CHAPTER 1.

0: INTRODUCTION TO AUDITING

1.1 PRINCIPLES OF AUDITING

Mr. Musonda sets up a business of selling spares. For three years all goes well. The
spares sell steadily and Mr. Musonda gets some income from the business.

Mr. Musonda feels that the business could make more money if he invested in some new
premises, bought a motor van and if he employed an assistant. He needs more money to
do this. He decides to ask Mr. Banda, his rich friend and brother-in-law to invest in the
business.

Mr. Banda wants to invest in the business but does not wish to work for the business or
take on any risk for the business debts.

Mr. Banda suggests that Mr. Musonda converts the business into a company. This will
mean that if the company becomes insolvent, he will only lose at maximum the amount
that he has invested in the company. Mr. Musonda agrees. Mr. Banda buys 60% of the
shares and Mr. Musonda buys 40%. They both agree that Mr. Musonda is to be paid a
reasonable salary as Managing Director of the business.

At the end of first year of trading as a limited company, Mr. Banda receives a copy of the
accounts. Profits are lower than he expected. This means that his return from the
company (in dividends) will not be as high as he had hoped.

You should now try to answer the following two questions before reading on:

(a) What is Mr. Banda’s position in relation to Mr. Musonda in the business?

(b) If you were Mr. Banda what would you do now?

Regarding the first question, Mr. Banda is clearly a provider of capital, as indeed is Mr.
Musonda. The difference between them is that Mr. Musonda is an owner/manager,
whereas Mr. Banda has taken a passive role.

Mr. Musonda is similar to a director of a limited company (holding shares therein) and
Mr. Banda is similar to a shareholder who has entrusted his funds to the directors of such
a company.

Regarding question (b) Mr. Banda will ask for an explanation from Mr. Musonda as to
why the profits are lower than expected, whether proper accounting records were
prepared and if the profits were calculated correctly.
Mr. Musonda tells Mr. Banda that as far as he is concerned, the accounts are accurate.
Mr. Banda knows that Mr. Musonda gets paid a salary regardless of what the profits are.
He is concerned that this means Mr. Musonda is not as worried about profit level as he is.

Mr. Banda feels he needs further assurance on the accounts, but he does not know a great
deal about financial matters. How can Mr. Banda obtain the assurance that he wants?

The assurance Mr. Banda is seeking can be given by an audit of the financial statements.
An auditor can provide the two things Mr. Banda requires.

 A knowledgeable view of the company’s business and of the accounts.

 An impartial view since Mr. Musonda’s view may be partial.

SUMMARY OF THE PRINCIPLES

What can we derive from this very simple example? The following matters do seem to
be important:

(i) The example may appear to be simple and perhaps of little consequence to us but
for Mr. Musonda and Mr. Banda (two users of accounting information) the
preparation of reliable accounts was a matter of great importance.

(ii) Mr. Banda will carry out an investigation of the business as reflected in the
accounts of course aided by a qualified person. This person will carry out an
audit using a number of useful techniques.

(iii) Calculation of figures will need to be carried out by an independent person to

verify the accuracy of the accounts. This independent person is the auditor.

(iv) The use of information from a source independent of the person running the
accounts arrive at a fairer picture.

(v) The use of actual personal experience in verifying the accuracy of the amounts
appearing in the accounts.

There are two important matters that should be emphasized at this point.

(a) It would be seen that the auditor has to behave in a competent manner if a
successful audit is to be carried out.

(b) An audit is clearly a search for evidence to arrive at what the auditor perceives
to be the truth.

(c) An independent person can add more credibility to the accounts than the
brother-in-law to Mr. Musonda who was too closely involved in the
management process.
2
 (d) Similarly, the inspector of taxes would clearly prefer account that had received
the seal of approval from a properly qualified and independent person.

(e) One final matter is worthy of note that Mr. Banda on his own lacked expertise and
experience to gather evidence to prove that the accounts were accurate and
reliable. It is for this reason that he requested for an audit to be carried out.

We are now in a position to suggest a definition of an audit.

“An audit is an exercise that qualified auditors carry out in order to be able to give the
legal opinion whether financial statements of an organisation give a true and fair
view.”

 Generally speaking, it is not possible for the provider of funds to a business to

carry out an audit of the type Mr. Musonda carried out. Normally, shareholders
and other users are not competent to do this or would not be allowed to do so. It
would be impossible for an ordinary shareholder of KCM plc to investigate (i.e.
audit) the accounts of the company.

 However, it does seem that there may be doubts as to whether it is wise to rely on
accounts that have not been audited. We say that unaudited accounts lack
sufficient credibility to form a reliable basis for decision making by users of the
accounts. Note that Mr. Musonda had made a number of false assumptions and
errors when drawing up the original receipts and payments account.

Note: Do not make the assumption that business people are all engaged in
fraudulent activity (a common student misapprehension in the
experience of the authors). There are probably far more incompetent
people in the business world than swindlers.

 A person who can add credibility to the accounts is clearly not someone like Mr.
Musonda, who was too closely involved in the management process. Perhaps it is
not even Mr. Banda, who nevertheless appears not competent enough to be an
auditor. Just imagine whether (say) an inspector of taxes would be happy to
accept Mr. Musonda if he were to send the accounts he has drawn up to the
inspector together with a note saying that, in his view, the accounts are acceptable
as the basis for the calculation of tax liability. The inspector would clearly prefer
accounts that had received the seal of approval from a properly and independent
person. Only a person entirely independent of the management of an organization
and not financially involved with it can add the desired credibility to the accounts.

 One final matter is worthy of note at this point and that is that Mr. Musonda felt
he lacked enough evidence to prove that the accounts were accurate or reliable
enough for his purposes. It seems that uncertainty may be, on occasion, an
important matter.

3
 We shall be discussing the above principles in greater depth in later chapters in
the book, but we are now in a position to suggest a definition of auditing which
will prove useful in our subsequent discussions.

DEFINITION OF AN AUDIT

‘An audit is an investigation or a search for evidence to enable an opinion to be

formed on the reliability of financial and other information by a person or persons
independent of the preparer and persons likely to gain directly from the use of the
information, and the issue of a report on that information with the intention of
increasing its credibility and therefore its usefulness.’

This definition is not the same as that which appears in the Glossary of Terms to the
Explanatory Note to the Auditing Standards issued by the accounting bodies but is in the
writer’s opinion more useful for the student of auditing. For the sake of completeness,
the official definition is given below:

‘Audit is the independent examination of, and expression of opinion on the

financial statements of an enterprise by an appointed auditor in pursuance of that
appointment and in compliance with any statutory obligation.’

The words in italics in the latter definition are not emphasized in the Glossary of Terms,
but we have done so here to show that the ideas of ‘independence’, ‘examination’ or
‘investigation’, ‘reporting’ or expressing an opinion’ are common to both the above
definitions. The idea of ‘reliability’ in the first definition is close to the idea of ‘truth and
fairness’ which is a statutory obligation placed on directors of limited companies
responsible for the preparation of financial statements, as we shall see when we come to
discuss the ‘true and fair view’ in a later chapter.

SUMMARY

This chapter has introduced you to a simple audit situation and has suggested a number of
important ideas about auditing. The principles are highlighted in the self-assessment
questions at the end of the chapter. When you are doing this try to imagine what a
sensible and logical-thinking person would suggest. Auditing often needs more than the
exercise of simple common sense; it requires the exercise of reason and, in many cases,
specializes knowledge, but common sense does help. It is not sufficient merely to make a
guess; in each case you should justify your answer. When you have made a note of your
own answers check them against the suggested solutions. If any of your answers are
different, make careful notes of the explanation given and re-read the appropriate part of
the chapter to make sure you understand where you went wrong.

4
AUDIT

1.2 We shall concentrate on the general guidance the ASB gives on what constitutes
an audit.

KEY TERM

An audit is an exercise whose objective is to enable auditors to express an

opinion whether the financial statements give a true and fair view (or equivalent)
of the entity’s affairs at the period end and of its profits and loss (or income and
expenditure) for the period then ended and have been properly prepared in
accordance with the applicable reporting framework (for example relevant
Legislation and applicable accounting standards) or, where statutory or other
specific requirements prescribe the term and whether the financial statements are
‘presented fairly’.

1.3 ‘What an audit is really about’ is the subject matter of the International Audit and
Assurance Standards Board Statement of Auditing Standards ISA 200 Objective
and general principles governing an audit of financial statements. The first
‘Statement of Auditing Standards’ in ISA 200 is as follows:

ISA 200.1

In undertaking an audit of financial statements auditors should:

(a) Carry out procedures designed to obtain sufficient appropriate audit

evidence, in accordance with Auditing standards contained in ISAs, to
determine with reasonable confidence whether the financial statements
are free of material misstatement;

(b) Evaluate the overall presentation of the financial statements, in order to

ascertain whether they have been prepared in accordance with relevant
legislation and accounting standards; and

(c) Issue a report containing a clear expression of their opinion on the

financial statements.

1.4 The ISA’s explanatory material highlights the credibility given to financial
statements by the auditors’ opinion; it provides ‘reasonable assurance from an
independent source that they present a true and fair view’.
5
1.5 That is to say the audit report reassures readers of the accounts that the accounts
have been examined by a knowledgeable, impartial professional. ISA 200 goes
on to stress further the importance of auditors acting independently and
ethically.

1.6 The assurance that auditors can only express an opinion is governed by the fact
that auditors use judgment in deciding what audit procedures to use and what
conclusions to draw, and also by the limitations of every audit.

(a) The fact that auditing is not a purely objective exercise. Auditors have to
make judgments in a number of areas including risk assessment, what
constitute a significant error, what tests to perform and ultimately what
opinion to give.

(b) The fact that auditors do not check every item in the accounting records.
We shall see that for tests, auditors only check a sample of items.

(c) The limitations of accounting and internal control systems. For

example, the systems may not be able to deal with unusual transactions,
and may not be flexible enough to cope well with changing circumstances.

(d) The possibility that client management or staff might not tell the truth,
or collude in fraud. One important control may be a division of
responsibilities so that one number of staff checks another’s work, but the
control will be ineffective if they collude.

(e) The fact that audit evidence indicates what is probable rather than what
is certain. Some figures in the accounts are estimates, some require a
significant degree of judgment and some are affected by uncertainty.

(f) The fact that auditors are reporting generally some months after the
balance sheet date. The client’s position may be changing, and the
position shown in the accounts at the last year-end may be significantly
different from the up-to-date position. If on the other hand auditors had to
report soon after the balance sheet date, evidence about certain figures in
the balance sheet date, may be insufficient.

(g) The limitations of the audit report. Although work has been done to make
the report more informative, the standard format is likely to reflect all
aspects of the audit. This is discussed further in the Chapter on Auditors
report.

Hence auditors can only express an opinion; they cannot certify whether accounts
are completely correct.

1.7 Material misstatements may exist in financial statements and auditors will plan
their work on this basis, that is, with professional scepticism.
6
1.8 ISA 200 makes it clear that, even where auditors assess the risk of litigation or
adverse publicity as very low, they must perform sufficient procedures according
to auditing standards. That is, there can never be a reason for carrying out an
audit of a lower quality than that demanded by the auditing standards. This will
be discussed in Chapter 5.

ISA 200.2

In the conduct of any audit financial statements auditors should comply with the
ethical guidance issued by their relevant professional bodies.

1.9 You should be aware of ZICA's ethical guidance.

1.10 Audits are required under statute in the case of a large number of undertakings,
including the following:

Undertakings Principal Act

Limited companies Companies Act 1985
Building societies Building Societies Act 1965
Trade unions and employer Trade Union and Labour relations Act
associations 1974

Housing Associations Various acts depending on the legal

constitution of the housing association,
including:
Industrial and Provident Societies Act
1965
Friendly and Industrial and Provident
Societies Act 1968
Housing Act 1980
Companies Act 1985
Housing Association Act 1985

Certain charities Various acts depending on the status of the

charity, including special Acts of
parliament.

Unincorporated investment Regulations made under the Financial

business Services Act 1986

7
1.11 Small limited companies are exempt from an audit. The regulations are:

(a) A company is totally exempt from the annual audit requirement in a

financial year if its turnover for that year is not more than K1 million and
its balance sheet total is not more than K1.4 million.

(b) The exemptions do not apply to public companies, banking or insurance

companies or those subject to a statute based regulatory regime.

(c) A company that is part of a group can claim exemption provided the group
of which it is a member is a small group which satisfied the conditions.

(d) Shareholders holding 10% or more of the capital of any company can veto
the exemption.

(e) A dormant company which fulfils the criteria of s 249AA (that is it

qualifies for exemption as a small company) does not need a special
resolution to gain exemption from audit.

Responsibility

1.12 A key point that is made in ISA 200 is that auditors do not bear any
responsibility for the preparation and presentation of the financial statements.

The responsibility for the preparation and presentation of the financial

statements is that of the directors of the entity. Auditors are responsible for
forming or expressing an opinion on the financial statements. The audit of the
financial statements does not relieve the directors of any of their
responsibilities.

1.13 Another key fact about responsibility, which is often perceived incorrectly, is that
the auditor does not have any responsibility with regard to prevention and
detection of fraud.

Benefits of Audit

1.14 The key benefit of audit has been mentioned above. It is the fact that through an
audit, the owners of the company (members) are given an independent opinion
as to the truth and fairness of the accounts which have been prepared for them
by the directors, giving them an impression of how their investment has
performed in the period.

8
1.15 There are a number of subsidiary benefits however. Examples include:

 The financial statements can be used by third parties such as banks, to

make decisions about the company. An audit will give them more
confidence in the financial statements. However, the auditor should be
aware of potential liability which will be explained in a later unit.

 The auditors can use their experience as business advisors to help the
directors improve the business as a by-product of the audit. This can be
achieved by:

o Management letter.
o Discussions during the audit

 Specifically, the existence of the auditor can help to mitigate against risks.
A key example of this is the risk of fraud despite it not being the duty of the
auditor to detect fraud.

Limitations of audit

1.16 Some of the limitations of audit were discussed earlier. There are other
provisions attached to the assurance given by the auditor. The auditors’ opinion
is not a guarantee of:

 The future viability of the entity.

 Management’s effectiveness and efficiency
 No fraud having been perpetrated on the company.

Non-Statutory audit

1.17 Non-statutory audits are performed by independent auditors because the

owners, proprietors, members, trustees, professional and governing bodies or
other interested parties want them, rather than because the law requires them. In
consequence, auditing may extend to every type of undertaking that produces
accounts, including:

 Clubs.
 Charities (assuming that an audit is not statutory).
 Sole traders.
 Partnerships

1.18 Auditors may also give an audit opinion on statements other than annual
accounts including:

9
  Summaries of sales in support of a statement of royalties.
 Statements of expenditure in support of applications for regional
development grants.
 The circulation figures of a newspaper or magazine.

1.19 In all such audits the auditors must take into account any regulations contained
in the internal rules or constitution of the undertaking. Examples of the
regulations which the auditors would need to refer to in such assignments would
include:

 The rules of clubs, societies and charities.

 Partnership agreements

Advantages of the non-statutory audit

1.20 In addition to the advantages common to all forms of audit, including the
verification of the accounts, recommendations on accounting and control systems
and the possible detection of errors and fraud, the audit of the accounts of a
partnership may be seen to have the following advantages:

(a) It can provide a means of settling accounts between the partners.

(b) Where audited accounts are available this may make the accounts more
acceptable to the Inland Revenue when it comes to agreeing an
individual partner’s liability to tax. The partners may well wish to take
advantage of the auditors’ services in the additional role of tax advisers.

(c) The sale of the business or the negotiation of loan or overdraft facilities
may be facilitated if the firm is able to produce audited accounts.

(d) An audit on behalf of a ‘sleeping partner’ is useful since generally such

a person will have little other means of checking the accounts of the
business, or confirming the share of profits due to him or her.

2. CHRONOLOGY OF AN AUDIT

Determine audit approach

Stage 1 Determine the scope of the audit and the auditors’ approach. For statutory
audits the scope is laid down by the Companies Act 1985 and expanded by
Auditing Standards.

The auditors should prepare an audit plan, which should be placed on file.

Ascertain the system and controls

10
Stage 2 Determine the flow of documents and extent of controls in existence in
the client’s system.

This is a fact finding exercise which is achieved by discussing the

accounting system and document flow with all the relevant departments
(for example, sales, purchases, cash, stock and accounts personnel).

It is good practice to make a rough record of the system during this fact
finding stage which will be converted to a formal record at later stages.

Stage 3 Prepare a comprehensive record of the system to facilitate evaluation of

the systems. The records may be in various formats (for example, charts,
narrative notes, internal control questionnaires and flowcharts).

Stages 4 Confirm that the system recorded is the same as that in operation.

This is achieved by performing wall-through tests. These involve tracing

a handful of transactions through the system and observing the operation
of controls over them.

This check is useful because sometimes client staff will tell the auditors
what they should be doing rather than what is actually done.

Assess the system and internal controls

Stage 5 Evaluate the systems to gauge their reliability and formulate a basis for
testing their effectiveness in practice.

Auditors will be able to recommend any improvements and also determine

the extent of further tests at Stage 6 and 8 below.

Auditors will be able to recommend any improvements and also determine

the extent of further tests at Stages 6 and 8 below.

Test the system and internal controls

Stage 6 (This should only be carried out if the controls are evaluated as effective at
Stage 5. If not, Steps 6 and 7 should be omitted.)

If controls are effective, test should be designed to establish compliance

with the system should be selected and performed.

Tests of controls, which cover a larger number of items than walkthrough

tests and cover a more representative sample of transactions through the
period, should be carried out.

11
 If controls are strong, the records should be reliable and the amount of
detailed testing can be reduced. If controls are ineffective in practice;
more extensive substantive procedures will be required.

Stage 7 After evaluating the systems and testing controls, auditors normally send
an interim report to management identifying weaknesses and
recommending improvements.

Test the financial statements

Stages 8 These tests are concerned with substantiating the figures given in the
financial statements.

Stage 9 Substantive tests also serve to assess the effect of errors, should errors
exist.

Before designing a substantive procedure it is essential to consider

whether any errors produced could be significant. If the answer is no,
there is no point in performing a test.

Review the financial statements

Stage 10 The financial statements should be reviewed to determine the overall

reliability of the account by making a critical analysis of content and
presentation.

Express an opinion

Stage 11 The auditors evaluate the evidence that they have obtained and they
express their opinion to members in the form of an audit report.

Stage 12 The final report to management is an important non-statutory end

product of the audit. The purpose of it is to make further suggestions for
improvements in the systems and to place on record specific points in
connection with the audit and the accounts.

SMALLER ENTITIES

4.1 The control systems in smaller entities are often not as sophisticated as those in
larger entities. The particular area that can be a concern for smaller entities with
few staff is segregation of duties. It can be impossible to adequately share duties
between staff when there are only one or two staff.

4.2 Having established that proprietor involvement is the key to internal control in the
small enterprise, we need next to be rather more precise and identify the types of

12
 control relevant to each principal accounting area. These controls can be referred
to as ‘minimum business controls’.

4.3 It is important to appreciate that such controls will not, and cannot, be evaluated
and relied on by the auditors as in a ‘systems’ audit approach, but they do
provide overall comfort to the auditors, particularly when determining whether
to seek to rely on management assurances as to the accounting records.

4.4 The following checklist provides illustrative examples of minimum control

standards.

Mail

 Is all mail received and opened by the proprietor?

 If the proprietor does not himself open the mail, is it opened by a person not connected
with the accounts and read by him before it is distributed to the staff?

Receipts

 Are all cheques and postal orders received by post counted by the proprietor before
they are passed to the cashier?

 Are all cheques and postal orders crossed to the company’s branch of its bankers ‘not
negotiable – account payee only’.

 Are cash sales and credit sale receipts over the counter controlled by locked cash
register tapes which only the proprietor can open?

 Does the proprietor reconcile the cash register totals with the cash sales receipts daily?

 Is the person performing the duties of cashier barred any responsibility concerning the
sales, purchase nominal ledgers?

Banking

 Is all cash received intact at intervals of not more than three days?

 Does the proprietor reconcile all monies received with the copy paying-in slips at
regular intervals?

Payments

 Is all cash received banked intact at intervals of not more than three days?

13
 Does the proprietor sign all cheques?

 Are cheques signed by the proprietor only after he has satisfied himself that:

o He has approved and cancelled all vouchers supporting the payment?

o All cheques are crossed not negotiable and account payee only?
o All cheque numbers are accounted for?

 Are petty cash expenses controlled by the imprest system?

 Does the proprietor review all expenses and initial the petty cash book before
reimbursing the cashier?

Bank statements

 Are bank statements and cheques sent direct to the proprietor and opened only by him?

 Does the proprietor scrutinize all paid cheques to ensure that he has signed them all
before he passes them to the cashier?

 Does the proprietor:

o Prepare a bank reconciliation each month? Or

o Review in detail a reconciliation produced by the cashier?

Orders

 Are all purchase orders issued:

o Serially numbered by the printer?

o Pre-printed duplicate order forms?

 Does the proprietor approve all orders?

Receipts of goods

Are delivery notes:

 Checked with goods?

 Compared with the copy order?
 Compared with the invoice?

Wages

 Is a separate cheque drawn for the exact amount to pay wages and tax?

 Does the proprietor either prepare or examine the wages records before signing the
14
 cheque?

 Does the proprietor initial the wages records after his examination?

 Does the proprietor oversee the distribution of the wages packets or does he distribute
them himself?

Receivables

 If credit is granted to customers does the proprietor:

o Authorise every extension of credit to a customer?

o Approve credit limits for each customer?

 Does the proprietor authorize all:

o Write offs bad debts?

o Sales returns and allows?
o Discounts other than routine cash discounts?

 Does the proprietor receive a monthly of trade accounts receivable, showing the age
of the debts?

 Are all authorizations by the proprietor evidenced by his initials?

Goods outwards

 Are pre-numbered dispatch notes prepared for all goods leaving the premises?

 Are all dispatch notes:

o Accounted for?
o Cross referenced with invoices and credit notes?

 Is the proprietor satisfied that all goods leaving the premises have been accounted for?

Inventory

 Does the proprietor scrutinise inventory regularly to:

 Keep abreast of what is in inventory?

 Discover obsolete items?

 Discover damaged articles?

 Ensure that inventory levels are kept under control?

15
4.5 Although the above types of control are desirable and feasible, they are
nevertheless relatively informal. Consequently, evidence of their performance
tends to be lacking and they may indeed be overridden as there is no check on the
proprietor himself.

Examination focus point

In the examination, run the following checklist through your mind when
approaching questions about controls in smaller entities.
 Are you being logical?
 Consider the number of staff the entity is likely to employ.
 Remember, top management or the owners are likely to be involved on a day
to day level
 Bear in mind a general rule: The smaller the entity, the fewer the daybooks
and ledgers..

1.2 RIGHTS AND RESPONSIBILITIES OF THE AUDITOR

1.2.1 The audit is primarily a statutory concept, and eligibility to conduct an audit is
often set down in statute. Similarly, the rights and duties of auditors can be set
down in law, to ensure that the auditors have sufficient power to carry out an
effective audit.
Duties
1.2.2 The auditors should be required to report on every balance sheet and income
statement laid before the company in general meeting.

1.2.3 The auditors may also be required to consider the following:

Compliance with legislation Whether the accounts have been prepared

in accordance with the relevant legislation.

Truth and fairness of accounts Whether the balance sheet shows a true and
fair view of the company’s affairs at the
period and the income statement (and a
cash flow statement) show a true and fair
view of the results for the period.

Agreement of controls accounts Whether the accounts are in agreement with

to records the accounting records.
16
 Consistency of other Whether the other information with the
information accounts is consistent with the accounts

Rights

1.2.4 The auditors must have certain rights to enable them to carry out their duties
effectively.

1.2.5 The principal rights auditors should have, excepting those dealing with
resignation or removal, are set out in the table below, and the following are notes
on more detailed points.

Access to records Right of access at all times to the books,

accounts and vouchers of the company.

Information and explanations A right to require from the company’s

officers such information and
explanations as they think necessary for
the performance of their duties as
auditors.

Attendance at/notices of general A right to attend any general meetings

meetings of the company and to receive all
notices and communications relating to
such meetings which any member of the
company is entitled to receive.

Right to speak at general meetings A right to be heard at general meetings

which they attend on any part of the
business that concerns them as auditors

Rights in relation to written A right to receive a copy of any written

resolutions resolution proposed.

Right to require laying of accounts A right to give notice in writing require

that a general meeting be held for the
purpose of laying the accounts and
reports before the company (if elective
resolution dispensing with laying of
accounts in force).

Rights to information

1.2.6 If auditors have not received all the information and explanations they consider
necessary, they should state this fact in their audit report.
17
1.2.7 Laws may make it an offence for a company’s officer knowingly or recklessly to
make a statement in any form to an auditor which:

 Purports to convey any information or explanation required by the auditor

 Is materially misleading, false or deceptive.

1.2 AUDITING STANDARDS

Rules governing audits

1.2.1 We discussed in Chapter 1 the various stakeholders in a company, and the number
of people who might read a company’s accounts. Consider also that number of
these readers will not just be reading a single company’s accounts, but will also
be reading the accounts of a large number of companies, and making comparisons
between them.

1.2.2 Readers want assurance when making comparisons that the reliability of the
accounts does not vary from company to company. This assurance will be
obtained not just from knowing each set of accounts has been audited, but
knowing that each set of accounts has been audited to common standards.

1.2.3 Hence there is a need for audits to be regulated so that auditors follow the same
standards. As we see in this chapter, auditors have to follow rules issued by a
variety of bodies. As we saw above, some obligations are imposed by
governments in law, or statute, some obligations are imposed by the professional
bodies to which auditors are required to belong (such as ZICA in Zambia).

1.2.4 We have already mentioned that International Standards on Auditing (ISAs) are
produced by the International Audit and Assurance Standard Board (IASB), a
technical standing committee of IFAC. An explanation of the workings of the
IAASB, the authority of the ISAs and so on are laid out in the Preface to
International Standards on Auditing (ISAs) and Related Services (RSs).

Preface to ISAs and IRSs

1.2.5 The preface restates the mission of IFAC as set out in its constitution: ‘The
development and enhancement of an accountancy profession able to provide
services of consistency high quality in the public interest’.

1.2.6 In working toward this mission, the Council of IFAC established the International
Auditing Practices Committee, precursor to IAASB to develop and issue, on
behalf of the Council, standards and statements on auditing and related services.
Such standards and statements improve the degree of uniformity of auditing
practices and related services throughout the world.

18
ISAs and RSs

1.2.7 Within each country, local regulations govern, to a greater or lesser degree, the
practices followed in the auditing of financial or other information. Such
regulations may be either of a statutory nature, or in the statements issued by the
regulatory or professional bodies in the countries concerned.

1.2.8 National standards on auditing and related services published in many countries
differ in form and content. The IAASB account takes account of such documents
and difference and, in the light of such knowledge, issues ISAs which are
intended for international acceptance.

The authority to ISAs

1.2.9 An introductory paragraph is found at the beginning of each standard, as follows

(with variations where necessary to suit the individual circumstance of each
standard). This lays out the authority attached to ISAs in general.

Authority of International Standards of Auditing

International Standards on Auditing (ISAs) are to be applied in the audit of

financial statements. ISAs are also to be applied, adapted as necessary, to the
audit of other information and to related services.

ISAs contain the basic principles and essential procedures (identified in bold
type-black lettering) together with related guidance in the form of explanatory
and other material. The basic principles and essential procedures to be
interpreted in the context of the explanatory and other material that provides
guidance for their application.

To understand and apply the basic principles and essential procedures together
with the related guidance, it is necessary to consider the whole text of the ISA
including explanatory and other material contained in the ISA not just that text
which is black lettered.

In exceptional circumstances, an auditor may judge it necessary to depart from

an ISA in order to more effectively achieve the objective of an audit. When such
a situation arises, the auditor should be prepared to justify the departure.

ISAs need only be applied to material matters.

1.2.10 Any limitation of the applicability of a specific ISA is made clear in the
introductory paragraphs to that ISA (see below).

19
Part A: Auditors Rights and Responsibilities

Application to public sector

The public Sector Perspective (PSP) issued by the Public Sector Committee of
the International Federation of Accountants is set out at the end of an ISA.
Where no PSP is applicable in all material respects to the public sector.

1.2.11 ISAs do not override the local regulations referred to above governing the audit of
financial or other information in a particular country.

(a) To the extent that ISAs conform with local regulations on a particular
subject, the audit of financial or other information in that country in
accordance with local regulations will automatically comply with the ISA
regarding that subject.

(b) In the event that the local regulations differ from, or conflict with, ISAs
on a particular subject, member bodies should comply with the obligations
of members set forth in the IFAC Constitution as regards these ISAs (i.e.
encourage changes in local regulations to comply with ISAs).

The authority attached to International Auditing Practice Statements (IAPs)

1.2.12 IAPSs are issued to provide practical assistance to auditors in implementing the
ISAs or to promote good practice. They are not intended to have the authority of
ISAs. You will mainly come across them in relation to auditing in computer
information systems (CIS) environments (see chapter 9).

Working procedures of the IAASB

1.2.13 The working procedure of the IAASB is to select subjects for detailed study by a
subcommittee established for that purpose. The IAASB delegates to the
subcommittee the initial responsibility for the preparation and drafting accounting
standards as appropriate.

1.2.14 As a result of that study, an exposure draft is prepared for consideration by the
IAASB. IF approved, the exposure draft is widely distributed for comment by
member bodies of IFAC, and to such international organizations that have an
interest in auditing standards as appropriate.

1.2.15 The comments and suggestions received as a result of this exposure are then
considered by the IAASB and the exposure draft is revised as appropriate.
Provided that the revised draft is approved it is issued as a definitive
International Standard on Auditing or as an International Auditing Practice
Statement and becomes operative.
20
CURRENT ISAs

International Standards on Auditing

No Title

100 Assurance Engagements

110 Glossary of terms
120 Framework of ISAs
200 Objective and general principles governing an audit financial statements
210 Terms of audit engagement
220 Quality control for audit work
230 Documentation
240 The auditor’s responsibility to consider fraud and error in an audit of
financial statements.
250 Consideration of laws and regulations in an audit financial statements
260 Communication of audit matters with those charged with governance
300 Planning
310 Knowledge of the business
320 Audit materiality
400 Risk assessments and internal control
401 Auditing in a computer information systems environment
402 Audit considerations relating to entities using service organisations
500 Audit evidence
501 Audit evidence - additional
505 External confirmations
510 Initial engagements- opening balances
520 Analytical procedures
530 Audit sampling and other selective testing procedures
540 Audit of accounting estimates
550 Related parties
560 Subsequent events
570 Going concern
580 Management representations
600 Using the work of another auditor
610 Considering the work of internal auditing
620 Using the work of an expert
700 The auditor’s report on financial statements
710 Comparatives
720 Other information in documents containing audited financial statements
800 The auditor’s report on special purpose audit engagement
810 The examination of prospective financial information
910 Engagements to review financial statements
920 Engagements to perform agreed-upon procedures regarding financial
information
930 Engagements to compile financial information

21
Notes

1 Students should be aware of the nature and meaning of the audit report and should
be able to discuss the contents and wording of the report. Students would not be
asked to reproduce the audit report in full in an exam questions, but they may be
requested to prepare explanatory paragraphs for inclusion in the report
particularly in situations leading to a modified report.

2 Students are advised that questions will be based on the principles and good
practice set out in the International Standards on Auditing.

Exam focus point

ISAs are quoted throughout this text and you must understand how they are
applied in practice. Not all the ISAs listed above are examinable; you should
look for the list of examinable documents in Student Accountant. The following
ISAs are not examinable:

ISA 220 Quality control for audit work

ISA 800 Related parties
ISA 810 The examination of prospective financial information
ISA 920 Engagement to compile financial information

1.2.16 You should refer back to the definition of small entities given on page 22.

1.2.17 Although ISAs apply to the audit of financial information of any entity regardless
of its size, small businesses posses a combination of characteristics which make it
necessary for the auditors to adapt their approach to the circumstances
surrounding the small business engagement.

1.2.18 The IAPS on the audit of small businesses, IAPS 1005 the Special Considerations
in the Audit of Small entities was issued in march 1999.

1.2.19 The IAPS discusses how various ISAs apply to the audit of small enterprises.

ISA 210 Terms of Audit Engagement

1.2.20 The engagement letter should make it clear to the owner-managers their
responsibility for the accounts even when they are outsourced.

1.2.21 Auditors should remember that if there is likely to be insufficient audit evidence
to form an opinion because of the characteristics of the client, the auditor may
decide not to accept the engagement in accordance with ISA 700.
22
ISA 220 Quality control for audit work

1.2.22 An audit completion checklist may be particularly helpful on small audits. It may
also be necessary to consult on complex or technical issues with other auditors,
particularly if the audit is carried out by a sole practitioner.

ISA 230 Documentation

1.2.23 Adequate working papers must be prepared.

ISA 240 Fraud and error

1.2.24 A dominant owner-manger and management authorization may have a significant

impact on the control environment. However, these factors may also be a
potential weaknesses because of the opportunity for management override. The
exposure draft gives the following examples of conditions or event which may
increase the risk of fraud or error:
 The owner-manager has a specific identifiable motive to distort the financial
statements, combined with the opportunity to do so.

 The owner-manager makes no distinction between personal and business

transactions.

 The owner-manager’s life-style is materially inconsistent with the level of his

or her remuneration.

 There are frequent changes of professional advisers.

 The start date for the audit has been repeatedly delayed.

 Unusual transactions around the year-end have had a material effect on profit.

 Unusual related party transactions have occurred.

 Excessive payments of fees or commissions have been made to agents and

consultants.

 Disputes with tax authorities have arisen and not been resolved.

23
ISA 300 Planning

1.2.25 Planning can often be started with a file note at the end of the previous year’s
audit highlighting significant issues. Discussions with the owner-manager are an
important part of planning. Audit plan may be modified as a result of
participation by the auditors in accountancy work.

ISA 310 Knowledge of the business

1.2.26 Regular discussions with the owner-manager can often provide useful information
about the business, particularly about the following areas:

 The activities of the small enterprises, its main products and services, and the
industry in which it operates
 The management style, aims and attitude of the owner-manager.
 Any plans for changes to the nature, management and ownership of the
enterprise.
 Trends in profitability or liquidity and the adequacy of working capital.
 Legal or regulatory issues facing the business, including its relationship with
the taxation authorities.
 The accounting records
 The control environment

ISA 320 Audit materially

1.2.27 Draft accounts will often not be available when assessing information at the
planning stage. The trial balance may be used as an alternative and it may also be
easier to obtain an estimation of turnover than pre-tax profit. In any event it may
be inappropriate to assess materially as a % of pre-tax profit when the business is
operating at our near breakeven point.

ISA 400 Risk assessments and internal control

1.2.28 Inherent risk will not necessary be higher than for a larger business. The auditor
should consider risk for each financial statement assertion rather than
automatically assuming risk will be high.

1.2.29 Control risk will often be assessed as high because of the lack of independent
checking and the lack of segregation of duties. Close involvement of the owner-
manager may compensate for these weaknesses but may also mean that the risk of
management override and fraud is increased. There may also be a lack of
evidence of supervisory controls.

1.2.30 Auditors may also feel that available audit is insufficient to support an unqualified
report, particularly where most transactions are for cash and there is no regular
pattern of costs and margins.

24
ISA 401 Auditing in a computer information systems environment

1.2.31 The use of computer information systems may lower the auditors’ assessment of
control risk because the CIS used may be better organized, less dependent upon
the skills of the people using it and less susceptible to manipulation than a non-
compromised system. The auditor may also be able to obtain more easily reports
and information.

1.2.32 It may be impractical to use CAATs because of the smaller volumes of technical
data being processed, and the lack of technical assistance available from the
client.

ISA 500 Audit evidence

1.2.33 Auditors may have problems obtaining evidence to support the completeness of a
population particularly where the owner-manager occupies a dominant position
and there is a lack of internal control procedures. However, auditors may be able
to obtain substantive evidence form procedures such as:

(a) External confirmation.

(b) Comparison of recorded amounts with amounts calculated on the basis of

separately recorded data, for example goods issues recorded in physical
inventory records may be expected to give rise to sales income.

(c) Reconciliations of total quantities of goods bought and sold.

(d) Analytical procedures

(e) Review of transactions after the balance sheet date

(f) Inspecting numerically-based systems controlling the dispatch of goods or

the provision of services.

1.2.34 If the auditors also carry out accountancy work for the client, this work is likely
only to provide some of the evidence relating to certain audit objectives such as
completeness or valuation.

ISA 520 Analytical procedures

1.2.35 At the planning stage there may be a lack of available analytical evidence.
However auditors can review the general ledger or other accounting records that
may be available, and obtain evidence through discussions with the owner-
manager. Substantive analytical procedures will often be a cost-effective way of
obtaining audit evidence on expenses such as payroll and on the completeness of
certain populations, such as rental income.

25
ISA 530 Audit sampling and other selective testing procedures

1.2.36 With some small clients, auditors may not use sampling at all, but test 100% of
the population or test 100% of say all larger items and apply analytical procedures
to the rest. It may also be cost-effective to use non-statistical methods to
determine the sample size and select the sample items.

ISA 540 Audit of accounting estimates

1.2.37 Auditors may gain assurance by assisting with the preparation of accounting
estimates.

ISA 560 Subsequent events

1.2.38 Post year-end accounting records and minutes may not have been written up at the
time of the audit. Discussions with the owner-manager may therefore be
particularly important and auditors may also obtain evidence by inspecting bank
statements.

ISA 570 Going concern

1.2.39 Representations from the owner-manger will be insufficient by themselves.

However, auditors may have problems obtaining other evidence, as detailed
budgets and forecasts or other future information may not be available. The
assessment of going concern may be based on a particular assumption, for
example the continuance of a loan from the owner-manager or a trading
relationship with a single customer or supplier.

ISA 580 Management representations

1.2.40 The auditors may obtain representations about the completeness and accuracy of
the accounting records but other evidence will be required if an unqualified
opinion is to be given.

ISA 720 Other information in documents containing audited financial statements

1.2.41 Other information which the auditors have to read includes a detailed income and
expenditure statement.

Summary

 In this chapter, we have looked at the whole of the regulatory framework

which has a direct effect on auditing, as well as some of the other more
indirect influences.

 Requirements for the eligibility, registration and training of auditors are

26
 extremely important as they are designed to maintain standards in the
auditing professional. These will vary from country to country and will
range from direct statutory control to self-regulation.

 You must be able to discuss the scope and authority of International

Standards on Auditing (ISAs) and International Auditing Practice
Statements (IAPSs).

ASSIGNMENT

1. Name three characteristics of accountancy bodies.

(1) …………………………………………………………………………

(2) …………………………………………………………………………..

(3) …………………………………………………………………………..

2. Reproduce the diagram the structure of IFAC.

3. List the items a monitoring regulatory body should find on visiting a firm.

(1) …………………………………..

(2) ………………………..………….

(3) ……………………………………

(4) ……………………….……………

(5) ……………………….……………

(6) ……………………….……………

(7) ……………………………………..

4. ISAs are to be applied in the audit of financial statements. ISAs are also to be
applied, adapted as necessary, to the audit of other information and to related
services:

True

False

27
 International
Audit and
Assurance
Standards
Board
ASSEMBLY
One representative
from each member
Forum on
Ethics

Elects

Education
Committee
COUNCIL
Representatives
from 18 countries: Financial and STANDING
2½ Management TECHNICAL
year terms Accounting COMMITTEES
Committee
Elects
Public
Sector
Committee

EXECUTIVE
COMMITTEE to Information
carry out policy Technology
and decisions Committee

Uses

Smaller working Membership

groups Committee

28
  Ensure that company audit work is conducted properly and with professional
integrity
 Include rules as to the technical standards of company audit work (e.g
following International Standards on Auditing)
 Ensure that eligible persons maintain an appropriate level of competence
 Ensure that all firms eligible under its rules have arrangements to prevent:

 Individuals not holding an appropriate qualification

 Persons who are not members of the firm from being able to exert
influence over an audit which would be likely to affect the independence or
integrity of the audit

1.3 APPOINTMENT AND REMOVAL OF THE AUDITOR

1.3.1 THE REGULATION OF AUDITING BY LAW AND ACCOUNTING

PROFESSION

1.0.1.1 National level

The accounting and auditing profession varies in structure from country to country. In
some countries accountants and auditors are subject to strict legislative regulation, while
in others the profession is allowed to regulate itself. We cannot look at every country,
but some examples will show you the divergence of structure and we can make general
points.

1.0.1.2 United Kingdom

In the UK there are a number of different accountancy, or accountancy-related, institutes

and chartered associations, such as the Association of Chartered Certified Accountants
(ACCA) or the Chartered Institute of Management Accountants (CIMA).

All these bodies vary from each other depending on the nature of their aims and the
specialisms their members wish to attain. They are all, however, characterized by various
attributes:

 Stringent entrance requirement (examinations and practical experience),

 Strict code of ethics and
 Technical updating of members.
The membership of all these bodies is scattered through practice, industry, government
and public bodies.

29
1.0.1.3 France

In France, the accounting profession is split into two distinct organisations:

 Accountants (Ordre des Experts Comptables et des Comptables Agrees)

 Auditors (Compaigne Nationale des Commissaires aux Agrees)

Most members of the auditors’ organisation are also members of the more important
accountants’ organisation. Examinations, work experience and articles are similar to
those of the UK accountancy bodies. The profession’s main influence is through the
issue of non-mandatory opinions and recommendations of accounting principles relevant
to the implementation of the National Plan.

1.0.1.4 Germany

The main professional body in Germany is the Institute of Certified Public Accountants
(Institute der Wirtschafstpruter). Members of this institute carry out all statutory audits,
and are required to have very high educational and experience qualifications. The
Institute issues a form of auditing standard but this is cited very closely to legislation. As
well as auditing, members are mainly involved in tax and business management, with no
obvious significant role in establishing financial accounting principles and practices.
There is no independent accounting standard-setting body.

1.0.1.5 USA

In America, accountants are members of the Institute of Certified Public Accountants

(AICPA), a private sector body. Although the Securities and Exchange Commission in
the USA can prescribe accounting standards for listed companies, it relies on the
Financial Accounting Standards Board (FASB), an independent body, to set such
standards. In turn, FASB keeps in close contact with the AICPA, which issues guidance
on US standards and which is closely involved in their development.

It can be seen from the above paragraphs that the accounting and auditing profession in
most Western Countries is regulated by legislation to some extent. In the UK and the
USA the profession effectively regulates itself, i.e. regulation is devolved from statute to
the private bodies involved in the accountancy profession. In many European countries,
statutory control by government is much more direct.

1.0.1.6 Question: Regulatory Framework

Investigate the regulatory framework surrounding the accounting and auditing

profession in your country.

30
1.0.1.7 EC member states

Persons carrying out audits in EC member states must have the permission of the relevant
authorities. In the UK the relevant authorities are Recognized Supervisory Bodies
(RSBs). As well as giving authority, RSBs in Britain supervise and monitor auditors. In
other countries however, supervising and monitoring is carried out by a state body or by
the national government.

1.0.1.8 International level

Regulations governing auditors will, in most countries, be most important at the national
level. International regulation, however, can play a major part by:

(a) Setting minimum standards and requirements for auditors.

(b) Providing guidance for those countries without a well-developed national

regulatory framework.

(c) Aiding intra-country recognition of professional accountancy qualifications

International Federation of Accountants (IFAC)

IFAC came into being in the 1970s as a result of proposals put forward and eventually
approved by the International Congress of Accountants. IFAC’s mission is

“The development and enhancement of the profession to enable it to provide

services of consistently high quality in the public interest.”

IFAC, based in New York, is a non-profit, non-governmental, non-political international

organisation of accountancy bodies. The ACCA is a member of IFAC.

IFAC co-operates with member bodies, regional organisations of accountancy bodies and
other world organisations. Through such co-operation, IFAC initiates, co-ordinates and
guides efforts to achieve international technical, ethical and educational pronouncements
for the accountancy profession.
Any accountancy body may join IFAC if it is recognized by law or general consensus
within its own country as a substantial national organisation of good standing within the
accountancy profession. Members of IFAC automatically become members of the
International Accounting Standards Committee (IASC).

We can show IFAC’s structure in a diagram, show below.

1.0.1.9 International Audit and Assurance Standards Board

You will be most concerned with the IAASB because it sets International standards on
Auditing, which we will look at in Section 4.

31
Each country which has a member on the Committee has one vote. The affirmative vote
of at least three-quarters of the countries but not less than ten, represented at a meeting,
are required to approve a proposed pronouncement for exposure or a definitive
pronouncement for issue.

Regulation, monitoring and supervision

Each country’s regulation of external audits will differ. Most regimes do have certain
common elements, which we examine in detail below. Briefly these are as follows:

(a) Education and work experience: the IFAC has issued guidance on this.

(b) Eligibility: there may well be statutory rules determining who act as auditors.
Membership of an appropriate body is likely to be one criteria.

(c) Supervision and monitoring: these activities have come under particular
scrutiny in a number of countries during the 1990s. Questions have been asked
about why auditors have failed to identify impending corporate failures and
whether therefore they are being regulated strongly enough. The supervision
regime has come under particular scrutiny in countries where regulation and
supervision is by the auditors’ own professional body (Self-regulation).
Suggestions have been made in these countries that supervision ought to be by
external government agencies.

Education, examinations and experience

IFAC issued the Statement of Policy of Council Recognition of Professional

Accountancy Qualifications primarily to tackle the problems of intra-country
recognition of qualifications. It sets minimum standards for accountancy qualifications.
It looks at three main areas.

Education

The theoretical knowledge to be contained in the body of knowledge of accountants

should include at least the following subjects:

1.0.1.9.1 Compulsory Analysis and critical assessment of financial

knowledge statements
Audit
Consolidated accounts
Cost and management accounting
General accounting
Internal control systems
Legal and professional requirements relating to
audit/accountancy
Standards relating to financial statements

32
 Knowledge to be included Basic principles of the financial management of
where relevant undertakings
Business, general and financial economics
Civil and commercial law
Information technology and systems
Law of insolvency and similar procedures
Mathematics and statistics
Provision of financial services, advice, etc
Professional conduct and ethics
Social security and law of employment
Tax law

Accountants should have covered these subjects in a breadth and depth sufficient to
enable them to perform duties to the expected standard.

Examinations

Accountants should demonstrate that they have passed an examination of professional

competence. This examination must assess not only the necessary level of theoretical
knowledge but also the ability to use that knowledge competently in a practical situation.
Objective evaluation of professional examinations is a key requirement.

Experience

It is crucial to any professional to have not only a sound theoretical knowledge but also
be able to apply that knowledge competently in the world of work.

It is suggested that, prior to qualification, an individual should have completed a

minimum of two years approved and properly supervised practical experience primarily
in the area of audit and accountancy and in a suitable professional environment.

Eligibility/ineligibility

Eligibility to act as an auditor is likely to arise from membership of some kind of

regulatory body.

Bodies of this type offer qualifications and set up rules to ensure compliance with any
statutory requirements related to auditors. In this way national governments will control
who may act as an auditor to limited liability companies, or to any other body requiring a
statutory audit.

In some countries, regulation is devolved onto professional accountant bodies like the
ACCA by the statutory authorities, e.g. in the UK. On the other hand, the regulatory body
could be a direct extension of national government.

The regulatory body should have rules to ensure that those eligible for appointment as a
company auditor are either:
33
 Individuals holding an appropriate qualification or
 Firms controlled by qualified persons

Regulatory bodies should also have procedures to maintain competence of members. The
regulatory body’s rules should:

 Ensure that only fit and proper persons are appointed as company auditors

 Ensure that company audit work is conducted properly and with professional
integrity.

 Include rules as to be technical standards of company audit work (e.g. following

International Standards on Auditing)

 Ensure that eligible persons maintain an appropriate level of competence

 Ensure that all firms eligible under its rules have arrangements to prevent:

o Individuals not holding an appropriate qualification

o Persons who are not members of the firm being able to exert influence
over an audit, which would be likely to affect the independence or integrity of the
audit.

The regulatory body’s rules should provide for adequate monitoring and enforcement of
compliance with its rules and should include provisions relating to:

 Admission and expulsion of members

 Investigation of complaints against members

 Compulsory professional indemnity insurance

Up-to-date lists of approved auditors and their names and addresses should be maintained
by the regulatory body. This register of auditors should be made available to the public.

Membership of a regulatory body is the main prerequisite for eligibility as an auditor.

Some countries allow a ‘firm’ to be appointed as a company auditor. A firm may be
either a body corporate (such as company) or a partnership.

A person should be ineligible for appointment as a company auditor if he/she is:

 An officer or employee of the company

 A partner or employee of such a person

34
 A partnership in which such a person is a partner

There may be further rules about connections between the company or its officers and the
auditor depending on local statutory rules.

Question: Eligibility as auditor

In your country, are the following disqualified from acting as auditor to a company?

(a) A shareholder of the company

(b) A debtor or creditor of the company

(c) A close relative (such as a husband, wife, son, or daughter) of an officer or employee
of the company.

Answer

You may find that the regulations of accountancy bodies such as ACCA and ZICA
applying to their own members are stricter than local statute in this respect.

If during their term of office a company auditor becomes ineligible for appointment to the
office, he should vacate office and give notice to the company. If an audit is carried out
by an auditor who was eligible, the authorities may require a second audit, or review of
the first audit, to be conducted by an eligible person. In such a case, the company may be
able to recover the costs of complying from the ineligible auditor.

Supervisory and monitoring roles

Some kind of supervision and monitoring regime should be implemented by the

regulatory body. This should inspect auditors on a regular basis.

The frequency of inspection will depend on the number of partners, number of offices
and number of listed company auditors (these factors may also be reflected in the size of
annual registration fees payable by approved audit firms).

The following features should be apparent in each practice visited by the monitoring
regulatory body:

(a) A properly structured audit approach, suitable for the range of clients served
and work undertaken by the practice.
(b) Carefully instituted quality control procedures, revised and updated
constantly, to which the practice as a whole is committed. These will include:

 Staff recruitment
 Staff training
35
  Continuing professional development
 Frequent quality control review

(c) Commitment to ethical guidelines, with an emphasis on independence issues

(d) An emphasis on technical excellence
(e) Adherence to the ‘fit and proper’ criteria by checking personnel records and
reference
(f) Use of internal and, if necessary, external peer reviews, consultations etc
(g) Appropriate fee charging per audit assignment

Legal requirements on appointment to a company audit

The auditors should be appointed by shareholders and therefore be answerable to the

shareholders. The table below shows what the position should ideally be:

RIGHTS OF APPOINTMENT

Members Appoint auditors at each general meeting where accounts are

laid by positive resolution (re-appointment of existing auditor
not automatic)

Auditors hold office until conclusion of next general meeting at

which accounts are laid.

Directors Can appoint auditor:

(a) Before company’s first general meeting at which accounts

are laid; auditors hold office until conclusion of that meeting

(b) To fill casual vacancy

Secretary of State Can appoint auditors if no others are appointed or reappointed at

general meeting at which accounts are laid.

36
Special notice of appointment

In certain cases relating to appointment of an auditor reasonable notice is required for the
appropriate resolutions at a general meeting.

Appoint auditor To fill To re-appoint

When other than casual vacancy retiring auditor who
retiring auditor appointed to fill
Casual vacancy

SPECIAL NOTICE REQUIRED

Person whom Auditor who

Who sent to intended to appoint resigned, if casual
Retiring auditor vacancy caused by
resignation

Remuneration

The remuneration of the auditors, which will include any sums paid by the company in
respect of the auditors’ expenses, will be fixed either by whoever made the appointment
or in such manner as the company in general meeting may determine.

Though the auditors’ remuneration is fixed, in many countries it must be disclosed in the
annual accounts of the company.

Legal requirement at the end of an audit relationship

You will have legal requirement for resignation and removal of auditors in your studies
for paper 2.2 Corporate and Business Law.

However, it is relevant to revise them briefly here. It is important that auditors know the
procedures because as part of their client acceptance, they have a duty to ensure the old
auditors were properly removed from office.

37
 RESIGNATION OF AUDITORS

1 Resignation procedures Auditors deposit written notice together with

statement of circumstances relevant to
members/creditors or statement that no
circumstances exist

2. Notice of resignation Sent by company to regulatory authority

3. Statement of circumstance Sent by:

(a) Auditors to regulatory authority

(b) Company to everyone entitled to receive a

copy of accounts

4. Convening of general Auditors can require directors to call extraordinary

meeting general meeting to discuss circumstances of
resignation

Directors must send out notice for meeting within

21 days of having received requisition by auditors

5 Statement prior to Auditors may require company to circulate

general meeting (different) statement of circumstances to everyone
entitled to notice of meeting

6 Other right of auditors Can receive all notices that relate to:

(a) A general meeting at which their term of

office would have expired

(b) A general meeting where casual vacancy

caused by their resignation to be filled

Can speak at these meetings on any matter which

concerns them as auditors.

38
TENDERING AND OBTAINING WORK

Statement 3: Advertising, Publicity and Obtaining Professional Work

Guidance is given as follows.

(a) Members should not obtain or seek work in an unprofessional manner.

(b) Members can advertise but should have regard to relevant advertising
codes and standards.
(c) Members should not make disparaging references to or comparisons with
the services of others
(d) Members should not quote fees without great care to not mislead as to the
precise range of services and time commitment that fees are intended to
cover, but they can offer free consultations to discuss level of fees.
(e) No fees, commission or reward should be given to third parties in return
for the introduction of clients.

2 FEE NEGOTIATION AND LOWBALLING

The audit fee is a sensitive subject for most companies. It presents a cost for
something the company often does not really want and the fees may be perceived
as too high just for this reason. The auditors must ensure that they can provide a
quality audit for the price.

TENDERING

Many large companies invite tenders for their audit work. The directors then have
the opportunity to compare directly a range of offers.

Generally, a tender will take the form of detailed written proposals and a
presentation. Factors include:

 The level of expertise each firm has in the industry

 Similar companies audited by each firm (good for expertise, bad for
confidentiality?)
 National and international presence
 The proposed fee

Audit firms which tender for such audits will usually give at least an indication of the
level of fees in the next few years, including likely overall rate rises. Fee levels are
very important to most companies, and are often the determining factor.

In all situations, the auditors should quote a fee based on the estimated hours worked
by each member of staff required on the audit, multiplied by the hourly rate plus any
travel as other expenses to be incurred during the audit. They may also charge a
premium for more complex audits.
39
LOWBALLING
Sometimes it appears that firms are charging less than ‘market rate’ for an audit,
especially when tendering for new clients. This practice is known as
LOWBALLING.
It is not considered ethically wrong to charge a low price for an audit in itself.
However, the auditors must ensure that they carry out an audit of high quality
demanded by auditing standards and must ensure that the ‘cut-price’ audit fee does
not call their independence into question.
This is always going to be a topical debate but in terms of negotiating the audit fee
the following factors need to be taken into account.
(a) The audit is perceived to have a fluctuating ‘market price’ as any other
commodity or service.
(b) Companies can reduce external audit costs through various legitimate
measures:

 Extending the size and function of internal audit

 Reducing the number of different audit firms used world-wide
 Selling off subsidiary companies leaving a simplified groups structure
to audit
 The tender process itself simply make auditors more competitive
 Exchange rate fluctuations in audit fees.

(c) Auditing firms have increased productivity, partly through the use of more
sophisticated information technology techniques in auditing.

In any case, an auditing firm lays itself open to accusations of loss of independence if
it reduces its fees to below a certain level, particularly it is difficult to see how such
fees will cover direct labour costs. This is also true of firms which use the audit as a
‘loss leader’ to obtain profitable consultancy work from audit clients.
When such non-audit services are offered to a client by the auditors, there can, of
course, be an apparent loss of independence. The allegation may arise that the price
of an ‘acceptable’ audit opinion is lucrative taxation or consulting work.

40
FRAUD AND ERROR

Many of the high risk factors listed are issues, which could potentially result in a
high risk of fraud and error arising.

Significant control weaknesses

Questionable integrity

Doubtful accounting policies FRAUD?

Lack of finance director

Unexplained transactions

Fraud is an emotive issue. If news of a major fraud on a company hits the

headlines, the question that is often asked is ‘how did this happen?’ Invariably
when questions like that are asked, people raise questions about the audit that has
taken place on that company’s financial statements.

A major problem for the auditor can be that the public does not understand the
auditors role with regard to fraud. This forms part of and expectations gap’ which
exists between what auditors actually do and what people think that they do.
We are going to briefly consider here what the auditors’ role in relation to fraud and
error, and consider when the risk of fraud and error arising is too great for the auditor
to accept the engagement.

ISA 240 fraud and error

ISA 240.20

In planning the audit, the auditors should discuss with other member of the audit
team the susceptibility of the entity to material misstatements in the financial
statement resulting from fraud and error.

The sentence from ISA 240 given above summarises the auditors’ professional
requirements in relation to fraud and error: they must recognize that it may exist
and materially affect the financial statements.

The most important thing to understand with regard to fraud is that the auditor has
no duty (specifically no statutory duty) to prevent or detect fraud.

With regard to the statutory audit, the auditor must be aware that two potential
causes of the financial statements being misstated are fraud or error existing.

41
 KEY TERMS

Fraud comprises both the use of deception to obtain an unjust or illegal financial
advantage, and intentional misrepresentation by management, employees or third
parties.

Error is an unintentional mistake.

1.3.7 EXAMPLES

Fraud may involve:

 Falsification or alteration of accounting records or other documents

 Misappropriation of assets or theft
 Suppression or omission of the effects of transactions from records of
documents
 Recording of transactions without substance
 International misapplication of accounting policies, or
 Wilful misrepresentations of transactions or the entity’s state of affairs

What this list of ‘fraudulent behaviour’ might help you to see is that the detection
of fraud committed by management is going to be extremely difficult because it is
designed not to be found. Particularly where the fraud is fraud by omission, the
auditor is unlikely to detect fraud as part of an audit.

The standard does not expect the auditors to detect fraud as a matter of course.
Rather, it requires auditors to be aware, when planning and performing their audit,
that fraud may exist, and more particularly, it highlights a number of factors
which the auditor should be alert to, which could point to fraud being perpetrated.

Planning

ISA 240.22

When planning the audit, the auditor should make inquiries of management:

(a) to obtain an understanding of:

(i) management’s assessment of the risk that the financial statements

may be materially misstated as a result of fraud; and
(ii) the accounting and internal control systems management has put in
place to address such risk;
(b) to obtain knowledge of management’s understanding regarding the
accounting and internal control systems in place to prevent and detect
error;
(c) to determine whether management is aware of any known fraud that has
affected the entity or suspected fraud that the entity is investigating; and
42
(c) to determine whether management has discovered the material errors.

ISA 240.32

When assessing inherent risk and control risk in accordance with ISA 400, Risk
Assessments and Internal Control, the auditor should consider how the financial
statements might be materially misstated as a result of fraud or error. In
considering the risk of material misstatement resulting from fraud, the auditor
should consider whether fraud risk factors are presented that indicate the
possibility of either fraudulent financial reporting or misappropriation of assets.

The factors which may indicate fraud or error are given in an appendix to the ISA,
which is reproduced here:

Fraud and Risk Relating to Misstatements Resulting from Fraudulent Financial

Reporting
1 Fraud Risk These fraud risk factors pertain to management’s abilities,
Factors pressures, style, and attitude relating to internal control
Relating to and the financial reporting process.
Management’s
Characteristics  There is motivation for management to engage in
and Influence fraudulent financial reporting. Specific indicators
over the might include the following:
Control o A significant portion of management’s
Environment compensation is represented by bonuses, stock
options or other incentives, the value of which
is contingent upon the entity achieving unduly
aggressive targets for operating results,
financial position or cash flow.
o There is excessive interest by management in
maintaining or increasing the entity’s stock
price or earnings trend through the use of
unusually aggressive accounting practices.
o Management commits to analysts, creditors and
other third parties to achieving what appear to
be unduly aggressive or clearly unrealistic
forecasts.
o Management has an interest in pursuing
inappropriate means to minimize reported
earnings for tax-motivated reasons.

 There is a failure by management to display and

communicate an appropriate attitude regarding internal
control and the financial reporting process. Specific
indicators might include the following:

o Management does not effectively communicate

and support the entity’s values or ethics, or
43
 management communicates inappropriate
values or ethics.
o Management is dominated by a single person or
a small group without compensating controls
such as effective oversight by those charged
with governance.
o Management does not monitor significant
controls adequately.
o Management fails to correct known material
weaknesses in internal control on a timely
basis.
o Management sets unduly aggressive financial
targets and expectations for operating
personnel.
o Management continues to employ ineffective
accounting, information technology or internal
auditing staff.

 Non-financial management participates excessively in,

or is preoccupied with, the selection of accounting
principles or the determination of significant estimates.
 There is a high turnover of management, counsel or
board members.
 There is a strained relationship between management
and the current or predecessor auditor. Specific
indicators might include the following:

o Frequent disputes with the current or a

predecessor auditor on accounting, auditing or
reporting matters.
o Unreasonable demands on the auditor,
including unreasonable time constraints
regarding the completion of the audit or the
issuance of the auditor’s report.
o Formal or informal restrictions on the auditor
that inappropriately limit the auditor’s access to
people or information, or limit the auditor’s
ability to communicate effectively with those
charged with governance.
o Domineering management behaviour in dealing
with the auditor, especially involving attempts
to influence the scope of the auditor’s work.

 There is a history of securities law violations, or claims

against the entity or its management alleging fraud or
violations of securities laws.
 The corporate governance structure is weak or
ineffective, which may be evidenced by, for example:
44
 o A lack of members who are independent of
management.
o Little attention being paid to financial reporting
matters and to the accounting and internal
control systems by those charged with
governance.

2 Fraud Risk These fraud risk factors involve the economic and
Factors regulatory environment in which the entity operates.
Relating to  New accounting, statutory or regulatory requirements
Industry that could impair the financial stability or profitability
Conditions of the entity.
 A high degree of competition or market saturation,
accompanied by declining margins.
 With increasing business failures and significant
declines in customer
 Rapid changes in the industry, such as high
vulnerability to rapidly changing technology or rapid
product obsolescence.

3 Fraud Risk These fraud risk factors pertain to the nature and
Factors complexity of the entity and its transactions, the entity’s
Relating to financial condition, and its profitability.
Operating
Characteristics  Inability to generate cash flows from operations while
and Financial reporting earnings and earnings growth.
Stability  Significant pressure to obtain additional capital
necessary to stay competitive, considering the financial
position of the entity (including a need for funds to
finance major research and development or capital
expenditures).
 Assets, liabilities, revenues or expenses based on
significant estimates that involve unusually subjective
judgements or uncertainties, or that are subject to
potential significant change in the near term in a
manner that may have a financially disruptive effect on
the entity (for example, the ultimate collectibility of
receivables, the timing of revenue recognition, the
reliability of financial instruments based on highly-
subjective valuation of collateral or difficult-to-assess
repayment sources, or a significant deferral of costs).
 Significant related party transactions which are not in
the ordinary course of business.
 Significant related party transactions which are not
audited or are audited by another firm.
 Significant, unusual or highly complex transactions
(especially those close to year-end) that pose difficult
45
 questions concerning substance over form.
 Significant bank accounts or subsidiary or branch
operations in tax-haven jurisdictions for which there
appears to be no clear business justification.
 An overly complex organizational structure involving
numerous of unusual legal entities, managerial lines of
authority or contractual arrangements without apparent
business purpose.

 Difficulty in determining the organisation or person (or

persons) controlling the entity.
 Unusually rapid growth or profitability especially
compared with that of other companies in the same
industry.
 Especially high vulnerability to changes in interest
rates.
 Unusually high dependence on debt, a marginal ability
to meet debt repayment requirements, or debt
covenants that are difficult to maintain.
 Unrealistically aggressive sales or profitability
incentive programs.
 A threat of imminent bankruptcy, foreclosure or hostile
takeover.
 Adverse consequences on significant pending
transactions (such as a business combinations or
contract award) if poor financial results are reported.
 A poor or deteriorating financial position when
management has personally guaranteed significant
debts of the entity.

Fraud and Risk Factors Relating to Misstatements Resulting from

Misappropriation of Assets
1 Fraud Risk These fraud risk factors pertain to the nature of an entity’s
Factors assets ad the degree to which they are subject to theft.
Relating to
Susceptibility  Large amounts of cash on hand or processed.
of Assets to  Inventory characteristics, such as small size combined
Misappropri with high value and high demand.
ation  Easily convertible assets, such as bearer bonds, diamonds
or computer chips.
 Fixed asset characteristics, such as small size combined
with marketability and lack of ownership identification.

2 Fraud Risk These fraud risk factors involve the lack of controls designed
Factors to prevent or detect misappropriation of assets.
Relating to
46
 Controls  Lack of appropriate management oversight (for example,
inadequate supervision or inadequate monitoring of
remote locations).
 Lack of procedures to screen job applicants for positions
where employees have access to assets susceptible to
misappropriation.
 Inadequate record keeping for assets susceptible to
misappropriation.
 Lack of an appropriate segregation of duties or
independent checks.
 Lack of an appropriate system of authorization and
approval of transactions (for example, in purchasing).
 Poor physical safeguards over cash, investments,
inventory or fixed assets.
 Lack of timely and appropriate documentation for
transactions (for example, credits for merchandise
returns).
 Lack of mandatory vacations for employees performing
key control functions;

Auditors are therefore ‘put on enquiry’ when such factors exist – in other words,
they have a professional duty to satisfy themselves that any concerns raised have
been answered to their satisfaction.

When fraud or error are indicated

ISA 240.39

Based on the auditor’s assessment on inherent and control risks (including the
results of any tests of controls), that misstatements resulting from fraud and error
that are material to the financial statements taken as a whole will not be detected.
In designing the substantive procedures, the auditor should address the fraud risk
factors that the auditor has identified as being present.

ISA 240.42

When the auditor encounters circumstances that may indicate that there is a
material misstatement in the financial statements resulting from fraud or error, the
auditor should perform procedures to determine whether the financial statements
are materially misstated.

ISA 240.46

When the auditor identifies a misstatement, the auditor should consider whether
such a misstatement may be indicative of fraud and if there is such an indication,
the auditor should consider the implications of the misstatement in relation to
47
other aspects of the audit, particularly the reliability of management
representations.

ISA 240.48

When the auditor confirms that, or is unable to conclude whether, the financial
statements are materially misstated as a result of fraud or error, the auditor should
consider the implications for the audit.

ISA 240.51

The auditor should obtain written representations from management that:

(a) It acknowledges its responsibility for the implementation and operations

of accounting and internal control systems that are designed to prevent and
detect fraud and error;

(b) It believes the effects of those uncorrected financial statement

misstatements aggregated by the auditor during the audit are immaterial,
both individually and in the aggregate, to the financial statements taken as
a whole. A summary of such items should be included in or attached to
the written representation;
(c) It has disclosed to the auditor all significant facts relating to its assessment
of the risk that the financial statements may be materially misstated as a
result of fraud.

(d) It has disclosed to the auditor the results of its assessment of the risk that
the financial statements may be materially misstated as a result of fraud.

Reporting

Lastly the ISA goes on to consider what the auditors should do, or rather, to
whom they should report, in the event of them uncovering a fraud. Remember
that, as you learnt in before, the auditors have a professional duty of
confidentiality.

ISA 240.56

When the auditor identifies a misstatement resulting from fraud, or a suspected

fraud, or error the auditor should consider the auditor’s responsibility to
communicate that information to management, those charged with governance
and, in some circumstances, to regulatory and enforcement authorities.

Such a discovery might also have an impact on the audit report

48
POINT TO NOTE

We shall consider the audit report in chapter 19.

If auditors do detect a management fraud, they may consider it to be so serious

that it is necessary to report it to the relevant authority in the public interest. Such
a decision would not be taken lightly, and should only be taken once legal advice
had been sought. The auditors have a duty of confidentiality, but in exceptional
circumstances, where the matter is one of public interest, they may have to make
such a disclosure.

ISA 240.59/60/62

If the auditor has identified a material misstatement resulting from error, the
auditor should communicate the misstatement to the appropriate level of
management on a timely basis, and consider the need to report it to those charged
with governance in accordance with ISA 260. ‘Communication of audit Matters
with Those Charged with Governance’.

The auditor should inform those charged with governance of those uncorrected
misstatements aggregated by the auditor during the audit that were determined by
management to be immaterial, both individually and in the aggregate, to the
financial statements taken as a whole.

The auditors

(a) identified fraud, whether or not it results in a material misstatement in

the financial statements; or
(b) obtained evidence that indicates that fraud may exist (even if the
potential effect on the financial statements would not be material).

The auditor should communicate these matters to the appropriate level of

management on a timely basis and consider the need to report such mattes to
those charged with governance in accordance with ISA 260, ‘Communication of
Audit Matters with Those Charged with Governance’

ISA 240.69/73

If the auditor concludes that it is not possible to continue performing the audit as a
result of a misstatement resulting from fraud or suspected fraud, the auditor
should:

(a) Consider the professional and legal responsibilities applicable in the

circumstances, including whether there is a requirement for the auditor to
report the person or persons who made the misstatements
(b) Consider the possibility of withdrawing from the engagement and
(c) If the auditor withdraws:

49
 (i) discuss with the appropriate level of management and those
charged with governance the auditor’s withdrawal from the
engagement and the reasons for the withdrawal, and
(ii) consider whether there is a professional or legal requirement to
report to the persons who made the audit appointment or in some
cases, to regulatory authorities, the auditor’s withdrawal from the
engagement and the reasons for the withdrawal

As stated in the ‘Code of Ethics for Professional Accountants’ issued by the

international Federation of Accountants (the code), on receipt of an inquiry from a
proposed successor auditor, the existing auditor should advise whether there are
any professional reasons why the proposed successor auditor should not accept
the appointment. If the client denies the existing auditor permission to discuss its
affairs with the proposed successor auditor or limits what the existing auditor may
say, the fact should be disclosed to the proposed successor auditor.

Fraud and audit acceptance

Several issues have been raised here from the point of view of the audit firm:

 Auditors should plan and perform procedures whilst being aware that fraud
may exist
 Fraud, however, may be extremely difficult to discover
 Auditors must satisfy themselves if put on enquiry
 If the auditors detect or suspect fraud, they must consider whether it is in the
public interest to report it, having sought legal advice.
 Fraud is an emotive issue, which may bring bad publicity to the firm, deserved
or not

Cast your mind back to the high risk factors which were identified before. It
might be that an audit firm would choose not accept a client which was identified
as high risk at the outset, because the chances of conducting a cost effective audit
which fulfils professional requirements might be too low, even if the indicators
were false, and there was no fraud being perpetrated at the company.

1.3.12 LAW AND REGULATIONS

Another issue raised by the risk factors on page 91 is the issue of the auditors’
consideration of law and regulation. This issue has two aspects:

 Areas of non-compliance where the matter may materially affect the financial
statements
 Areas where the auditors could unwittingly become liable for failing to report
matters arising, for example, money laundering.

50
 The auditing standard approaches this issue in a similar way to the standard on
fraud and error.

If an engagement letter is not sent to clients, both new and existing, there is scope
for argument about the precise extent to the respective obligations of the client
and its directors and the auditors. The contents of an engagement letter should be
discussed and agreed with management before it is sent.

Guidance is available in the form of ISA 210, Terms of audit engagements.

ISA 210.2

The auditor and the client should agree on the terms of the engagement.

Obviously the agreed terms should be in writing and the usual form would be a
letter of engagement. Any other form of appropriate contract, however, may be
used.

 The ISA applies to audit engagements only, although the guidance may be
used for related services; a distinction should be made between audit and non-
audit letters.
 Even in countries where the audit objectives and scope and the auditor’s
obligations are established by law, an audit engagement letter may be
informative for clients.

3 LETTER OF ENGAGEMENT

The auditors should send an engagement letter to all new clients soon after their
appointment as auditors and, in any event, before the commencement of the first
audit assignment. They should also consider sending an engagement letter to
existing clients to whom no letter has previously been sent as soon as a suitable
opportunity presents itself.

An example of a letter of engagement, given by ISA 210, is reproduced below.

The form and content of audit engagement letter may vary for each client, but
they would generally include reference to the following.

(a) The objective of the audit of financial statements

(b) Management’s responsibility for the financial statements
(c) The scope of the audit, including reference to applicable legislation,
regulations, or pronouncements of professional bodies to which the auditor
adheres
(d) The form of any reports or other communication of results of the
engagement
(e) The fact that because of the test nature and other inherent limitations of an
audit, together with the inherent limitations of an audit, together with the
inherent limitations of any accounting and internal control system, there is

51
 an unavoidable risk that even some material misstatement may remain
undiscovered.
(f) Unrestricted access to whatever records, documentation and other
information requested in connection with the audit.

The auditor may wish to include in the letter the following items.

 Arrangements regarding the planning of the audit

 Expectation of receiving from management written confirmation of
representations made in connection with the audit.
 Request for the client to confirm the terms of the engagement by
acknowledging receipt of the engagement letter.
 Description of any other letters or reports the auditor expects to issue to the
client
 Basis on which fees are computed and any billing arrangements

When relevant, the following points could also be made.

 Arrangements concerning the involvement of other auditors and experts in

some aspects of the audit.
 Arrangements concerning the involvement of internal auditors and other client
staff
 Arrangements to be made with the Predecessor auditor, if any, in the case of
an initial audit
 Any restriction of the auditor’s liability when such possibility exists.
 A reference to any further agreements between the auditor and the client.

Recurring audits

ISA 210.10

On recurring audits, the auditor should consider whether circumstances require

the terms of the engagement to be revised and whether there is a need to remind
the client of the existing terms of the engagement.

Once it has been agreed by the client, an engagement letter will, if it so provides,
remain effective from one audit appointment to another until it is replaced.
However, the engagement letter should be reviewed annually to ensure that it
continues to reflect the client’s circumstances.

The ISA suggests that the following factors may make the agreement of a new
letter appropriate.

 Any indication that the client misunderstands the objective and scope of the
audit
 Any revised or special terms of the engagement

52
 A recent change of senior management, board of directors or ownership
committee
 A significant change in the nature or size of the client’s business
 Legal requirements

Acceptance of a change in engagement

ISA 210.12

An auditor who, before the completion of the engagement, is requested to change

the engagement to one which provides a lower level of assurance, should consider
the appropriateness of doing so.

In the case of a change in the terms of engagement prior to completion, this may
result from:

(a) A change in circumstances affecting the need for the service

(b) A misunderstanding as to the nature of an audit or of the related service
originally requested
(c) A restriction on the scope of the engagement, whether imposed by
management or caused by circumstances

The auditors should consider such a request for change, and the reason for it, very
seriously, particularly in terms of any restriction in the scope of the engagement.

In the case of (a) and (b) above, these would normally be acceptable reasons for
requesting a change in the engagement. A change would not be considered
reasonable, however, if it seemed to relate to information that is incorrect,
incomplete or otherwise unsatisfactory.

In addition to the above, an auditor engaged to perform an audit in accordance

with ISAs must consider any legal or contractual implications of the change.

The audit report issued after such a change has been agreed (and the relevant audit
work carried out) should be appropriate to the revised terms of engagement. Such
an audit report should not include reference to:

 The original engagement

 Any procedures performed under the original engagement

ISA 210.17-19

Where the terms of the engagement are changed, the auditor and the client should
agree on the new terms.

The auditor should not agree to a change of engagement where there is no

reasonable justification for doing so.
53
 If the auditor is unable to agree to a change of the engagement and is not
permitted to continue the original engagement, the auditor should withdraw and
consider whether there is any obligation, either contractual or otherwise, to report
to other parties, such as the board of directors of shareholders, the circumstances
necessitating the withdrawal.

The standard gives an example of where an auditor should not agree to a change
of engagement; where the auditor is unable to obtain sufficient appropriate audit
evidence regarding receivables and the client asks for the engagement to be
changed to a review engagement to avoid a qualified audit opinion or a disclaimer
of opinion.

4 EXAMPLE OF AUDIT ENGAGEMENT LETTER

The following letter is for use as a guide in conjunction with the considerations
outlined in this ISA and will need to be varied according to individual
requirements and circumstances.

To the board of directors or the appropriate representative of senior management.

You have requested that we audit the balance sheet of …………………… as of
……………… and the related statements of income and cash flows for the year
then ending. We are pleased to confirm our acceptance and our understanding of
this engagement by means of this letter. Our audit will be made with the
objective of our expressing an opinion on the financial statements.

We will conduct our audit in accordance with International Standards on Auditing

(or relevant national standards or practices). Those ISAs require that we plan and
perform the audit to obtain reasonable assurance about whether the financial
statements are free of material misstatements. An audit includes examining, on a
test basis, evidence supporting the amounts and disclosures in the financial
statements. An audit also includes assessing the accounting principles used and
significant estimates made by management, as well as evaluating the overall
financial statement presentation.

Because of the test nature and other inherent limitations of an audit, together with
the inherent limitations of any accounting and internal control system, there is an
unavoidable risk that even some material misstatements may remain
undiscovered.

In addition to our report on the financial statements, we expect to provide you

with a separate letter concerning any material weaknesses in accounting and
internal control systems which come to our notice.

We remind you that the responsibility for the preparation of financial statements
including adequate disclosure is that of the management of the company. This
includes the maintenance of adequate accounting records and internal controls,
54
the selection and application of accounting policies, and the safeguarding of the
assets of the company.

As part of our audit process, we will request from management the confirmation
concerning representations made to us in connection with the audit. We look
forward to full cooperation with your staff and we trust that they will make
available to us whatever records, documentation and other information are
requested in connection with our audit. Our fees, which will be billed as work
progresses, are based on the time required by the individuals assigned to the
engagement plus out-of-pocket expenses. Individual hourly rates vary according
to the degree of responsibility involved and the experience and skill required.

This letter will be effective for future years unless it is terminated, amended or
superseded.

Please sign and return the attached copy of this letter to indicate that it is in
accordance with your understanding of the arrangements for our audit of the
financial statements.

XYZ & Co

Acknowledged on behalf of
ABC Company by

(signed)
……………………………….
Name and Title
Date

QUESTION: New auditors

You are a partner in Messrs Borg Connors & Co. Certified Accountants. You are
approached by Mr Nastase, the managing director of Navratilova Enterprises Ltd,
who asks your firm to become auditors of his company. In return for giving you
this appointment Mr Nastase says that he will expect your firm to waive fifty per
cent of your normal fee for the first year’s audit. The existing auditors, Messrs
Wade Austin & Co have not resigned but Mr Nastase informs you that they will
not be re-appointed in the future.

Required

(a) What action should Messrs Borg Connors & Co take in response to the
request from Mr Nastase to reduce their first year’s fee by fifty percent?

(b) Are Messrs Wade Austin & Co within their rights in not resigning when they
know the client’s wishes to replace them? Give reasons for your answer.
55
Chapter roundup

 Auditors have guidance from ZICA on advertising and obtaining professional

work. The most controversial area is often fee-setting, with such problems as
lowballing.
 The present and proposed auditors must communicate about the client prior to
the audit being accepted.
 The client must be asked to give permission for this communication to occur.
If the client refuses to give permission, the proposed auditors must decline
nomination.
 The proposed auditors must also ensure they:
O Are professionally qualified to act
O Have sufficient resources
O Seek references
 Most firms have client acceptance procedures reviewing the management
integrity and risk of the prospective client, as well as the likely profitability of
the engagement.
 Investigations may be carried out for high-risk clients
 Two issues which may be highlighted by risk factors are fraud and error and
the auditors’ consideration of law and regulation.
 These issues can bring such complexity to the audit that the audit firm may
choose to decline the audit if it appears particularly high risk.
 Auditing guidance in these areas requires auditors to place and perform their
audits so as to have a reasonable chance to detecting problems which cause
material misstatements. It also sets out the reporting requirements in the event
of fraud or non-compliance being uncovered.
 An engagement letter should be sent to all new clients. The letter should:
O Specify the respective responsibilities of directors and the auditors
O Lay down the scope of the auditors’ work.
 Auditor duties include the duties to report explicitly on the truth and fairness
of the accounts audited and their compliance with legislation. Auditors have a
duty to report on other mattes, such as whether proper accounting records
have been kept by exception.
 Auditor rights include the rights of access to records and to receive
information and explanations, also rights relating to attendance and speaking
at general meetings.
 Auditors should be aware of the legal procedures to remove auditors, or when
auditors resign.

56
ANSWER

(a) The request by Mr Nastase that half of the first year’s audit fee should be
waived is quite improper. If this proposal were to be accepted it could be
held that Borg Connors & Co had sought to procure work through the
quoting of lower fees. This would be unethical and would result in
disciplinary proceedings being taken against the firm.

It should be pointed out to Mr Nastase that the audit fee will be

determined, in accordance with normal practice, by reference to the work
involved in completion of a satisfactory audit taking into consideration the
nature of the audit tasks involved and the level of staff required to carry
out those tasks in an efficient manner. Mr. Nastase should further be
informed that if he is not prepared to accept an audit fee arrived at in this
way and insists on there being reduction then regrettably the nomination to
act as auditor will have to be declined.

(b) Wade Austin & Co have every right not to resign even though hey may be
aware that Mr. Nastase, the managing director of the company, wishes to
replace them. The auditors of a company are appointed by, and report to,
the members of a company and the directors are not empowered, as
directors, to remove the auditors.

If the reason for the proposed change arises out of a dispute between
management and the auditors then the auditors have a right to put forward
their views as seen above and to insist that any decision should be made
by the members, but only once they have been made aware of all pertinent
issues concerning the directors’ wishes to have them removed from office
as auditors.

57
1.5 CONCEPT OF TRUE AND FAIR VIEW

Learning objectives

After studying this chapter you should be able to:

 Discuss the importance of truth and fairness in accounting;

 Explain the importance of truth and fairness to the auditor;
 Recognise that truth and fairness can only be interpreted in the context of the
financial statements and the organization taken as a whole.

The true and fair view explained

You will have noted from your reading of CA 1985 that the directors of limited
companies have a duty to prepare accounts that give a true and fair view of its
profit or loss for a period and of its state of affairs at a certain date. The
expression ‘true and fair view’ has not been defined by the law but you should
note that CA 1985 makes it quite clear that it is an overriding requirement. This
means that, should there be any conflict between other requirements of the law
and the true and fair view requirement, then the latter will prevail.

It is our intention in this chapter to give you an introduction to the concept of

truth and fairness, a concept which you will need to understand at all stages of
your studies.

Some dictionary definitions

The phrase highlighted above includes three important words. It might be useful
to consider some dictionary definitions of them:

True: - Consistence with fact or reality not fake or erroneous.

- Agreement with reason, correct principles or recognized standard: real,
genuine, correct, and proper; not spurious counterfeit, hybrid or merely
apparent.

Fair: - Just, unbiased, equitable, legitimate.

- Survey with eyes or mind to form impression or judgement of.

NOTE We have highlighted some words we believed will aid

understanding.

The definition of the word ‘view’ clearly suggests that accounts should give an
important or judgement of the company for which they are prepare. Our
suggestion is that the financial statements should, as far as possible provide the
readers with such an impression that they will be able to form a judgment about
the company:

58
 As far as the two words ‘true and fair’ are concerned, there would appear to be
some conflict of meaning in so far as ‘true’ seems to imply factual basis and
correctness, whereas the definition or ‘fair’ places emphasis upon equity, justness
and lack of bias. However, we have to admit that both of the words incorporate
subjective notions that make definition difficult.

In a later section, we shall be looking at an example to give you a feel for the true
and fair view practice, but before we do this let us consider some aspects of truth
and fairness that we hope will help you to understand the words when used by
accountants.

Important aspects of truth and fairness

First, we can say that the accounts should correspond with reality, that is, they
should reflect what is actually happening and the actual state of affairs of the
company. In other words, if the company is doing badly, we would expect that
the accounts would reveal this, and if it is doing well, would reveal that also. The
accounts should show if a company is experiencing liquidity problems, if it is
more or less profitable than last year or if there have been abnormal actors which
have influenced its fortunes during the year. For instance, if the company has
closed down a part of its business during the year and made a material loss in
consequence, we would expect the accounts to disclose the impact of the closure
on the profits for the year in such a way as to enable the user to see what the
profits from normal continuing trading activities are.

NOTE: In your financial accounting studies you will cover the treatment in accounts,
required by SSAP 6, of extraordinary items, exceptional items and prior period
adjustments.

Secondly, it is the accounts as a whole that must give a true and fair view. The
auditor will, for instance, be anxious to prove that the amount attributable to socks
has been properly determined, but it is only in the context of the accounts, taken
as a whole, that she will be able to say that the stock figure is ‘true and fair’. As
we shall see later, a normal audit procedure would be to compare the stock figure
with other figures in the accounts to test that both the stock figure and the other
figures appear reasonable in the light of what is known about the company (for
instance, comparison of stock with cost of sales to check that stock turnover
seems to be acceptable). Comparison of gross profit percentages for the current
and preceding year can also help the auditor to ‘prove’ the stock figure.

NOTE: This topic will be covered in detail in Chapter 11 where we discuss analytical
reviews. We have introduced these ideas briefly in this chapter to show that
truth and fairness is to be interpreted in broad terms.

Thirdly, the way in which information in accounts is presented has an important

bearing on the true and fair view. There is evidence available that suggests it does
not matter in what manner information if presented, but it could be argued that

59
 this applies only to the sophisticated user – such as the investment analyst group –
and not to typical users who may have little knowledge of accounting.

NOTE: The ‘efficient markets hypothesis’, which you should have covered in your other
studies, suggests this.

Fourthly, it must be said that the preparation of accounts involves the accountant
in a whole series of judgements (Is this stock saleable? Is this legal claim likely
to result in loss to the company? Is this depreciation method suitable to the
circumstances of the company? In view of the low profit of an investment
company, is it likely that there has been a permanent diminution of value of the
investment? And so on.) In view of subjectivity of this judgement process it is
really impossible for us to equate the ‘true and fair view’ with accuracy. The
most that we can expect is that the accounts are sufficiently accurate to enable the
user to make valid decisions. This leads to the suggestion that a set of accounts
that did not give a true and fair view would cause the decision-maker to behave
differently than if truth and fairness existed.

60
CHAPTER 2.0: AUDIT PLANNING
Audit planning takes place at both the long term (2-5 years) and on the short term
(annual) levels.

Within these timeframes, detailed plans need to be developed to cover each individual
audit assignment. Planning is necessary to allocate audit resources (time and audit staff of
appropriate technical expertise) to the highest risk areas. The audit plan is circulated to
management for comment before being sent to the audit committee for approval. Any
shortfall in audit resources to address risks need to be brought to the attention of the audit
committee.

Long term audit planning is based on the objectives of the organisation, the risk
management system in place and the relative risks of each area to be audited. This leads
to the prioritisation of each area to be audited and allocation of time (and therefore costs)
to each area.

The short term or annual plan sets out the areas to be audited over the next 12 months or
less with an explanation as to why those areas were selected and the risks assessed for
those areas. A more detailed plan will involve a month schedule of work to be undertaken
by members of the internal audit staff taking into account holidays and other
commitments.

Each audit must be carefully planned. This begins with a preliminary survey to obtain
background information about the area to be audited, and to judge the scope and depth of
the audit work to be undertaken, based on the complexity of the area to be audited. The
survey will identify the objectives, scope and timing of the audit and the audit resources
available (staff days, other costs, skills and experience) required.

The survey will include:

 Review of previous internal audit reports and files

 Consideration of changes in the business environment e.g. legislation, board
decisions, strategy, competition, computer system changes, reorganisation of
departments etc
 Discussions with local managers to determine any issues of concern
 Identification of local risks
 Identification of audit objectives

61
The audit plan will also set out:

 Terms of reference for the audit

 Descriptions of the system or process to be audited
 Risks that need special attention
 Scope of work to be carried out
 Milestone dates for completion and resource allocated to the audit
 Reporting and review procedures
 Audit programme and techniques to be applied
 Audit staff allocated to the assignment

Audit plan has clear advantages in terms of professionalism and coordination of different
audit activities; resource allocation and prioritisation, workload and staff planning, clear
documentation of what is / is not to be done

The disadvantages of audit planning is that it is time consuming, can stifle initiative and
may lead to inflexibility in responding to management concerns as they arise.

1. It is important for the auditor to be able to plan their work so that they can
then adopt an appropriate audit approach.
2. An effective and efficient audit depends on proper planning procedures.
ISA 300 planning deals with the planning aspect of an audit. ISA 300
planning states that ‘the auditors should plan the audit work so as to perform
the audit in an effective way’.

KEY TERMS

3. An audit plan is the formulation of the general strategy for the audit which
acts as a direction for the audit, describes the expected scope and conduct of
the audit and provides guidance for the development of the audit program.

4. An audit program is a set of instructions to the audit team that sets out the
audit procedures the auditors intend to adopt and may include reference to
other matters such as the audit objectives, timing of the audit, sample size and
basis of selection for each area. It also serves as a means to control and record
the proper execution of the work.

5. An audit program sets out the nature, timing and extent of planned audit
procedures required to implement the overall audit program. It serves as a set
of instructions to audit assistants who are involved in the audit and also as a
means to ensure proper execution of the work assigned to those assistants.

6. The objectives of planning the audit work is to ensure that:

 Appropriate attention is devoted to the different areas of the

audit

62
  Potential problems are identified
 Work is completed expeditiously
 The proper tasks are assigned to the members of the audit team

7. The audit program should be discussed with the client’s management and staff
and/ or audit committee in order to coordinate the audit work, including that
of internal audit. However, all audit work remains the responsibility of the
external auditors.

8. A well structured approach to audit planning will include the following

stages:

 Updating the understanding of the entity and its environment

(ISA 210, Knowledge of the business)
 Assessing risks of material misstatements
 Preparing a detailed audit approach
 Making administrative decisions such as staffing and budgets

‘The auditor should develop and document an overall audit plan describing the expected
scope and conduct of the audit.’

9. The following items go into a standard audit plan in order to ensure the
audit plan is comprehensive and relevant to the work required.

Knowledge of the entity’s business General economic factors and industry

conditions.
Important characteristics of the client like
(a) business (b) principal business
strategies (c) financial performance of the
entity (d) reporting requirements, including
changes since the previous audit
Operating style and cost control
consciousness of directors and
management.

The auditors cumulative knowledge of the

accounting and control systems and any
expected changes during the year.
Risk and Materiality The setting of materiality for audit
planning purposes
The expected assessment of risks or errors
and identification of significant audit areas
Any indication that misstatements that
could have material effect on the financial
statements might arise because of fraud or
for any other reasons
63
 The identification of complex accounting
areas including those involving the use of
accounting estimates
Nature, Timing and Extent of The relative importance and timing of tests
procedures of controls and substantive procedures
The use of information technology by the
client or auditors
The use of work performed by Internal
Audit
Procedures which need to be carried out at
or before the year end
The timing of significant phases of the
preparation of the financial statements
The audit evidence required to reduce
detection risk to an acceptably low level
Coordination, direction, supervision and The involvement of other auditors
review The involvement of experts, other third
parties and internal auditors
The number of locations
Staffing requirements
Other Matters Any regulatory requirements arising from
the decisions to retain the engagement
The possibility that the going concern basis
may not be appropriate
The terms of the engagement and any
statutory responsibilities
The nature and timing of reports or other
communication with the entity that are
expected under the terms of the
engagement

AUDIT PROCEDURES
This section covers the procedures that the auditors must undertake to ensure that
their appointment is valid and that they are clear to act. These matters are also
covered in Statement 5: Changes in Professional appointment in the ACCA’s rules of
Professional Conduct.

BEFORE ACCEPTING NOMINATION

Before a new audit client is accepted, the auditors must ensure that there are no
independence or other ethical problems likely to cause conflict with the ethical
code. Furthermore, new auditors should ensure that they have been appointed in a
proper and legal manner.
The nominee auditors must carry out the following procedures:

64
ACCEPTANCE PROCEDURES
Ensure professionally qualified to act Consider whether disqualified on legal or
ethical grounds
Ensure existing resources adequate Consider available time, staff and
technical expertise
Obtain references Make independent enquiries if directors
not personally known. See Section 3 of
this chapter
Communicate with present auditors Enquire whether there are
reasons/circumstances behind the change
which the new auditors ought to know,
also courtesy.

See flowchart over page for process

Example letters

This is an example of an initial communication

Dear Sirs

Re: New Client Co Ltd

We have been asked to allow our name to go forward for nomination as auditors
of the above company, and we should therefore be grateful if you would please
let us know whether there are any professional reasons why we should not accept
nomination…

Acquiring & Co

Certified Accountants

Having negotiated these steps the auditors will be in a position to accept the
nomination, or not, as the case may be. These procedures can be demonstrated
most easily in a decision chart, as shown on the next page.

Procedures after accepting nomination

The following procedures should be carried out after accepting nomination.

(a) Ensure that the outgoing auditors’ removal or resignation has

been properly conducted in accordance with national legislation.

65
 The new auditors should see a valid notice of the outgoing
auditors’ resignation, or confirm that the outgoing auditors were
properly removed.

(b) Ensure that the new auditors’ appointment is valid. The new
auditors should obtain a copy of the resolution passed at the
general meeting appointing them as the company’s auditors.
(c) Set up and submit a letter of engagement to the directors of the
company.

POINT TO NOTE

Letters of engagement are discussed in Section 5 of this chapter.

OTHER MATTERS

Where the previous auditors have fees still owing by the client, the new auditors
need not decline appointment solely for this reason. They should decide how far
they may go in auditing the former auditors to obtain their fees, as well as whether
they should accept the appointment.

Once a new appointment has taken place, the new auditors should obtain all books
and papers which belong to the client from the old auditors. The former
accountants should ensure that all such documents are transferred, unless they
have a lien (a legal right to hold on to them) over the books because of unpaid
fees. The old auditors should also pass any useful information to the new auditors
if it will be of help, without charge, unless a lot of work is involved.

66
Appointment decision chart

Approach by new
Audit client

Is this the Yes No need to

first audit? follow Professional
rules – the auditor
can make own
decision

Does client No
give Permission to
contact old
auditor?

Write for all information Prospective auditor

pertinent to the should decline
appointment section appointment

Does
Client give No
Old auditor
Permission to
Reply?

Yes

Information
otherwise Obtained
relevant to new
appointment?

Yes

Accept/reject
appointment
decision

67
CLIENT SCREENING

As well as contacting previous auditors many firms, particularly larger firms,

carry out stringent checks on potential client companies and their management.
There are a number of reasons for this, as we will see shortly.

Basic factors for consideration

(a). Management integrity

The integrity of those managing a company will be of great importance,

particularly if the company is controlled by one or a few dominant
personalities.

(b). Risk

The following table contrasts low and high risk clients.

LOW RISK HIGH RISK

Good long-term prospects Poor recent or forecast performance
Well-financed Likely lack of finance
Strong internal controls Significant control weaknesses
Conservative, prudent accounting Evidence of questionable integrity,
policies doubtful accounting policies
Competent, honest management Lack of finance director
Few unusual transactions Significant related party or unexplained
transactions

Where the risk level of a company’s audit is determined as anything other than
low, then the specific risks should be identified and documented. It might be
necessary to assign specialists in response to these risks, particularly industry
specialists, as independent reviewers. Some audit firms have procedures for
closely monitoring audits which have been accepted, but which are considered
high risk.

ENGAGEMENT ECONOMICS

Generally, the expected fees from a new client should reflect the level of risk
expected. They should also offer the same sort of return expected of clients of
this nature and reflect the overall financial strategy of the audit firm.
Occasionally, the audit firm will want the work to gain entry into the client’s
particular industry, or to establish better contacts within that industry. These
factors will all contribute to a total expected economic return.

68
 RELATIONSHIP

The audit firm will generally want the relationship with a client to be long term.
This is not only to enjoy receiving fees year after year; it is also to allow the audit
work to be enhanced by better knowledge of the client and thereby offer a better
service.

Conflict of interest problems are significant here; the firm should establish that no
existing clients will cause difficulties as competitors of the new client. Other
services to other clients may have an impact here, not just audit.

SOURCES OF INFORMATION ABOUT NEW CLIENTS

Enquiries of other sources Bankers, solicitors
Review of documents Most recent annual accounts, listing
particulars, credit rating.
Previous accountants/auditors Previous auditors should disclose fully all
relevant information
Review of rules and standards Consider specific law/standards that relate to
industry

APPROVAL

Once all the relevant procedures and information gathering has taken place, the
company can be put forward for approval. The engagement partner will have
completed a client acceptance form and this, along with any other relevant
documentations, will be submitted to the managing partner, or whichever partner
is in overall charge of accepting clients.

Exam focus point

In the exam you may be given a ‘real-life’ client situation and asked what factors
you would consider in deciding whether to accept appointment. The ethical
considerations covered in Chapter 4 and in this chapter are likely to be relevant.

AUDIT RISK

In planning the audit, the auditor will be concerned with the risks that the entity is
exposed to. Therefore, a number of tests will be carried at the planning stage in order to
determine audit risk

As you know from your previous studies the auditor must be aware of two types of risk.

 Audit risk (sometimes known as assignment or engagement risk)

 Business risk

69
Audit risk = Control risk * detection risk * inherent risk

Audit risk

KEY TERMS

Audit risk is the risk that auditors may give an inappropriate opinion on
the financial statements. Audit risk has two key components; risk of
material misstatements in financial statements (detection risk). The
former breaks down into inherent risk and control risk.

Inherent risk is the susceptibility of an account balance or class of

transactions to material misstatement, either individually or when
aggregated with misstatements in other balances or classes, irrespective of
related internal controls.

Control risk is the risk that a misstatement:

 Could occur in an account balance or class of transactions

 Could be material, either individually or when aggregated with
misstatements in other balances or classes, and
 Would not be prevented, or detected and corrected on a timely basis,
by the accounting and internal control systems.

Detection risk is the risk that the auditors’ substantive procedures do not
detect a misstatement that exists in an account balance or class of
transactions that could be material, either individually or when aggregated
with misstatements in other balances or classes.
Inherent risk
Inherent risk is the risk that items will be misstated due to characteristics of those items,
such as the fact they are estimates or that they are important items in the accounts.
The auditors must use their professional judgement and the understanding of the entity
they have gained to assess inherent risk. If no such information or knowledge is available
then the inherent risk is high.

FACTORS AFFECTING CLIENT AS A WHOLE

Integrity and attitude to risk of Domination by a single individual
directors and management can cause problems
Management experience and Changes in management and
knowledge quality of financial management
Unusual pressures on management Examples include tight reporting
deadlines, or market or financing
expectations
Nature of business Potential problems include

70
 technological obsolescence or over-
dependence on single product
Industry factors Competitive conditions, regulatory
requirements, technology
developments, changes in
customers demand
Information technology Problems include lack of supporting
documentation, concentration of
expertise in a few people, potential
for unauthorised access

FACTORS AFFECTING INDIVIDUAL ACCOUNT BALANCES OR

TRANSACTIONS
Financial statement accounts prone Accounts which require adjustment
to misstatement in previous period or require high
degree of estimation
Complex accounts Accounts which require expert
valuation or are subjects of current
professional discussion
Assets at risk of being lost or stolen Cash, inventory, portable non-
current assets (laptop computers)
Quality of accounting systems Strength of individual departments
(sales, purchases, cash etc)
High volume transactions Accounting system may have
problems coping
Unusual transactions Transactions for large amounts with
unusual names, not settled promptly
(particularly important if they occur
at period-end)

Transactions that do not go through

the system, that relate to specific
clients or processed by certain
individuals
Staff Staff changes or areas of low
morale

Control risk

Control risk is the risk that client controls fail to detect material misstatements. A
preliminary assessment of control risk at the planning stage of the audit is required to
determine the level of controls and substantive testing to be carried out.

71
Detection risk

Detection risk is the risk that audit procedures will fail to detect material errors.
Detection risk relates to the inability of the auditors to examine all evidence. Audit
evidence is usually persuasive rather than conclusive so some detection risk is usually
present, allowing the auditors to seek ‘reasonable confidence.’

The auditors’ inherent and control risk assessments influence the nature, timing and
extent of substantive procedures required to reduce detection risk and thereby audit
risk.

KEY TERMS
Business risk is the risk inherent to the company in its operations. It is
risks at all levels of the business. It is split into three categories:

Financial risks are the risks arising from the financial activities or
financial consequences of an operation, for example, cash flow issues or
overtrading.

Operational risks are the risks arising with regard to operations, for
example, the risk that a major supplier will be lost and the company will
be unable to operate.

Compliance risk is the risk that arises from non-compliance with the laws
and regulations that surround the business. The compliance risk attaching
to environmental issues, for example, is discussed in Chapter 18.

The above components of business risk are the risks that the company should seek to
mitigate and manage.

The process of risk management for the business is as follows:

 Identify significant risks which could prevent the business achieving

its objectives
 Provide a framework to ensure that the business can meet its
objectives
 Review the objectives and framework regularly to ensure that
objectives are met

A key part of the process is therefore to identify the business risks. There are various
tools used to do this such as;

 SWOT analysis
 The five forces model
 The PEST analysis
 Porter’s value chain

72
Exam focus point

The study guide states that you should be able to identify business risks in
a question. If you have previously used any of the above techniques, they
may be useful to you, but in the exam, it will be better to use common
sense as you work through any given question, bearing in mind the three
components of business risk given above.

Relationship between business risk and audit risk

On the one hand, business risk and audit risk are completely unrelated:

 Business risk arises in the operations of a business

 Audit risk is focused on the financial statements of the business
 Audit risk exists only in relation to an opinion given by auditors

In other ways, the two are strongly connected. The strong links between them can
be seen in the inherent and control aspects of audit risk. In audit risk these are
limited to risks pertaining to the financial statements.

Business risk includes all risks facing the business. In other words, inherent
audit risk may include business risks.

In response to business risk, the directors institute a system of controls. These

will include controls to mitigate against the financial aspect of the business risk.
These are the controls that audit control risk incorporates.

Therefore, although audit risk is very financial statements focused, business risk
does form part of the inherent risk associated with the financial statements, not
least, because if the risks materialize, the going concern basis of the financial
statements could be affected.

THE RISK BASED APPROACH

1. Risk-based auditing refers to the development of auditing techniques that are

responsive to risk factors in an audit. As mentioned before, the auditors apply
judgement to determine what level of risk pertains to different areas of a
client’s system and devise appropriate audit test.

2. This approach should ensure that the greatest audit effort is directed at the
areas in which the financial statements are most likely to be misstated, so that
the chance of detecting errors is improved and time is not spent on
unnecessary testing of ‘safe’ areas.

3. The increased use of risk-based auditing reflects two factors.

73
 (a) The growing complexity of the business environment increases
the danger of fraud or misstatement. Factors such as the
developing use of computerised systems and the growing
internationalization of business are relevant here.

(b) Pressures are increasingly exerted on auditors to keep fee levels

down while an improved level of services is expected.

4. The risk approach is best illustrated by a small case study.

Case study: audit risk approach

Your audit firm has as its client a small manufacturing company. This
company owns the land and buildings in its balance sheet which it
depreciates over 50 years (buildings only) and has always valued it at cost.

The other major item in the balance sheet is inventory.

Looking at these two balance sheet items from the point of view of the
audit firm, the following conclusions can be drawn.

There is only a small chance that the audit engagement partner will draw
an inappropriate conclusion about land and buildings.

In a manufacturing company, inventory is likely to be far more complex.

There may be a significant number of lines to count and value, the
quantity will change all the time, inventory may grow obsolete. The
chance of the audit engagement partner drawing an inappropriate
conclusion about inventory is higher than the risk in connection with land
and buildings.

The auditors will have to do less work to render audit risk acceptable for
land and buildings than on inventory. The audit risk approach will mean
doing less work on land and buildings than inventory.
5. ISA 315 requires that auditors consider the entity’s process for assessing its
own business risks, and the impact that this might have on the audit in terms
of material misstatements. Auditors consider:

 What factors lead to the problems that may cause materials

misstatements?
 What can the audit contribute to the business pursuing its goals?

6. This ‘business risk’ approach was developed because it is sometimes the case
that the auditors believe the risk of the financial statements being misstated
arises predominantly from the business risks of the company.

74
Business risks leading to material misstatements

7. The table below highlights some of the factors that exist.

Immediate Financial Statement

Principal risk Implications
Economic pressures causing Inventory values (ISA 2)
reduced unit sales and eroding
margins. Going concern
Economic pressures resulting in Receivable recoverability
demands for extended credit
Product quality issues related to Inventory values – net realizable
inadequate control over supply value and inventory returns
chain and transportation damage
Customer dissatisfaction related to Going concern
inability to meet order
requirements.
Customer dissatisfaction related to Receivable valuation
invoicing errors and transportation
damage.
Unacceptable service response call
Going concern
Litigation – provisions and
rate related to poor product quality
contingencies
Inventory – net realizable value
Out of date IT systems affecting Anywhere
management’s ability to make
informed decisions.

Question: business risk

State what category of business risk each of the risks in the above table
falls under.

Answer

1 Financial
2 Financial
3 Operational
4 Operational
5 Operational
6 Operational
7 Operational

75
8. The business risk audit approach tries to mirror the risk management steps that
have been taken by the directors. In this way, the auditor will seek to
establish that the financial statement objectives have been met, through an
investigation into whether all the other business objectives have been met by
the directors.
9. This approach to the audit has been called a ‘top-down’ approach, because it
starts at the business and its objectives and works back down to the financial
statements, rather than working up from the financial statements which have
historically been the approach to audit.
10. The ‘top-down approach’ has an effect on the procedures used in the audit, as
follows.

Audit procedures Effect of ‘top-down’ approach

Tests of controls As the auditor pays greater attention to the high
level controls used by directors to manage
business risks, controls testing will be focused on
items such as the control environment and
corporate governance than the detailed
procedural controls tested under traditional
approaches.
Analytical procedures Analytical procedures are used more heavily in a
business risk approach as they are consistent
with the auditor’s desire to understand the
entity’s business rather than to prove the figures
in the financial statements.
Detailed testing The combination of the above two factors,
particularly the higher use of analytical
procedures will result in a lower requirement for
detailed testing, although substantive testing will
not be eliminated completely.

11. The other key element of a business risk approach is that as it is focused on
the business more fully, rather than the financial statements, there is greater
opportunity for the auditor to add value to the client’s business and to assist
him in managing the risks that the business faces.

Advantages of business risk approach

12. There are a number of reasons why firms who use the business risk approach
prefer it to historic approaches.

 Added value given to clients as the approach focuses on the business

as a whole

76
 Audit attention focused on high level controls and high use of
analytical procedures increase audit efficiency and therefore cost

 Does not focus on routine processes, which technological

developments have rendered less prone to error than has historically
been the case

 Responds to the importance that regulators and the government have

placed on corporate governance in recent years

 Lower engagement risk (risk of auditor being sued) through broader

understanding of the client’s business and practices.

77
CHAPTER 3.0: INTERNAL AUDITING
1. Using the Work of Internal Audit

ISA 610.2

The external auditor should consider the activities of internal auditing

and their effect. If any, on external audit procedures.

The ISA goes on to make a most important point.

‘While the external auditor has sole responsibility for the audit opinion expressed
and for determining the nature, timing and extent of external audit procedures,
certain parts of internal auditing work may be useful to the auditors’.

2. Scope and objectives of internal auditing

The scope and objectives of internal auditing vary widely. Normally however,
internal auditing operates in one or more of the following broad areas.

 Review of the accounting and internal control systems.

 Examination of financial and operating information.
 Review of economy, efficiency and effectiveness.
 Review of compliance with laws and regulations.
 Special investigations.

3. Understanding and preliminary assessment of the role and scope of internal audit

ISA 610.9

The external auditor should obtain sufficient understanding of internal audit to

assist in planning the audit developing an effective audit approach.

An effective Internal Audit function may reduce, modify or alter the timing of
external audit procedures, but it can never eliminate them entirely. Where the IA
function is deemed ineffective, it may still be useful to be aware of the IA
conclusions. The effectiveness of Internal Audit will have a great impact on how the
external auditors assess the whole control system and the assessment of audit risk.

78
 ISA 610

During the course of planning the audit the external auditor should perform a
preliminary assessment of the internal audit function when it appears that
internal auditing is relevant to the external audit of the financial statements in
specific audit areas.

The following important criteria will be considered by the external auditors.

ASSESSMENT OF INTERNAL AUDIT

Organisation status Consider to whom internal audit reports (should be

board), whether internal audit has any operating
responsibilities and constraints or restrictions on the
function.

Scope of function Consider extent and nature of assignments

performed and the action taken by management as a
result of internal audit reports.

ASSESSMENT OF INTERNAL AUDIT

Technical competence Consider whether internal auditors have adequate

technical training and proficiency

Due professional care Consider whether internal audit is properly planned,

supervised, reviewed and documented

When reporting, internal auditors should report to the whole board or the audit committee
and should be free to discuss their concerns with external auditors. They should not
report to management upon whose work or responsibilities they are likely to comment;
this may mean for example that they should report to the finance director.

Internal Audit Department will:

 Review the business procedures and practices and ensure that the company is
complying with local legislation and ensure that the company’s business activities
are ethical and acceptable.
 Review the effectiveness of the accounting systems and whether accounts are
being prepared in accordance with the latest accounting standards

79
  Assess the effectiveness of internal controls for the prevention of material
misstatements, frauds and errors.
 Review the risks that the company is exposed to and devise specific controls to
mitigate or reduce those risks.

4. Using the work of internal audit

The objectives of internal audit will differ from those of the external auditors. However,
some of the means of achieving their respective objectives are often similar, and so some
of the internal auditors’ work may be used by the external auditors. External auditors
may use internal auditors’ work on the following areas.

5. Recording an accounting system

The external auditor should carry out walkthrough tests on the records.

Evaluating and testing internal control

If the external auditors are to rely on the work done, say the completion of an internal
control evaluation questionnaire, they should check that the method of evaluation is
appropriate. They should confirm that internal audit has satisfactorily tested controls in
detail by re-performing a sample of internal audit’s tests; if internal audit’s work is
satisfactory, external auditors can make a reduced assessment of control risk as a
consequence.

In particular external audit may be able to rely on internal audit’s assessment of

computer systems, since internal audit may have carried out extensive testing on aspects
of the system including controls over development and operation of the system and
general controls such as access controls.

Substantive procedures

As external auditors are primarily interested in internal audit’s role as a control, the
importance of internal audit as a source of substantive evidence will be less. However
internal audit procedures may be a source of substantive evidence in particular areas, for
example comparing supplier statements with the purchase ledger. If the client has several
sites, internal audit may have visited sites that external auditors will not have the chance
to visit, and external audit may be able to place some reliance on the work done by
internal audit on those sites.

Timing of liaison and co-ordination

All timing of IA work should be agreed as early as possible, and in particular how it co-
ordinates with the external auditors’ work. Liaison with the internal auditors should take
place at regular intervals throughout the audit. Information on tests and conclusions
should be passed both to and from IA.

80
6. Evaluating specific internal auditing work

ISA 610.16

When the external auditor intends to use specific work of internal audit, the
external auditor should evaluate and test that work to confirm its adequacy for
the external auditor’s purpose.

The evaluation here will consider the scope of work and related audit
programmes and whether the assessment of the IA function remains appropriate.
This may include consideration of whether:

Evaluation

Training and Have the internal auditors had sufficient and adequate
proficiency technological training to carry out the work?

Supervision Is the work of assistants properly supervised, reviewed and

Evidence documented?
Has sufficient, appropriate audit evidence been obtained to
afford a reasonable basis for the conclusions reached?

Conclusions Are the conclusions reached appropriate, given the

Reports circumstances?
Are any reports produced by internal audit consistent with
the result of the work performed?

Unusual Have any unusual matters or exceptions arising and

matters disclosed by internal audit been resolved properly?
Plan Are any amendments to the external audit programme
required as a result of the matter identified by internal audit?

Testing Has the work of internal audit been sufficiently tested by the
external auditor to confirm its adequacy?

The nature, timing and extent of the testing of the specific work of internal
auditing will depend upon the external auditor’s judgement of the risk and
materiality of the area concerned, the preliminary assessment of internal
auditing and the evaluation of specific work of internal auditing. Such tests
may include examination of items already examined by internal auditing,
examination of other similar items and observation of internal auditing
procedures.

81
 If the external auditors decide that the IA work is not adequate, they should
extend their procedures in order to obtain appropriate evidence.

7. Guidance for internal auditors

The essentials for effective internal auditing are as follows:

 Independence, both in terms of organizational status and personal objectivity.

 Appropriate staffing and training.
 Constructed working relationships.
 Due care.
 Adequate planning.
 Evaluation of the internal control system.
 Obtaining sufficient, relevant and reliable evidence.
 Prompt reporting and follow-up.

8. Using the work of others as part of a review

ISA 910 states that when the auditor uses work carried out by another party (expert or
internal auditor) as part of a review, he must be satisfied that the work is satisfactory for
the purposes of the report he is issuing. This will be a matter of judgement.

9. Internal audit using the work of others

The situation where internal auditors use the work or experts or service organizations is
different when external auditors use them. The experts are contracted to provide the
service to the organization (of which the IA function is part).

This gives the company contractual rights when they rely on the work. If the directors
permit the internal auditors to use the services of an expert, the internal auditors may seek
to rely on their work and may be able to sue for negligence if the work is not of a
satisfactory quality.

AG 308 Guidance for internal auditors

The internal auditor should seek to foster constructive working relationships and
mutual understanding with management, with external auditors, with any other
review agencies, and where one exists with the audit committee.

Auditing guidance 308 also advice when internal auditors are making use of an external
reviewer or specialist, for example, a management consultant to seeking improvements in
the organizational performance.

82
It states that the IA department must seek management’s formal approval before releasing
an audit report to the reviewer. It also states that the internal auditor should foster ‘regular
dialogue’ with the external service provider.

Reviews

1. An audit can be used to give assurance to a variety of stakeholders on a variety

issues. However, an audit is an exercise designed to give a high level of
assurance (as we shall see later) and involves a high degree of testing and
therefore cost. In some cases, stakeholders may find that they receive sufficient
assurance about an issue from a less detailed engagement, for example, a
review. A review can provide a cost-efficient alternative to an audit where an
audit is not required by law.

KEY TERM

The objective of a review engagement is to enable an auditor to state whether, on

the basis of procedures which do not provide all the evidence that would be
required in an audit, anything has come to the auditor’s attention that causes the
auditor to believe that the financial statements are not prepared, in all material
respects, in accordance with an identified financial reporting framework.

2. The major result for recipients of a review engagement is that the level of
assurance they gain from a review engagement is not as high as from this audit.
This is discussed in Section 4.

3. However, the procedures carried out in a review engagement are similar to an

audit. There is higher reliance on the use of analytical procedures but
otherwise, the approach is similar.

POINTS TO NOTE

As the techniques used in audits and reviews are similar, the methods and
procedure you will encounter in Parts B-E of this study Text are relevant to both
audits and reviews. Bear in mind that for a review, less detailed procedures will
be carried out and sample sizes are likely to be smaller.

83
 Internal Auditing

KEY TERM

Internal auditing is an appraisal or monitoring activity established within an

entity as a service to the entity. It functions by, amongst other things,
examining, evaluating and reporting to management and the directors on the
adequacy and effectiveness of components of the accounting and internal control
systems.

4. Up to now in this Chapter we have discussed assurance service where an

independent outsider provides financial information. However, the syllabus is
also concerned with the assurance that can be provided to management (and by
implication, to other parties) internal auditors.

5. As we saw previously as part of their corporate governance duties, listed

company directors are required, and all directors are advised, to review the
effectiveness of the company’s risk management and internal control systems.
They should also consider the need for an internal audit function to help
them carry out their duties.

6. Larger organizations may therefore appoint full-time staff whose function is to

monitor and report on the running of the company’s operations. Internal
audit staff members are one type of control. Although some of the work carried
out by internal auditors is similar to that performed by external auditors, there
are important distinctions between the two functions in terms of their
responsibilities, scope and relationship with the company.

ASSURANCE AND REPORTS

1. External auditors give an opinion on the truth and fairness of financial statements.
This is not an opinion of absolute correctness. ‘True’ and ‘fair’ are not defined in
law or audit guidance, but the following definitions are generally accepted.

KEY TERMS

True. Information is factual and conforms with reality, not false. In addition
the information conforms with required standards and law. The accounts have
been correctly extracted from the books and records.

Fair. Information is free from discrimination and bias and in compliance with
expected standards and rules. The accounts should reflect the commercial
substance of the company’s underlying transactions.

84
2. The audit report refers to the fact that an auditor obtains evidence ‘on a test basis’,
he does not check everything. He is therefore, giving ‘reasonable’ not ‘absolute’
assurance.

KEY TERM

An audit gives the reader reasonable assurance on the truth and fairness of the
financial statements. The audit report does not guarantee that the financial
statements are correct, but that they are fair with a reasonable margin of error.

3. One of the reasons that an auditor does not give absolute assurance is the
inherent limitations of audit.

Limitations of audit

4. The assurance auditors give is governed by the fact that auditors use judgement
in deciding what audit procedures to use and what conclusions to draw, and also
by the limitations of every audit.

5. Students are advised that questions will be based in the principles and good
practice set out in the International Standards on Auditing.

SMALLER ENTITIES

5.5 INTERNAL CONTROLS IN SMALL BUSINESS

Statutory and non-statutory audits

KEY TERM

‘The objective of an audit of financial statement is to enable the auditor to

express an opinion whether the financial statements are prepared, in all materials
respects, in accordance with an identified financial reporting framework. The
phrases used to express the auditor’s opinion are ‘give a true and fair view’ or
‘present fairly, in all material respects’, which are equivalent terms. A similar
objective applies to the audit of financial or other information prepared in
accordance with appropriate criteria.

7. The purpose of an audit is to enable auditors to give an opinion on the financial

statements. While an audit might produce by-products such as advice to the
85
 directors on how to run the business, the point of an adult is solely to report to
shareholders.

8. In most countries, audits are required under national statue in the case of a large
number of undertakings, including limited liability companies. Other
organizations and entities requiring a statutory audit may include charities,
investment businesses, trade unions and so on.

9. Audits are required under statue in the case of a large number of undertakings.
In the UK, registered companies legislation (currently Companies Act 1985),
most companies are required to have an audit. There are also requirements for:

 Building Societies (Building Societies Act 1965)

 Trade Unions/employer associations (Trade Union and Labour Relations Act
1974)
 House Associations (various pieces of related legislation)
 Certain charities (various pieces of legislation, depending on status)

10. The statutory audit can bring various advantages to the company and
shareholders. The key benefit to shareholders is the impartial view provided by
the auditors. However, the company benefits from professional accountants
reviewing the accounts and systems as part of the audit. Benefits might include
recommendations being made in relation to accounting and control systems and
the possibility that auditors might detect fraud and error.

POINTS TO NOTE

Statutory audits will be discussed in more detail in later. A chronology of a

typical audit showing the auditors’ work on accounts and system is given in
Section 4 of this Chapter. The techniques auditors use will be discussed in Parts
B-E of this Study Text.

Mail

 Is all mail received and opened by the proprietor?

 If the proprietor does not himself open the mail, is it opened by a person not
connected with the accounts and read by him before it is distributed to the
staff?

Receipts

 Are all cheques and postal orders received by post counted by the proprietor

86
 before they are passed to the cashier?
 Are all cheques and postal orders crossed to the company’s branch of its
banker ‘Not negotiable – account payee only’.
 Are cash sales and credit sale receipts over the counter controlled by locked
cash register tapes which only the proprietor can open?
 Does the proprietor reconcile the cash register totals with the cash sales
receipts daily?
 Is the person performing the duties of cashier barred any responsibility
concerning the sales, purchase or nominal ledgers?

Banking

 Is all cash received banked intact at interval of not more than three days?
 Does the proprietor reconcile all monies received with the copy paying-in-
slips at regular intervals?

Payments

 Are all payments except sundry expenses made by cheques?

 Does the proprietor sign all cheques?

o Are cheques signed by the proprietor only after he has satisfied

himself that:
o He has approved are crossed not negotiable and account payee only?
o All cheques numbers are accented for?

 Are petty cash expenses controlled by the imprest system?

 Does the proprietor review all expenses and initial the petty cash book before
reimbursing the cashier?

Bank statements

 Are bank statements and paid cheques to ensure that he has signed them all
before he passes them to the cashier?
 Does the proprietor**
o Prepare a bank reconciliation each month? Or
o Review in detail a reconciliation produced by the cashier?

Orders

 Are all purchase orders issued:

o Serially numbered by the printer?
o Pre-printed duplicate order forms?
 Does the proprietor approve all orders?

Receipt of goods

87
Are delivery notes:
 Checked with goods?
 Compared with the copy order?
 Compared with the invoice?

Wages

 Is a separate cheque drawn for the exact amount to pay wages and tax?
 Does the proprietor either prepare or examine the wages records before
signing the cheque?
 Does the proprietor initial the wages records after his examination?
 Does the proprietor oversee the distribution of the wages packets or does he
distribute them himself?

Receivables

 If credit is granted to customers does the proprietor:

o Authorise every extension of credit to a customer?
o Approve credit limits for each customer?

 Does the proprietor authorize all:

 Write offs of bad debts?
 Sales returns and allowances?
 Discounts other than routine cash discounts?
 Does the proprietor receive a monthly list of trade accounts receivable,
showing the age of the debts?
 Are all authorizations by the proprietor evidenced by his initials?

Goods outwards

 Are p-numbered dispatch notes prepared for all goods leaving the premises?
 Are all dispatch notes:
 Accounted for?
 Cross referenced with invoices and credit notes?
 Is the proprietor satisfied that all goods leaving the premises have been
accounted for?

Inventory

 Does the proprietor scrutinize inventory regularly to:

 Keep abreast of what is in inventory?
 Discover obsolete items?
 Discover damaged articles?
 Ensure that inventory levels are kept under control?

88
 AUDIT PROCEDURES

1. The Approach to Audit Work

Before Engagement – Ethical Clearance

2. Before accepting an appointment to act as auditor, members of the professional

accountancy bodies are required, under strict ethical rules, to communicate with
the previous holder of office to enquire whether there is any professional or
other reason for proposed change which he should be aware of when deciding
whether or not to accept nomination. This applies regardless of whether the
existing auditor is a member of the same professional body or not. This duty to
communicate should be explained to the prospective new client, from whom
authority to do so should be sought. If authority is not given, the appointment
should not be accepted. Nor should it be accepted if the existing auditor is
refused permission to discuss the client’s affairs with the proposed new auditor.
Normally such communication takes place without difficulty but if every
reasonable attempt to get in touch with the existing auditor is unsuccessful, it
may be assumed that there is no reason for not accepting the appointment.
Similar considerations apply in cases where the new appointment relates to
professional work other than auditing. Reference should be made to the
recommendations in Changes in a Professional Appointment, already
summarized in Chapter 1.

Letter of engagement

(a) The functions of the auditor are quite distinct from the provision of accountancy,
tax and other services; and
(b) It is not the main purpose of the audit to discover defalcations; irregularities and
errors in the client’s records, and the audit should not be relied upon for this
purpose. The Guideline correctly relates the auditor’s responsibility under his
head to the materiality of the defalcation, etc., in relation to the ‘true and fair
view’ requirement for the financial statements being audited.

3. Many court cases in the past might have been avoided had closer attention been
paid to this matter, and in most of these cases the courts took the view that the
onus was on the accountant, as the professional party to the contract, to take the
necessary steps ab iniito in order to avoid a misunderstanding as to the work,
and hence the responsibilities, undertaken. With statutory engagements,
however, there is less risk of the relationship between client and auditor being
misconstrued by the client, since so much of this relationship is governed by
legislation.

2.4.4 APPOINTMENTS AS AUDITORS

In addition, there are certain other matters, which according to the circumstances, may
need to be dealt with in our report.
89
1 Accounting and Other Services
2 Taxation Services
3 Fees
5 Agreement of Terms
6 Accounting
7 Taxation
8 Responsibilities and scope of the audit
9 Representations by Management
10 Irregularities and Fraud
11 Accounting and taxations Services
12 Fees

Agreement of Terms

2.3 Opinions and certificates

(a) A auditor he has checked that a submission has been accurately drawn up, in a
form prescribed for a particular purpose, such as when claiming an investment
grant; or

(b) He as accountant to a non-statutory entity such as sole trader or partnership,

prepared a set of final accounts from underlying records and information supplied
for the purpose, and is hence in a position to certify that the accounts are in
accordance therewith, notwithstanding the fact that no audit has been carried out.

Since the task of the auditor today is at once more onerous and more complex than ever
before, it is essential that both client and auditor should be ‘of one mind’ as to the work
which the auditor is undertaking. It is therefore the practice of professional firms to issue
letter to their clients at the time of being engaged to undertake professional work, in
which they set out in clear terms:

(a) What they understand the engagement to involve;

(b) The way in which they would normally set about the work, including the
assistance and co-operation which they would expect from the client;
(c) The basis on which fees would be calculated; and
(d) A brief description of the other services which the firm is able to provide, if called
upon to do so by the client.

In connection with (b) above, the letter should state that the audit will include a critical
review of the system of internal control, and that tests carried out on the basis of that
review will be in accordance with what the auditor thinks necessary – such test not
necessarily being confined to the financial records. Some letters, at this point, refer to
specific tests such as physical verification of stocks and circularization of debtors, by way
of example.

Some engagement letters are detailed and specific while others are drafted more loosely,
depending upon the preference of the firm in question; although any individual firm
would normally standardize the engagement letters to be issued by it in differing
90
circumstances. It is normal practice to send a copy together with the letter, requesting
that it should be signed by the client as an acknowledgement of agreement as to terms,
and immediately returned to the auditors for the latter’s records.

In the case of statutory audits, the letters should set out the requirements imposed by
statute, which cannot be varied by either client or auditor, with particular reference to the
significance of the audit report.

Engagement letters relating to non-statutory assignments, e.g work requested by sole

traders, partnerships or unincorporated associations (such as social clubs), which usually
require no more than the preparation of accounts and tax returns, should carefully
delineate the work involved as specifically as possible, since any subsequent dispute or
negligence change, possibly leading to litigation, would be decided largely on the
question of:

(b) The scope, and

(c) The depth of work, as defined at the time of engagement.

A well-drafted engagement letter will, for example, serve to clarify for the client’s benefit
the distinction between the respective responsibilities of directors and auditors, as
summarized in the following box:

Directors
Auditors
Devise/implement internal controls
Maintain proper accounting records
Report lapses only
Prepare annual financial statements
Ensure accounts give ‘true and fair’ view
Opinion to members
Ensure accounts comply with Companies Act
Opinion to members
Lay accounts before members
File accounts with Registrar
Act throughout in fiduciary capacity
Act in independent
Reporting capacity

Despite the caveat previously mentioned regarding errors, irregularities and defalcations,
it is important not to give the impression that no responsibility for these is assumed. The
auditor should undertake to exercise that degree of care and competence required by the
circumstances, but in the context of an investigation designed to enable him to express an
opinion, rather than one specifically directed to the discovery of fraud and errors. The
engagement letter should set out the directors’ statutory responsibilities for ensuring that
proper accounting records are maintained and that annual accounts showing a true and
fair view are prepared; the letter should mention the directors’ duty to ensure that there is

91
a proper system of internal control. It is suggested that reference to Section 9.6 be made
for a full consideration of the auditor’s responsibility for fraud detection.

Ignorance of other services available sometimes leads to the client (especially smaller
enterprises) failing to ask for help which the auditor (in his capacity as accountant) could
provide if so requested. Where it is appropriate, and is not likely to result in a conflict of
interest and consequent loss of independence, the opportunity may be taken in the
engagement letter to mention any services, other than auditing, which are available.

It should always be borne in mind that the letter of engagement would be looked upon by
the courts as prima-facie evidence of the essential contractual arrangements which subsist
between auditor and client. The following is a specimen of a typical letter of engagement,
appropriate to a new company client, which incorporates the matters explained above. It
is based on the example given in the 1984 APC Guideline.

The Directors Date:

Boxwood Timber Co. Ltd
Ivy Lane
Berkamsted
Herts

Gentlemen

The purpose of this letter is to set out the basis on which we (are to) as auditors of the
company (and its subsidiaries) and the respective areas of responsibility of the company
and of ourselves.

3.1 As directors of the above company, you are responsible for maintaining proper
accounting records and preparing financial statements which give a true and fair view
and comply with the Companies Act. You are also responsible for making available
to us, as and when required, all the company’s accounting records and other records
and related information, including minutes of all management and shareholder’s
meetings

3.2 We have a statutory responsibility to report to the members whether in our opinion
the financial statements give a true and fair view of the state of the company’s affair
and of the profit or loss for the year and whether they comply with the Companies
Act 1985. In arriving at our opinion, we are required to consider the following
matters, and to report on any in respect of which we are not satisfied:

(a) Whether proper accounting records have been kept by the company and proper
returns adequate for our audit have been received from braches not visited by us:
(b) Whether the company’s balance sheet and profit and loss account are in
agreement with the accounting records and returns.
(c) Whether we have obtained all the information and explanations which we think
necessary for the purpose of our audit; and

92
 (d) Whether the information in the directors’ report is consistent with that in the
audited financial statements.

3.3 We have professional responsibility to report if the financial statements do not

comply in any material respect with Statements of Standard Accounting Practice,
unless in our opinion the non-compliance is justified in the circumstances.

3.4 Our audit will be conducted in accordance with the Auditing Standards issued by the
accountancy bodies and will have regard to relevant Auditing Guidelines.
Furthermore, it will be conducted in such as manner as we consider necessary to fulfil
our responsibilities and will include such tests of transactions and of the existence,
ownership and valuation of assets and liabilities we consider necessary. We shall
obtain an understanding of the accounting system in order to assess its adequacy as a
basis for the preparation of the financial statements and to establish whether
proper accounting records have been maintained. We shall expect to obtain such
relevant and reliable evidence as we consider sufficient to enable us to draw
reasonable conclusions there from. The nature ands extent of our tests will vary
according to our assessments of company’s accounting system and, where we wish to
place reliance on it, the system of internal control, may cover any aspect of the
business operations. We shall report to you any significant weakness in or
observations on, the company’s system which come to our notice and which we think
should be brought to your attention.

3.5 And part of our normal audit procedures, we may request you to provide written
confirmation of oral representations which we have received from you during the
course of the audit.

3.6 In order to assist with the examination of your financial statements, we shall request
sight of all documents or statements, including the chairman’s statement and the
directors’ report, which are due to be issued with the financial statements. We are
also entitled to attend all general meetings of the company and to receive notice of all
such meetings.

3.7 (Where appropriate) We appreciate that the present size of your business renders it
uneconomic to create a system of internal control based on the segregation of duties
for different functions of each area of the business. In the running of your company
we understand that the directors are closely involved with the control of the
company’s transactions. In planning and performing our audit work we shall take
account of this supervision. Further, we may ask additionally for confirmation in
writing that all the transactions undertaken by the company have been properly
reflected and recorded in the accounting records, and our audit report on you
company’s financial statements may refer to this confirmation.

3.8 The responsibility for the prevention and detection of irregularities and fraud rests
with yourselves. However, we shall endeavour to plan our audit so that we have a
reasonable expectation of detecting material misstatements in the financial statements
or accounting records resulting from irregularities of fraud, but our examination
should not be relied upon to disclose irregularities and frauds, which may exist.
93
3.9 (Where appropriate). We shall not be treated as having notice, for the purposes of our
audit responsibilities, of information provided to members of our firm other than
those engaged on the audit (e.g. information provided in connection with accounting,
taxation and other services).

(Where appropriate) Accounting and other services, and taxation services (either included
here or set out in a separate letter)

It was agreed that we should carry out the following services as your agents and on the
basis that you will make full disclosure to us of all relevant information.

3.10 Prepare the financial statements based on accounting records maintained by

yourselves;

3.11 Provide assistance to the company secretary by preparing and lodging returns
with the Registrar of Companies;

3.12 Investigate irregularities and fraud upon receiving specific instructions.

3.13 We shall in respect of each accounting period prepare a computation of profits,

adjusted in accordance with the provisions of the Taxes Acts, for the purposes of
assessment to corporation tax. Subject to your approval, this will then be submitted
to the Inspector of Taxes as being the company’s formal return. We shall lodge
formal notice of appeal against excessive or incorrect assessments to corporation tax
where notice of such assessments is received by us. Where appropriate, we shall also
make formal application for postponement of tax in dispute and shall also make
formal application for postponement of tax in dispute and shall advise as to
appropriate payments on account.

a. You will be responsible, unless otherwise agreed, for all other returns, more
particularly: the returns of advance corporation tax and income tax deducted at
source as required on Forms CT61, returns relating returns relating to employee
taxes under PAYE and returns of employee expenses and benefit on Forms
P111. Your staff will deal with all returns and other requirements in relation to
value added tax.

b. We shall be pleased to advise you on matters relating to the company’s

corporation tax liability, the implications particular business transactions and on
other taxation matters which you refer to us, such as national insurance, income
tax deducted at source, employee benefits, value added tax and capital transfer
tax.

Our fees are compared on the basis of the time spent on your affairs by the partners and
our staff, and on the levels of skill and responsibility involved. Unless otherwise agreed,
our fees will be charged separately for each of the main classes of work described above,
will be billed at appropriate interval during the course of the year and will be due on
presentation.
94
Once it has been agreed, this letter will remain effective, from one audit appointment to
another until it is replaced. We shall be grateful if you could confirm in writing your
agreement to the terms of this letter, or let us know if they are not in accordance with
your understanding of our terms of appointment.

Yours faithfully

The following is a specimen letter of engagement applicable to a sole trader, partnership

or unincorporated association, which no audit work is required.

P Lemon Esq
Friendly Grocery
High Street
Berkhamsted
Herts

Dear Sir

In confirmation of our interview with … (the client or named officials of his business) …
we let out below our understanding of the services your require us to perform.

(a) You require us to prepare accounts, in the form of a profit and loss account and
balance sheet for your consideration and approval. While we shall examine the
records and make such inquiries as we consider necessary to enable us to prepare
these accounts, we shall not carry out an audit in the sense by statute for companies.

(b) The accounts will contain a declaration for your signature that you approve the
accounts and have made available all relevant records and information for their
preparation.

(c) We shall report with such variations and we consider necessary that we have
prepared, without carrying out an audit, the accounts from the accounting records
presented to us and from the information and explanations supplied to us.

(d) As a result of our work we may be able to suggest improvements which could be
made to your accounting records. However, our work should not be relied on to
disclose defalcations or other irregularities. If an investigation is required specifically
to discover defalcations or irregularities this can be separately undertaken on request.

(e) You also require us to assist you with certain accounting services. You have agreed
that your staff will be responsible for:

(i) Keeping the records of receipts and payments;

(ii) Reconciling the balance monthly with the bank statements;
(iii)Keep posted and balance the purchases and sales ledger;
95
 (iv) Preparing details of the stocktaking suitably priced and extended.

We have agreed:

(b) To complete that postings to the nominal ledger;

(c) To prepare draft accounts for your considerations.

You have authorized us to act on your behalf in the preparation of Friendly Grocery’s
taxation computations and their submission to and agreement with the Inland Revenue,
subject to the approval and signature of the tax return by yourself. Your staff will deal
with all matters connected with Pay As You Earn and VAT but we shall be pleased to
advise on any aspects of this or other taxation matters if so requested.

Other Services

We shall be pleased to provide, if requested, other services such as:

(a) Accountants’ reports in support of returns or claims, e.g claims for investment
grants;
(b) Advice on financial matters;
(c) Management accounting services, including such matter as a review of the system
of book-keeping and the installation of a budgetary control system for
management;
(d) Reports for special purposes, e.g for acquisition of other business, and
investigations into specific aspects of the business.

Fees

Our fees are based upon the degree of responsibility and skill involved and the time
necessarily occupied on the work. Unless otherwise agreed they will be charged
separately for each class of work mentioned above.

We shall be obliged if you will kindly acknowledge receipt of this letter by signing and
returning the enclosed copy. If this is not in accordance with your understanding of our
agreement, we shall be pleased to receive you further observations and to give you any
further information you require.

Yours faithfully

WARRINGTON, MINGE AND CO.

The APC Guideline issued in may 1984 laid special emphasis on the following matters
concerning the content and the form of engagement letters, whose importance lies in the
fact that they embody the contractual terms which subsist between accountant/auditor and
client.
96
The letter should explain the principal statutory responsibilities of the client and the
statutory and professional responsibilities of the auditor.

In the case of a company, it should be indicated that it is the statutory responsibility of the
client to maintain proper accounting records, and to prepare financial statements, which
give a true and fair view and comply with the Company Act and other relevant
legislation. It should be indicated that the auditor’s statutory responsibilities include
making a report to the members stating whether in his opinion the financial statements
give a true and fair view and whether they comply with the companies Act.

It should be explained that the auditor has an obligation to satisfy himself whether or not
the directors’ report contains any matters which are inconsistent with the audited
financial statements. Furthermore, it should be indicated that the auditor has a
professional responsibility to report if the financial statements do not comply in any
material respect with Statements if Standard Accounting Practice, unless in his opinion
the non-compliance is justified.

The scope of the audit should be explained. In this connection, it should be pointed out
that the audit will be conducted in accordance with approved Auditing Standards and will
have regard to relevant Auditing Guidelines. It should be indicated that:

(a) The auditor will obtain an understanding of the accounting system in order to
assess its adequacy as a basis for the preparation of the financial statements;

(b) The auditor will expect to obtain relevant and reliable evidence sufficient to
enable him to draw reasonable conclusions therefore;

(c) The nature and extent of the test will vary according to the auditor’s assessment of
the accounting system and, where he wishes to place reliance upon it, the system
of internal control;

(d) The auditor will report to management any significant weaknesses in, or
observations on, the client’s systems which come to this notice and which he
thinks should be brought to management’s attention.

Where appropriate, reference should be made to recurring special arrangements

concerning the audit. These could include arrangements in respect of internal auditors,
divisions, overseas subsidiaries, other auditors and (in the case of a small business
managed by directors who are major shareholders) significant reliance on supervision by
the directors.

Where appropriate it should be indicated that, prior to the completion of the audit, the
auditor may seek written representations for management on matters having a material
effect on the financial statements.

The responsibility for the prevention and detection of irregularity and fraud rests with
management and this responsibility is fulfilled mainly through the implementation and
97
continued operation of an adequate system of internal control. The engagement letter
should make this clear. Furthermore, it should explain the auditor will endeavour to plan
his audit so that he has a reasonable expectation of detecting material misstatements in
the financial statements resulting from irregularities or fraud, but that the examination
should not be relied upon to disclose irregularities and frauds which may exist. If a
special examination for irregularities or fraud is required by client, then this should be
specified in the engagement letter, but not in the audit section.

The auditor may undertake, for the company, service in addition to carrying out his
responsibilities as auditor. An engagement letter should adequately describe the nature
and scope of those services. In the case of accounting services, the letter should
distinguish the accountant’s and the client’s responsibilities in relation to them and the
day-to-day bookkeeping, the maintenance of all accounting records and the preparation of
financial statement. Preferably this should be done in a separate letter but such services
may form the subject of a section in the audit engagement letter.

In the case of the provision of taxation services, the responsible for the various
procedures such as the preparation of tax computations and the submission of returns to
the relevant authorities should be clearly set out, either in a section of the main letter or in
a separate letter.

Where accounting, taxation or other services are undertaken on behalf of an audit client,
information may be provided to members of the audit firm other than those engaged on
the audit. If this is the case, it may be appropriate for the audit engagement letter to
indicate that the auditor is not to be treated as having notice, for the purposes of his
responsibilities, of the information given to such people.

Mention should normally be made of fees of the basis on which they are computed
rendered and paid.

The engagement letter should include a request to management that they confirm in
writing their agreement to the terms of the engagement. It should be clearly understood
that when agreed the letter will give rise to contractual obligations, and its precise content
must therefore be carefully considered. In the case of a company, the auditor should
request that the letter of acknowledgement be signed on behalf of the board.

Before discussing the detailed approach to audit work it is important to establish a true
perspective of what an audit is designed to achieve. The number of individual
transactions undertaken by the majority of business concerns in the course of a financial
year makes any exhaustive check virtually impossible. From a practical point of view,
therefore, the auditor’s aim is limited to the expression of an opinion (as opposed to a
guarantee, certificate or absolute assurance) on the view presented by the accounts of the
entity which he has audited. Companies’ legislation is quite clear on this point, using the
words ‘in his opinion legislation is quite clear on this point, using the words ‘in his
opinion’ in several references to the auditor’s duties.

For this reason the word ‘certificate’ should be avoided in this context since there is
obviously a very great difference between certifying the correctness of figures presented,
98
on the one hand, and merely expressing an opinion on them, on the other. Auditors in the
USA still refer to their ‘certificate,’ but is the UK the term ‘report’ is correctly used. The
only situations in which it is appropriate for an auditor or accountant to use the word
‘certificate’ arise when:

It should not, of course, be imagined that the general requirement for the auditor simply
to provide an opinion rather than a certificate in any way lightens his burden. On the
contrary, apart from the fact that a professional opinion has inevitably to be expressed on
the basis of a less than exhaustive enquiry, the very vagueness of the phrase ‘true and
fair’ imposes particular risks. Furthermore, the question of whether or not the audit work
has proceeded the expression of opinion satisfies current standards of requisite care and
skill can never be answered with certainty: the unavoidable element of persona
judgement (and its associated subjectivity) which the auditor is forced to exercise in
determining the extent of audit tests plays far too great a part. Exposure to potential
liability therefore accompanies every audit assignment and cases of liability which have
arisen in the past are often attributable to the failure, in the opinion of the court of the
auditor to execute a sufficient deep or extensive examination in the particular
circumstances obtaining.

2.4 The chronology of an audit

Although audits will have precisely the same objective, namely, to report to the interested
parties on the results of the audit investigation undertaken within the context of the
engagement, it is nevertheless true that the detailed manner in which the audit is
conducted will largely depend upon the size and circumstances of the client concerned.
For the audit objective to be achieved a systematic approach to the task is essential and,
although all aspects of audit work are closely interrelated, it is convenient to distinguish
the essential phases which the audit develops.
In the Auditor’s Operational Standard the following five essential phases are highlighted:
(a) The auditor should adequately plan, control and record his work;
(b) The auditor should ascertain the enterprise’s system of recording and processing
transactions and assess its adequacy for the preparations of financial statements;
(c) The auditor should obtain relevant and reliable audit evidence sufficient to enable
him to draw reasonable conclusions therefore;
(d) If the auditor wishes to place reliance on any internal controls, he should ascertain
and evaluate those controls and perform compliance tests on their operation;
(e) The auditor should carry out such a review of the financial statements as is
sufficient, in conjunction with the conclusion drawn for the other audit evidence
obtained, to give him a reasonable basis for his opinion on the financial
statements.
The above represents a framework, which embraces virtually the whole of normal audit
work, and it therefore lends a perspective to any individual aspect of audit work being
considered.

99
Helpful though such a broad perspective maybe, full appreciation of the chronology of
audit procedures required considerable further subdivision of audit stages, distinguishing
the audit objective applicable at each point from the means or techniques whereby those
objectives would normally be achieved in practice. It assumes:
(a) That the audit is being conducted for a new client company for the first time, i.e
that there is no pre-existing accumulation of information built in the files from
previous auditors;

(b) That the client organization is sufficiently large and complex to require the
extensive use of all the usual techniques applicable at each stage of the audit, and
employs conventional internal control systems in major operational areas; and

(d) That the company is of a size which would cause the auditor reasonably to expect
that controls in force are basically satisfactory, and hence that a systems-based
audit (see below) is justified.

The function of the diagram is to provide an expanded outline covering all auditing
procedures; there is virtually nothing, which takes place during the audit, which cannot
be related to the procedures described in the diagram. This is of enormous practical value
during routine audit work, since the ability to relate the detailed procedures to an overall
plan always adds a new dimension to audit work, particularly for the clerks engaged
thereon.

The following points arising from the diagram should be specifically noted:

(a) Although the execution of the audit programme takes place at stage V, this
obviously excludes such work on the verification of assets and liabilities that can
be concluded only when the balance sheet has been prepared at the close of the
period; and

(b) The first two stages are concerned with objective fact-gathering and, as such, are
not especially audit-oriented: indeed, the information compiled could equally be
used by Organisation and Methods personnel. However, whereas the letter would
then proceed to use the data with considerations of efficiency uppermost, the
auditor’s work during stages III to V is predominantly concerned with the efficacy
of internal control.

2.5 The systems-based audit

The systematic approach to audit work demonstrated above has come to be known as the
systems-based audit. The name correctly incorporates the principle that the nature and
depth tests should take not into account the extent to which the system of internal control
in operation ‘audits itself’. It is for this reason that such a large proportion of the work
described in the diagram relates to the ascertainment and evaluation of the system prior to
the planning and execution of the audit programme itself. This contrasts favourably with
the haphazard approach which traditionally prevailed until, during the sixties, the
mushrooming of large groups of companies and conglomerates forced upon auditors the

100
realization that a far more scientific approach to their work was essential; that is, if they
were to justify the relatively small number of audit tests carried out in relation to the
enormous volume of transactions falling within the period under review.

However, no change in approach takes place universally, overnight. Inevitably the large
international firms are the first to pioneer new audit methods; this involves careful
research, planning and long periods of field-testing if the charge of negligence is to be
avoided. Many smaller audit firms, cough tuner the combined pressures of generally
raised standards, professional recommendations and legal case decisions, are eventually
forced to follow suit. Relics of the old ‘regime’ still persist today. However, a colleague
recently related to me the scarcely credible story of two student trainees who proudly
described how they had ‘vouched’ no less than one million sales invoice copies! They
were obliged to execute this singularly unadventurous and unrewarding feat (which
occupied them for a fortnight) due to an accident instruction in their audit programme, to
check the sales figures for three months from the copy documents to the sales day book.

It is possible that at one time three month’s checking of this nature might have been
appropriate, but clearly no one had taken the trouble to review the testing depth specified
by the now archaic programme. Apparently our two stalwart, who could barely have
remained fully conscious during this task, discovered only one solitary ‘error’: it was
noticed by the clerk whose function it was to enter ‘vouching ticks’ in the day book, that
one entry which should have been vouched (he could tell this from the numbering
sequence) remained unticked. The other clerk, whose function was to ‘bash’ each
document with a rubber ‘audit’ tamp, paged back through the file to see whether had been
inadvertently missed – but no; the invoice was undoubtedly missing.

Feeling that their unremitting labour had proved worthwhile after all, they then reported
this matter to the chief accountant. He had clearly summed up the calibre of the audit
staff, for his response was promptly to instruct his secretary to produce a replica of the
missing item, correct in every detail, which he duly passed back to the terrible twins for
insertion in the file, in its proper place. It seems that the duplicate was then bashed, and
its counterpart entry ’vouched’, thus allowing the headlong rush to continue on its way to
completion,

This anecdote demonstrates the futile nature of blind audit testing, no consideration
having been given to (a) the number of invoices which it might have been appropriate to
vouch, or (b) the way in which the recording of sales related to other associated entries in,
say, the store records or remittances received. For all its apparently extensive coverage
the test was exceptionally shallow, being confined to one ‘horizontal plane’ of entries, all
of an identical nature.

It is also clear that the clerks were concerned only with outer appearances: they were
completely satisfied once a duplicate voucher was placed on the file. It apparently did
not occur to them that there might, conceivable, have been more serious implications
behind the missing item, such as deliberate suppression of part(s) of the invoice set,
perhaps to conceal missing goods, or a variety of other possibilities on which one can but
speculate, without knowing the mechanics of the particular system.

101
This totally haphazard approach, amounting to little more than guess work, is sometimes
euphemistically termed ‘judgement’ sampling thereby suggesting that the auditor has
carefully weighed up the circumstance and conditions in which the records are created,
and then exercised his judgement in determining the requisite volume of testing. No
doubt this is true in a number of cases, but all too often ‘judgement’ amounts to little
more than an excuse for testing ‘the same number as last year’! In any event it is difficult
to see how judgement of this variety can ever be an effective substitute for a scientific
approach to sample teasing which, although it too may involve a good deal of judgement,
is nevertheless based upon the mathematic laws of probability. The scientific method,
employed statistical sampling techniques, is not always appropriate – for example when
items within the population being tested are not homogenous, or where the population
sizes are relatively small – but it has the advantage of quantifying the risk that the
characteristics of the sample are not representative of those in the population, and
generally forces the auditor to exercise his judgement in a constructive way.

Whatever method is used for determining sample sizes, it is imperative that ransom
selection should be employed during the examination process itself, otherwise personal
bias affect the selection of individual items, thereby invalidating the sampling exercise
and resulting in incorrect inferences being drawn concerning the population. Although
the use by auditors of statistical and other sampling techniques is discussed in detail in
Chapter 6, it may be useful to illustrate this section by highlighting in Figure 2.2 the
testing stages included in the previous ‘chronology’ figure, as they would feature in the
context of a systems-based audit.

The ‘end-result’ alternative

The discussion on the Auditors’ Operational Standard, examined the predominance of the
systems-based approach. The vast majority of business in the United Kingdom
incorporate systems of internal control which are either rudimentary (due to the limited
number of staff employed), or are dominated by proprietary directors. The application of
the systems-based audit philosophy in such situations is rarely possible, and the auditor’s
prime concern should rather be to establish:

(a) That all the transactions of the business have been accurately and completely
recorded; and

(b) That the transactions recorded were undertaken on behalf of the business itself,
rather than any individual or related party.

In pursuing these objectives the auditor of a small business will inevitably be forced to
rely heavily on the representations and assurances of the owners of the business, and such
evidence as exists in support of these representations will rarely arise from its systems of
internal control. It is far more likely that corroboration will be found in radio analysis,
comparisons with periods, comparisons with other businesses in the same trade, and
general ‘market intelligence’ – all of which is encompassed in the term ‘analytical
review’ – not to mention that all-important (perhaps the most important) indicator of all,
the auditor’s personal assessment of the character, trustworthiness and general credibility
of the directors themselves.
102
In practice, particularly where the auditor is familiar with the business situation as a
result of many years’ experience, audit work will concentrate heavily on pursuing object
(a) above, entailing extensive checking of the records and of the schedules supporting the
figures in the final accounts – a procedure often referred to as an ‘end-results’ audit. In
the circumstances of small businesses this approach is obviously more practical than
attempting a systems-based audit.

It is rare for small companies to employ qualified accounting staff, and the auditor, in an
accounting capacity, will often take on the accounts preparation work. A reasonable
degree of audit assurance may, however, be derived from this work, although this will
relate to book-keeping accuracy, and will of itself provide no assurance of the
completeness and accuracy of source documents, nor a valid substitute for an audit.

Audit classifications

As has already been pointed out in Section 2.4 above, the quantity, range and depth of
audit work undertaken in any given set of circumstance will depend upon the auditor’s
own assessment of the system which produces, in the first place, the records which he is
required to audit. Since both the complexity and dependability of systems are almost
infinitely variable, the length of time taken to conduct an audit, and the number and level
of audit personnel required to do so, equally variable. It is nevertheless possible to draw
up the following broad classifications:

Nature Brief description

of audit
‘Complete’ Usually applies to smaller concerns, where the volume of transactions
or and complexity of records does not require the auditor’s attendance
‘Final” more than once in each year. This visit normally takes place soon as
possible after the business’s financial year-end and continues until it
has been completed and the audit report signed. In some cases, for
mutual convenience, the records may even be transported to the
auditor’s own offices for audit purposes.

‘Interim In the case of larger clients the auditor will often find it necessary to
and proceed with the audit on an interim basis, in view of the volume of
Final’ testing which it is necessary for him and his staff to undertake in order
to reach an opinion on the reliability of the records. Internal audits,
always arranged with the cooperation of the client, may be bi-annual,
quarterly, or even monthly, depending upon the volume of audit work
considered necessary. Interim audits possess the advantage of leaving
the final state of the audit relatively free for the verification of the year-
end accounts: the assessment of the system and most detailed checking
of underlying records and documents having already been carried out.

‘Continuous’ Where the system of internal control operated by a large company

displays certain fundamental and material weaknesses, the auditor will
103
be obliged to check a higher proportion of transactions than would
otherwise be necessary and, in exceptional circumstance, members of
the audit team may be required to execute checking work continuously
throughout the period to which the accounts relate.

104
CHAPTER 4.0: EXTERNAL AUDITING
PRINCIPLES OF EXTERNAL AUDITING

Auditing is an essentially practical exercise. It is a well understood process of

independent examination with the objective of forming an opinion on financial
statements.

The need for an audit could be explained in terms of the agency theory – the divorce that
occurs between management and ownership of the business enterprise forces the absentee
owners to institute control measures to ensure the honesty of their stewards
(management) and the accuracy and freedom from bias of the periodic financial
statements which those stewards prepare for their owners. An annual external audit is one
manifestation of such control measures.

The very existence of an audit-like activity can then be postulated without any specific
knowledge of what auditing itself entails.

An agency theory is not limited to the private sector alone; Governments and local
authorities become stewards by virtue of taxes, which are levied upon the taxpayers. The
citizens then in return demand some degree of accountability in terms of demonstrable
value for money or independently certified financial returns.

POSTULATES OF AUDITING

Most professional activities that seek long term credibility also seek an underlying theory
which can be used to justify the activity itself and thus legitimise the continued existence
of the professional group. Countries have laws and so we must have lawyers and lawyers
must have a precedent. Similarly people must have reliable buildings and so architects
exist with a body of applied scientific theory at their disposal. The agency theory
justification for the existence of modern auditing may be viewed in this light.

The conceptual framework of auditing is called postulates of auditing.

According to a Concise Oxford Dictionary a postulate ‘is a thing claimed or assumed as

a basis for reasoning, a fundamental assumption or prerequisite’ Mautz and Sharaf (1961)
further define the idea of a postulate: they said that postulates are essential for:

 Essential to the development of any intellectual discipline and a foundation for

the erection of any theoretical structure;
 Assumptions that do not lend themselves to direct verification or proof. Sooner
or later one has to make (and live with) fundamental assumptions if progress is to
be made.
 A basis for inference. Given the strength and acceptance of the fundamental
postulates we can develop a more complex and thus more informative and
reliable picture of the activity and its purpose

105
  Susceptible to change in light of later developments or advancement of
knowledge . Any set of postulates or axioms are capable of change in the light of
new discoveries and techniques.

The eight postulates identified by Mautz and Sharaf are set out below:

1. Financial statements and financial data are verifiable

2. There is no necessary conflict of interest between the auditor and the
management of the enterprise under unit
3. The financial statements and other information submitted for verification
are free from collusive and other unusual irregularities
4. The existence of a satisfactory system of internal controls eliminates the
probability of irregularities
5. Consistent application of generally accepted principles of accounting
results in the fair presentation of financial position and the results of
operation
6. in the absence of clear evidence to the contrary, what has held true in the
past for the enterprise under examination will hold true in the future
7. when examining financial data for the purpose of expression of an
independent opinion thereon, the auditor acts exclusively in the capacity
of the auditor
8. The professional status of the independent auditor imposes commensurate
professional obligations

It is important to note the importance of related party disclosures and objectivity and
independence as they have become increasingly important in the light of Enron and
WorldCom financial scandals.

FORENSIC AUDITS

The following readings are biased towards the UK practice but is representative of the
type of audit that may be performed internationally.

4.-1.1 Definition

Forensic auditing could be defined as the application of auditing skills to situations that
have legal consequences.

4.-1.2 Background

In a global review conducted by Ernst & Young, on the question of auditors'

responsibility, in 1996, the finding was:

"Over seven out of ten of the respondents believed that auditors should have the
responsibility to detect substantial fraud. Of these eight out of ten believe that this should
be part of their normal audit and not by special one-off reviews."

106
The main theme of the last (XVI) INCOSAI, at Montevideo, in 1998, was "The role of
SAI's in Preventing and Detecting Fraud and Corruption". Yet, on the basis of responses
received from individual ISA's to a survey conducted in preparation for the Congress, it
emerged that:

"SAI's generally agree that the primary responsibility for the prevention of corruption
rests with the administrative authorities, the police and other investigative institutions,
and cannot be counted among the main tasks of SAI's ".

On this matter however a related finding was that:

"Also most of the SAI's make clear that they see their main goal more in preventing
corruption than in the field of actually detecting such illegal activities."

INTOSAI Auditing Standards, adopted by INCOSAI XV at Cairo in 1995, while

stipulating standards of 'due care' provide:

"Auditors need to be alert for situations, control weaknesses, inadequacies in record

keeping, errors and unusual transactions or results which could be indicative of fraud,
improper or unlawful expenditure, unauthorised operations, waste, inefficiency or lack of
probity." (General Standards, Chapter II, paragraph 90).

We are faced with the inescapable conclusion that there is a difference between what is
expected of auditors and what auditors acknowledge as being their role in relation to
fraud and corruption, the so called 'expectation gap'. In the Indian context, discussions
with members of Parliament, the Press and even civil servants in the executive arm of
Government show the existence of such an expectation gap. Even though no formal
survey on this aspect has been carried out, it may be advisable to address the issue with a
view to identifying, and to the extent possible, defining our positions on the several issues
that are involved. It is in this context that we need to view the adoption and use of
Forensic Auditing.

4.-1.3 Applications of Forensic Audit

An obvious example of forensic auditing is the investigation of a fraud or presumptive

fraud with a view to gathering evidence that could be presented in a court of law.
However, there is an increasing use of auditing skills to prevent fraud by identifying and
rectifying situations which could lead to frauds being perpetrated (i.e. risks). It might be
useful, therefore, to discuss forensic auditing as being either ’Reactive’ or ‘Proactive ‘.

4.-1.4 Proactive forensic auditing

Forensic auditing in this sense could be viewed from different aspects depending on its
application, some of which are discussed below:

107
4.-1.5 Statutory Audit

INTOSAI auditing standards prescribe that internal controls should be studied and
evaluated in respect of safeguarding assets and resources when performing regularity and
financial audits, and in respect of assisting management in complying with laws and
regulations when performing compliance audits.

4.-1.5.1.1 (Field Standards, Chapter III, paragraph 142)

Forensic audit methodologies can be used to obtain a more detailed understanding of the
entity and its activities to identify areas of risk both in determining the direction of the
audit and in expressing an opinion.

4.-1.6 Regulatory Compliance

Government Departments/Agencies could themselves use the techniques of Forensic

auditing to assess compliance with regulations governing payments of grants /subsidies.
Performance auditors could also use these techniques while auditing such governmental
programs. To a large extent we in SAI India have applied such techniques in some of our
major audits of large government programs such as ‘ Integrated Child Development
Scheme’, Public Distribution Scheme (for food grains), to Customs duty drawbacks and
export subsidies.

4.-1.7 Diagnostic Tool

Forensic auditing can be used either by management or by auditors to carry out general
reviews of activities to highlight risks arising either out of fraud or from any other source
with the purpose of initiating focused reviews of particular areas, targeting specific
threats to the organisation.

4.-1.8 Investigation of allegations

Complaints, allegations in the Press or in Parliament, anonymous tips from employees or

others could all in their separate ways require to be adequately addressed by
investigation. The techniques of forensic auditing are useful in such cases. This is being
cited as proactive because it is widely felt that the existence of a system of investigation
in such cases is a significant deterrent to fraud and corruption.

4.-1.9 Reactive Forensic Auditing

The objective in case of reactive forensic audit is to investigate cases of suspected fraud
so as to prove or disprove the suspicions, and if the suspicions are proven, to identify the
persons involved, support the findings by evidence and to present the evidence in an
acceptable format in any subsequent disciplinary or criminal proceedings.

In such cases it is important to keep in view the following:

 working relations with the investigating and prosecuting agencies

108
  authorisation and control of the audit investigation
 documentation of relevant information and safeguarding all prime records
pertaining to the case
 rules of evidence governing admissibility/authentication of records
 confidentiality
 evaluation of the evidence to assess whether the case is sustainable
 legal advice where appropriate
 reporting the findings in a manner that meets legal requirements.

4.-1.10 Issues for consideration

Our audits are carried out and reported within a framework which assumes that the top
echelons of management both at the political and civil service levels are responsive to the
need for good governance and accountability, and therefore would act upon the audit
findings which indicate that there was cause for concern in the adequacy and
implementation of internal controls, and inevitably institute enquiries into instances
indicative of mala fide action on the part of officials. In consequence our role has been
limited to conducting audits on certain percentages of sampling applied in an uniform
manner across departments, with only isolated examples of focused audit reviews
conducted by SAI India as in the case of Value Based Advance Licensing Scheme (for
import of raw materials by exporters) or Voluntary Disclosure of Income Scheme (for
income tax defaulters). In both cases however, as also as in the Animal Husbandry case
of the Govt. Of Bihar, it was established that there were clear indications of mala fide at
senior levels of government and hence far from the initiation of any systematic enquiries
into audit findings, attempts were to debunk the findings presented in the audit report.

The position of SAI India is that audit against criteria of probity and compliance in
themselves throw up instances of administrative actions that are not in conformity with
prescribed standards, and that without the mandate to seek third party evidence, either
oral or documentary, it is not possible to prove criminal mala fide. Excepting for a very
few SAI’s, it is also the case in almost all other countries that there are other agencies
responsible for investigating fraud and corruption. Our focus therefore could be more
upon planning and executing our audits with much greater emphasis on forensic auditing
and reporting such findings in a manner that places the onus for further investigation very
clearly on the executive.

Some of the areas that could be considered are:

 Audit Planning:

Our audits could be planned to cover only a selected sample of offices based on an
analytical review of accounts and results of past audits instead of a blanket coverage of
all spending offices.

 Scope of Audit:

Unless otherwise stipulated, audit should concentrate on regularity, probity and

compliance issues. Performance related issues could be dealt with in specific
109
performance reviews. The role of the controlling officer, the head of department and the
administrative secretary of the concerned ministry in financial administration are usually
specified in the financial codes, manuals, rules and orders of government. Their actual
discharge of such prescribed duties could be examined and the implementation of
prescribed controls evaluated.

 Reporting:

Significant failures in the application of prescribed controls and dereliction of

administrative duties particularly in the areas of monitoring and stock verification at all
levels, and the implications involved, could be clearly brought out in a specific chapter of
our Reports.

 Relationship with investigating agencies:

The rules for requisitioning records by the investigative agencies should be clearly
understood by the staff and middle level management in our offices as well as in those of
the investigative agencies. These issues could be addressed by joint seminars and inviting
speakers to respective training institutions. The need for a set of orders laying down the
prescribed procedures in an easily comprehensible manner, and circulating these widely
could be considered.

 Position of the Auditor in criminal investigations:

There is a need to provide clear and binding instructions about the manner in which audit
staff are required to provide information to the investigative agencies. Faced with the
possibility of being questioned in a manner akin to that employed for suspects, audit staff
may resent, and hence avoid, being involved in criminal proceedings. While the
possibility of auditors conniving in fraud has to be kept in view, it is necessary to ensure
that unless there is prima facie evidence to this effect, the auditor must be a part of the
investigative team.

Implications and uses of Information Technology:

The advent of large scale use of computers in processing not only accounting information
but also several other transactions with direct financial implications poses a challenge to
forensic auditing because large volumes are processed in a short time. Connectivity
through internet, WAN or EDI allows dispersed data input, processing and storage. The
proliferation of platforms and software makes it possible to perpetrate frauds in new
ways. A thorough knowledge of IT and the engagement of highly skilled professionals is
therefore essential if Forensic auditing is to have any meaning. Apart from this the cyber
laws are very new and there is, as yet, no clear case law on various matters, this is all the
more reason to insist upon great clarity in understanding IT based operations and the
evaluation of risks involved. At the same time the ease with which data can be sorted,
analysed and compared makes it much easier to identify suspect transactions either singly
or as a group of similar or related ones, thus greatly facilitating forensic auditing. The
availability of archived data and the ease of access also could assist forensic auditing.
Data matching and data mining techniques offer excellent opportunities.
110
  Training:

It is necessary to provide formal instruction in fraud awareness, investigation and

reporting. The planning of overall audit coverage and individual audits on the basis of
risk analyses carried in accordance with existing global ‘best practice’ could be included
in the curriculum for all management levels. Arguably, forensic auditing without a
thorough knowledge of IT as outlined above would be meaningless, and this would have
to be borne in mind while devising curricula.

Conclusion

There is no gainsaying the fact that our audits as currently executed and reported do bring
out in a wealth of detail, instances of individual or systematic fraud and corruption. There
is, however, a need to provide a comprehensive framework involving the use of Forensic
auditing methodology, particularly in the areas of audit planning and execution, and for a
uniform reporting practice that would very explicitly spell out the implications of control
failures including failure of senior management in implementing prescribed controls.

This could over a period of time assuage public concern about the existence of systematic
audit operations addressed specifically to unearth fraud and corruption

AUDIT FILES

Audit files and working papers

Nothing enhances the efficiency and maintenance of audit files and ‘working papers’.
From the very beginning of an audit the files should be built up systematically, and
technicians involved on audit assignments should be constantly reminded of the
importance of (a) recording everything of consequence that arises during their
investigative work, and (b) ensuring that audit papers’ are kept in an orderly fashion at all
times.

Whenever it is possible and appropriate, brief notes should be taken during interviews
with company officials, subsequently amplified and then placed in the relevant section of
the audit file. All queries arising during the conduct of the audit should be resolved as
soon as possible, the answers being entered alongside the related queries on schedules
specially pre-printed for the purpose.

Each firm will design the full range of standard pre-printed documentation required to
support its audit procedures, and completeness of files is usually assured by use of the
standardized Index, or ‘front-sheet’. The Guidelines to the Operational Standard
included the following notes on audit working papers:

111
Background

Reasons for preparing audit working paper include the following:

(a) The reporting partner needs to be able to satisfy himself that work delegated by
him has been properly performed. The reporting partner can generally only do
this by having available to him detailed working papers prepared by the audit staff
who performed the work.

(b) Working papers provide, for future reference, details of problems encountered,
together with evidence of work performed and conclusions drawn there from in
arriving at the audit opinion.
(c) The preparation of working papers encourages the auditor to adopt a methodical
approach.
Procedures
Contents of Working Papers
Audit working papers should always be sufficiently complete and detailed to enable an
experienced auditor with no previous connection with the audit subsequently to ascertain
from them what work was performed and to support the conclusions reached. Audit
working papers should be prepared as the auditor proceeds so that details and problems
are not omitted.
Audit working papers should include summary of all significant matters identified which
may require the exercise of judgement, together with the auditor’s conclusions thereon.
If difficult questions of principles or of judgement arise, the auditor should record the
relevant information received and summarize both the management’s and his
conclusions. It is in such areas as these that the auditor’s judgement may subsequently be
questioned, particularly by a third party who has the benefit of hindsight. It is important
to be able to tell what facts were known at the time the auditor reached his conclusions
and to be able to demonstrate that. Based on those facts, the conclusion was reasonable.
Audit working papers will typically contain:
(a) Information which will be of continuing importance to the audit (e.g.
Memorandum and Articles of Association);
(b) Audit planning information;
(c) The auditor’s assessment of the enterprise’s accounting system and, if
appropriate, has review and eventually of its internal controls;
(d) Details of the audit work carried out, notes of errors or exceptions found and
action taken thereon, together with the conclusions drawn by the audit staff who
performed the various sections of the work;
(e) Evidence that the work of the audit staff has been properly received;

112
(f) Records of relevant balances and other financial information, including analyses
and, summaries supporting the financial statement;
(g) A summary of significant points affecting the financial statements and the audit
report, showing how these points were dealt with.

Standardisation of Working papers

The use of Standardized working papers may improve the efficiency with which they are
prepared and reviewed. Used properly they help to instruct audit staff and facilitate the
delegation of work while providing a means to control its quality.
However, despite the advantages of standardizing the routine documentations of the audit
(e.g. checklists, specimen letters, standard organization of the working papers), it is never
appropriate to follow mechanically a ‘standard’ approach to the conduct and
documentation of the audit without regard to the need to exercise professional judgement.
Ownership and Custody of Working Papers
Working papers are the property of the auditor and he should adopt appropriate
procedures to ensure their safe custody and confidentiality.
Although the above Guideline has superseded the ICAEW Statement U12, the latter
included certain important points relating to working papers, as follows:
The subdivision of the working papers between current and permanent files will, in
practice, be a matter of convenience and the suggested allocation, given below, should be
interpreted in this light.
Current file
The current year’s file, which will relate primarily to the set if accounts or statement
being audited, should normally contain the following:
(a) A copy of the accounts or statement on which the auditors are reporting,
authenticated by directors’ signatures or otherwise.
(b) An index covering all the working papers unless they are cross-referenced to the
relevant items in the accounts.
(ii) An internal control questionnaire or other record, including flowcharts if
appropriate, designed to ascertain the adequacy of the system of internal
control, and
(iii) An audit programmed supplemented by particulars and dates of the work
carried out and precise details of audit tests and their results.
(d) A schedule for each item in the balance sheet, preferably including comparative
figures, showing its make-up and how existence, ownership and value or liability
have been verified. These schedules should be cross-referenced to documents

113
 arising from external verification such as bank letters and the results of
circularization of debtors and attendance at physical stocktaking.

(e) A schedule supporting each time in the statutory profit and loss account,
preferably including comparative figures, and such other items in the trading or
subsidiary accounts as may be necessary.

(f) A checklist concerning compliance with statutory disclosure provisions.

(g) A record showing queries raised during the audit and their disposal, with notes
where appropriate for attention the following year. Queries not cleared at the time
should be entered onto a further schedule for the attention of the person reviewing
the audit and for reference to the client if necessary. Material queries, which
cannot be settled satisfactorily be immediate reference to the client, may require a
qualification of the auditors’ report and should be fully documented and
supported by a note of all discussions with the client and any explanation given.

(h) A schedule of the important statistics or working ratios, comparative figures being
included where appropriate. Useful ratio may include:

Gross profit percentages

Current assets to current liabilities
Stock turnover
Trade debtors and creditors-average period of credit
Profit to capital employed

(i) A record or extract of minutes of meetings of the directors and shareholders.

These should be cross-referenced where relevant to the auditors’ working
schedules.

(j) Copies of letters to the client setting out any material weakness or matters with
which the auditors are dissatisfied in respect of the accounts or control
procedures. Such letter should be sent even where the particular matter has been
discussed informally with one or more of the company’s official.

(k) Letters of representation, i.e. written confirmation by the client of information and
opinions expressed in respect of matters such as stock values and amounts of
current and contingent liabilities.

Matters which, while not of permanent importance, will require attention during the
subsequent year’s audit should be listed, with reference to the relevant working papers,
and this note should be transferred to the next current file when opened.

114
Permanent file

Matters of continuing importance affecting the company or the audit should be kept in a
separate file, suitably indexed and these should normally include:

(a) Memorandum and Articles of Association and other appropriate statutory or legal
regulations.

(b) Copies of other documents and minutes of continuing importance.

(c) A short description of the type of business carried on the places of business.

(d) Lists of accounting records and responsible officials and plan of organization.

(e) Statements showing a note of any accounting matters of importance such as a

history of reserves and bases of accounting adopted, e.g for evaluation of stock
and work in progress, depreciation and the carrying forward and writing off of
expenditure ultimately chargeable to revenue.

(f) The client’s internal accounting instructions and internal audit instructions,
including when appropriate stocktaking instructions.

Steps should be taken to ensure that the permanent is brought up to date at the appropriate
times.

In the case of a non-statutory audit the permanent should also contain the client’s
instructions as to the scope of the work to be performed.

Apart from the current file content listed above many firms also design and standardize
supplementary audit aid such as:

(a) Certificate of directors’ emoluments, including fees, commissions, bonuses,

pensions, expense allowances and benefits;

(b) Detailed report of attendance at stocktaking;

(c) Audit completion checklists;

(d) Calling over sheets;

(e) Checklists for:

 Companies Act requirements;

 Statements of Standard Accounting Practice (particularly noting dates from
when operative);
 Stock Exchange requirements for listed companies;
 Content of the Directors’ Report;

115
  Other statutes and regulations, e.g. building societies, friendly and provident
societies, solicitors;
 Securities and Exchange Commission (SEC) requirements for subsidiaries of
US parent companies;
 The audit report.
Although the subject of the audit report is dealt with extensively in Chapter 8, in order to
illustrate the checklist technique, an audit report checklist and calling over sheet are
reproduced below:
Audit report Checklist
Technical Content

Yes No N/A Initials

(a) Have all the explanations and information necessary
for the purposes of the audit been obtained – with
particular reference to certificates confirmations from
third parties, including subsidiary auditors?

(b) Have proper accounting records been kept and proper

returns received from any branches not visited?

(c) Are the accounts in agreement with the accounting

records and returns?

(d) Do the accounts give not only a true but also a fair
view of the results and source and application of funds
for the period and the state of affairs at the accounting
date?

(e) Do the accounts comply with the requirements of the

Companies Act 1985?

(f) Are we satisfied that any audit qualifications is not

material in determining whether, under Sec.271, CA
1985, any dividends paid or proposed are permitted?
If not, have we made the required written statement to
that effect?

(g) Are details of the following items included in the audit

report to the extent that they are not properly disclosed
in the accounts?

 Directors’ emoluments, pensions, and

compensation for loss of office?
 Emoluments of highest paid director (other than
chairman)?
 Directors’ emoluments waived?

116
  The number of directors whose emoluments fall
within specified statutory bands?
 Loans and quasi-loans to officers?
 Details of contracts and other transactions with
directors’ covered by CA 1985?
(h) Where appropriate, do the group accounts show a true
and fair view of the group position and comply with
the requirement of the Companies Acts 1985 and
1989?
(i) Where appropriate, does the audit report include any
qualifications contained in the reports or auditors of
subsidiary and associated companies to the extent that
the qualifications are material in the context of the
group accounts as a whole?
(j) Have questionnaires sent to subsidiary auditors been
duty completed and returned to your satisfaction?

(k) Does the audit report refer, in appropriate terms, to all

significant departures from accounting Standards?

(l) Have the accounts been approved and signed by the

directors before the audit report is signed?
(m) Have all outstanding queries been satisfactorily
resolved?
(n) Does the report satisfy the requirements of the Audit
Report Standards?

(o) Do the accounts include a fund statement which

complies with SSAP 10?
(p) If answer to (o) is ‘no’ and turnover if greater than
£25,000, have we included a suitable qualification?
(q) Have we examined the directors’ report as required by
the Companies Act 1985, and if so are we satisfied
that it is consistent with financial statements? If not,
have we disclosed lack of consistency in out report?
Possible Clerical Errors
(a) Does the audit report refer to the correct accounting
date and period?
(b) Does the report state correctly whether the company
has made a profit or a loss for the period?

117
(c) Are the references in the report to the page number in
the accounts correct? (It is essential that the report
covers only the information required to be given by
the Companies Act and accounting Standards and not
any additional non-statutory information.)
(d) Is the audit report correctly addressed?
(e) Has a partner, not in any way involved with the audit
in question,

 Independently red the draft audit report and

approved its technical content and the suitably of
the wording relating to any departures form the
clean ‘short-form’ report?
 Reviewed this checklist?

 To avoid the danger of this error, many firms prefer to use the word ‘results’, instead
of referring to a profit or a loss, especially since the accounts may show an operating
profit and a final loss; a pre-tax profit and a post-tax loss; a profit before
extraordinary items, and a loss after extraordinary items; etc.

118
WM & CO. CALLING OVER SHEET
CLIENT-NAME CODE
YEAR/PERIOD ENDED 19 DATE CALLED OVER 19
NAMES
No.
of Typed Called over by Casts Cross General
pages Checked references scrutiny
by To By by checked by
(reader) (Caller)
by
Cover
Notice
Directors’ report
Auditors’ report
Consolidated P & L
Consolidated B/S
P & L/I & E/Revenue A/c
Balance sheet
Notes to accounts
Trading account
Supporting schedules
Trust schedules
Special reports

Passed for printing

Partner………………………………………………………………………………………
…………………

ERRORS REQUIRING CORRECTION

Page/s Line/s Text as typed Amendments
Made Checked
by by

119
MANAGEMENT REPRESENTATIONS

The auditors receive many representations during the course of the audit, both solicited
and unsolicited. Some of these representations may be critical to obtaining sufficient,
appropriate evidence.

ISA 580 Management representations says ‘the auditor should obtain appropriate
representations from management.

‘The auditor should obtain evidence that management acknowledges its responsibility
for the fair presentation of the financial statements in accordance with the relevant
financial reporting frameworks and has approved the financial statements. This will be
done upon receipt of the signed copy of the financial statements, which incorporates
relevant statement of management responsibilities. Alternatively, the auditors may obtain
such evidence from:

 Relevant minutes of meetings of the board of directors or similar body or by

attendance of such a meeting
 A written representation from management (management representation)

Representation by management as audit evidence

In addition to representations relating to responsibility for the financial statements, the

auditors may wish to rely on management representations as audit evidence. The ISA
says ‘the auditor should obtain written confirmation of representation from management
on matters material to the financial statements when other sufficient appropriate audit
evidence cannot be reasonably expected to exist.’

Written confirmation of oral representation avoids confusion and disagreement. Such

matters should be discussed with those responsible for giving the written confirmation to
ensure that they understand what they are confirming. Only matters material to the
financial statements will need confirmation.
When auditors receive such representation they should:

 Seek corroborative audit evidence from sources inside and outside the entity
 Evaluate whether the representations made by management appear reasonable and
are consistent with other audit evidence obtained, including other representations
 Consider whether the individuals making the representations can be expected to
be well-informed on the particular matters.

The ISA says ‘representations by management cannot be a substitute for other audit
evidence that the auditor could reasonably expect to be available. If the auditor is unable
to obtain sufficient appropriate audit evidence regarding a matter which has, or may have,
a material effect on the financial statements and such audit evidence is expected to be
120
available, this will constitute a limitation in the scope of the audit, even if a
representation from management has been received on the matter.’

There are instances where management representations may be the only audit evidence
available:

 Knowledge of the fact is confined to management, e.g. the facts are a matter of
management intention
 The matter is principally one of judgement or opinion e.g. the trading position of a
particular segment

There are instances when the representations received do not agree with other audit
evidence obtained. The ISA says ‘if a representation by management is contradicted by
other audit evidence, the auditor should investigate the circumstances and, when
necessary, consider whether it casts doubt on the reliability of other representations made
by management’.

Basic elements of a management letter

A management representation letter should:

 Be addressed to the auditors

 Contain specified information
 Be appropriately dated and signed by those with specific relevant knowledge.

The letter will usually be dated on the day the financial statements are approved.

Action if management refuses to provide representations

‘If management refuses to provide written representation that the auditor considers
necessary, this constitutes a limitation of scope for their report and the auditor should
express a qualified opinion or a disclaimer of opinion.’ In such circumstances the auditor
should consider whether it is appropriate to rely on other representations made by
management during the course of the audit.

Exam Focus Point

The most important points to remember about the letter of representation are:

(a) The circumstances in which it can be used

(b) The auditor’s response if the client fails to agree to it

You should be able to draft appropriate representations if asked.

121
THE AUDITOR’S REPORT ON FINANCIAL STATEMENTS

The audit report is the means by which the external auditors express their opinion on the
truth and fairness of the company’s financial statements. This is for the benefit
principally of the shareholders, but also for other users as the audit report is usually kept
on public record, with the filled financial statements.

ISA 700 Auditors’ reports on financial statements establishes standards and provides
guidance on the form and content of the auditor’s report issued as a result of an audit
carried out by an independent auditor of the financial statements of an entity.

It sates that the auditor should review and assess the conclusions drawn from the audit
evidence obtained as a basis for the expression of an opinion on the financial statements.

This review assessment involves considering whether the financial statements have been
prepared in accordance with acceptable financial reporting framework being either
relevant IASs or relevant national standards or practices. Auditors may also have to
consider whether financial statements comply with statutory requirements. The ISA says
‘the auditor’s report should contain a clear written expression of opinion on the financial
statements taken as a whole.’

BASIC ELEMENTS OF THE AUDITOR’S REPORT

The auditor’s report includes the following basic elements, usually in the following
layout:

(a) Title
(b) Addressee
(c) Opening introductory paragraph
1) Identification of the financial statements being audited
2) A statement of the responsibility of the entity’s management and the
responsibility of the auditor
(d) Scope paragraph including reference to ISAs or other standards.
(e) Description of the work the auditor performed
(f) Opinion paragraph
(g) Date of the report
(h) Auditor’s address
(i) Auditor’s signature

Unqualified auditor’s report

An ‘unqualified opinion’ should be expressed when the auditor concludes that the
financial statements give a true and fair view (or are presented fairly, in all material
respects) in accordance with the identified financial reporting framework. An unqualified
opinion also indicates implicitly that any changes in accounting principles or in the
method of application, and the effects thereof, have been properly determined and
disclosed in the financial statements.

122
The following is an unqualified audit report that has been signed by the auditors of Kiln,
a limited liability company.

AUDITOR’S REPORT

TO THE SHAREHOLDERS OF KILN COMPANY

We have audited the accompanying (reference can be made by page numbers) balance
sheet of the Kiln Company as of December 31, 20X3, and the related statements of
income, and cash flows for the year then ended. These financial statements are the
responsibility of the Company’s management. Our responsibility is to express an opinion
on these financial statements based on our audit.

We conducted our audit in accordance with International Standards on Auditing. Those

standards require that we plan and perform the audit to obtain reasonable assurance about
whether the financial statements are free of material misstatements. An audit includes
examining, on a test basis, evidence supporting the amounts and disclosures in the
financial statements. An audit also includes assessing the accounting principles used and
significant estimates made by management, as well as evaluating the overall financial
statement presentation. We believe that our audit provides a reasonable basis for our
opinion.

In our opinion, the financial statements give a true and fair view of (or present fairly, in
all material respects) the financial position of the company as at December 31, 20X3, and
of the results of its operations and of its cash flows for the year then ended in accordance
with IASs and comply with company law.

AUDITOR

Date
Address

MODIFIED REPORTS

Modified audit reports arise when auditors do not believe that they can state without
reservation that accounts give a true and fair view.

The audit report is considered to be modified in the following situations.

(a) matters that do not affect the auditor’s opinion: emphasis of a matter
(b) matters that do affect the auditor’s opinion
123
 (i) Qualified opinion
(ii) Disclaimer of opinion
(iii) Adverse opinion

Matters that do not affect the auditor’s opinion

In certain circumstances, an auditor’s report may be modified by adding emphasis of

matter to highlight a matter affecting the financial statements which is included in a note
to the financial statements that more extensively discusses the matter. The addition of
such emphasis of matter paragraph does not affect the auditor’s opinion. The auditor
may also modify the auditor’s report by using an emphasis of matter paragraph(s) to
report matters other than those affecting the financial statements.

The paragraph would be preferably included after the opinion paragraph and
would ordinarily refer to the fact that the auditor’s report is not qualified in this
respect.

ISA 700 Going concern distinguishes between going concern matters and other matters,
saying ‘the auditor should modify the auditor’s report by adding a paragraph to highlight
material matter regarding a going concern problem. The auditor should consider
modifying the auditor’s report by adding a paragraph if there is a significant uncertainty
(other than a going concern problem), the resolution of which is dependent upon future
events which may affect the financial statement.

KEY TERM

An uncertainty is a matter whose outcome depends on future actions or events not under
the direct control of the entity but that may affect the financial statements.

The following is an example given by the ISA:

Without qualifying our opinion we draw your attention to Note X to the financial
statements. The Company is a defendant in the lawsuit alleging infringement of certain
patent rights and claiming royalties and punitive damages. The Company has filed a
counter action, and preliminary hearing and discovery proceedings on both actions are in
progress. The ultimate outcome of the matter cannot presently be determined, and no
provision for any liability that may result has been made in the financial statements.

An illustration of an emphasis of matter paragraph relating to going concern is set out

below:

Without qualifying our opinion we draw your attention to Note X in the financial
statements. The Company incurred a net loss of XXX during the year ended December
31, 20X1 and, as of that date, the Company’s current liabilities exceeded its current assets
by XXX. These factors, along with other matters as set in note X, raise substantial doubt
that the company will be able to continue as a going concern.

124
This type of paragraph will be adequate to meet the auditor’s reporting responsibilities. In
extreme cases, however, involving multiple uncertainties that are significant to the
financial statements, a disclaimer of opinion may be required instead.

Matters that do affect the auditor’s opinion

An auditor may not be unable to express an unqualified opinion when one of the
following circumstances exist and, in the auditor’s judgement, the effect of the matter is
or maybe material to the financial statements:

 There is limitation on the scope of the auditor’s work

 There is disagreement with management regarding the acceptability of the
accounting policies selected, the method of their application or the adequacy of
the financial disclosures.

There are different types and degrees of modified reports:

 A limitation on scope may lead to a qualified audit opinion or disclaimer of

opinion
 A disagreement may lead to a qualified opinion or an adverse opinion

QUALIFIED AUDIT OPINION

The ISA says that a qualified audit opinion should be expressed when the auditor
concludes that an unqualified opinion cannot be expressed but the effect of any
disagreements with management or limitation on scope is not so material and pervasive
to require an adverse opinion or disclaimer of opinion.

DISCLAIMER OF OPINION

A disclaimer of opinion should be expressed when the possible effect of limitation on

scope is so material and pervasive that the auditor has not been able to obtain sufficient
appropriate evidence and accordingly is unable to express an opinion on the financial
statements.

ADVERSE OPINION

An adverse opinion should be expressed when the effect of a disagreement is so material

and so pervasive to the financial statements that the auditor concludes that a qualification
of the report is not adequate to disclose the misleading or incomplete nature of the
financial statements.

LIMITATION ON SCOPE

There are two circumstances identified by ISA 700 where there might be a limitation on
scope.

125
Firstly, the limitation on scope may be imposed by the entity (for example when the
terms of engagement specify that the auditor will not carry out an audit procedure that the
auditor believes is necessary).

Secondly, a limitation on scope may be imposed by circumstances (when the timings of

the auditor’s appointment is such that the auditor is unable to observe the counting of
physical inventory). It may also arise that the entity’s accounting records are inadequate
or the auditor is unable to carry out an audit procedure believed to be desirable. In these
circumstances, the auditor would attempt to carry out reasonable alternative procedures to
obtain sufficient appropriate evidence to support an unqualified opinion.

‘Where there is limitation on the scope of the auditor’s work that requires expression of a
qualified opinion or a disclaimer of opinion, the auditor’s report should describe the
limitation and indicate the possible adjustment to the financial statements that might have
been determined to be necessary had the limitation not existed.’

The following example is one of the examples that are given in the standard:

Limitation of scope- qualified opinion

We have audited (as for unqualified)

Except as discussed in the following in the following paragraph, we conducted our audit
in accordance with…

We did not observe the counting of the physical inventories as of December 31, 20X1,
since that date was prior to our engagement by the company. Owing to the nature of the
records, we are unable to satisfy ourselves as to inventory quantities by other audit
procedures.
In our opinion, except for the effect of such adjustments,………… the financial
statements give a true and fair view of the …

Exam Focus Point

Exam questions on audit reports are often about possible qualifications in specific
situations.

THE AUDIT REPORT AS A MEANS OF COMMUNICATION

The audit report can convey a great deal of information to the reader of the financial
statements.

Unqualified reports may not appear to give a lot of information. The report says a lot,
however, by implication. Remember that the auditors report by exception so an
unqualified audit report tells the user that:

126
  Proper accounting records have been kept
 The accounts agree with the records
 The auditors have received all the necessary information
 All director’s transactions have been disclosed
 The director’s report is consistent with the accounts

Unfortunately the real problem is that, unfortunately, most users do not know that this is
what an unqualified report tells them. Most users do not understand the responsibilities of
either the auditors or directors in relation to the financial statements.

Expectations gap

The difference between the apparent public perceptions of the responsibilities of the
auditors on the one hand and the legal and professional reality on the other hand.

Some of the misunderstandings are:

1. The balance sheet provides a fair valuation of the reporting entity

2. The amounts in the financial statements are stated precisely

3. The audited financial statements will guarantee that the entity concerned
will continue to exist

4. An unqualified auditor’s report means that no frauds have occurred in the

period

5. The auditors provide absolute assurance that the figures in the financial
statements are correct (ignoring the concept of materiality and the problems
of estimation).

Different countries have tackled this problem in different ways. The role of the auditor
has been included in the debate on Corporate Governance in many Western countries,
leading to further voluntary rules.

127
CHAPTER 5.0: INTERNAL CONTROL

REMEMBER

An internal control system comprises the control environment and control

procedures. Includes all the policies and procedures (internal controls) adopted
by the director and management of an entity to ensure, as far as practicable, the
orderly and efficient conduct of its business, including adherence to internal
policies, the safeguarding of asset, the prevention and detection of fraud and
error, the accuracy and completeness of the accounting records, and the timely
preparation of reliable financial information. Internal controls may be
incorporated within computerized accounting systems. However, the internal
control system extends beyond those matters, which relate directly to the
accounting system.

5.1 Components of Material Controls

(a) ISA 400 Risk assessment and internal control covers the whole area of
controls.

Control environment

(b) Control environment is the framework within which controls operate. The
control environment is very much determined by the management of a
business.

DEFINITION

Control environment is the overall attitude, awareness and actions of directors

and managers regarding internal controls and their importance in the entity.

(c) A strong control environment does not, itself, ensure the effectiveness of
the overall internal control system.

(d) Aspects of the control environment (such as management attitudes

towards control) will nevertheless be a significant factor in determining
how controls operate. Controls are more likely to operate well in an
environment where they are treated as being important. In addition
consideration of the control environment will mean considering whether
certain controls (internal auditors, budgets) actually exist.

128
Segregation of duties

(e) Segregation of duties is a vital aspect of the control environment.

Segregation of duties implies a number of people being involved in the
accounting process.

(f) This makes it more difficult for fraudulent transactions to be possessed

(since a number of people would have to collude in the fraud), and it is
also more difficult for accident errors to be processed (since the more
people are involved, the more checking there can be). Segregation should
take place in various ways:

 Segregation of function. The key functions that should be suggested are the
carrying out of a transaction, recording that transaction in the accounting
record and maintaining custody of assets that arise from the transaction.

 The various steps in carrying out the transaction should also be segregated.
We shall see how this works in practice when we look at the major control
cycles in Chapters 10 and 11.

 The carrying out of various accounting operations should be suggested. For

example the same staff should not record transactions and carry out the
reconciliations at the period-end.

Control procedures

DEFINITION
Control procedures are those policies and procedures in addition to the control
environment, which are, established to achieve the entity’s specific objectives.

(g) Control procedures include those designed to prevent or to detect and

correct errors. We have already discussed the importance of segregation
of duties; here are some other specific control procedures.

Specific control procedures

Approval and control of Transactions should be approved by an appropriate

documents person.

For example, overtime should be approved by

departmental managers.

Controls over These are discussed in Section 2 in greater detail,

computerized but common examples include passwords.

129
 applications
Checking the For example, checking to see if individual invoices
arithmetical accuracy of have been added up correctly.
records
Maintaining and Control accounts bring together transactions
reviewing control individual ledgers. Trial balances bring together
accounts and trial unusual transactions for the organization as a
balances whole.
Preparing these can highlight unusual transactions
or accounts.

Reconciliations Reconciliations involve comparison of a specific

balance in the accounting of records with what
another source says the balance should be.
Differences between the two figures should only
be reconciling items.
For example, bank reconciliation.

Comparing the results of For example, physical count of petty cash.

cash, security and stock
counts with accounting The balance shown in the cash book should be the
records same amount as is in the tin.

Comparing internal data For example, comparing records of goods

with external sources of dispatched
information
Limiting physical access Only authorized personnel should have access to
to assets and records certain assets (particularly valuable or portable
ones).

For example, ensuring that the stock store is only

open when the store personnel are there and is
otherwise locked.

This can be a particular problem in computerized

systems.

Please refer to CHAPTER 9.0 for the internal controls that are applicable to
the computer environment and electronic data interchange ( EDI)
Small companies – the problem of control
(h) Many of the controls which would be relevant to a large enterprise are
neither practical nor appropriate for the small enterprise. For these the

130
 most important form of internal control is generally the close involvement
of the directors or proprietors. However, that very involvement will
enable them to override controls and, if they wish, to exclude transactions
from the records. The onus is on the proprietor by virtue of his day-to-
day involvement, to compensate for this lack. This involvement should
encompass physical, authorization, arithmetical and accounting checks as
well as supervision.
(i) However, it is important to stress that in a well run small company there
will be a system of internal control. In any case, all companies must
comply with the provisions of the Companies Act concerning the
maintenance of a proper accounting system.
(j) Where the manager of a small business is not himself the owner, he may
not possess the same degree of commitment to the running of it as an
owner-manager would. In such cases, the auditors will have to consider
the adequacy of controls exercised by the shareholders over the manger in
assessing internal control.
RISK ASSESSMENTS AND INTERNAL CONTROLS IN A CIS
ENVIRONMENT
(k) ISA 401 Auditing in a computer information system environment deals
with risk assessment in a computer environment. It contains the
following provisions.

ISA 401.4
The auditors should have sufficient knowledge of the CIS to plan, direct,
supervise and review the work performed. The auditor should consider
whether specialized CIS skills are needed in an audit.
ISA 401.5
In accordance with ISA 400 Risk Assessments and Internal Control the
auditor should obtain an understanding of the accounting and internal
control systems sufficient to plan the audit and develop an effective audit
approach.

ISA 401.6
In planning the portions of the audit which may be affected by the
client’s CIS environment, the auditor should obtain an understanding of
the significance and complexity of the CIS activities and the availability
of data for use in the audit.
ISA 401.7

When the CIS are significant, the auditor should also obtain an
understanding of the CIS environment and whether it may influence the

131
 assessment of inherent and control risks.

(l) The ISA points out that the risks and characteristics in CIS environment
may include:

 Lack of transaction trails.

 Uniform processing of transactions.
 Lack of segregation of functions.
 Potential for errors and irregularities.
 Initiation or execution of transactions.
 Dependence of other controls over computer processing.
 Potential for increased management supervision.
 Potential for the use of computer-assisted audit techniques.

5.2 UNDERSTANDING, DOCUMENTATION AND EVALUATION OF

INTERNAL CONTROL AND CONTROL RISK

Assessment of Accounting And Control Systems

(a) Auditors are only concerned with assessing policies and procedures, which
are relevant to financial statement assertions. Auditors try to:

 Assess the adequacy of the accounting system as a basis for preparing

the accounts.
 Identify the types of potential misstatements that could occur in the
accounts.
 Consider factors that affect the risk of misstatements.
 Design appropriate audit procedures.

Accounting system and control environment

ISA 400.18
Auditors must obtain understanding of the accounting system to enable them to
identify and understand:
1. major classes of transactions in the entity operations;
2. how such transactions are initiated;
3. significant accounting records, supporting documents and accounts in the
financial statements; and
4. the accounting and financial reporting process, from the initiation of
significant transactions and other events to their inclusion in the financial
statements.

(b) The factors affecting the nature, timing and extent of the procedures
performed in order to understand the systems include:

132
  Materiality considerations.
 The size and complexity of the entity.
 Their assessment of inherent risk.
 The complexity of the entity’s computer systems
 The type of internal controls involved.
 The nature of the entity’s documentation of specific internal controls.
(c) The auditors will normally update previous knowledge of the systems in
the following ways.
 Enquiries of appropriate supervisory and other personnel.
 Inspection of relevant documents and records produced by the
systems.
 Observation of the entity’s activities and operations.
Control environment and control procedures

ISA 400.19/20
The auditor should obtain an understanding of the control environment sufficient
to assess directors’ and management’s attitudes, awareness and actions regarding
internal controls and half importance in the entity.
The auditor should have an understanding of the control procedures sufficient to
develop the audit plan.

(d) In obtaining this understanding, the auditors should consider knowledge

about the presence or absence of control procedures obtained from the
understanding of the control environment and accounting system.

(e) For example, in obtaining an understanding of the accounting system

pertaining to cash, the auditors will become aware of whether bank
accounts are reconciled. Development of the overall audit plan does not
usually require an understanding of every control procedure.

Preliminary assessment of control risk

(f) The preliminary assessment of control risk is the process of evaluating the
effectiveness of an entity’s accounting and internal control systems in
preventing or detecting and correcting material misstatements. There will
always be some control risk because of the inherent limitations of any
accounting and internal control system.

ISA 400.22

After obtaining an understanding of the accounting and internal control

systems, the auditor should make a preliminary assessment of control risk, at
133
 the assertion level, for each material account balance or class of transactions.

(g) Auditors ordinarily assess control risk at a high level.

ISA 400.24

The preliminary assessment of control risk for a financial statement assertion

should be high unless the auditor:

(a) Is able to identify controls relevant to the assertion which are likely to
prevent or detect and correct a material misstatement, and

(b) Plans to perform tests of control to support the assessment.

(h) If:
(a) The entity’s accounting and internal control systems are not
effective, or

(b) Evaluating the effectiveness of the entity’s accounting and internal

control systems would not be efficient, auditors will not carry out
tests of control.
Relationships between the assessments of inherent and control risks
(i) Where inherent risk is high, management may institute more rigorous
accounting and control systems to prevent and detect material
misstatements. This interrelationship means that inherent and control risks
should often be assessed in combination.
Documentation of understanding and assessment of control risk

ISA 400.25
The auditor should document in the audit working papers:
(a) The understanding obtained of the entity’s accounting and internal
control systems; and
(b) The assessment of control risk.

134
ACTING ON ASSESSMENT OF ACCOUNTING AND CONTROL SYSTEMS
Tests of control

REMEMBER

Tests control are performed to obtain audit evidence about the effectiveness of
the:

 Design of the accounting and internal control systems, i.e whether they are
suitability designed to prevent or detect and correct material misstatements;
and

 Operation of the internal controls throughout the period.

(a) Some procedures which were not designed or performed as tests of

controls may qualify as such and many be used to support a control risk
assessment as less than high.
(b) Tests of control may include the following:
 Inspection of documents supporting controls or events to gain audit evidence
that internal controls have operated properly, e.g. verifying that a transaction
has been authorized.
 Inquiries about internal controls which leave no audit trail, e.g. determining
who actually performs each function not merely who is supposed to perform
it.
 Reperformance of control procedures, e.g. reconciliation of bank accounts, to
ensure they were correctly performed by the entity.
 Examination of evidence of management views, e.g. minutes of management
meetings.
 Testing of internal controls operating on computerized systems or over the
overall information technology function, e.g. access controls.
 Observation of controls. Auditors will consider the manner in which the
control is being operated.

ISA 400.31

The auditor should obtain audit evidence though tests of control to support any
assessment of control risk which is less than high. The lower the assessment of
control risk, the more support the auditor should obtain that accounting and
internal control systems are suitability designed and operating effectively.

135
(c) Auditors should consider:

 How controls were applied.

 The consistency with which they were applied during the period.
 By whom they were applied.
(d) Deviations in the operation of controls (caused by change of staff etc)
may increase control risk and tests of control may need to be modified to
confirm effective operation during and after any change.

ISA 400.34

Based on the results of the tests of control, the auditor should evaluate whether
the internal controls are designed and operating as contemplated in the
preliminary assessment of control risk.

(e) The use of CAATs (Computer Assisted Audit Techniques) may be

appropriate.

(f) In a continuing engagement, the auditor will be aware of the accounting

and internal control systems through work carried out previously but
will need to update the knowledge gained and consider the need to
obtain further audit evidence of any changes in control.

ISA 400.36

Before relying on procedures performed in prior audits, the auditor should obtain
audit evidence, which supports this reliance.

(g) The auditor would obtain audit evidence as to the nature, timing and
extent of any changes in the entity’s accounting and internal control
systems since such procedures were performed and assessed their impact
on the auditor’s intended reliance. The longer the time elapsed since the
performance of such procedures the less assurance that may result.

(h) In relation to tests before end, the ISA states the following:

ISA 400.37

The auditor should consider whether the internal controls were in use throughout
the period.

136
(i) Further evidence must be obtained to argument the results of tests
carried out at an interim audit, i.e. before the period end.

(j) Radical changes in controls, including a periodic breakdown in controls,

should be considered as separate periods by the auditors.
Final assessment of control risk

ISA 400.39
Before the conclusion of the audit, based on the results of substantive procedures
and other audit evidence obtained by the auditor should consider whether the
assessment of control risk is confirmed.

(k) If deviations from controls mean that the level of control risk has to
revised, the nature, timing and extent of the auditors planned substantive
procedures should be modified.
(l) Significant weaknesses on internal controls should be communicated in
writing to management. See Chapter 20). The issues which might arise
to be reported are discussed in Chapters 10 and 11.
Question: Internal control systems
An internal control system has been described as comprising ‘the control
environment and control procedures. It includes all the policies and procedures
(internal controls) adopted by the directors and management of an entity to assist
in achieving their objective of ensuring, as far as practicable, the orderly and
efficient conduct of its business, including adherence to internal policies, the
safeguarding of assets, the prevention and detection of fraud and error, the
accuracy and completeness of the accounting records, and the timely preparation
of reliable financial information.’
Explain the meaning relevance to the auditors giving an opinion on financial
statements of each of the management objectives above?
Answer
The auditors’ objective in evaluating and testing internal controls is to determine
the degree of reliance which they may place on the information contained in the
accounting records. If they obtain reasonable assurance by means of tests of
controls that the internal control system is effective in ensuring the completeness
and accuracy of the accounting records and the validity of the entries therein, they
may limit the extent of their substantive procedures.

(a) ‘The orderly and efficient conduct of its business’

137
 An organization which is efficient and conducts its affairs in an orderly
manner is much more likely to be able to supply the auditors with
sufficient appropriate audit evidence on which to base their audit opinion.
More importantly, the level of inherent and control risk will be lower,
giving extra assurance that the financial statements do not contain material
errors.

(b) ‘Adherence to internal policies’

Management is responsible for setting up an effective system of internal

control and management policy provides the broad framework within
which internal controls have to operate. Unless management does have a
pre-determined set of policies, then it is very difficult to imagine how the
company could be expected to operate efficiently. Management policy will
cover all aspects of the company’s activities and will range from broad
corporate objectives to specific areas such as determining selling prices
and wage rates.

Given that the auditors must have a sound understanding of the company’s
affairs generally and specific areas of control in particular, then the fact
that management policies are followed will make the task of the auditors
easier in that they will be able to rely more readily on the information
produced by the systems established by management.

(c) Safeguarding of assets’

This objective may relate to the physical protection of assets (for example
locking monies in a safe at night) or to less direct safeguarding (example
ensuring that there is adequate insurance cover for all assets). It can also
be seen as relating to the maintenance of proper records in respect of all
assets.

The auditors will be concerned to ensure that the company ha properly

safeguarded its assets so that they can form an opinion on the existence of
specific assets and, more generally, on whether the company’s records can
be taken as a reliable basis for the preparation of financial statements.
Reliance on the underlying records will be particularly significant where
the figures in the financial statements are derived from such records rather
than as the result of physical inspection.

(d) ‘Prevention and detection of fraud and error’

The directors are responsible for taking reasonable steps to prevent and
detect fraud. They are also responsible for preparing financial statements
which give a true and fair view of the entity’s affairs. However, the
auditors must plan and perform their audit procedures and evaluate and
138
 report the results thereof, recognizing that fraud or error may materially
affect the financial statements. A strong system of internal control will
give the auditors some assurance that frauds and errors are not occurring,
unless management are colluding to overcome that system.

(e) Accuracy and completeness of the accounting records’/timely preparation

of reliable financial information’

This objective is most clearly related to statutory requirements to both

management and auditors. The company has an obligation under the
Companies Act 1985 to maintain proper accounting records. The auditors
must form an opinion on whether the company has fulfilled this obligation
and also conclude whether the financial statements are in agreement with
the underlying records.

139
CHAPTER 6.0: DOCUMENTATION
Having reviewed the internal controls applicable to an entity being audited, the auditor
will identify means of recording the internal control system in their audit working papers.

The auditor, however, will give particular attention to whether the client’s business
system is computerised or manual and will in turn devise a system of documenting the
system based on that. The documented system will then become part of the standard
working papers, which evidences the work that the auditor has carried out in arriving at
his opinion.

Key Term:

Audit working papers are essential records of the work carried out by external auditors
and provides a written evidence of the work undertaken and the basis upon which the
auditor arrived at his opinion. The working papers may comprise a combination of
techniques such as ratio analysis, benchmarking, narratives, flowcharts and testing.
Recently, the formalisation of the audit work has led to standardisation of the working
papers. The contents of the working papers will include:

 Scope of an audit and type of an audit ( e.g. compliance testing, value for money)
 Report from previous audit and recommendations outstanding
 Work programmes including analytical methods used
 Evidence collected from ratio analysis, benchmarking, inspections inquiries etc
 Interpretation of the evidence and significant findings
 Conclusions
 Recommendations
 Final audit report

DOCUMENTING OF ACCOUNTING AND CONTROL SYSTEMS

(a) As mentioned above, there are several techniques for documenting the
assessment of control risk, that is, the system. One or more may be used
depending on the complexity of the system.

 Narrative notes.
 Questionnaires (for example, ICQ).
 Checklists.
 Flowcharts.

 Whatever method of recording the system is used, the record will usually be
retained on the permanent file and updated each year.

140
Narrative notes

 Narrative notes have the advantage of being simple to record. However, they
are awkward to change if written manually. Editing in future years will be
easier if they are computerized. The purpose of the motes is to describe and
explain the system, at the same time making any comments or criticisms,
which will help to demonstrate an intelligent understanding of the system.

 For each system notes to deal with the following questions.

 What functions are performed and by whom?

 What documents are used?
 Where do the documents originate and what is their destination?
 What sequence are retained document filed in?
 What books are kept and where?

Narratives notes can be used to support flowchart

5.4 FLOWCHARTS

 There are two methods of flowcharting in regular use:

 Document flowcharts.
 Information flowcharts.

DOCUMENT FLOWCHARTS

 Document flowcharts are more commonly used because they are relatively
easy to prepare.

 All documents are followed through from ‘cradle to grave’.

 All operations and controls are shown.

We shall not concentrate on document flowcharts.

INFORMATION FLOWCHARTS

 Information flowcharts are prepared in the reverse direction from the flow:
they start with the entry in the general/nominal ledger and work back to the
actual transaction. Hey concentrate on significant information flows and key
controls and ignore any unimportant documents or copies of documents.

Advantages of flowcharts

 These are as follows.

141
  After a little experience they can be prepared quickly.
 As the information is presented in a standard form, they are fairly easy
to follow and to review.
 They generally ensure that the system is recorded in its entirety, as all
document flows have to be traced from beginning to end. Any ‘loose
ends’ will be apparent from a cursory examination.
 They eliminate the need for extensive narrative and can be of
considerable help in highlighting the salient points of control and any
weaknesses in the system.

Disadvantages of flowcharts

 These include the following:

(a) They are only really suitable for describing standard systems.
Procedures for dealing with unusual transactions will normally
have to be recorded using narrative notes.
(b) They are useful for recording flow of documents, but once the
records or the assets to which they relate have become static they
can no longer be used for describing the controls (for example over
non current assets).

(c) Major amendment is difficult without redrawing.

(d) Time can be wasted by charting areas that are of no audit

significance (a criticism of document not information flowcharts).

Questionnaires

 We can look at two types of questionnaire here, each with a different purpose.

 Internal Control Questionnaires (ICQs) are used to ask whether

controls exist which meet specific control objectives.
 Internal Control Evaluation Questionnaires (ICEQs) are used to
determine whether there are controls which prevent or detect specified
errors or omissions.

Internal Control Questionnaires (ICQs)

 The major question which internal control questionnaires are designed to

answer is ‘How good is the system of controls?’

 Where strengths are identified, the auditors will perform work in the relevant
areas. If, however, weaknesses are discovered they should then ask:

142
  What errors or irregularities could be made possible by these
weaknesses?
 Could such errors or irregularities be materials to the accounts?
 What substantive procedures will enable such errors or irregularities to
be discovered and quantified?

 Although there are many different forms of ICQ in practice, they all conform
to the following basic principles:

(a) They comprise a list of questions designed to determine whether

desirable controls are present.

(b) They are formulated so that there is one cover to each of the major
transaction cycles.

 Since it is the primary purpose of an ICQ to evaluate the system rather than
describe it, one of the most effective ways of designing the questionnaire is to
phrase the questions so that all the answers can be given as ‘YES’ or ‘NO’
and a ‘NO’ answer indicates a weakness in the system. An example would
be:

Are purchase invoices checked to goods received Notes before being

passed for payment?

YES/NO/Comments

A ‘NO’ answer to that question clearly indicates a weakness in the

company’s payment procedures.

 The ICQ questions below dealing with goods inward provide additional
illustrations of the ICQ approach.

Goods inward

(a) Are supplies examined on arrival as to quantity and quality?

(b) Is such an examination in some way?
(c) Is the receipt of supplies recorded, perhaps by means of
goods inwards notes?
(d) Are receipt records prepared by a person independent of
those responsible for:

(i) Ordering functions.

(ii) The processing and recording of invoice

(e) Are goods inwards controlled to ensure that invoices are

143
 obtained for all goods received and to enable the liability of
goods to be determined (by pre-numbering the records and
accounting for all serial numbers)?

(i) Are goods inward records regularly reviewed for items for
which no invoice have been received?

Ar (ii) Are any such items investigated?

(f) Are these records reviewed by a person independent of those

responsible for the receipt and control of goods?

Internal Control Evaluation Questionnaires (ICEQs)

 In recent years many auditing firms have developed and implemented an

evaluation technique more concerned with assessing whether specific errors
(or frauds) are possible rather than establishing whether certain desirable
controls are present.

 This is achieved by reducing the control criteria for each transaction stream
down to a handful of key questions (or control question). The characteristic of
these questions is that they concentrate on the significant errors or omissions
that occur at each phase of the appropriate cycle if controls are weak.

 The nature of the key questions may best be understood by reference to the
examples on the following pages.

Internal control evaluation questionnaire: control questions

The sales (revenue) cycle

Is there reasonable assumable assurance that:

(a) Sales are properly authorized?

(b) Sales are made to reliable payers?
(c) All goods dispatched are invoiced?
(d) All invoices are properly prepared?
(e) All invoices are recorded?
(f) Invoices are properly supported?
(g) All credits to customers’ accounts are valid?
(h) Cash and cheques received are properly recorded and deposited?
(i) Slow payers will be chased and that bad and doubtful debts will be
provided against?
(j) All transactions are properly accounted for?
(k) Cash sales are properly dealt with?
(l) Sundry sales are controlled?
144
(m) At the period and the system will neither overstate nor understate
trade accounts receivable?
The purchases (expenditure) cycle is there reasonable assurance that:
(a) Goods or services could not be received without a liability
being recorded?
(b) Receipt of goods or services is required in order to
establish a liability?
(c) A liability will be recorded:
(i) Only for authorized items
(ii) At the proper amount?
(d) All payments are properly authorized?
(e) All credits due from suppliers are received?
(f) All transactions are properly accounted for?
(g) At the period end liabilities are neither overstated nor understated by
the system?
(h) The balance at the bank is properly recorded at all times?
(i) Unauthorized cash payments could not be made and that the
balance of petty cash is correctly stated at all times?

Wages and salaries

Is there reasonable assurance that:

(a) Employees are only paid for work done?

(b) Employees are paid the correct amount (gross and net)?
(c) The right employees actually receive the right amount?
(d) Accounting for payroll costs and deductions is accurate?
(e) The cut off is reliable?
(f) The costing system is reliable?
(g) The inventory sheets are accurately compiled?
(h) The inventory valuation is fair?

Non current tangible assets

Is there reasonable assurance that:

(a) Recorded assets actually exist and belong to the company?

(b) Capital expenditure is authorised and reported?
(c) Disposals of non current assets are authorised and reported?
(d) Depreciation is realistic?
(e) Non current assets are correctly accounted for?
(f) Income derived from non current assets is accounted for?

145
 Investments

Is there reasonable assurance that:

(a) Recorded investments belong to company and are safeguard from

loss?
(b) All income, rights or bonus issues are properly received and
accounted for?
(c) Investment transactions are made only in accordance with company
policy and are appropriately authorised and documented?
(d) The carrying values of investments are reasonably stated?

Management information and general controls

Is the normal ledger satisfactorily controlled?

Are journal entries adequately controlled?
Does the organization structure provide a clear definition of the extent
and limitation of authority?
Are the systems operated by component employees, who are adequately
supported?
If there is an internal audit function, is it adequate?
Are periodic internal reporting procedures adequate?

 Each key control question is supported by detailed control points to be

considered. For example, the detailed control points to be considered in
relation to key control question (b) for the expenditure cycle (Is there
reasonable assurance the receipt of goods or services is required to establish a
liability?) are as follows.

1. Is segregation of duties satisfactory?

2. Are controls over relevant master files satisfactory?
3. Is there a record that all goods received have been checked for:

 Weight or number?
 Quality and damage?

4. Are all goods received taken on charge in the detailed

inventory ledgers:

 By means of the goods received note?

 Or by means of purchase invoices?
 Are thee, in a computerized system, sensible control totals (has totals,
money values and so on) to reconcile the inventory system input with

146
 the payables system?
5. Are all invoices initialled to shoe that:

 Receipt of goods has been checked against the goods received

records?
 Receipt of services has been verified by the person using it?
 Quality of goods has been checked against the inspection?

6. In a computerized invoice approval system are there print-outs

(examined by a responsible person) of:
 Cases where order, GRN and invoice are present but they are not
equal (‘equal’ within predetermined tolerances of minor
discrepancies)?
 Cases where invoices have been input but there is no
corresponding GRN?

(7) Is there adequate control over direct purchases?

(8) Are receiving documents effectively cancelled (for example cross-

referenced) to prevent their supporting two invoices?

 Alternatively, ICEQ questions can be phrased so that the weakness, which

should be prevented by a key control, is highlighted, such as the following.

Comments or explanations of
‘yes’ answer
Question Answer

Can goods be sent to

Unauthorised
suppliers?

 In these cases a ‘yes’ answer would require an explanation, rather than a ‘no’
answer.

Advantages and disadvantages of ICQs and ICEQs

 ICQs have various advantages:

(a) If drafted thoroughly, they can ensure all controls are considered.
(b) They are quick to prepare.
(c) They are easy to use and control.

 However they also have some disadvantages.

147
 (a) The client, may be able to overstate controls.
(b) They may contain a large number of irrelevant controls.
(c) They may not include unusual controls, which are nevertheless effective
in particular circumstances.
(d) They can give the impression that all controls are equal weight. In many
systems one NO answer (for example lack of segregation of duties) will
cancel out a string of YES answers.

 ICEQs have the following advantages:

(a) Because they are drafted in terms of objectives rather than specific
controls, they are easier to apply to a variety of systems than ICQs.
(b) Answering ICEQs should enable auditors to identify the key controls
which they are most likely to test during control testing.
(c) ICEQs can highlight areas of weakness where extensive substantive
testing will be required.

 The principal disadvantage is that they can be drafted vaguely, hence

misunderstood and result in important controls not identified.

Question: Control procedures

Explain the importance of the following control procedures.

(a) Segregation of duties.

(b) Bank reconciliation.
(c) Comparing the results of inventory counts with accounting records.

Answer

(a) Segregation of duties is important because the more people that are involved
in all the stages of processing a transaction, the more likely it is that fraud or
error by a single person will be identified. In addition the more people that
are involved, the less the chances of fraudulent collusion between them.

(b) A bank reconciliation is important because it reconciles the business’s

records of cash held at bank with the bank’s records of cash held at bank.
Written confirmation from the bank is strong evidence since it arises from an
independent source and is in writing. Generally the only differences on the
reconciliation should be timing differences on unpresented cheques or
uncleared banking. For large unpresented cheques and for all uncleared
bankings the timing difference involved should be small.

(c) Inventory is an important figure in the accounts often affecting both the
income statement and balance sheet. In addition the inventory of many
businesses is highly portable, and it is thus subject to a high risk of theft.

148
 (d) Inventory is an important figure in the accounts often materially affecting
both the income statement and balance sheet. In addition, the inventory of
many businesses is highly portable, and it is thus subject to high risk of theft.

A main comparison of inventory as recorded in the accounting records with

actual inventory held may identify difference which have to be investigated.
The difference may be due to theft of inventory but may also be due to
failure to record inventory movements properly. This may mean that
purchases or sales have been recorded incorrectly.

6.2 The Business System

The business system ideally comprises all those areas that are involved in the generation
of resources by the company. They include:

 Sales
 Purchases
 Investments
 Financing

AUDITING FOR SALES

There are specific aims of controls applicable to the sales system. The aims of controls in
the sales system are:
Aims of controls
Ordering and granting of credit
 Goods and services are only supplied to customers with good credit ratings
 Customers are encouraged to pay promptly
 Orders are correctly recorded
 Orders are fulfilled
Dispatch and Invoicing
 All despatches of goods are recorded
 All goods and services sold are correctly invoiced
 All invoices raised relate to goods and services supplied by the business
 Credit notes are only given for valid reasons
Recording, accounting and credit control
 All sales that have been invoiced are recorded in the general and sales ledger
 All credit notes that have been issued are recorded in the general and sales ledgers
 All entries in the sales ledger are made to the correct sales ledger accounts
 Cut-off is applied to the sales ledger
 Potentially doubtful debts are identified and provided for

149
Controls: ordering and credit approval process.
 Segregation of duties; credit control, invoicing and inventory dispatch
 Authorisation of credit terms to customers

o References and/or credit checks obtained

o Authorisation by senior staff
o Regular review

 Authorisation of changes in other customer data

o Change of address must be supported by letterhead

o Deletion requests must be duly authorised and supported by evidence of
balance cleared/ customer in liquidation

 Orders only accepted from customers who have no credit problems

 Sequential numbering of blank pre -printed order documents
 Correct prices should be quoted to customers
 Matching of customer orders with production orders and despatch notes and
querying orders that are not matched
 Dealing with customer queries

Controls: dispatches and invoice preparation

 Authorisation of dispatch of goods
 Despatch only on sales order
 Despatch only to authorised customers
 Special authorisation of despatches of goods free of charge or on special terms
 Examination of goods outwards as to quantity, quality and condition
 Recording of goods outwards
 Agreement of goods outwards records to customer orders, despatch notes and
invoices
 Pre-numbering of despatch notes and delivery notes and regular checks on
sequence
 Conditions of returns checked
 Recording of goods returned notes
 Signature of delivery notes by the customers
 Preparation of invoices and credit notes
 Authorisation of selling prices/ use of price lists
 Authorisation of credit notes
 Checks on prices, quantity, extension and totals
 Inventory records updated
 Matching of sales invoices with despatch and delivery notes and sales orders
 Regular review for dispatch notes which is not matched by invoices

150
Controls: account, recording and credit problems
 Segregation of duties: recording sales , maintaining customer accounts and
preparing statements
 Recording of sales invoices sequence and control over spoilt invoices
 Matching of cash receipts with invoices
 Retention of customer remittance advices
 Separate recording of sales returns, price adjustments etc
 Cut-off procedures to ensure goods despatched and not invoiced ( or vice-versa)
are properly dealt with in the correct period
 Regular preparation of trade accounts receivable statements
 Safeguarding of trade accounts receivable statements so that they cannot be
altered before despatch
 Review and follow up on overdue accounts
 Authorisation of writing off of bad debts
 Reconciliation of sales ledger control accounts
 Analytical review of sales ledger and profit margins

Controls: ordering and granting of credit

 Check that references are being obtained for all new customers
 Check that all new accounts on the sales ledger have been authorised by senior
staff
 Check that orders are only accepted from customers who are within their credit
limits
 Check that customer orders are being matched with production orders and
despatch notes

Controls: despatches and invoices

 Verify details of trade sales or goods despatched notes with sales invoices
checking
o Quantities
o Prices charged against price lists
o Trade discounts have been properly dealt with
o Calculations and additions
o Entries in sales daybooks are correctly analysed
o VAT, where chargeable, has been properly dealt with
o Postings to the general ledger

 Verify details of trade sales with entries in the inventory records

 Verify non-routine sales (scrap,non-current assets) to
o Appropriate supporting documentation
o Approval by authorised officials
o Entries in the plant register
 Verify credit notes with :

151
 o Corresponding or other supporting documentation
o Approval by authorised personnel
o Entries in inventory records
o Entries in goods returned records
o Calculations and additions
o Entries and additions
o Entries in day book, checking these are correctly done
o Postings to sales ledger
 Test numerical sequence of dispatch notes and enquire into missing numbers
 Test numerical sequence of invoices and credit notes, enquire into missing
numbers
 Test numerical sequence of order forms enquire into missing numbers
 Check dispatches of goods free of charge or on special terms have been
authorised by management
 Check recording and accounting entries in sales day book and the sales ledger,
test a sample of entries therein

AUDITING FOR PURCHASES

Aims of controls

Ordering
 All orders for goods and services are properly authorised, and are for goods and
services that are actually received and are for the company
 Orders are made to authorised suppliers only
 Orders are at competitive prices

Receipt and invoicing

 All goods and services are used for the organisation’s purposes and not private
purposes
 Goods and services are only accepted if they have been ordered, and the order has
been authorised
 All goods and services are accurately recorded
 Liabilities are recognised for all goods and services that have been received
 Receipt of goods and services is necessary to establish a liability to be recorded

Accounting
 All expenditure is for goods that have been received
 All expenditure is authorised
 All expenditure that is made is recorded correctly in the general ledger and
purchase ledger
 All credit notes that are received are recorded correctly in the general and
purchase ledgers
 All entries in the purchase ledger are made to the correct purchase ledger accounts
 Cut-off is applied correctly to the purchase ledger

152
Controls: ordering
 Segregation of duties; requisition and ordering
 Central policy for choice of suppliers
 Evidence required for purchase before purchase is authorised
 Order only prepared when a pre-numbered purchase requisition has been received
 Authorisation of order forms
 Pre-numbered order forms
 Safeguarding of blank order forms
 Review for orders not received or invoiced
 Monitoring of supplier terms and taking advantage of favourable conditions (bulk
purchase discount)

Controls: goods and invoices received

 Examinations of goods inwards
o Quantity
o Quality
o Conditions
 Recording arrival and acceptance of goods
 Comparisons of goods received with purchase orders
 Referencing of supplier invoices, numerical sequence and supplier reference
 Recording of goods returned
 Procedures for obtaining credit notes
Controls: accounting for purchases
 Segregation of duties: accounting and checking functions
 Prompt recording of purchases and purchase returns
 Regular maintenance of purchase ledger
 Comparison of supplier statement with purchase ledger balances
 Authorisation of payments
o Authority limits
o Confirmation that goods have been received, in accordance with purchase order,
and are properly priced and invoiced
 Review of allocation of expenditure
 Reconciliation of purchase ledger control account to total of purchase ledger
balances
 Cut-off of accrual of goods received notes not matched by purchases at year end
 Purchase invoices are supported by purchase orders
 The officials are operating within laid-down authority limits
 Obtain explanations for items that have been outstanding for a long time
 Check numerical sequence and enquire into missing numbers of:
o Purchase requisitions
o Purchase orders
o Goods received notes
o Goods returned notes
153
 o Suppliers invoices
 Check additions and casting of invoices and check entries in purchase day book if
they are correctly analysed

AUDITING FOR PAYROLL

Aims of Controls
Settings of wages and salaries
 Employees are only paid for what they have done
 Gross pay has been calculated correctly and authorised
Recording of wages and salaries
 Gross pay and deductions are correctly recorded on the payroll
 Wages and salaries paid are correctly recorded in the bank and cash recorded
 Wages and salaries are recorded correctly in the general ledger
Payment of wages and salaries
 The correct employees are paid
Deduction
 All deductions have been calculated correctly and are authorised
 The correct amounts are paid to the taxation authorities
Controls: general arrangements
Responsibility for the preparation of pay sheets should be given to a responsible
official and adequate staff appointed to assist him
Controls : setting of salaries and wages
 Staffing and segregation of duties
 Maintenance of personnel records and check of wages regularly to personnel
records
 Authorisation
 Engagement and discharge of employees
 Changes in pay rates
 Overtime
 Non-statutory deductions
 Advances of pay
 Recording of changes in personnel and pay rates
 Recording of hours worked by timesheets, clocking in and out arrangements
 Review of hours worked
 Recording of advances of pay
 Holiday pay
 Answering queries
 Review of wages against budget

154
Controls: payment of cash wages
 Segregation of duties
o Cash sheer preparation
o Filling of pay packets
o Distribution of wages
 Authorisation of wage cheque cashed
 Custody of cash
o Encashment of cheques
o Security of pay packets
o Security of transit
o Security and prompt banking of unclaimed wages
 Verification of identity
 Recording of distribution
 Preparation and authorisation of cheques and bank transfer lists
 Comparison of cheques with payroll
 Maintenance and reconciliation of wages and salaries account
 Basis for the compilation of wages payroll
 Preparation , checking and approval of the payroll
 Dealing with non-routine matters
 Correct deductions from pay
 Maintenance of separate employees ‘ records with which pay lists may be
compared if necessary
 Reconciliation of total pay and deductions between one pay and the next
 Comparison of actual pay totals with budget estimates or standards
 Agreement of gross earnings and total tax deducted with taxation returns

Auditors may arrange to attend a pay out and confirm that the official procedures are
being followed. For holiday pay, this will be compared with the underlying records and
calculation of the amount paid will be checked.

Auditors should also check the calculation of taxation and non-statutory deductions and
also check that the payment to the tax authorities are correct.

For voluntary deductions, auditors will seek to see the authority completed by the
relevant employees.

AUDITING FOR INVESTMENTS

155
The aims of the controls in the audit of investments are authorisation and recording.

Authorisation

 All expenditure is authorised

Recording

That all expenditure is classified correctly in the financial statements as capital or

revenue expenditure

The other types of audit procedures the auditor will employ are as below:

INVESTMENTS
 Check board minutes resolutions relating to the acquisition of investments
 Check that management have authority to invest
 Check procedures on disposals of investments
 Check that accounting treatment is in accordance with the required accounting
standards
 Ensure that investments are reflected in the accounts at an appropriate carrying
value.

Control
 Orders for capital items should be authorised
 Orders should be requisitioned on appropriate documentation
 Invoices should be approved by the person who authorised the order
 They should be marked with the appropriate general ledger code
 All standard controls for recording of purchases are relevant
 Capital items should be written up in the non-current asset register
 The non-current asset register should be reconciled regularly to the general ledger
 All necessary documents relating to investment income, and documentation will
be reviewed by the auditor
 Review the level of capital purchases with relevant authorities
 Review board minutes for authorisation of capital purchases and investments

AUDITING FOR FINANCING

Auditing for financing will centre around those medium and long term loans that the
company has contracted for the purpose of financing their business.

It will comprise debentures, loan stock and other loans repayable within and after one
year.

Important aspects are:

156
 Completeness of all interests payable
 Measurement of whether interest payable has been calculated correctly and
included in the Income Statement
 Disclosure of whether long term loans and interest have been correctly disclosed in
the accounts
 Any restrictions on the use of assets that have been pledged as collateral for the loan

AUDIT PROGRAM: LONG-TERM DEBT

 Obtain /prepare schedules of long term debt outstanding at the balance sheet
date showing for each loan: name of lender, date of loan, maturity date, interest
date and rate balance at end of the period and security
 Compare opening balances to the general ledger
 Check name of lender to register of debenture holders
 Trace additions and repayment entries in the cash book
 Confirm repayments with the lenders
 Examine cancelled cheques and memorandum of satisfaction for loans repaid
 Verify that borrowing limits imposed by the articles of association or other
agreements have not been exceeded
 Examine signed Board minutes relating to new borrowings/repayments
 Obtain direct confirmation from lenders of amounts outstanding, accrued interest
and what security they hold
 Verify interest charged for the period and then adequacy of interest accrued
 Confirm assets charged have been entered in the register of charges and notified
to the registrar
 Review restrictive covenants and provisions relating to default:
Review corresponding relating to the loan
Review confirmation replies for non-compliance
If a default appears to exist, determine its effect, and schedule findings.

Review minutes, cash books to check if all loans have been recorded

157
CHAPTER 7.0: BALANCE SHEET AUDIT
CASH
The use of cash in this context includes bank balances and cash held at the company’s
premises.

The audit of cash will particularly be concerned with completeness and accuracy of
balances. Bank reconciliations testing is in practice the most important of these tests and
students will often be examined on bank reconciliations.

Substantive tests on bank balances will need to cover completeness, existence, rights
and obligations and valuation. All of these elements can be audited directly through
obtaining third party confirmations from the client’s banks and reconciling these with the
accounting records, having regard for cut-off. The auditors will first update details of
bank accounts ensuring the client holds accounts with bona fide banks.

Use of Confirmation Requests

The auditors will decide from which banks they will request confirmation and will have
regard to such matters as size of balance, volume of activity, degree of reliance on
internal controls, and materiality in the context of the Financial Statements.

The auditor will decide to use one of the following methods to get confirmation from the
client’s banks:

 Listing balances and other information and then asking the client’s banks to
confirm their accuracy and completeness
 Requesting details of balances and other information from the client, and then
comparing these with the banks’ records.

The procedure for a confirmation letter is simple and will depend on the purpose for
which the confirmation is required. The bank will request its client whether they can
disclose the information requested.

Cut-off

Care will be taken to ensure that there is no window dressing by checking cut-off
carefully. Window dressing is usually manifested by as an attempt to improve the
liquidity of the company by enhancing bank balances and reducing receivables by:

 By keeping the cash book open to take credit for remittances actually received
after year end
 Recording cheques paid in the period under review which are actually not
dispatched until after the year end.
The above will enhance the liquity ratio.
AUDIT PROGRAM: TANGIBLE NON-CURRENT –BANK AND CASH

158
  Obtain standard bank confirmation from each bank with which the bank
conducted its business during the audit period
 Check the arithmetic of bank reconciliation
 Trace cheques shown as outstanding from bank reconciliation to the cash book
prior to and after the year end and obtain explanations for any large or unusual
items not cleared at the date of the audit
 Compare the bank statement and cash book entries in details for the last month of
the year and check that all items are cleared in the last period or taken forward to
the year end bank reconciliation
 Obtain satisfactory explanations for all items in the cashbook for which they are
no corresponding entries in the bank statements and vice-versa
 Verify contra items appearing in the cashbook or bank statements with original
entry
 Verify by checking pay-in slips that uncleared bankings are paid in prior to the
year end
 Examine all lodgements in respect of which payment has been refused by the
bank and ensure appropriate procedures are in place to deal with the issue
 Scrutinise the cash book and bank statements before and after the balance sheet
date for exceptional entries or transfers which have a material effect on the
balance shown to be on hand
 Identify whether any accounts have been secured on the assets of the company
 Consider whether any accounts are secured on the assets of the company
 Determine whether the bank accounts are subject to any restrictions

AUDIT PROGRAM: CASH COUNT

 Count all cash balances held and agree to petty cash book or other records
 Count all balances simultaneously
 All counting to be done in the presence of the responsible individuals
 Enquiries into any IOUs or cashed cheques outstanding for unreasonable periods
 Obtain certificates of cash in hand from responsible officials
 Confirm that bank and cash balances as reconciled above are correctly stated in
the accounts

Cash balances /floats are often in themselves immaterial but may require some audit
emphasis because of opportunities for fraud that could exist where internal controls could
be weak and because in aggregate they may be material. Hotels and retail organizations
normally hold large amounts of cash and procedures are similar to the inventory count.

RECEIVABLES

Much of the auditor’s detailed work will be based on the selected list of accounts
receivables from the sales ledger listings provided by the client. The list should ideally be
aged i.e. showing the period (s) the money has been owed.

159
The following procedures will be normally be performed to check completeness and
accuracy of the client- prepared list.

Check the balances from individual sales ledger accounts to the list of balances and
vice-versa. Check the total of the list to the sales ledger control account

Cast (add up) the list of balances and the sales ledger control account
Confirm whether list of balances reconciles with the sales ledger control account

Confirmation of accounts receivables

ISA 501 Audit evidence-additional considerations for specific items covers the
confirmation of accounts receivables. This states that when it is reasonable to expect
customers to respond, the auditors will generally plan to obtain direct confirmation of
accounts receivable to individual entries in an account balance. Confirmation of accounts
receivable balances is an example of external confirmations as given in ISA 505, External
Confirmations.

Verification of trade accounts receivable received by direct communication, is therefore,

the normal means of providing audit evidence to satisfy the objective that customers exist
and owe bona fide amounts to the company (existence and rights and obligations)
Ideally the confirmation should take place ideally immediately after the month-end and
hence cover the year-end balances to be included in the balance sheet. However, due to
time constraints confirmation is normally prior to the year-end but normally not more
than three months before the year-end.

ISA 505, External Confirmations outlines the auditor’s response should management
refuse to give auditors permission to contact third parties for confirmation. Note that this
applies to all such external confirmations.

The ISA says ’ when the auditor seeks to confirm certain balances or other information,
and management request the auditor not to do so, the auditor should consider whether
they are any valid grounds of such a request and obtain evidence to support the validity of
management’s requests. If the auditor agrees to management’s request not to seek
external confirmation regarding a particular matter, the auditor should apply alternative
procedures to obtain sufficient appropriate audit evidence regarding that matter. If the
auditor does not accept the validity of such requests, and is prevented from carrying out
the confirmations, there has been a limitation on the scope of the auditor’s work and the
auditor should consider the possible impact on the auditor’s report’

Positive Vs Negative Confirmation

When confirmation is undertaken the method of requesting information from the

customer maybe either ‘positive’ or ‘negative’.

 Under the positive method the customer is requested to confirm the accuracy of
the balance shown or state in what respect he is in disagreement.

160
  Under the negative method the customer is requested to reply if the amount stated
is disputed.

The positive method is generally more preferable as it is designed to encourage definite

replies from those contacted.

The negative method may be used if the client has good internal control, with a small
number of small accounts. In some circumstances, say where there is a small number of
large accounts and a large number of small accounts, a combination of both methods as
noted above may be used.

Auditors will normally only contact a sample of accounts receivable. If this sample is to
produce a meaningful result it must be based upon a complete list of accounts receivable.
In addition, when constructing the sample, a selection will be made of:

 Old unpaid accounts

 Accounts written off during the period under review
 Accounts with credit balances
 Accounts settled by round sum payments
 Accounts with nil balances
 Accounts which have been paid by the date of examination

Follow- up

Auditors will follow up on and carry out further work in relation to those accounts
receivable who:

 Disagree with the balance stated (Positive and Negative Confirmation)

 Do not respond (Positive Confirmation only)

REASONS FOR DISAGREEMENTS

There is a dispute between the client and the customer. The reasons for the disputes must
be identified, and provision made if appropriate against the debt.

Cut off problems exist, because the client records the following year’s sale in the current
period or because goods returned by the customer in the current year are not recorded in
the current year. Cut-off testing may be extended.

The customers may have sent the monies before the year –end, but the monies were not
recorded by the client as receipts until after the year-end. Detailed cut-off work may be
required on all receipts.

Monies received may have been posted to the wrong account or cash-in-transit account.
Auditors should check if there is evidence of other misposting. If the monies have been

161
posted to a cash-in- transit account, auditors should ensure that this account has been
cleared promptly.

Customers who are also suppliers may net off balances owed and owing. Auditors
should check that this is allowed.

Teeming and lading, stealing monies and incorrectly posting to other receipts so that
no particular customer is seriously in debt is a fraud that can arise in this area. If auditors
suspect teeming and lading occurred, they may perform detailed testing on cash receipts,
particularly on prompt posting of cash receipts.

When positive confirmation is used, the auditors should follow up on those accounts
receivable who fail to respond. Second requests should be sent and if necessary followed
by telephone calls with permission from the client.

If it proves impossible to get confirmations from individual customers, alternative

procedures may be carried out:

AUDIT PROGRAM: RECEIVABLES-ALTERNATIVE PROCEDURES

 Check receipt of cash after date

 Verify valid purchase orders if any
 Examine the account to see if the balance outstanding represents specific
invoices and confirm their validity
 Obtain explanations for invoices remaining unpaid after subsequent ones have
been paid
 Check if the balance on the account is growing, and if so, why
 Test company’s control over the issue of credit notes and the write -off of bad
debts

INVENTORY

162
There are two sources of rules that deal with inventory:

(a) IAS 2 Inventories

(b) Part of ISA 501 Audit evidence- additional considerations for specific items
which relates to attendance

IAS 2 Inventories

KEY TERMS

 Cost is defined by IAS 2 as comprising all costs of purchase and other costs
incurred in bringing inventories to their present location and condition.

 Net realisable value is the estimated selling price in the ordinary course of
business, less the estimated costs of completion and the estimated costs necessary
to make the sale.

Production costs (costs of conversion) include:

(a) Costs directly attributable to units of production

(b) Production overheads
(c) Other overheads attributable to bring the product or service to its present
location and condition

Question: Difficulties of auditing stock

Give some of the main reasons why inventory is one of the most difficult areas of the
audit

Exam Focus Point

You must have a thorough knowledge of audit procedures before, during and after the
physical inventory count.

Responsibility in relation to inventory count

Management

 Ensure that inventory figures in the accounts represents inventory that exists
 Ensure that inventory figures in the accounts represents inventory that is owned
by the entity
 Ensure that accounting records includes statements of physical inventory count.

Auditors

163
Obtain sufficient appropriate evidence about figures from

 Inventory records
 Inventory control systems
 Results of physical inventory counts
 Test counts by the auditors

Attend physical inventory count if inventory is material and evidence of existence is

provided by management inventory counts

Methods of inventory counts

(a) Physical inventory counts at the year end (preferred by auditors)

(b) Physical inventory counts before or after the year end
(c) Perpetual inventory count where management has a programme of
inventory-counting throughout the year

If perpetual inventory count is used, the auditors will check that management:

(a) Ensures that all inventory lines are counted at least once in a year

(b) Maintains adequate inventory records that are kept up to date. Auditors may
compare sales and purchase transactions with inventory movements, and carry
out other tests on the inventory records, e.g. checking casts and classification
of inventory

(c) Has satisfactory procedures for inventory counts and test counting. Auditors
should confirm inventory count arrangements by reviewing inventory count
instructions and observing counts. Cut-off will be particularly important.

(d) Investigates and correct material differences. Reasons for differences should
be recorded and any necessary corrective action should be taken

AUDIT PROGRAM: PERPETUAL INVENTORY COUNT

 Attend one of the inventory counts (to observe and confirm that instructions are
being adhered to)

 Follow up the inventory counts attended to compare quantities counted by the

auditors with the inventory records, obtaining and verifying explanations for any
differences, and checking that the client has reconciled count records with book
inventory records.

 Review the year’s inventory counts to confirm that the extent of counting, the
treatment of discrepancies, and the overall accuracy of records.

164
  Assuming a full count is not necessary at the year end, compare the listing of
inventory with the detailed inventory records, and carry out other procedures( cut-
off, analytical review) to gain further satisfaction.

Attendance at the stock count gives evidence of existence and apparent ownership of
inventory. It also gives evidence of completeness of inventory.

PLANNING INVENTORY COUNT

Gain knowledge Review previous year’s arrangement

Discuss with management inventory
count arrangement and significant
changes
Assess key factors Nature and volume of inventory
Risks relating to inventory
The identification of high value items
Methods of accounting for inventory
Location of inventory and how it affects
inventory control and recording
Internal control and accounting systems
to identify potential areas of difficulty
Plan procedures Ensure representative selection of
locations, inventory and procedures are
covered
Ensure sufficient attention is given to high
value items
Arrange to obtain from third parties
confirmation of inventory they hold
Consider the need for expert help

REVIEW OF STOCK TAKE INSTRUCTIONS

Organisation of count Supervision by senior staff including those
not normally involved with inventory
Tidying and marking inventory to help
counting
Restriction and control of the production
process and inventory movements during
the count
Identification of damaged ,obsolete, slow
moving third party and returnable
inventory
Counting System counting to ensure all inventory is
counted
Teams of two counters, one counting and
the other checking or two independent
counts

165
Recording Serial numbering , control and return of
inventory sheets
Inventory sheets being completed in ink
and signed
Information to be recorded on the count
records (location, identity quantity counted
etc)
Recording of quantity, condition and
stage of production of WIP
Recording of last numbers of goods
inwards and outwards and internal
transfers

Reconciliation with inventory records

and investigations and correction of any
differences

AUDIT PROGRAM: ATTENDANCE AT INVENTORY COUNT

 Check the client’s staff are following instructions
 Make test counts to ensure that procedures and internal controls are working
properly
 Ensure that the procedures for identifying damaged, obsolete and slow moving
inventories operate properly; the auditors must obtain information the inventory’s
condition, age, usage and for WIP stage of condition
 Conclude whether the count has been properly carried out and is sufficiently
reliable as a basis for the determination of the existence of inventories
 Consider whether any amendments are necessary to subsequent audit procedures
 Confirm that inventories held on behalf of third parties is separately identified and
accounted for
 Gain an overall impression of the levels and values of inventories held so that the
auditors may, in due course, judge whether the figure for inventories appearing in
the financial statements is reasonable

CUT – OFF

Cut – off is the most critical to the accurate recording of transactions and auditors will
carry out these procedures to ensure transactions have been recorded in the correct
period.

166
AUDIT PROGRAM: CUT - OFF
 Record all movements relating to the period
 Observe whether correct cut-off procedures are being followed in the dispatch and
receiving areas
 Discuss procedures with company staff performing the count to ensure they are
understood
 Ensure no goods finished on the day of the count are transferred to the warehouse

Final Audit
 Consider whether any amendments are necessary to subsequent audit procedures
 Match goods received notes to the sales invoices and ensure the liability has been
recorded in the correct period (only goods received before year end = purchases)

 Match goods dispatched notes to sales invoice to ensure the income has been
recorded in the correct period
 Match the requisition notes to the WIP figures for the receiving department to
ensure correctly recorded

Cost Versus Net Realisable Value (NRV)

IAS 2 Inventories prescribes the accounting treatment relating to inventories.

Auditors should compare cost and net realisable value for each item of inventory. Where
this is impractical to do, comparison may be done by group or category.

Net Realisable Value is likely to be less than cost when there has been:

 An increase in costs or fall in selling prices

 Physical deterioration
 Obsolescence of products
 A marketing decision to manufacture and sell products at a loss
 Errors in production or purchasing

167
AUDIT PROGRAM: ATTENDANCE AT INVENTORY COUNT
 Review and test the client’s system for identifying slow- moving, obsolete or
damaged inventory
 Follow up on any such items that were identified at the inventory count, ensuring
that the client has made adequate provision to write down the items to net
realisable value
 Examine inventory records to identify slow – moving items
 Examine the prices at which finished goods have been sold after the year-end and
ascertain whether any finished goods items need to be reduced to below cost
 Review quantities of goods sold after the year end to determine that year end
inventory has, or will be, realised
 If significant quantities of finished goods inventory remain unsold for an unusual
time after the year-end, consider the need to make appropriate provisions

For Work- In- Progress (WIP), the ultimate selling price should be compared with the
carrying value at the year end plus costs to be incurred after the year end to bring the WIP
to a finished state.
PREPAYMENTS
AUDIT PROGRAM: PREPAYMENTS

 Verify prepayments by the reference to the cash book , expense invoices,

correspondence and so on.
 Check calculations of prepayments
 Review the detailed profit and loss account to ensure that all likely prepayments
have been provided for
 Review the detailed profit and loss account to ensure that all likely prepayments
have been provided for
 Review the prepayments for reasonableness by comparing with prior years and
using analytical procedures where applicable

OTHER NON-CURRENT ASSETS

The key assertion relating to intangible assets are existence and valuation. They will
therefore be audited with reference to criteria laid down in the financial reporting
standards. As only purchased goodwill or intangibles with a readily ascertainable market
value can be capitalized, audit evidence should be available (purchase invoice or
specialist valuations). Audit of amortization will be similar to that of depreciation

OTHER ASSETS

The non-current asset register is a very important aspect of internal control system. It
enables assets to be identified, and comparisons between the General Ledger, non-current
asset register and the assets themselves provide evidence that the assets are completely
recorded and thus provides further evidence of completeness.

168
Another significant control is that of procedures over acquisitions and disposals, that the
acquisitions themselves have been properly authorized, and precede and accounted for.

Other significant aspects are to ensure that:

 Security arrangements over non-current assets are sufficient.
 Non-current assets are maintained properly
 Depreciation is reviewed every year
 All income is collected from income-yielding assets.

COMPLETENESS

AUDIT PROGRAM: TANGIBLE NON-CURRENT ASSETS-COMPLETENESS.

 Obtain or prepare a summary of tangible non-current assets showing how;

Gross book value
Accumulated depreciation
Net book value

Reconcile with the opening position.

 Compare non-current assets in the general ledger with the non-current
register and obtain explanations for differences
 Check whether assets which physically exist are recorded in the non-
current asset register
 If a non-current asset register is not kept, obtain a schedule showing the
original costs and present depreciated value of major non-current assets
 Reconcile the schedule of non-current asset register with the general
ledger.

EXISTENCE:

AUDIT PROGRAM: TANGIBLE NON-CURRENT ASSETS-EXISTENCE

 Confirm that the company physically inspects all items in the non-current asset
register each year
 Inspect assets concentrating on high value items and additions each year
Confirm items checked:

Exist
Are in use
Are in good condition
Have correct serial numbers
Review records of income- yielding assets
Reconcile opening and closing vehicles by number as well as by amounts

169
 VALUATION:

AUDIT PROGRAM: TANGIBLE NON-CURRENT ASSETS-VALUATION

 Verify additions to valuation certificate
 Consider reasonableness of valuation, reviewing;
 Experience of the valuer
 Scope of work
 Methods and assumptions used
 Valuation bases are in line with accounting standards
 Check revaluations surplus has been correctly calculated
 Check valuations of all assets that have been revalued have been updated
regularly (full valuation every five years and interim in year three generally)
 Check that client has recognised in the profit and loss account revaluation losses
which relate to clear consumption of economic benefits or which the valuation
below depreciated historical cost, and client has recognised all other gains and
losses in statement of total recognised gains and losses

DEPRECIATION:
 Review depreciation rates applied in relation to:
1. asset lives
2. residual values
3. replacement policy
4. past experience of gains and losses on disposal
5. consistency with prior year and accounting policy
6. possible obsolescence

 Check depreciation has been charged on all assets with a limited useful life
 For revalued assets, ensure that the charge for depreciation is based on the
revalued amount
 Check calculation of depreciation rates
 Compare ratios of depreciation to non-current assets( by category with prior years
and depreciation policy rates
 Ensure no further depreciation is provided on fully depreciated assets
 Check that depreciation policies and rates are disclosed in the accounts

INSURANCE:

Review insurance rates in force for all categories of tangible non-current assets and
consider the adequacy of their insured values and check expiry dates

170
RIGHTS AND OBLIGATIONS:

AUDIT PROGRAM: TANGIBLE NON-CURRENT ASSETS-RIGHTS AND

OBLIGATIONS

 Verify title to land and buildings by inspection of;

1. title deeds
2. land registry certificate
3. leases

 Obtain a certificate from solicitors/bankers:

1. stating purpose for which deeds are being held

2. stating deeds are free from mortgage or loan

 Inspect registration document for vehicles held, checking that they are in client’s
name
 Confirm all vehicles used for the client’s business
 Examine documents of title for other assets (including purchase invoices,
architect’s certificate, contracts, hire purchase or lease agreements.

CHARGES AND COMMITMENTS

1. review evidence of charges in statutory books and by company search

2. review leases of leasehold properties to ensure that the company has fulfilled the
covenants contained therein
3. examine invoices received after the year–end , orders and minutes for evidence of
capital commitments.

Inspection of the building’s title deeds does not give evidence about existence and if
there is doubt that a building actually exists, the auditors should physically inspect it.

ADDITIONS:

AUDIT PROGRAM: TANGIBLE NON-CURRENT ASSETS-ADDITIONS

 Verify additions by inspection of architect’s certificates, solicitor’s completion

statements, supplier’s invoices etc
 Check capitalization of expenditure is correct by considering for non- current
assets additions and items in relevant expense categories (repairs, motor vehicle
expenses, sundry etc) whether:

1. Capital/revenue distribution is correctly drawn

2. Capitalization is in line with consistently applied company policy

 Check purchases have been properly allocated to the correct non-current assets
 Check purchases have been authorized by directors/ management

171
  Ensure that appropriate claims have been made for grants, and grants received and
receivable have been received
 Check additions have been recorded in no-current asset register and general
ledger

SELF CONSTRUCTED ASSETS:

AUDIT PROGRAM: TANGIBLE NON-CURRENT – SELF CONSTRUCTED ASSETS

 Verify material and labour costs and overhead to invoices, wage rates, records etc
 Ensure expenditure has been analysed correctly and properly charged to capital
 Expenditure should be capitalized if it:

1. enhances the economic benefit of the asset in excess of its previously

assessed standard of performance
2. replaces or restores a component of the asset that has been treated
separately for depreciation purposes, and depreciated over its useful
economic life
3. relates to a major inspection or overhaul that restores the economic
benefits of the assets that have been consumed by the entity, and have
already been reflected by depreciation

 Check that no profit element has been included in costs

 Check that finance costs capitalized in previous periods do not exceed total
finance costs for the period

DISPOSALS:

AUDIT PROGRAM: TANGIBLE NON-CURRENT – DISPOSALS

 Verify proposals with supporting documentation, checking transfer of title, sales

price and dates of completion and payment
 Check calculation of profit or loss
 Check that disposals have been authorized
 Consider whether proceeds are reasonable

If the asset was used as security, ensure release from security has been correctly made.

INTANGIBLES

 Agree purchased intangibles to purchase documentation

 Review specialist valuation of intangibles and ensure they are reasonable
Review amortization calculations to ensure corrections

172
INVESTMENTS

 Check board minutes resolutions relating to the acquisition of investments

 Check that management have authority to invest
 Check procedures on disposals of investments
 Check that accounting treatment is in accordance with the required accounting
standards
 Ensure that investment is reflected in the accounts at an appropriate carrying
value.

GOODWILL
 Agree consideration to sales agreement
 Check that asset valuation is reasonable
 Agree that the calculation is correct
 Review the impairment review
 Ensure valuation of goodwill is reasonable/ there has been no impairment which
has not been adjusted

7.2.0 LIABILITIES

7.2.1 TRADE ACCOUNTS PAYABLE AND PURCHASES

As with accounts receivable, accounts payable are indeed likely to be a material figure in
the balance sheet of most enterprises. The purchase cycle tests of controls will have
provided the auditors with some assurance as to completeness of these liabilities.

Auditors should however be particularly aware, when conducting their balance sheet
work, of the possibility of understatement of liabilities to improve liquidity and profits
(by understating corresponding purchases). The primary objective of the balance sheet
work will be to ascertain whether liabilities existing at the year-end have been
completely and accurately recorded.

As of trade accounts payable, this objective can be subdivided as follows:

 Is there satisfactory cut-off between goods received and invoices received, so

that purchases and trade discount payable are recognised in the correct year?
 Do trade discounts payable present the bona fide amounts due by the company?

Trade Accounts Payable Listing

The list of balances will be one of the principal sources from which the auditors will
select their samples for testing. The listing can be extracted from the purchase ledger by
the client. The following is relevant to the auditor to ensure the purchase ledger has been
properly extracted:

 Check from the purchase ledger accounts to the list of balances and vice-versa.

173
  Reconcile the total of the list with the purchase ledger control account
 Cast the list of balances and the purchase ledger control.

The client should also prepare a detailed schedule showing all trade and sundry accrued
expenses

In performing the substantive tests relating to Liabilities, the auditor will be concerned
with Completeness, rights and obligations and existence of trade accounts payable

The other test is to compare supplier statements with purchase ledger balances. Auditors
must select a representative sample not just those with large year-end balances.
Remember that it is errors of understatement that auditors are looking. The auditor
should select accounts with nil or negative balances, he should be wary of low balances
with major suppliers. Remember that the client has no incentive to record liabilities
before they have been invoiced. Supplier’s circularization is not generally carried out in
that third party information is generally more reliable and the supplier’s invoices will be
part of the purchase cycle and the auditors will henceforth concentrate on these
documents when designing and conducting their tests.
In the following circumstances the auditor may consider circularizing creditors and he
will be looking for ‘positive’ responses.
 Supplier statements are for whatever reason unavailable or incomplete
 Weaknesses in the internal controls or nature of the client’s business make
possible a material misstatement of liabilities that would not be otherwise picked
up
 It is thought that the client is deliberately trying to understate accounts payable
 That accounts appear to be irregular or if the nature or size of balances or
transactions is normal

Exam Focus Point

Testing supplier’s statements is frequently tested in auditing exams!

Purchases and Expenses

Audit objectives:
 That purchases are for valid reasons
 That goods and services purchased were for the benefits of the company
 Accuracy of recording, so again cut-off will be important

OCCURRENCE AND COMPLETENESS OF PURCHASE

As with sales analytical procedures will be important. Auditors will consider:

 The level of purchases and expenses over the year, compared on a month by-
month basis with the previous period
 The effect on value of purchases of changes in quantities purchased

174
  The effect on value of purchases of changes in products purchased or prices of
products
 How the ratio of trade accounts payable to inventory compares with previous
year’s figures

AUDIT PROGRAM: PURCHASES- COMPLETENESS AND OCCURRENCE

Check purchases and other expenses recorded in the purchase or general ledger or cash
book to supporting documentation considering whether;
 Purchases and expenses are valid (invoice addressed to the client for goods ordered
and received by the client
 Purchases and expenses have been allocated to the correct purchase or general ledger
account
 Consider reasonableness of deductions from purchase or expenses by reference to
subsequent event. Check valid debts are recorded in purchase ledger to credit not

In considering procedures applied by the auditor, the following are relevant:

 Goods received for which no invoice has not been received have been properly
accrued
 Goods received which have been invoiced but not yet posted have been accrued
 Goods returned to suppliers prior to the year–end are excluded from inventory and
trade accounts payable

AUDIT PROGRAM: PURCHASES- PURCHASE CUT OFF

Check goods from goods received notes with serial numbers before the year-end to
ensure that they are;

Posted to the purchase ledger prior to the year end

Included on the schedule of accruals

 Review the schedule of accruals to ensure that goods received after the year end
are not accrued
 Check from goods returned notes prior to year end to ensure that credit notes have
been posted to the purchase ledger prior to the year end or are accrued
 Review large invoices and credited notes included after the year end to ensure
they refer to the following year
 Review outstanding purchase orders for indication of any purchase completed but
not invoiced
 Reconcile daily batch totals around the year end to purchase ledger control
ensuring that batches are posted in the correct year

175
LONG-TERM LIABILITIES:

The auditors concern in respect of long-term debts will be focus on those liabilities that
are repayable after more than one year. Some examples of these are; debentures, loan
stock etc.
Auditors will be more concerned with:
 Completeness- whether all long-term debt has been included in the Financial
Statements
 Measurement-Whether interest payable has been properly calculated and included
in the correct accounting period
 Disclosure-whether long-term debt and interest have been properly disclosed in
the FS in accordance with applicable standards and legislation

AUDIT PROGRAM: LONG-TERM DEBT

 Obtain /prepare schedules of long term debt outstanding at the balance sheet date
showing for each loan: name of lender, date of loan, maturity date, interest date
and rate balance at end of the period and security
 Compare opening balances to the general ledger
 Check name of lender to register of debenture holders
 Trace additions and repayment entries in the cash book
 Confirm repayments with the lenders
 Examine cancelled cheques and memoranda of satisfaction for loans repaid
 Verify that borrowing limits imposed by the articles of association or other
agreements have not been exceeded
 Examine signed Board minutes relating to new borrowings/repayments
 Obtain direct confirmation from lenders of amounts outstanding, accrued interest
and what security they hold
 Verify interest charged for the period and then adequacy of interest accrued
 Confirm assets charged have been entered in the register of charges and notified
to the registrar
 Review restrictive covenants and provisions relating to default:

Review corresponding relating to the loan

Review confirmation replies for non-compliance
If a default appears to exist , determine its effect, and schedule findings.
Review minutes, cash books to check if all loans have been recorded

176
INCOME STATEMENT AUDIT

The audit of the income statement will depend on the materiality of the items contained
therein and the level of reliance the auditor has placed on the internal control systems.

If the auditor assesses the internal controls as being weak, then he will increase his
substantive tests on the Profit and Loss Account (Income Statement) and the Balance
Sheet.

Some of the tests that the auditor will carry out:

 Trace material items in the Income Statement and trace them back to the books of
prime entry, checking what procedures were applied to the transaction(s) before it
was posted to the Income Statement
 Carrying out other substantive tests like analytical procedures, arithmetic and
accuracy of the material amounts reflected in the Income Statement
 Inquiries from management about certain items in the Income Statement which
need satisfactory explanations
 Any other audit tests that will help satisfy the auditor about the reasonableness,
accuracy and completeness of the transactions in the Income Statement
 Applicable Financial Reporting Standards and whether their application in the
Income Statement is acceptable.

7.5 PROVISIONS AND CONTINGENCIES

KEY TERMS:

A provision is a liability of uncertain timing or amount

A liability is a present obligation of the enterprise arising from past events, the settlement
of which is expected to result in an outflow from the enterprise of resources embodying
economic benefits

An obligating event is an event that creates a legal or constructive obligation that results
in an enterprise having no realistic alternative to settling that obligation

A legal obligation is an obligation that derives from:

(a) A contract (through its explicit or implicit terms)

(b) Legislation
(c) Other operation of law

A constructive obligation is an obligation that derives from an enterprise’s action where:

(a) By an established pattern of past practice, publicized policies and sufficiently specific
current statement, the enterprise has indicated to other parties that it will accept certain
responsibilities, and

177
(b) As a result the enterprise has created a valid expectation on the part of those other
parties that it will discharge those responsibilities

A contingent liability is:

(a) a possible obligation that arises from past events and whose existence will be
confirmed only on the occurrence or non-occurrence of one or more uncertain future
events not wholly within the control of the enterprise or

(b) A present obligation that arises from past events but is not recognised because:

1. It is not probable that an outflow of resources embodying economic benefits will

be required to settle the obligation, or
2. The amount of the obligation cannot be settled with sufficient reliability.

A contingent asset is a possible asset that arises from past events and whose existence
will be confirmed only by the occurrence or non-occurrence of one or more uncertain
future events not wholly within the control of the enterprise.

Under IAS 37, an entity should not recognise a contingent asset or liability. Entities
should only recognise a contingent liability or asset should only be recognised unless:

 It becomes probable that economic benefits will flow out/into the entity
 The asset or liability is capable of being measured reliably

Examples of principal types of contingencies disclosed by companies:”

 guarantees
 discontinued bills of exchange
 uncalled liabilities on shares or loan stock
 lawsuits or claims pending
 options to purchase assets

ISA 501 Audit evidence-additional considerations for specific items covers

contingencies relating to litigation and legal claims, which represents the major part
of the audit work on contingencies. Litigation and claims involving the entity may
have a material effect on the accounts and so will require adjustments to/disclosure in
those financial statements.

AUDIT PROGRAM: PURCHASES- PROVISIONS AND CONTINGENCIES

Make appropriate inquiries of management including obtaining its representation

Review board minutes and correspondence with the entity’s lawyers.
Examine legal expense account

178
Use any other information available regarding the entity’s business information obtained
from discussions with any in-house legal department.

The ISA discusses the form the letter to the entity’s lawyer should take. The letter which
ideally should be prepared by management and sent by the auditor who should instruct
the lawyer to communicate directly with the auditor

The letter should have the following headings:

 a list of litigations and claims

 management’s assessment of the outcome of litigation or claim and its estimate of
financial implications including costs
 a request that the lawyer confirm the reasonableness of management’s assessment
and provide the auditor with further information if the list is considered by the
lawyer to be incorrect or incomplete

A meeting between the auditor and lawyer should be set where a complex matter arises
and where there is disagreement between the lawyer and management.

AUDIT PROGRAM: PROVISIONS AND CONTINGENCIES

 Obtain details of all provisions which have been included in the accounts all
contingencies that have been disclosed
 Obtain a detailed analysis of all provisions showing opening balances ,
movements and closing balances
 Determine for each material provision whether the company has a present
obligation as a result of past events by;
discussing with the directors by reviewing correspondence relating to the item
 Determine for each material item provision whether a transfer of economic
benefits is probable
 Check whether any payments have been made in the post balance sheet period
relating to the item
 Review correspondence with solicitors , insurers, bankers for both pre- and post
balance sheet periods
 Send a letter to the solicitor to get their views
 Discuss what happened to previous provisions with management
 Check contingent liability disclosed in the accounts
 Recalculate all provisions in the accounts
 Consider the likelihood of reimbursement
 Compare amounts provided with post balance sheet payments
 Check that the contingent liability is disclosed in the account
 Consider the nature of the client’s business, would you expect to see provisions,
warranties etc
 Consider adequacy of the provisions, contingent assets and contingent liabilities.

179
Exam Focus Point
You should appreciate that the problems of accounting for contingencies makes
auditing difficult.

7.4 SHARE CAPITAL

The issued share capital as stated in the Financial Statements must be agreed in total to
the share register. Transfers will be examined on a test basis should be done in cases
where the company handles its registration work. Where this is not the case, the auditors
will examine those reports reported by independent parties to the company.

The auditor will also be concerned and will check carefully compliance by companies
with the local legislation about share issues, purchase of own shares etc. The auditor will
also be concerned as to whether any movements in reserves are valid.

AUDIT PROGRAM: CAPITAL AND RELATED ISSUES

Share equity capital
 Agree the authorized share capital with the statutory documents governing the
company’s constitution
 Agree changes to authorized share capital with properly authorized board
resolutions

Issue of Shares
 Verify any issue of share capital or other changes during the year with general
and board minutes
 Ensure issue or change is within the terms of the constitution, and the directors
have appropriate authority
 Confirm that cash and other considerations have been received or debtor(s) is
included in called up share capital not paid.

Transfer of Shares

 Verify transfer of shares by reference to correspondence, cancelled share

certificate and minutes of directors’ meetings
 Check balance of shareholder’s accounts in the register of members and the total
list with the amount of issued share capital in the general ledger

Dividends

 Agree dividends paid/proposed to authority and check calculation was correct

 Check dividends paid with documentary evidence
 Check that dividends do not contravene the distribution provisions of the
legislation
 Check that imputed tax has been accounted for to the revenue authority

180
 Reserves
 Check movements on reserves to supporting documentation
 Check that movements do not contravene the legislation and the company’s
constitution
 Confirm that the company can distinguish those reserves at the balance sheet date
that are distributable from those that are un-distributable

 Ensure that appropriate disclosures of movements are made in the company’s

books

7.6 SUBSEQUENT EVENTS

‘Subsequent events’ are:

 Those events that occur between the period end and the date of the auditor’s
report
 Facts discovered after the date of the auditor’s report

ISA 560 Subsequent events begin by stating that: ‘The auditor should consider the effect
of subsequent events on the financial statements and on the auditor’s report’

IAS 10 Events after the balance sheet date deals with the treatment in financial statements
of events, both favourable and unfavourable, occurring after the year-end. It identifies
two types of events:

 Those that provide further evidence of conditions that existed at the period-end
 Those that are indicative of conditions that arose subsequent to the period end

The auditor’s main concern in relation to subsequent events is to ensure that they perform
procedures designed to obtain sufficient appropriate evidence that all events up to the
auditor’s report that may require adjustment or disclosure in the financial statements have
been identified. These procedures will be applicable to all the items that were examined
during the audit but were susceptible to change after the year-end.

ISA 560 lists procedures to identify subsequent events, which may require adjustment or
disclosure. They should be as near as possible to the date of the auditor’s report.

PROCEDURES TESTING SUBSEQUENT EVENTS

Enquiries of Management
 status of items involving subjective judgements accounted for using preliminary
data
 new commitments, borrowings or guarantees
 sales or destruction of assets
 issues of shares/debentures or changes in business structure

181
  developments involving risk areas, provisions and contingencies
 unusual accounting adjustments
 major events ( e.g. going concern problems) affecting appropriateness of
accounting policies for estimates

Other procedures
 consider procedures of management for identifying subsequent events
 read minutes of general board / committee meetings
 review latest accounting records and financial information

Reviews and updates of these procedures may be required, depending on the length of
time between the procedures and the signing of the auditor’s report and the susceptibility
of the accounts to change over time.’ When the auditor becomes aware of events, which
materially affects the financial statements, the auditor should consider whether such
events are properly accounted for and adequately disclosed in the accounts’.

The financial statements are the responsibility of management and they should therefore
inform management of any material subsequent events between the date of the auditor’s
report and the date the financial statements are issued. The auditors have no obligation to
perform procedures, or make enquiries regarding financial statements after the date of
their report.

‘When after the date of the auditor’s report but before the financial statements are issued
the auditor becomes aware of a fact which may materially affect the accounts, the auditor
should consider whether the financial statement need amendments, should discuss the
matter with management and should take action appropriate in the circumstances’.

A situation may arise where the statements are not amended but the auditors feel they that
they should be. The ISA says ‘when management does not amend the financial
statements in circumstances that they believe they need to be amended and the auditor’s
report has not been released to the entity, the auditor should express a qualified opinion
or an adverse opinion.’

‘When after the financial statements have been issued, the auditor becomes aware of a
fact which existed at the date of the audit report and which if known at that date, may
have caused the auditor to modify the audit report, the auditor should consider whether
the financial statements need revision, should discuss the matter with management, and
should take the action as appropriate in the circumstances’

182
CHAPTER 8.0: AUDIT EVIDENCE
KEY TERMS
Analytical procedures consist of the analysis of significant ratios and trends
including the resulting investigations of fluctuations and relationships that are
inconsistent with other relevant information or which deviate from predictable
amounts.

ISA 520 Analytical Procedures states ‘the auditor should apply analytical procedures at
the planning and at the overall review stages of the audit’.

In addition to the analytical procedures, the auditor will also perform other substantive
tests to obtain audit evidence directly.

Nature and Purpose of Analytical Procedures

The ISA states that analytical procedures include:

(a) The considerations of the comparisons with:

 Similar information for prior periods

 Anticipated results of the entity, from budgets or forecasts
 Predictions prepared by auditors
 Industry information such as a comparison of the client’s ratio of sales to trade
accounts receivables with industry averages, or with the ratios relating to other
entities of comparable size in the same industry

(b) Those elements of financial information that are expected to conform to a predicted
pattern based on the entity’s experience, such as the relationship of gross profit to sales.

(c) Those between financial information and relevant non-financial information, such as
the relationship of payroll costs to number of employees.

A variety of methods can be used to carry out these analytical procedures above, ranging
from simple comparisons to complex analysis using statistics, on company, branch or
individual account level.

The ISA states that auditors must decide whether using available analytical procedures,
as substantive procedures will be effective and efficient in reducing detection risk for
specific financial statement assertions.

The ISA lists a number of factors that auditors should consider when using analytical
procedures:

183
Factors to consider Example
The objectives of the analytical procedures Analytical procedures maybe a good
and the extent to which their results are indicator of whether a population is
reasonable complete
The degree to which information can be Analytical procedures may be more
analysed effective when applied to financial
information on individual sections of an
operation

The availability of information Financial: budgets or forecasts

Non-financial e.g. the number of units
produced or sold
The reliability of information available Whether budgets are prepared with
sufficient care
The relevance of the information available Whether budgets are established as results
to be expected rather than as goals to be
achieved
The comparability of the information Broad industry data may need to be
available supplemented with that of an entity that
produces and sells specialised products
The knowledge gained during previous The effectiveness of the accounting and
audits internal control systems
The types of problems giving rise to
accounting adjustments in prior periods

Auditors will also consider the plausibility and predictability of the relationships being
tested. Some relationships are strong for example sales and selling expenses where the
sales people are paid by commission.

The ISA identifies other factors, which should be considered when determining the
reliance that the auditors must place on the results of analytical procedures:

Reliability Factor Example

Materiality of the items involved When inventory balances are material,
auditors do not solely rely on analytical
procedures
Other audit procedures directed towards Other procedures auditors undertake in
the same financial statement assertions reviewing the collectibility of accounts
receivable, such as review of subsequent
cash receipts, may confirm or dispel
questions arising from the application of
analytical procedures to an aged profile of
customer accounts
The accuracy with which expected results Auditors normally expect greater
of analytical procedures can be predicted consistency in comparing the relationship
of gross profit to sales from one period to

184
 another than in comparing discretionary
expenses such as research or advertising
The frequency with which a relationship A pattern repeated monthly as opposed to
is observed annually
Assessment of inherent and control risks If internal controls over sales processing
are weak, and control risk is high, auditors
may rely more on tests of individual
transactions or balances other than
analytical procedures.

The auditor will identify and investigate significant fluctuations or relationships that are
inconsistent with other relevant information or deviate from expected patterns and he will
obtain adequate explanations and appropriate corroborative evidence. Investigations will
start with enquiries of management and then corroboration of management responses:

 By comparing them with the auditor’s knowledge of the entity’s business and
with other evidence obtained during the course of the audit.

 If the analytical procedures are being carried out as a substantive procedure, by

undertaking additional audit procedures where appropriate to confirm the
explanations received.

If the explanations cannot be given by management, or if they are insufficient, the auditor
must determine which further audit procedures to undertake to explain the fluctuation or
relationship. When carrying out analytical procedures, the auditor should remember that
every industry is different and that each company within an industry differs in certain
respects.

Some of the practical examples of analytical procedures are:

(c) Ratio analysis

(d) Examining related accounts in conjunction with each other. Often
revenue and expense accounts are compared with the balance sheet
accounts and comparisons are made to ensure that relationships are
reasonable
(e) Trend analysis – current year’s results are compared with previous
period’s results.
(f) Reasonableness tests- These involve calculating the expected value
(e.g. cost + additions – disposals)* depreciation charge = charge in
Income Statement.

Other main methods of analytical review include:

 Benchmarking
 Physical inspection
 Corroboration
 Recalculation and reconciliation

185
  Surveys and questionnaires
 narratives
 testing

The working papers must contain the completed results of the analytical
procedures. They should include:

 Outline of the programme of work

 Summary of significant figures and relationships for the period
 Summary of comparisons made with budgets and with previous years
 Details of all significant fluctuations or unexpected relationships considered
 Details of results of investigations into such fluctuations or unexpected
relationships
 The audit conclusions reached
 Information considered necessary for assisting in the planning of subsequent
audits

TUTORIAL QUESTION- ANALYTICAL PROCEDURES

You are the auditor of Khaya Toys, a limited liability company which manufactures and
sells small toys by mail order. The company is managed by Mr. Phiri and two assistants.
Mr.Phiri authorises important transactions such as wages and large orders, one assistant
maintains the payables ledger and orders inventory and pays suppliers, and the other
assistant receives customer orders and despatches the toys. Due to other commitments Mr
Phiri only visits the office once a week.

At any time, about 100 different types of toys are available for sale .All sales are made
cash with order- there are no receivables. Customers pay using credit cards and
occasionally by sending cash. Turnover is over K5.2 million.

You are planning the audit of Khaya Toys and are considering using some of the
procedures for gathering audit evidence recommended by ISA 500 Audit Evidence as
follows:

(i) Analytical procedures

(ii) Inquiry
(iii) Inspection
(iv) Observation
(v) Re-calculation

REQUIRED:

(a) For each of the above procedures:

(i) Explain its use in gathering audit evidence (5 marks)

(ii) Describe one example for the audit of Khaya Toys
(5 marks)

186
 (iii) Discuss the suitability of each procedure for Khaya Toys ,
explaining the suitability of each (10 marks)

SUGGESTED ANSWER

Analytical procedures consist of evaluations of financial information made by a study of

reasonable relationships among both financial and non-financial data.

Inquiry means to seek relevant information from sources, both financial and non-
financial, either from within the organisation or outside of it. Evidence gathered this way
maybe done by writing or orally.

Inspection is the physical review of documents, records or even assets. It may include
examination of records of evidence of controls in the operations of an entity.
Observation involves looking at the process or procedures being as they are being
performed so that the auditor sees for himself what controls are applied to a given process
and whether they are the same as the ones documented e.g. attendance at the entity’s
stock take.
Recalculation means redoing calculations to check the arithmetic accuracy of records.
Analytical Procedures

Review the sales figure for the current year and compare it to the prior years and check
whether income has been understated or overstated possibly cash being taken out by the
owner of Khaya Toys before it is banked. Check control over opening of cash; as cash
could be misappropriated and the records falsified.

Inquiry
Obtain statements from suppliers of goods and services and whether all supplier invoices
have been included in the current year’s liabilities. Invoices could be misplaced and the
suppliers’ ledger could have been understated.

Observation
The inventory of the company can be inspected to see whether they are in a saleable
condition.

Observation
Observe the procedures such as opening of cash and taking of customer orders to see
whether the correct procedures are being applied there as documented in the system.

Recalculation
Checking additions in the cash book to ensure accuracy.

Analytical procedures

187
This method of collecting evidence will be useful in Khaya Toys because it will help
identify unusual changes in income.

The technique has limitations because it will not detect errors made during the year e.g.
cash misappropriated on opening of mail will not be detected by analytical procedures.

Inquiry

Inquiries will be useful to get audit evidence from third parties. Third party evidence is
generally more reliable than internal evidence. Supplier statements can be checked to
check the payables figures of Khaya Toys. Complaint files and queries will be reviewed
to check on why certain orders have not been acted upon.

Inquiries will not be helpful if obtained from Mr. Phiri or his assistants because lack of
segregation of duties already entails that this information may be unreliable.

Inspection of documents within Khaya Toys is necessary and helpful particularly to

check whether the expenses are genuine.

Inspection of documents will be time-consuming but may be the only alternative way of
obtaining evidence given the poor internal controls at Khaya Toys.

Observation of a process is useful at Khaya Toys because it will give an insight as to

what checks and controls are applicable to a particular process e.g. when opening mail.
However, observation may be of little use because the assistants may act differently in
the presence of the auditor.

Recalculation of invoices to check castings, balancing of control accounts etc. The

arithmetical accuracy, therefore, can be confirmed.

Limitations of re-calculations can only be carried out on figures that have actually been
recorded. If sales are not recorded for instance, it means that no recalculations can be
done on those sales.

8.2 AUDIT SAMPLING

8.3 Auditors do not normally examine all the information available to them; it
would be impractical to do so and using audit sampling will produce valid
conclusions. ISA 530 Audit sampling and other selective testing procedures
states that ‘ when designing audit procedures, the auditor should determine
appropriate means for selecting items for testing so as to gather audit evidence
to meet the objectives of audit tests’.

KEY TERMS:

Audit Sampling involves the application of audit procedures to less than

100% the items within an account balance or class of transactions such that all
sampling units have a chance of selection. This will enable the auditor to
188
 obtain and evaluate audit evidence about the characteristics of the items
selected in order to form or assist in forming a conclusion concerning the
population.

Population is the entire set of data from which a sample is selected and about
which an auditor wishes to draw conclusions.

8.4 The ISA points out that some testing procedures do not involve sampling such
as:
 Testing 100% of items in a population
 Testing all items with a certain characteristic as selection is not
representative.

8.5 The ISA requires auditors to select appropriate methods of selecting the items
for testing.

KEY TERMS:

Statistical sampling is any approach to sampling that involves random

selection of a sample, and use probability theory to evaluate sample results,
including measurement of sampling risk

Non-statistical sampling is the approach to sampling where the auditor does

not use statistical methods and draw a judgement opinion about the
population.

KEY TERMS:

Error means either control deviations, when performing tests of control, or

misstatements, when performing substantive procedures

Expected error is the error that the auditor expects to be present in the
population

Sampling units are the individual items constituting a population.

8.6 There are a number of selection methods available for the units in the
Population

 Random selection
 Systematic selection (constant interval between items)
 Haphazard selection
189
  Sequence or block selection
 Monetary unit sampling – This is a method which ensures that every
$1 in a population has an equal chance of being selected for testing.
The advantages of this method are that they are easy when computers
are used and every material item will be automatically be sampled.
Disadvantages include the fact that if computers are not used, it can be
time-consuming to pick the sample.

Example of MUS

Creditor Balance Cumulative Total Selected

A 30,000 30,000
B 35,000 65,000 Yes
C 45,000 110,000 Yes
D 52,000 162,000 Yes
E 13,000 175,000
F 50,000 225,000 Yes
G 23,000 248,000
H 500 248,500
I 42,000 290,000 Yes
J 47,000 337,000 Yes
K 54,000 391,000 Yes
L 17,000 408,000 Yes
M 80,000 488,000 Yes
N 12,000 500,000 Yes

8.7 Material items are shown in bold and have all been picked. The cumulative
total shows you when the next 50,000th $ has been reached.
8.8 Stratification may be appropriate. Stratification is the process of dividing the
population into subpopulation, each of which is a group of sampling units,
which have similar characteristics. Each sampling unit can only belong to one
specifically designed stratum, thus reducing the variability within each
stratum. This enables the auditors to direct their attention towards items which
contain the greatest potential monetary error. You divide items by age or by
amount.

KEY TERMS:
Sampling risk arises from the possibility that the auditor’s conclusions, based on a
sample of a certain size, maybe different from the conclusion that would be reached if
the entire population were subjected to the same audit procedure.
Non-sampling risk arises from factors that cause the auditor to reach an erroneous
conclusion for any reason not related to the size of the sample. For example most
audit evidence is persuasive rather than conclusive, the auditor might use appropriate
procedures, or auditors might misinterpret evidence and fail to recognise an error.

190
 Tolerable error is the maximum error in the population that the auditor would be
willing to accept.

Key stages in the sampling process are as follows:

 Determine objectives and population
 Determining sample size
 Choosing method of sample selection
 Analysing the results and projecting errors onto the population

8.9 The use of statistical sampling results for the purpose of obtaining audit
evidence will depend on the auditor’s assessment of such evidence as to
reliability and the results and availability of the other audit evidence the audit
has obtained.

8.2.0 MATERIALITY

KEY TERMS
Materiality is an expression of the relative significance or importance of a particular
matter in the context of the financial statements as a whole.

Consideration of materiality at the planning stage is very important. The assessment of

materiality at this stage should be based on recent information and will be helpful in
determining the audit approach.

Materiality assessment will help auditors to decide:

 How many and what items to examine
 Whether to use sampling techniques
 What level of error is likely to lead to a qualified audit opinion.
The auditor’s objective is to reduce audit risk to an acceptable level.

MATERIALITY CRITERIA

An item might be material due to its

Nature Some items by their nature affect the

readers of the financial statements e.g.
transactions like directors’ remuneration
or contracts with the company
Value Some items will be significant in the
financial statements by virtue of their size
e.g. motor vehicles which comprise 75% of
the total non-current assets

Impact Some items may by chance have greater

impact on financial statements. E.g. a
191
 difference between a small profit and a
small loss could be material to some readers

Materiality therefore is one of judgement and auditors should be very much aware of
such a fact in approaching their audit work.

General rules on materiality:

 Items relating to directors are generally material
 Percentage guidelines are often given for materiality e.g. % of sales, turnover etc.

Problems with materiality

Materiality is a matter of judgement and therefore prescriptive rules will be of little

help when assessing materiality. The problem with prescriptive rules is that an auditor
can encounter a completely different situation which does not fall within the rules and he
may overlook it leading to material misstatements in the financial statements.

Therefore the percentage guidelines that are used for materiality calculations should be
used with care. In some companies, post- tax profits are used which makes sense because
the level of dividends is an important factor in the accounts

“Materiality is an expression of the relative significance or importance of a

particular matter in the context of these financial statements as a whole. A matter is
material if it would reasonably influence a reader. “

8.4 PROFESSIONAL JUDGEMENT

The auditor will use professional judgement in assessing what level of reliance he should
aim to obtain from the tests that he conducts.
In particular materiality is one area where he will use his professional judgement because
what is material to one company is immaterial to another and the auditor must be able to
relate

In all other cases where estimates are used, the auditor will use his professional
judgement to decide on the reasonableness of those estimates and also the trends from
prior periods.

8.5 FRAUD AND ERROR

Many of the high risk factors listed are issues which could potentially result in a
high risk of fraud and error arising.

Significant control weaknesses

Questionable integrity

Doubtful accounting policies FRAUD?

192
 Lack of finance director

Unexplained transactions

Fraud is an emotive issue. If news of a major fraud on a company hits the

headlines, the question that is often asked is ‘how did this happen?’ Invariably
when questions like that are asked, people raise questions about the audit that has
taken place on that company’s financial statements.

A major problem for the auditor can be that the public does not understand the
auditors role with regard to fraud. This forms part of an ‘expectations gap’ which
exists between what auditors actually do and what people think that they do.

We are going to briefly consider here what the auditors’ role in relation to fraud and
error, and consider when the risk of fraud and error arising is too great for the auditor
to accept the engagement.

IAS 240 fraud and error

ISA 240.20

In planning the audit, the auditors should discuss with other member of the audit
team the susceptibility of the entity to material misstatements in the financial
statement resulting from fraud and error.

The sentence from ISA 240 given above summarises the auditors’ professional
requirements in relation to fraud and error: they must recognize that it may exist
and materially affect the financial statements.

The most important thing to understand with regard to fraud is that the auditor has
no duty (specifically no statutory duty) to prevent or detect fraud.

With regard to the statutory audit, the auditor must be aware that two potential
causes of the financial statements being misstated are fraud or error existing.

KEY TERMS

Fraud comprises both the use of deception to obtain an unjust or illegal financial
advantage, and intentional misrepresentation by management, employees or third
parties.

Error is an unintentional mistake.

1.3.8 EXAMPLES

Fraud may involve:

193
 Falsification or alteration of accounting records or other documents
 Misappropriation of assets or theft
 Suppression or omission of the effects of transactions from records of
documents
 Recording of transactions without substance
 International misapplication of accounting policies, or
 Wilful misrepresentations of transactions or the entity’s state of affairs

What this list of ‘fraudulent behaviour’ might help you to see is that the detection
of fraud committed by management is going to be extremely difficult because it is
designed not to be found. Particularly where the fraud is fraud by omission, the
auditor is unlikely to detect fraud as part of an audit.

The standard does not expect the auditors to detect fraud as a matter of course.
Rather, it requires auditors to be aware, when planning and performing their audit,
that fraud may exist, and more particularly, it highlights a number of factors
which the auditor should be alert to, which could point to fraud being perpetrated.

Planning

ISA 240.22

When planning the audit, the auditor should make inquiries of management:

(d) to obtain an understanding of:

(i) management’s assessment of the risk that the financial statements

may be materially misstated as a result of fraud; and
(ii) the accounting and internal control systems management has put in
place to address such risk;
(e) to obtain knowledge of management’s understanding regarding the
accounting and internal control systems in place to prevent and detect
error;
(c) to determine whether management is aware of any known fraud that has
affected the entity or suspected fraud that the entity is investigating; and
(d) to determine whether management has discovered material
errors.

ISA 240.32

When assessing inherent risk and control risk in accordance with ISA 400, Risk
Assessments and Internal Control, the auditor should consider how the financial
statements might be materially misstated as a result of fraud or error. In
considering the risk of material misstatement resulting from fraud, the auditor
should consider whether fraud risk factors are presented that indicate the
possibility of either fraudulent financial reporting or misappropriation of assets.

194
The factors, which may indicate fraud or error are given in an appendix to the
ISA, which is reproduced here:

Fraud and Risk Relating to Misstatements Resulting from Fraudulent Financial

Reporting
1 Fraud Risk These fraud risk factors pertain to management’s abilities,
Factors pressures, style, and attitude relating to internal control
Relating to and the financial reporting process.
Management’s
Characteristics  There is motivation for management to engage in
and Influence fraudulent financial reporting. Specific indicators
over the might include the following:
Control o A significant portion of management’s
Environment compensation is represented by bonuses, stock
options or other incentives, the value of which
is contingent upon the entity achieving unduly
aggressive targets for operating results,
financial position or cash flow.
o There is excessive interest by management in
maintaining or increasing the entity’s stock
price or earnings trend through the use of
unusually aggressive accounting practices.
o Management commits to analysts, creditors and
other third parties to achieving what appear to
be unduly aggressive or clearly unrealistic
forecasts.
o Management has an interest in pursuing
inappropriate means to minimize reported
earnings for tax-motivated reasons.
 There is a failure by management to display and
communicate an appropriate attitude regarding internal
control and the financial reporting process. Specific
indicators might include the following:
o Management does not effectively communicate
and support the entity’s values or ethics, or
management communicates inappropriate
values or ethics.
o Management is dominated by a single person or
a small group without compensating controls
such as effective oversight by those charged
with governance.
o Management does not monitor significant
controls adequately.
o Management fails to correct known material
weaknesses in internal control on a timely
basis.
o Management sets unduly aggressive financial
195
 targets and expectations for operating
personnel.
o Management continues to employ ineffective
accounting, information technology or internal
auditing staff.

 Non-financial management participates excessively in,

or is preoccupied with, the selection of accounting
principles or the determination of significant estimates.
 There is a high turnover of management, counsel or
board members.
 There is a strained relationship between management
and the current or predecessor auditor. Specific
indicators might include the following:

o Frequent disputes with the current or a

predecessor auditor on accounting, auditing or
reporting matters.
o Unreasonable demands on the auditor,
including unreasonable time constraints
regarding the completion of the audit or the
issuance of the auditor’s report.
o Formal or informal restrictions on the auditor
that inappropriately limit the auditor’s access to
people or information, or limit the auditor’s
ability to communicate effectively with those
charged with governance.
o Domineering management behaviour in dealing
with the auditor, especially involving attempts
to influence the scope of the auditor’s work.

 There is a history of securities law violations, or claims

against the entity or its management alleging fraud or
violations of securities laws.
 The corporate governance structure is weak or
ineffective, which may be evidenced by, for example:

o A lack of members who are independent of

management.
o Little attention being paid to financial reporting
matters and to the accounting and internal
control systems by those charged with
governance.

2 Fraud Risk These fraud risk factors involve the economic and
Factors regulatory environment in which the entity operates.
196
 Relating to  New accounting, statutory or regulatory requirements
Industry that could impair the financial stability or profitability
Conditions of the entity.
 A high degree of competition or market saturation,
accompanied by declining margins.
 With increasing business failures and
significant declines in customer
 Rapid changes in the industry, such as high
vulnerability to rapidly changing technology or rapid
product obsolescence.

3 Fraud Risk These fraud risk factors pertain to the nature and
Factors complexity of the entity and its transactions, the entity’s
Relating to financial condition, and its profitability.
Operating
Characteristics  Inability to generate cash flows from operations while
and Financial reporting earnings and earnings growth.
Stability  Significant pressure to obtain additional capital
necessary to stay competitive, considering the financial
position of the entity (including a need for funds to
finance major research and development or capital
expenditures).
 Assets, liabilities, revenues or expenses based on
significant estimates that involve unusually subjective
judgements or uncertainties, or that are subject to
potential significant change in the near term in a
manner that may have a financially disruptive effect on
the entity (for example, the ultimate collectibility of
receivables, the timing of revenue recognition, the
reliability of financial instruments based on highly-
subjective valuation of collateral or difficult-to-assess
repayment sources, or a significant deferral of costs).
 Significant related party transactions which are not in
the ordinary course of business.
 Significant related party transactions which are not
audited or are audited by another firm.
 Significant, unusual or highly complex transactions
(especially those close to year-end) that pose difficult
questions concerning substance over form.
 Significant bank accounts or subsidiary or branch
operations in tax-haven jurisdictions for which there
appears to be no clear business justification.
 An overly complex organizational structure involving
numerous of unusual legal entities, managerial lines of
authority or contractual arrangements without apparent
business purpose.
 Difficulty in determining the organisation or person (or
persons) controlling the entity.
197
  Unusually rapid growth or profitability especially
compared with that of other companies in the same
industry.
 Especially high vulnerability to changes in interest
rates.
 Unusually high dependence on debt, a marginal ability
to meet debt repayment requirements, or debt
covenants that are difficult to maintain.
 Unrealistically aggressive sales or profitability
incentive programs.
 A threat of imminent bankruptcy, foreclosure or hostile
takeover.
 Adverse consequences on significant pending
transactions (such as a business combinations or
contract award) if poor financial results are reported.
 A poor or deteriorating financial position when
management has personally guaranteed significant
debts of the entity.

Fraud and Risk Factors Relating to Misstatements Resulting from

Misappropriation of Assets
1 Fraud Risk These fraud risk factors pertain to the nature of an entity’s
Factors assets ad the degree to which they are subject to theft.
Relating to
Susceptibili  Large amounts of cash on hand or processed.
ty of Assets  Inventory characteristics, such as small size combined
to with high value and high demand.
Misapprop  Easily convertible assets, such as bearer bonds, diamonds
riation or computer chips.
 Fixed asset characteristics, such as small size combined
with marketability and lack of ownership identification.
2 Fraud Risk These fraud risk factors involve the lack of controls designed
Factors to prevent or detect misappropriation of assets.
Relating to
Controls  Lack of appropriate management oversight (for example,
inadequate supervision or inadequate monitoring of
remote locations).
 Lack of procedures to screen job applicants for positions
where employees have access to assets susceptible to
misappropriation.
 Inadequate record keeping for assets susceptible to
misappropriation.
 Lack of an appropriate segregation of duties or
independent checks.
 Lack of an appropriate system of authorization and
approval of transactions (for example, in purchasing).
198
  Poor physical safeguards over cash, investments,
inventory or fixed assets.
 Lack of timely and appropriate documentation for
transactions (for example, credits for merchandise
returns).
 Lack of mandatory vacations for employees performing
key control functions;

Auditors are therefore ‘put on enquiry’ when such factors exist – in other words,
they have a professional duty to satisfy themselves that any concerns raised have
been answered to their satisfaction.

When fraud or error are indicated

ISA 240.39

Based on the auditor’s assessment on inherent and control risks (including the
results of any tests of controls), that misstatements resulting from fraud and error
that are material to the financial statements taken as a whole will not be detected.
In designing the substantive procedures, the auditor should address the fraud risk
factors that the auditor has identified as being present.

ISA 240.42

When the auditor encounters circumstances that may indicate that there is a
material misstatement in the financial statements resulting from fraud or error, the
auditor should perform procedures to determine whether the financial statements
are materially misstated.

ISA 240.46

When the auditor identifies a misstatement, the auditor should consider whether
such a misstatement may be indicative of fraud and if there is such an indication,
the auditor should consider the implications of the misstatement in relation to
other aspects of the audit, particularly the reliability of management
representations.

ISA 240.48

When the auditor confirms that, or is unable to conclude whether, the financial
statements are materially misstated as a result of fraud or error, the auditor should
consider the implications for the audit.
ISA 240.51
The auditor should obtain written representations from management that:

199
(e) It acknowledges its responsibility for the implementation and operations
of accounting and internal control systems that are designed to prevent and
detect fraud and error;
(f) It believes the effects of those uncorrected financial statement
misstatements aggregated by the auditor during the audit are immaterial,
both individually and in the aggregate, to the financial statements taken as
a whole. A summary of such items should be included in or attached to
the written representation;
(g) It has disclosed to the auditor all significant facts relating to its assessment
of the risk that the financial statements may be materially misstated as a
result of fraud.
(h) It has disclosed to the auditor the results of its assessment of the risk that
the financial statements may be materially misstated as a result of fraud.
Reporting
Lastly the ISA goes on to consider what the auditors should do, or rather, to
whom they should report, in the event of them uncovering a fraud. Remember
that, as you learnt in Chapter 4, the auditors have a professional duty of
confidentiality.

ISA 240.56

When the auditor identifies a misstatement resulting from fraud, or a suspected

fraud, or error the auditor should consider the auditor’s responsibility to
communicate that information to management, those charged with governance
and, in some circumstances, to regulatory and enforcement authorities.

Such a discovery might also have an impact on the audit report

POINT TO NOTE

We shall consider the audit report in chapter 19.

If auditors do detect a management fraud, they may consider it to be so serious

that it is necessary to report it to the relevant authority in the public interest. Such
a decision would not be taken lightly, and should only be taken once legal advice
had been sought. The auditors have a duty of confidentiality, but in exceptional
circumstances, where the matter is one of public interest, they may have to make
such a disclosure.

ISA 240.59/60/62

If the auditor has identified a material misstatement resulting from error, the
auditor should communicate the misstatement to the appropriate level of
management on a timely basis, and consider the need to report it to those charged
with governance in accordance with ISA 260. ‘Communication of audit Matters
with Those Charged with Governance’.

200
The auditor should inform those charged with governance of those uncorrected
misstatements aggregated by the auditor during the audit that were determined by
management to be immaterial, both individually and in the aggregate, to the
financial statements taken as a whole.
The auditors
 Identified fraud, whether or not it results in a material misstatement in the
financial statements; or
 Obtained evidence that indicates that fraud may exist (even if the potential
effect on the financial statements would not be material).
The auditor should communicate these matters to the appropriate level of
management on a timely basis and consider the need to report such mattes to
those charged with governance in accordance with ISA 260, ‘Communication of
Audit Matters with Those Charged with Governance’
ISA 240.69/73
If the auditor concludes that it is not possible to continue performing the audit as a
result of a misstatement resulting from fraud or suspected fraud, the auditor
should:
 Consider the professional and legal responsibilities applicable in the
circumstances, including whether there is a requirement for the auditor to
report the person or persons who made the audit appointment
 Consider the possibility of withdrawing from the engagement and
 If the auditor withdraws:
(i) discuss with the appropriate level of management and those charged with
governance the auditor’s withdrawal from the engagement and the reasons
for the withdrawal, and
(ii) consider whether there is a professional or legal requirement to report to
the persons who made the audit appointment or in some cases, to
regulatory authorities, the auditor’s withdrawal from the engagement and
the reasons for the withdrawal.
As stated in the ‘Code of Ethics for Professional Accountants’ issued by the
international Federation of Accountants (the code), on receipt of an inquiry from a
proposed successor auditor, the existing auditor should advise whether there are
any professional reasons why the proposed successor auditor should not accept
the appointment. If the client denies the existing auditor permission to discuss its
affairs with the proposed successor auditor or limits what the existing auditor may
say, the fact should be disclosed to the proposed successor auditor.

201
 Fraud and audit acceptance
Several issues have been raised here from the point of view of the audit firm:

 Auditors should plan and perform procedures whilst being aware that fraud
may exist
 Fraud, however, may be extremely difficult to discover
 Auditors must satisfy themselves if put on enquiry
 If the auditors detect or suspect fraud, they must consider whether it is in the
public interest to report it, having sought legal advice.
 Fraud is an emotive issue, which may bring bad publicity to the firm, deserved
or not.
Cast your mind back to the high risk factors which were identified earlier on. It
might be that an audit firm would choose not to accept a client which was
identified as high risk at the outset, because the chances of conducting a cost
effective audit which fulfils professional requirements might be too low, even if
the indicators were false, and there was no fraud being perpetrated at the
company.

KEY TERMS:
Fraud is an intentional act by one or more individuals among management, those charged
with governance (management fraud), employees (employee fraud) or third parties
involving the use of deception to obtain an unjust or illegal advantage. Fraud may be
perpetrated by an individual, or colluded in, with people internal or external to the
business.

Fraud has a wide legal concept but the auditor is concerned with fraud which is likely to
lead to material misstatements in the financial statements. It is distinct from error, which
is a material misstatement caused by mistake, for example in the application of
computerised accounting system.
There are two types of fraud:
Fraudulent financial reporting (including falsification or alteration of accounting
records and intentional misapplication of accounting policies)
Misappropriation of assets (including embezzling receipts, stealing physical assets,
causing the company to pay for goods not received etc)
Auditors responsibility with regard to fraud and error.
Management and those charged with governance are responsible for preventing fraud and
detecting fraud. It is up to them to put up strong internal controls and particular emphasis
on detection and prevention of fraud. Auditors are responsible for carrying out an audit in

202
accordance with international auditing standard one of which is ISA 240 The auditor’s
responsibility to consider fraud in an audit of financial statements.

‘In planning and performing the audit to reduce audit risk to an acceptably low level, the
audit should consider the risk of material misstatements due to fraud’
The Letter of Engagement (LOE) will even specify beforehand the respective
responsibilities in relation to fraud and errors:

‘The responsibility for the prevention and detection of irregularities and fraud rests with
yourselves. However, we shall endeavour to plan our audit so that we have a reasonable
expectations of detecting material misstatements in the financial statements or accounting
records resulting from irregularities of fraud, but our examination should not be relied
upon to disclose irregularities and frauds which may exist.’

The auditor are required to make enquiries from management whether there have been
any specific frauds. The auditors are also required to obtain an understanding from
internal audit or others of whether any suspected or actual frauds have taken place. The
auditor will also seek an understanding of whether any fraud risk factors are present.

In other words, the auditor:

 Identifies the risks of fraud

 Relates this to what could go wrong at a financial statement level
 Consider the likely magnitude of the potential misstatements
 Come up with responses to the assessed risks
 If necessary, modify his audit approach

203
CHAPTER 9.0: COMPUTER AIDED AUDIT
TECHNIQUES
AUDITING IN A COMPUTER ENVIRONMENT

RISK ASSESSMENTS AND INTERNAL CONTROLS IN A CIS

ENVIRONMENT

COMPUTER CONTROLS

5.4.1 ISA 401 Auditing in a computer information system deals with risk assessment in
a computer environment. It contains the following provisions.

ISA 401.4

The auditors should have sufficient knowledge of the CIS to plan, direct,
supervise and review the work performed. The auditor should consider whether
specialized CIS skills are needed in an audit.

ISA 401.5

In accordance with ISA 400 Risk Assessments and Internal Control the auditor
should obtain an understanding of the accounting and internal control systems
sufficient to plan the audit and develop an effective audit approach.

ISA 401.6

In planning the portions of the audit which may be affected by the client’s CIS
environment, the auditor should obtain an understanding of the significance and
complexity of the CIS activities and the availability of data for use in the audit.

ISA 401.7

When the CIS are significant, the auditor should also obtain an understanding of
the CIS environment and whether it may influence the assessment of inherent
and control risks.

5.4.2 The ISA points out that the risks and characteristics in CIS environment may
include:

 Lack of transaction trails.

204
  Uniform processing of transactions.
 Lack of segregation of functions.
 Potential for errors and irregularities.
 Initiation or execution of transactions
 Dependence of other controls over computer processing.
 Potential for increased management supervision.

Organisational structure

Characteristics of a CIS organization structure include the following:

Concentration of functions and knowledge

Most systems using CIS methods include manual operations, but the number of personnel
involved in processing financial information is greatly reduced. Some of the data
processing personnel may be the only with a detailed knowledge of the use of the output.
Data processing staff may be aware of internal control weaknesses. They may take
advantage of this by altering programs or data during storage or processing, having the
opportunity to do so.
In addition, many conventional controls, based on adequate segregation of incompatible
functions, may not exist, or may be less effective in the absence of access and other
controls.
Internal controls in a CIS environment

Transactions and master file data are often concentrate, usually in machine-readable
form, either in one central computer or on several installations distributed throughout the
entity. Computer programs which provide the ability to obtain access to and alter such
data are likely to be stored at the same location as the data. Without appropriate controls,
there is an increased potential for unauthorized access to, and alteration of, programs and
data.

The internal controls in a CIS environment includes both manual procedures and
procedures designed into computer programs. Such manual and computer control
procedures comprise two types of control.

KEY TERMS
General CIS controls aim to establish a framework control over the computer
information system’s activities to provide a reasonable level of assurance that the
overall objectives of internal controls are achieved.
CIS application controls are the specific controls over the relevant accounting
applications maintained by the computer./ The purpose of application controls is
to establish specific control procedures over the accounting applications in order
to provide reasonable assurance that all transactions are authorised and recorded,
and are processed completely, accurately and on a timely basis.

205
General CIS controls

These may include the following:

GENERAL CONTROLS

Development of computer Standards over systems design, programming

applications and documentation.
Full testing procedures using test data.
Approval by computer users and management.
Segregation of duties so that those responsible
for design are not responsible for testing.
Installation procedures so that data is not
corrupted in transition.
Training of staff in new procedures and
availability of adequate documentation.

Prevention or detection or Segregation of duties

unauthorised changes to programs Full records of program changes
Password protection of programs so that access
is limited to computer operations staff.
Restricted access to central computer by locked
doors, keypads.
Maintenance of programs logs
Virus checks on software: use of anti-virus
software and policy prohibiting use of non-
authorised programs or files.
Back-up copies of programs being taken and
stored in other locations.
Controls copies of programs being preserved and
regularly compared with actual programs.
Stricter controls over certain programs (utility
programs) by use of read only memory.

Testing and documentation of Complete testing procedures

program changes Documentation standards
Approval of changes by computer users and
management.
Training of staff using programs

Controls to prevent wrong programs Operation controls over programs

or files being used Libraries of programs
Proper job scheduling
206
Controls to prevent unauthorized See section below on real-time systems
amendments to data files.

Controls to ensure continuity of Storing extra copies of programs and data files
operation of site.
Protection of equipment against fire and other
hazards.
Back-up power sources
Emergency procedures
Disaster recovery procedures e.g availability of
back-up computer facilities.
Maintenance agreements and insurance.

Review of general CIS controls

The auditors will wish to test some or all of the above general CIS controls, having
considered how they affect the CIS applications significant to the audit.

General CIS controls that relate to some or all applications are usually interdependent
controls, i.e their operation is often essential to the effectiveness of CIS application
controls. As application controls may be useless when general controls are ineffective, it
will be more efficient to review the design of general controls first, before reviewing the
application controls.

CIS application controls

The purpose of CIS application controls is to establish specific controls procedures over
the accounting applications in order to provide reasonable assurance that all transactions
are authorised and recorded, and are processed completely, accurately and on a timely
basis CIS application controls include the following:

Application controls

Controls over input: Manual or programmed agreement of

Completeness control totals
Document counts.
One for one checking of processed output
to source documents.
Programmed matching of input to an
expected input control file.
Procedures over resubmission of rejected
controls.

207
Controls over input: Programmes to check data fields (for
accuracy example value, reference number, date) on
input transactions for plausibility:
Digit verification (eg reference numbers
are as expected)
Reasonableness test (e.g. VAT to total
value)
Existence checks (e.g. customer name)
Character checks (no unexpected
characters used in reference)
Necessary information (no transaction
processed over a certain value)
Manual scrutiny of output and
reconciliation to source.
Agreement of control totals
(manual/programmed)

Controls over input: Manual checks to ensure information input

authorisation was
- Authorised.
- Input by authorised personnel

Controls over Similar controls to input must be

processing completed when input is completed, for
example, batch reconciliations.

Screen warnings can prevent people

logging out before processing is complete.

Controls over master Cyclical reviews of all master files and

Files and standing standing data
data Record counts (number of documents
processed) and has totals (for example, the
total of all the payroll numbers) used when
master files are used to ensure no deletions.

Controls over the deletion of accounts that

have no current balance.

Review of CIS application controls

Control over input, processing, data files and output may be carried out by:

 CIS personnel.
 Users of the system.
 A separate control.

208
May be programmed into application software.

The auditors may wish to test the following CIS application controls.

Manual controls exercised by the user

If manual controls exercised by the user of the application system are capable of
providing reasonable assurance that the system’s output is complete, accurate and
authorised, the auditors may decide to limit tests of controls to these manual controls.
Controls over system output

If, in addition to manual controls exercised by the user, the controls to be tested use
information produced by the computer or are contained within computer programs, such
controls may be tested by examining the system’s output using either manual procedures
or CAATs. Such output may be in the form of magnetic media, microfilm or printouts.

Alternatively, the auditor may test the control be performing it with the use of CAATs.

Programmed control procedures

In the case of certain computer systems, the auditor may find that it is not possible or, in
some cases, not practical to test controls by examining only user controls or the system’s
output. The auditor may consider performing tests of control by using CAATs, such as
test data or, in unusual situations, examining the coding on the application program.
Evaluation
As we have already noted, general CIS controls may have a pervasive effect on the
processing of transactions in the application system. If these general controls are not
effective, there may be a risk that misstatements occur and go undetected in the
application systems. Although weaknesses in general CIS controls may preclude testing
certain CIS application controls, it is possible that manual procedures exercised by users
may provide effective control at the application level.
STAND-ALONE MICROCOMPUTERS
IAPS 1001 CIS environments – stand-alone microcomputers is the first of a series of
statements designed to help auditors implement ISA 400 Risk assessment and internal
control and ISA 401 Auditing in a computer information systems environment.
Among other things, it discusses the types of control in stand-along computers.
Internal control in microcomputer environments
A centrally-controlled CIS environment tends to be much more structured than a micro
CIS environment. In a micro environment, application programs can be developed quite
quickly by users with only basic processing skills.

209
In a large computer environment, controls over systems development (e.g adequate
documentation) and operations (e.g. access control procedures) are essential for effective
control. In a micro environment, however, such controls may be viewed by the
developer, the user or management as either not important or not effective.
As micros oriented to individual end-users, the accuracy and dependability of financial
information produced will depend upon the internal controls required by management
and adopted by the user. If say a single micro is used by more than one person, without
proper controls, programs and data stored on hard disk by one user may be vulnerable to
unauthorized access by other users.

In a micro environment it may be difficult to distinguish between general CIS controls

and CIS application controls. The statement below therefore, lists some security and
control procedures that can help to improve the overall level of internal control. In
particular management should lay down policies for the use of micros.

Management policy statement on use of micros

Management responsibilities.
Instructions on microcomputer use.
Training requirements.
Authorisation for access to programs and data
Security, back-up and storage requirement.
Application development and documentation standards.
Standard of report format and report distribution controls.
Personal usage policies.
Data integrity standards.
Responsibility for programs, data error correction.
Appropriate segregation of duties.

Physical security: equipment

Micros are obviously easy to steal, damage physically, gain access to and misuse due to
their size, so financial information could easily be lost. One physical security control is
to restrict access of micros while during non-business hours, by keeping the office
locked.

Physical security: removable and non-removable media

The standard is referring here to floppy (removable) and hard (non-removable) disks used
in micros. Users (particularly where there are several), may be rather casual over storage
of disks and consequently critical disks may be lost, altered with authorization, or
destroyed.

Control over removable storage media can be established by placing responsibility for
such media under software custodians or librarians.

210
Depending on the nature of the program and data files, current copies of hard disks can
be kept in fireproof container, either on-site, off-site or both. This applies equally to
operating system and utility software and backup copies of hard disks.

Program and data security

When microcomputers are accessible to many users, there is a risk that programs and data
may be altered without authorization. There are several internal control techniques which
can be built into the application programs to help ensure that data is processed and read
as authorise and that accidental destruction of data is prevented.

(a) Segregate data into files organized under separate file directories.
(b) Use hidden files and secret file names.
(c) Employ passwords (particularly when sending information down external
telephone lines).
(d) Back-up information on floppy and then delete it from the hard disk (for
confidential or sensitive information).

Software and data integrity

The primary purpose of micros is to allow end-users to develop applications programs, to

enter and process data and to generate reports. How accurate and dependable the
resulting financial information is will depend on controls required by management and
those included in the application programs. Software and data integrity controls will
ensure that processed information is free from error and also that software is protected
from unauthorized Manipulation (i.e. authorised data is processed in the prescribed
manner).

Internal control procedures such as format and range checks and cross checks of results
can strengthen data integrity. Purchased software may contain error checking and error
trappings facilities.

Software and data integrity controls will be further strengthened by adequate written
documentation, including:

 Step-by-step instructions.
 A summary of reports prepared.
 Source of data processed
 A description of individual reports, files and other specifications, eg.
Calculations.

Where the same accounting application is used at various locations, such programs
should be developed and maintained at one place, rather than by each user, and dispersed
throughout the entity. This will improve application software integrity and consistency.

211
Internet controls. Unauthorised users may be able to access business’ internal systems
to obtain confidential information, or launch a virus that disrupts internal systems.
Controls include firewalls which disable part to the communication technology that
normally allows two-way communication, so that external contacts are denied access to
part of the system. Other possibilities are encryption of data, and call-back to external
customers who wish to access the system.

Hardware, software and data back-up

Back-up here means the entity’s access to comparable hardware, software and data in the
event of their failure, loss or destruction. Procedures should be implemented for back-up
by users on a regular basis (purchased software usually comes with a back-up copy).

OTHER COMPUTER CONSIDERATIONS

IAPS 1002 CIS environments – on-line computer systems provides guidance to the
auditors on the implementation of ISAs 400 and 401.

On-line computer systems are computer systems that enable users to access data and
programs directly through terminal devices. They may be based on mainframe
computers, minicomputers or microcomputers structured in a network environment. On-
line systems allow users to initiate various functions directly, including the following:

 Enter transactions, e.g. sales transactions in a retail store, cash withdrawals

in the bank.
 Make enquiries, e.g. current customer account or balance information.
 Request reports, e.g. a list of inventory items with negative on hand
quantities.
 Update master files, e.g. set up new customer accounts.
 Electronic commerce activities (ordering and paying for goods by Internet)

Characteristics of on-line computer systems

The significant characteristics apply to many of the types of on-line systems.

On-line data entry and valuation

Data entered on-line is usually subject to immediate validation. Data which fails
validation is rejected; often users are offered on-screen facilities for altering the data and
re-entering it.

On-line access

Unlimited access from all functions (enter transactions, read change, delete program/data
files etc) is undesirable, because the user may be able to make unauthorized changes.
Extent of access depends on application and access controls software designs.

212
Lack of transaction trail

Systems which do not provide supporting documents may give details of transactions on
request or through the use of transaction logs.

Programmer access

Again, unrestricted access is not desirable because of the potential for unauthorized
changes to programs. The extent of access depends on the requirements of the system; in
many systems programmers would only have access to programs maintained in a separate
program development and maintenance library.

Internal control in an on-line computer system

General CIS controls

These should include:

(a) Access controls. These are procedures designed to restrict access to

programs and data. These include the use of passwords and specialized
access control software (eg on-line monitors that maintain control over
menus, authorization tables, passwords, files and programs that users are
permitted to access).

(b) Controls over passwords. These are procedures for the assignment and
maintenance of passwords. These should restrict access to authorized
users.

(c) Systems development and maintenance controls.

(d) Programming controls. These are procedures designed to prevent or

detect improper changes to computer programs which are accessed
through on-line terminal devices. Access may be restricted by controls
such as the use of separate operational and program development libraries.
It is important for on-line changed to programs to be adequately
documented.

(e) Transaction logs. These are reports which are designed to create an audit
trail for each on-line transaction.

(f) Firewalls. These are a combination of hardware and software that

protects the server from unauthorized access through the Internet.

CIS application controls

213
4.3 These should include:

(a) Pre-processing authorization. This is permission to initiate a transaction,

such as the use of a bank card together with a personal identification number
before making a cash withdrawal through an automated teller machine.

(b) Terminal device edit reasonableness and other validation tests. These are
programmed routines that check the input data and processing results for
completeness, accuracy and reasonableness.

(c) Cut-off procedures. These ensure that transactions are processed in the
proper accounting period. These are particularly necessary in systems which
have continuous flow transactions.

(d) File controls. These are procedures which ensure that the correct data fields
are used for on-line processing.

(e) Master file controls. Since master file data may have a pervasive effect on
processing results, more stringent enforcement of these control procedures
may be necessary.

(f) Balancing. This is the process of establishing control totals over data being
submitted for processing through the on-line terminal devices and comparing
the control totals during and after processing to ensure that compete and
accurate data are transferred to each processing phase.

Electronic Data Interchange systems

Electronic Data Interchange (EDI) systems allow business to transmit standard business
documents such as sales invoices or purchase orders electronically.

EDI systems pose a number of problems for auditors.

(b) Originating documents may be eliminated, and there may be a lack of

evidence of the operation of controls.

(c) The consequences of problems may be enhanced. Greater integration

between the various aspects of an entity’s accounting system is likely, and
problems with one business may have a serious impact upon its suppliers or
competitors. Computer failures may rapidly lead to material losses.

(d) The risk of unauthorized access to data may be increased. Not only will a
business have to have its own controls but it will have to rely as well on the
controls operated by its business partners.

Controls over transmission including acknowledgements, agreements by both parties of

amounts transmitted, authentication codes and encryption are particularly important.
Transactions should be monitored continuously by checking the sequence of transaction
214
numbers and integrated test facilities within the computer. Limitation controls, such
as only allowing transactions with certain businesses could be built into the
organization’s computer system. There should also be virus protection and appropriate
insurance, and contingency plans and back-up arrangements.

Auditors are likely to have to place significant reliance on controls and may be able to
test compliance with agreed best practice. Auditors may be able to obtain assurance on
the working of controls of business partners by obtaining a certificate from their auditors.

Database systems

IAPS 1003 CIS environments – data systems is designed to supplement ISAs 400 and
401.

Database systems consist of two components.

 The database.
 The database management system (DBMS)

Internal control in a database environment

There must be effective control over the database, the DBMS and the application. The
effectiveness of the controls depends on the nature of the database administration tasks
(see above) and how they are performed.

The characteristics of database systems mean that general CIS controls have a greater
influence than CIS application controls. General CIS controls have a pervasive effect
on application processing in database systems and they can be classified into the four
groups discussed below.

(a) Standard approach for development and maintenance of application

programs.

(b) Data ownership. The database administrator must clearly assign

responsibility for the accuracy and integrity of each item of data. A single
data owner should be responsible for defining access rules (who can use
the data) and security rules (what functions they can perform).

(c) Restriction of access to the database through the use of passwords etc.

(d) Segregation of duties. Responsibilities for performing the various

activities required to design, implement and operate a database should be
divided among technical, design, administrative and user personnel.
These include system design, database design, administration and
operation.

LIMITATIONS OF ACCOUNTING AND CONTROL SYSTEMS

215
Management of an entity will set up internal controls in the accounting system to assess
the following:
 Transactions are executed in accordance with proper authorization.
 All transactions and other events are promptly recorded at the correct
amount, in the appropriate accounts and in the proper accounting period.
 Access to assets is permitted only in accordance with proper authorisation.
 Recorded assets are compared with the existing assets at reasonable
intervals and appropriate action is taken with regard to any differences.

However, any internal control system can only provide the directors with reasonable
assurance that their objective are reached, because of inherent limitations. These
include:

 The costs of control not outweighing their benefits.

 The potential for human error.
 Collusion between employees
 The possibility of controls being by-passed or overridden by management.
 Controls being designed to cope with routine and not non-routine
transactions.

These factors show why auditors cannot obtain all their evidence from tests of the
systems of internal control.

The key factors in the limitations of controls system are:

 Human error.
 Potential for fraud.

We have seen above that computer systems can detect and guard against logical errors.
However, other simple errors such as incorrect amounts cannot be detected.

The safeguard of segregation of duties can help deter fraud. However, if employees
decide to perpetrate frauds in harness, or management commit fraud by overriding
systems, the accounting system will not to be able to prevent such frauds.

This is one of the reasons that auditors need to be alert to the possibility of fraud and
error, the subject of ISA 240, which was discussed I Chapter 5.

USE OF COMPUTER ASSISTED TECHNIQUES (CAATs)

Exam focus point

Use of computers on audits is now practice. The examiner expects you to

consider the computer aspects of auditing as a matter of course. Therefore, in
answering questions on obtaining evidence, remember to include reference to
CAATs if they seem relevant.

216
1. The overall objective and scope of an audit do not change when an audit is
conducted in a CIS environment. However, the application of auditing
procedures may require auditors to consider techniques that use the computer as
an audit tool. These uses of the computer for audit work are known as Computer-
assisted audit techniques (CAATs).

3. ISA 401 mentions some of the CAATs.

(a) The absence of input documents or the lack of a visible audit trail may
require the use of CAATs in the application of compliance and substantive
procedures.

(b) The effectiveness and efficiency of auditing procedures may be improved

through the use of CAATs.

4. IAPS 1009 Computer Audit Techniques provides guidance in the use of

CAATs. It applies to all uses of CAATs involving a computer of any type or
size, but special considerations relating to small business computer
environments are discussed at the end of the statements.

Description of CAATs

Although the guidance in this statement applies to all types of CAATs, it discusses two of
the more common types in detail.

 Audit software
 Test data

Audit software

5. Audit software consists of computer programs used by the auditors, as part of

their auditing procedures, to process data of audit significance from the
entity’s accounting system. Regardless of the source of the programs, the
auditor should substantiate their validity for audit purpose prior to use. Audit
software of the following:

(a) Package programs are generalized computer programs designed to

perform data processing functions which include reading computer files,
selecting information, performing calculations, creating data files and
printing reports in a format specified by the auditors.

(b) Purpose-written programs are computer programs designed to perform

audit tasks in specific circumstances. These programs may be prepared by
the auditors, by the entity or by an outside programmer engaged by the
auditors. In some cases, existing entity programs rams may be used by the

217
 auditors in their original or in a modified state because it may be more
efficient than developing independent programs.

(c) Utility programs are used by the entity to perform common data
processing functions, such as sorting, creating and printing files. These
programs are generally not designed for audit purposes and, therefore,
may not contain such features as automatic record counts or control totals.

6. Examples of uses of audit software are:

 Interrogation software, which accesses the client’s data files.

 Comparison programs which compare versions of a program
 Interactive software for interrogation of on-line systems
 Resident code software to review transactions as they are entered

Test data

7. test data techniques are used in conducting audit procedures by entering

data(e.g. a sample of transactions) into an entity’s computer system, and
comparing the results obtained with predetermined results. Examples include:

(a) Test data used to test specific controls in computer programs. Examples
include on-line password and data access controls.

(b) Test transactions selected from previously processed transactions or

created by the auditors to test specific processing characteristics of an
entity’s computer system. Such transactions are generally processed
separately from the entity’s normal processing. Test data can for example
be used to check the controls to prevent the processing of invalid data by
entering with say a non-existent customer code or worth an unreasonable
amount, or a transaction which may if processed break customer credit
limits.

(c) Test transactions used in an integrated test facility. This is where a

‘dummy’ unit (e.g. a department or employee) is established, and to which
transactions are posted during the normal processing cycle.

8. A significant problem with test data is that any resulting corruption of data
files has to be corrected. This is difficult with modem real-time systems,
which often have built-in (and highly desirable) controls to ensure that data
entered cannot be easily removed without leaving a mark.

9. Other problems with test data are that it only tests the operation of the system
at a single point of time, and auditors are only testing controls in the
programs being run and controls which they know about. The problems
involved mean that test is being used less as a CAAT.

218
Uses of CAATs

CAATs may be used in performing various auditing procedures, including the following:

 Tests of details of Transactions and balances, for example the use of audit
software to test all (or a sample) of the transactions in a computer file.
 Analytical review procedures, for example the use of audit software to
identify unusual fluctuations or items.
 Test of general CIS controls, for example the use of test data to test access
procedures to the program libraries.
 Tests of CIS application controls, for example the use of test data to test the
functioning of a programmed procedure.

Considerations in the use of CAATs

During audit planning, auditors should decide on an appropriate combination of manual

audit techniques and CAATs. In determining whether to use CAATs, the factors listed
below should be considered.

 Computer knowledge, expertise and experience required.

 Availability of CAATs and suitable computer facilities.
 Impracticability of manual tests if no visible evidence is available.

____________________________________________________________

Question: Invisible evidence

Try to think of examples of where visible evidence may be lacking in the

accounting process.

Answer

These examples come from the statement itself.

(a) Input documents may be non-existent where sales orders are entered on-
line. In addition, accounting transactions, such as discounts and interest
calculations, any be generated by computer programs with no visible
authorization of individual transactions.

(b) The system may not produce a visible audit trail of transactions processed
through the computer. Delivery notes and suppliers’ invoices may be
matched by a computer program. In addition, programmed control

219
 procedures, such as checking customer credit limits, may provide visible
evidence only on an exception basis. In many cases, there may be no
visible evidence that all transactions have been processed.

(c) Output reports may not be produced by the system. In addition, a printed
report may only contain summary totals while supporting details are kept
in computer files.

____________________________________________________________

 Effectiveness and efficiency of using CAATs.

 Timing and availability of computer files.

If the auditors are happy with the software being used (it is a standard package and
has not been changed), CAATs are unlikely to be necessary. CAATs are more likely
to be used in the first year of a new system, when auditors are concerned with how
the system has developed.

The major steps to be undertaken by the auditors in the application of a CAAT are as
follows:

 Set the objective of the CAAT application.

 Determine the content and accessibility of the entity’s files.
 Define the transactions types to be tested.
 Define the procedures to be performed on the data.
 Define the output requirements.
 Identify the audit and computer personnel who may participate in the design
and application of the CAAT.
 Refine the estimates of costs and benefits.
 Ensure that the use of the CAAT is properly controlled and documented.
 Arrange the administrative activities, including the necessary skills and
computer facilities.
 Execute the use of the CAAT application.
 Evaluate the results.

Controlling the CAAT application

The use of a CAAT should be controlled by the auditors to provide reasonable

assurance that the audit objectives and the detailed specifications of the CAAT have
been met, and that the CAAT is not improperly manipulated by the entity’s staff. The
auditors should consider the need to perform the following:

(d) Approve the technical specification, and carry out a technical review of
the work involving the use of the CAAT.

(e) Review the entity’s general CIS controls which may contribute to the
integrity of the CAAT, e.g. controls over program changes and access to

220
 computer files (when such controls cannot be relied upon to ensure the
integrity of the CAAT, the auditors may consider processing the CAAT
application at another suitable computer facility).

(f) Ensure appropriate integration of the output by the auditors into the
audit process

Using CAATs in small business computer environment

The general principles in the statement are applicable in small business computer
environments. However, the following points should be given special consideration:

(g) The level of general CIS controls may be such that the auditors will place
less reliance on the system of internal control. This will result in:

(i) Greater emphasis on tests of details of transactions and balances

and analytical review procedures, which may increase the
effectiveness of certain CAATs, particularly audit software.

(ii) The application of audit procedures to ensure the proper

functioning of the CAAT and validity of the entity’s data

(h) In cases where smaller volumes of data are processed, manual methods
may be more cost effective.

(i) Adequate technical assistance may not be available to the auditors from
the entity, thus making the use of CAATs impracticable.

(j) Certain audit programs may not operate on small computers, thus
restricting the auditors’ choice of the CAATs. However, the entity’s data
files may be copied and processed on another suitable computer.

(k) Detailed knowledge of computer operations programs and files may be

confined to a few people or even a single person. This may increase the
opportunity to commit an undiscovered fraud by changing programs or
data.
____________________________________________________________

Questions: CAATS

When auditing a computer based accounting system, it is possible for most of the
audit to be completed using conventional audit techniques. In some computer
based systems, however, it is necessary for the auditors to employ computer
assisted audit techniques (CAATs).

Required:

221
(a) Outline the major types of CAATs and describe the potential benefits that
might be derived from using them.

(b) Explain what is meant by a ‘test pack’.

(c) Briefly explain the use that the auditors could make of such a test pack
when examining a sales ledger system maintained on a computer system.
(d) Briefly outline the main practical problems encountered when using a test
pack.

Answer

(a) Audit techniques that involve directly or indirectly, the use of a client’s
computer are referred to as Computer Assisted Audit Techniques
(CAATs), of which the following are two principal categories.

(i) Audit software: computer program used for audit purposes to

examine the contents of the client’s computer files.
(ii) Test data: data used by the auditors for computer processing to test
the operation of the enterprise’s computer programs.

The benefits of using CAATs are as follows:

(i) By using computer audit programs, the auditors can scrutinize

large volumes of data and concentrate skilled manual resources on
the results, rather than on the extraction of information.

(ii) Once the programs have been written and tested, the costs of
operation are relatively low, indeed the auditors do not necessarily
have to be present during its use (thought there are frequently
practical advantages in the auditors attending).

(b) A ‘test pack’ consists of input data submitted by the auditors for
processing by the enterprise’s computer based accounting system. It may
be processed during a normal production run (‘live’) or during a special
run at a point in time outside the normal cycle (‘dead’).

The primary use of the test pack is in testing of application controls. The
data used in the test pack will often contain items which should appear in
exception reports produced by the system. The results of the processed
test pack will be compared with the expected results.

(c) The auditors could use a test pack to test the sales ledger system by
including data in the pack which would normally be processed through the
system, such as:

(i) Sales
(ii) Credits allowed.
(iii) Cash receipts.
222
 (iv) Discounts allowed.

The processing of the input world involve:

(i) Production
(ii) Production of credit notes
(iii) Posting of cash received, invoices and credit notes to
individuals
(iv) Posting all transactions to the sales ledger control and
producing balances.

The result produced would be compare with those predicted in the test
pack. Errors should appear on exception reports produced by the
computer, for example, a customer credit limit being breached.

(e) The practical problems involved in using a test pack are as follows:

(i) In using ‘live’ processing there will be problems removing or

reversing the test data, which might corrupt master file
information.
(ii) In using ‘dead’ processing the auditors do not test the system
actually used by the client.

(iii) the system will be checked by the test pack, but not the year end
balances, which will still require sufficient audit work. Costs may
therefore be high.

(iv) Any auditors who wish to design a test pack must have sufficient
audit work. Costs may therefore be high.

Any changes in the client’s system will mean that the test pack will
(v)
have to be rewritten which will be costly and time-consuming.
____________________________________________________________

Audit trails

KEY TERM

An audit trail auditors to investigate errors that they have been discovered in
more detail. Ideally the audit trail should make it possible to trace all the
reports and other information terms that have been effected by the error, and to
trace the cause of the error.

The original purpose of an audit trail was to preserve details of all stages of processing on
paper. This meant that transactions could be followed stage-by-stage through a system to
ensure that they had been processed correctly.
223
Around the computer

 Traditionally, therefore, it was widely considered that auditors could fulfill their
function without having any detailed knowledge of what was going on inside the
computer.

 The auditors would commonly audit ‘round the computer’ ignoring the
procedures which take place within the computer programs and concentrating on
the input and corresponding output. Audit procedures would include checking
authorization, coding and control totals of input and checking the output with
source documents and clerical control totals. They would also carry out
significant testing on general controls.

 However, the traditional approach does not reflect the modern reality of
computerized accounting. As the complexity of computer systems has increased
there has been a corresponding loss of audit trail. Typical audit problems that
arise as audit trails move further away from the hard copy hard trail include
testing:

 Computer generated totals when no detailed analysis is available.

 The completeness of output in the absence of control total.
 The completeness of output in the absence of input details.

 It is recognized that one of the principal problems facing the auditors is that of
acquiring an understanding of the workings of electronic data processing and of
the computer itself.
Through the computer
 Auditors now customarily audit ‘through the computer’. This involves an
examination of the detailed processing routines and program controls of the
computer to determine whether the controls in the system are sufficient to ensure
complete and correct processing of all data and also to test the strength of
other controls performed electronically, for example authorization. In these
situations auditors will often employ computer assisted audit techniques. CAATs
will be a more efficient way of testing many routine operations, for example
pricing considerations.
 Modern computer methods have now cut out much of the laborious, time-
consuming work. There should still be some means of identifying individual
record and the input and output documents associated with the processing of
any individual transactions.
 An audit trail should be provided so that every transaction on a file contains a
unique reference back to the original source of the input (e.g. a sales system
224
 transaction record should hold a reference to the customer order, delivery note
and invoice).
 When file records are updated from several sources the provision of a
satisfactory audit trail is difficult but some attempt should nevertheless be made to
provide one. Typical contents, perhaps gathered from several sources, include the
following items:
 A transaction number and type.
 Full transaction details such as net and gross amount, customer ID and so on.
 The identity of the person who entered the transaction and/or the PC or
terminal used to enter it.
 The date and perhaps the time of the entry.
 Reference to related transactions such as journal entries, reversals, notes and
the like.
All audit and review must be documented: the working papers are the evidence of the
work done in support of the audit opinion. ISA 230 Documentation covers this area.

ISA 230.2
Auditors should document matters which are important in providing evidence
that the audit was carried out in accordance with International Standards on
Auditing.

225
CHAPTER 10. PUBLIC SECTOR AUDITING AND
CONTROL
INTRODUCTION TO PUBLIC SECTOR AUDIT

The public sector in most countries is a great variety of organisations. They all must have
their accounts audited by an independent external auditor, in order to provide external
accountability to the community at large.

In the public sector, there is a tendency for an external audit to cover a much wider scope
than in the private sector. The scope of public sector audit includes not only auditing of
financial records and auditing to check compliance with rules and regulations but also
auditing the achievement of economy, effectiveness and efficiency.

The audit is an important part of public accountability and it provides an independent

check on how public funds have been raised and spent. More specifically audit is needed
to ensure:

 Public funds have been spent on proper, authorised purposes and legally within
statutory powers.
 Organisations install and operate controls to limit the possibility of corrupt
practices, fraud and poor administration
 Arrangements are in place to secure economy, efficiency and effectiveness in the
use of resources

THE REGULATORY FRAMEWORK

The public sector is often subject to a high degree of regulation. For most public sector
audits, the scope and objectives of the audit are affected by the interests and requirements
of certain third party organisations such as audit supervisory bodies and government
sponsoring departments which have specific regulatory responsibilities.

The manner in which the auditors conduct their work is affected by auditing standards
and other regulatory influences including:

 Specific statutory requirements

 Requirements of an audit supervisory body or sponsoring department
 Contractual requirements contained in the terms of the engagement

The nature of the regulation affecting public sector bodies ranges from statutory to
detailed administrative requirements.

226
The auditors of a public body are expected to take reasonable steps to consider
compliance by the audited body with regulations relevant to its activities and operations,
and to ensure that the expenditure made is not ultra vires.

APPOINTMENT OF THE AUDITOR-GENERAL

The Auditor General is appointed by His Excellency, the President Republic of Zambia.
He is constitution’s appointee.

TERM OF OFFICE

He can hold the office for a five-year term, thereafter the appointment is subject to
renewal by the appointing authority (His Excellency, The President).

FUNCTION AND POWERS

The functions of the Auditor-General are laid down in Article 128 of the Constitution of
the Republic of Zambia:

1. Under the said Article, He is to satisfy himself that all the public funds are used as
laid down in the Constitutional and Finance Management Act (Cap 600).

2. He is empowered to audit the accounts and records of the Government Ministries,

Parastatals and other statutory bodies as need arises.

3. He is required to produce Annual Reports of the audited Organisations within

twelve (12) months for the presentation to His Excellency of the President of the
Republic of Zambia, for tabling in the National Assembly.

4. For the Auditor-General to carry out his Constitutional powers, he has the
supporting staff who are civil servants

PROCESSING OF RESULTS OF AUDIT

If material observations are discovered they are communicated to the

Department/Ministry concerned in writing. The Ministry concerned is usually given a
month to reply to the observations, if the reply is received, it is evaluated by the section
concerned to see if what has been agreed as being wrong corrective measures have been
instituted.

If corrective actions are not remedied this will feature as qualification to the
appropriation account or the fund which is meeting the costs. Also at this stage the
section will proceed to prepare Memorandum for the Committee of Public Accounts of
Parliament. This memorandum details facts and figures which surround the material
errors which have affected the fund/appropriation account.

When the Memorandum on the qualification is received by the Committee of Public

Accounts, a date is set for deliberations, and the officers concerned in the Ministry are
227
required to appear before this Committee to answer questions. The Comptroller and
Auditor-General and his staff act as professional advisors to this committee and actually
do the framing of the relevant questions to be posed to the Ministry officers.

If during the deliberations it is found that Ministry officials were responsible for the
material errors, the committee is empowered to request Public Service Commission to
transfer, sack, regrade and re-training of the officials concerned.

Where the Comptroller and Auditor-General feels the loss of the fund in the project was
caused by the officer’s, he has the power to recover the money through raising of an audit
surcharge in terms of section 13 of the audit and exchequer act Chapter 168. The
Comptroller and Auditor-General do not have to disclose the reason for the audit
surcharge.

Consequently, any appeals against the surcharge by an officer would be made to His
Excellency the President of the country in terms of section 14 of the said act.

Submission of the audit report to Parliament. The Comptroller and Auditor General is
required by law to submit his report to Parliament by 31st March every year, through the
Ministry of Finance, Economic Planning and Development.

Auditing of Parastatals - This is done by professional firms of Chartered Accountants and

a full compliment of internal audit staff. The reports stemming out from these audits are
copied to the Comptroller and Auditor-General for review. However, if it comes to the
notice of the Comptroller and Auditor-General that certain actions and practices by the
Parastatals are not in conformity with the regulations and are not able to be pointed out
by both external and internal auditors, the Comptroller and Auditor General is
empowered to carry out his own audit of the Parastatals and produce special report to be
tabled in Parliament under Section 17 of the audit and exchequer act Chap. 168. This
report is tabled through the Minister of Finance, Economic Planning and Development
and a copy to the relevant Minister responsible for the Parastatals. If this report which
shall be tabled by the Minister of Finance within 7 days, is not tabled by the said
Minister, the Comptroller and Auditor-General is empowered to by-pass the Minister and
table it himself to the Parliament through the speaker section 18 of the said act refers.

228
 GOVERNMENT OF ZAMBIA
Act
No. 8 of 1980

Date of Assent: 4th April 1980

An Act to make certain provisions relating to the duties and powers of the Auditor-
General, and to provide for matters connected therewith or incidental thereto.

[11th April, 1980]

Enacted by the Parliament of Zambia.

1. This Act may be cited as the Public Audit Act, 1980.

2. In this Act, unless the context otherwise requires—

"Auditor-General" means the Auditor-General appointed, pursuant to article one hundred

and twenty-eight of the Constitution; (Cap. 1)

"contract audit" means the audit of transactions relating to contracts to which the
Government, public company or statutory corporation is a party;

"Department" means a department of the Government, and includes a Ministry;

"private institution" means any unincorporated body in receipt of a Government grant,

subsidy or subvention;

"public company" means any company limited by shares and incorporated under the
companies Act (Cap. 686), in which the Government is the sole shareholder,

"statutory corporation" means any body corporate established by statute in which the
State has a majority or controlling interest, and includes a statutory board.

3. Notwithstanding the provisions of section sixteen of the Finance (Control and

Management) Act (Cap. 600), it shall be the duty of the Auditor-General to audit, at such
times as he deems fit, the accounts of—

(a) every statutory corporation or public company.

(b) every Department in which funds and working accounts are established under section
eight of the Finance (Control and Management) Act (Cap. 600); and

229
(c) every private institution which receives Government grant, subsidy or subvention in
any financial year.

4. (1) In the performance of his duty under section three, the Auditor-General shall satisfy
himself that the moneys expended by each statutory corporation, public company,
Department or private institution have been applied to the purposes for which they were
appropriated.

(2) the Auditor-General shall determine the scope and extent of the examination or
inspection of the accounts of each statutory corporation, public company, Department or
private institution which he considers desirable to achieve the purposes specified in
subsection (1).

(3) In the performance of his duties under subsections (1) and (2), the Auditor-General
shall not be subject to the direction or control of any other person or authority.

5. (1) Whenever the Auditor-General has reason to believe that delay in reporting serious
irregularities in the expenditure of public funds through his annual report may occasion
financial loss to the Government or prejudice effective financial control, he shall
forthwith prepare such special, interim or other audit report relating to audit investigation
into such serious irregularities as he considers necessary to prevent or reduce any
financial loss to the Government.

(2) The Auditor-General shall, as soon as practicable, submit the special, interim or other
audit report mentioned in sub-section (1) to the President who shall, not later than seven
days after the first sitting of the National Assembly next after the receipt of such report,
cause it to be laid before the Assembly; and if the President makes default in laying the
report before the Assembly, the Auditor-General shall submit the report to the Speaker of
the Assembly, or, if the office of Speaker is vacant or if the Speaker is for any reason
unable to perform the functions of his office, to the Deputy Speaker, who shall cause it to
be laid before the Assembly .

6. Whenever the exigencies of public audit services so require, the Minister responsible
for finance may, at the request of the Auditor-General, engage such agents or specialist
consultants as are necessary to assist the Auditor-General in the execution of his duties.

7. (1) In the performance of his duties under this Act, the Auditor-General and any public
officer, agent or specialist consultant authorised by him shall have—

a. access to all books, records, returns, reports and other documents relating to the
accounts of any statutory corporation, public company, Department or private
institution under audit examination or inspection;

b. access at any reasonable time of the day to the premises of any statutory
corporation, public company, Department or private institution under audit
examination or inspection;

230
c. power to call for any relevant information from persons responsible for the
financial administration of any statutory corporation, public company,
Department or private institution under audit examination or inspection.

(2) Notwithstanding anything contained in subsection (1), the Auditor-General shall not
authorise any agent or specialist consultant—

a. to have access to any books, records, returns, reports or other documents, or to

enter upon any premises, of any component of the Defence Force or the Zambia
Security Intelligence Service; or

b. to have access to any books, records, returns, reports or other documents, or to

enter upon any premises other than those mentioned in paragraph (a), if such
access or entry is likely to—

(i) prejudice the security, defence or international relations of the Republic or the
investigation or detection of offences; or

(ii) involve the disclosure of any matters or deliberations of a secret or

confidential nature of the Cabinet or any sub-committee of the Cabinet.

8. (1) Notwithstanding anything to the contrary contained in any other written law, every
contract for construction work or for the supply of equipment, machinery or materials
involving the expenditure of public funds to which the Government, a public company or
statutory corporation is a party, shall contained a provision empowering the Auditor-
General or any public officer, agent or specialist consultant authorised by him to have
access to, and examine all books, records, papers, reports and other documents relating to
such contract.

(2) No moneys appropriated for expenditure on a contract for construction work or for the
supply of equipment, machinery or materials valued at an amount in excess of fifty
thousand kwacha shall be released to a contractor or supplier unless the Auditor
General’s prior written certification that such contact contains the provision specified in
subsection (1) has been obtained.

(3) Every contractor or supplier under a contract for construction work or for the supply
of equipment, machinery or materials involving the expenditure of public funds in excess
of fifty thousand kwacha to which the Government, public company or statutory
corporation is a party, shall maintain separate books of account showing appropriate
subsidiary accounts, together with relevant supporting documents relating to such
contract.

9. (1) Where under any written law establishing a statutory corporation or public
company provision is made for the appointment of an auditor, it shall be the duty of the
auditor appointed pursuant to such provision to furnish the Auditor-General with copies
of such certificates, reports, documents and other relevant information in respect of the
accounts of such statutory corporation or public company as the Auditor-General may
require.
231
(2) Upon receipt of the copies of certificates, reports, documents and other relevant
information mentioned in subsection (1), the Auditor-General shall determine the nature
and extent of any audit review he may consider necessary and, where desirable, he may
prepare and submit to the President in the manner specified in subsection (2) of section
five a report on such audit review.

10. The Auditor-General shall, at the request of the President, conduct any specific audit
investigation into the accounts of any statutory corporation, public company, Department
or private institution, as the President may consider desirable in the public interest.

11. (1) Every public officer serving in the Office of the Auditor-General of or above the
rank of Principal Auditor, and every agent or specialist consultant engaged under the
provisions of section six shall, before entering upon the duties of his office, take and
subscribe before the Chief Justice an oath in the form set out in the Schedule.

(2) The provisions of subsection (1) shall not apply to any public officer, agent or
specialist consultant who entered upon the duties of his office before the commencement
of this Act:

Provided that any such public officer, agent or specialist consultant shall, as soon as may
be after the commencement of this Act, take and subscribe an oath in accordance with the
provisions of subsection (1).

(3) Where any person is required to take an oath under the provisions of subsection (1),
and—

(a) he has no religious belief; or

(b) the taking of an oath is contrary to his religious belief;

he may make a solemn affirmation in the form set out in the Schedule by substituting the
words "solemnly and sincerely declare and affirm" for the word "swear" and omitting the
words "So Help Me God".

12. No action or other proceeding shall lie against the Auditor-General or any public
officer, agent or specialist consultant authorised by him for or in respect of the findings of
any audit examination or inspection carried out by him in the exercise or purported
exercise of his functions under this Act.

13. Any person who obstructs or resists the Auditor-General or any public officer, agent
or specialist consultant authorised by him in the exercise of his power of access, or power
to call for relevant information, under this Act, shall be guilty of an offence and shall be
liable, upon conviction, to a term of imprisonment not exceeding one year or to a fine not
exceeding one thousand kwacha, or to both such imprisonment and fine.

232
SCHEDULE

(Section 11)

I, ................................................. having been appointed to exercise the functions of

................................. in the office of the Auditor-General do swear that I will, without
fear of favour, affection or ill will, discharge the functions of my office, and that I will
not, directly or indirectly, reveal any matters relating to such functions other than in the
course of duty.

So help me God

Sworn/Declared before me this ....................... day of ...................., 19.............

............................

...........................

Chief Justice.

233
LEGISLATION ON PUBLIC SECTOR INTERNAL AUDIT

FUNCTION, ROLE AND RESPONSIBILITY OF INTERNAL AUDITOR UNDER

PUBLIC SECTOR ENVIRONMENT

In some countries government internal audit is regulated by its own Act. Thus, for
example, Ghana has the Internal Audit Agency Act of 2003 and Pakistan is in the process
of developing a similar Act. The requirements for internal audit could also be included in
legislation by including wording along the following lines in the relevant public financial
management Act (or equivalent):

'The Accounting Officer of each ministry, department or agency shall ensure that:

 an internal audit function is maintained which is appropriate to the needs of the

organisation concerned and conforms with internationally recognised standards in
respect of its status and procedures
 the scope of internal audit includes the whole system of internal controls
established by the organisation, including its financial, operational and
compliance controls and risk management
 internal audit has unrestricted rights of access to all personnel, records (both
electronic or otherwise), assets, and to obtain such information and explanations
as it considers necessary for the proper fulfilment of its responsibilities
 the head of internal audit reports directly to a senior director, preferably the
Accounting Officer, with direct access, as necessary, to the chair of the audit
committee (or equivalent).'

Examples of similar approaches from other African Countries

Malawi
Public Finance Management Act 2003, Section 10(1)
'Each Controlling Officer is responsible for ensuring that, in relation to his Ministry -
(p) an effective system of internal control is developed and maintained and, unless the
Secretary to the Treasury approves otherwise in circumstances provided for in Treasury
Instructions, an effective internal audit function is developed and maintained'

South Africa
Public Finance Management Act 1999
'General responsibilities of accounting officers - (1) the accounting officer for a
department, trading entity or constitutional institution -
(a) must ensure that the department, trading entity or constitutional institution maintains
(ii) a system of internal audit under the control and direction of an audit committee
complying with and operating in accordance with regulations and instructions [financial
regulations] prescribed in terms of sections 76 and 77'

Tanzania
Under section 29 of the Public Finance Act 2001, the Accountant-General shall have

234
power to:
'(a) Issue instructions regarding internationally known standards of internal audit to the
accounting officers;

(b) Inspect the internal control and audit functions displayed by the accounting officers,
to ensure that such instructions are being implemented and the appropriate standards are
achieved.

These instructions and inspections shall seek to ensure that the internal audit service is
capable of operating independently of the management of a Ministry, Department or
Agency and that no limitation is placed on its access to information and it shall be
incumbent on both the Accounting Officers and the Head of Internal Audit in the
Ministry, Department or Agency, to ensure that all instructions are enforced and
implemented in respect of the Audit functions.'

The Public Finance Regulations (2001) also require accounting officers to 'establish an
effective internal audit service unit throughout the ministry, department or agency... for
which he is responsible'. Furthermore, 'to ensure that adequate and consistent standards of
internal audit are applied throughout the Government, the Accountant- General shall be
responsible under these regulations for ensuring the status and powers of the Internal
Audit function in each ministry, department or agency conforms to internationally
accepted standards'.

The statutory duties of the Tanzania Internal Audit Service are defined in paragraph 34 of
the 2001 Public Financial Regulations, as follows:

(a) Review and report on proper control over the receipt, custody and utilisation of all
financial resources of the unit;

(b) review and report on conformity with financial and operational procedures, and good
practice as defined by the Accountant-General, in order to avoid incurring obligations
and authorising payments to the extent which would ensure effective control over the
expenditure of the unit;

(c) review and report on the correct classification and allocation of revenue and
expenditure accounts;

(d) review and report on the reliability and integrity of financial and operational data, so
that information provided allows for the preparation of accurate financial statements and
other reports for the information of the unit and the general public as required by
legislation

(e) review and report on the systems in place used to safeguard assets, and, as
appropriate, the verification of the existence of such assets;

(f) review and report on operations or programmes to ascertain whether results are

235
consistent with established objectives and goals;

(g) review and report on the adequacy of action by management in response to internal
audit reports, and assisting management in the implementation of recommendations made
by those reports and also, where appropriate, recommendations made by the Controller
and Auditor-General; and

(h) review and report on the adequacy of controls built into computerised systems in
place within the unit.'

Uganda

Public Finance and Accountability Act 2003

'The Accountant-General shall -

(d) ensure that the internal audit function in each Government Ministry, department,
fund, agency or other reporting unit required to produce accounts under Section 31 is
appropriate to the needs of the organisation concerned and conforms to internationally
recognised standards in respect of its status and procedures.'

Zambia
The role of Internal Audit is covered by Sections 47 - 50 of Financial Regulations (Cap.
347 as proposed, originally Cap. 600 of the laws of the Republic of Zambia).

Section 48 of the Financial Regulations states:

'The existence of Internal Audit teams will not relieve Controlling Officers or any other
Accounting Officers of their individual responsibilities, nor will it remove the need for
normal checks within Ministries or Departments.'

Section 49 of these regulations states that:

'Internal Auditors will be directly responsible to the Controlling Officers of the Ministries
in which they are provided. The programme of checks to be carried out by Internal
Auditors will be laid down by the Permanent Secretary [the Secretary to the Treasury in
MoFED as advised by the Controller of Internal Audit] in consultation with Controlling
Officers and with the Auditor-General, and will cover all accounting procedures and
documentation.

Generally, Internal Auditors will ensure: -

 that the work entailed in the receipt and payment of public money has been
properly carried out under proper supervision;
 that the safeguards for the prevention or prompt detection of fraud or loss of
stores, cash or other Government assets, are adequate;
 that accounting forms are properly protected, recorded and regularly checked;
 that the duties of members of accounting staff are changed from time to time;

236
  that a satisfactory system exists for the checking of computer input and output;
 that the system for the control of the receipt, issue and use of stores is adequate;
 that the recording of the assets is up to date and correct;
 that returns of revenue or expenditure required by Controlling Officers are
correctly prepared and promptly submitted.'

ACCA would be happy to review and comment on proposed legislation for internal audit.
If you are developing such legislation please contact Andy Wynne. If you would like a
copy of Ghana's Internal Audit Agency Act or the draft act for Pakistan then please also
contact Andy (SOURCE ACCA WEBSITE- LEGISLATION ON PUBLIC
SECTOR INTERNAL AUDIT)

RISK EVALUATION, PREVENTIVE AND CORRECTIVE ACTIONS

The traditional view of risk management has been one of protecting the organisation from
loss through conformance procedures, and hedging techniques. This is about avoiding the
downside. The new approach to risk management is about ‘seeking the upside while
managing the downside’. In other words, its about taking a proactive approach to risk
management.

Risk Management is defined as:

The process of understanding and managing the risks that the organisation is
inevitably subject to in attempting to achieve corporate objectives. ( CIMA Official
Terminology)

The process of risk management will involve:

 risk identification
 risk evaluation where the risk is evaluated and ranked according to its
relative significance
 risk management or mitigation

The risk management framework will include the following elements:

 risk management policy: which defines the organisation’s approach to risk

management and its attitude to and appetite for risk
 resourcing risk management: the resources required to implement, monitor and
coordinate the risk management process including risk management
 implementing of risk management: formalises the process involved in identifying
and defining risks, the assessment of risk in terms of likelihood and impact and
the key aspects of the business process that are used to respond to the risks
 risk management and reporting: including the form and regularity of reporting
and the risk reporting structure

237
It is important to note that risk management requires commitment from the Board of
Directors, Executive Management and Employees. Risks should be prevented and
corrected as soon as possible to reduce their impact. Methods of assessing risks include
PEST/SWOT analysis, interviews, surveys and statistical sampling. Audit/ risk
committees are increasing becoming important features of good corporate governance
and will play a leading role in the risk management process.

Benefits of risk management

 Linking growth, risk and return

 Enhancing risk response decisions
 Minimising operational surprises and losses
 Seizing opportunities
 Mergers and acquisitions are managed proactively
 Goodwill is not impaired
 Having a good credit rating

AUDIT OF CENTRAL GOVERNMENT

This chapter discusses the external audit of public sector bodies, its nature and its
objectives. Comparisons will be made with the audit of companies and other
organisations in the private sector. There will be discussion of recent developments in
public sector audit and of the differing views which have emerged about its proper scope
and organization. There will be no attempt to give instruction in detailed audit
techniques: for that a specialised professional training is necessary.

Introduction
It has already been shown that the public sector in many countries comprises a variety of
organisations, but the main divisions of the sector into central government, local
authorities and nationalised industries and other public corporations will be followed in
examining the role of audit. Before examining the tree main areas, it is necessary to be
clear about the essential nature of an external audit. What is it? What is it for?
The clues to the answers to these questions lie in the words ‘external’ and ‘independent’.
In the Zambian public sector, an external audit is intended first to provide an assurance as
to the reliability of the published accounts of the audited body. Second, it is intended to
provide further assurance as to the regularity of the underlying transactions.
Third, in the central and local government sectors but not the nationalised industries it
aims to provide an assessment of the efficiency and effectiveness with which the body
performs its functions. The auditor provides these assurances and assessments from the
standpoint of someone outside the body in question and independent of it. His
examinations and reports are expected to be honest, impartial, dispassionate, indeed
fearless, as well, it is to be hoped, as expert and thorough. The independence of the
external auditor is crucial if his reports are to have credibility and authority. How such
independence may be secured is discussed below.

238
This brief definition of external audit leads immediately to two further questions. First,
to whom are these assurances about financial or other matters, provided by this
independent character, to be addressed?
Second, what is the relationship between external and internal auditors? An answer to
the second question can conveniently wait. The answer to the first depends on the
constitutional position of the audited body: to whom is it answerable for its actions? A
government department is answerable through its ministers and accounting officer (see
below) directly to Parliament. A nationalised industry is answerable to the responsible
minister and through him to Parliament on its general performance, but not on its day-to-
day operations. A local authority is constitutionally independent of parliament acts on
behalf of national electors and taxpayers and its distinct from her Executive – i.e. the
central government – local authorities act on behalf of local electors and ratepayers in
both a representatives and an executive capacity. It follows that the external auditor of a
government department reports to Parliament, the auditor of a nationalised industry
reports to the Secretary of State, and the auditor of local authorities to the authority itself.
In doing so however, they always have in mind the interests of the general public
services, and these entire audit reports are normally publicly available.

The public audit services of most advanced countries set out to provide, very broad terms,
a financial audit of accounts and efficiency or value for money audit of activities. The
first of these centres on the adequacy of the systems for controlling the receipt and
payment of public funds, the second on the way resources purchased with those funds –
manpower, capital equipment, buildings, supplies and so on – are allocated and utilised.
The term audit is sometimes applied to a different type of external check; for example, a
‘social audit’, advocated by some people, would attempt to establish how far public
institutions, and indeed large private corporations, had contributed to social, community
or similar goals. We are not concerned here with these provider remits as such, though
social considerations often play a part in public expenditure decision and must be
recognised and allowed for by the auditor. The critical examination of financial and
resource management is a convenient general description of much of the auditor’s
activity.
Public audit is by no means confined to the financial audit of accounts and demands a
close knowledge of the operations of Parliament and of the departments of state, it is
clearly desirable that the person in charge should be familiar with public finance and
with the problems of managing large departments and securing the best use of very large
sums of public money.
The independence of the Auditor General is very important in public sector audit.
Thus within the broad statutory framework governing his audit he decides himself how to
lay out the resources of his staff, how to conduct his audit work, and what reports to
make.
The audit of government departments can be divided into two sectors: the financial, more
strictly the clarification, audit, and the value for money, the certification audit was laid
down in the 1866 Act, which established the arrangements by which the executive – the
public funds they use. Much of the Act dealt with account procedures and
responsibilities, but its main provisions, which still apply, can be simply summarised

239
The way in which test audit should be carried out, to give a reasonable degree of
assurance about the particular accounting systems to which they are applied, is an
important aspect of audit techniques. It has led into the systems-based audit and the use
of statistical sampling where large numbers of transactions are involved, and its
application has to be rethought with the rapid extension of computerised accounting
systems and auditing software.
In this audit of the Revenue Departments, the auditor general is required to satisfy
himself only that the departments have established satisfactory procedures for the
assessment and collection of all revenue due. He is not required to certify that all
revenue which should have been collected has been, still less that individual taxpayers
have been correctly assessed for tax. That would indeed have been an impossible task.

This approach appears to an early formulation of a ‘system-based audit’, by several

decades the general adoption of that technique in both commercial and public audit work.

THE OBJECTIVES OF THE FINANCIAL AUDIT

The financial audit of government departments is intended to give an assurance that in all
material respects:

(a) Their accounts properly present the transactions to which they relate;

(b) They have spent the money voted to them only for the purposes intended by
Parliament, as described in the Estimates and Supplementary Estimates presented
at the beginning of each financial year and subsequently; and

(c) The expenditure conforms to the authority governing it, i.e. has met the
requirements of ‘regularly’.

In even plainer words, this means that the money provided by Parliament has been spent
as intended, that no lawful, improper or irregular payments have been made, and that the
figures are satisfactory.

These simple-sounding objectives conceal some complex problems for the Auditor
General and his staff.
The building of hospitals, the design and development of advanced military equipment,
the installation of large computer systems are just a few of these highly diverse activities.
It is therefore a major technical audit task to check that the accounting and financial
control systems underlying the figures in the account are reliable and efficient. This
work is necessarily done on a selective basis and increasingly utilises techniques, such as
statistical sampling and the evaluation and testing of systems, similar to those applied
by commercial auditors in the audit of large private sector concerns.

It is also the case that an evaluation of financial control and information systems is likely
to be of value not only for certification purposes but to judge a department’s progress in
the development of effective internal management systems. But other operational audit
techniques, conveniently subsumed in the term ‘value for money audit’, need to be

240
developed. Before discussing them, it is first necessary to make a brief digression into
the field of commercial accounting and audit.

COMMERCIAL AND GOVERNMENT ACCOUNTING

Government spends money and uses large resources of manpower to provide a wide
variety of services to the community: defence, health, support for industry and
agriculture, social security, and many others
It is true that a relatively small part of the activities of government departments closely
related bodies is commercial in its nature and aims
Commercial accounts are intended to show the results of trading operations over the year,
and the financial state of the business – more specifically its net book value – at the end
of each year. To do so, both income and expenditure have to assess as accurately as
possible, which is a more complex task than simply logging up cash payments and
receipts.

Income has to take account of sums due in respect of various activities and attributable to
the year in question; expenditure has to include amounts representing the proportion of
the firm’s assets, stocks and work in progress used up in producing the year’s income;
provisions against future loss or liabilities have to be assessed – and so on. When making
calculations it is necessary to add an assessment of the effect of inflation on the firm’s
profit and asset valuations, through the application of current cost accounting, the
production and audit of the accounts of any sizeable commercial concern is a
considerable exercise, involving acts of judgement as well as of record and classification.
This brief sketch of commercial accounting is intended only as background to two points.
First, as mentioned above, there are some government activities which can and should be
presented and accounted for in this way.
They include not only the production and sale of a range of goods, from coins and medals
to prints of medieval manuscripts, but also, for example, the provision of offices and
supplies to departments, where it is thought desirable to work out the ‘full cost’ on some
appropriate type of commercial accounting, to assist control and to promote the right
decisions
The second point is a wider and crucial one. The making of profit or loss and the
increase or decrease each year in the value of a business, are critical tests of its success or
failure. They measure the extent to which it achieves its essential objectives. There may
be others. A firm which contributes to social progress or cultural achievement, which
makes its staff happy in their work, or sponsors a tennis tournament, may earn applause
for doing so. It also recognises that there are also likely to be financial benefits. But if it
consistently fails in the primary task of profit making, it is unlikely to survive, short of
government rescue, for long.

241
VALUE FOR MONEY AUDIT

None of this applies, clearly, to government departments providing or promoting the

large-communal services of defence, education, health law and order, and so on. Their
efficiency, their performance, their success has to be judged by quite different tests, and
by quite different methods. This is the field in which the public audit services seek to
apply the concepts now broadly known as value for money or efficiency auditing.
They do not displace the audit of accuracy in accounting or of prosperity and regularity
of transactions described earlier.

They complement and extend it, and require different techniques. Good financial
auditors have also produced useful value for money reports on a wide range of financial
management matters. Such work also be satisfactorily done by people without
professional accountancy or audit training if they have right attitudes and approach.

The prime responsibility for achieving value for money or efficiency is the management’s
and not the public auditor’s. Senior civil servants, and ultimately their ministers, are
responsible and are held accountable for all their actions in running and managing their
departments

In this context economy is taken to mean the achievement of a given result with the least
expenditure of money, manpower or other resources, while efficiency imports the
idea of converting resources into a desired product in the most advantageous ratio.
But this sometimes a rather subtle distinction, and the more important divide is between
the pursuit and audit of economy and efficiency on the hand and of effectiveness on the
other, because the latter brings into account goals or objectives which the activity in
question is intended to meet.

The examination of effectiveness in government and other public sector programmes and
policies raises issues, which are often intractable and sometimes controversial. The
development or purchase of nuclear weapons is intended to contribute to the goal of
national security. The extension of comprehensive education is intended to promote
education and social aims. The introduction of the family income supplement was hoped
do secure a minimum standard of living for the families’ low-paid workers in
employment. Subsidies for defined forms of industrial investment aimed to encourage
the development of particular parts of the country, and reduce unemployment. The
transformation of the old employment exchanges into job centres and their sitting in the
high street has a similar aim. These cases and a great many more raise the questions:

(a) Should the auditor be involved in effectiveness at all?

(b) If so, does this not bring him to question policy decision?
(c) Has he the necessary skills?

The question of the involvement of the external auditor in policy question is a sensitive
one. It is for those running an organisation, and answerable for its results, to take and
defend policy decisions, for example to develop an new civil aircraft, to build a new
comprehensive school, or to broadcast news in English to various parts of the world. But
the auditor may feel it necessary and justifiable:
242
(a) To question whether the goals which the policy decisions are meant to serve have
been established;

(b) To examine whether managements have themselves established adequate

procedures and criteria to assess the effectiveness of their policies;

(c) To quantify the costs of the decisions taken;

(d) To report on whether the goals have in fact been achieved;

(e) To suggest alternative ways in which the goals might have been more effectively
met.

Internal and external audit

Most large organizations, in both public and private sectors have their internal audit
arrangements. The essential difference between internal and external audit is that the
former is part of the management, is organized and directed and reports as senior
management, decides, whereas the latter completely independent and, subject to the law,
decides these matters for itself. Internal audit is intended to contribute to the probity and
efficiency of the enterprise from within; external audit shares this objective, operating
from outside, but also serves the further objective of external accountability.

243
CHAPTER 11: CORPORATE GOVERNANCE
KEY TERM
Corporate Governance

The system by which companies are directed and controlled. Boards of directors are
responsible for the governance of their companies. The shareholders’ role is to appoint
directors and auditors and to satisfy themselves that an appropriate governance structure
is in place. The responsibilities of the Board include setting the company’s strategic aims,
providing the leadership to put them into effect, supervising the management of the
business and reporting to shareholders on their stewardship. The Board’s actions are
subject to laws, regulations and the shareholders in general meetings (CIMA Official
Terminology)

The Cadbury Report defines corporate governance as ‘the system by which

companies are directed and controlled’.

The roles of those concerned with the financial statements are described in the
Cadbury Report.

 The directors are responsible for the corporate governance of the

company.
 The shareholders are linked to the directors via the financial reporting
system.
 The auditors provide the shareholders with an external objective check
on the directors’ financial statements.
 Other concerned users, particularly employees, are indirectly
addressed by the financial statements.

Before looking at the codes that have been issued to support good corporate
governance, it is important to understand why good corporate governance is
considered to be important.

244
Importance of Good Corporate Governance

The ideas which are central to the importance of good corporate governance are
illustrated in the two diagrams below.

C Manage
O
M Defraud? DIRECTORS
P
A Remunerate
N AGM
Y Invest
SHAREHOLDERS
Received Income

O
N Remunerate
E OTHER
Work fees STAKEHOLDERS

Defraud?

Lend

Pay interest
Audit
Pay fees AUDITORS

C Manage
O DIRECTORS
M Defraud?
P WHO ARE
A Remunerate ALSO
N AGM
Y Invest SHAREHOLDERS
(OWNER-
Received Income MANAGED)

245
W Remunerate -
O OTHER
Work fees STAKEHOLDERS

Defraud?

Lend

Pay interest
Audit
Pay fees AUDITORS

The diagrams show two companies and their relationships with the key people
associated with corporate governance.

The key difference between the diagrams is that while in company two, the
shareholders are fully informed about the management of the business, being
directors themselves, in company one, the shareholders only have an opportunity
to find out about the management of the company at the AGM.

The day-to-day running of a company is the responsibility of the directors and

other management staff to whom they delegate, and although the company’s
results are submitted for shareholders’ approval at the annual general meeting
(AGM), there is often apathy and acquiescence in director’s recommendations.

AGMs are often very poorly attended. For these reasons, there is the potential for
conflicts of interest between management and shareholders.

An audit is an exercise carried out on behalf of the shareholders but vitally, it does
not report on two aspects of their investment which are of vital importance to
them:

 How their investment is being managed

 Whether their investment is subject to fraud

An audit provides an opinion on the veracity of the financial statements and

leaves a member to draw his own conclusions concerning the above issues.

This is not a problem for owner-managed businesses, but many companies are not
managed by their owners, and investors, particularly institutional investors, have
been concerned at the knowledge gap that they are left with.

The UK government took up their concerns in the wake of some high profile
scandals and frauds in the 1980s and early 1990s.

Having established that it is important that companies are managed well (that
there is good corporate governance), the questions that had to be addressed were:
246
  How to enforce good practice by directors, and what that ‘good
practice’ should be?
 How to communicate the adherence to good practice by
management to the shareholders?

These issues, which include directors by virtue of them being the managers of the
companies, and auditors by virtue of them already communicating information
about the company to the shareholders, are addressed in the codes which we shall
look at now.

Question: good corporate governance

Why is good corporate governance important?

Answer

Shareholders and managers are usually separate in a company and it is

important that the management of a company deals fairly with the
investment made by the owners.

CODES OF BEST PRACTICE

The Cadbury Report

Financial aspects of corporate governance in the UK have been addressed in the

report of the Cadbury Committee, which was formed in 1991. The terms of
reference of the committee were to consider, along with any other relevant
matters, the following issues.

(a) The responsibilities of executive and non-executive directors for

reviewing and reporting on performance to shareholders and other
financially interested parties, and the frequency, clarity and form in
which information should be provided.
(b) The case for audit committees of the board, including their
composition and role (this is discussed in its own right in Section
3).
(c) The principal responsibilities of auditors and the extent and value
of the audit
(d) The links between shareholders, boards, and auditors.

The committee aimed to set out the responsibilities of each group involved in the
reporting process and to make recommendations on good practice.

The Code of Best Practice included in the Cadbury Report is aimed at the
directors of all UK public companies, but the directors of all companies are
encouraged to use the Code for guidance.

247
Directors should state in the annual report and accounts whether they comply with
the Code and give reasons for any non-compliance. This statement of compliance
should only be published after a review by the auditors.

Provisions of the Cadbury code

The board The board of directors must meet on a regular basis,
of retain full control over the company and monitor the
directors executive management. A clearly accepted division of
responsibilities is necessary at the helm of the company,
so no one person has complete power, answerable to no-
one.
The report encourages the separation of the posts of
Chairman and Chief Executive. Where they are not
separate, a strong independent group should be present
on the board, with their own leader.
There should be a formal schedule of matters which
must be referred to board stating which decisions require
a single director’s signature and which require several
signatures. Procedures should be in place to make sure
the schedule is followed.
The schedule should include acquisitions and disposals
of assets of the company/subsidiaries that are material to
the company and investments, capital projects, bank
borrowing facilities, loans and their repayment, foreign
currency transactions, all above a predetermined size.

Non-executive The following points are made about non-executive

director directors, who are those directors not running the day to
day operations of the company.
They should bring independent judgement to bear on
important issues, including key appointments and
standards of conduct.

There should be no business, financial or other

connection between the non-executive directors and the
company, apart from fees and shareholdings.

Fees should reflect the time they spend on the business

of the company, so extra duties should earn extra pay.

They should not take part in share option schemes and

their service should not be pensionable, to maintain their
independent status.

248
 Appointments should be for a specified term and re-
appointment should not be automatic. The board as a
whole should decide on their nomination and selection.

Procedures should exist whereby non-executive

directors may take independent advice, at the company’s
expense if necessary.

Executive In relation to the executive directors, who run companies

directors on a day to day basis, the main points in the Code relate
to service contract.

Directors’ emoluments and those of the highest paid

directors should be fully disclosed and analysed between
salary and performance-related pay. The basis of
measuring performance should also be shown. A
remuneration committee of non-executive directors
should decide on the level of executive pay.

Audit The code states that audit is a cornerstone of corporate

governance. It is an objective and external check on the
stewardship of management.

There are design problems in the framework of auditing,

however, including:

 Choices in accounting treatments

 Poor links between shareholders and auditors
 Price competition associated with auditing

Another problem associated with the audit is the

‘expectations gap’ between what an audit actually
achieves and what people think it achieves.

The threat to objectivity of auditors offering other

services to audit clients should be safeguarded against
by disclosing fees for audit in the financial statements.

The code also recommends that the auditing profession

draw up formal guidelines concerning audit rotation.
The advantages and disadvantages of audit rotation were
discussed in earlier.

It recommends the accountancy profession being

involved in setting criteria for evaluation of internal
control

It recommended that auditors report on going concern.

249
 This has now been reflected in auditing standards and is
common practice. It also recommended that auditors
have guidelines about how to act in the event of
suspicion of fraud. This is dealt with in ISA 240.

Smaller companies

Many smaller companies have complained that the Cadbury Code is too burdensome for
them raising fears that its requirements are not diluted then many small companies will
simply fail to comply with them.

In response to this, a special version of the code aimed at listed companies with market
capitalisation below £250 million was published in 1994 by the City Group for Smaller
Companies (‘Cisco’), with the endorsement of the Cadbury Committee.

Differences between the Cisco code and the Cadbury code include reduction of the
number of non-executives on a company board from three to two and not requiring
smaller companies to split the roles of Chief Executive and Chairman.

The Combined Code

The Cadbury report was issued in 1992, and the comments in the table above show that
some of the points have been addressed subsequently by the Auditing Practices Board
(APB), particularly those in relation to fraud and going concern.

Since the Cadbury report, there have been several other committees, which all produced
recommendations about various issues such as directors’ remuneration. In 1998, the key
guidance from all the reports was re-issued in the form of the combined Code.

The Combined Code is issued as part of the Stock Exchange guidance and so generally
relates to listed companies. However, this does not mean that following the guidance is
not good practice for other companies also.

Principles of the Combined Code

The board Every company should be headed by an effective board, which
is collectively responsible for the success of the company.

There should be a clear division of responsibilities at the head

of the company between the running of the board and the
executive responsibility for the running of the company’s
business. No one individual should have unfettered powers of
decision.

The board should include a balance of executive and non-

executive directors (and in particular independent non-executive
directors) such that no individual or small group of individuals
can dominate the board’s decision taking.

250
 There should be a formal, rigorous and transparent procedures
for the appointment of new directors to the board.

The board should be supplied in a timely manner with

information in a form and of a quality appropriate to enable it to
discharge its duties. All directors should receive induction on
joining the board and should regularly update and refresh their
skills and knowledge.

The board should undertake a formal and rigorous annual

evaluation of its own performance and that of its committees
and individual directors.

All directors should be submitted for re-election at regular

intervals, subject to continued satisfactory performance. The
board should ensure planned and progressive refreshing of the
board.

Remuneration Levels of remuneration should be sufficient to attract, retain and

motivate directors of the quality required to run the company
successfully, but a company should avoid paying more than is
necessary for this purpose. A significant proportion of
executive directors’ remuneration should be structured so as to
link rewards to corporate and individual performance.

There should be formal and transparent procedure for

developing policy on executive remuneration and for fixing the
remuneration packages of individual directors. No director
should be involved in deciding his or her own remuneration.
Accountability The board should present a balance and understandable
and audit assessment of the company’s position and prospects.

Depending on the The board should maintain a sound system of internal control to
Size of the safeguard shareholders’ investment and the company’s assets.
company, this may
involve setting up The board should establish formal and transparent arrangements
an internal for considering how they should apply the financial reporting
audit department and internal control principles and for maintaining an
appropriate relationship with the company’s auditors.

Relations with There should be a dialogue with shareholders based on the

Institutional mutual understanding of objectives. The board as whole has
shareholders responsibility for ensuring that a satisfactory dialogue with
shareholders takes place.

The board should use the AGM to communicate with investors

and to encourage their participation.

251
Corporate Governance Statement

The stock exchange rules require that, as part of the annual report, a company must
include a narrative statement of how it has applied the principles set out in the Combined
Code. This statement must include an explanation, which allows the shareholders to
evaluate how the company have applied the principles.

The statement must also provide explanation of whether the company has complied with
the principles of the Combined Code.

They must also provide a statement showing how they have applied the principles
relating to directors’ remuneration (not examined in detail here).

The auditors must review the corporate governance statement before it is published.
Their duty to review it only extends to the following items:

 Board having a schedule of matters for their attention

 Procedures for board members to seek independent, professional advice
 Non-executive directors having specific terms of office
 Directors being subject to election and re-election by the shareholders
 The directors and auditors stating their respective responsibilities
 The directors conducting a review of internal control effectiveness
 The board establishing an audit committee

Benefits of a voluntary code

The Combined Code is a voluntary code. The Stock Exchange requires that disclosures
be made as to whether it has been complied with, but there are no statutory requirements
to comply with it.

The main benefit in having a voluntary code is that the code can be applied flexibly;
where management believe that it is relevant. The disclosure requirements ensure that
shareholders are aware of the position and they can make any points they want to about
compliance with the code at the Annual General Meeting (AGM).

It has been argued that making such a code obligatory would have punitive effects on
some companies, due to their size or investor make up and that legislation would create a
burden of requirement which could be excessive in many cases.
Critics of the view would argue:
 Disclosure of non-compliance is insufficient as the AGM is still not sufficient
protection for shareholders.
 Having a voluntary code allows some companies not to comply freely, to the
detriment of their shareholders.

252
  The requirement to disclose is only a Stock Exchange requirement, and there
are many unlisted companies who should be encouraged to apply the codes.
The government has shown concern for this area in the past and it is believed that it
might take action in the future to regulate this area more heavily.
However, at the moment, having a voluntary code is a compromise based on the points
taken above.
2 AUDIT COMMITTEES
3.1 A major recommendation in the Cadbury Code is that all listed
companies must establish effective audit committees if they have not
already done so.
3.2 The Code takes its example from countries such as Canada where audit
committees for listed companies are compulsory.
3.3 Audit committees were the subject of the Smith Report in early 2003.
The Smith Report contained a summary of recommendations, which have
been included in the revised Combined Code.
Combined Code Provisions
The board would establish an audit committee of at least three, or in the case of smaller
companies, two members.
The main role and responsibilities should be set out in written terms of reference and
should include:
(a) To monitor the integrity of the financial statements of the company and any
formal announcements relating to the company’s financial performance,
reviewing significant financial reporting issues and judgements contained in them.

(b) To review the company’s internal financial controls and, unless expressly
addressed by a separate board or risk committee composed of independent
directors by the board itself, the company’s control and risk management systems.

(c) To monitor and review the effectiveness of the company’s internal audit function.

(d) To make recommendations to the board for it to put to the shareholders for their
approval in general meeting in relation to the appointment of the external auditor
and to approve the remuneration and terms of engagement of the external
auditors.

(e) To monitor and review the external auditor’s independence, objectivity and
effectiveness, taking into consideration relevant UK professional and regulatory
requirements.

(f) To develop and implement policy on the engagement of the external auditor to
supply non-audit services, taking into account relevant ethical guidance regarding
the provisions of non-audit services by the external audit firm and to report to the

253
 board, identifying any matters in respect of which it considers that action or
improvement is needed, and making recommendations as to the steps to be taken
and to report to the board, identifying any matters in respect of which it considers
that action or improvement is needed, and making recommendations as to the
steps to be taken.

The audit committee should be provided with sufficient resources to undertake its duties.

Advantages and disadvantages of audit committees

3.4 The key advantage to an auditor of having an audit committee is that a committee
of independent non-executive directors provides the auditor with an independent
point of reference other than the executive directors of the company, in the event
of disagreement arising.

3.5 Other advantages that are claimed to arise from the existence of an audit
committee include:

(a) It will lead to increased confidence in the credibility and objectivity of

financial reports.

(b) By specialising in the problems of financial reporting and thus, to some

extent, fulfilling the directors’ responsibility in this area, it will allow the
executive directors to devote their attention to management.

(c) In cases where the interests of the company, the executive directors and
the employees conflict, the audit committee might provide an impartial
body for the auditors to consult.

(d) The internal auditors will be able to report to the audit committee.

3.6 Opponents of audit committees argue that:

(b) There may be difficulty selecting sufficient non-executive directors with

the necessary competence in auditing matters for the committee to be
really effective.

(c) The establishment of such a formalized reporting procedure may dissuade

the auditors from raising matters of judgment and limit them to reporting
only on matters of fact.

(d) Costs may be increased.

Role and function of audit committees

3.7 In an appendix to the Cadbury Report, the Committee expands on the role and
function of the audit committee.

254
 ‘If they operate effectively, audit committees can bring significant benefits. In
particular, they have the potential to:

(a) Improve the quality of financial reporting, by reviewing the financial

statements on behalf of the Board;

(b) Create a climate of discipline and control which will reduce the
opportunity for fraud;

(c) Enable the non-executive directors to contribute an independent

judgement and play a positive role;

(d) Help the finance director, by providing a forum in which he can raise
issues of concern, and which he can use to get things done which might
otherwise be difficult;

(e) Strengthen the position of the external auditor, by providing a channel of

communication and forum for issues of concern;

(f) Provide a framework within which the external auditor can assert his
independence in the event of a dispute with management;

(g) Strengthen the position of the internal audit function, by providing a

greater degree of independence from management;

(h) Increase public confidence in the credibility and objectivity of financial

statements.’

Benefits of Good Corporate Governance

The benefits of applying good corporate governance are to:

 Reduce risk
 Stimulate performance
 Improve access to capital markets
 Enhance the marketability of products/ services by creating confidence among
stakeholders
 Improve leadership
 Demonstrate transparency and accountability

255
EXAM QUESTION BANK
1. PHIRI AND TEMBO
Mr. Phiri and Mr. Tembo are in partnership. Previously accounts have been prepared by
their bookkeeper but as their business is growing they are considering asking your firm to
act as auditors to the partnership.

Required
(a) State how a non-statutory audit could assist the partnership.
(b) Identify the major difficulty you could potentially face in a non-statutory audit, and
state how you would try to overcome it.
2. STANDARDS
You are required to discuss the advantages and disadvantages of accounting and auditing
standards to auditors and the consequences of such standards being enforceable by
statute.

3. ROLE OF INTERNAL AUDIT (20 marks)

(a) You are a member of the internal audit team at Lumbeni Holdings, a listed company.
The board of directors wants to raise the profile of the internal audit department in the
company. They have asked the internal audit department to give as series of seminars
on the corporate governance and the role of internal audit in achieving corporate
objectives to other members of staff
The head of internal audit has asked you to prepare some notes on this subject.
Required
Prepare the notes which the head of internal audit wants.
You should cover the following matters:
(i) The Board of Directors
(ii) Accountability
(iii) The meaning of risk management
(b) After the seminars, the various departments of Lumbeni Holdings have been asked to
carry out risk management brainstorming sessions to identify risks in each of their
departments and to design internal control systems to reduce those risks The Sales
Director, Clifford, has asked you if you will attend the brainstorming session in the
sales department and whether you sill assist them in the risk identification and
management process.
Required
Draft a memorandum to the Sales Director, answering his questions.
You should cover the following matters:
(i) Whether you will attend the meeting, and in what capacity.

256
 (ii) Whether you attend the meeting or not, what involvement you, as
a member of the internal audit team, will have in the risk
management exercise

4. OBJECTIVITY (20 marks)

(a) Explain the concept of objectivity, with reference to:

(i) External auditors

(ii) Internal auditors, who are members of ZICA, outlining any general threats
to objectivity that exist.

(b) Scenario 1

Plumbers Ltd is an audit client of CMK, a firm of Chartered Certified Accountants. The
firm has audited Plumbers for 11 years and the fee represents 7% of the firm’s income.
Plumbers is considering a major new project and has asked the firm if it would be happy
to undertake some one- off- consultancy work for the firm. It is possible that the fee
income for this contract would represent 10% of that year’s income for CMK. The new
business services partner, who heads up a new division of the firm, is keen to take on the
work, as this would represent his best contract yet.

Scenario 2

John works in the purchasing department of Muntu Manufacturing Co. He has been
instrumental in setting up control systems in the purchasing department as part of a recent
risk management exercise. He has a poor relationship with his immediate supervisor, the
Purchasing Director.

Muntu Manufacturing has just advertised the post of trainee internal auditor. John is
interested in the work that internal audit do, having raised substantially with the
department during the recent controls exercise. No formal accountancy qualifications are
required for the post, because the successful candidate will be put through accountancy
training. John has had a chat with the head of internal audit concerning the post and in
seriously considering making an application.

Required

Discuss the threats and the safeguards to objectivity that could be implemented in the two
situations given above.

5. AUDIT EVIDENCE (20 marks)

For each of the following substantive tests you are required to state, together with any
limitations whether they provide strong or weak evidence of the completeness, existence,
accuracy and valuation and (where applicable) ownership of the asset or liability at the
financial year end.

257
Inspecting inventories and testing perpetual records by making test counts and noting
damaged, obsolete and slow moving items
Vouching non current assets additions to supporting documentation
Verification of bank balances by bank confirmation request
Explain why it is important that audit evidence is fully documented and list the details
relating to the audit tests which should be recorded in the working papers.

6. GLO (20 marks)

Laiti Co, a limited liability company, manufactures various heating products which it
sells to both High Street and catalogue retailers.

The balance sheets for the years ended 2003 and 2004 are set out below. Last year,
materiality was set at $10,000.

2004 2003
K’000 K’000 K’000 K’000
Non current assets
Tangible non current assets 20 21
Investments 2 2

Current Assets
Inventory 52 179
Receivables 78 136
Cash at bank 12 34
Cash in hand 1 1
143 350
Total assets 165 373

Current liabilities
Trade payables 121 133
Bank loan 5 5
126 138
Long term liabilities
Bank loan 20 25
Provision 20

Capital and reserves

Share capital 2 2
Profit and loss account (3) 208
Total liabilities 165 373

*The provision of $20,000 consists entirely of a warranty provision.

Required
(a) Without carrying out any calculations, discuss whether the materiality level used in
2003 will be appropriate for this year’s audit, giving reasons for your answer.

258
(b) Explain audit risk.

(c) Review the balance sheet given above and set out the areas on which audit work
should be concentrated, giving reasons in each case.

7. USING THE WORK OF AN EXPERT (20 marks)

An auditing standard has been issued, ISA 620 Using the work of an expert.
You are carrying out the audit of Kanjani Construction a quoted company The company’s
business includes large civil engineering contractors (the construction of building s and
roads). It also owns investment properties which are let to third parties and these
comprise offices and industrial buildings.
During the year ended 31 October 20X6 the company received a substantial claim for
damages from Nendeni Manufacturing for faults in a building it had constructed. This
claim includes the cost of repairs and damages, as the customer alleges that the building
cannot be used because of the faults, so alternative accommodation has had to be found.
The company has obtained advice on the likely outcome of this claim from a local
solicitor.

In the year end accounts the properties had been revalued by an independent valuer and
the work in progress has been valued by an employee of the company who is a qualified
valuer.

Required
Describe the matters you would consider and the other evidence you would obtain to
enable you to assess the reliability of the work of experts in the following cases:

(a) Legal advice obtained from the local solicitor on the outcome of the claim by
Nendeni Manufacturing
(b) Valuation of the properties bye the independent valuer
(c) Valuation of the work in progress by the internal valuer
8. INTERNAL CONTROLS (20 marks)
(a) State your objectives of an internal control system.
(b) Internal and external auditors may review internal control systems. Explain the
reason for their reviews, distinguishing between them.
(c) Suggest the work an internal auditor could carry out to check procedures in a
purchase system to minimise the risk of fraud.
(d) If the risk of fraud is assessed as higher than normal, how would that affect the
work of an external auditor and an internal auditor?

259
9. MUYE DISTRIBUTORS (20 marks)

Muye Distributors is a small company which maintains its sales, purchase and nominal
ledgers on a small PC, using a standard computerised accounting package. The company
buys products from large manufacturers and sells them to shops which either sell or hire
them to the general public. The products include draining clearing machines, portable
generators, garden cultivators and wallpaper strippers.

You have been asked to carry out an audit of the nominal ledger system to verify that
items are accurately recorded in the year. At the end of the year, the nominal ledger
produces a trial balance, which is used to prepare the annual accounts.

The company employs a bookkeeper, who is responsible for posting the sales and
purchase ledgers, and maintaining the nominal ledger. Data in posted to the nominal
ledger as follows:

At the start of the financial year, all the balances on the nominal ledger accounts are set to
zero (using the standard year-end procedure of the computer package).

The following procedures relate to purchase transactions:

When invoices are posted to the purchase ledger, the purchase analysis code (for the
nominal ledger), the purchases value and the sales tax value are entered. The total invoice
value is posted to the purchase ledger. At the end of the month, the computer posts the
following items to the nominal ledger.
The total of each category of invoice expense and sales tax for purchase invoices and
credit notes posted in the month (at the same time the computer prints details of the
individual invoices making up the total of each invoice expense and sales tax for the
month).
The total of purchase ledger cash payments, discount received and adjustments posted to
the purchase ledger in the month (the computer prints details of the individual items
comprising the total cash discount and adjustments for the month).
Where there is no account in the nominal ledger relating to the items being posted, the
computer posts the items to a accounts payable suspense account. Also, all adjustments
are posted to the suspense account.
Sales ledger data is posted to the nominal ledger in a similar way to purchase ledger data.
Journals are posted manually to the nominal ledger for:
The opening balances at the start of the year
Other cash book items (other than sales and purchase ledger cash)
Petty cash payments
Wages analysis (details are obtained from the computerised payroll system)
Adjustments, which include:
Correction of errors

260
Dealing with items in the sale and purchase ledger suspense accounts (adjustments posted
to the ledger, and items where there is no account in the nominal ledger)
All these journals are written manually in an accounts journal book, and they must be
authorised by the managing director before posting. The opening balances are posted to
the nominal ledger when the previous year’s accounts have been approved by the
auditors. Although the employee wages are calculated using another computer package,
the total wages expense is posted to the nominal ledger manually. The wages expense is
calculated from the payroll’s monthly summary, using a spreadsheet package, and the
wages expense is analysed into directors, sales, warehouse and office wages (or salaries).

You are required to list and describe the audit work you would perform on the
computerised nominal ledger system, and in particular:

The checks you would perform to verify the accuracy of purchases transactions, which
are posted to the nominal ledger.

The checks you would perform to verify the validity and accuracy of journals posted to
the nominal ledger. Also, you should briefly describe any other checks you would
perform to verify the accuracy of the year-end balances on the nominal ledger.

Note. You should assume that sales transactions are accurately recorded and correctly
posted to the nominal ledger.

10. CHEQUE PAYMENTS AND PETTY CASH (20 marks)

Mr Mateyo has recently acquired the controlling interest in Sportec Co, who are
importers of sportswear. In his review of the organisational structure of the company Mr
Mateyo became aware of weaknesses in the procedures for the signing of cheques and the
operation of the petty cash system. Mr Mateyo engages you as the company’s auditor and
requests that you review the controls over cheque payments and petty cash. He does not
wish to be a cheque signatory himself because he feels that such a procedure is an
inefficient use of his time. In addition to Mr Mateyo, who is the managing director, the
company employs 20 personnel including four other directors, and approximately three
hundred cheques are drawn each month. The petty cash account normally has a working
balance of about $300, and $600 is expended from the fund each month. Mr.Mateyo has
again indicated that he is unwilling to participate in any internal control procedures,
which would ensure the efficient operation of the petty cash fund.

Required

Prepare a letter to Mr Mateyo containing your recommendations for good internal control
procedures for:

Cheque payments
Petty cash
(Marks will be awarded for the style and layout of the answer.)

261
Discuss the audit implications, if any, of the unwillingness of Mr Mateyo to participate in
the cheque signing procedures and petty cash function.

11. ANALYTICAL REVIEW

Explain the purpose of analytical review and at what stages of the audit it should be
carried out.
Explain the importance of analytical review in a review assignment.
12. MUKE MANUFACTURING (20 marks)
You are the audit assistant assigned to the audit of Muke Manufacturing. The audit senior
has asked you to plan the audit of non current assets. He has provisionally assessed
materiality at K72,000.
Muke Manufacturing maintains a register of non current assets. The management
accountant reconciles a sample of entries to physical assets and vice versa on a three-
monthly basis. Authorisation is required for all capital purchases. Items valued less than
K10,000 can be authorised by the production manager, item costing more than K10,000
must be authorised by the Managing Director. The purchasing department will not place
an order for capital goods unless it has been duly signed.
The company has invested in a large amount of new plant this year in connection with an
8-year project for a government department. The management account has provided you
with the following schedule of non current assets:
Land and Plant and Computers Motor Total
buildings equipment vehicles
K K K K K
Cost *
At 31 March 500,000 75,034 30,207 54,723 659,964
2001
Additions 250,729 1,154 251,883

At 31 March 500,000 325,729 31,361 54723 911,847

2002
Accumulated
depreciation
At 31 March 128,000 45,354 21,893 25,937 221,184
2001
Charge for 8,000 28,340 2,367 13,081 51,788
year
As at 31 136,000 73,694 24,260 39,018 272,972
March 2002
NRV as at 31 364,000 252,069 7,101 15,705 638,875
March 2002
NRV as at 31 372,000 29,680 8,314 28,786 438,780
March 2001

* Of which K10, 000 relates to land

262
Required

Without undertaking any calculations assess the risk of the tangible non current assets
audit, drawing reasoned conclusions.

Outline the audit procedures you would undertake on non current assets in respect of the
following assertions:

Existence valuation (excluding depreciation)

Completeness

Describe how you would assess the appropriateness of the depreciation rates.

13. SITTING PRETTY

Wilongo Co is a small, family run company that makes plastic chairs in a variety of
shapes and colours for children and ‘run at heart’ adults. It buys in sheets of plastic which
can be cut and bent into the correct shape and a plastic leg that is custom made by another
company to Wilongo’s requirements. All off-cut plastic is sent back to the supplier who
melts it down and re-uses it, for which Sitting Pretty receive a 10% discount off their
purchase price.

For the inventory count, the factory manager ensures that no work in progress is
outstanding and closes down production for the day. The factory workers come in early
on the day of the inventory count to count the inventory, and they are entitled to go home
as soon as inventory is counted. Good controls have always been maintained over the
inventory count in previous years. There are no perpetual inventory records. Raw
materials are all kept in the stores and are only taken out when they are required for
production. Finished goods are kept in the factory, near the delivery exit.

You are the audit assistant assigned to attend the inventory count. You have just rung the
factory manager and as mentioned that on the day of the inventory count a large
consignment of plastic is going to be delivered. It is the only day that his supplier can
make the delivery, and he needs the material to continue with production on the day after
the inventory count.

The audit engagement partner has told you that he is aware that Wilongo changed the
specification of their customised leg recently, after a series of complaints over the
stability of their chairs. Last year’s inventory was valued at K200, 000 in the balance
sheet, of which K30, 000 related to raw material inventory.

Finished goods are all carried at the same valuation as each other as there is very little
difference between the inventory ranges. Planning materiality for this year has been set at
K5, 000 on the grounds, at this stage, that the figures are expected to be similar to last
years.

263
Required

(a) Explaining the importance of the inventory count in this situation.

(b) Prepare notes for your audit supervisor detailing the procedures you propose to
undertake in relation to your inventory count attendance.
(c) Outline the procedures which should be taken in relation to cut off at the final audit.
(d) List the audit procedures you would carry out on the valuation of inventory at the
final audit.

14. SPAKA (20 marks)

Spaka, a limited liability company, distributes domestic electrical equipment from one
warehouse. Customers are mainly installers of such equipment, but there is ’cash and
carry’ counter in the warehouse for retail customers. The warehousemen are responsible
for raising invoices and credit notes relating to credit sales as well as handling cash sales.

You have carried out your interim audit in respect of the year ending 31 December 20X0
which included a circularisation of 80 trade accounts receivable as at 30 September 20X0
selected from a total credit customer list of 1,000. Replies were received from all
customers circularised. The interim audit work disclosed the following:

(a) Of the 80 customers accounts circularised, 8 disagreed but could be reconciled by

bringing into account payments stated by the customers concerned to have been made
before 30 September 20X0 but which in each case were recorded in Spaka’s books
between 14 and 18 days after the dates stated by the customers as the date of
payment.

(b) Your tests suggested that some 25% of credit customers were allowed settlement
discounts of 21/2% although payments were consistently received after the latest date
eligible for discount.

(c) A large number of credit notes were raised representing approximately 12% of the
total number of invoices raised. A review of the copy credit notes indicated that they
usually arose from arithmetical and pricing errors on invoices raised.

You are required to set out the conclusions you would draw as a result of the interim
audit and the work you would plan to carry out at the final audit on trade receivables at
31 December 20X0 based upon those conclusions.

15. FASHIONA (20 marks)

Your firm is the auditor of Fashiona Textiles, a privately owned incorporated business,
and you are auditing the financial statements for the year ended 31 October 20X7. The
company has a turnover of K2.5 million and a profit before tax of K150.000.
(a) The company has supplied you with the following bank reconciliation at the year
end. You are entered the ‘date cleared’ on the bank reconciliation, which in the
date the cheques and deposits appeared on the November’s bank statement.

264
Balance as per bank statement as at 31 October 20X7 K (9,865)

Add deposits not credited.

CB Date Type Date cleared K K K

31 Oct SL 3 Nov 11,364
24 Oct CS 3 Nov 653
27 Oct CS 4 Nov 235
28 Oct CS 5 Nov 315
29 Oct CS 6 Nov 426
30 Oct CS 7 Nov 714
31 Oct CS 10 Nov 362 1 14,069
Less
Uncleared
deposits
CB Date Cheque No. Type Date cleared K
30 Oct 2163 CP 3 Nov 1,216
31 Oct 2164 PL 18 Nov 10,312

31 Oct 2165 PL 19 Nov 11,264

31 Oct 2166 PL 18 Nov 9,732
31 Oct 2167 PL 20 Nov 15,311
31 Oct 2168 PL 21 Nov 8,671
31 Oct 2169 PL 19 Nov 12,869
31 Oct 2170 PL 21 Nov 9,342
31 Oct 2171 CP 3 Nov 964 (79,681)
Balance as (75,477)
per cashbook
at 31 Oct
20X7

Notes

‘CB date’ is the date the transaction was entered in the cash book

Type of transactions
SL sales ledger receipt
CS receipt from cash sales
PL purchase ledger payment
CP cheque payment (for other expenses)

All cheques for purchase ledger payments are written out at the end of the month.

265
Required
(i) Describe the matters which cause you concern from your scrutiny
of the bank reconciliation.
(ii) Describe the investigations you will carry out on the items in the
bank reconciliation which cause you concern.
(iii) Describe the adjustments you will probably require to be made to
the financial statements if your investigations confirm the
problems you have highlighted in (i) above.
(b) The manager in charge of the audit has asked you to consider the petty cash
system and recommend what audit work may be necessary. You have found that
petty cash is recorded in a hand written analysed petty cash book and it is not kept
on an imprest system. From the petty cash book you have recorded the petty cash
expenditure for each month.

20X6 K
November 855
December 6,243
20X7
January 972
February 796
March 893
April 751
May 986
June 695
July 749
August 8,634
September 948
October 849
Total 23,371

Required

Advise the audit manager as to the desirability of performing further substantive

procedures on petty cash. You should consider materiality and audit risk in relation to the
petty cash system.

Assuming the audit manager decides that further audit work is necessary; describe the
detailed substantive tests of transactions and balances you should carry out on the petty
cash system.

16. LIYILO ELECTRONICS (20 marks)

You are the audit senior in charge of the audit of Truro Electronics a limited company

266
Required

State the audit procedures you would carry out to verify the following items appearing in
the balance sheet at 31 March 20X8.

Trade accounts payable K3, 200,000

Bank overdraft K2, 100,000
Income tax payable K5, 200,000
Accruals K2, 300,000

17. GOING CONCERN

Muye Joinery, a private company, owned by its directors, manufactures wooden window
frames, doors and staircases for domestic houses. It has prepared draft accounts for the
year ended 30 September 20X6 and you are concerned that they indicate serious going
concern problems. The profit and loss accounts and balance sheets for the last five years
(each ended 30 September) are given below:

INCOME STATEMENTS
20X2 20X3 20X4 20X5 20X6
K’000 K’000 K’000 K’000 K’000
Sales 625 787 1,121 1,661 1,881
Cost of sales (478) (701) (962) (1,326) (1,510)
Gross profit 147 86 159 335 371
Other expenses (88) (86) (161) (240) (288)
Interest (6) (9) (58) (90) (117)
Net profit/(loss) 53 (9) (60) 5 (34)

BALANCE SHEETS
20X2 20X3 20X4 20X5 20X6
K’000 K’000 K’000 K’000 K’000
Assets
Current assets
Inventory 67 133 181 307 449
Trade accounts receivable 91 240 303 313 364
158 373 484 620 813
Net current assets 89 161 544 600 587
Total assets 247 534 1,028 1,220 1,400

Liabilities and
shareholders’ funds
Current liabilities
Trade accounts payable 90 317 355 490 641
Bank overdraft 10 65 211 269 365
Lease creditor 14 28 98 92 59
114 410 664 851 1,065
Non-current loan 300 300 300
267
 114 410 964 1,151 1,365
20X2 20X3 20X4 20X5 20X6
K’000 K’000 K’000 K’000 K’000
Shareholders’ funds
Share capital 17 17 17 17 17
Reserves 116 107 47 52 18
133 124 64 69 35
Total liabilities and share 247 534 1,028 1,220 1,400
holders’ funds
The company has been in business for about fifteen years. In January 20X3 it decided to
build a new factory on a site leased from the local authority which would allow a major
increase in sales. This new factory with new machinery was completed a year later. The
factory was financed by a non-current loan of $300,000 from a merchant bank and an
increase in the bank overdraft.
The loan from the merchant bank is secured by a fixed charge on the leasehold factory
and the bank overdraft is secured by a second charge on the leasehold factory, a fixed
charge on the other fixed assets and a floating charge on the current assets.
The company purchases its main raw material, wood, from timber wholesalers. It sells
about 75% of its production to about twelve local and national builders of new domestic
houses. The remaining sales are mainly to smaller builders with a very few sales to local
builders merchants.

Required

(a) In relation to the accounts above, list and briefly describe the factors which
indicate that the company may not be a going concern. You should also highlight
certain figures and calculate relevant ratios in the accounts.

Note. You will only be given credit for going concern problems which can be
determined from the accounts above.

(b) Describe the investigations and checks you would carry out, in addition to those
described in part above, to determine whether the company is a going concern.

18. THE STANDARD EXTERNAL AUDIT REPORT (20 marks)

(a) What are the main elements of the audit report prescribed by ISA 700?

(b) You are an audit partner and are reviewing the audit files of four clients, on each
of which there is a significant matter arising.

The audit team were not informed about the year-end inventory count until after it had
taken place. Inventory is material in the financial statements.

268
No provision has been made against a material amount owed by a customer who is now
in liquidation.

The accounts of a client do not contain a cash flow statement.

A substantial claim has been lodged against the company by a major customer. The
matter is fully explained in the notes to the accounts, but no provision has been made for
legal costs or compensation payable as it is not possible to determine with reasonable
accuracy the amounts, if any, which may become payable. The directors have received
legal advice which appears to be reliable that the claim can be successfully defended.

Required

Explain what impact each of these matters would have on the audit report.

19. INTERNAL AUDIT REPORTING (20 marks)

You have been appointed manager of internal audit in a large organisation and asked to
set up an appropriate department.

Required

You are required to produce a formal memorandum for the Board of Directors, briefing
them on the following matters:

(a) Brief comparison of the role of external audit with internal audit.
(b) Explain the role of the internal audit function at the design state of
a new accounting system.
(c) Explain the format and nature of reporting that the internal audit
department will carry out.

20. TUTEMWANE (20 marks)

You are an audit assistant in the firm Wilma Chartered Accountants. You have been
asked to plan the audit of ‘Tutemwane!’ for the year ended 30 June 20X2. It is the first
time your audit firm has audited the charity, which has not been audited previously. The
trustees have expressed interest in receiving a ‘value added’ audit and are particularly
interested in business advice, especially in the area of systems controls.
Tutemwane is a registered charity that raises money for projects building wells in
Southern Africa through musical entertainment. The group consists of volunteers who
travel around the country, putting on variety shows of music and dance, the proceeds of
which are put towards building the wells. The main show is a tap dance production,
acting out the difficulties many people face when they are no near a clean water supply.
The administrative offices of Tutemwane are located in a large provincial town. It owns a
house donated by legacy in the past, where the administration is carried out and where the
volunteers stay during off periods.

269
A large proportion of Tutemwane’s income comes from box office receipts which are
taken by the theatre at which they are performing. The theatres usually waive their
standard terms for use of the premises and merely take a 10% commission on ticket
receipts to cover light and heat and other such expenses. Income usually comes in after
every booking in the form of a lump sum cheque from the theatre, together with a break
down of takings and commission.

Tap also receives donations towards the work. These come from a variety of sources:
 Cash donations from buckets passed around at the interval of each performance
 Cash donations on the (rare) occasion that the team do street performances
 Cash donations made over the phone or by post by interested donors

The troupe consists largely of volunteers so they are only paid expenses for their work.
The cost of housing the group while they are on the road is borne by the charity. The
charity employs an administrator who organises bookings, handles publicity and
coordinates all the finances.

Required
(a) Discuss the risks arising for the audit of the year ending 30 June 20X2.
(b) Outline the audit procedures you would undertake in respect of cash income in the
financial statements.
(c) Outline some controls over cash which the charity should implement.

EXAM ANSWER BANK

1. PHIRI AND TEMBO

(a) A non-statutory audit could assist the partnership of Phiri and Tembo in the following
ways.

(i) It would highlight any weaknesses in the partnership’s systems, and should
provide constructive suggestions for improvements.
(ii) It would help to substantiate the partnership accounts in case of any disagreement
between the partners of any query arising as to the results shown in the accounts.
(iii) Audited accounts carry more weight with interested third parties such as the
taxation authorities and bankers or other potential sources of loan finance or
credit.

(b) There is a risk that, in the absence of statutory guidance, auditors and clients has different
expectations of the non- statutory audit. For instance, as discussed in (b) above, the client
may expect the audit to be aimed at detecting fraud. A letter of engagement should be
sent by the client to the auditors, having been discussed and agreed by both parties,
setting out the areas to be covered by the audit. This should help to ensure that the client
understands what degree of comfort the audit will give, and that the auditors are aware of
the client’s requirements.
270
2. STANDARDS

The major advantages of accounting standards and auditing standards can be summarized as
follows:

(a) Accounting standards

(i) They reduce the areas of uncertainty and subjectivity in accounts.

(ii) They narrow the areas where different accounting policies can be adopted.
(iii) They increase the comparability of financial statements.
(iv) They codify what is considered in most circumstances to be best accounting
practice.
(v) They give an indication of the interpretation of the concept ‘true and fair’ in
many circumstances.

(b) Auditing standards

(i) They give a framework for all audits around which a particular audit can be
developed.
(ii) They help to standardize the approach of all auditors to the common objective of
producing an opinion.
(iii) They assist the court in interpretation of the concept of ‘due professional care’
and may assist auditors when defending their work.
(iv) They increase public awareness of what an audit comprise and the work behind
the production of an audit report.
(v) They provide support for auditors in a dispute with clients regarding the audit
work necessary.

The possible disadvantages include the following:

(a) Accounting standards

(i) They are considered to be too rigid in some areas and too general in others,
making their application difficult in some circumstance.
(ii) They can be onerous for small companies to adopt.
(iii) Their proliferation could be said to increase proportionately the number of
qualified audit reports thereby reducing the impact of such qualifications.
(iv) They can create divisions within the profession of those who agree and those
who disagree with a particular standard.
(v) They would be difficult to change once they become statutory as alterations to
company law can take years rather than months to enact.

(b) Auditing standards.

(i) It may appear that they impinge on rather than assist professional judgement.
(ii) They are considered by some to stifle initiative and developments of new
auditing methods.
(iii) They may create additional and unnecessary work and thus raise fees,
particularly on the audit of small companies.

271
If either type of standard were to be enforceable by statue it would mean that there would be
government intervention in areas currently controlled solely by the profession itself. This might
ultimately lead to a diminished role in self-regulation. To be enforceable by statute the standards
would have to be applicable to all circumstances and thus need to be very greatly and broad in
their instructions. This might reduce their usefulness to the auditors. Auditors might spend
unnecessary time ensuring that they have compiled with the law rather than considering the
quality of their service to their clients.

Finally, it should be considered whether full statutory backing for standards would force auditors
into narrow views and approaches which might gradually impair the quality of accounting and
auditing practices.

3. ROLE OF INTERNAL AUDIT

Tutorial note. This is an important area both in practice and in this syllabus. It is important that
you get to grips with the all the issues relating to internal audit and risk management.

Part (a) of this question requires you to state what you know about the background corporate
governance issues and any requirements which companies must meet.

Part (b) requires you to apply the role of internal audit in a practical situation. It demands that
you draw some conclusions about what your role will be. You should provide reasoning for the
conclusions you draw, so that the marker can credit you both for your conclusions and your
thought-processes. As internal auditor you have been asked to educate the senior management
about the role of internal audit, so in practice it would be appropriate for you to appraise the
director of your reasoning.

(a) Notes on the role of internal audit

(i) Requirements in relation to the Board of Directors

As a listed company, Lumbeni Holdings should implement the following:

 There should be a clearly accepted division of responsibilities

 Positions of Chief Executive and Chairman should be distinct
 A formal schedule of matters for referral to the Board should exist
 There should be a balance of executive and non-executive directors.

Companies should also set up remuneration committees comprised of non-

executive directors to determine executive remuneration. Committee should
report annually to the shareholders setting out the company’s policy to
remuneration and making disclosures about director’s remuneration packages.

(ii) Requirements in relation to accountability

They should also consider the following matters in relation to accountability:

 Directors must explain responsibility for preparing accounts

 Directors must report on the going concern status of the company
 The Board should establish an audit committee
272
 In addition, the financial statements are likely to be required to be audited by an
independent auditor who qualities for the position under legislation.

(iii) Risk management

Directors should review the effectiveness of internal control systems at least

annually.

Internal control systems are maintained to enable the business to operate

efficiently, to ensure that assets are safeguarded and that reliable records are
maintained. An internal control system reduces risk to a company.

As such, an internal control system is part of a company’s risk management.

Directors are required to review the system as part of their management exercise,
to ensure that the system is still reducing risks, and that all risks have been
considered.

The directors are also required to appraise the need for an internal audit
department annually. Internal audit have a role in monitoring the risk
management of an entity.

(b) Sales department brainstorming session

MEMORANDUM

TO: Sales director

(i) I should be able to come along to your brainstorming session in July. However,
it is probably best that I attend in an advisory and interested capacity only.

As we shall be involved in monitoring the systems which the sales department

put into place to mitigate risks in the business, it is inappropriate for me to get
too involved in the initial systems design stage, as this will impair my future
objectivity when monitoring how the system is operating and achieving its
objectives.

(ii) In terms of assessing risks, I am not best qualified to undertake this role. You are
the specialists and should be able to identify the major risks arising in the
department.

Just to give you a better idea if what my role can be, I can say that internal audit
is able to provide three things:

 Objective assurance on the operation of systems once you have them up and
running
 Assistance in setting up a process to help you identify risks
 Assistance in strengthening the control process once you have identified
risks.

273
 In other words, if you are struggling to identify risks at the meeting, I can give
you some pointers on how to go about it, but after that job will be looking at the
systems you come up with, and helping you improve them continually.

See you at the meeting, if not before,

Internal auditor

4. OBJECTIVITY

(a) OBJECTIVITY

Objectivity is defined by ZICA as being ‘a state of mind which has regard to all
considerations relevant to the task in hand but no other. It pre-supposes intellectual
honesty.’

(i) External auditors. Objectivity is usually hallmarked by ‘independence’ in the

case of external auditors. The auditor must ‘be, and be seen to be, independent’.
ZICA provides a number of guidelines as to how an auditor should maintain his
independence.

(ii) Internal auditors. Internal auditors are usually employees of the people they
report to, so independence is a more difficult issue to understand here. However,
it is vital that they maintain objectivity towards their tasks within a company, so
they must avoid conflicts of interest and maintain integrity in their relationships
with other staff members.

In particular, as a ZICA member, an internal auditor is bound by ZICA’s

Fundamental Principles and Rules of Professional Conduct. Objectivity is a
fundamental principle.

Threats to objectivity:

The following are all threats to objectivity:

 Personal interest (for example, fear of losing fees or good relationship with a
client/fellow staff member)
 Review of own work (for example, if an auditor audits financial statements he has
compiled, or an internal auditor monitors systems he has designed)
 Disputes (for example, with a client, or where an audit firm advocates for its client,
or where an internal auditor has a personal issue with a staff member)
 Long association or undue sympathy (for example, through close personal
relationships)
 Intimidation (this is linked to self-interest. For example, fear of losing a client or an
internal auditor losing his job)

274
(b) Two situations

Scenario 1

(i) Threats

The situation raises three potential threats to objectivity.

The first is the issue that the firm has a long association with the audit client. It
is unclear whether the same engagement staff have been associated with the
entity in that time.

The second is that the firm has been offered the opportunity to carry out work
than for the firm. ZICA guidance states that provision of other services can
affect objectivity.

Connected to the previous point is the fact that a self-interest threat arises
through the substantial fee income that this client may generate in the current
year. ZICA’s guideline in respect to recurring income is that 15% of office
income from one client is likely to adversely affect objectivity (for a Ltd
company). The income in this year is likely to be 17%, but much of that is not
recurring. However, the form should consider that the result of the consultancy
might be that the business expands and the audit fee might rise in the future.
They should lay down contingency plans.

(ii) Safeguards

In relation to the other services, the key inherent safeguard is that it is a one off
project, as stated above. It appears that it will also be carried out by a
department other than the audit department, which will help to maintain
objectivity.

In terms of the audit, as the client has been associated with the audit firm for a
number of years, the firm should consider laying out procedures for rotation of
the engagement partner in relation to the client, so that the relationship cannot
become too close over time.

If this is considered inappropriate, it might consider instituting a second partner

review as another measure to maintain objectivity.

Scenario 2

(i) Threats

If John was to get the job in the internal audit department, there would be
considerable threat of self-review, as he would have to monitor the systems
which he has set up in the purchasing department.

As John is a current employee of the company, there is also a risk that his
objectivity towards an internal audit role would be affected by his relationships
with fellow employees.

275
 This is particularly the case with regard to his relationship with his current boss,
the Purchasing Director, as he has a poor relationship with him. As a member
of the internal audit department, John would in all likelihood have to report
directly on matters relating to this director.

(ii) Safeguards

If John gets the job, an important safeguard would be that he did not work on
matters relating to the purchasing department for a period of time, or
perhaps until the systems have been reviewed again an/or the Purchasing
Director moves on.

It would also be important to address the issue of objectivity as part of the

recruitment process. The issue of relationships with staff would have to be
discussed and understood.

Lastly, it would be important to have objectivity in the recruitment process.

As John has had an informal discussion with the head of Internal Audit, the head
of Internal Audit should ensure that other staff members are included in the
recruitment process.

5. AUDIT EVIDENCE

(a)
(i) Inspecting inventories and testing perpetual records by making test counts
provides:

1. Strong evidence of completeness with the limitation that items not physically
in inventory or on the perpetual records will not be identified. This may
apply to goods in the receiving area at the time of the inventory count.
2. Strong evidence of existence.
3. Strong evidence of accuracy.
4. Weak evidence of valuation, and
5. Weak evidence of ownership as inventory items may be on consignment or
help under Romalpa conditions.

(ii) Vouching non-current asset additions to supporting documentation provides:

1. Weak evidence of completeness as such a test will not highlight omissions

only overstatement.
2. Weak evidence of existence as, although the additions were purchased by the
company, there is no evidence that they are physically held by the company
at the year end.
3. Strong evidence of accuracy
4. Strong evidence of valuation in respect of cost but not for any subsequent fall
in value, and
5. Strong evid3nce of ownership as the purchase will be invoiced in the
company name. However,, this assumes no subsequent sales of transfers.

(iii) Verification of bank balances by bank confirmation request provides strong

evidence for existence, accuracy, valuation and ownership for balances at the
particular bank circularized. However, only weak evidence if given of
276
 completeness, because undetectable balances may be held at other banks. The
same applies to liens.

(c) Audit evidence should be fully documented so that the auditor has a written record of the
work and conclusions thereon on which he has based his audit opinion.

Documentation also acts as a means of quality control on the work done providing
evidence for the reviewer. (Per IAS 220 work delegated should be reviewed in a matter
which provided reasonable assurance that the work is performed competently). It is
particularly important in litigation situations.

The details relating to the audit tests which should be regarded are as follows:

(i) Detailed audit tests carried out, the reasons for the timing and level of the tests
and the objectives of the tests.
(ii) Notes of errors or expectations found and action taken
(iii) Conclusions drawn by staff who performed the tests

LAITI

Tutorial note. In part (a) you must discuss the issues raised by the question. It is not appropriate
to answer a 3 marks question by saying ‘no, it will not be appropriate’. The question asks you
discuss, so you must explain your reasoning and come to a conclusion.

Part (b) should represent easy marks. However, remember to explain what you know swiftly to
bank those marks and then move on to section (c) where a large number of marks are available
for identifying risk areas in practice.

In part (c) you need to identify what looks odd in the balance sheet because this will indicate that
it is potentially a risk requiring a higher level of audit work. However, you should not just read
through the balance sheet and compile an answer which lists the balance sheet areas in balance
sheet order, explaining they are risky because ‘inventory has fallen’ etc.

You should explain why things may be risky for the audit, in other words, explain what the
balance sheet movement may indicate, inventory may have fallen because a large amount of
inventory held at a third parties wasn’t included in the inventory count, or because of a
tremendous recent marketing push. The first explanation shows the risk that the financial
statements are materially misstated in terms of inventory completeness.
You should structure your answer in terms of what you feel is the greatest risk. This may
involve making links between the various lines of the balance sheet and pulling together an
overview of the situation. In our answer below, we highlight the issue of going concern. There
is no point in auditing the Balance Sheet in its current form if the going concern basis is
inappropriate, therefore, going concern is a key risk in this audit. There are various indicators that
the going concern assumption may be inappropriate: fall in value in the whole balance sheet,
retained loss, fall in cash position, suggestion of fall inactivity.

277
(a) Materiality
It is never appropriate to apply the prior year’s materiality figure to the current year
figures. Materiality should be assessed in each year.
If the financial position has not changed much, and the results are very comparable with
the prior year it is possible that the materiality assessed year on year is very similar, but
this does not mean that the auditors should not assess it for each audit. When assessing
materiality the auditor must consider all known factors at the current date. In this case,
the position has changed considerably, increasing the risk of the audit, which may lower
materiality in itself.
As the balance sheet position has changed considerably, so when materiality is assessed,
it is unlikely that it will be similar to the prior year. Using he information available,
materiality is likely to be assessed extremely low in monetary terms, due to the overall
decrease in assets and the loss that appears to have been made in the year. It is also
possible that given the current balance sheet position, the sheet figures will not be used to
assess materiality in this year.
(b) Audit risk
Audit risk is the risk that the auditor will give an inappropriate opinion on financial
statements. It is made up of three different elements of risk:

 Inherent risk: the risks arising naturally in the business and specific
account/transactions
 Control risk: the risk that the accounting system will fail to detect and prevent errors
 Detection risk: the risk that the auditors will not detect material misstatements
Detection risk is comprised of sampling risk (the risk that the auditors’ conclusion drawn
from a sample is different to what it would have been, had the whole population been
tested) and non-sampling risk (the risk that auditors may use the inappropriate procedures
or misinterpret evidence).

Inherent and control risk are assessed by the auditors. Detection risk is then set at a level
which makes overall audit risk acceptable to them.

(c) Specific audit areas of risk

A review of this balance sheet suggests that audit work should be directed in the
following areas:

Going concern

The balance sheet has reduced considerably in value since the year. Total assets have
fallen from K373, 000 to K165, 000. Although the income statement has not been
reviewed, the balance sheet shows a retained loss for the year of K211,000.

Net assets show a reduction in both inventory and receivables, which suggest a
decrease in activity, although trade payable does not seem to have fallen so
considerably. However, this could be accounted for by Laiti not paying its suppliers in a
similar fashion to the previous year. It will be necessary to review the income
statement to substantiate whether activity has reduced.

278
 The cash position has also worsened, with cash falling by K22, 000. The cash flow
statement should reveal more detail about this fall. However, the company has paid of
K5, 000 of its bank loan, reducing all the debt.
In summary, audit work should be directed at going concern as several indicators of
going concern problems exist in the balance sheet. This will be further amplified when
the profit and loss account is available.

Inventory
Inventory has been mentioned above in the context of going concern. Audit work should
be directed at inventory specifically as this balance has fallen significantly from the
previous year, which seems odd in a manufacturing company. There is no suggestion
on the balance sheet for why this should be so (for example, receivables are not
correspondingly high, suggesting high pre-year end sales, and payables are not
correspondingly low, and payables are not correspondingly low, suggested low pre-year
end purchases). It may be that the inventory count did not include every item of
inventory. Alternatively it could simply point to a fall in activity (discussed above).
Warranty provision
A provision of K20, 000 has been included in 2002 for warranties. The reasons for this
must be investigated and the auditors must check that it has accounted for correctly.
It seems odd that a warranty provision should suddenly appear in a balance sheet. It
suggests a change in the terms of contracts given to customers, or a change in the
customers themselves (with different terms then applying). Alternatively it suggests that
IAS 37 has been wrongly applied in the current year, or should have been applied in
the previous year, and was not.

Other material items

As stated above, given to the indications of loss and the reduction in total asset value, it is
likely that materiality will be assessed low in monetary terms. In this case, most balances
on the balance sheet are likely to be material (excluding investments and cash in had
which appear to be very low risk).

However, as the bank loan is likely to have good audit evidence available, the most risky
of the other balances are trade receivables and trade payables, for reasons discussed
above in going concern. More detail is required to make a judgement about the risk of
tangible non-current assets.

7. USING THE WORK OF AN EXPERT

Tutorial note. Note that as well as considering the independence and qualifications of experts,
auditors should consider the scope of the expert’s work and carry out some confirmation work on
the expert’s opinion. You do not need (and would not expected to have) a detailed knowledge of
valuation of long-term contracts to be able to answer Part (c)

(a) In assessing the reliability of the legal advice obtained form a solicitor on the outcome of
the claim by Nendeni Manufacturing, the auditors should consider the following:

279
 (i) The materiality of the claim is important as the significance to the company of
the amount involved would clearly affect the extent of the audit work required.

(ii) The qualification, experience, reputation and standing of the local solicitor would
be relevant. Presumably the solicitor would be qualified, but it would also be
necessary to consider his suitability to advise on this type of claim. The
experience of the solicitor and his firm and their reputation in this field of
litigation would be an important factor in determining the extent of reliance to be
placed on the solicitor’s advice. In particular, consideration should be given as to
whether the solicitor had advised the company in respect of similar litigation in
the past and how reliable his advice had proved to be on those earlier occasions.

(iii) The independence of the solicitor must be checked as any suggestion that the
solicitor or his firm had any direct connection with the company or its
management would tend to reduce somewhat the reliability of the evidence
provided.

(iv) The nature and extent of the evidence provided by the company to the solicitor,
and on which he has based his opinion, should be carefully reviewed to ensure
that the solicitor’s decision appears to have been based upon all relevant facts
available to the company.

(v) The solicitor’s opinion should be examined and its reasonableness assessed, in
the light of the auditor’s knowledge and experience of similar cases against both
Kanjani and other clients engaged in similar activities.

(vi) If the auditors consider the amount of the claim to be material, and there is
uncertainty in relation to the outcome of the claim and/or the solicitor’s evidence,
the auditors should consider recommending to the client that a second opinion
from an independent specialist in the filed be obtained. If the client was not
agreeable to this action or if the auditors still considered there to be material
uncertainty, then a qualification on the audit report would probably be required.

(b) The factors to be considered by the auditors in assessing the reliability of the valuation of
properties by an independent valuer would be as follows:

(i) The independence of the valuer should be considered in a similar way to that of
the local solicitor, and for the same reasons.

(ii) The qualification, reputation and experience of the valuer should be considered.
The valuer should be a qualified member of a professional valuation body with
experience of valuing similar properties within the same geographical area as the
properties owned by Kanjani. If the valuer does not have experience of the type
of properties held by the company or of the area in which they are located, then
the value of his evidence is likely to be considerably reduced. The reputation of
the valuer or his firm would also affect the reliability of his evidence so far as the
auditors are concerned, with the likelihood that more reliance could be placed on
a valuation made by a large firm with a good reputation, than one obtained from
a little-known small firm.

280
 (iii) The actual valuation of the properties by the valuer should be carefully
examined. The auditors would need to satisfy themselves that a reasonable basis
for the valuation had been adopted. Typically, an open market value based upon
existing usage would be expected.

(iv) Any change in the valuation of the properties since the time of the previous
valuation should be assessed. The validity of any significant changes in the
valuation of the properties should be considered in the light of any statistical or to
other evidence available for similar properties.

(v) The reasonableness of the valuations should be considered against any profits or
losses made on any properties disposed of in recent times, as this could be a good
indication of any tendency to over or under value the properties to a material
extent, either over or under valuation being likely to distort the truth and fairness
of the financial statements.

(vi) The reasonableness of the valuations could also be considered by the auditors
comparing the valuations with those used by other clients holding similar
properties in the same locations.

(c) The matters to be considered when assessing the valuation of the work in progress by an
internal valuer would be as follows:

(i) How material is this asset in the financial statements: as it is likely to be highly
material, it needs to be valued accurately.

(ii) The basis of the valuation should be carefully checked to consider the extent to
which it appears to comply with the requirements of IAS 2.

(iii) Recognition of the fact that, as the valuer is an employer of Kanjani, this will
reduce the reliability of the evidence provided. However, this may be countered t
a certain extent by the fact that the valuer should have a more detailed knowledge
of the work in progress that it would perhaps ever be possible for an independent
valuer to obtain.

(iv) Confirmation should be sought that the valuer had actually visited all of the
relevant sites or otherwise obtained satisfactory evidence as to the stage of
completion of the inventory in order to provide himself with a reliable basis for
their valuation.

(v) The valuer’s basis of determining costs should be ascertained and the auditor
would need to be satisfied as to be reliability of the company’s records in this
respect and, in particular, that a consistently applied satisfactory basis of
overhead recognition had been employed.

281
8.INTERNAL CONTROLS

Tutorial note. Parts (a) and (b) to this question should be reasonably straight-forward. Part (c)
requires you to set out the work that the internal audit department would routinely do to reduce
the risk of fraud and error. Remember that one of the risks facing the purchases department is
that fraud may be perpetrated: internal controls have been put in place to ensure that this risk is
reduced. Therefore, on a routine basis, this would fall within the role of the internal audit
department checking that controls are operating effectively. In your answer to part (c) then, you
should identify what controls would exist to mitigate against fraud and set out the procedures that
internal audit carry out to test their effectiveness.

In part (d), you are asked how a risk assessment would affect the work of both internal and
external auditors. You are not asked specifically for procedures that would be carried out. You
should therefore not that as a higher than normal risk has been identified, more work would be
carried out that usual. For the external auditor this would mean a higher number of the same
procedures, for the internal auditor, it might mean a special investigation. However, you could
also note that internal audit might disguise their special operations as normal operations so as not
to alert the suspected party that they are investigating him. If fraud was expected to have a
material impact on the financial statements, the external auditors would carry outcome procedures
that they might not have otherwise carried out (for example, a suppliers’ circularisation). You
should note those in your answer.

(a) Four objectives of an internal control system

ISA 315 outlines the objectives of internal control systems:

 To enable management to carry on the business that company in an orderly and

efficient manner.

 To satisfy management that their policies are being adhered to

 To ensure that the assets of the company are safeguarded

 To ensure, as far as possible, that the enterprise maintains complete and accurate
records.

(b) Review of internal control systems

External Auditor

As part of his audit, the external auditor is required to ascertain the system and controls.
Once the system has been ascertained, the external auditor will walkthrough the systems
to ensure that they operate as he has been led to believe that they do.

The auditor will then determine his audit approach. If he is planning to rely on the
controls in the system, he has to evaluate the controls in the accounting system to assess
whether they are reliable enough to produce financial records which are free of material

282
 misstatement. In other words, he is assessing whether the systems achieve the fourth
objective given above.

He will conduct tests of controls to ensure that the controls have operated properly in the
year. If these tests produce good results, the auditor can rely on the systems and
undertake reduced substantive testing on the financial statements.

The auditor will decide not to undertake tests of controls if the controls do not appear
effective, or it is more cost effective to undertake high substantive procedures.

Internal auditor

Internal audit is an appraisal or monitoring activity established by the directors. It

functions, amongst other things, by examining and evaluating the adequacy and
effectiveness of components of the accounting and internal control systems.

Internal audit therefore review and test internal control systems whether the systems are
achieving the four objectives stated above.

Conclusion

The external auditor is interested in the internal control systems which help to produce
the financial statements which he is auditing. Internal auditors are interested more
generally in internal controls to ensure that they meet their objectives of helping the
business to operate effectively and reduce risks.

(c) Internal auditor work

The sort of frauds which could be carried out in a Purchases system are; processing non-
businesses expenses as business expenses or paying fictional suppliers inflated prices.
The work an internal auditor could carry out to check procedures in the purchase system
and to lessen the risk of fraud and error is as follows:
(i) Check individual purchases to the invoice, agreeing the details to the purchase
order and delivery note. If these items are not available this should be noted.
(ii) Review individual purchase to ensure that they are related to business expenses.
If an item appears questionable, it should be investigated further.
(iii) Review the prices paid for purchase and ensure that alternative supply options
have been considered (either on an individual basis, or o a yearly basis).
(iv) Test cheque payments to ensure that they related to approved invoices.
(v) Perform reconciliations to supplier statement to ensure that payments have been
made to the correct suppliers for genuine invoices.

(vi) Check reconciliations made between the purchase ledger and the purchase
control account to ensure that all differences have been investigated and
reconciled.

283
 (vii) Check reconciliations made between the purchase ledger and the purchase
control account to ensure that all differences have been investigated and
reconciled.

(viii) Review the purchase ledger on a regular basis to ensure that there are no unusual
or unexplained balances or debits.

(d) Risk of fraud and error

The auditors should consider the reasons that the risk of fraud and error has been assessed
as high, as this will affect the work that they do. The factors that cause each set of
auditor to assess risk as high may be different.

External auditors’ work

ISA 240 The auditor’s responsibility to consider fraud in an audit of financial settlements
requires auditors to plan and perform their audit procedures and evaluate and report the
results, recognizing that fraud or error may materially affect the financial statements.
When planning the audit the auditors should assess the risk that fraud or error may cause
the financial statements to contain material misstatements.

In this case, the risk has been assessed and it appears to be higher than normal. This
means that the external auditor will have to perform additional procedures to reduce the
risk that the financial statements are materially misstated as a result of fraud. The
additional risk would mean that materiality was assessed lower. This would result in a
greater proportion of transactions and balances being subject to evidence gathering.

If a purchase ledger fraud was suspected, the external auditors would circularize
suppliers, to obtain third party evidence as to the value of payables at the year end. If a
sales ledger fraud was suspected, they would conduct a customers’ circularization, or
extend the sample from previous years.

They would scrutinize the ledgers for induction of suppliers or customers who may be
connected to management.

The external auditors might also carry out detailed transactions tests such as have been
outlined above in part (c) to be carried out by internal audit.
Internal auditors’ work
Internal auditors might assess the risk of fraud or error as high if they had specific
suspicions about a particular member of staff. This would direct their additional work.
Investigating fraud would be a special project for the internal audit department, outside
the scope of their normal work. However, It is possible that they would want the
operation to be convert, so as to ensure that the person suspected would not be alerted to
their suspicions. The special project would involve scrutinizing past records, looking for
evidence of controls is having been bypassed, particularly evidence of authorization not
being sought. This would be done by scrutinizing documents for evidence of controls
being kept, for example, authorizing initials, or ‘paid’ stamps. They would interview
staff to assess whether if controls are maintained as they should be. They would also
observe the system operating at the current time.

284
 They might also run company searches on all the suppliers on their central suppliers’
register to ensure that they did not appear to be connected to members of staff.
If the suspicions of fraud were strong, the company might hire specialist forensic
practitioners to assist the internal audit department’s investigations.

9. FENTON DISTRIBUTORS

Tutorial note. In (b) significant emphasis is placed on testing unusual or suspicious items
(particularly the adjustment journals). Note also the importance of accounting controls at the
year-end. Correct categorization of expenses is important from the viewpoint of the statutory
accounts (directors’ emoluments), and in ensuring the quality of management information, which
the auditors may use for analytical procedures.

(a) To verify the accuracy of the purchases transactions posted to the nominal ledger I would
perform the following checks:

(i) I would check that the bookkeeper was up to date with the monthly posting of all
purchase transactions to the nominal ledger.
(ii) Specific checks on purchase transactions will include the following:

1. Purchase transactions will be traced from the invoice to the nominal ledger
and the analysis and analysis code will be checked.
2. The total invoice value will be traced to the nominal ledger.
3. The category of invoice expense and the expense amount will be checked to
confirm that it appears correctly on the detailed computer list for the month
concerned.
4. The total of the items on the detailed list will be checked to the nominal
ledger.
5. Transactions will also be traced backwards form the entries in the nominal
ledger making up the monthly total to the purchase ledger back to both the
detailed analysis and the individual invoice.
6. The amount of the invoice expense of the invoice expense will be agreed
with the amount posted to the nominal ledger.

The tests above check accounting entries forwards and backwards within the
system and any errors would be fully investigated as to their type, cause,
materiality and pattern.

(iii) The test checks on the detailed list and total postings of cash payments, discounts
received and adjustments will follow the same procedure as for invoices and
credit notes. The monthly cash book total will be checked to the total posted
from the purchase ledger to the nominal ledger.
(iv) A check on the analysis and coding of purchase invoices will be carried out to
establish the level of accuracy achieved. Particular care will be taken to see that
the expense category ‘purchases’ is correctly identified and coded from invoices
and is not confused with other categories, for example stationery, rates, gas and

285
 telephone. Incorrect analysis and/or coding may be indicated where the expense
category is high or low in comparison with its budget to date.

Large variations between actual and budget on expense categories should be test
checked to verify that they are not due to errors in analysis, coding or posting.

(b) To verify the validity and accuracy of the journals posted to the nominal ledger I would
carry out the following checks:

(i) Firstly, I would check the opening balances at the start of the financial year. To
do this I would check the value of each trial balance item on the opening trial
balance back to the closing entries on the previous year’s accounts. After this,
each item would be checked to the nominal ledger ensuring that both the value
and analysis are correct. These opening postings should be the first entries in the
new year as all nominal ledger balances should have been set to zero, and this
should be confirmed.

(ii) Other cash book items would be test checked to the nominal ledger to confirm
that postings are correct as to value and expense category. Large items would
require a larger sample size and large, unusual or suspicious items should be
checked and evidenced by supporting documentation or Board approval.

(iii) The year-end balances of cash and bank on the nominal ledger should be agreed
with the year-end balances in the cash book. This would require the last month
to be checked as the closing balances at all previous month-ends will have been
checked already.

(iv) The checks on petty cash payments transactions would include the following:

1. Check that transactions are supported by vouchers correctly posted to the

right nominal ledger account. This would include checking that transactions
are valid and coded to the correct expense category.

2. Check that petty cash transactions are within any limits, regarding the type of
expenditure of maximum value, established by management.

3. Check that the petty cash balance in the nominal ledger at the end of each
month and at the financial year-end agrees with the balance in the petty cash
book.

(v) The wages expense is posted manually to the nominal ledger from the monthly
payroll summaries by means of a journal. To verify that the journals are
correctly posted I would select several journals and check the following matters.

1. The totals of the analysis columns on the monthly summary shown on the
spreadsheet should be posted to the journal, and forward to the nominal
ledger.

2. The breakdown of wages expense into directors and the several departmental
categories will be checked. The correct identification of directors’ pay is
important as this requires statutory disclosure. I would obtain the current list

286
 of directors. I would add up the totals in the analysis columns to confirm the
summary total, and consider its reasonableness.

3. Amounts owing at the year-end for tax, accrued pay, superannuation and
other deductions will be verified and any reconciliation drawn up by the
bookkeeper agreed.

4. The analysis of wages expense for the year will be compared with the budget
and an explanation will be sought for any significant variances.

(vi) Adjustments journals are potentially a high-risk area and any checks would
include the following:

1. Check that all manually written adjustment journals were authorised by the
managing director and supported by documentation and proper narratives.

2. Check journals are posted in numerical order and there should be missing
numbers gaps in the postings.
3. Examine all large adjustments and the reasons given for the errors. These
will be traced to the nominal ledger to ensure that posting do correct the
errors.
4. Investigating closely recurring errors to establish their cause and whether
these can be avoided in future by management action.
5. Examine the purchase ledger suspense account (accounts payable suspense)
and trace all postings in and out.
6. Where there was no account in the nominal ledger, check back to the
purchase invoice, establish the account number and verify that the item has
been posted from the suspense account to the correct account.

7. Where the adjustment is due to the wrong account number being used, check
that the journal correctly transfers the item to the right account.

8. Where the bookkeeper has created entries between the purchase ledge and
the sales ledger, check that the creditor/debtor company concerned is posted
with a purchase ledger and sales ledger contra of the same value.

9. All other adjustments will be checked for validity and supporting

documentation.

Reasons will be established for postings that increase or reduce purchase ledger
balances.

(vii) Year-end balances on the nominal ledger would be further checked as follows:

1. Any balances remaining on the purchase ledger and sales ledger suspense
accounts should be itemized on a supporting schedule and the existence of
each item justified.

287
 2. Nominal ledger balances for the cash book, petty cash book, sales ledger and
purchase ledger should agree to, or be reconciled to, the cash book, petty
cash book, total sales ledger and total purchase ledger balances at the year
end. I will check that any difference is reconciled and explained. It may be
that further adjustments are required to reduce or eliminate a difference.

3. All non-current asset movement should be checked, including purchases,

sales, revaluations and depreciation.

4. All outstanding liabilities should be verified and their size reviewed for
reasonableness.

5. The bank reconciliation should establish the correctness of balances on all

types of bank account, i.e. loan, current, deposit, special transactions and son.

6. A review of the financial statements would be carried out to ensure that

material changes in assets, expenses, revenues, liabilities and share capital
are justified and explained. Justification would be sought in both relative and
absolute terms.

10. CHEQUE PAYMENTS AND PETTY CASH

Tutorial note. This question asks you to assess the controls over a particular area of a business.
As such, it could have been posed to either an internal or an external auditor – remember that
either would be possible in the exam. Notice that the answer refers to the objectives of the
suggested controls as well as the controls themselves. Thinking through the control objectives in
any given area will help you to suggest relevant controls. In another situation, it might help you
explain why controls are weak.

(a) A Mateyo CMK & Co

Managing Director Lusaka
Sportec Co I
Lusaka Date

Dear Mr Mateyo
You recently requested that we should advise you ion good internal controls over cheque
payments and petty cash. We should like to make the following recommendations:
The main objectives of control over payments are to ensure that payments are made only
in respect of valid transactions and that they are suitably authorised.
The following control procedures will contribute toward attaining these objectives:

CHEQUE PAYMENTS

(i) Cheques should be raised only on the basis of authorization, for example a
purchase invoice which has been suitably authorised.
(ii) Cheques should be signed by people other than those who approve invoices.
(iii) There should be two independent signatories for each cheque, for instance, two
directors might act as signatories. Signatories should inspect the documents

288
 supporting the cheque to ensure that the details agree. They should also mark the
document so that it cannot be reused.
(iv) Cheques should be restrictively crossed.
(v) Unused cheques should be kept in a secure place. Cheques should never be
signed in blank.
(vi) Cheques should be under sequential control and all numbers should be accounted
for. Spoilt cheques should therefore, be retained.
(vii) When cheques have been signed, they should be dispatched immediately.

5 Petty Cash

(i) Petty cash payments should be made only on the basis of suitably authorised
vouchers, which should be under sequential control. Vouchers should be retained
for subsequent references. Where independent evidence is also available, for
example invoices and receipts, this should be retained.

(ii) An imprest system should be used to control petty cash. This means that the
petty cash float is maintained at a specific amount and is reimbursed at regular
intervals on the basis of vouchers showing the payments, which have been made.
It is suggested that the float should be kept at a level of K300 and be reimbursed
on a weekly basis.

(iii) The petty cash float should be subject to a periodic surprise counts by a
responsible person not involved with the petty cash system. The balance on hand
should be reconciled to the imprest account by reference to the vouchers not yet
reimbursed.

(iv) The size of individual payments out of petty cash should be subject to a
maximum to be agreed by the directors.

(v) Staff should not be allowed to cash personal cheques or borrow from petty cash.

I hope that the above information is useful to you in designing your systems on internal
control. If you require any more information, please let me know.

Yours sincerely,

J. Simukonda

(b) Mr Mateyo presumably feels that involvement in cash and cheque controls will be
time-consuming, and that he is too busy to be involved in it. He may feel that he
does not want play a direct part in the petty cash function. Because of the small
amounts involved, he may wish to delegate this function to another director. He
should appreciate, however, that involvement at least in the authorization of cheque
payments would help to ensure that he is aware of major transactions in his business.
He might consider the possibility of authorizing cheques in excess of a given amount;
this would minimize the demands of his time, while exercising control and keeping
him informed of significant outgoings from the business.

289
 Auditors may wish to consider whether Mr Mateyo’s lack of involvement may be
symptomatic of insufficient attention being given to financial matters by the board.

11. ANALYTICAL REVIEW

Tutorial note. This is not an exam standard question, but it is a useful look at what analytical
procedures are and when they should be used. It is easy to fall into a trap of thinking that
analytical procedures are only relevant at the start and end of the audit. This is not the case.
They are valid procedures to use in the use of every balance sheet area, and so might fall into an
answer setting out procedures for the audit of any area.

(a) Analytical review involves studying significant ratios, trends and other statistics and
investigating any unusual or expected variations. The precise nature of these procedures
and the manner in which they are documented will depend on the circumstances of each
audit.

What determines comparisons made?

The comparisons, which can be made, depend on the nature, accessibility and relevance
of the data available. Once the auditors have decided on the comparisons which they
intend to make in performing analytical procedures, they should determine what they
expect to be disclosed by them.
Investigation and evaluation of results
Unusual or unexpected variations, and expected variations which fail to occur, should be
investigated. Explanations obtained should be verified and evaluated by the auditor to
determine whether they are consistent with his understanding of the business and his general
knowledge. Explanations may indicate a change in the business of which the auditors were
previously unaware in which case they should reconsider the adequacy of their audit
approach. Alternatively, they may indicate the possibility of misstatements in the financial
statements; in these circumstance the auditors will need to extend their testing to determine
whether he financial statements; do contain material misstatements.
Analytical review at different stages of the audit
Auditors use analytical review in audit planning to help them understand the client’s business
and to identify areas of particular audit risk. Analytical procedures help auditors decide on
the nature, timing and extent of audit procedures. Auditors can use various sources of
information at the planning stage, including budgets management accounts and bank and cash
records.
Auditors may use analytical procedures as substantive tests. Various factors determine how
much they will do so. These include the level of detail available, the predictability of the data
being studied, and the objectives of the audit tests.
At the final stage of the audit auditors will use analytical procedures (such as ratio analysis
and comparisons with previous years) to help them draw a conclusion about the accounts.
Auditors will carefully review the results of the procedures undertaken to see whether they
are consistent with the results of other audit procedures and the auditors’ knowledge of the
business.

290
(b) Analytical procedures are likely to be used heavily as part of review exercise. A review
exercise will consist largely of observation and enquiry. Analytical procedures will be the
key substantive procedure used.

12. MUKE MANUFACTURING

Tutorial note. In part (a), where you are required to assess the risk of the tangible non-current
assets section of the audit, you should assess each of the components of audit risk in relation to
the information given to you and then draw a conclusion about overall audit risk. However, this
does not mean you should give detailed definitions of each component of audit risk. That will not
gain you any marks in this question. The requirement clearly asks you to assess audit risk in this
situation. You need to understand what each component is in order to be able to assess the risk
here, but this question requires application of your understanding, not explanation.

Part (b) is a very typical auditing question at this level. You should expect a question requiring
you to set out appropriate procedures relating to any of the balance sheet areas you have studied.
You should have a good knowledge of the sort of tests you are likely to carry out in respect of
each balance sheet assertions, however, remember also to use information given to you in the
question to direct you in the specific case.
For example, in this situation, there has been a heavy investment in plant in the year. A high
proportion of the total non-current assets figure relates to this new plant.
Information given to you about these assets should affect your answer to part (c) when you
consider how the depreciation rate should be set and assessed. However, it is also clearly relevant
to part (b). Knowing that depreciation on the new plant should in the region of K25K should point
you towards the fact that there may be plant, which is fully written down, in the financial
statements. This may in fact be plant, which has been replaced by the new plant. If the plant is
not in use, it should not be indicated in the balance sheet.
(a) Risk in tangible non-current asset audit
Control risk
The controls over non-current asset at Boston Manufacturing appear to be strong. The company
maintains and reconciles a non-current asset register and there are authorization procedures in
operation. These controls should be tested, and if they prove effective, control risk could be
assessed low.
Inherent risk
The tangible non-current assets are material on the bases of the proposed materiality level. There
has been a substantial movement on the plant and equipment account this year, but this appears to
be supported by the information given by the management accountant. There appear to be no
disposals in the year, which may indicate that they have been omitted, or that obsolete items are
included in the register. It is also unclear whether land is being depreciated. It would be
inappropriate if it was being depreciated. Overall, the inherent risk seems to be medium.

291
Detection risk
Given that inherent risk has been assessed as moderate and control risk has been assessed as low,
detection risk will be assessed as higher. However, there is usually good evidence in relation to
existence and valuation of non-current assets and these are key assertions, which the auditors are
interested in. There will also be scope to carry out good analytical procedures, such as proof in
total of depreciation.
Conclusion
The audit of non-current assets appears to be medium to low risk.
(b) Audit procedures
(i) Existence

In many cases it is self-evident that land and buildings exist. However, it is

important for the auditors to verify all components of land and buildings
contained within the balance sheet, if they are on a site different to the one,
which the auditors are primarily attending, for example. Land and buildings
should also be verified to title deeds to ensure that they not only exist, but that
they are owned by the client.
The other classes of asset should be inspected. A sample of assets from the
register should be agreed to the physical asset. There may be scope to rely on the
work that the management accountant has undertaken here. The auditor should
check a reconciliation which the accountant has undertaken. The auditors should
make use of any identification marks on assets recorded in the register, for
example, security stages or bar codes, which are kept on assets to distinguish
them. The auditor should inspect the condition of the assets and ensure that they
are in use.
The motor vehicles should be reconciled in terms of number of vehicles existing
at the opening and closing positions. Again, to ensure that they not only exist,
but are owned by the company, the auditors should check the registration
documents to ensure that the company is the registered owner.
For all the above, the external auditor should also review the insurance provision
for the assets. This gives party evidence of the existence of assets, as the insurer
would not insure an asset, which did not exist.
(ii) Valuation (excluding depreciation)

Land and buildings appear to be stated at historic cost, as the schedule does not
contain the words ‘or valuation’. The auditors should confirm that this is the case
with the management accountant. The cost can then be agreed to brought
forward figures as there have been no additions in the year. These figures will
have been audited in the previous year. If the assets are held at valuation, the
auditors must ensure that the requirements IAS 16 in relation to revaluations are
being compiled with.
Similarly, as there have been no movements in the year, motor vehicles can be
agreed to the opening position.
To audit the valuation of plant and computers, the auditors should agree the
opening position. They should then obtain a schedule of additions to non-current
assets, which can be agreed to purchase invoices to verify valuation.

292
(iii) Completeness

The schedule of non-current assets prepared should be reconciled to:

 The opening position (that is, the previous balance sheet)

 The closing position (what is disclosed in the financial statements)
 The underlying records (the nominal ledger)

If the non-current asset register contains details of the cost and accumulated
depreciation of each asset, the register should also be reconciled to the schedule.
Explanations should be sought for any differences.

The additions of the schedule should also be checked to ensure that the opening
and closing positions reconcile within the schedule.

The auditors should also carry out a test on some of the individual additions,
tracing the transaction through the system, from purchase orders to delivery notes
and invoices and through the ledgers to the financial statements to ensure that
additions have been included completely.

(c) Depreciation

(i) Appropriateness

The appropriateness of the rates should be considered and discussed with

management. Relevant factors to consider are matters such as:

 The replacement policy for the assets

 The pattern of usage in the business
 The purpose of the asset being owned

In this instance, the auditors should establish the rationale behind the
depreciation rates applied, particularly in the case of plant. In the case of the
plant purchased this year, the depreciation rate applied is 10%. However, the
assets have been purchased in relation to an 8 year project, so 12.5% might be a
more appropriate rate.

(iii) Audit procedures

Depreciation on buildings can be verified by agreeing the purchase date of the

buildings to last year’s files or historic invoices/purchase documents and the
valuation applied to the building portion.

For the other classes of asset, depreciation should be agreed for individual assets, as it is not
possible to agree them in total. The auditors should obtain a breakdown of the charges for the
year. They should be able to recalculate the depreciation from details on the non-current
asset register and compare the results.

293
13 WILONGO

Tutorial note. This question looks at the issue of control problems arising from an interim audit
and then it asks you to draw conclusions for the final audit. The second part of this question is in
effect of planning exercise. It requires you to look at specific procedures as a result of what has
been done at the interim stage; however, you also need to include some more general procedures
in yours answer. This question is lightly unusual in that an interim audit has already been done.
In an exam you are more likely to have to set out procedures from scratch. However, this
question is also good practice in evaluating the results of procedures performed. This could also
be examined; perhaps in the context of drawing conclusions forth audit report.

a) Importance of the inventory count

The inventory count provides important audit evidence as to the existence and
completeness of inventory included in the financial statements.

In this case, the inventory count is particularly important because the company does not
maintain perpetual inventory records. As no perpetual records are maintained, the only
basis for the inventory entries in the financial statements is the results of this inventory
count.

Inventory is generally material to the balance sheet of a manufacturing company and they
are also one of the higher risk areas on the balance sheet. The inventory count provides
important audit evidence reducing the risk of material misstatement in relation to
inventory.

(c) Planning for attendance

Gain knowledge: I must review the notes of last year’s inventory count and I must
contact the factory manager to obtain details of this year’s. I must review this year’s
details to ensure that the inventory count appears to be planned efficiently and
effectively.

Tutorial note. It is possible you assumed that this part of planning was already completed as
the question tells you that you have just rung the factory manager. If so, you should have
stated that assumption, or to cover yourself as we have, note that his is a requirement.
However, you should not have spent long on this aspect of the question.

Assess key factors: There are various key factors given in the scenario:

(i) Nature and volume of the inventory. There should be no WIP, so I will count
raw materials (approximately 10% of the inventory) and finished goods.
However, raw material plastic should be low because a delivery is required to
continue with production.
294
 (ii) Possible obsolescence. I must make a note of the number of old chair legs
maintained in raw materials, as these are no obsolete, a new specification having
been agreed.

(iii) Cut off issues. I need to ensure that the delivery on the day is isolated and that I
obtain details of the delivery made during the inventory count. I need to
determine whether this should be included as deliveries for the year, but most of
all ensures that it does not get counted twice (as it arrives, and if it is put into
stores). I should also obtain copies of the relevant documents, for examples, the
last invoices in the year and the last goods received and despatch notes.

(iv) Off-cuts. I need to consider whether any off cuts are maintained on site and
whether these are being included in the inventory count. As the company
receives a discount relating to them, they are unlikely to legally be considered
Wilongo’s and so should not be included.

(v) Staff issues. It appears that the inventory count is undertaken by the people who
work in the factory and handle the inventory on a daily basis. This is not best
practice, although in practical terms it is difficult to avoid. However, I should
discuss this with the factory manager to assess whether staff can be allocated to
counting inventory they have not produced. Also as the staff is allowed to go
home as soon as the inventory count is completed, there is a risk that the
inventory count will be rushed and mistakes will be made. The manager should
ensure that it is made clear that the inventory count should be thorough and that
no one will leave before checks on the thoroughness of the counts have been
made.

Plan procedures: I need to determine my sample sizes and whether there is a need for
expert assistance at this inventory count.

15 FASHIONA

Tutorial note. The bank reconciliation is extremely important when auditing. It links the good,
third party evidence of a bank letter to the client’s actual position after timing difference. If a
question on auditing bank comes up, it is likely to involve procedures relating to auditing bank
reconciliation, so this is practice. Part (b) looks at some audit considerations in relation to petty
cash.

Always remember to consider (and write down that you have) materiality with regard to pretty
cash. It is often immaterial; this should affect the audit approach you take.

(a) (i) The matters that are of concern in the bank reconciliation are as follows:
1. Delay in banking cash sales. Cash received does not appear to have been
banked until a week after the cash was received. A team and lading fraud
could have occurred, here an embezzlement receipts is covered up by an
apparent delay in banking subsequent receipts.

295
 2. Delay in presentation of cheques by suppliers. Most suppliers would bank
cheques within seven to ten days. However, payments to the majority of
suppliers entered on October 31 have not been cleared for over two weeks.
Cheques, although entered prior to the year-end, may not therefore have been
sent to suppliers until some time after the year-end. The reason for doing this
would be to improve the appearance of the company’s liquidity in its
accounts, by decreasing cash and payables, and hence improving the
company’s current and acid test ratios.

(ii) Cash sales

The following tests should be carried out:
1. Compare the date on the bank statement with the date stamped on the paying
–in-slip. If the dates are the same or a day apart, then that is strong evidence
of when the cheques were actually banked.

2. Compare amounts banked with cash records for the day (invoices or the till
roll).

3. Compare sales ledger cash received per cash book with daily listing of cash
received.
4. Carry out further investigations if there does not appear to be a significant
delay between collecting and banking cash. Investigations should cover
other periods of the year and the situation at the date of the audit.
5. If there is unbanked cash at the date of the audit, insect this cash. Failure to
produce this cash would be strong evidence of fraud.

Uncleared payments

The following tests should be carried out:

1. Ask cashiers and others involved in sending cheques out when cheques
were actually sent.

2. Obtain suppliers’ statements after the year-end, and check the date the
cash is shown as received. If this date is similar to the date shown on the
bank statement, the cheques would probably have been sent out after the
year-end.
(iii)
1. If the cash receipts represent monies that have been embezzled, these receipts
should be excluded form the cash balances at the year-end (K2, 705). If the
money is irrecoverable, it should be charged as an expense in the profit and
loss account; if it appears to be recoverable, it should be charged as an
amount owing.

2. Cash and payable should be increased as it appears that the true date of the
cheques, the date that the cheques were sent to suppliers, was after the year-
end. Thus the bank balance and current liabilities should be increased by
K77, 501, the total of cheques 2164 to 2170.
Thus the true cash book balance will be K681 overdrawn.
(b)

296
(i) Materiality
Two commonly used measures of the materiality are 1% of turnover and 5% of
profit before tax. For Fashiona these two measures would suggest materiality
levels of K25, 000 and K7, 500 respectively. Total petty cash expenditure is well
over the profit measure and slightly under the turnover measure, and this
indicates that on balance it should be audited. However, about K15, 000 of total
expenditure occurred in two months. This suggests that testing should be
concentrated on these months, with a briefer review taking place of other months,
since material fraud and error is unlikely to occur during those months.
Audit risk
Petty cash is high risk audit area for the following reasons:
1. Cash is a high most liquid asset, and hence there is a high risk of defalcation.
2. Supporting documentation for payments may be limited.
3. The failure to keep petty cash on an imprest system means that it may not
subject to regular management review.

4. Risk would be increased by a large petty cash balance (say over $1,000), as
this would offer greater opportunity for frauds.

(iii) The audit tests that will be carried out are as follows:

Initial procedures

1. Agree opening balances to working papers for last year.

2. Check additions in petty cash book
3. Check that petty cash book totals have been posted to the general ledger
4. Check that payments in the main cash book shown as payments to petty cash
have been shown as receipts in the petty cash book.

Transactions (to test existence, completeness and rights and obligations)

1. Verify individual payments in petty cash book (concentrating on the larger

items) to supporting documentation and check that employee has
acknowledged receipt of cash.

2. Carry out analytical procedures on balances by comparing amounts with cash

flow forecasts.

Transactions (to test existence, completeness and rights and obligations)

1. Verify individual payments in petty cash book (concentrating on the

large items) to supporting documentation and check that employee has
acknowledged receipt of cash.

2. Check cash cut-off procedures have been performed by reviewing

reconciliation at the year-end and checking that all reconciling items can
be satisfactorily explained and have subsequently been cleared.

Cash counts (to verify existence, completeness, rights and obligations and
valuation)
297
 1. Count all balances simultaneously and agree to petty cash book or other
record.

2. All counting should be done in the presence of the individuals

responsible. They should sign at the end of the count to knowledge
funds returned are complete.

3. Enquire into any IOUs or cashed cheques outstanding for unreasonable

periods of time.

4. Obtain certificates of cash in hand from responsible officials

5. confirm that bank and cash balances are reconciled above are correctly
stated in the accounts.

Follow-up procedures should include the following tests:

1. Obtain certificates of cash-in-hand as appropriate.

2. Check unbanked cheques/cash receipts have subsequently been paid in

and agree to the bank reconciliation.

3. Check IOUs and cheques cashed for employees have been reimbursed.

4. Check IOUs or cashed cheques outstanding for unreasonable periods of

time have been provided for.

5. Check the balances as counted are reflected in the accounts (subject to

any agreed amendments because of shortages and so on).

Presentation and disclosure: Check this is correct.

16. LIYILO ELECTRONICS

Tutorial note. Again we have focused our answer round the financial statement assertions. This
answer is longer than you would be expected to produce in an exam. The question is not really
exam style – in the exam you might be asked a similar requirement, but probably in the context of
a fuller audit scenario.

The substantive procedures that might be performed to verify the specified balance sheet items
are as follows:

(a) Trade accounts payable: $3,200,000

We should carry out the following general tests on trade accounts payable.

(i) Agree the opening balance on the purchase ledger control account with the
previous year’s working papers to ensure all the necessary adjustments were put
through last year.

298
(ii) Obtain a list of purchase ledger balances in respect of the year-end and :

1. Test check to and from purchase ledger accounts to list of balances.

2. Check total of list with control account balance at year-end (obtain

explanation if any reconciliation necessary).

3. Cast lies of balance and control account.

(iv) Carry out analytical review of statistic such as ratio of trade accounts payable to
purchases and gross profit ratio: compare to previous periods and obtain
explanations for major variances.

(v) Scrutinize ledger balances for unusual entries especially items that are large and
occur around the year-end.

Reconciliation of suppliers’ statements with purchase ledger balances will be a key test of
rights and obligations, valuation and existence. A suppliers’ circularization should be
carried out if suppliers’ statements for significant trade accounts are not available.

The following tests should be carried out to check payables are commonly recorded:

(i) Check purchases cut-off.

1. Check from goods received notes with serial numbers before the year-
end to ensure that invoices are either:

 Posted to purchase ledger prior to the year-end; or

 Included on the schedule of accruals.

2. Review the schedule of accruals to ensure that goods received after the
year-end are not accrued.

3. Check from goods returned notes prior to year-end to ensure that credit
notes have been posted to the purchase ledger prior to the year-end or
accrued.

4. Review large invoices and credit notes included after the year-end to
ensue that they refer to the following year.

5. Reconcile daily batch invoice totals around the year-end to purchase

ledger control account ensuring batches are posted in the correct year.

6. Review purchase ledger control account around the year-end for any
unusual items

(ii) Compare current listing of trade accounts payable with that of the previous year
and note any significant changes, for example changes in major suppliers,
proportion of debit balances.

299
 We should also check that trade accounts payable are disclosed separately in he notes to
the accounts and other necessary disclosures (for example amounts payable by
instalments) made.

(b) Bank overdraft: K2, 100,000

the bank letter will provide vital evidence concerning the financial statement assertions
that relate to the bank overdraft. We should carry out the following tests that relate to the
bank letter and the year-end bank reconciliation.

(i) Check arithmetic of bank reconciliation

(ii) Trace cheques shown as outstanding from the bank reconciliation to the cash
book prior to the year-end and to the after bank statements and obtain
explanations for any large or unusual items not cleared at the time of the audit.

(iii) Verify by checking pay-in slips that uncleared banking are paid in prior to the
year end, and check uncleared banking are cleared quickly after the year-end.

(iv) Verify balances per cash book according to the reconciliation with cash book and
general ledger.

(v) Verify the bank balances with reply to standard bank letter and with the bank
statements.

(vi) Scrutinise the cash book and bank statements before and after the balance sheet
date for exceptional entries or transfers which have a material effect on that
balance shown to be in hand.

(vii) Obtain explanations for all items in the cash book or which there are no
corresponding entries in the bank statement and vice versa.

The following tests relate specifically to rights and obligations.

(i) Ensure that bank overdraft is within company’s agreed limit with the bank.

(ii) Consider balance in terms of:

1. Right of set-off with other balances

2. Any security granted for the borrowing (if there is a charge over the
assets it should be registered)

3. The company’s borrowing limits per its articles and authorization in the
directors’ minutes

We should consider the classifications of the overdraft in the accounts as current or

longer term, and check that it has been disclosed separately in the notes to the accounts.

300
(c) Income tax payable: K5,200,000

The main emphasis will be checking the calculation and reasonableness of the provision.
The auditors will carry out the following tests:

(i) Obtain and recomputed income tax computation for the current year, check that
current year’s provision has been computed at the correct rate, and reconcile the
tax charge in the profit and loss account with tax at current rate applied to the
profit before tax.
(ii) Check position regarding computations for previous years; note agreed
computations and verify that provisions for computations for yet agreed
reasonable. (Note. The provision of K5, 200,000 may be in respect of more than
one accounting period.).

(iii) Confirm tax paid to receipts from taxations authorities.

The following tests should be carried out to check the completeness of the provision and
also rights and obligations:

(d) Accruals: K2, 300,000

We should obtain the list of accruals and check the list to the accounting records to
confirm its accuracy.

We should check the valuation of accruals by carrying out the following tests:

(i) Verify the amount of accruals by reference to subsequent payments and

supporting documentation (this also provides evidence of rights and obligations).

(ii) Consider basis for any round sum accruals and ensure it is consistent with prior
years.

(iii) Carry out analytical review of accruals.

The main emphasis on testing accruals will be on testing that accruals have been
completely provided. We shall carry out the following tests:

(i) Scrutinise payments made and invoices received after year-end to ascertain
whether any further accruals are necessary.

(ii) Compare prior year’s list of accruals. Investigate any items brought forward and
items normally paid in arrears not included on current year’s list.

(iii) Ascertain why any payments on account are being made and ensure full liability
has been provided.

(iv) Consider whether there are any items, which might not be invoiced until a long
time after the year-end.

We should also check that accruals are disclosed separately in the notes to the accounts.

301
17. GOING CONCERN

Tutorial note. Part (a) demonstrates what can be deduced from the calculations for examples
short-term funds to purchase non-current assets and delayed payments to suppliers. It is vital
when you approach questions like this that you do not spend so long calculating ratios that you
fail to make comments and draw conclusions from your. Equally, having been asked in the
question to undertake some calculations, it would be wrong not to do so. You must apply
judgement in the balance between calculations and analysis in your answer, remembering that
you will score better marks for analysis. Of course, to get marks, you must have something to
analyse…

Workings
The following significant accounting ratios are based on the accounts provided in the question:
20X2 20X3 20X4 20X5 20X6

Gross profit (%) 23.50 10.90 14.20 20.20 19.70

Other expenses: sales (%) 14,10 10.90 14.40 14.40 15.30
Interest: sales (%) 0.90 1,10 5.20 5.50 6.20
Net profit (%) 8.50 (1.10) (5.40) 0.30 (1.80)
Current ratio 1.39 0.91 0.73 0.73 0.76
Liquidity ratio 0.80 0.59 0.46 0.37 0.34
Leverage (%) 84.71 57.14 9.52 9.45 4.83
Inventory (months) 1.68 2.28 2.26 2.77 3.57
Receivables (months) 1.75 3.66 3.24 2.26 2.32
Payables (months) 2.26 5.43 4.43 4.43 5.09
NOTES
Year end inventory
Inventory age = x 12
Cost of sales

Year end receivables

Receivables age = x 12
Sales

Year end payables

Payables age = x 12
Sales

Shareholders’ equity + Long term loans = Bank overdraft + Lease

Leverage =
Shareholders’ equity

(a) The various factors in the accounts which may be indicative of going concern problems
are as follows:

The directors are also required to appraise the need for an internal audit
department annually. Internal audit have a role in monitoring the risk
management of an entity.

(b) Sales department brainstorming session

302
 MEMORANDUM

TO: Sales director

(vi) I should be able to come along to your brainstorming session in July. However,
it is probably best that I attend in an advisory and interested capacity only.

As we shall be involved in monitoring the systems which the sales department

put into place to mitigate risks in the business, it is inappropriate for me to get
too involved in the initial systems design stage, as this will impair my future
objectivity when monitoring how the system is operating and achieving its
objectives.

(vii) In terms of assessing risks, I am not best qualified to undertake this role. You are
the specialists and should be able to identify the a major risks arising in the
department.

Just to give you a better idea if what my role can be, I can say that internal audit
is able to provide three things:

 Objective assurance on the operation of systems once you have them up and
running
 Assistance in setting up a process to help you identify risks
 Assistance in strengthening the control process once you have identified
risks.

In other words, if you are struggling to identify risks at the meeting, I can give
you some pointers on how to go about it, but after that job will be looking at the
systems you come up with, and helping you improve them continually.

See you at the meeting, if not before,

Internal auditor

18 THE STANDARD EXTERNAL AUDIT REPORT

Tutorial note. The study guide states that you are required to be able to describe the unqualified
audit report. Part (a) is a simple test of your knowledge in this area. Part (b) looks at some
situations which have arisen in audits and asks you to assess the impact that each will have on the
audit report. This is a higher skill. Think ‘what impact will this have on my audit work?’ – if it
causes a limitation and there is no good alternative evidence available, the audit report will be
affected by that. Think ‘what is the best accounting practice?’ – if it is not being followed and
there is no good reason for non-compliance, the report will be affected by that.

303
(a) Elements of the audit report

(i) A title identifying the addressee of the report

(ii) An introductory paragraph identifying the financial statements audited

(iii) A scope paragraph

(iv) An opinion paragraph

(v) The signature of the auditors and their address

(vi) The date of the auditors’ report

(b) Situations

(i) Inventory count

It is good practice for auditors to attend the inventory count where inventories are
material in the company’s financial statements and the auditor is placing reliance
on management’s inventory count in order to provide evidence of existence of
inventory.

There therefore, appears to have been a material limitation of the scope of this
audit.

The basis of opinion section of the report should state

(1) The evidence available to us was limited because we could not attend the
inventory count.

(2) We were unable to carry out alternative procedures necessary to give

sufficient assurance as to the existence of inventory (presumed)

(3) The amount of the inventories involved.

The opinion section of the report should be headed up as ‘Modified opinion due
to limitation of scope’. The section should state that the accounts give a true and
fair view except for any adjustments that may have been necessary had the
auditors been able to gain sufficient evidence about inventory. It should also
state that in respect of the limitation relating to inventory, we did not obtain all
the information and explanations that we considered necessary for the purpose of
out audit and we were unable to determine whether proper accounting records
had been kept.

(ii) Account receivable

It appears in this instance that there is no prospect of the debt recovered. Best
accounting practice would be to provide against that doubtful balance.

304
 The audit opinion should therefore be modified on the grounds of disagreement.
The opinion section should be headed ‘Modified opinion arising from
disagreement about allowance section for trade account receivable’. It should
state that the accounts give a true and fair view except for the disagreement.

In a paragraph above the opinion paragraph, the auditors should give details of
the disagreement.

(iii) Cash flow statement

The accounts should include cash flow statement.

The audit opinion should therefore be modified on the grounds of disagreement.

This disagreement is not pervasive to the accounts, it is limited to the cash flow
statement, so this would be an except for qualification.

The opinion section should be headed ‘Modified opinion arising from

disagreement over the omission of the cash flow statement’. It should state that
the accounts give a true and fair view and have been properly prepared except for
the omission of a cash flow statement.

The omission should be detailed in a paragraph above the opinion section, which
the auditors should give details of the net cash flows and state that in our
opinion, information about the cash flows is necessary for a proper understanding
of the company’s affairs.

(iv) Legal claim

The auditors need to determine whether the legal claim is a material matter and
even whether it is pervasive to the accounts as a whole, For example, the
customer involved is a major customer, it could be that an adverse outcome could
affect the going concern basis of the company.

It appears that the disclosure in the financial statements is adequate and there
appears to be no basis on which to make a provision in the financial statements.
Therefore there is no question that there is a disagreement in the audit.

However, the audit report will be affected by the fact that there is an uncertainty
affecting the business. The auditors will have to decide whether the inherent
uncertainty is material or fundamental. If material, it does not need to mentioned
in the audit report. However, if we decide that it is fundamental, the report
should contain a paragraph giving the appropriate details. It should also state that
the opinion is not qualified in relation to this matter.

Thereafter, no reference should be made to the legal claim in the opinion section
of the report.

305
19 INTERNAL AUDIT REPORTING

Tutorial note. This is useful question to work through as it covers issues relating to the objectives
of internal audit as well as how internal audit will report on matters arising within the company.
While there is no formal requirement for how internal audit reporting will be presented, it is
important that the Board are familiar with the customs that will be set up so that they are best
placed interact with the internal audit department and to facilitate the department’s suggestions.

MEMORANDUM

To: Board of Directors

From: Head of Internal Audit
Date: June 2003
Subject: Internal audit objectives and reporting

(a) Objectives of internal and external audit

The main functions of internal and external audit are very different, although some of the
means of fulfilling their objectives are the same.

The external auditors are appointed by the shareholders to report on the stewardship of
the directors. The role of the external auditors is defined by statute and the report
produced by the auditors states whether the financial statements give a true and fair view
and have been properly prepared.

In contrast, internal auditors are employed by the manager of the company. They are not
independent of the management of the company, but work for it. Their work is likely to
be more varied and wide-ranging than the external auditors, and they report to the Board
or to the Audit Committee on the results of that work.

The internal auditors will be concerned with monitoring the effectiveness of all controls
within a business and with the risk management policies of the business. The objectives
of the internal audit team are controlled by management.

(b) Design of a new accounting system

The internal auditors should be involved in some degree at all stage of the design of a
new accounting system.

There are three main stages of development:

 Feasibility studies
 System development
 System specification and construction

At each of these stages, the internal is in an ideal position to ensure:

 All the proper controls that are required have been built to the system design
 The system meets company standard along with the design process itself

306
 In effect, the internal auditors will be putting their customary skill of internal control
evaluation into practice even before the system is devised and is running. The internal
auditors will look for key attributes in the planned system:

 Is the benefit worth the cost of the system?

 Is the planned system complete?
 Are the outputs (reports) relevant and will they be produced in a timely manner?
 Will the system be secure from internal and external tampering?
 Is staff training on the new system necessary and has it been planned?

During the feasibility stage, the auditors should ensure that all user departments have
been consulted and had input as to the key risks which the system is trying to answer.
The internal auditors should assess any assumptions which have been made as part of the
planning, for example, estimates of future trading growth.

As the development stage commences, the internal auditors should ensure that the system
development is properly documented. Once the system has been developed, the internal
auditors will be required to test the new system. The tests should also be properly
recorded.

(d) Reporting

As has been mentioned above, the internal audit department report to the Board of
Directors and/or the Audit Committee. It is up to the directors to determine whether they
would prefer that the internal audit department report routinely to the Audit Committee,
with any pressing matter being passed on to the full Board. In either case, there may be
occasions and some matters where its appropriate for issues to be reported directly to the
audit committee, only. An example of such instances could include the suspicion of a
senior management/director fraud.

In contrast to the external auditors, internal auditors are not required by law or other
regulation to produce a particular format of report. Therefore, how the internal audit
department report is also dependent to a degree on the requirements of the Board.

However, there are some basic elements of internal audit that ere likely to be included in
most reports.

Internal audit will largely produce two types of report:

 Risk-based reports
 Performance enhancement reports

In the scenario looked at in (b) above, where the auditors were reporting on the design
and operation of a new system, this would be a risk-based report. However, the new
system might have been investigated because internal audit produced a performance
enhancement report suggesting future action.

Both types of report will probably conform to the accepted report which consists of an
executive summary, followed by a detailed report and appendices. They are likely to
include recommendations and action points, together with details of how such plans
would be implemented, when, by whom, and at what cost.
307
Internal audit reports will usually come with a distribution list to enable each reader of
the report to know who is also reading it. They will also come with a date and a
reference number. The report should also state whether it is final or draft. Internal audit
reports may be produced so that they may be modified when feedback is obtained.
Modified reports should state clearly that they have been modified and indicate the
feedback that led to the modification.

308
CHAPTER 1.0: Introduction to auditing ............................................................................ 1
Fee negotiation and lowballing ........................................................................................ 39
Letter of engagement ....................................................................................................... 51
Example of audit engagement letter ................................................................................. 54
Answer .............................................................................................................................. 57
CHAPTER 2.0: Audit planning ........................................................................................ 61
Before accepting nomination ............................................................................................ 64
Other matters ..................................................................................................................... 66
Engagement economics .................................................................................................... 68
Relationship ...................................................................................................................... 69
Approval ........................................................................................................................... 69
Principal risk ..................................................................................................................... 75
CHAPTER 3.0: Internal Auditing..................................................................................... 78
CHAPTER 4.0: External Auditing ................................................................................. 105
Implications and uses of Information Technology: ........................................................ 110
CHAPTER 5.0: Internal control ..................................................................................... 128
CHAPTER 6.0: Documentation..................................................................................... 140
CHAPTER 7.0: Balance sheet audit .............................................................................. 158
CHAPTER 8.0: Audit evidence ...................................................................................... 183
CHAPTER 9.0: Computer aided audit techniques ......................................................... 204
Legislation on public sector internal audit ...................................................................... 234
Petty Cash ....................................................................................................................... 289

309