for one’s
professional responsibilities. Substantial failures on the part of an auditor to comply with GAAS
might be interpreted as gross negligence.
Constructive fraud- differs from fraud as defined above in that constructive fraud does not
involve a misrepresentation with intent to deceive. Gross negligence on the part of an auditor as
been interpreted by the courts is constructive fraud.
Privity- is the relationship between parties to contract. A CPA firm is in privity with the client it
is serving, as well as with any third party beneficiary.
Breach of contract- is failure of one or both parties to a contract to perform in accordance with
the contacts provisions. E.g. Failure by auditors(s) to perform in accordance with contractual
specifications indicated in the engagement letter.
Contributory negligence-is negligence on the part of the plaintiff that has contributed to his or
her having incurred loss.
Comparative negligence- is a concept used by courts to allocate damages between negligent
parties based on the degree to which each party is at fault. The allocation of damages is also
referred to as proportionate liabilities.
The plaintiff-is the party claiming damages and bringing suit against the defendant.
A third party beneficiary- is a person or institution not a contracting party who is named in a
contract or intended by the contracting parties to have definite rights and benefits under the
contract
. E.g. If W-Thomas audit firm is engaged to audit the financial statements of Shell- Ethiopia and
if it is indicated in the contract that a copy of the audit report will be sent to Awash International
Bank as a support for a loan, then, the bank is a third-third party beneficiary under the
contractual agreement between W-Thomas Audit firm and Shell-Ethiopia company.
An engagement letter- is the written contract summarizing the contractual relationships between
the CPA and client. It typically specifies the nature and scope of professional services to be
rendered , expected completion date of the engagement, the amount of audit fees, responsibility
of auditors and responsibility of client/manager/ and other related matters.
An auditor holds position of great responsibility and has to perform a given duties, statutory or
otherwise, allotted to him. In performance of his duties, he has to exercise reasonable care and
skill. His client expects him to follow generally accepted auditing standards and he/she may be
20
held liable in case he does not act with reasonable care and skill required from him in the
particular circumstances.
In other words, if his client suffers any loss due to his negligence or breach of trust or duty and,
the errors or frauds remain undetected, he would be held liable for the same and may be called
upon to pay the damages suffered by the client on account of his negligence or breach of duty.
The auditor may be penalized for failing to apply reasonable care and skill. This could take the
form of a disciplinary action by the professional body or civil or criminal proceedings.
1. Auditor’s civil liability- An auditor is appointed to perform certain specific duties and in
performing his duties he must exercise reasonable care and skill to perform his duties for
which he is employed. If he acts negligently on account of which the client is made to suffer
loss, the auditor may be held liable and may be called upon to make good the damages,
which the client suffered due to this negligence. The auditor can be held liable if the
following conditions are satisfied.
i. There should be sufficient ground for holding him liable for negligence. A general charge
will not be enough and the specific matter in respect of which he failed must be indicated
ii. It must be proved that the client has suffered a loss on account of this negligence
The auditor cannot be held liable if there is loss to the client without his negligence or there has been
negligence of the auditor but it has not resulted into the loss to the client. At the same time, it must be
proved that the auditor has acted negligently, i.e. he did not exercise the reasonable care and skill in
the performance of his duties. What is reasonable care and skill should be determined on the basis of
the particular circumstances of the each case. It should be largely determined by a comparison with
the standard, which the members in this profession generally observe. It may be noted that the auditor
does not act as an insurer and does not guarantee the accuracy of the books of account
3. Auditor’s contractual liability: The contractual liability arises out of the contract entered
between the auditor and the client. This arises when there is no statute governing the rights or
duties of an auditor. Since there are no statutory provisions, the question of liability has to be
settled in accordance with the terms and conditions settled by the auditor with his client in
the agreement. Hence the agreement with the auditor has to be in written clearly specifying
the terms of duties, responsibilities and scope of the audit. The auditor will be liable if he
does not observe high standards of his profession and work honestly. Sometimes, the auditor
will be in a delicate situation because of the frauds or irregularities carried on by the client’s
21
parents or close relatives. In such cases, he must not give way to emotions. He must honestly
and truthfully report the matter to his client in clear words without any hesitation, laying
aside all other considerations. If he does not do so, he fails in the performance of his duties
and may be held liable for the same.
Liabilities to clients fro audits often arise from a failure to uncover an embezzlement or
defalcation being performed against the client by client employees and also failure to provide
reasonable assurance of detecting misstatements due to errors and fraud that are material to
the financial statements.
In general, to establish auditors’ liabilities, a client must prove
a) Duty- that the auditor(s) or audit firm accepted a duty of care to exercise skill,
prudence, and diligence.
b) Breach of duty- that the auditor(s) or audit firm breached his/her/its duty of care
through negligent performance.
c) Loss-that the client suffered a loss.
d) Proximate-cause- that the loss is resulted from the auditor(s) negligent act or
performance
Auditors Defense against client Suits-As defendants, auditors’ basic defense is ordinarily
that the audit was performed with reasonable care and that they were not negligent in the
performance of their duties. Alternatively, they, might attempt to prove that, regardless of
whether negligence was involved, such alleged negligence was not the proximate cause
of the client loss. Moreover, demonstrating contributory negligence by the client is one
means of showing that the auditors’ negligence was not the sole cause of the client’s loss.
4. Auditor’s third party liability- In addition to being sued by clients under common law,
auditors may be liable to third parties under common law. This is due the fact that the audited
financial statements are used be many people other than the client. These users of financial
statements may completely rely upon the audited statements and enter into transactions with
the company without any further enquiry. This are known as third parities which includes
individual and group society members such as potential stockholders/investors/, venders,
bankers, and other creditors, employers, employees, and customers, tax authorities and
others.
An audit firm may be liable to such third parities if a loss was incurred by the claimant due
to reliance on misleading financial statements. A typical suit might occur when a bank is
unable to collect a major loan from an insolvent customer. The bank may claim that the
misleading audited financial statements were relied on in making the loan and that the audit
firm should be held responsible because it failed to perform the audit with due care. Some
real world cases on liability of auditors to third parties are given below.
22
Ultramares cooperation vs. Touché (1931)-Liability to third parties case
The creditors of an insolvent corporation (Ultramares) relied on the audited financials and subsequently
sued the auditors, alleging that they were guilty of negligence and fraudulent misrepresentation. The
accounts receivable had been falsified by adding to approximately $650,000 in accounts receivable
another item of over $700,000. The creditors alleged that careful investigation would have shown the
$700,000 to be fraudulent. The accounts payable contained similar discrepancies.
The court held that the auditors had been negligent but ruled that auditors woul not be liable to third
parities for honest blunders beyond the bounds of the original contact unless they were primary
beneficiaries. The court held that only one who enters into a contract with an auditor for services can sue
In this case, the court held that although the auditors were negligent, they were not liable to
the creditors because the creditors were not deemed to be primary beneficiaries. In this
context, a primary beneficiary is one about whom the auditors was informed before
conducting the audit ( a known third party). The key aspect of the Ultrmares case was that
the creditors lacked privity of contract with the auditors. This case established a precedent,
commonly called the Ultramers doctrine, that ordinary negligence is insufficient for liability
to third parties because of the lack of privity of contract between the third party and the
auditor unless the third party is a primary beneficiary. However, in a subsequent trial of the
Ultramares case, the court pointed out that had there been fraud or gross negligence on the
part of the auditors, the auditors could be held liable to more general third parties.
In recent years, many courts have broadened the Ultramares doctrine to allow recovery by
third parties in more circumstances than previously by introducing the concept of foreseen
users. Generally a foreseen user is a member of a limited class of users whom the auditors are
aware will rely on the financial statements. For example, a bank that has loans outstanding to
a client at the balance sheet date may be a foreseen user. Under this concept, a foreseen user
would be treated the same as known third party.
Although the concept of foreseen users may seen straightforward, its application is not and
has developed differently in different jurisdictions. At present, three approaches have
emerged: The credit Alliance approach, the Restatement of Torts approach, and the
Foreseeable Users approach
Credit Alliance approach- Credit Alliance vs Arthur Andersen Co. (1986), was a case in
New York in which a lender brought suit against the auditor of one of its borrowers, alleging
that it relied on the financial statements of the borrower, who was in default, in granting the
loan. The New York State Court of Appeals reversed t=a lower court’s decision that
prevented the defendant auditor from using absence of privity as a defense. In so doing, the
appellate court upheld the basic concept of privity established by Ultraares, and sated that to
be liable (1) an auditor must know and intend that his or her work product would be used by
the plaintiff third party for a specific purpose, and (2) the knowledge and intent must be
evidenced by the auditor’s conduct.
23
Restatement of Tort approach- The approach followed by most states is to apply the rule cited
in the Restatement of Torts, an authoritative compendium of legal principles. The
Restatement rule is foreseen user must be members of a reasonably limited and identifiable
group of user that have relied on the auditor work, such as creditors, even though those
persons were not specifically known to the auditor at the time the work was done. A leading
case supporting the application of this rule is Rush Factors vs. Levin, presented in the
following table.
The plaintiff, a lender, asked the defendant auditor to audit the financial statements of a company
seeking a loan. The auditor issued an unqualified opinion on the financial statements, indicating that
the company was solvent when, in fact, it was insolvent. The plaintiff loaned the company money,
suffered a subsequent loss, and sued the auditors for recovery.
The auditor’sUsers-
Foreseeable defenseThe
in the case was
broadest based on the
interpretation absence
of the of third-party
right of privity on the part of Rusch
beneficiaries is toFactors.
The court
use the found of
concept in foreseeable
favor of thisusers.
plaintiff.
UnderAlthough the court
this concept, could that
any users havethefound in favor
auditor shouldof Rusch
Factors under Ultramars in that it was a primary beneficiary, it chose to rely
have reasonable been able to foresee as being likely users of financial statements have on the Restatment
the of
Torts, statingasthat
same rights thewith
those auditor should
privity be liable
of contract. for ordinary
These users are negligence
often calledinanaudit whereclass.
unlimited the financial
statements
Although aare relied on number
significant by actually foreseen
of states andfollowed
have limited classes of persons.
this approach in the past, there are
now only few countries that apply this approach.
Auditors Defense against Third Party Suits- Three of the four defenses available to
auditors in suits by client are also available in third party lawsuits. Contributory negligence is
ordinarily not available because a third party is not in a position to contribute to misstated
financial statements. The preferred defense in third party suits is no negligent performance. If
the auditor performed the engagement in accordance with GAAS, the other defenses are
unnecessary.
Appointment of auditors- in most cases the audit of business concerns other than corporate
entity is voluntary and not compulsory. But with regard to corporate entities, many countries have
set laws that make their audit mandatory. Therefore, provisions regarding appointment of
auditors, his/her qualification, powers, duties etc are governed. To assure independence, auditors
are appointed by the highest body and are solely responsible to this body who appoints them. In a
corporation such responsibility is given to the stockholders meetings or the board of directors at
the suggestion to the management, and it is to this body that the independent auditors submit his
audit report for approval. This is to avoid compromises; nowadays this function is one of the
functions given to audit committees. In principles, it is this body that should be responsible to
determine or negotiate the fee payable to independent auditors.
The primary objective of appointment of auditor(s) in a corporate entity is to safeguard the interest
of the absentee owner (shareholders) and investors as it is not possible for every shareholder or
investors to inspect the books of accounts of the company. Hence an auditor is a representative of
shareholders and work on their behalf. Company auditors may by appointed by board of directors,
shareholders, central government and /or by other special resolutions.
24
Chapter-Three
Audit Evidence
3.1. Audit evidence
Audit evidence is the information obtained by the auditor in arriving at conclusions on which
their reports are based. During financial statement audits, the auditors gather and evaluate
evidence to form an opinion about whether the financial statements follows the appropriate
criteria, usually, generally accepted accounting principles. The auditors must gather sufficient
competent evidence to provide an adequate basis for their opinion on the financial statements.
The audit evidence is intended to assure the users of accounting information that the financial
statements are a credible source of information about the organization. The users may not accept
the auditor’s opinion on the truth and fairness of financial statements unless the auditor has
collected sufficient competent evidence about the material misstatements. Hence, the collection
of evidence lies in the heart of the audit.
3.2. The relationship of audit risk and audit evidence
Audit risk-refers to the possibility that the auditors may unknowingly fail to appropriately
modify their opinion on financial statements that are materially misstated. In other words, it is
the risk that the auditors will issue an unqualified opinion on financial statements that contain a
material departure from generally accepted accounting principles. Thus, the more sufficient and
competent the audit evidence obtained, the less will be the audit risk.
For each financial statement account, audit risk consists of the possibility that
(1) A material misstatement in an assertion about the account has occurred, and
(2) The auditors do not detect the misstatement.
The first risk, the risk of occurrence of a material misstatement, may be separated into two
components-inherent risk and control risk. The risk that auditors will not detect the
misstatement is called detection risk.
Inherent Risk- The possibility of a material misstatement of an assertion before considering the
client’s internal control is referred to as inherent risk. Factors that affect inherent risk related to
either the nature of the client and its industry or to the nature of the particular financial
statements account.
Inherent risk also varies by the nature of the account. For instance, if we consider two balance
sheet accounts-cash accounts and building account and if we assume that the balance of cash
account is only one tenth that of building account, this does not mean that the inherent risk
associated with cash account will also be one-tenth as much that of the building accounts. Rather,
the inherent risk associated with the cash account may be much more than one-tenth of the
inherent risk associated with the building accounts. This is due to susceptible nature of cash
account to error or theft than are building accounts.
Thus, auditors may spend much more time in auditing cash accounts than the assumed
proportion of their inherent risk.
Inherent risk also varies with the assertion about a particular account. As an example, valuation
of assets is often a more difficult assertion to audit than is existence of the assets.
The auditor use their knowledge of the clients industry and the nature of its operations, including
information obtained in prior years audits to assess inherent risk for the financial statement
assertions
25
Control risk- The risk that a material misstatement will not be prevented or detected on a timely
basis by the client’s internal control is referred to as control risk. This risk is entirely based on the
effectiveness of the client’s internal control.
To assess control risk, auditors consider the client’s control that affects the reliability of
financial reporting. Well designed controls that operate effectively increase the reliability of
accounting data.
To obtain an understanding of the client’s internal control and to determine whether it is designed
and operating effectively, the auditors use a combination of inquiry, inspection, observation, and
performance of audit procedures.
If the auditors find that the client has designed effective internal control for a particular account
and that the prescribed practice operate effectively in day-to-day operation, they will assess
control risk for the related assertions to be low, and there by accept a higher level of detection
risk, i.e. the more effective internal control is, the lesser will be the control risk and the higher
will be the detection risk. That is because, effective internal control leads to the use of low
substantive testing procedure by auditors which may in turn lead to high detection risk.
Detection risk-The risk that the auditors will fail to detect the misstatement with their audit
procedures is called detection risk. In other words, detection risk is the possibility that the
auditors’ procedures will lead them to conclude that material misstatement does not exist in an
account or assertion when in fact such misstatement does exist.
Detection risk is restricted by performing substantive tests. For each account, the scope of the
auditors’ substantive tests, including their nature, timing and extent determines the level of
detection risk.
The interrelationship between the three components of audit risk can be described as follows
26
* The bag of sand in the figure represents inherent risk, the susceptibility of an account balance
to material misstatements.
* The sieves represent the ways by which the client and the auditors attempt to remove the
misstatements from the financial statements. The first sieve represents the client’s internal
control, and the risk that it fails to detect or prevent a misstatement is control risk. The auditors’
audit procedures are represented by the second sieve, and the risk that it will fail to detect a
misstatements is detection risk. The risk that the misstatement wills get through both sieve is
audit risk.
Measuring audit risk- In practice, the various components of audit risk are not typically
quantified. Instead, the auditors usually use qualitative categories, such as low risk, moderate
risk, and maximum risk. Statements of Auditing Standards (SAS-47), allows the use of either
quantified or non quantified approach. In any way, the relationships among audit risk, inherent
risk, control risk, and detection risk can be put generally as follows:
To illustrate how audit risk may be quantified, assume that auditors have assessed inherent risk
for a particular assertion at 50% and control risk at 40%. In addition, they have performed audit
procedures that they believe have a 20% risk of failing to detect a material misstatement in the
assertion. The audit risk for the assertion may be computed as follows:
AR = IR × CR × DR
= .50 × .40 × .20
=.04
Thus, the auditors face a 4% audit risk that a material misstatement has occurred and evaded
both the client’s controls and the auditors’ procedures.
It is important to realize that while auditors gather evidence to assess inherent risk and control
risk, they gather evidence to restrict detection risk to the appropriate level. Inherent risk and
control risk are a function of the client’s nature of internal control structure and its operation
environment. Regardless of how much evidence the auditors gather, they cannot change these
risks. Therefore, evidence gathered by the auditors is used to assess the levels of inherent and
control risks.
Detection risk on the other hand, is a function of the effectiveness of the audit procedures
performed. If the auditors wish to reduce the level of detection risk, they need to obtain
additional competent evidence. As a result, detection risk is the only risk that is completely a
function of the sufficiency of the procedures performed by the auditors.
27
standard states that sufficient competent evidential matter should be obtained to afford a
reasonable basis for an opinion regarding the financial statements under audit. So the evidence
obtained by the auditor should be
a. Sufficient
b. Competent
Sufficiency-the term sufficient relates to the quantity of evidence the auditor should obtain. The
amount of evidential matter that is considered sufficient to support the auditors’ opinion is a
matter of professional judgment. The considerations that should be followed in evaluating the
sufficiency of audit evidence are
1. The amount of evidence that is sufficient in a specific situation varies inversely with the
competence of the evidences that are available. The more competent the evidence matter is,
the less the amount of evidence needed to support the auditor’s opinion
2. The need for the evidential matter is closely related to the concept of materiality. The more
the need for the materiality the more the evidence is required
3. The risk that the material misstatements in the financial statements may vary from
engagement to engagement and it depends on the factors such as the financial condition of
the client, the line of business, the internal control structure, the integrity of the management
etc.
Competency -the competency of the evidential matter refers the quality of the evidence which
depends on its relevance and its validity. For the evidence to be relevant, it must apply/related/ to
the audit objective being tested. The validity of the evidence refers to its credibility or
believability which depends on the circumstances in which it is obtained.
The factors that generally affect the validity of the evidential matter are:
The source from where the evidence is obtained i.e. whether external or internal
The effectiveness of the internal control system of the client company
The collection procedure of the evidence i.e. whether the evidence is obtained directly or
indirectly
The types of evidence i.e. whether they are documents or written representations or oral
evidence
The competence of the evidential matter is increased when the auditors are able to obtain
additional information to support the original evidence. Thus, several pieces of related evidence
may form a package of evidence that has greater competence than do any of the pieces viewed
individually
28
Comparison: it is the process of agreeing or contrasting two different sources of
information. Auditors often use comparison to test information at various stages of
processing within the accounting system.
Tracing: it is the process of establishing the completeness of transaction processing by
following a transaction forward through the accounting records i.e. from the source
document to the recorded transaction.
Vouching: it is the process of establishing the occurrence or valuation of recorded
transactions by following transaction back to supporting document from a subsequent
processing step
Reperformance: is the process of repeating a client activity. For example the auditors may
recalculate the depreciation or reperform the bank reconciliation statement.
Reperformance may include:
1. Footing is the process of proving the totals of a vertical column of figures
2. Cross-footing is the proves of proving the totals of horizontal row
3. Extending is the process of recomputing by multiplication.
Observation: it is the process of viewing a client activity. For example, the auditors may
observe the application of internal control procedures such as the client’s inventory taking
procedures.
Inspection: it involves a reading or point-by-point review of a document or record. For
example the auditor may inspect the loan agreement document.
Reconciliations: it is used to establish agreement between two sets of independently
maintained by related records. For example, the cash in bank in the ledger account is
reconciled with the bank statement.
Inquiries: these are the questions directed towards the appropriate client personnel. The
response to the questions may be written or oral. The term inquiry is also sometimes used
to refer to the technique of questioning parties outside the organization.
Analytical procedures: they are the evaluations of financial information made by a study
of expected relationships among financial and nonfinancial data. For example, the auditor
may analyze the financial ratios of the current year with the ratios of the previous years.
29
a. Documents created outside the organization and transmitted directly to the auditor- the
most reliable documentary evidence consists of documents created by independent
parties outside the organization and transmitted directly to the auditors without passing
through the client’s hands. For example, the verification of accounts receivable
b. Documents created outside the organization and held by the organization-many of the
externally created documents referred to by the auditors will be in the possession of
organization. For example, bank statements, vendor’s invoices and statements, property
tax bills notes receivables etc.
c. Documents created and held within the organization- most documents created within
the organization represent a lower quality of evidence because they circulate only
within the company and do not receive critical review by an outsider. For example, the
sales invoices, shipping notices, purchase orders etc. The degree of reliance to be
placed on documents created and used only within the organization depends on the
effectiveness of the internal control. If the accounting procedures are so designed that
another person must critically review a document prepared by one person and if all
documents are serially numbered and all numbers in the series accounted for, these
documents may represent reasonably good evidence. Adequate internal control will also
provide for extensive segregation of duties so that no one handles a transaction from
beginning to end.
3. Accounting records as evidence: the dependability of ledgers and journals as evidence is
indicated by the extent of internal control covering their preparation. An auditor will attempt
to verify an amount in the financial statements by tracing it back through the accounting
records. They will ordinarily carry this process through the ledgers to the journals and vouch
the item to such basic documentary evidence. To some extent, the ledger and journals
constitute worthwhile evidence in themselves to the auditors
4. Evidence from the analytical procedures: analytical procedures involve evaluations of the
financial statements by a study of relationships among financial and nonfinancial data. The
process of analytical procedures consists of four steps
a. Develop an expectation of an account balance
b. Determine the amount of difference from the expectation that can be accepted without
investigation
c. Compare the account balances with the expected account balance
d. Investigate the significant deviations from the expected account balance
Techniques used in performing analytical procedures range from complex models
involving many relationships and data from many years. For example, comparison of
revenue and expense amounts for the current year to those of the previous years and to
the industries average.
5. Evidence from computations: to prove the arithmetical accuracy of the client’s records, the
auditor make computations independently as another form of audit evidence. Computations
verify the mathematical processes and used to prove the calculation of the client.
6. Evidence provided by the specialists: since the auditors may not be experts in all the fields
of business of the client, he may get the services of the experts in performing highly technical
tasks such as valuation of inventory, or making the actuarial computations to verify liabilities
for postretirement benefits. The expert should be independent person. If the auditor feels that
the expert is not an independent person, he may perform additional procedures or engage
another specialist.
30
7. Oral evidence: during the examination of records, the auditor may ask many questions to the
officers and the employees of the organization on the endless topics ranging from the
location of records and documents, the reasons underlying an unusual accounting procedures,
the probabilities of collecting a long past due accounting receivables etc. The answers the
auditor receives to the questions constitute another type of evidence.
8. Evidence from client representation letters: The auditor should get a representation letter
from the client summarizing the most important oral representations made during the
engagement. These letters are dated as the last day of the fieldwork and usually signed by the
chief executive officer and chief finance officer. Most of the representations fall into the
following categories
1. All accounting records, financial data and minutes of the directors meetings have
been made available to the auditors
2. The financial statements are complete and prepared in conformity with the generally
accepted accounting principles
3. All items requiring disclosure have been properly disclosed
3.5. Evidences about accounting estimates
The auditor must be very careful in considering financial statement accounts that are affected by
estimates made by the management, particularly those for which a wide range of accounting
methods are considered acceptable. For example, the estimates of obsolete inventory, allowances
for loan losses, estimates of warranty liabilities etc. though the making of estimates are the
responsibility of the management, the auditor should determine that
a. All necessary estimates have been developed
b. The accounting estimates are reasonable and
c. The accounting estimates are properly accounted for and disclosed
31
Chapter-Four
Audit planning process
There are several purposes of the planning procedures discussed in this section. A major purpose
is to provide information to aid the auditor in assessing acceptable audit risk and inherent risk.
These assessments will affect the auditor’s client acceptance or continuation decision, the
proposed audit fee, and the auditor’s evidence. A second purpose is to obtain information that
requires follow-up during the audit. Doing so is one step in obtaining sufficient competent
evidences. Examples include identifying approvals in the minutes such items as dividends and
officer’s salaries, and searching for the names of related parties to help the auditor determine
whether related party transactions exists. Others, purposes includes staffing the engagement and
obtain and engagement letter.
Obtaining sufficient competent evidence is essential if the audit firm is to minimize legal liability
and maintain a good reputation in the business community. Keeping costs reasonable helps the
audit firm remains competitive and thereby retains or expand its client base, assuming the firm
has a reputation for doing high-quality work.
Avoiding misunderstandings with the client is important for good client relations and for
facilitating high-quality work at reasonable costs. For example, suppose that the auditor informs
the client that the audit will be completed before June-30 but is unable to finish it until August
because of inadequate scheduling of staff. The client is likely to be upset with the audit firm and
may even sue for breach of contract.
32
- Whether there are any conditions that would prevent them from performing an
independent audit of the client.
- Whether the partners and staff have appropriate training and experience to competently
complete the engagement.
III. Submitting a proposal- To obtain the audit, the auditors may be asked to submit a
competitive proposal that will include information on the nature of services that the firm
offers, the qualifications of the firm’s personnel, anticipated fees, and other information
to convince the prospective client to select the firm.
IV. Communication with audit committees- Arrangements for the audit may be made
through contact with the company’s audit committee (if any). An audit committee must
be composed of at least three independent directors. During the course of the audit the
discussions with the audit committee members will focus on:
- Weakness in internal control
- Proposed audit adjustments
- Disagreement with management as to accounting principles
- The quality of accounting principles used by the company
- Indications of management fraud other illegal acts by corporate officer.
VII. Engagement Letters- The auditors should establish an understanding with the client
regarding the services to be performed, the objectives of the engagement, management’s
responsibilities, auditor’s responsibilities, scope and/or limitations of the engagements
and other related issues.
33
4.2. Phases of audit planning
The following presents the seven major parts of audit planning. Each of the fist six parts is
intended to help the auditor develop the last part, and effective and efficient overall audit pan and
audit program.
Before beginning the discussion of the first four parts of the planning phase, it is useful to briefly
introduce two risk terms: acceptable audit risk and inherent risk. These two risks have a
significant effect on the conduct and cost of audits. Much of early planning on audit deals with
obtaining information to help auditor assess these risks.
Acceptable audit risk-is a measure of how willing the auditor is to accept that the financial
statements may be materially misstated after the audit is completed and an unqualified opinion
has been issued. When the auditor decides on a lower acceptable audit risk, it means that the
auditor wants to be more certain that the financial statements are not materially misstated. Zero
risk would be certainty, and a 100 percent risk would be complete uncertainness.
Inherent risk-is a measure of the auditor’s assessment of the likelihood that there are material
misstatements in an account balance before considering the effectiveness of internal control. If
for example, the auditor concludes that there is a high likelihood of material misstatements in an
account such as accounts receivable, the auditor would conclude that inherent risk for accounts
receivable is high.
When the auditor concludes that there is a high inherent risk for an account or a class of
transactions, the same three potential effects are appropriate as for he lower acceptable audit risk.
However, it is easier and more common to implement increased evidence accumulation for
inherent risk than it is for acceptable audit risk because inherent risk can usually be isolated to
one or two accounts. For example, if inherent risk is high only for accounts receivable, the
auditor can restrict the evidence expansion to the audit of accounts receivable
When the auditor decides that a lower acceptable audit risk on an audit is appropriate, there are
three potential actions, where all three, two or just one can be done, depending on the auditor’s
judgments.
a) More evidence is required to increase audit assurance that there are no material
misstatements; it is difficult to implement increased evidence accumulation because
acceptable audit risk applies to the entire audit. It is expensive and often impractical to
increase evidence in every part of an audit
b) The engagement may require more experienced staff. Audit firms should staff all
engagements with qualified staff, but for low acceptable audit risk client’s special care is
appropriate in staffing.
c) The engagement will be reviewed more carefully than usual. Audit firm need to be sure that
the working papers that document the auditors planning, evidence accumulation and
conclusion, and other matters in the audit are adequately reviewed. When acceptable audit
risk is low, there is often more extensive review, including a review by personnel who were
not assigned to the engagement.
4.2.1. Preplan the audit-It involves three things, all of which should be done early in audit. First,
the auditor decides whether to accept a new client or continue serving an existing one. This is
typically done by an experienced auditor who is in a position to make important decisions. The
auditor wants to make that decision early, before incurring any significant costs that can not be
34
recovered. Second, the auditor identifies why the client wants or need an audit. This information
is likely to affect the remaining part of the planning process. Thirdly, the auditor obtains an
understanding with the client about the terms of the engagements to avoid misunderstandings
and staff the engagements.
4.2.2. Obtain background information- An extensive understanding of the client’s business and
industry and knowledge about the company’s operations are essential for doing an adequate
audit. Most of this information is obtained at the client’s premises, especially for a new client.
a) Obtain knowledge about the client’s industry and business-There are three primary reasons for
obtaining a good understanding of the client’s industry. First, many industries have unique
accounting requirements that he auditor must understand to evaluate whether the client’s
financial statements are in accordance with generally accepted accounting principles. For
example, if an auditor is doing an audit of a city, the auditor must understand governmental
accounting and auditing requirements. There are also unique accounting requirements for
construction companies, rail road’s, non for profit organizations, financial institutions, and many
other organizations.
Second, the auditor can often identify risks in the industry that may affect the auditor’s
assessments of accepting audit risk, or even whether auditing companies in the industry is
advisable. As stated earlier, certain industries are more risky than others, such as the savings and
loan and health insurance industries.
Thirdly, there are inherent risks that are typically common to all clients in certain industries.
Understanding those risk aids the auditor in identifying the client’s inherent risks. Examples,
include potential inventory obsolescence inherent risk in the fashion clothes industry, accounts
receivable inherent risk in the consumer loan industry, and reserve for loss inherent risk and
causality insurance industry
Knowledge of the client’s industry can be obtained in different ways. These include discussions
with the auditor who was responsible for the engagement in previous years and auditors currently
on similar engagements, as well as conferences with the client’s personnel. Knowledge about the
client’s business that differentiates it from other companies in its industry is also needed. That
knowledge will help the auditors more effectively assess acceptable audit risk and inherent risk
and will be useful in designing analytical programs.
b) Tour the client plant and offices-A tour of the client’s facilities is helpful in obtaining
understanding of the client’s business and operations because it provides opportunity to observe
operations firsthand and to meet key personnel. The actual viewing of the physical facilities aids
in understanding physical safeguards over assets and in interpreting accounting data by providing
a frame of reference in which to visualize such assets as inventory in process and factory
equipment. Knowledge of the physical layout also facilities getting answers to questions later in
the audit. The tour may also help the auditors identify inherent risks. For example, if the auditor
observe unusual inventory, it will affect the assessment of inherent risks for equipment and
inventory. Discussion with non accounting employees during the tour and throughout the audit is
useful in maintaining a board perspective.
35
c) Identify related parties-Transactions with related parties are important to auditors because
generally accepted accounting principles require that they be disclosed in the financial statements
if they are material. Transactions with a related party are not arm’s length transactions.
Therefore, there is a risk that they were not valued at the same amount as they would have been
if the transactions had been with an independent third party. The disclosure requirements include
the nature of the related party relationships; a description of transactions, including dollar
amounts; and amounts due from and to related parties. Most auditor assess inherent risk as high
for related parties and related party transactions, both because of the accounting disclosure
requirements and the lack of independent between the parties involved in the transactions.
A related party is defined in SAS-45 as an affiliated company, a principal owner of the client
company, or any other party with which the client deals where one of the parties can influence
the management or operating policies of the other. A related party transaction is any transaction
between the client and a related party. Common examples include sales or purchase transactions
between a parent company and subsidiary, exchange of equipment between two companies
owned by the same person, and loans to officers. A less common example is the exercise of
significant management influence on an audit client by its most important customers.
Because material related party transactions must be disclosed, it is important that all related
parties be identified and included in the permanent files early in the engagement. Finding
undisclosed related party transactions is thereby enhanced. Common way of identifying related
parties include inquiry of management, review of SEC filings, and examinations of stockholder’s
listings to identify principal stockholders.
d) Evaluate need for outside specialists-when the auditor encounters situations requiring
specialized knowledge, it may be necessary to consult a specialist. SAS-73 establishes the
requirement for selecting specialists and reviewing their work. Examples include using a
diamond expert in evaluating the replacement cost of diamonds and an actuary for determining
the appropriateness of the recorded value of insurance loss reserves. Another common use of
specialist is consulting with attorneys on the legal interpretations of contracts and titles. In the
case of a large inventory of computer and computer parts, the audit firm may deicide to engage a
specialist if no one within the firm is qualified to evaluate whether the inventor is obsolete or not.
The auditor should have a sufficient understanding of the client’s business to recognize the need
for a specialist. The auditor should also evaluate the specialist’s professional qualifications and
understand the objectives and scope of the specialist’s work. The auditor should also consider the
specialists relationship with the client, including circumstances that might impair the specialist’s
objectivity.
4.2.4. Perform preliminary analytical procedures- Auditors are required to perform analytical
procedures while planning the audit to assist in determining the nature, timing, and extent of
auditing procedures. Analytical procedures performed during the planning phases enhance the
auditor’s understanding of the client’s business and events occurring since the prior year’s audit.
Planning analytical procedures also help the auditors identify areas that may represent specific
risks of material misstatements warranting further attention.
Analytical procedures used in planning are often based on aggregate, companywide data. For
some clients, reviewing changes in account balances on the trial balance may be sufficient for
36
planning purposes. Along with comparative industry information, auditors might consider key
financial ratios such as efficiency ratio, return on assets, liquidity ratio, inventory and accounts
receivable turn over ratios and other similar rations. The collectability of accounts receivable and
inventory obsolescence may also receive additional attention of the auditor.
4.2.5. Set materiality and assess acceptable audit risk and inherent risk - The scope paragraph
in auditors’ reports includes two important phrases that are directly related to materiality and
risk. These phrases are emphasized in bold italic print in the following two sentences of a
standard scope paragraph.
We conducted our audits in accordance with generally accepted auditing standards. Those
standards require that we plan and perform the audit to obtain reasonable assurance about whether
the financial statements are free of material statements.
The phrase obtained reasonable assurance is intended to inform users that auditors do not guarantee
or ensure the fair presentation of the financial statements. The phrase communicate that there is
some risk that the financial statements are not fairly stated even when the opinion is unqualified.
The phrase free of material misstatement is intended to inform users that the auditor’s responsibility
is limited to material financial information. Materiality is important because it is impractical for
auditors to provide assurance on immaterial amounts.
Thus, materiality and risk are fundamental concepts that are important to planning the audit and
designing the audit approach. Materiality is a major consideration in determining the appropriate
audit report to issue.
A careful reading of the FASB definition reveals the difficulty that auditors have in applying
materiality in practice. The definition emphasizes reasonable users who rely on the statements to
make decisions. Therefore, auditors must have knowledge of the likely users of their client’s
statements and the decisions that are being made. For example, if an auditor knows that financial
statements will be relied on in a buy- sell agreement for the entire business, the amount that the
auditor’s material may be smaller than for an otherwise similar audit. In practice, the auditors may
not know who all users are or what decisions will be made.
37
4.2.6. Understand internal control and assess control risk-To effectively assess internal control for
the purpose of reducing planned audit evidence, auditors need to understand key internal control
and control risk concepts. As discussed in previous chapter, a system of internal control consists of
policies and procedures designed to provide managements with reasonable assurance that the
company achieves its objective and goals. These policies and procedures are often called control
especially those controls related to the reliability of financial reporting , are important to the
auditors purpose.
4.2.7: Develop over all audit plan and audit program-It deals the last step in the planning phase of
audit. It is critical step because it results in the entire audit program the auditors’ plans to follow in
the audit, including all audit procedures, sample size, items to select, and timing. It is the process of
making correct decisions in both the effectiveness of evidences and the efficiency of the audit
process.
The audit planning process is documented in the audit working paper through the preparation of
audit plans, time, budgets and audit programs. An audit plan is an overview of the engagement,
outlining the nature and characteristics of the client’s business operations and the overall audit
strategy. Although audit plans differ in form and content among public accounting firms, a typical
plan includes details on the following.
An audit program is a detailed list of the audit procedures to be performed in the course of the
audit. A tentative audit program is developed as part of the advance planning of an audit. This
38
tentative program however requires frequent modification as the audit progresses. For example,
the nature, timing, and extent of substantive test procedures are influenced by the auditor’s
assessment of control risk. Thus, not until the consideration of internal control has been
completed can a relatively final version of the audit program be drafted. Even this version may
require modification if the auditors revises their preliminary estimates of materiality or risk for
the engagements tests disclose unexpected problems.
An audit program is designed to accomplish audit objectives with each major account of the
financial statements. These objectives follow directly from management assertions that are
contained in the client’s financial statements.
From these assertions, general objectives may be developed for each major type of balance sheet
accounts including assets, liabilities, and owners’ equity and other financial statements items
such as revenue, expense and the like.
Relationship between financial statements, management assertions and the various audit
concepts is given by the following diagram.
Financial statements
(Follow GAAP)
-Existence or occurrence
Management -Right and obligations
Assertions -Completeness
-Valuations/allocation
-Presentations and disclosure
Audit procedures
Audit program is detailed
List of auditing procedures
Audit Evidence
Summarized in audit
Working papers
Audit report on
financial statements
39
Explanation on general audit program objectives
A) Existence of assets-The first step in substantiating the balance of an asset account is to
verify the existence of the asset.
-Existence of cash on hand, marketable securities, and inventories can be verified by physical
observation or inspection, and by vouching from the recorded entry to the documents created
upon their acquisitions.
- Assets under the custody of others, such as cash in bank and inventory on consignment, can be
verified by directing confirmation with the appropriate outside party.
- Existence of Accounts receivables can be verified by confirmation with customers
-Existence of intangible assets can be verified by gathering evidence on whether costs are
incurred for probable future benefits
B) Rights to the assets-usually, the same procedures that verify existence also establish the
company’s rights to the asset. For example, confirming cash balance in bank account
establishes existence of the cash and company’s ownership right to that cash. Similarly,
inspecting marketable securities verify both existence and ownership because the registered
owner’s name usually appears on the face of the security certificate.
For other assets such as plant and equipment, physical examination establishes existence but
not ownership. Thus, the auditors need to inspect documentary evidence such as property tax
bills, purchase documents and other legal ownership documents such as deeds.
C) Establishing completeness –Effective internal control provides assurance that acquisitions
are recorded and helps the auditors to establish the completeness of recorded assets. When there
is ineffective internal control system, auditors need to increase the scope of their substantive
testing to prove the completeness of assets (i.e. whether all the assets that have been acquired are
recorded in accounting records or not). For this, auditors may follow different approaches such
as:
- Tracing or cross checking source documents created upon acquisition of assets with
entries made to record assets in the accounting records. E.g. tracing shipping documents
with details to record sales transaction for account receivables.
- Observation and physical examination to test completeness of recorded physical assets
such as inventory (whether counted or included in inventory), whether purchase of
equipment is properly recoded and so on.
Verifying the cutoff of transaction- As a part of the auditors’ procedure for establishing
completeness as well as existence of recorded assets, the auditors verify the client’s cutoff
transactions included in the period. The financial statements should reflect all transactions
occurring through the end of the period and none that occur subsequently. The term cutoff refers
to the process of determining that transactions occurring near the balance sheet date are assigned
to the proper accounting period.
To verify the client’s cutoff of transactions, the auditors should review transactions recorded
shortly before and after the balance sheet date to ascertain that these transactions are assigned to
the proper period.
D) Valuation of assets-The auditors should establish or test whether
40
(ii) The method of valuation used is appropriate for the circumstance at hand.
(iii) Perform procedures to test the accuracy of the client application of the method
of valuation to the assets.
E.g. -Many assets are valued at cost. Therefore, a common audit procedure is to vouch the
acquisition cost of assets to paid checks and other documentary evidence.
-If the acquisition cost is subject to depreciation or amortization, the auditors must evaluate the
reasonableness of the cost allocation program and verify the computation of the remaining
unallocated cost.
- For assets valued at market value or at lower of cost or market, investigation of current market
prices is necessary.
E). Clerical Accuracy of records- The amount appearing as an asset on a financial statement is
almost always the accumulation of many smaller items. For example, the amount of inventory on
financial statements might consist of the cost of thousands or, perhaps, hundreds of thousands of
individual products.
The auditors must test the clerical accuracy of the underlying records to determine that they
accumulate to the total appearing in the general ledger and therefore the amount in the financial
statements by applying generalized audit programs and/or other appropriate means.
F). Financial statement presentation and disclosure-Even after the dollar amounts have been
substantiated, the auditors must perform procedures to ensure that the financial statements
presentation conforms to the requirements of authoritative accounting pronouncements and the
general principles of adequate disclosure. Procedures that may be performed by auditors for such
case may include:
- view of subsequent events
- Search for related party transactions
- Investigation of loss contingencies
- Review of disclosure of such items as accounting policies, lease, compensating balances,
and pledged assets
- Consideration of the categories and descriptions used on all of the financial statements.
An illustration of audit program design-The above general objectives apply to all types of assets.
Audit procedures for a particular asset account must be designed to accomplish the specific audit
objectives regarding that asset. These specific objectives vary with the nature of the asset and the
generally accepted accounting principles that govern its valuation and presentation.
In designing an audit program for a specific account, the auditors start by developing general
objectives from the financial statement assertions. Then specific objectives are developed for the
account under audit and, finally audit procedures are designed to accomplish each specific audit
objectives.
- In actual practice, audit program must be tailored to each client’s business environment and
internal control. The audit procedure comprising audit programs may vary substantially from one
engagement to the next.
The organization of audit program usually is divided into two major sections. The first section
deals with the procedures to assess the effectiveness of the client’s internal control (the “systems
41
portions”), and the second deals with the substantive testing of financial statements amounts, a
well as the adequacy of financial statements disclosure.
Test of the system or internal control of the audit program (systems-portion) - the systems
portion of the audit program is generally organized around the major transactions cycle of the
client’s accounting system. For example, the systems portion of the audit program for
manufacturing company might be subdivided into separate programs for such areas as (1)
revenue/sales and collections/cycle, (2) acquisition /purchase and disbursements/cycle, (3)
conversion /production/cycle, (4) payroll cycle, (5) investing cycle, and (6) financing cycle.
To illustrate one of these transaction cycles, let us consider sales and collection. The activities
used in processing sales transactions might include- receiving a customer’s purchase order, credit
approval, and shipment of merchandise, preparation of sales invoice/billing /, recording revenue
and accounts receivables, and handling and recording cash receipts.
Audit procedures in the system portion of the program typically include obtaining an
understanding of the controls for each transaction cycles, preparation of flowchart for each cycle,
testing the significant controls, and assessing control risk for the related financial statement
assertions.
The substantive test portion of the program-the portion of audit program aimed at
substantiating financial statement amounts usually is organized in terms of major balance sheet
accounts, such as cash, accounts receives, inventories, and plant and equipment. Even though the
present day auditors are very much concerned with the reliability of the income statements, they
still find the balance sheet approach to be an effective method of organizing their substantive
audit procedures. One advantage of the balance sheet approach is that highly, competent
evidence generally is available to substantiate assets and liabilities. Assets usually, are subject to
direct verification by such procedures as physical examination, inspection of externally created
documentary evidences, and confirmation by outside parties.
Liabilities usually can be verified by examination of externally created documents, confirmation,
and inspection of canceled checks after the liability has been paid.
Since revenue and expenses have no tangible form, they exist only as entries (double entry; one
to recognize revenues and expenses and the other to record corresponding changes in asset or
liability account) in the client’s accounting records, representing changes in owner’s equity.
Consequently, the best evidence supporting the existence of revenues or expenses usually is the
verifiable changes in the related asset or liabilities
The relationship between test of controls and substantive tests – Test of controls provide
auditors with evidence as to whether prescribed controls are in use and operating effectively. The
result of these tests assists the auditors in evaluating the likelihood of material misstatements
having occurred. Substantive tests on other hand are designed to detect material misstatements if
they exist in the financial statements. The amount of substantive testing done by the auditors is
greatly influenced by their assessment of the likelihood that material misstatements exist. The
stronger the internal control is, the less will be the likelihood of material misstatements which in
turn will lead to less degree of substantive testing and vice-versa.
42
Time budgets for audit engagements-a time budget for an audit is constructed by estimating
the time required for each step in the audit program for each of the various levels of auditors and
totaling these estimated amounts. A detailed time budgets can assist auditors in estimating the
audit fees and other functions as communicating with audit staff about those areas the manager
or partner believe are critical and require more time, and to measure the efficiency of staff
members.
Analytical review procedures-The direction of audit test procedures can be performed by tracing
information:
i) Back ward from financial statements to ledgers to journal and finally, vouching them to the
original source documents such as invoices and receiving reports. By doing so, the auditors
may identify journal entries that are not supported and possibly are not valid. This procedure
provides evidences that financial statements figures are based upon valid transactions. It is
tests of the existence assertions.
ii) Forward from source documents to the journals, ledgers and financial statements. This
approach provides the auditor with assurance that all transactions have been properly
interpreted and processed. It is a test of the completeness assertion. Un supported transactions
can not be found.
Accounting system
Journ Ledger
Source
Source als s Financial
Docume
Source
ntsDocume Statemen
ntsDocume t
nt
Test for completeness (avoids understatements)
Start Finish
NB. Although, the techniques of working the audit trail in such a way are a useful one, auditors must
acquire evidence from sources other than the clients accounting records.
43
Chapter-Five
Internal control systems
Our consideration of internal control in this chapter has three major objectives: first, to explain
the meaning and significance of internal control; second, to discuss the major components of a
client’s internal control structure; and third, to show how auditors go about obtaining and
understanding of internal control to meet the requirements of the second standard of field work.
No attempt is made in this chapter to present in detail the internal control procedures applicable
to particular kinds of assets or liabilities or to particular types of transactions.
The system of internal control is the plan of the organization and all the methods and procedures
adopted by the management of an entity to assist in achieving management’s objective of
ensuring, as far as practicable, the orderly and efficient conduct of its business.
In other words internal control is defined as a process, effected by the entity’s board of directors,
management, and other personnel, designed to provide reasonable assurance regarding the
achievement of objectives in the following categories:
Effectiveness and efficiency of operations
Reliability of financial reporting
Compliance with applicable laws and regulations
It includes the methods by which top management delegates authority and assigns responsibility
fro such functions as selling, purchasing, accounting, and production. Internal control also
includes the program for preparing, verifying and distributing to various levels of management
those current reports and analyses that enable executives to maintain control over the variety of
activities and functions that are used by a large organization.
Although internal control is broadly defined, not all of the internal control structure polices and
procedures are relevant to a given engagement at hand i.e. they may vary depending on the type,
nature and scope of engagement, areas of concern and so on. Generally the internal control
structure policies and procedures that are relevant to an audit are those that pertain to the
reliability of financial reporting. That is, those that affects the preparation of financial
information for external reporting purpose. However, other policies and procedures may be
relevant if they affect the reliability of data that the auditors use to apply auditing procedures.
For example, controls applicable to non financial data that the auditors use in performing
analytical procedures (e.g. production statistics) may be relevant to an audit. The internal control
structure policies and procedures designed to safeguard assets against loss from errors and
irregularities are ordinarily relevant to audit.
44
Objectives of internal control systems
The responsibility for establishing an internal control system is that of the management of an
enterprise and the objectives of internal control system are determined by the management
keeping in view its specific requirements, which in turn, depend on the nature of business,
volume of operations etc. The following are the objectives of internal control system:
a. Adherence to the policies and procedures laid down by the management i.e. proper
authorization of transactions and activities.
b. Safeguarding the assets of the enterprise i.e. access to assets and records is
authorized and recorded assets are compared with existing assets at reasonable
intervals and appropriate action is taken with respect to any difference.
c. Prevention and detection of fraud and error
d. Accuracy and completeness of records i.e. all transactions are recorded correctly
and as necessary to permit the preparation of reliable financial statements and
maintain accountability for assets (timely and accurate recording of transactions in
the correct period)
e. Timely presentation of reliable financial and other information
45
Comparing the results of cash, security and inventory counts with accounting
records
Limiting direct physical access to assets and records
Comparing and analyzing the financial results with budgeted amounts and so on.
An internal control system has a wide coverage that extends beyond those matters, which relate
directly to the functions of the accounting system and from this angle, the internal control system
can be divided into two categories.
Accounting controls
Administrative controls
1) Accounting controls-Those controls which are related to the accounting system is known
as the accounting controls and has the following objectives:
a. Transactions are executed in accordance with the management’s authorization, i.e.
in accordance with the laid down policies and procedures
b. Transactions are promptly recorded in a proper manner and the purpose is to
facilitate the timely preparation and communication of reliable financial
information.
c. Accountability for assets is maintained and assets are safeguarded from
unauthorized access, use or disposal.
To achieve the objectives of internal control system, it is necessary to establish adequate policies
and procedures. While the specific control policies and procedures depend on the nature of the
transactions, manner of information processing and similar factors, most of these policies and
procedures generally fall into the following categories
1. Segregation and rotation of duties
2. Authorization of transactions
3. Maintenance of adequate records and documents
4. Accountability for and safeguarding of assets
5. Independent checks on performance
Means of achieving Internal Control- For purposes of financial audits, the policies and
procedures used by an entity to achieve internal control are referred to as the entity’s internal
control structure. Internal control structure vary significantly from one organization to the next,
depending on such factors as the size, nature of operations, and objectives of the organization for
which the structure was designed. Yet certain features are essential to satisfactory internal control
in almost any large organization. The internal control structures of all organizations include five
components. These are:
46
1. The control environment
2. Risk assessment
3. The accounting information and communication system
4. Control activities; and
5. Monitoring
5.3.1. Integrity and Ethical values-the effectiveness and efficiency of the internal control
structure depends directly upon the integrity and ethical values of the personnel who are
responsible for creating, administrating, and monitoring that structure. Management should
establish behavioral and ethical standards that discourage employees from engaging in activities
that would be considered dishonest, unethical or illegal. The standards must be communicated by
appropriate means and also remove and reduce the temptations and incentives to engage in such
behavior.
47
decision-making and appropriate segregation of duties among the various departments. When the
management decision-making is centralized and dominated by one individual, that the
individual’s moral character is extremely important to the auditors. When decentralized style is
used, procedures to monitor the decision making of the many managers involved become equally
important.
5.3.6. Human resource polices and procedures-the effectiveness of the internal control is
affected by the nature and characteristics of the people working in the organization. The
management’s policies and practice pf hiring, training, evaluating, promoting and compensating
employees have a significant effect on the effectiveness of the control environment. Effective
human resource policies often can reduce or sometimes remove other weaknesses in the control
environment.
5.3.7. Assignment of Authority and responsibility- The employees in the organization should
have a clear understanding of their responsibilities and rules and regulations that govern their
actions. To enhance the control environment, the management should develop employee job
descriptions and should define clearly the authority and responsibility within the organization.
Policies should be established describing appropriate business practices, knowledge and
experience of the key personnel and the use of resources.
48
Segregation of duties
5.5.1. Performance review- these controls include reviews of actual performance as compared to
budgets, forecasts, and prior period performance: relating different sets of data to one another;
and performing overall review of performance. Performance review provides management with
an overall indication whether personnel at various levels are effectively pursuing the objectives
of the organization. By investigating the reasons for unexpected performance, management may
make timely changes in strategies and plans, or take other appropriate corrective actions.
5.5.2. Information processing-the control activities are performed to check the accuracy,
completeness, and authorization of transactions and information processing control is one of
them. The information processing control has two broad categories and they are:
General control: which apply to all information processing activities and
Application control: which apply only to single application
For example, general controls include those that restrict access to the entire accounting
information system. To understand the nature of application controls, consider the controls over
payroll, that help to ensure that (1) only authorized payroll transactions are processed, and (2)
authorized payroll transactions are processed completely and accurately.
An important aspect of information processing controls is the proper authorization of all types of
transactions. Authorization of transaction may be either general or specific. General
authorization occurs when management establishes criteria for acceptance of a certain type of
transaction. For example, top management may establish general price lists and credit policies
f0or new customers. Transaction with customers that meet these criteria can then be approved by
the credit department. Specific authorization occurs when transaction are authorized on an
individual basis. For example, top management may consider individually and specifically
authorize any sales transaction in excess of a specified amount, say $100,000.
Another control over information processing is a system of well, designed forms and documents.
In the case of a credit sales transaction, the accounting department receives copies of internal
documents prepared by the sales, credit, and shipping departments to properly record the
transaction.
5.5.3. Physical controls- These control activities include the physical security over both records
and other assets. Safeguarding of records may include maintaining control at all times over un
issued renumbered documents, as well as other journals and ledgers, and restricting access to
computer programs and data files.
Only individuals who are authorized should be allowed access to the company’s assets. Direct
physical access to assets may be controlled through the use of safes, locks, fences, and guards.
Improper indirect access to assets, generally accomplished by falsifying financial records, must
also be prevented. This may be accompanied by safeguarding the financial records, as described
above.
Periodic comparisons should be made between accounting records and the physical assets on
hand. Investigation as to the cause of any discrepancies will uncover weakness either in
procedures for safeguarding assets or in maintaining the related accounting and records. Without
these comparisons waste, loss, or theft of the related assets may go undetected.
5.5.4. Segregation of duties- a fundamental concept of internal control is that no one department
or person should handle all aspects of a transaction from beginning to end. In similar manner, no
one individual should perform more than one of the functions of authorizing transactions,
49
recording transactions, and maintaining custody over assets. Also, to the extent possible,
individuals executing the specific transaction should be segregated from these functions. The
goal is to reduce the opportunities for any one person to be in a position to both perpetrate and
conceal errors or irregularities in the normal course to his or her duties.
A credit sale transaction may be used to illustrate appropriate authorization and segregation
procedures. Top management may have generally authorized the sale of merchandise at specified
credit terms to customers who meet certain requirements. The credit department may approve the
sales transactions by ascertaining that the extension of credit and terms of sale are in compliance
with company policies. Once the sale is approved, the shipping department executes the
transaction by obtaining custody of the merchandise from the inventory stores department and
shipping it to the customer. The accounting department uses copies of the documentation created
by the sales, credit, and shipping departments as a basis for recording the transaction and billing
the customer. With this segregation of duties, no one department or individual can initiate and
execute an unauthorized transaction.
5.6. Monitoring
Monitoring is a process that assesses the quality of the internal control structure over time and it
is the last component of internal control. The monitoring of the internal control structure is
important to determine whether it is operating as intended and whether any modifications are
necessary. Monitoring can be achieved by
a. Ongoing monitoring activities include regularly performed supervisory and management
activities such as continuous monitoring of customer complaints or reviewing the
reasonableness of the management reports.
b. Separate evaluations are monitoring activities that are performed on a non-routing basis,
such as periodic audits by the internal auditors. Internal auditors investigate and appraise
the internal control structure and the efficiency with which the various units of the
organization are performing their assigned functions, and report their findings and
recommendations to the top management.
The internal audit function- An important aspect of the organization’s monitoring system is the
internal audit function. Internal auditors investigate and appraise the internal control structure
and the efficiency with which the various units of the organization are performing their assigned
functions, and report their findings and recommendations to top management. As representatives
of top management, the internal auditors are interested in determining whether each branch or
department has a clear understanding of its assignment, is adequately staffed, maintains, good
records, properly safeguards cash, inventories, and other assets, and cooperates harmoniously
with other departments.
Limitations of internal control- Internal control can do much to protect against both errors and
irregularities and ensure the reliability of accounting data. Still, it is important to recognize the
existence of inherent limitations in any internal control structure.
- Internal control is not simple; it could be complex as it involves divisions of functions and
allocation of responsibilities into many different people and units involving greater paper work
leading to excessive control. This way, many people in fact think of more control but not better
control. More control brings bottle neck, therefore, inefficiency not efficiency, and delays and
50
loss in productivity. Thus there is control risk that must be assumed to balance between risk and
safeguards to be implemented. Internal control can only provide reasonable assurance not
complete reliance to be placed.
- Mistakes may be made in the performance of internal control policies and procedures as a result
of misunderstanding of instructions, mistakes of judgment, carelessness, distraction, or fatigue.
- The internal control adopted by a business also is limited by cost considerations. It entails
increased personnel and /or sophisticated techniques of control. Thus, cost- benefit analysis must
be made to see if the costs of control can justify the benefits to be derived. In this regard, internal
controls may be more viable to implement in large organizations rather than in small ones.
The auditors’ understanding of their clients’ internal control provides a basis both to
(1) Plan the audit, and (2) assess control risk.
In planning an audit it is essential that the auditors have a sufficient understanding of the client’s
internal control structure. This encompasses both an understanding of the design of the policies,
procedures, and records, and knowledge of whether they have been placed in operation by the
client. It is difficult to imagine designing tests of financial statement balances without an
understanding of the internal control structure. For example, auditors who do not understand the
client’s policies and procedures for executing and recording credit sale would have a difficult
time substantiating the balances of accounts receivable and sales.
The auditors’ consideration of the internal control structure also provides a basis for their
assessment of control risk- the risk that material misstatements will not be prevented or detected
by the client’s internal control structure. If the auditor determine that the client’s internal control
is effective, they will assess control risk to be low. They can then accept a higher level of
detection risk, and substantive testing can be decreased. Conversely, if internal controls are
weak, control risk is high and the auditors must increase the scope of their substantive tests to
limit the level of detection risk. Therefore, the auditors’ understanding of internal control is a
major factor in determining the nature, timing, and extent of substantive testing necessary to
verify the financial statements assertions.
Obtaining understanding of the internal control structure – In every audit the auditors must
obtain an understanding of the internal control structure sufficient to plan the audit. This
understanding should include knowledge about the design of relevant internal control policies
and procedures and whether they have been placed in operation by the entity. In planning the
audit, that knowledge is used to:
The auditors’ understanding of the internal control structure encompasses not only the design of
the policies and procedures, but also whether they have been placed in operation. The term
placed in operation means that policy or procedure actually exists and is in use; that is, it does
not just exist in theory or on paper.
While obtaining an understanding of internal control, the auditors may also obtain evidence
about the operating effectiveness of various controls. Operating effectiveness deal with:
How a control is applied,
The consistency with which it is applied, and
Who applies the control
The distinction between knowing that a control has been placed in operation and obtaining
evidence on its operating effectiveness is important.
To properly plan the audit, auditors are required to determine that the major controls have been
placed in operation. However, if the auditors wish to assess control risk at a level lower than the
maximum, they must have evidence of the operating effectiveness of the controls. This evidence
is obtained by performing tests of controls.
Audit program modification-modification of audit program for various levels of control risk
should be made with having in mind the consideration that should be given to other factors such
as levels of materiality and inherent risk.
Consideration of the work of internal auditors -Many of the procedures performed by internal
auditors are similar in nature to those employed by independent auditors. SAS No. 65 “The
auditor’s consideration of the Internal Audit Function in an Audit of Financial Statements.”
Because, the internal function is an important aspect of the client’s monitoring system, the
53
independent auditors consider the existence and quality of the function in their assessment of the
client’s internal control structure. Through its contribution to internal control, the work of the
internal auditors may reduce the amount of audit testing performed by the independent auditors
given that it is relevant to the engagement at hand.
In addition to reducing the extent of the independent auditors’ substantive procedures, the
internal auditors’ work may affect the independent auditors’ procedures when obtaining an
understanding of the client’s internal control structure and assessing risk
Internal control in small companies – The preceding discussion of internal control and its
consideration by the independent auditors has been presented in the terms of large corporations.
In the large company concern excellent internal control may be achieved by extensive
segregation of duties so that no one person handles transactions completely from beginning to
end. In the case very small concern, with only one or two office employees, there is little or no
opportunity for division of duties and responsibilities. Consequently, internal control tends to be
weak, if not completely absent, unless the owner/manager recognize the importance of internal
control and participate in key activities. Because of the absence of strong internal control in
small concerns, the independent auditors must rely much more on substantive tests of account
balances and transactions than is required in large organizations.
54
Chapter seven
Audit working papers
7.1. Working papers
Working papers are the connecting link between the client’s accounting records and the auditors’
report. They document all of the work performed by the auditors and provide the justification for
the auditors’ report. Information such as audit contact entered to, audit plans, audit programmers
and data gathered , description of work performed , documents received, peoples interviewed,
items traced and reconciled , events and incidents encountered , evidences gathered , schedules,
experts and photocopies of financial statements and accounts, references comments and
observations noted --- etc, are documented in auditors work papers. The sufficient, competent
evidential matter required by the third standard of field work must be clearly documented in the
auditors work papers.
Supervising and reviewing the work of the assistants: The audit assistants complete audit
working papers and the seniors, supervising the audit work, can review it. If the senior finds any
shortcoming, the senior can write review notes to the assistants describing additional procedures
to be performed or how the working papers should be revised. The review of working papers by
seniors will help to ensure that the work of audit staff is carefully reviewed and supervised.
Support for the report: the working papers must contain adequate evidence and documentation
to convince the auditors’ engagement. This will help the auditors to arrive at appropriate opinion
on the client’s financial statements. The auditors want some evidence to support their reports and
audit working papers can rely on the evidence contained in the working papers
Compliance with the three standards of fieldwork: the auditors may find themselves liable for
the losses sustained by the users of the financial statements if the audit was not conducted in
accordance with generally accepted auditing standards. The working papers are the principal
means by which auditors can demonstrate their compliance with the standards of fieldwork.
Planning and conduction the next audit: The audit working papers from the previous audit of
the particular client provide valuable information that is useful in planning and conducting the
next audit. The working papers from the previous audit may be used as a starting point for
designing current year working papers. Before using the previous year’s working papers, the
auditor should determine that the design is still appropriate and should try to improve it.
55
Ownership of the audit work papers-Audit working papers are the property of the auditors and
not of the client. At no time does the client have the right to demand access to the auditor’s
working papers. After the audit, the auditors retain the working papers. Clients may sometimes
find it helpful to refer to information from the auditor’s working papers from prior years.
Auditors usually are willing to provide this information, but their working papers should not be
regarded as a substitute for the clients own accounting records.
Confidential nature of working papers- to conduct a satisfactory audit, the auditors must be
given unrestricted access to all information about the client’s business. Much of this information
is confidential, such as the profit margin on individual products, tentative plans for business
combinations with other companies, and the salaries of officers and key employees and other
similar issues.
Much of the information gained in confidential way by the auditors is recorded in their working
papers’ consequently; the working papers are confidential in nature. Thus, they must be
safeguarded at all times. Safeguarding working papers usually means keeping them locked in a
file cabinet or an audit case during lunch and after working hours.
56
8. Computational working papers: The auditors approach to verifying certain types of accounts
and other figures is to make an independent computation and compare their results with the
amounts shown by the client’s record.
9. Corroborating Documents: Auditing is not limited to the examination of financial records,
and working papers are not confined to schedules and analyses. During the course of an
audit, the auditor gathers much purely expository material to substantiate their report.
The auditors usually maintain two files of working papers for each client:
1. Current files for every completed audit and
2. A permanent file of relatively unchanging data.
The Current files: - The auditor’s report for a particular year is supported by the working
papers contained in the current files. Many CPA firms have found it useful to organize the
current files around the arrangement of the accounts in the client’s financial statement. Each
working paper in a file is assigned an index number, and information is tied together through
a system of cross-referencing.
In the different stages of audit; the independent auditor must become familiar with the many
aspects of the business of the client. The internal activities of the client are not in itself sufficient.
If the information is to be interpreted and evaluated in a proper perspective, the auditor must also
understand the business environment in which the client operates. The auditors can gain
considerable information about both the client’s business environment and internal operations by
examining the client’s general records. The term general records is used to include the following
categories:
1. Non-financial records
(a) Articles of incorporation and by-laws
(b) Partnership contracts
(c) Minutes of directors and shareholders meetings,
(d) Contracts with suppliers and customers.
(e) Contracts with employees
(f) Government regulations effecting the business
(g) Correspondence files
2. Financial Records
(a) Income Tax returns of previous years
57
(b) Financial statements and annual reports of previous years
(c) Registration statements and periodic reports, files with government agencies
3. Accounting records
(a) Ledgers
(b) Journals
Articles of Incorporations and Bylaws: - It is a basic document filed with the government to
evidence the legal existence of the organization. By laws are the internal administrative
structures of the organizations. They include the organizational structures, rules and procedures
adopted by the corporate shareholders. Copies of both the articles of incorporations and by laws
are retained in the auditor’s permanent files for convenient reference during the repeated audit
engagements.
Partnership Contract: - The partnership contract represents an agreement among the partners
on the rules to be followed in the operations of a partnership organization. The auditor should
examine the partnership contract in the same manner as the articles of incorporation and by laws
of corporate clients while auditing a partnership firms.
Minutes Book: - A minute’s book is an official record of the actions taken at the meetings. It
will contain certain authorizations, more important transactions and contractual arrangements
etc. In addition, the minutes may document discussions of pending litigations, investigations by
regulatory agencies etc., and the auditor should read the minutes of the meetings in order to
gather more information about the client’s business and the environment in witch the client
operates.
Contracts held or issued by the client: - During audit engagements, the auditor should obtain
the copies of all major contracts, to which the client is a party. The terms of existing contracts
are often the material factors in arriving at certain decisions while expressing the opinion. The
skill in analyzing and interpreting the financial aspects of contracts is an additional qualification
to independent auditors, as it will increase their importance.
Laws and Regulations: - The independent auditor must be familiar with the laws and
regulations that might effect the client’s financial statements. The audit must be designed to
provide reasonable assurance of detecting illegal acts having a material direct effect on the
financial statements. While an audit does not generally provide a basis for detecting violations
of laws and regulations which have an indirect effect on the financial statements, the auditor
must be aware of the possibilities that such violations have occurred. When the information that
indicates a violation comes to the attention of the auditors, the auditor should apply audit
procedures towards ascertaining whether a material illegal act has occurred.
Correspondence Files: - The general correspondence files of the client may contain more
information which will be important to the independent auditors. Correspondence may be
generally accepted as authentic one. But if reason for doubt exists the auditor may wish to
conform the contents of correspondence with the responsible persons directly.
Financial Statements of Previous Years: - The auditors can gain general background
knowledge of the financial history and problems of the business by studying the financial
statements and annual reports of the previous years. If the independent auditors have submitted
the audit reports in previous years, these documents may be useful in drawing attentions in
matters requiring special considerations.
58
Tax returns of previous years: - A review of tax returns of previous years will aid the auditors
in planning the tax services if required by the terms of engagement. The possibility of
assessment of additional taxes may exist with respect to returns of previous years and this will
help the auditor to analyze the threat of additional assessment.
Registration Certificates and Periodic Reports: - The registration statement and periodic
reports filed with the government agencies will contain valuable information necessary for the
auditors. It may contain information about the client’s capital structure, summary of the earnings
of the previous years, identity of the affiliated companies, description of the business of the
property of the client, pending legal proceedings, names of directors and executive officers of the
client and their remuneration, principal shareholder etc.
Review and testing of Accounting Records: - A review of these records will help the auditor to
understand the clients accounting system thorouly and to assess the quality of accounting
records, the accounting procedures, the control procedures, in effect etc. If the client’s accounting
records and procedures are well designed and efficiently maintained it is reasonable to devote
less audit time to verify the accuracy of the records than would be required. The extent to which
the auditors test the accounting records will depend on two factors i.e., the general conditions of
the records and the frequency and related importance of any misstatements discovered during the
actual testing.
General Ledger: - Auditors should test the general ledger by performing tests to determine
whether
1. Account balances are mathematically correct.
2. Entries in the ledger were posted from journal entries and
3. Journal entries were properly posted to the appropriate ledger accounts.
General Journal: - Entries in the general journal are those for which special journals have not
been provided accordingly a variety of infrequently occurring transactions is normally included.
The auditor should
(i) Check the total column of the journal
(ii) Vouch selected entries to the original documents
(iii) Scan the journals for unusual entries
(iv) Determine the entries that have been with proper approval of concerned
officer.
59