BBA 6th Semester |Auditing (MGT362)

Unit Two: Preparation for an Audit and Internal Control

1. Audit Plan

Audit plan is a detail of the activities that to be followed by the auditor while conducting an
audit. The auditor should plan his work to enable him to conduct an effective audit in an
efficient and timely manner. Plans should be based on knowledge of the client’s business such
as nature of the business, size of the business and volume of the business, etc. Normally the
audit plans should be made to cover the following matters;
a. Acquiring knowledge of the client’s accounting systems, policies and internal control
procedures
b. Establishing the expected degree of reliance to be placed on internal control
c. Determining the nature, timing, and extent of the audit procedures to be performed and
d. Co-ordinating the work to be performed.
Plans should be flexible that can be further developed and revised as necessary during the course
of the audit.

1.1 Objectives of planning

The adequate audit planning helps to:

1 Ensure that appropriate attention is devoted to important areas of the audit

2 Ensure that potential problems are promptly identified
3 Ensure that the work is completed timely
4 Utilize the assistants properly
5 Co-ordinate the work done by other auditors and experts.

At the time of audit planning, the auditor will consider factors such as complexity of the audit,
the environment in which the entity operates, his previous experience with the client and
knowledge of the client’s business.

2. Meaning of the audit program

It is desirable that in respect of each audit and more particularly for bigger audits an audit
program should be drawn up. Audit program is nothing but a list of examination and verification
steps to be applied set out in such a way that the inter-relationship of one step to another is
clearly shown. Audit program is designed, on the basis of an appraisal of the accounting records
1
 BBA 6th Semester |Auditing (MGT362)

of the client. In other words, an audit program is a detailed of the accounting records of applying
the audit procedures in the given circumstances with instructions for the appropriate techniques
to be adopted for accomplishing the audit objectives. Businesses vary in nature, size and
composition; work which is suitable to one business may not be suitable to be rendered by the
auditor are the other factors that vary from assignment to assignment. Because of such variations,
evolving one audit program applicable to all business under all circumstances is not practicable.
However, it becomes a necessity to specify in details in the audit program the nature of work to
be done so that no time will be wasted on matters not pertinent to the engagement and any
special matter or any specific situation can be taken care of.

An audit program consists of a series of verification procedures to be applied to the financial

statements and accounts of a given company for the purpose of obtaining sufficient evidence to
enable the auditor to express an opinion on such statements. For the purpose of program
construction, the following points should be kept in view:

1 Stay within the scope and limitation of the assignment.

2 Determining the evidence reasonable available and identify the best evidence for deriving
the necessary satisfaction.
3 Apply only these steps and procedures which are useful in accomplishing the verification
purpose in the specific situation.
4 Consider all possibilities of error.
5 Co-ordinate the procedures to be applied to related items.

3. Audit working papers Those papers which are collected to obtain the sufficient and
appropriate evidence at the course of conducting audit are called
Meaning: audit working papers.

The audit working papers, that are collected to obtain sufficient and appropriate audit
evidence at the course of conducting audit are called audit working papers.The audit working
papers links between the auditor’s report and the client’s records. The objects of an auditor’s
working papers are to record and demonstrate the audit work from one year to another.
Therefore, working papers should provide for:

a. Means of controlling current audit work

b. Evidence of audit work performed
c. Schedules supporting or additional item in the accounts
2
 BBA 6th Semester |Auditing (MGT362)

d. Information about the business being audited, including the recent history.
The auditor should adopt reasonable procedures for custody and confidentiality of his working
papers and should retained them for a period of time sufficient to meet the needs of his practice
and satisfy any pertinent legal or professional requirements of record retention.

3.1 Types of working paper

Land certificate, company registration certificate, Article of
1. Permanent working File association etc
A permanent audit file normally includes;

1. Information concerning the legal and organizational structure of the entity. In case of a
company, this includes the Memorandum and Article of Association. In the case of a
statutory corporation, this includes the Act and Regulations under which the corporation
functions.
2. Extracts or copies of important legal documents, agreements and minute relevant to the
audit.
3. A record of the study and the evaluation of the internal controls system related to the
accounting system. This might be in the form of narrative descriptions, questionnaires or
flow charts, or some combination thereof.
4. Copies of audited financial statements for previous years.
5. Analysis of significant ratios and trends.
6. Copies of management letters issued by the auditor, if any.
7. Record of communication with the retiring auditor, if any, before acceptance of the
appointment as auditor.
8. Notes regarding significant accounting policies.
9. Significant audit observations of earlier years.

3. Current working file

The current working file normally includes;

1. Correspondence relating to acceptance of annual reappointment.

2. Extracts of important matters in the minutes of board meetings and general meetings as
relevant to audit.
3. Evidence of the planning of the audit and audit program.

3
 BBA 6th Semester |Auditing (MGT362)

4. Analysis of transactions and balances.

5. A record of the nature, timing and extent of auditing procedures performed, and the
results of such procedures.
6. Evidence that the work performed by assistants was supervised and reviewed.
7. Copies of communication with other auditors, experts and other third parties.
8. Letters of representation or confirmation received from the client.
9. Copies of the financial information being reported on the related audit reports.

4. Test checking
4.1 Meaning

Test checking means to select and examine a representative sample from a large number of
similar items. Test checking is an accepted auditing procedure where instead of checking all
transactions, only a part of it is checked in detail to form an opinion on the whole.

1 A representative sample must be open and each item selected must be traced
meticulously.
2 A smaller number of transactions are checked at each successive stage with in-depth test,
on statistical grounds (based on probability theory).

Features of test checking

Test checking consists of selecting and checking a portion of transactions selected by the
Auditor. The salient features of test checking are;

1 Scientific: It is a mathematical truth that a scientifically selected sample would reveal the
features and characteristics of the population. The statistical theory of sampling is based
on a scientific law. Hence, it can be relied upon to a greater extent than any arbitrary
technique which lacks basis and acceptability.
2 Estimation Process: Test checking and sampling can never bring complete reliability; it
cannot give accurate results. It is a process of estimation. What error is tolerable for a
particular matter under examination is a matter of the individual's judgment in that
particular issue.
3 Coverage of material items: Entries involving large amounts or relating to material
accounts are seen exhaustively and other entries are picked up for verification from the
4
 BBA 6th Semester |Auditing (MGT362)

remainder according to a certain plan. Sometimes entries are checked for a few specified
months exhaustively and the rest go unchecked.
4 Full Coverage over a time period: Test check is normally planned in such a way that
the audit programs for 3 to 5 years cover all types of transactions in case of a medium or
large sized company. Thus, if in one year the months of January, June and December are
checked; April, July and September may be checked in the second year and so on.
5 Surprise Element: The staff and management of the auditee company should not be able
to anticipate the pattern of test checking, otherwise they will predict the areas and periods
to be covered in any one year and will be careful regarding the same.
6 Flexibility: If test checking becomes routine, predictable and mechanical, it loses its
value. Hence, the Auditor should keep changing the methods of test checking at
reasonably frequent intervals.
7 Judgment Based: The extent of test checking would primarily depend on the Auditor's
judgment of a particular situation. This judgement in turn depends on the previous
experience of the Auditor, current developments and the efficacy of Internal Control
System.

Factors to be considered on test checking

The factors to be considered for deciding upon the extent of checking on a sampling plan are ;
1 Size of the organization under audit.
2 State and efficacy of the internal control.
3 Adequacy and reliability of books and records.
4 Tolerable error range.
5 Degree of the desired confidence.

When test check can be used?

Test checks can be adopted in the following cases;

a. Volume of Transactions: In case of big concerns where number of transactions is quite

large.
b. Time factor: Where the Auditor has very little time at his disposal to check all the
transactions of a medium or large sized concern.

5
 BBA 6th Semester |Auditing (MGT362)

c. Identical Transactions: When there are a number of transactions of identical and

homogeneous nature. Internal Control: When there exists a satisfactory internal control
system, manual and / or computerized.

5. Audit sampling
Meaning:

“Audit sampling” means the application of audit procedures to less than 100% of the items
within an account balance about some characteristic of the items selected in order to form or
assist in forming a conclusion concerning the population. It is important to recognize that certain
testing procedures do not come within the definition of sampling. Tests performed on 100% of
the items within a population do not involve sampling. Likewise, applying audit procedures to all
items within a population which have a particular characteristic (for example, all items over a
certain amount) does not qualify as audit sampling with respect to the population examined, nor
with regard to the population as a whole, since the items were not selected from the total
population on a basis that was expected to be representative. Such items might imply some
characteristic of the remaining portion of the population but would not necessarily be the basis
for a valid conclusion about the remaining portion of the population.

When using either statistical or non-statistical sampling methods, the auditor should design and
select an audit sample, perform audit procedures thereon, and evaluate sample results so as to
provide sufficient appropriate audit evidence.

Methods of audit sampling

1. Probability Sampling
1 Sample random Sampling: Units are randomly chosen from the sampling frame where
each and every item has equal chance of inclusion in the sample.
2 Stratified Random: Random sampling of units within categories (strata) that are
assumed to exist within a population. If the population from which sample is to be drawn
does not constitute homogenous group then this technique is applied. The whole
population is divided different non- overlapping strata and sample items are selected from
each stratum.
3 Systemic Random: Number units within the sampling frame and select every 5th, 10th,
etc
6
 BBA 6th Semester |Auditing (MGT362)

4 Cluster Sample: Cluster sampling involves grouping the population and then selecting
the group or the cluster rather than individual elements for inclusion in the sample. For
example: Bank divide its credit card holder into subgroup of 100 (total was 1500) from
the 15 groups or 15 cluster bank randomly select 2 or 3 groups with all populations.
5 Quota Sampling: This technique provides quota to be field from different strata.
The size of the quota for each stratum is generally proportioned.
6 Multi -Stage sampling: Nepal – Regional Development-Zone-district-VDC

2. Non- Probability sampling

1. Convenience sampling: selection based on availability or ease of inclusion, selecting

individuals who happen to be walking down the street
2. Purposive sampling: selection of individuals from whom you may be inclined to get
more data, selecting resource center clients that use many services
3. Snowball: Snowball sampling is the process of selecting a sample using network. To start
with, a few individuals in a group or organizations are selected and required information
is collected from them. Then they are asked other people in the group or organization and
people selected by them are part of the sample and information is collected from them
and so on……… until saturation point.

Audit evidence
“Audit evidence” is all the information used by the auditor in arriving at the conclusions on
which the audit opinion is based. It includes the information contained in the accounting records
underlying the financial statements, financial statements prepared by management and other
information.

Auditors are not expected to address all information that may exist. In forming the audit opinion,
the auditor does not examine all the information available because conclusions ordinarily can be
reached by using sampling approaches and other means of selecting items for testing. Also, the
auditor ordinarily finds it necessary to rely on audit evidence that is persuasive rather than
conclusive. However, to obtain reasonable assurance, the auditor is not satisfied with audit
evidence that is less than persuasive. The auditor uses professional judgment and exercises
professional skepticism in evaluating the quantity and quality of audit evidence, and thus, its
sufficiency and appropriateness, to support the audit opinion.
7
 BBA 6th Semester |Auditing (MGT362)

Sufficient and appropriate audit evidence

Sufficiency is the measure of the quantity of audit evidence. Appropriateness is the measure of
the quality of audit evidence, that is, its relevance and its reliability in providing support for, or
detecting misstatements in, the classes of transactions, account balances, and disclosures and
related assertions. The auditor should consider the sufficiency and appropriateness of audit
evidence to be obtained when assessing risks and designing further audit procedures. The
quantity of audit evidence needed is affected by the risk of misstatement (the greater the risk, the
more audit evidence is likely to be required) and also by the quality of such audit evidence (the
higher the quality, the less the audit evidence that may be required). Accordingly, the sufficiency
and appropriateness of audit evidence are interrelated. However, merely obtaining more audit
evidence may not compensate if it is of a lower quality.

Reliability of audit evidence

1. Audit evidence is more reliable when it is obtained from knowledgeable independent
sources outside the entity.
2. Audit evidence that is generated internally is more reliable when the related controls
imposed by the entity are effective.
3. Audit evidence obtained directly by the auditor is more reliable than audit evidence
obtained indirectly.
4. Audit evidence is more reliable when it exists in documentary form, whether paper,
electronic, or other medium
5. Audit evidence provided by original documents is more reliable than audit evidence
provided by photocopies

The use of assertions in obtaining audit evidence

In representing that the financial statements are fairly presented in conformity with generally
accepted accounting principles, management implicitly or explicitly makes assertions regarding
the recognition, measurement, presentation, and disclosure of information in the financial
statements and related disclosures. Assertions used by the auditor following categories:

8
 BBA 6th Semester |Auditing (MGT362)

A. Assertions about income and expenditure

1. Occurrence: Transactions and events that have been recorded have occurred and
pertain to the entity.
2. Completeness: All transactions and events that should have been recorded.
3. Accuracy: Amounts and other data relating to recorded transactions and events have
been recorded appropriately.
4. Cutoff: Transactions and events have been recorded in the correct accounting period.
5. Classification: Transactions and events have been recorded in the proper accounts.

B Assertions about account balances at the period end:

1. Existence: Assets, liabilities, and equity interests exist.

2. Rights and obligations: The entity holds or controls the rights to assets, and liabilities
are the obligations of the entity.
3. Completeness: All assets, liabilities, and equity interests that should have been recorded
have been recorded.
4. Valuation and allocation: Assets, liabilities, and equity interests are included in the
financial statements at appropriate amounts and any resulting valuation or allocation
adjustments are appropriately recorded.
5. Disclosure: All transactions are classified and described in line with relevant regulations

Methods of obtaining audit evidence

1 Observation: Observation consists of looking at a process or procedure being performed
by others. Examples include observation of the counting of inventories by the entity's
personnel and observation of the performance of control activities. Observation provides
audit evidence about the performance of a process or procedure but is limited to the point
in time at which the observation takes place and by the fact that the act of being observed
may affect how the process or procedure is performed.
2 Inquiry: Inquiry consists of seeking information of knowledgeable persons, both
financial and non financial, inside or outside the entity. Inquiry is an audit procedure that
is used extensively throughout the audit and often is complementary to performing other
audit procedures. Inquiries may range from formal written inquiries to informal oral
inquiries. Evaluating responses to inquiries is an integral part of the inquiry process.

9
 BBA 6th Semester |Auditing (MGT362)

3 Confirmation: Confirmation, which is a specific type of inquiry, is the process of

obtaining information or of an existing condition directly from a third party. For example,
the auditor may seek direct confirmation of receivables by communication with debtors.
Confirmations are frequently used in relation to account balances and their components
but need not be restricted to these items. A confirmation request can be designed to ask if
any modification have been made to the agreement, and if so, what the relevant details
are. For example, the auditor may request confirmation of the terms of agreements or
transactions an entity has with third parties. Confirmations are also used to obtain audit
evidence about the absence of certain conditions, for example, the absence of an
undisclosed agreement that may influence revenue recognition.
4 Recalculation: Recalculation consists of checking the mathematical accuracy of
documents or records. Recalculation can be performed through the use of information
technology, for example, by obtaining an electronic file from the entity.
5 Analytical Procedures: Analytical procedures consist of evaluations of financial
information made by a study of plausible relationships among both financial and
nonfinancial data. Analytical procedures also encompass the investigation of identified
fluctuations and relationships that are inconsistent with other relevant information or
deviate significantly from predicted amounts. Analytical review consists in computing
critical ratio, comparison etc.

Internal control system

Meaning:

Internal control is a broad term with a wide coverage. It consists of a number of checks and
controls which are exercised in a business to ensure its efficient and economic working. Thus,
internal control involves a sort vigilance and directions over important matters like budget and
finance, purchase and sales and internal administration by the management. It means the built- in
cross-checks in the system supplemented with proper supervision and internal audit carried out
by the staff appointed by the organization. These days business has been become more complex
both in nature and size and the management finds it difficult to get correct information about the
various aspects of the business. Internal control assures the management that the information
supplied to it is reliable and accurate. The Internal controls are exercised to ensure the accuracy
and the reliability of accounting data and other records, to identify weaker areas of operation and
10
 BBA 6th Semester |Auditing (MGT362)

to improve them to increase operational efficiency of the business, to safeguard its assets and to
ensure orderly conduct of business.

Objective of internal control

1 To minimize, if not completely eliminate, wastage and inefficiencies in business
operations and to safeguard the assets of the business.
2 To ensure high degree of accuracy and reliability of accounting data and promote
operational efficiency.
3 To measure how far the policies of the management are being implemented, and
4 To evaluate the efficiency of performance in all aspects of business activities and to
highlight the weaknesses.

Inherent limitations of internal control system

Internal control can provide only reasonable, but not absolute, assurance that the objectives
stated above are achieved. This is because there are some inherent limitations of internal
controls, such as:

1 Management’s consideration that a control be cost effective

2 The fact that most controls do not tend to be directed at transactions of unusual nature
3 The potential for human error
4 The possibility of circumvention of controls through collusion with parties outside the
entity or with employees of entity
5 The possibility that a person responsible for exercising control could abuse that authority,
for example, a member of management overriding a control
6 The possibility that procedures may become inadequate due to changes in conditions and
compliance with procedures may deteriorate.

Review of internal control by auditor

1. Narrative records: The narrative record is complete and exhaustive description of the
system as found in operation by the auditor. Actual testing and observation are necessary
before such a record can be developed. It may be recommended in cases where no formal
control system is in operation and would be more suited to small business.

11
 BBA 6th Semester |Auditing (MGT362)

2. Check list: A check list is a series of instruction or questions which a member of the
auditing staff must follow or answer. When he completes the instructions, he initials the
space against the instruction. Answers to the checklist instruction are usually yes, no or
not applicable. This is again an on-the-job requirement and instruction are framed having
regard to the desirable elements of control. For example
a. Are tender called before placing order?
b. Are the purchase made on the basis of written order?

3. Internal control questionnaire: It is a comprehensive series of questions concerning

internal control. This is the mostly used form for collecting information about the
existence, operations and efficiency of internal control in an organization. In this method,
questions are so framed that a 'Yes 'or 'No' format. Provision is made for an explanation
or further details of No answer.

3. Flow chart: Flow chart is a graphic presentation of each part of the company's internal
control system. It minimizes the number of narrative explanations. It gives the eye bird
view of the system and the flow of transaction and integration in documentation.It is also
necessary for the auditors to study the significant features of the organization, nature of
the activity, various channels of inward and outward, processing and manufacturing
system etc. This will help him to understand and evaluate the internal control in correct
perspective.

Audit Materiality and Risk

Audit risk is the first fundamental concept that underlies the audit process. Because of the nature
of audit evidence and the characteristics of management fraud, an auditor can only provide
reasonable assurance, as opposed to absolute assurance, that the financial statements are free
from material misstatement. The term ‘reasonable assurance’ is used in the paragraph of the
audit report describing the auditor’s responsibility to inform the reader that there is some level of
risk that the audit did not detect all material misstatements. Thus, audit risk is the risk that the
auditor expresses an inappropriate audit opinion when the financial statements are materially
misstated.

12
 BBA 6th Semester |Auditing (MGT362)

Materiality:
Information is material if its misstatement (i.e., omission or erroneous statement) could influence
the economic decisions of users taken on the Basis of the financial information. Materiality
depends on the size and nature of the item, judged in the particular circumstances of its
misstatement. Thus, materiality provides a threshold or cut-off point rather than being a primary
qualitative characteristic which the information must have if it is to be useful.
on the basis of legislative control
on the basis of management
Classification of Audit on the basis of period
on the basis of subject matter
1 On the basis of legislative control on the basis of coverage

a. Statutory Audit: When the appointment of auditors, manner of audit, content of audit
report etc., are especially mentioned in any enactment, the audit conducted with
reference to them is called statutory audit.
b. Government Audit: The audit carried out by government agency is called government
audit.
c. Private Audit :The audit carried out by Private agency or office is called private audit.

2 On the basis of relation of auditor Vis-a -vis Management

a. External audit: External audit, also known as financial audit and statutory audit,
involves the examination of the truth and fairness of the financial statements of an entity
by an external auditor who is independent of the organization. Company law in most
jurisdictions requires external audit on annual basis for companies above a certain size.

The need for an external audit primarily stems from the separation of ownership and
control in large companies in which shareholders nominate directors to run the affairs of
the company on their behalf as the director's report on the financial performance and
position of the company, shareholders need assurance over the accuracy of the financial
statements before placing any reliance on them. External audit provides reasonable
assurance to the owners of the company that the financial statements, as reported by the
directors, are free from material misstatements
b. Internal audit: Internal audit, also referred as operational audit, is a voluntary appraisal
activity undertaken by an organization to provide assurance over the effectiveness of internal
controls, risk management and governance to facilitate the achievement of organizational

13
 BBA 6th Semester |Auditing (MGT362)

objectives. Internal audit is performed by employee of the organization who report to the
audit committee of the board of directors as opposed to external auditor which is carried out
by professionals independent of the organization and who report to the shareholders via
audit report.

3 On the basis of Periodicity

a. Continuous Audit
A continuous audit is one in which the auditor’s staff is engaged continuously in checking
the accounts of the client, during the whole year round or when for the purpose, the staff
attends at quite frequent intervals say weekly basis during the financial period. A
continuous audit is preferred for the following reasons: It makes it possible for the
management to exercise a stricter control over the accounts in as much as one is able to
check sooner the causes of any errors of frauds uncovered by such an audit. ii. The frequent
attendance by the staff deters persons so inclined, from committing a fraud. iii. The
accounting staff of the client is motivated to keep the books of account up-to-day
b. Interim Audit
An audit that is taken up between two annual audits is called an Interim Audit. A specific
date, as per the client’s requirement is taken into account, e.g., 30th September, 31st
December, etc. a trial balance is drawn and verified with a view to prepare financial
statement. Financial statements are prepared and authenticated for the interim audit period.
Assets and liabilities are verified for interim balance sheet purposes. Independence is
considered less independent than the statutory Auditor; generally, an employee of the
enterprise will be the internal auditor. In the interim audit no format is prescribed. It
depends on the nature of work, coverage and audit observations.
c. Periodical Audit/ Final Audit: Periodical audit is one which is taken up at the close of the
financial or trading period when all the accounts has been balanced and trading and PL
account and balance sheet has been prepared.

4. On the basis of Subject matter

a. Financial Audit: Financial audit is examination of financial statements to express opinion
on the truth and fairness of financial conditions and operating result of the entity. The
statutory and external audit is generally financial audit.

14
 BBA 6th Semester |Auditing (MGT362)

b. Operational Audit: Operational audit is review of operations of an entity. It is generally

carried out by internal auditors. It involves the intelligence examination of various
operation of functional areas of the business such as production, marketing store etc.
c. Cost Audit: Cost audit is audit of cost records of the company. It is checking of cost
accounts and costing techniques, methods, and system followed by the entity. The cost
audit seeks to verify the truth and fairness of cost of production of goods or rendering of
services by an entity.
d. Management audit: Management audit is critical review of policy and practices of
management. It involves review of various process of management.
e. Tax audit: Tax audits are conducted to assess the accuracy of the tax returns filed by a
company and are therefore used to determine the amount of any over or under assessment of
tax liability towards the tax authorities. In some jurisdictions, companies above a certain size
are required to have tax audits after regular intervals while in other jurisdictions random
companies are selected for tax audits through the operation of a balloting system.

5. On the basis of Coverage

a. Complete audit: In complete audit the auditor checks all books of account with
concerned records to express opinion on the financial statement. The client cannot put any
restriction with regard to coverage of audit in case of statutory audit.
b. Partial audit: In case of partial audit usually the area to be covered in audit are delimited
by specific agreement to this effect.

15