TOPIC 3 AUDIT PLANNING AND RISK ASSESSMENT

3.1 The audit process

Phases of an audit
An audit is divided into three main phases (see diagram):

PLANNING PERFORMANCE REPORTING

 Planning phase* – the auditor:

- Performs engagement acceptance procedures to ensure high risk clients are avoided and there is staff
to undertake the audit and compliance with ethical requirements (Covered in Topic 2).
- Obtains an understanding of the entity and its environment including internal control and identifies
risks likely to lead to material misstatements in the financial statements.
- Assesses the risks of misstatement in the financial statements including the risk of fraud, non-
compliance with laws and regulations, sets materiality and then responds to the assessed risks.
- Establishes an overall audit strategy that sets out in general terms how the audit is to be conducted
and the resources necessary to perform the audit.
- Develops an audit plan that includes the nature, timing and extent of specific audit procedures to be
used in collecting evidence in order for the audit to comply with the ISAs.

 Performance phase (Fieldwork phase) – in response to the assessed risks of material misstatement, an
auditor collects sufficient and appropriate audit evidence by performing the following audit procedures:
- Tests of controls to evaluate the operating effectiveness of controls in preventing, or detecting and
correcting material misstatements, where the entity’s internal control is initially evaluated as reliable.
- Substantive procedures to detect material misstatements in transactions, account balances and
disclosures in financial statements. Substantive procedures must be performed in every audit.

 Reporting phase – an auditor:

- Performs analytical procedures to check whether the financial statements are consistent with the
auditors’ knowledge of the entity.
- Reviews subsequent events to ensure that they are properly accounted for.
- Reviews events that may cast significant doubt on the entity's ability to continue as a going concern.
- Obtains written management representations on areas material to the financial statements.
- Performs an overall review of the financial statements to assess whether sufficient appropriate
evidence has been obtained and whether they comply with the appropriate financial reporting
framework.
- Forms an opinion on whether the financial statements show a true and fair view and comply with the
relevant financial reporting standards and laws. The opinion is included in an audit report that is issued
together with a management letter containing significant deficiencies in internal control.

*Planning is not only done in the planning phase as shown above, but is carried throughout the audit.

General principles of an audit (Requirements of the auditor)

An audit is performed in accordance with the following general principles:
 Compliance with the code of ethics relating to an audit of financial statements issued by ICPAU and IFAC
that requires an auditor to comply with the fundamental principles of integrity, objectivity, professional
competence and due care, confidentiality and professional behavior.

1 MUBS Auditing notes 2021 by JKB, JB & JA

 Perform an audit in accordance with International Standards of Auditing (ISAs) that provide the basic
principles and essential procedures. An audit should comply with all the ISAs relevant to the audit
engagement and an auditor is required to state whether the audit complies with all relevant ISAs.

 Professional scepticism where an auditor performs an audit with an attitude of professional scepticism that
the financial statements may contain material misstatements. The auditor should (among others):
- Have a questioning mind to reduce the risks of overlooking unusual transactions.
- Be alert to conditions which may indicate possible misstatement due to error or fraud.
- Make critical assessment of the audit evidence obtained like questioning the reliability of documents
and responses from management and those charged with governance.
- Obtain persuasive audit evidence that those charged with governance are honest and have integrity.

 Professional judgment should be exercised by the auditor in planning and performing an audit of financial
statements. Professional judgment is essential to the proper conduct of an audit as it is used in the
interpretation of relevant ethical requirements and the ISAs and in the application of relevant knowledge
and experience to the facts and circumstances.

 Sufficient appropriate audit evidence should be obtained during the audit in order to obtain reasonable
assurance and reduce audit risk to an acceptably low level to enable the auditor to draw reasonable
conclusions on which to base the auditor’s opinion.

3.2 Identifying and assessing the risks of material misstatements through understanding the
entity and its environment
Risk-based audit
A risk-based audit is where the auditor directs audit effort to areas most expected to contain risks of material
misstatement and less effort is directed at other areas so that they can perform more audit procedures on
transactions, account balances and disclosures likely to be misstated, in order to increase chances of
detecting material misstatements in financial statements. An auditor performs less procedures in lower-risk
areas. A risk-based audit is more effective and efficient and is required by ISAs.

Audit risk
Audit risk is the risk that the auditor expresses an inappropriate audit opinion when financial statements are
materially misstated.

 Audit risk is a function of the risks of material misstatement and detection risk.
 Risks of material misstatement are risks that financial statements may be materially misstated before an
audit.
 Financial statements may be materially misstated before an audit due to inherent risk and control risk which
are the entity’s risks that cannot be controlled by the external auditor.
 Material misstatements may not be detected during the audit due to detection risk.
 Therefore, the elements of audit risk are inherent risk, control risk and detection risk.
 An audit provides reasonable assurance that financial statements are free from material misstatements.
 Reasonable assurance is obtained when audit risk is reduced to an acceptably low level.
 An audit team reduces audit risk by designing and performing audit procedures to obtain sufficient
appropriate audit evidence on which to base the audit opinion.

2 MUBS Auditing notes 2021 by JKB, JB & JA

 As the assessment of risks and the design of audit procedures is a matter of professional judgment, audit
cannot be eliminated by the auditor.

Inherent risk is the susceptibility of an assertion about a class of transaction, account balance or disclosure to
a misstatement which could be material, either individually or when aggregated with other misstatements,
before consideration of any related controls. Inherent risk arises from the nature of the entity and the
environment in which it operates.

Factors that may increase inherent risk include:

 Operations in countries that are economically unstable e.g. with high inflation or significant currency
devaluation.
 Operations exposed to volatile markets e.g. futures trading.
 Operations that are subject to a high degree of regulation.
 Going concern and liquidity issues including loss of significant customers.
 Constraints on the availability of capital and credit.
 Changes in the industry in which the entity operates.
 Changes in the supply chain.
 Developing or offering new products or services, or moving into new lines of business.
 Expanding into new locations.
 Changes in the entity such as large acquisitions or reorganizations or other unusual events.
 Entities or business segments likely to be sold.
 Use of off balance sheet finance, special-purpose entities, and other complex financing arrangements.
 Significant transactions with related parties.
 Inquiries into the entity’s operations or financial results by regulatory or government bodies.
 Pending litigation and contingent liabilities e.g. sales warranties, financial guarantees.

Control risk is the risk that a misstatement which could occur in an assertion about a class of transaction,
account balance or disclosure and which could be material, either individually or when aggregated with other
misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal
control. Control risk is identified through obtaining an understanding of the controls the entity has designed and
implemented to minimize error and fraud.

Factors that may increase control risk include:

 Lack of personnel with appropriate accounting and financial reporting skills.
 Changes in key personnel including departure of key management.
 Deficiencies in internal control, especially those not addressed by management.
 Changes in the IT environment.
 Installation of significant new IT systems related to financial reporting.
 Application of new accounting standards.
 Accounting measurements that involve complex processes.
 Events or transactions that involve significant measurement uncertainty, including accounting estimates.
 Rapid growth can strain controls and increase the risk of a breakdown in controls.

Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low
level will not detect a misstatement which exists and which could be material, either individually or when
aggregated with other misstatements.

Factors that may decrease detection risk include:

3 MUBS Auditing notes 2021 by JKB, JB & JA
 Adequate audit planning.
 Performing audit procedures that respond to the risks of material misstatement identified.
 Proper assignment of audit personnel.
 The application of professional skepticism.
 Supervision and review of the audit work performed.

Business risk
Business risk is the risk that arises from significant conditions and events that may adversely affect the entity’s
ability to implement its strategies and achieve its objectives or from the setting of inappropriate objectives and
strategies. Business risk has three components:
 Financial risk – for example, the risk that the company may have insufficient cash flow to continue in
operation.
 Operational risk – for example, the risk that the company’s product lines may decline in popularity leading to
a sharp decline in sales and profitability.
 Compliance risk – for example, the risk that the company may be in breach of health and safety regulations,
leading to the possibility of hefty fines or even the closedown of operational activity.

This course covers audit risk. Identifying the risks of misstatement requires understanding the entity and its
environment explained below.

Required understanding of the entity and its environment

The engagement team obtains an understanding of the following key areas of the entity:
 Industry, regulatory and other external factors including the applicable financial reporting framework.
 Nature of the entity including its operations, ownership and governance structures, types of investments
that the entity is making and plans to make and the way the entity is structured and how it is financed.
 Entity’s selection and application of accounting policies, including the reasons for changes thereto. The
auditor evaluates whether the entity’s accounting policies are appropriate for its business and consistent
with the applicable financial reporting framework and accounting policies used in the relevant industry.
 Entity’s objectives, strategies and related business risks that may result in risks of material misstatement.
 Measurement and review of the entity’s financial performance.
 Internal control of the entity i.e. its control environment, risk assessment, information system, control
activities and monitoring of controls.

Key areas and the related risks of material misstatement are explained in the following table.
Area Scope of understanding and possible risks of misstatement
 Industry conditions, for example:
- Market and competition for the goods/services, for example, a declining industry
with high business failures may increase pressure on management to overstate
profits and not fully disclose the going concern uncertainity.
- Seasonal activity, changing demand for goods as in the case of fashionable goods,
may lead to inventory obsolescence and overstatement of closing inventories and
profits for the period.
- Energy supply and cost, for example, fluctuations in oil prices may lead to
overstatement of profits.
Industry, - Supplier & customer relationships, for example, long-term contracts may involve
regulatory and significant estimates of revenues and expenses that increase the risks of material

4 MUBS Auditing notes 2021 by JKB, JB & JA

other external misstatement.
factors - Technological developments make manufacturing plant and products like mobile
phones obsolete and more susceptible to overstatement.

 Regulatory environment e.g. Government taxation, monetary, foreign exchange control,

financial incentive, trade restriction and environmental laws and policies significantly
affecting the industry and the entity’s operations, for example:
- An increase in the tax rate may lead to non-compliance and fines that may be
underestimated or completely omitted.
- Non-compliance to laws may even lead to closure of the business which may also
make financial statements prepared on a going concern basis misleading.
- A floating foreign exchange rate may lead to foreign currency being translated at
wrong rates.

 General economic conditions including recession, interest rates and availability of

financing, inflation and currency revaluation, for example, an economic recession:
- Makes receivables difficult to collect and may lead to understatement of bad debts
and overstatement of receivables.
- Leads to low inventory turnover that may in turn lead to overvaluation of inventory if
an appropriate write-down is not made by the entity.
- Increases pressure on companies to perform as well as or better than competitors
as shareholders expect consistent improvements in profits.
 Structure & ownership:
- Complex structures may lead to wrong accounting for goodwill and investments.

 Business operations including:

- Revenue sources, products or services, major expenses, use of electronic
commerce such as Internet sales.
 Product warranties to customers may lead to understatement of the provision
for warranties in the financial statements.
- Production methods and activities exposed to environmental risks.
Nature of
the entity - Alliances, joint ventures and outsourcing activities.
- Location of production facilities, warehouses (and amount of inventories):
 Multiple locations of factories and warehouses and offices may lead control
problems and omission of some inventories at some locations.
- Key customers and suppliers, employment terms including incentive bonuses.
 Dependence on a few major customers may result in material losses from bad
debts or obsolete inventory.
 Bonus related pay may lead management to overstate profits in order to earn
higher bonus.
- Transactions with related parties may not be at arm’s length or may be illegal like
loans to directors and may not be properly disclosed.

 Investment activities – planned or recent acquisitions or divestitures.

– A pending acquisition may increase pressure of manipulating financial statements to
increase the purchase price.
 Financing activities – debt structure, terms, major liabilities & leasing arrangements.
5 MUBS Auditing notes 2021 by JKB, JB & JA
 - Breach of loan terms may lead the bank to recall the debt that may create going
concern uncertainty which may not be properly disclosed.
 Financial reporting – for example, industry-specific accounting practices like research
and development for pharmaceutical entities.
 The methods the entity uses to account for significant and unusual transactions.
 The effect of significant accounting policies in areas without authoritative guidance.
Accounting  Changes in the entity’s accounting policies.
policies  Financial reporting standards and laws and regulations that are new to the entity and
how they are to be adopted – this may lead to improper implementation and errors
before staff become conversant with it.
 Industry developments – the entity may lack personnel with the expertise to deal with
changes in the industry that may lead to misstatements.
Objectives &  New products (e.g. defects in car models) and services may increase product liability
strategies claims that may be understated in the financial statements.
 Expansion of the business may increase the risk of a breakdown in controls or may
lead to wrong estimation of demand that may increase inventory obsolescence.
 Use of a new IT system may lead to processing errors.
Measurement  Entity key performance indicators, trends, budgets and variance analyses.
and review of  Comparison of the entity performance with that of competitors.
financial  Employee performance measures and incentive compensation policies.
performance - Pressure to achieve performance targets increases risks of material misstatement, for
example, performance based bonuses increase the risk of recognizing revenue before
selling goods.
 Control environment – the governance and management functions and importance of
internal control to the entity.
Internal  Risk assessment – how management identifies, assesses and manages key risks.
control  Information system – procedures used to record, process and report the entity’s
(Covered in transactions and maintain accountability for the related assets, liabilities and equity.
Topic 4)  Control activities – are policies and procedures that ensure the entity’s objectives are
achieved e.g. lack of physical controls over assets increases the risk of theft.
 Monitoring of controls – the process of continuously assessing the effectiveness of
internal control so that corrective actions are taken.

Risk assessment procedures

Procedures How the procedure is used & Information received
Directors – understanding the environment in which the financial statements are prepared
and actual or suspected fraud.
 Management – e.g. the entity’s culture, management’s operating style & incentive
plans, potential for management override, knowledge of fraud or suspected fraud,
how estimates are prepared, the financial statement preparation and review process,
Inquiry* of appropriateness of accounting policies used, unusual events, major business risks.
entity  Internal audit personnel – the design and effectiveness of internal control and whether
personnel management has satisfactorily responded to their audit findings.
 Entity lawyers – cases in court, compliance with laws, product warranties
 Marketing/sales personnel – marketing strategies, sales trends, sales performance
incentives, customer contracts.

6 MUBS Auditing notes 2021 by JKB, JB & JA

 Observation How the entity operates and is organized.
of entity Operation of internal control procedures e.g. payment of cash wages
procedures Compliance with key policies e.g. in delivery of goods.
 Inspecting documents and records e.g. business plans, accounting manuals,
organisation charts, major contracts like loan agreements.
Inspection  Tracing transactions through the system (called a walkthrough test) in the sales cycle
of might reveal uninvoiced sales transactions which indicates an increased risk of
documents unrecorded revenues and receivables.
and assets  Reading internal reports and minutes internal audit reports, interim financial statements,
budgets, minutes of directors’ meetings.
 Reading external information like trade journals, reports from consultants,
correspondence with lawyers, licensing and regulatory authorities, the internet.
 Visiting premises and plant facilities.
 Compare the entity’s financial information with:
- Similar information for prior periods (for sales, this includes monthly & area figures).
Analytical - Anticipated results such as budgets.
procedures
- The results expected by the auditor.
(see notes
below) - The industry information.
- Information computed using non-financial information (called reasonableness test
or proof in total) e.g. compute tuition by multiplying the number of students by
tuition per student and compare with the tuition revenue reported.

*Inquiry should be used together with the other two procedures.

Information may also be obtained:
 While performing the client acceptance and continuation procedures.
 From previous audit work.
 From non-audit engagements with the client.

Risk assessment is more detailed during the first audit and in the subsequent audits the focus is on what has
changed since then. Understanding the entity and its environment continues throughout the audit.

Analytical procedures
Analytical procedures include the evaluation of financial information through the analysis of fluctuations or
relationships among both financial and non-financial data that are inconsistent with other relevant information
or that differ from expected amounts. Ratios commonly used include the following (see table):

Type of ratios Issues to consider/Risks

Profitability ratios Changes in gross profit margin may be due to changes in:
 Gross profit margin  Selling prices without a corresponding increase in purchase
= Gross profit x 100 prices.
Revenue  Product mix.
 Reduction in purchase prices without a corresponding decrease in
the selling prices.
 Cut-off errors in sales, purchases or inventory.
 Under or over-valuation of inventories and work-in-progress.
 Net profit margin
= Profit before interest & tax x 100  Misstatements in operating expenses and related balance sheet
7 MUBS Auditing notes 2021 by JKB, JB & JA
 Revenue accounts.
 Wrong capitalization of repair expenses or fraudulent payments.
 Return on capital employed
= Profit before interest and tax x 100  A change may be due to new loans/non-current assets
Capital employed  ROCE may be below the borrowing rate that may lead to loan
default and possible going concern uncertainty.
Efficiency ratios An increase in inventory turnover may be due to:
 Inventory turnover period  Changes in purchasing policy.
= Inventory × 365 days  Obsolete inventory and deteriorating trading conditions (check
Cost of sales compliance with IAS 2 Inventories on valuation)
 Absorption of cost that should have been written off to profit and
 Receivables collection period loss.
= Trade receivables × 365 days
Credit sales A decrease in inventory turnover may be due to:
 Improved inventory control.
 Overtrading, poor ordering or deterioration in supplier trading
 Payables payment period terms.
= Trade payables × 365 days  Cut-off errors (review inventory counting)
Credit purchases
High levels of inventory write-offs may indicate:
 Poor physical inventory management.
 Theft.
 Unrecorded sales.
 A deteriorating market for the entity's products.

An increase in the receivables collection period may be caused by:

 Increase in turnover or trading activity. Consider overtrading.
Deterioration in economic climate, the entity's credit control or debt
collection procedures. Consider the understatement of bad debts
and overstatement of receivables.
 Sales to fictitious customers to increase reported profit.
 Unrecorded receipts from customers or delays in banking receipts.
 Sales being inflated due to cut-off errors.
 Subsequent or delay in the issue of credit notes.

A decrease in the receivables collection period may indicate:

 A decrease in turnover or trading activity.
 Improvement in debt collection procedures.
 Sales cut-offs or subsequent receipts included in the current year.

A higher level of impairment provision may be caused by:

 Deteriorating economic conditions.
 Poor credit control.
 Amounts being written off without proper attempts at recovery or
receipts not being banked
 Fictitious sales being reversed through write-offs.

A high or increasing level of payables payment period may be due to:

8 MUBS Auditing notes 2021 by JKB, JB & JA
  An increase in purchases or trading activity.
 Management decision to delay payment (e.g. to reduce a bank
overdraft).
 Difficulty in paying debts as they fall due. As creditors may sue the
entity, this may lead to understatement of provisions for legal
expenses or may indicate a going concern problem.
 Management decision to increase inventory near the year-end.
 Payments made shortly before the year-end being recorded in the
subsequent period to inflate cash balances or reduce the bank
overdraft.

A low or declining level of payables payment period may indicate:

 Decrease in purchases or trading activity.
 Acceleration in the payment of payables.
 Payment orders or cheques being recorded in the cash book but
withheld (cheques entered in the cash book around the year-end
should be examined for subsequent clearance.
 A high incidence of cash purchases which in turn may indicate
deterioration in supplier terms and going concern problems.
Liquidity ratios
 Current ratio = Current assets  Lack of cash may lead to non-remittance of PAYE or NSSF
Current liabilities deductions and understatement or not accruing penalties.
 Quick ratio =
Current assets less inventory
Current liabilities
Long term financial stability ratios  Non-compliance with loan covenants, receivership or bankruptcy.
 Debt ratio = Total debt  Discuss with management how the high gearing is to be reduced
Total assets  Read correspondence with banks and default clauses in loan
 Gearing ratio = agreements
= Long term debt × 100%  Going concern uncertainty may not be properly disclosed. Do a
Shareholders’ equity + Long term detailed going concern review
debt  Loan default penalties may not be disclosed in financial
 Interest cover statements.
= Profit before interest and tax
Interest expense

Property, plant and equipment:

An increase may be caused by:
 Business expansion that may lead to an increase in business volume.
 Changes in the capitalisation policy.

A decrease may be caused by:

 Business down sizing that may lead to lower sales volume, redundancy claims etc.
 Going concern issues.
 Changes in the capitalisation policy.
 Significant changes in the depreciation charge that may result from changes in useful lives of assets,
estimate of residual values or errors in the computation of depreciation.

9 MUBS Auditing notes 2021 by JKB, JB & JA

Issues to be considered:
 Changes in carrying values of PPE.
 Significant additions and disposals, compared with previous years.
 The adequacy of depreciation rates taking into account:
- Average useful life compared to average age of PPE and taken out of use due to scrapping I
obsolescence.
- Profit on disposal of PPE and estimates of residual values.
 The proportion of assets due for replacement within a short period (say two years of the balance sheet
date) and their impact on the future gearing and possible going concern implications.
 Assets yielding direct income from third parties when compared to the carrying value, income received,
direct cost of maintenance including depreciation.

Example 1
You are the audit senior of Real & Co and you are planning the audit of Kings Construction Co (KCC) for the
year ended 30 June 2019. KCC specialises in building houses and provides a five-year building warranty to its
customers. Your audit manager has held a planning meeting with the finance director. He has provided you
with the following notes of his meeting and financial statement extracts:

KCC has had a difficult year; house prices have fallen and, as a result, revenue has dropped. In order to
address this, management has offered significantly extended credit terms to their customers. However,
demand has fallen such that there are still some completed houses in inventory where the selling price may be
below cost. During the year, whilst calculating depreciation, the directors extended the useful lives of plant and
machinery from three years to five years. This reduced the annual depreciation charge.

The directors need to meet a target profit before interest and taxation of Shs 150 million in order to be paid
their annual bonus. In addition, to try and improve profits, KCC changed their main material supplier to a
cheaper alternative. This has led to some customers claiming on their building warranties for extensive repairs.
To improve their operating cash flow, the directors borrowed Shs 300 million from DFCU bank during the year.
This is due for repayment at the end of 2019.

Financial statement extracts for year ended 30 June 2019

DRAFT ACTUAL
2019 2018
Shs 000 Shs 000
Revenue 12,500 15,000
Cost of sales (7,000) (8,000)
Gross profit 5,500 7,000
Operating expenses (5,000) (5,100)
Profit before interest and taxation 500 1,900
Inventory 1,900 1,400
Receivables 3,100 2,000
Cash 800 1,900
Trade payables 1,600 1,200
Loan 1000 –
Required:
Using the information above:

10 MUBS Auditing notes 2021 by JKB, JB &

JA
a) Calculate FIVE ratios for BOTH years, which would assist the audit senior in planning the audit of KCC.
b) Using the information provided, identify and describe FIVE risks and explain the auditor’s response to each
risk in planning the audit of Kings Construction Co.
Solution
Ratios to assist the audit supervisor in planning the audit (working in thousands):
2019 2018
Gross margin 5,500/12,500 = 44% 7,000/15,000 = 46·7%
Net profit margin 500/12,500 = 4% 1,900/15,000 = 12·7%
Inventory turnover days 1,900/7,000 x 365 = 99 days 1,400/8,000 x 365 = 64 days
Receivable days 3,100/12,500 x 365 = 91 days 2,000/15,000 x 365 = 49 days
Payable days 1,600/7,000 x 365 = 83 days 1,200/8,000 x 365 = 55 days
Current ratio 5,800/2,600 = 2·2 5,300/1,200 = 4·4
Quick ratio (5,800 – 1,900)/2,600 = 1·5 (5,300 – 1,400)/1,200 = 3.3

Risk Audit response

Receivable days have increased from 49 to 91 days Extended post year-end cash receipts testing and a
and management has significantly extended the review of the aged receivables ledger to be
credit terms given to customers. This leads to an performed to assess valuation.
increased risk of recoverability of receivables as
they may be overvalued.
Due to the fall in demand for KCC’s houses, there Detailed cost and net realisable value (NVR) testing
are some houses where the selling price may be to be performed and the aged inventory report to be
below cost. IAS 2 Inventories requires that reviewed to assess whether inventory requires
inventory should be stated at the lower of cost and writing down.
NRV.

In addition, inventory days have increased from 64

to 99 days and inventory turnover has fallen from
5·7 in 2012 to 3·7 in the current year. There is a risk
that inventory is overvalued.
The directors have extended the useful lives of Discuss with the directors the rationale for extending
plant and machinery from three to five years, the useful lives. Also, the five year life should be
resulting in the depreciation charge reducing. Under compared to how often these assets are replaced,
IAS 16 Property, Plant and Equipment , useful lives as this provides evidence of the useful life of assets.
are to be reviewed annually, and if asset lives have
genuinely increased, then this change is
reasonable.

However, there is a risk that this reduction has

occurred in order to achieve profit targets. If this is
the case, then plant and machinery is overvalued
and profit overstated.
The directors need to reach a profit level of Shs 150 Throughout the audit, the team will need to be alert
million in order to receive their annual bonus. There to this risk and maintain professional scepticism.
is a risk that they might feel under pressure to They will need to carefully review judgemental
manipulate the results through the judgements decisions and compare treatment against prior
taken or through the use of provisions. years. In addition, a written representation should

11 MUBS Auditing notes 2021 by JKB, JB &

JA
 be obtained from management confirming the basis
of any significant judgements.
Due to a change in material supplier, the quality of Review the level of the warranty provision in light of
products used has deteriorated and this has led to the increased level of claims to confirm
customers claiming on their five-year building completeness of the provision.
warranty. If the overall number of people claiming
on the warranty is likely to increase, then the
warranty provision should possibly be higher. If the
directors have not increased the level of the
provision, then there is a risk the provision is
understated.
KCC has received a short-term loan Shs 300m from During the audit, the team would need to check that
the bank. This loan needs to be repaid in 2019 and the Shs 300m loan finance was received. In
so should be disclosed as a current liability. addition, the disclosures for this loan should be
reviewed in detail to ensure compliance with
relevant accounting standards and legislation.
In addition, KCC may have used its assets as The loan correspondence should be reviewed to
security for the loan. There is a risk that the ascertain whether any security has been given, and
disclosure of any security given is not complete. this should be established as part of the bank
confirmation process.
The current and quick ratios have decreased from Detailed going concern testing to be performed
4·4 to 2·2 and 3·3 to 1·5 respectively. In addition, during the audit and discussed with the directors to
the cash balances have decreased over the year, ensure that the going concern basis is reasonable.
there is a fall in demand and KCC have taken out a
short-term loan of Shs 300 million, which needs to
be repaid in 2019.

Although all ratios are above the minimum levels, The team should discuss with the directors how the
this is still a significant decrease and along with the short-term loan of Shs 300 million will be repaid
fall in both operating and gross profit margins, as later in 2019.
well as the significant increase in payable days
could be evidence of going concern difficulties.

Significant risks
Auditors are mainly concerned with assessing significant risks. Significant risks are risks that require special
audit attention. In determining what a significant risk is, auditors consider the following factors:
 The risk of fraud (see the following section).
 The risk related to recent significant economic, accounting or other developments.
 The complexity of transactions.
 Significant transactions with related parties.
 High subjectivity in the measurement of the financial information.
 Significant transactions that are outside the normal course of business or appear to be unusual and may:
- Involve more management intervention to specify the accounting treatment.
- Involve more manual intervention in processing.
- Be non-routine transactions with less effective controls.
Relationship between the elements of audit risk

12 MUBS Auditing notes 2021 by JKB, JB &

JA
The following diagram summarises the relationships between the audit risk elements:
 Inherent risk, control risk and detection risk may be assessed as low, moderate or high.
 Inherent risk is usually assessed as high and may be reduced by the entity’s internal control.
 Control risk may be assessed as low if the entity’s internal control prevents, detects and corrects
misstatements.
 The auditor assesses the RMM in order to design and perform audit procedures to reduce detection risk
and audit risk to an acceptably low level.

Auditor’s objective: Determine whether the entity’s financial statements

are free from material misstatement
Low risk Moderate risk High risk
Entity’s business/fraud risks would lead to material misstatements
Inherent risk

Control risk Entity’s internal control may prevent, detect and

correct material misstatement

Assessed risks of
misstatement
Risks of material
misstatement Audit procedures designed to respond to risks
of misstatement identified

Audit risk reduced to an acceptably low level

LOW Risk exposure to fraud and error HIGH

Note:
The length of the bars above may vary based on particular circumstances and risk profile of the entity, and the
nature of the auditor’s response. In assessing the RMM, the auditor is guided by materiality.

3.3 Materiality in planning and performing an audit

Definition of materiality and performance materiality

Materiality is the significance of the misstatements including omissions that could reasonably be expected to
influence the economic decisions of users taken based on information in the financial statements.

ISA 320 Materiality in planning and performing an audit requires an auditor to apply the concept of materiality
appropriately throughout the audit in planning and performing an audit as to obtain reasonable assurance
about whether the financial statements are free from material misstatement. There are two levels of
materiality:
 Materiality for the financial statements as a whole – this is the overall materiality level set initially at the
planning stage and is used at the opinion stage to determine whether the aggregate of all misstatements
do not exceed the materiality level set for the audit.

 Performance materiality means the amount or amounts set by the auditor at less than materiality for the
financial statements as a whole to reduce to an appropriately low level the probability that the aggregate
13 MUBS Auditing notes 2021 by JKB, JB &
JA
 of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole.
If applicable, performance materiality also refers to the amount or amounts set by the auditor at less than
the materiality level or levels for particular classes of transactions, account balances or disclosures.

If a decision of a financial statement user group would be influenced by a misstatement of Shs 10m in the
financial statements, then the overall materiality for the financial statements would be Shs 10m. Any individual
misstatement or aggregate of individually immaterial misstatements that exceeds Shs 10m would result in the
financial statements being materially misstated. The lower the materiality, the more the evidence that would
be collected during the audit.

Factors determining materiality

The audit team should establish an acceptable materiality level basing on the following factors:
 The amount of the misstatement compared to the classes of transactions, account balances and
disclosures and their relationships, depending on the aspect of the financial statements being considered.

 Misstatements that may be considered due to qualitative factors like:

- Non-compliance with laws, regulations, IFRSs and contracts e.g. a small loan of Shs 500,000 to a
director that is not disclosed.
- Measurement or disclosure of transactions with related parties
- Personal use of assets by management and those charged with governance.
- The existence of fraud by management.
- Individually immaterial items that may become material when aggregated together.
- Key industry disclosures e.g. research and development costs for a pharmaceutical company).
- Significant events and important changes in operations like newly acquired businesses or discontinued
operations.
- An immaterial misstatement that when is corrected would turn a small profit into a loss.
- Illegal payments or executive expenses and personal use of assets by directors.
- Significant events like unusual events (e.g. destruction of assets), lawsuits.
- A transaction that affects the going concern assumption of the entity.
- Unusual events like destruction of assets or lawsuits.

Audit risk has an inverse relationship between materiality and the level of audit risk. The higher the risks of
misstatement, the lower the materiality and the higher the level of planned audit procedures so as to reduce
detection risk and audit risk to an acceptably low level. The higher level of audit procedures increases the
auditor’s likelihood of detecting lower misstatements if they exist.

Guidance on setting materiality

Materiality at the planning stage should be set using the most recent management accounts. If these are not
available, then the current period budget or then the audited financial statements for the previous period should
be used. The opinion materiality level at the end of the audit should be based on the draft financial statements.

The table below shows percentages that are commonly used, although no specific guidance is given in the ISA
as materiality is a matter of professional judgment. The following guidance on audit materiality is given for the
financial statements as a whole. The range of values approach should normally be considered.

Benchmark Range Where commonly used

Profit before tax 5%  Profit-oriented entities generating profits from continuing operations

14 MUBS Auditing notes 2021 by JKB, JB &

JA
 (PBT)* 10% with a relatively low total asset base.
 Focus is on financial performance.
Revenue 0.5%  Profit-oriented entities where PBT from continuing operations is volatile.
1%  Focus is on financial performance.
Total assets 1%  Entities with high total assets but low profits or financed mainly by debt.
2%  Focus is on return on investment and ability to repay debt.
Total expenses 0.5%  Public sector and not-for-profit entities.
1%  Focus is to evaluate the entity’s spending with its objectives.

*Before significant directors' profit-related bonuses and remuneration and exceptional items.

The auditor selects a benchmark relevant to the likely users of financial statements and the nature of the entity.

PBT may be increased depending on circumstances like when PBT is unusually large or small. When PBT in
a given year is not considered representative, an average for the previous 3 years may be used. Generally,
total misstatements in the financial statements exceeding 10% of PBT may be considered material and total
misstatements less than 5% may be considered immaterial in the absence of qualitative factors. Total
misstatements between 5% and 10% require more professional judgement of all the information available
The same process is applied to the other benchmarks.

Auditors may make adjustments to the benchmark base to make it more realistic, for example, PBT from
continuing operations could be adjusted for unusual or non-recurring revenue/expense items

The auditor sets performance materiality for particular classes of transactions, account balances or
disclosures at a figure lower than materiality for the financial statements as a whole. The lower figure enables
the auditor to perform more audit procedures to detect smaller misstatements in particular areas of the
financial statements.

Where materiality is set at Shs 10m, a misstatement of Shs 8m in receivables is considered immaterial.
However, non-current assets may be overstated by 7m and inventories by Shs 9m. These three errors are
individually immaterial but add up to Shs 24m that is cumulatively material. Therefore, performance materiality
may be set using professional judgment at a lower amount, let us say at Shs 6m (60% of Shs 10m) so that it is
more likely that at least one or all of the errors would be detected.

The difference of Shs 4m (Shs 10m – 6m) between overall materiality and performance materiality provides
assurance to the auditor that any undetected misstatements are unlikely to make financial statements materially
misstated.

Materiality may be revised as the audit progresses due to new information received and the auditor should
revise the nature, timing and extent of the further audit procedures remain appropriate.

Importance of materiality during the audit

The assessment of materiality assists in:
 Identifying and assessing the risks of material misstatement when planning the audit to ensure material
misstatements are identified.
 Determining the nature, timing and extent of further audit procedures – this influences the amount of audit
work to be done.
15 MUBS Auditing notes 2021 by JKB, JB &
JA
 Evaluating the effect of uncorrected misstatements, if any, on the financial statements.
 Forming the opinion in the auditor’s report.

Example
Below are figures extracted from the financial statements of Bitabuse Ltd. This is a small company that is
owner-managed by Bitabuse who owns 80% of the shares. The company has a bank loan of Shs 40m.
2019 2018 2017
Shs 000 Shs 000 Shs 000
Revenue 250,000 260,000 210,000
Gross profit 115,000 140,000 110,000
Operating expenses 104,700 97,000 74,000
Profit before tax 10,300 23,000 26,000
Total assets 158,000 113,000 73,000

Set materiality and performance materially when planning the audit of Bitabuse Ltd.

Solution
The main users of the financial statements are the banks and owners. Considering user needs and this being a
small company, materiality is assessed at 1% of revenue as this is a more stable benchmark than profits before
tax. Therefore, materiality for 2019 is Shs 2.5m. Using professional judgment, which is largely based on errors in
previous periods, performance materiality is set at Shs 1.8m which is about 70% of materiality .

3.4 Fraud, laws and regulations in an audit of financial statements

Introduction to fraud
Fraud is an intentional act by one or more individuals among management, those charged with governance,
employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage.

 Misstatements due to fraud are intentional whereas those due to error are unintentional.
 An auditor is only concerned with fraud that causes a material misstatement in financial statements.
 Fraud involving management or those charged with governance is called management fraud while fraud
involving only employees of the entity is called employee fraud. Management fraud is more complicated
than employee fraud because management may easily manipulate accounting records, present fraudulent
financial information or override control procedures.

Types of misstatements resulting from fraud

 Fraudulent financial reporting to deceive financial statement users involving the following:
- Manipulation, falsification (including forgery), or alteration of accounting records or supporting
documents.
- Misrepresentation in or intentional omission from, the financial statements of events and transactions.
- Intentional misapplication of accounting principles relating to amounts, classification, presentation, or
disclosure.
- Recording fictitious journal entries, particularly close to the end of an accounting period, to manipulate
operating results or achieve other objectives.
- Inappropriately adjusting assumptions and changing judgements used to estimate account balances.

16 MUBS Auditing notes 2021 by JKB, JB &

JA
 - Omitting, advancing or delaying recognition in the financial statements of events and transactions that
have occurred during the reporting period.
- Concealing, or not disclosing, facts that could affect the amounts recorded in the financial statements.
- Engaging in complex transactions to misrepresent the entity’s financial position or financial performance.
- Altering records and terms related to significant and unusual transactions.
 Misappropriation of assets involving the theft of an entity's assets like:
- Embezzling receipts, stealing physical assets or intellectual property.
- Using an entity’s assets for personal use or causing an entity to pay for goods and services not received.
NB: These involve false or misleading records or documents in order to conceal the missing assets.

Conditions that may lead to fraud (Fraud triangle)

 Pressure or incentive on management to meet performance targets or other employees to commit fraud so
as to pay personal debts etc.
 Opportunity for management or employees to commit fraud like large amounts of cash, small assets with
high value and in high demand like jewellery, a weak board of directors or internal control and i nadequate
IT knowledge by management which enables employees to perpetrate fraud.
 Rationalisation – this is the attitude that justifies fraud, for example, ‘I am only taking what I deserve’.

Responsibility for the prevention and detection of fraud

The primary responsibility for the prevention and detection of fraud rests with those charged with the
governance of the entity and with the management.
 Those charged with governance ensure management establishes and maintains internal control to prevent
or detect fraud.
 Management maintains strong controls to prevent fraud, reduce opportunities for fraud, increase the
likelihood of fraud detection and discourage individuals from committing fraud by punishment.
 Management must create a culture of honesty and ethical behaviour.

Auditor’s responsibility in prevention and detection of fraud

ISA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements requires an
auditor to obtain reasonable assurance that the financial statements taken as a whole are free from material
misstatement, whether caused by fraud or error. An auditor is required:
 To identify and assess the risks of material misstatement of the financial statements due to fraud.
 To obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due
to fraud through designing and implementing appropriate responses.
 To respond appropriately to fraud or suspected fraud identified during the audit.
 Maintain an attitude of professional skepticism throughout the audit, considering the potential for
management override of controls and recognising the fact that audit procedures which are effective in
detecting error may not be effective in detecting fraud.
 Discuss how the entity’s financial statements may be susceptible to material misstatement due to fraud and
the information should be communicated to team members not present in the meeting.
 Communicate any fraud identified on a timely basis to the appropriate level of management and consider
the implications on the audit report and their responsibility to report to regulatory authorities.

Laws and regulations

17 MUBS Auditing notes 2021 by JKB, JB &

JA
 ISA 250 Consideration of laws and regulations in an audit of financial statements requires an auditor to:
- To obtain sufficient appropriate audit evidence regarding compliance with the provisions of laws and
regulations that have a direct effect on material amounts and disclosures in the financial statements.
- To perform specified audit procedures to help identify instances of non-compliance with other laws and
regulations that may have a material effect on the financial statements.
- To respond appropriately to non-compliance or suspected noncompliance with laws and regulations
identified during the audit.

 It is the management's responsibility to ensure that the entity's operations are conducted in accordance with
laws and regulations and the responsibility for the prevention and detection of non-compliance rests with
the management. The auditor is not responsible for preventing non-compliance nor can the auditor be
expected to detect all noncompliance with laws and regulations.

 The engagement team should obtain an understanding of the legal and regulatory framework applicable to
the entity and how the entity is complying with the framework from (among others):
- Inquiry with management as to whether they have complied with all applicable laws and regulations,
about investigations by government departments and payment of fines and penalties.
- Inspection of correspondence with the relevant licensing or regulatory authorities, minutes of directors
and management meeting and reports from regulatory authorities.
- Independent confirmations from the entity's lawyers concerning litigation, claims and assessment.
- Audit tests of the details of classes of transactions, account balances or disclosures e.g. payments for
unspecified services or unusual payments in cash.

 When any instance of non-compliance is detected, the auditor should obtain an understanding of the act
and evaluate the possible effects on the financial statements including:
- The potential financial consequences such as fines, penalties, enforced discontinuation of operations.
- Whether the financial consequences require disclosure.
- Whether the potential consequences affect the true and fair view given by the financial statements.

 An auditor should consider reporting any non-compliance to those charged with governance, users of
financial statements or regulatory authorities.

 An auditor should consider withdrawal from the engagement in instances where the entity does not take
remedial action and should seek legal advice.

3.5 Corporate governance

Importance of corporate governance
Corporate governance is the system by which entities are directed and controlled by their senior officers. It is
important in public companies, not-for-profit and public sector bodies. Corporate governance is mainly relevant
to large entities where ownership is separate from management as there may be conflicts of interest between
shareholders and management.

Corporate governance concepts include:

 Fairness that protects the interests of stakeholders of an entity.
 Transparency in financial reporting by managers.
 Independence of non-executive directors and external auditors in effective monitoring of the company.

18 MUBS Auditing notes 2021 by JKB, JB &

JA
 Integrity of managers so that stakeholders are not given misleading financial statements.
 Accountability of directors and the company to shareholders and other stakeholders.

Corporate governance:
 Promotes the separation of power in an entity and the effective functioning of the board.
 Promotes ethical behavior and compliance with laws and regulations.
 Reduces cases of fraud and corruption, risks and potential for losses to shareholders.
 Improves the reputation of an entity and company performance.

Corporate governance in Uganda is promoted among others by:

 The Companies Act 2012 and the Financial Institutional Act 2004.
 The Institute of Corporate Governance of Uganda that has issued a manual on corporate governance.
 The Capital Markets Authority (CMA) that has issued corporate guidelines for listed companies in Uganda.

Financial reporting plays an important role in having an effective corporate governance system. Therefore, an
auditor should assess how a client entity complies with the corporate governance principles.

Principles of corporate governance

The CMA issued the following corporate governance principles for listed companies that may also be followed
as best practice by other corporate entities:

 The board of directors:

- Every company should be headed by an effective board of directors to offer strategic guidance, control
the company and that is accountable to its shareholders and responsible to its stakeholders.

- At least one-third of the board should be non-executive directors (NED) who are not part of the
executive management team, not an employees or affiliated with it in any other way or previously
served as executive manager of the company in order that they act as a balance to executive
management.

- The board should appoint a Nominating Committee composed of majority non-executive directors
responsible for proposing new nominees for the board and for assessing the performance of directors.

- The board should appoint a Remuneration Committee or assign a mandate to the Nominating
Committee to recommend to the Board the remuneration of the executive directors.

- The remuneration of executive directors should be linked to corporate performance including a share
option scheme so as to ensure the maximization of shareholder value.

- All directors should be re-elected at regular intervals or at least every three years .

 Position of chairperson of the board and chief executive:

- The two should be held by different people to ensure a balance of power of authority and provide for
checks and balances so that no individual has a lot of powers in decision-making.
- The chairperson of a public listed company should be an independent or non-executive director.
- No person shall be chairperson of more than two public listed companies at any one time.
19 MUBS Auditing notes 2021 by JKB, JB &
JA
 Rights of shareholders:
- All shareholders should receive relevant information on the company’s performance through
distribution of regular quarterly, half yearly and annual financial reports.
- There should be shareholder’s participation in all major decisions of the company like the disposal of
company assets, restructuring, takeovers, mergers, acquisitions or reorganizations.

 Accountability and the role of audit committees:

- The board should maintain sound internal control to safeguard the shareholders investments and assets.
- The board should establish a formal and transparent arrangement for shareholders to effect the
appointment of independent external auditors at each annual general meeting.
- The board must establish an audit committee with a majority of independent and non-executive
directors who report to the board. The chairperson of the audit committee should be an independent or
non-executive director, and the board should disclose in the annual report, whether it has an audit
committee and the mandate of that committee.
- The board should establish an independent and effective internal audit function.

Functions of an Audit Committee

They include the following:
 Monitoring the integrity of financial statements e.g. reviewing:
- Changes in accounting policies.
- Significant adjustments arising from the audit.
- The going concern assumption.
- Compliance with the IFRSs, stock exchange and other legal requirements.
 Reviewing the company’s internal control and risk management systems.
 Monitoring and reviewing the effectiveness of the company’s internal audit function.
 Making recommendations to the board, for submission to the shareholders for approval, in relation to the
appointment and removal of the external auditors and their remuneration.
 Reviewing and monitoring the external auditor’s independence, objectivity and effectiveness of the audit
process.
 Reviewing the external auditor’s management letter(s) and management’s response.
 Developing and implementing policy on the engagement of the external auditor to supply non-audit
services.
 Promoting whistle-blowing in the company i.e. reviewing arrangements for reporting confidential
information on fraud and wrong doing by staff, any related party transactions and investigating such
matters.

Advantages of an Audit Committee

An Audit committee:
 Improves the quality of financial reporting by overseeing the company’s accounting and financial
reportingand reviewing financial statements for compliance with the financial reporting framework.
 Improves the effectiveness of internal audit by increasing its independence from management.
 Improves internal control systems.
 Strengthens the independence of external auditors as it monitors their appointment and reviews the
reasonableness of audit fees and considers how non-audit services affect auditor independence.
 Improves communication between the directors, external auditors and management.
20 MUBS Auditing notes 2021 by JKB, JB &
JA
 Increases public confidence in the credibility of financial statements as they are reviewed by an
independent committee.
 Helps directors fulfill their corporate governance requirements like having an appropriate internal control
system and risk management.

Disadvantages of an audit committee

 Lack of understanding its role may make the executive directors feel that it undermines their authority.
 It creates a two-tier board of directors, the main board and the executive committee.
 It may increase costs as the non-executive directors have to be paid for additional work.

3.6 Responses to assessed risks

Assessed risks and the auditor’s responses

ISA 315 requires the risks of material misstatement to be assessed at two levels:
 The financial statement level and relate to financial statements as a whole and affect many assertions.
 The assertion level for classes of transactions, account balances and disclosures in order to determine the
nature, timing, and extent of further audit procedures necessary to obtain sufficient appropriate audit
evidence.

ISA 330 The auditor’s responses to assessed risks requires the auditor to design and implement appropriate
responses to the assessed risks at the overall financial statement and assertion levels (See diagram).

Assessed risks & auditor’s responses s

At the financial statement level At the assertion level

Further audit procedures

Overall responses include:
 Emphasize professional skepticism
 Assign more experienced/skilled staff Tests of Substantive
 Increase staff supervision during the audit controls procedures
 Make audit procedures more unpredictable
 Make changes to the timing or extent of audit
procedures Tests of Substantive Tests of
 Make changes in the audit approach details of analytical details of
 Evaluate the accounting policies used transactions procedures balances

RESULT
Sufficient appropriate audit evidence to reduce audit risk to an acceptably low level

21 MUBS Auditing notes 2021 by JKB, JB &

JA
Responses at financial statement levels
These responses are incorporated in the overall audit strategy and audit plan after assessing control risk
covered in Topic 4. Overall responses are at financial statement level and are required to reduce d etection risk
and audit risk and some are explained in the following paragraphs:

 Unpredictability can be achieved by performing audit procedures on account balances not usually tested
due to their materiality or risk or counting inventory at locations not tested in the previous periods.

 Changes to the timing or extent of audit procedures may for example be done as follows:
- Perform substantive procedures at the period end instead of at an interim date.
- Perform a physical inspection of certain assets.
- Perform further work to evaluate the reasonableness of management estimates.
- Increase sample sizes or perform analytical procedures at a more detailed level.

 Changes in the audit approach may involve the following:

- If the internal control is effective, the auditor may have more confidence in the reliability of evidence
generated by internal control and therefore:
 Adopts a combined audit approach which uses both tests of controls and substantive procedures.
 Conducts more audit work during interim audit rather than during final audit.

- If internal control is not effective, the auditor:

 Adopts a substantive approach where more audit evidence is obtained using substantive
procedures.
 Conducts more substantive procedures during the final audit rather than during the interim audit.
 Increases the number of locations to be included in the audit scope.

 Accounting policies especially those for subjective measurements and complex transactions are reviewed
as they may lead to fraudulent financial reporting.

Responses to assessed risks at the assertion level

Further audit procedures at the assertion level (e.g. sales, receivables and inventory) are designed in
accordance with the audit approach adopted in response to the assessed risks of material misstatement at the
financial statement level. The two types of audit procedures performed to collect evidence at the assertion
level are tests of controls and substantive procedures.

Tests of controls
 Tests of controls are audit procedures designed to evaluate the operating effectiveness of controls in
preventing, or detecting and correcting material misstatements at the assertion level.
 For example, the client’s system may require an assistant accountant to check whether selling prices are
accurate before the sales invoices are sent to customers. Therefore, the auditor tests the effectiveness of
this control by examining whether prices on sales invoices were checked by the assistant accountant.
 The auditor designs and performs tests of controls if risk assessment at the assertion level shows that
controls are expected to be operating effectively.
 Low control risk means more reliance can be placed on tests of control and less substantive tests of detail
would be performed. The lower the control risk, the bigger the sample of tests of controls.
 Tests of controls are not performed where controls are not expected to be operating effectively.
22 MUBS Auditing notes 2021 by JKB, JB &
JA
Substantive procedures
 Substantive procedures are audit procedures designed to detect material misstatements at the assertion
level.
 Substantive procedures consist of:
- Substantive analytical procedures involving the comparison of both financial and non-financial data used
to detect possible misstatements in financial statements e.g. the auditor compares actual and budgeted
sales.
- Tests of details of classes of transactions used to detect misstatements in individual transactions e.g. the
auditor compares sales invoices prices with those on the price list.
- Tests of details of account balances used to detect misstatements in period end balances in financial
statements e.g. the auditor observes the physical inventory count at the period end.
- The higher the inherent risk, the higher the level of assurance that is required from tests of control and
substantive procedures (including analytical procedures used as substantive procedures) and therefore the
higher the sample size required of substantive procedures.

 Substantive procedures must be performed whenever audit of financial statements is performed

because they are used to detect material misstatements.
 The auditor is required to perform substantive procedures for each material class of transactions,
account balance and disclosure as they are expected to involve significant risks.
 Where a combined audit approach is adopted, the audit procedures are performed in the following
order: tests of controls, substantive tests of transactions, analytical procedures and tests of details of
balances.

Examples of risks and possible responses

Below are examples of risks and possible responses. Some of these responses will become clearer after
covering more responses in Topic 4 and 5.

Risks Possible responses

Inventory is overstated as its  Examine instructions to identify slow moving inventory items when
net realizable value of attending the inventory count.
inventory is lower than cost  Increased emphasis on the review of the year end analysis of
due to changes in fashions evidence for slow moving inventory.
 Ascertain the prices of items sold after the year end to ensure they are
higher than the inventory value in the SOFP.
Assets more susceptible to  Focus on testing physical internal controls to prevent theft of assets.
theft and items in the SOFP  Increased sample sizes for inspection of recorded assets, especially
may be non-existent. material ones.
Increased risk of classifying  Get a break down of related costs and review accounting entries
revenue expenditure as against invoices/details of work done to ensure expenditure is properly
capital expenditure and vice classified.
versa.  Perform a detailed review of repair accounts for any capital
expenditure.
Increased risk of incomplete  Perform analytical procedures focusing on comparing revenue with
or unrecorded revenue due expected budget or monthly pattern.
to theft of cash receipts.  Reconcile a sample of cash receipts to actual bankings.
Recognising revenue/  Agree a sample of revenue recorded prior to year-end to supporting
23 MUBS Auditing notes 2021 by JKB, JB &
JA
 expenses in the wrong period sales invoices, delivery notes and contracts before year end.
e.g. recognising deposits  Agree a sample of revenue recorded after the year-end to supporting
received in advance before sales invoices, delivery notes and contracts after the year end.
delivery of goods to inflate  Perform analytical procedures, for example, by comparing revenue
profit. reported by month and by product line or business segment during the
current reporting period with comparable prior periods.
(Similar tests are done for purchases/expenses using relevant
documents)
Increased risk of  Review post year receipts from customers during the audit for
understating allowance for receivables at the year-end. Establish whether an allowance has been
receivables and overstating made for receivables still outstanding.
assets & profits  Review the aged receivable analysis and customer correspondence
files for evidence of disputed receivables and consider the adequacy
for any allowance.
Huge debts with cash flow  Review correspondence with the lenders for evidence of extension of
problems that may imply credit facilities.
going concern problems  Review compliance with loan covenants and increase testing for
evidence of manipulation of performance indicators by management.
 Review post year-end results and cash flow forecasts for evidence of
the entity still being a going concern.
New client system/ controls/  Undertake additional visits (e.g. interim audit) to assess the
staff increasing the risk of effectiveness of controls in areas affected.
errors and controls not  Review and document the new system/controls, perform tests of
operating effectively. controls where appropriate.
 Increase sample sizes for substantive procedures over financial
statement areas.
Management has incentive to  Increased testing on judgement areas in financial statements e.g.
manipulate performance and revenue recognition accounting policies and provisions.
overstate profits

Example
You are an audit supervisor of Cane & Co planning the audit of Ham Co, a listed company, for the year ending
31 December 2019. The company manufactures computer components and forecast profit before tax is Shs
336m and total assets are Shs 793m.

Ham Co distributes its products through wholesalers as well as via its own website. The website was upgraded
during the year at a cost of Shs 11m. Additionally, the company entered into a transaction in November to
purchase a new warehouse which will cost Shs 32m. Ham Co’s legal advisers are working to ensure that the
legal process will be completed by the year end. The company issued Shs 50m of irredeemable preference
shares to finance the warehouse purchase.
During the year the finance director has increased the useful economic lives of fixtures and fittings from three
to four years as he felt this was a more appropriate period. The finance director has informed the engagement
partner that a revised credit period has been agreed with one of its wholesale customers, as they have been
experiencing difficulties with repaying the balance of Shs 12m owing to Ham Co. In October 2019, Ham Co
introduced a new bonus based on sales targets for its sales staff. This has resulted in a significant number of
new wholesale customer accounts being opened by sales staff. The new customers have been given

24 MUBS Auditing notes 2021 by JKB, JB &

JA
favourable credit terms as an introductory offer, provided goods are purchased within a two-month period. As a
result, revenue has increased by 5% on the prior year.

The company has launched several new products this year and all but one of these new launches have been
successful. Feedback on product Lima, launched four months ago, has been mixed, and the company has just
received notice from one of their customers, Panta Co, of intended legal action. They are alleging the product
sold to them was faulty, resulting in a significant loss of information and an ongoing detrimental impact on
profits. As a precaution, sales of the Lima product have been halted and a product recall has been initiated for
any Lima products sold in the last four months.

The finance director is keen to announce the company’s financial results to the stock market earlier than last
year and in order to facilitate this, he has asked if the audit could be completed in a shorter timescale. In
addition, the company is intending to propose a final dividend once the financial statements are finalised.

Required:
Describe SEVEN audit risks, and explain the auditor’s response to each risk, in planning the audit of Ham Co.
Note: Prepare your answer using two columns headed Audit risk and Auditor’s response respectively.

Solution
Audit risk and auditor’s response
Audit risk Auditor’s response
Ham Co upgraded their website during the year at a Review a breakdown of the costs and agree to
cost of Shs 11m. The costs incurred should be invoices to assess the nature of the expenditure
correctly allocated between revenue and capital and if capital, agree to inclusion within the asset
expenditure. register or agree to the statement of profit or loss.

As the website has been upgraded, there is a The audit team should document the revised
possibility that the new processes and systems may system and undertake tests over the completeness
not record data reliably and accurately. This may and accuracy of data recorded from the website to
lead to a risk over completeness and accuracy of the accounting records.
data in the underlying accounting records.
Ham Co has entered into a transaction to purchase Discuss with management as to whether the
a new warehouse for Shs 32m and it is anticipated warehouse purchase was completed by the year
that the legal process will be completed by the year end. If so, inspect legal documents of ownership,
end. such as title deeds ensuring these are dated prior to
1 January 2020 and are in the company name.
Only assets which physically exist at the year-end
should be included in property, plant and
equipment. If the transaction has not been
completed by the year end, there is a risk that
assets are overstated if the company incorrectly
includes the warehouse at the year end.
Significant finance has been obtained in the year, Review share issue documentation to confirm that
as the company has issued Shs 50m of the preference shares are irredeemable. Confirm
irredeemable preference shares. that they have been correctly classified as equity
within the accounting records and that total
This finance needs to be accounted for correctly, financing proceeds of Shs 50m were received.
with adequate disclosure made. As the preference
25 MUBS Auditing notes 2021 by JKB, JB &
JA
shares are irredeemable, they should be classified In addition, the disclosures for this share issue
as equity rather than non-current liabilities. Failing should be reviewed in detail to ensure compliance
to correctly classify the shares could result in with relevant accounting standards.
understated equity and overstated non-current
liabilities.
The finance director has extended the useful lives of Discuss with the directors the rationale for any
fixtures and fittings from three to four years, extensions of asset lives and reduction of
resulting in the depreciation charge reducing. Under depreciation rates. Also, the four-year life should be
IAS 16 Property, Plant and Equipment, useful lives compared to how often these assets are replaced,
are to be reviewed annually, and if asset lives have to assess the useful life of assets.
genuinely increased, then this change is
reasonable.
However, there is a risk that this reduction has
occurred in order to boost profits. If this is the case,
then fixtures and fittings are overvalued and profit
overstated.
A customer of Ham Co has been encountering Review the revised credit terms and identify if any
difficulties paying their outstanding balance of Shs after date cash receipts for this customer have been
12m and Ham Co has agreed to a revised credit made.
period.
If the customer is experiencing difficulties, there is Discuss with the finance director whether he intends
an increased risk that the receivable is not to make an allowance for this receivable. If not,
recoverable and hence is overvalued. review whether any existing allowance for
uncollectable accounts is sufficient to cover the
amount of this receivable.
A sales-related bonus scheme has been introduced Increased sales cut-off testing will be performed
in the year for sales staff, with a significant number along with a review of any post year-end returns as
of new customer accounts on favourable credit they may indicate cut-off errors. In addition,
terms being opened before the year end. This has increased after date cash receipts testing to be
resulted in a 5% increase in revenue. undertaken for new customer account receivables.

Sales staff seeking to maximise their current year

bonus may be tempted to open new accounts from
poor credit risks leading to irrecoverable
receivables. In addition, there is a risk of sales cut-
off errors as new customers could place orders
within the two-month introductory period and
subsequently return these goods post year end.
Ham Co has halted further sales of its new product Discuss with the finance director whether any write
Lima and a product recall has been initiated for any downs will be made to this product, and what, if
goods sold in the last four months. any, modifications may be required with regards the
quality.
If there are issues with the quality of the Lima
product, inventory may be overvalued as its NRV Testing should be undertaken to confirm cost and
may be below its cost. NRV of the Lima products in inventory and that on a
line-by-line basis the goods are valued correctly.
Additionally, products of Lima sold within the last
four months are being recalled, this will result in

26 MUBS Auditing notes 2021 by JKB, JB &

JA
 Ham Co paying customer refunds. The sale will Review the list of sales made of product Lima prior
need to be removed; a refund liability should be to the
recognised along with the reinstatement of recall, agree that the sale has been removed from
inventory, although the NRV of this inventory could revenue and the inventory included. If the refund
be of a minimal value. Failing to account for this has not been paid pre year end, agree it is included
correctly could result in overstated revenue and within current liabilities.
understated liabilities and inventory.
Panta Co, a customer of Ham Co, has announced Cane & Co should write to the company’s lawyers
that they intend to commence legal action for a loss to
of information and profits as a result of the Lima enquire of the existence and likelihood of success
product sold to them. of any claim from Panta Co. The results of this
should be used to assess the level of provision or
If it is probable that the company will make payment disclosure included in the financial statements.
to the customer, a legal provision is required. If the
payment is possible rather than probable, a
contingent liability disclosure would be necessary. If
Ham Co has not done this, there is a risk over the
completeness of any provisions or the necessary
disclosure of contingent liabilities.
The finance director has requested that the audit The timetable should be confirmed with the finance
completes one week earlier than normal as he director. If it is to be reduced, then consideration
wishes to report results earlier. A reduction in the should be given to performing an interim audit in
audit timetable will increase detection risk and place late March or early April; this would then reduce the
additional pressure on the team in obtaining pressure on the final audit.
sufficient and appropriate evidence.

In addition, the finance team of Ham Co will have The team needs to maintain professional scepticism
less time to prepare the financial information leading and be alert to the increased risk of errors
to an increased risk of errors arising in the financial occurring.
statements.
The company is intending to propose a final Discuss the issue with management and confirm
dividend once the financial statements are finalised. that the dividend will not be included within liabilities
This amount should not be provided for in the 2019 in the 2019 financial statements.
financial statements, as the obligation only arises
once the dividend is announced, which is post year
end.
The financial statements need to be reviewed to
In line with IAS 10 Events after the Reporting Date ensure that adequate disclosure of the proposed
the dividend should only be disclosed. If the dividend is included.
dividend is included, this will result in an
overstatement of liabilities and understatement of
equity.

3.6 Overall audit strategy and audit plan

Overall audit strategy
After the preliminary engagement activities an auditor develops the overall audit strategy that sets the scope,
timing and direction of the audit. It includes the following (see table).
27 MUBS Auditing notes 2021 by JKB, JB &
JA
 Main areas Matters to consider
 Financial reporting framework to be used & industry specific reporting requirements.
 Nature of business segments to be audited and the need for specialized knowledge.
Characteristics of  Availability of the work of internal auditors and the extent of reliance on such work.
the audit  Effect of IT and expected use of computer-assisted audit techniques (CAATS).
 Availability of client personnel and data.
Reporting  Timing of the audit such as interim and final stages and reporting deadlines.
objectives, timing  Discussion with management and those charged with governance on the type and
of the audit & timing of reports to be issued including the auditor’s report and management letters.
nature of  Any expected communications with third parties including statutory obligations.
communications
 Materiality for financial statements and performance materiality for specific areas.
 Preliminary identification of significant components and material classes of
Significant factors transactions, account balances and disclosures.
& developments  Identification of areas where there may be higher risks of material misstatement.
 Assessed risk of material misstatement at the overall financial statement.
 Assess whether the auditor plans to obtain evidence on internal control effectiveness.
 Recent significant entity-specific, industry, financial reporting or other developments.
Nature, timing  Selection of the audit team and any experts required.
and extent of  Assignment of team members, allocating more experienced staff to higher risk areas.
resources  Audit budget, including allocating more time to higher risk areas.

Audit plan
The overall audit strategy guides the development of a more detailed audit plan. An audit plan includes the
nature, timing and extent of audit procedures to be performed by the engagement team in order to obtain
sufficient appropriate audit evidence to reduce the audit risk to an acceptably low level.

Contents of an audit plan

1) Preliminary risk assessment procedures
a) Analytical review of key business ratios, trends and other financial information obtained in
understanding of the entity and its environment.
b) A preliminary review of overall risk and key risks in individual audit areas and their impact on the audit
taking into account:
 Past experience.
 Areas large in materiality.
 Changes in financial reporting standards and accounting policies.
 Areas where there is a significant risk of material misstatement or fraud.
 Complex accounting areas including those involving accounting estimates.
 The impact of information technology.
 Conditions requiring special attention, such as the existence of related party transactions,
contingencies, market and industry conditions.
 Any taxation aspects which may affect the audit.
28 MUBS Auditing notes 2021 by JKB, JB &
JA
  Appropriateness of the going concern assumption.

2) Sources of reliance
3) Materiality & performance materiality and the reasons for choosing them.
4) Auditor's response to assessed risk – this includes the risks identified for each key audit area above and
the planned response to such risks including the use of specialised audit tools including CAATs.
5) Sampling techniques to be adopted.
6) Audit timetable and requirements
a) Determination of accounting work and audit schedules to be prepared by the client and by the auditor.
b) Consideration of independence requirements where accounting and tax work is carried by the auditor.
c) Overall audit timetable including:
 Client and legal reporting deadlines.
 Availability of accounting records for audit commencement.
 Year-end procedures.
 Audit needs at different client locations.
 Time and cost budgets
7) Audit programs for major audit areas like receivables, inventory and cash showing the:
 Nature – particular audit procedures to be used and items to which the procedures will be applied.
 Extent – number of items to be examined and number of different tests to be performed.
 Timing – appropriate time to perform the procedures.
(See notes below)
The following should be noted:
 An audit strategy and audit plan are not necessarily sequential processes. In practice, the two may be
developed together and changes in one may lead to changes to the other.
 An audit plan is normally prepared by an audit manager and approved by an engagement partner.
 An engagement partner may communicate with those charged with governance and management the
overall audit strategy, the timing of the audit and the audit requirements, but not details of the audit
procedures.
 An audit strategy and audit plan may be changed as the audit progresses as a result of unexpected events
and evidence obtained from audit procedures that contradict the information available at the planning
stages.
 Initial audit engagements require more planning activities than recurring audit engagements.
 The time budget used in estimating an audit fee is based on the time spent by each staff on the audit.
Time is allocated to various audit areas in the three audit phases.
 An audit fee quoted is the total of:
- Professional fees computed based on the estimated hours worked by each member of the audit team
multiplied by the rate per hour
- Out-of-pocket expenses like travel, accommodation and allowances to be incurred during the audit

29 MUBS Auditing notes 2021 by JKB, JB &

JA
An example of an audit program (Sample size and the items in the sample are not included )
Audit program: Sales WP Ref.:
Prepared by: Date:
Reviewed by: Date:
Client:
Period:

Audit procedures Audit assertion Done by WP Ref

1) Carry out a sequence test for goods despatch notes. Occurrence
2) Select a sample of goods despatch notes and for each inspect
the corresponding sales invoices and trace each sales invoice to
the sales journal.
3) Carry out a sequence test for sales invoices in the sales journal. Completeness
4) Trace a sample of sales invoices from the sales journal to: Accuracy
i) Duplicate sales invoice and check for the total amount Cut-off
recorded in the journal, date, customer name, and account Classification
classification.
ii) Goods despatch note and test for customer name, product
description, quantity and date.
iii) Duplicate sales order and test for customer name, product
description, quantity, date.
iv) Customer order and test for customer name, product
description, quantity, date and credit approval.
v) The receivables ledger and test for amount, date, and invoice
number.
5) Check the pricing, extensions, and footings.
6) Inspect the supporting documents for evidence of verification.
7) Trace sales journal total to the general ledger

 An audit program documents the nature, timing and extent of audit procedures to be performed at the
assertion level for each material class of transactions, account balance and disclosure. It serves as a set
of instructions to the engagement team and as a means to control and record the proper execution of the
audit.
 It is a mix of tests of controls, substantive analytical procedures and substantive tests of details to be used
and the assertion(s) being addressed.
 The audit program is often drafted by the senior and reviewed by the manager and approved by the
engagement partner.
 In preparing the audit program, consider the specific risk assessment and the level of assurance to be
provided by substantive procedures.

Interim and final audits

Audit procedures during audit fieldwork may be performed before or after the end of the accounting period.
 Interim audit is performed before the end of the accounting period.
30 MUBS Auditing notes 2021 by JKB, JB &
JA
 Final audit is performed after the end of the accounting.

When making an audit timetable, auditors consider the dates for the annual general meeting, other preceding
key events and when the audit should commence. Audit procedures to collect evidence may on The
performance phase audit of financial statements may be done during or after the accounting period, depending
on the size of the audit. The audit before the period end is called interim audit and the audit after the period
end is called final audit.

Audit timetable
The following is an example of a timetable used in the first audit of financial statements for the period ending
31.12.2020 of a big entity:

January Initial visit:

– March 2020 Audit planning:
 Risk assessment, understanding the client and its environment, including performing
preliminary analytical procedures.
 Documenting the client’s internal control system
 Evaluating the design of the internal controls system
 Developing the overall audit strategy & audit plan (including audit programs)
October 2020 Interim audit:
 Performing tests of controls to check the operating effectiveness of the entity’s
internal controls for the first nine months
 Performing substantive procedures on transactions and account balances for the
first nine months to get evidence that the accounting records can be used as a basis
for the preparation of financial statements at the year-end.
 Issuing an interim management letter showing deficiencies identified, effects and
recommendations to improve the system.
December Final audit – Performing substantive tests on the final financial statements including the
2020 following:
 Obtaining confirmation third confirmations of receivables etc.
 Observation of inventory counting.
 Performing cutoff tests.
January 2021  Performing analytical procedures on draft financial statements.
 Agreeing the financial statement balances with the underlying accounting records
February –  Completion of tests of controls and substantive tests of transactions.
March 2021
 Completion of most substantive tests of details of balances.
 Review of subsequent events
 Review of going concern assumption status of the entity
 Obtaining written representations from management
 Review audit evidence to ensure sufficient appropriate evidence has been collected
and the financial statements comply with the financial reporting framework.
 Preparing and issuing an audit report after the directors have signed the financial
statements.
April 2021  Issuing a final management letter showing deficiencies identified, effects and
recommendations to improvement the system.
31 MUBS Auditing notes 2021 by JKB, JB &
JA
The following should be noted:
 When handling big clients, there may be more than one interim audit e.g. a first interim audit in May/June
and second interim audit in October/November.
 In most instances (particularly with small entities), audit procedures are carried out at the period end and
later as the auditor is more concerned with misstatements in the financial statements at the period end.
 Therefore, the higher the risks of material misstatement, the more likely it would be for substantive
procedures to be performed nearer to, or after, the period end.
 Certain audit procedures including cut-off procedures, period-end adjustments and subsequent events can
be performed only at, or after, the period end.
 When substantive procedures are performed during interim audit, the auditor should perform further
substantive procedures, or substantive procedures combined with tests of controls, to cover the remaining
period. This reduces the risk of misstatements at the period end not being detected.
 An interim audit:
- Enables the auditor to complete the audit on time, especially when there is a tight deadline.
- Assists in identifying significant matters early so that they are discussed and resolved with
management or addressed during the audit.
- Reduces time needed to collect sufficient appropriate audit evidence during final audit.
 When the tests of controls are performed during interim audit, the auditor usually extends the tests to
cover the remaining period. Additional evidence on controls to be collected during final audit depends on
the following factors:
- Significance of assessed risks of material misstatement at the assertion level.
- Specific controls that were tested during the interim period.
- Degree to which audit evidence about the operating effectiveness of those controls was obtained.
- Length of the remaining period.
- Extent to which the auditor intends to reduce further substantive procedures based on the reliance on
internal control.
- The control environment.
- Any significant changes in internal control, including changes in the information system, processes, and
personnel that occurred subsequent to the interim period.

Benefits of audit planning

ISA 300 Planning an audit of financial statements requires an auditor to plan every audit. Adequate planning
ensures:
 That the auditor devotes appropriate attention to key audit areas and those with significant risks.
 That potential problems are identified and resolved on a timely basis.
 The audit is properly organized and managed efficiently and effectively.
 Competent audit team members are selected and work is properly assigned to them.
 Proper direction and supervision of the engagement team and review of their work.
 There is proper coordination (where possible) of work done by experts and auditors of subsidiaries.

3.7 Audit documentation

Purpose

32 MUBS Auditing notes 2021 by JKB, JB &

JA
Audit documentation (or audit working papers) is a record of audit procedures performed, relevant audit
evidence obtained and conclusions reached. ISA 230 Audit Documentation requires the auditor to prepare
documentation as it:
 Provides evidence of the basis for conclusion about the achievement of the overall objectives of the
auditor.
 Provides evidence that the audit was planned and performed in accordance with ISAs and applicable laws.
 Assists the engagement team in planning and performing the audit.
 Assists members of the engagement team in directing and supervising audit work
 Enables the engagement team to be accountable for its work.
 Is a record of matters of continuing significance to future audits.
 Enables the conduct of quality control reviews and inspections.

Form and content

The auditor should prepare audit documentation that is sufficient to enable an experienced auditor, having no
previous connection with the audit, to understand how the audit was conducted, the audit procedures
performed, the audit evidence obtained and significant matters arising during the audit, and the conclusions
reached.

The following is the format of a typical audit working paper on audit procedures:
 Subject – identifies the area of the financial statements being audited e.g. year-end inventory count.
 Audit objective – the purpose of the audit procedures in terms of the control or assertions being tested e.g.
to test the accuracy of year-end inventory.
 Work done e.g.
- Details of items tested like purchase order numbers.
- How the sample was selected and how the audit tests were performed.
- The dates of the inquiries and the names and job designations of the entity personnel interviewed.
- The process observed, the individuals involved, where and when the observation was carried out.
- Tick marks (in a manual audit), which are symbols showing the auditor’s or reviewer’s action like
tracing the cash figure in the bank reconciliation to the cash book.
 Results – weaknesses in internal controls or misstatements detected.
 Conclusion – based on audit evidence and the audit objective and whether the audit area would make
financial statements show a true and fair view.

33 MUBS Auditing notes 2021 by JKB, JB &

JA
 Client: Ref:
Year end: Prepared by: Date:
Reviewed by: Date:
Subject:

Audit objective:
Work done:

Results:
Conclusions:

Audit files
The auditor should assemble the audit documentation in physical or electronic form, in an audit file for each
engagement on a timely basis. For recurring audits, the audit file may be split between a permanent audit file
and a current audit file.
 A permanent audit file that contains information used in many audits which is updated annually and
includes the following:
- Client acceptance questionnaire
- Engagement letters
- Articles of association and a memorandum
- Loan and lease agreements
- Entity business history and industry information
- Board minutes
- Names of management, directors, shareholders
- Accounting systems documentation
- Previous years’ signed accounts, analytical procedures and management letters

 A current audit file that contains information relevant to the current year’s audit and includes the following:
- Financial statements, audit report & management letter.
- Audit completion checklists and management representation letters.
- Trial balance, summary of unadjusted errors, management accounts.
- Final analytical procedures.
- Subsequent events and contingencies.
- Going concern review.
- Tests of controls & substantive procedures for key financial statement areas: Cash, Receivables,
Inventory, Payables, Long-term debt, Revenue, Purchases& Payroll
- Audit plan including audit time table, staffing, time budgets & cost summaries, time records
- Risk assessment procedures and results at the financial statement & assertion levels, including
significant risks.
- Audit strategy and materiality.

34 MUBS Auditing notes 2021 by JKB, JB &

JA
 - Preliminary engagement activities.

The audit file:

 Should be organized using an indexing system by the stage in the audit process and financial statement area
to enable specific working papers to be easily located.
 Is property of the auditor although it may include schedules prepared by the client for the auditor.
Information cannot be revealed without the client’s permission.
 Documentation should not be deleted or discarded until the firm’s file retention period has expired, that is
normally at least eight years after the date of adoption of the financial statements by the entity.

3.8 Financial statement assertions and audit evidence

Financial statement assertions
Assertions are representations by management, explicit or otherwise, that are embodied in the financial
statements, as used by the auditor to consider the different types of potential misstatements that may occur.

ISA 315 (Revised) states: ‘In representing that the financial statements are in accordance with the applicable
financial reporting framework, management implicitly or explicitly makes assertions regarding the recognition,
measurement and presentation of classes of transactions and events, account balances and disclosures’.
Consequently auditors use these assertions when considering the potential types of misstatements that may
occur and when designing and performing appropriate audit procedures.

During the interim audit, audit procedures focus on transactions that have occurred so far in the period. This
will determine the mix of tests of control and substantive tests but both will tend to focus on transactions that
have occurred so far in the period. Transactions include sales, purchases, and wages paid during the
accounting period.

During the final audit, the focus is on the financial statements and the assertions about assets, liabilities and
equity interests. At this stage, the auditor will design substantive procedures to ensure that assurance has
been gained over all relevant assertions.

ISA 315 (Revised) lists two types of assertions:

 Assertions about classes of transactions and events and related disclosures for the period under audit:
- Occurrence – transactions and events that have been recorded or disclosed, have occurred, and such
transactions and events pertain to the entity.

- Completeness – all transactions and events that should have been recorded have been recorded and
all related disclosures that should have been included in the financial statements have been included.

- Accuracy – amounts and other data relating to recorded transactions and events have been recorded
appropriately, and related disclosures have been appropriately measured and described.

- Cut-off – transactions and events have been recorded in the correct accounting period.

- Classification – transactions and events have been recorded in the proper accounts.

35 MUBS Auditing notes 2021 by JKB, JB &

JA
 - Presentation – transactions and events are appropriately aggregated or disaggregated and clearly
described, and related disclosures are relevant and understandable in the context of the requirements
of the applicable financial reporting framework.

 Assertions about account balances and related disclosures at the period end:

- Existence – assets, liabilities and equity interests exist.

- Rights and obligations – the entity holds or controls the rights to assets, and liabilities are the
obligations of the entity.

- Completeness – all assets, liabilities and equity interests that should have been recorded have been
recorded and all related disclosures that should have been included in the financial statements have
been included.

- Accuracy, valuation and allocation – assets, liabilities and equity interests have been included in the
financial statements at appropriate amounts and any resulting valuation or allocation adjustments
have been appropriately recorded and related disclosures have been appropriately measured and
described.

- Classification – assets, liabilities and equity interests have been recorded in the proper accounts.
- Presentation – assets, liabilities and equity interests are appropriately aggregated or disaggregated
and clearly described, and related disclosures are relevant and understandable in the context of the
requirements of the applicable financial reporting framework.

When auditing, the auditor verifies the assertions as follows:

 Occurrence – the auditor verifies whether the recorded transactions occurred and the financial statements
are not overstated. For example, the auditor checks whether the recorded sales are for goods that were
dispatched to existing customers.

 Completeness – the auditor verifies whether all transactions have been recorded and the financial
statements are not understated. For example, the auditor checks whether all sales that occurred have
been recorded.

 Accuracy – the auditor verifies whether transactions and events are recorded appropriately and the
financial statements are not misstated. For example, the auditor checks whether sales were invoiced and
the invoices were recorded correctly.

 Cut-off – the auditor verifies whether transactions and events are recorded in the correct accounting
period and there are no cut-off errors. For example, the auditor checks whether sales transactions were
recorded in the correct period.

 Classification – the auditor verifies whether transactions and events are recorded in proper accounts and
are not wrongly classified. For example, the auditor checks whether sales transactions are properly
classified.

 Presentation – the auditor checks whether transactions and events are properly presented and disclosed
in in the financial statements.
36 MUBS Auditing notes 2021 by JKB, JB &
JA
 Existence – the auditor verifies whether assets, liabilities and equity included in the statement of financial
position existed at the reporting date and are not overstated. For example, the auditor checks whether all
the inventory exists at the balance sheet date.

 Completeness – the auditor verifies whether all assets, liabilities and equity have been included in the
financial statements and are not understated. For example, the auditor checks whether all existing
inventory has been counted and included in the inventory shown in the statement of financial position.

 Rights and obligations – the auditor verifies whether the entity controlled assets and had obligations for
liabilities in the statement of financial position at the reporting date. For example, the auditor checks
whether the entire inventory shown in the statement of financial position were for the entity and had not
been pledged as security for loans.

 Valuation and allocation – the auditor verifies whether assets, liabilities and equity have been included in
financial statements at appropriate amounts. For example, the auditor checks whether inventory shown in
the statement of financial position was properly valued as at the lower of cost and net realizable value.

 Presentation – the auditor verifies whether assets, liabilities and equity interests are properly presented
and disclosed in accordance with the requirements of the applicable financial reporting framework.

Audit evidence
Audit evidence is information used by the auditor in arriving at conclusions on which the opinion is based. The
evidence is obtained from records underlying financial statements and sources outside the entity. The audit
trail in collecting evidence includes tracing transactions from source documents to various journals, ledgers up
to financial statements and vice versa. The evidence received may support or contradict management’s
assertions.

ISA 500 Audit evidence requires the auditor to obtain sufficient appropriate audit evidence to be able to draw
reasonable conclusions on which to base the opinion.
 The auditor should collect sufficient evidence before forming an opinion. The sufficiency of audit evidence
is influenced by the following factors:
- The assessed risk of misstatement – the higher the risk, the more the audit evidence required.
- The materiality of the item – the higher the materiality, the more the evidence required.
- The source and quality of the evidence available – the higher the quality of evidence, the less the
evidence required.
- The operating effectiveness of the entity’s internal control systems – the higher the effectiveness, the
less the evidence required.
 Evidence is considered appropriate if it is relevant and reliable.
- The relevance of evidence depends on the audit objective and the assertion being tested. For
example, if one wants to check whether all goods despatched have been invoiced (completeness of
invoicing sales), you select a sample of goods dispatched notes (GDNs) and check whether there is a
sales invoice for each GDN. Whereas if one wants to check whether all sales invoices are for goods
dispatched (occurrence of sales), you select a sample of sales invoices and check the supporting
GDN for each invoice.

- The reliability of evidence is influenced by its source and nature and generally audit evidence:

37 MUBS Auditing notes 2021 by JKB, JB &

JA
  Obtained directly from independent external sources e.g. the written confirmation of account
receivables from customers is more reliable than evidence from the entity’s receivables ledger.
 Obtained directly by the auditor e.g. observing the delivery of goods by a client is more reliable
than evidence obtained from the client like making an inquiry on how goods are delivered.
 Obtained from the entity’s accounting records is more reliable when the related internal controls
including those over their preparation and maintenance are effective.
 In documentary form whether in paper or electronic form e.g. minutes of meetings is more reliable
than evidence obtained orally as the person may later deny ever giving the information.
 From original documents e.g. supplier invoices are more reliable than photocopies as their
reliability depends on the controls over their preparation and be easily altered by the client.

The reliability of evidence in descending order is third party evidence is the most reliable, followed by
auditor-generated evidence, client-generated written evidence and client-generated verbal evidence.

Audit procedures to obtain evidence

Audit evidence is obtained using one or a combination of the following eight audit procedures. However, each
of those procedures need not be performed for every component of the required understanding.

Inspection of records and physical assets

 Inspection is the examination of the entity’s records or documents, whether internal or external, in paper
form, electronic form, or other media or a physical examination of tangible assets.
 For example, an auditor:
- Inspects sales invoices and the supporting delivery notes when auditing whether sales transactions
occurred.
- Physically inspects a sample of inventory items during the year-end inventory count by the client to
verify the accuracy of the inventory count.
 As transactions are normally supported by documents, inspection of records provides a large volume of
evidence that is readily available and widely used at a relatively low cost.
 The reliability of evidence from inspection of records depends on the effectiveness of internal control and
whether they are from internal or external sources.
 Inspection of assets provides reliable audit evidence about the existence of tangible assets but may not
provide evidence on rights and obligations of the entity over the assets.

Observation
 Involves watching procedures or processes being performed by others.
 For example, the auditor observes whether the entity’s personnel follow instructions when counting
inventory.
 The reliability of the evidence is limited to the point in time at which the observation takes place and by the
fact that the presence of the auditor may influence the way the procedures are carried out. Therefore,
evidence from observation should later be corroborated with evidence from other procedures.

Inquiry
 Inquiry is obtaining information from knowledgeable persons within or outside the entity.
 For example, the auditor may inquire of management as to whether the entity has opened/closed any bank
accounts during the period.
38 MUBS Auditing notes 2021 by JKB, JB &
JA
  Inquiry alone may not provide reliable evidence as the entity staff may give biased information in the client’s
favour. For example, to test the operating effectiveness of internal control over cash receipts, the auditor
makes inquiries of entity personnel and supplements this by observing the procedures for receiving and
cash receipts, and inspects documentation about the operation of such internal control at other times.

Re-performance
 Re-performance involves the auditor independently carrying out procedures or controls which were
originally performed by the client as part of the entity’s internal control to check their effectiveness.
 For example, the auditor re-performs the year-end bank reconciliation to ensure it was done accurately or
recounts inventory to check the accuracy of the count procedures by the entity staff.
 Re-performance is however only limited to controls present in the system.

External confirmation
 Is a process of obtaining direct written audit evidence in paper form, electronic form or by other medium
directly from an external third party in response to the auditor’s request.
 For example, the auditor confirms the existence and accuracy of receivable balances by writing to
customers.
 External confirmation may provide highly reliable evidence as it from sources independent of the client.

Recalculation
 Recalculation is checking the mathematical accuracy of documents or records and may be performed
manually or electronically.
 For example, the auditor recalculates the depreciation expense for property.
 Recalculation gives reliable information on the accuracy of figures as the evidence is obtained directly by
the auditor.

Analytical procedures
 Analytical procedures include the evaluation of financial information through the analysis of fluctuations or
relationships among both financial and non-financial data that are inconsistent with other relevant
information or that differ from expected amounts.
 For example, the auditor calculates gross profit margin for the current period and compares it to that of the
previous period and investigates any significant differences.
 Analytical procedures are mandatory during audit planning in identifying and assessing the risks of
material misstatement and during audit completion to assess whether the financial statements are
consistent with the auditor’s understanding of the entity. They are commonly used as substantive
procedures to detect misstatements during the audit performance phase. More covered in Topic 5.

Generally, the reliability of evidence (from higher to lower) is as follows: inspection of physical assets,
recalculation, reperformance, confirmation, analytical procedures, inspection of records, observation and
inquiry.

39 MUBS Auditing notes 2021 by JKB, JB &

JA
 40 MUBS Auditing notes 2021 by JKB, JB &
JA