THE AUDITING

PROFESSION
 A TYPICAL MODERN CORPORATE STRUCTURE

SHAREHOLDERS EXTERNAL AUDITORS

BOARD OF DIRECTORS AUDIT COMMITTEE

MD/CEO INTERNAL AUDITORS

FINANCE IT OPS ADMIN HR

Let us briefly review the role players…

Shareholders

The shareholders are the “owners” of the company. They provide

the venture capital to get it going. If the company fails, they lose
their money, but if the company is a success, they should be
rewarded for their courage and endeavor. Their investment must
also be protected against unscrupulous charlatans who simply
want to relieve them of their money.

Board of Directors

The directors are elected by the shareholders to oversee their

investment in the company. In essence, it means that the
shareholders entrust the directors with their money, with the belief
that they will run the company in such a way that profits may be
returned.

1
MD/CEO

The directors must then appoint an actual person to direct or

manage the company. This person will be responsible to make the
company a success. If he/she happens to be one of the directors,
he/she is referred to as the Managing Director (MD). If he/she is
not a member of the Board, he/she is normally called the Chief
Executive Officer (CEO).

This person will then create units to enable the company to run
efficiently and appoint a head for each unit (or department). These
people are referred to as the heads of department (HODs).
Typical units/departments) would be Administration, Marketing,
Human Resources, Information Technology, etc.

Lines of responsibility and reporting:

Lines of responsibility run downwards and lines of reporting run

upwards. The Board of directors is responsible for the
custodianship of the shareholders’ capital and to ensure a return
on their investment. The MD/CEO, in turn, is responsible to
implement the Board’s vision and mission in such a way that the
company will meet its objectives. The HODs are responsible for
running their various units in the most effective, efficient and
economical manner possible.

Ultimately, the HODs need to report back to the MD/CEO, which in

turn must report to the Board, which will finally report to the
shareholders about their respective successes or failures. The
final report to the shareholders is in the form of an Annual Report
which, most importantly, contains the company’s annual financial
statements (AFS). These statements must be a fair presentation of
the results of the company’s operations, its financial position and
its cash flows. This is a requirement of International Financial
Reporting Standards (IFRS) as well as the Companies Act (No 71
of 2008).

(Note: You shall learn more about AFS, IFRS and the Companies
Act in Financial Accounting II.)

2
External Auditors

As a result of ownership (money invested) and management (the

application of the money invested) becoming separated over the
last 5 centuries, investors acquired the need for their money to be
protected against people who simply wanted to “rob” (or defraud)
them of their capital. That is where the profession of auditor
developed from: to protect the investors’ capital. Simply put, the
auditor is the “watchdog” over the money invested. The auditor
would therefore be an independent person, who has all the
necessary knowledge about how that particular business should be
run, and who can be chartered by the owners of the company to
investigate the doings of the management and report on their
findings. They are therefore the “protectors” of the investors’
interests.

In more practical terms: The external auditor(s) will come from a

completely independent firm, appointed (or chartered) by the
shareholders to give them assurance that the reports submitted to
them by the Board is indeed a fair presentation of what happened
in the company during that financial year. The main focus of the
external auditor will therefore be on the AFS.

Internal Auditors

Internal Auditing is the core of our studies and it will be

covered by the various prescribed textbooks for Auditing II,
Internal Auditing III and Internal Auditing IV, as well as tuition
in class.

In a nutshell, Internal Auditors are there to provide management (in

the form of the MD/CEO) with objective assurance that risks are
properly mitigated by adequate controls and proper governance.

In addition, they can also assist management with advice on how

the company can become better. This is referred to as consulting
activities.

(The roles of the Committee of Sponsoring Organisations [COSO]

of the Treadway Commission in the USA, and the KING reports in
South Africa will then be discussed.)

3
Audit committee

The advent of an audit committee is a quite recent development

and came as a result of the King reports, especially King III.
We shall discuss this in more detail later but, in a nutshell, it is a
conduit (“link”) between the external auditors and internal auditors
(as well as other assurance providers) on the one hand, and the
Board on the other hand. The audit committee is a sub-committee
of the Board of directors and has as its ultimate objective to
combine the assurance provided to give management “peace of
mind”.

Other relevant information:

External auditors must be registered with the Independent

Regulatory Board for Auditors (IRBA). At this stage, the only
professional accounting institute that fully complies with the
requirements of IRBA is the South African Institute of Chartered
Accountants (SAICA).

Other professional accounting institutes include the South African

Institute of Professional Accountants (SAIPA) and the Southern
African Institute of Business Accountants (SAIBA).

The professional body for management accountants is the

Chartered Institute of Management Accountants (CIMA).

DIFFERENT TYPES OF AUDITS

As more pressure is being placed on management to achieve the

objectives of their respective organisations, the demand for
auditing is also more relevant than ever. With this increase in
demand for auditing, it is clear that there is a need for different
types of audits to provide as much assurance to management as
possible in terms of attaining business objectives. Below, different
types of audits (which exist in real life) are discussed for the sake
of reference:

4
FINANCIAL AUDITS

Financial audits are examinations and evaluations of a business’

financial records and financial information (hence the name
“financial audits”). Internal auditors performing this type of audit will
limit their evaluations to vouching transactions (prove that they
exist) and verifying balances (giving assurance that balances in the
books are indeed correct) to determine, amongst others, if the
transactions were recorded and posted correctly, debtors and
creditors are maintained appropriately, asset registers are kept up
to date, etc.

In turn, the registered external auditor will audit a company’s

annual financial statements to determine the extent to which these
statements are a fair presentation of the reality. E.g. the statement
of financial position will have to be audited to see whether it is a
true representation of the actual financial position of the company,
while the statement of comprehensive income will have to be
audited to verify that it is also a true representation of the actual
financial performance, etc. Registered external auditors are the
only individuals who can express a professional opinion on the
annual financial statements of companies.

COMPLIANCE AUDITS

Compliance audits are conducted to determine whether a company

complies with and/or adheres to certain minimum requirements.
Compliance audits can include comprehensive reviews and
evaluations of an organisation’s adherence to laws, rules,
regulations, policies, procedures; as well as controls applicable to
an organisation or activity which is prescribed by its internal
authority (management) and/or control system, or by an external
agency or other form of authority. Generally internal auditors are
responsible for carrying out compliance audits. The main objective
of such audits are to gather audit evidence (proof) that the internal
control system (which is responsible for managing all actual and/or
potential risks), for all the various activities of the business, is
designed and implemented properly (that it prevents, detects and
corrects mistakes) and that such an internal control system is
effective and well maintained. (If compliance audits are conducted
by registered external auditors, they would only focus on
compliance activities relating to financial reporting.)

5
OPERATIONAL AUDITS

Operational audits are deemed as in-depth reviews and

evaluations of how effective (performance-wise), efficient (time-
management wise) and economical (affordability-wise) an
organisation’s management and operational systems are
functioning with respect to achieving stated goals and objectives.
Operational audits, once conducted, will provide management with
a good understanding of whether or not a business is operating
effectively, efficiently and economically and also provide fresh
ideas on how to improve operations. Operational audits are also
referred to as “performance audits”.

COMPUTER AUDITS

Computer auditing has as its objective to investigate the complete

information technology environment of the entity and includes a
review and evaluation of computer hardware and software,
computer networks, technical support, emergency procedures (e.g.
backups and recovery) and access controls. The goal is to ensure
the integrity of the financial (and other) information.

Computer auditing is a typical example of a field in which internal

(or external) auditors can specialise in.

ENVIRONMENTAL AUDITS

Environmental auditing is carried out to provide information on the

“environmental performance” of a business (i.e. whether
organisations are “green-friendly” or not). Environmental audits will
include an evaluation of a business’ compliance to environmental
and legal guidelines (e.g. pollution), achievement of set
environmental goals (businesses need to contribute to the
sustainability and protection of the environment – including fauna
[animals] and flora [plants]) and also how to be more eco-friendly.

Another example of a field in which internal (or external) auditors

can specialise in.

6
FORENSIC AUDITS

Forensic auditing is like investigating a crime scene. The term

“forensic” means suitable for use in a court of law. This type of
audit is conducted when any form of irregularity (e.g. fraud,
corruption, embezzlement, etc.) is suspected by the normal
auditing team (external or internal) and they feel that experts on
financial (or other) crimes should come to assist them.

This is yet another example of a field in which internal (or external)

auditors can specialise in. However, forensic auditing is a highly
complicated field of auditing and should only be performed by very
experienced auditors.

GOVERNMENT AUDITS

Government audits are carried out at all levels of administration, be

it local authorities, provincial government or national government.
In short, government audits include all the different types of audits
mentioned above and will be performed by internal auditors. Audits
on national Government departments are conducted by the Auditor
General, which is independent of any political connotations and
only reports to Parliament.

Professional Institutes to consider joining:

South African Institute of Professional Accountants (SAIPA)

SAIPA is a professional body that provides guidance to

professional accountants who offer accounting services and
accounting-related services (excluding auditing) to the general
public and businesses, especially SMMEs.
SAIPA is a full member of the International Federation of
Accountants (IFAC) and provides professional accountants, not
only locally, but also internationally, with updates on developments
in accountancy, and provides platforms for professional
development (e.g. CPD courses, workshops, forums, etc) and
networking opportunities.

Qualifications: Professional Accountant - PA(SA).

7
Requirements: Have (1) a first degree with a major in financial
accounting and additional subjects including taxation, management
accounting, auditing and commercial law, (2) practical training of at
least 3 years under a SAIPA recognised learnership OR 6 years’
relevant verifiable experience, and (3) SAIPA Professional
Evaluation covering a three hour examination.

Membership: Membership is reserved for persons who comply

with the academic, practical and professional evaluation
requirements of the Institute.

Vision: “To be the Professional Accountancy Organisation of

choice.”

Mission: To create stakeholders wealth by developing dynamic

skills and capacities needed to provide professional, innovative
and sustainable accountancy and business solutions to grow and
transform the profession.

Values: Integrity, Ethics, Excellence, Professionalism and Value

people.

Objectives: (1) Growth and Transformation, (2) Stakeholder

Relations, (3) Sustainability and Legitimacy, (4) Relevance and
Service Delivery, and (5) Compliance.

Motto: Your wealth

Website: http://www.saipa.co.za

South African Institute of Chartered Accountants (SAICA)

SAICA is a professional accountancy body in South Africa. SAICA

is a non-profit, voluntary body controlled by a board that is elected
by members through regional committees, and other bodies
representing members in commerce and industry. SAICA
members are generally business advisors, business leaders and
entrepreneurs, among other.
SAICA is actively involved in international accounting bodies
including, the International Financial Reporting Standards
Foundation (IFRS Foundation), the International Accounting
Standards Board (IASB), the International Financial Reporting

8
Interpretations Committee (IFRIC) and the Council of the
International Federation of Accountants (IFAC).
SAICA is also a member of the Global Accounting Alliance (GAA)
that was formed in 2005 and is the leading professional
accountancy body in the world.

Qualifications: Chartered Accountant (SA), better known as CA’s.

Requirements: Have (1) a B Com accounting degree or an

equivalent CA(SA) undergraduate qualification at a SAICA
accredited university and obtaining an additional postgraduate
Honours degree or postgraduate diploma in Accountancy, then
completing the Certificate in the Theory of Accounting (CTA) at a
SAICA accredited university,
(2) entering into a 3-year learnership (“Articles”) with a Registered
Training Officer (RTO) – a firm of Chartered Accountants in public
practice, such like PWC, Deloitte, KPMG, Ernst & Young etc. - to
specialise in auditing or an Approved Training Organisation (ATO)
– large banks, commerce and industry - to specialise in financial
management, (3) passing, in sequence, the two “board
examinations”.

Membership: Membership is reserved for persons who comply

with all the above mentioned requirements. Such members can
also use the CA(SA) designation.

Vision: To develop responsible leaders.

Mission: To serve the interests of the chartered accountancy

profession and society, by upholding professional standards and
integrity, and the pre-eminence of South African CAs nationally
and internationally, by:
 Delivering competent entry-level members.
 Providing services to the members to maintain and enhance
their professional competence thereby enabling them to
create value for their clients and employees.
 Enhancing the quality and information used in the private
and public sectors for measuring and enhancing
organisational performances.
 Running and facilitating programs to transform the profession
and to facilitate community upiftment.

9
  Fulfilling a leadership role regarding relevant business-
related issues and providing reliable and respected public
commentary.

Values: Develop, Influence and Lead

Objectives: Regulate the auditing and accounting profession in

South Africa.

Motto: Integritas

Website: https://www.saica.co.za

Chartered Institute of Management Accountants (CIMA)

CIMA is a United Kingdom based professional body and is the

main driving force behind management accounting. CIMA provides
people with an opportunity to enhance their skills in providing
managers of all levels in the business with advice on strategies,
managing risks and making key decisions.

Qualifications: CIMA Certificate in Business Accounting, CIMA

Diploma in Management Accounting and CIMA Advance Diploma
in Management Accounting.

Requirements: Any person interested can apply to do the CIMA

courses. Graduates with a relevant master’s degree can join CIMA
through the accelerated gateway route that requires passing a 3
hour examination allowing candidates to enter the CIMA Advance
Diploma in Management Accounting.

Membership: Students who complete the CIMA Professional

Qualifications gain full CIMA membership, becoming Chartered
Global Management Accountants – CGMA.

Mission: Helping people and business to succeed in the public

and private sectors.

Values: Challenge the way it’s done.

Help others succeed.
Inspire a shared vision.
Promote success.
Stand up and be a role model.

10
Objectives: To establish management accounting, represented by
the CIMA designation, as the most valued profession in business.

Website: http://www.cimaglobal.com

Independent Regulatory Board for Auditors (IRBA)

IRBA is a regulatory body incorporated in terms of the Auditing

Profession Act 2005, which governs the external auditing
profession in South Africa. In terms of the Act, any person who
wishes to perform the attest (audit) function must register with the
IRBA. These persons are referred to as Registered Auditors and
may use the designation RA.

Qualifications: Registered auditor

Requirements: Current = be a CA
New = Firstly qualify as CA and secondly
complete the Audit Development Program (ADP)

Membership: Currently need to be a CA and lately need to

successfully completing ADP

Vision: To be an internationally recognised and respected

regulator of the auditing profession, relevant to the South African
environment.

Mission: To endeavor to protect the financial interest of South

African public and international investors in South Africa through
the effective and appropriate regulation of audits conducted by
registered auditors, in accordance with internationally recognised
standards and processes.

Values: Independence, Integrity, Objectivity, Commitment,

Accountability and Transparency

Objectives: To provide the means and the regulatory framework

for the education and training of adequate numbers of competent
and disciplined accountants and auditors, to serve the needs of
South Africa. To constantly strive towards the maintenance and
improvement of standards of registered accountants and auditors.

11
To protect and support registered accountants and auditors who
carry out their duties completely, fearlessly and in good faith.

Website: http://www.irba.co.za

Institute of Internal Auditors

The Institute of Internal Auditors (IIA) is a global, non-profit

professional body that represents the interests of internal auditors
worldwide. The IIA is the leading internationally recognised
authority and principle educator of the profession and is
acknowledged as leader in certification, research and
technological guidance for the profession.
The IIA provides executive management, boards of directors, audit
committees and the general public with guidance in the fields of
internal auditing, risk management, corporate governance, internal
control, IT audit, education and security.
The IIA is therefore dedicated to provide extensive support and
services to all its members so they can add value across the
board.

Qualifications: The IIA has a number of international certifications

that require candidates to pass stringent examinations:

Certified Internal Auditor (CIA)

 IIA premier qualification and internationally recognised
 First exam written in 1974.
 3 examination papers
 75% needed to pass per paper
 3 year relevant degree or diploma plus 3 years of relevant
experience, or 4 year relevant degree or diploma plus 2
year’s relevant experience.

Certificate in Control Self Assessment (CCSA)

 Program for examining and assessing internal control
effectiveness and to facilitate workshops in this regard.
 Single three-and-a-half-hour examination
 3-year relevant degree or diploma and 2 years’ relevant
experience

12
  7 hours of acceptable facilitation experience or 14 hours
of acceptable facilitation training.

Certified Government Auditing Professional (CGAP)

 Specialist public sector internal auditor.
 Single three-and-a-half-hour examination.
 3-year relevant degree or diploma and 3 years’ relevant
experience in public sector.

Certified Financial Services Auditor (CFSA)

 Specialist in audit principles and practices within the
banking, insurance and financial services industries.
 Single three-and-a-half-hour examination.
 3-year relevant degree or diploma and 3 years’ relevant
experience in financial services’ environment.

Certification in Risk Management Assurance (CRMA)

 Need to pass the part 1 of CIA exam.
 CRMA single two hour examination.
 3-year relevant degree or diploma and 2 years’ relevant
experience in financial services’ environment.

Requirements: As set out above.

Membership: Various categories of membership are available to

all practicing internal auditors.

Vision: The IIA will be the global voice of the internal audit
profession: Advocating its value, promoting best practice, and
providing exceptional service to its members.

Mission: To be the primary international professional association,

organised on a worldwide basis, to promote and develop the
practice of internal auditing and to provide dynamic leadership for
the global profession of internal auditing.

Objectives: Be the recognised voice of the internal audit

profession. Develop and sustain the internal audit profession
globally through appropriate infrastructure, coordination, support
and communication. Provide exceptional service to IIA members.

Website: http://www.theiia.org and http://www.iiasa.org.za

13