Planning the Audit

Chapter-05
 Introduction
• Individual audits must be properly planned to
ensure:
– Appropriate and sufficient evidence is obtained to
support the auditor’s opinion;
– DAGP’s auditing standards are complied with; and
– Only necessary work is performed.
 Establish Audit Objectives and Scope
• No audit entity should be subject to more
than one audit in a given year.
• Individual audit may have to fulfil multiple
audit objectives.
• The audit be well-planned in terms of audit
objectives and audit scope.
• Communicating with the entity
 Overall Audit Objectives
• Each audit will be designed to address one or
more of the following objectives:
– Expressing an opinion on financial statements;
– Expressing an opinion regarding compliance with
authorities;
– Testing compliance with authority or controls on
selected transactions with no opinion being
expressed; and
– Evaluating operational performance.
 Audit Scope
• The auditor also needs to determine the
overall audit scope – the total population on
which to express an opinion, from which to
select transactions, etc.
• For financial audit purpose, this total
population is referred to as the “audit entity”.
• The audit entity determines the scope of the
audit, and is generally defined by the audit
mandate.
 Audit Scope
• Matters of significance can include one or
more of the following:
– Large expenditures or large revenues;
– Areas of high risk;
– Substantial errors or misrepresentations;
– Serious problems of compliance;
– Areas where the audit is likely to identify
opportunities for significant improvement.
 Entity Communication Letters
• To better understand the nature of the work
that is being performed, and the types of
reports that may be issued at the completion
of the work.
• To advise the entity of the nature, extent and
timing of the rotational audit work.
• Help improve the planned scope of the audit
and the rotational audit plan.
 Minimum terms of audit engagement
• The objective of the audit;
• Management’s responsibility;
• The scope of the audit;
• The form of any reports or other communication of results
of the engagement;
• The fact that because of the test nature and other inherent
limitations of an audit, together with the inherent
limitations of any accounting and internal control system,
there is an unavoidable risk that even some material
misstatement may remain undiscovered; and
• Unrestricted access to whatever records, documentation
and other information requested in connection with the
audit.
 Further terms
• Arrangements regarding the planning and performance of the audit.
• Expectation of receiving from management written confirmation
concerning representations made in connection with the audit.
• Request for the auditee to confirm the terms of the engagement by
acknowledging receipt of the engagement letter.
• Description of any other letters or reports the auditor expects to issue to
the auditee.
• When relevant, the following points could also be made:
– Arrangements concerning the involvement of other auditors, internal auditors,
predecessor auditors and experts in some aspects of the audit.
– Any restriction of the auditor’s liability when such possibility exists.
– A reference to any further agreements between the auditor and the engagement entity.
 Understand the Entity’s Business
• The auditor should assemble the following information for most
audits:
– government’s plans and priorities;
– entity’s strategic plans;
– users of the entity’s services;
– legislative authorities affecting the entity’s operations;
– industry in which the entity operates, including any specialised
accounting practices followed by that industry;
– activities in which the entity engages (constructing buildings, providing
grants and contributions, collecting taxes, etc.);
– size of the entity (its total assets, liabilities, revenue and expenditure);
– types of transactions and documents that the entity processes;
– entity’s internal control structure; and
– economic trends that can affect the valuation of significant assets and
liabilities (those held in foreign currencies, for example).
 Knowledge Areas – Tasks Performed
Knowledge Area Tasks Performed
Understanding of the users of the entity’s Assess materiality
services and the size of the entity
An understanding of the legislative Determine what components to audit
authorities affecting the entity’s
operations, the activities in which the
entity engages, and the types of
transactions and documents that the
entity processes
Understanding of the industry in which Assess inherent risk
the entity operates, the activities in which
the entity engages, the size of the entity,
the types of transactions and documents
that the entity processes, and economic
trends
 Level of Effort
• There are a number of factors that can legitimately reduce the
effort required:
– Much of the required knowledge will have already been gathered
during prior compliance with authority work. This can be used when
planning the audit.
– With a financial audit, the depth of knowledge required of each
ministry, department etc. is relative to the materiality of that
organisational unit to the overall audit scope. Therefore, the
knowledge required will be small for less material agencies and will be
of lower priority, so it can be deferred until more priority units have
been covered.
– The depth of knowledge required also reflects the extent of intended
reliance on internal controls as a source of audit assurance. If the
auditor intends to place little reliance upon internal controls, then a
lower level of knowledge is required than when significant reliance is
to be placed on controls.
 Assess materiality, planned precision,
and audit risk
• To determine materiality the auditor should perform the
following steps:
– Identify the probable users of the financial statements.
– Identify the information in the financial statements that is
expected to be the most important to each of these users (e.g.,
total expenditures, total assets or the annual surplus or deficit).
One or more of these amounts may serve as the base amount(s)
for computing materiality.
– Estimate the highest percentage(s) by which the base amount(s)
could be misstated without significantly affecting the decisions
of the users of the financial statements.
– Multiply the percentage(s) times the base amount(s).
– Select the lowest amount – this is the materiality amount.
Errors exceeding this value are material.
 Assess materiality - Guidance
Base Percentage
Percentage of total expenditures 2% for "small" entities to 0.5% for "large" entities
Percentage of normalised pre-tax 5% for entities with "large" pre-tax incomes to
income 10% for entities with "small" pre-tax incomes.
Percentage of total revenue 2% for "small" entities to 0.5% for "large" entities
Percentage of equity Usually 1% is suggested
Percentage of assets Usually 0.5% is suggested
Percentage of the annual surplus Normally only used as a reasonableness check on
or deficit the materiality amount determined by a
percentage of total expenditures or revenues
 Materiality – Qualitative Aspect
• The inherent nature or a characteristic of an error may
render the error material, even if its value is not.
• Auditors are not expected to plan financial audits to
detect all of these qualitative errors.
• The cost of such an audit would be too high.
• Consequently, auditors normally ignore the qualitative
aspects of errors when planning their audits.
• However, when reporting on the results of the audit
work, take into account the qualitative aspects of the
errors.
 Planned Precision
• Auditor’s planned allowance for further possible
errors.
• Planned precision = Materiality - EAE.
• To determine the expected aggregate error, the
auditor should consider:
– The errors found in previous years;
– Changes the entity has made to the internal control
structure to prevent these errors from recurring; and
– Other changes to the entity’s business or its internal
control structure that could affect the size of the
errors.
 Audit Risk
• The risk of issuing an unqualified opinion on financial
statements that are materially misstated.
• Financial attest audit: Risk that material misstatements
exist in the financial statements that will not be
detected, either by management or by audit
procedures.
• Compliance audits: Risk that certain material, or
significant, transactions have occurred in a manner
that contravene the laws, regulations and management
procedures applying to the area of audit.
 Audit Risk
• Three categories of risk that are normally
considered in determining Audit Risk:
– Inherent Risk,
– Control Risk, and
– Detection Risk.
 Inherent Risk
• Susceptibility to material/significant error or
loss unrelated to any internal control system.
• Requires the evaluation of numerous
judgmental factors, relating to the nature of
the entity and its business environment taken
as a whole.
 Control Risk
• Risk that material/significant error or loss is
not prevented or detected on a timely basis by
the internal control structure.
• It is a function of the effectiveness of the
design and operation of the internal controls.
• The auditor should identify and evaluate both:
– the control environment, and
– the effectiveness of the individual internal
controls that are in place.
 Detection Risk
• This is the risk of material/significant error or
loss going undetected by the auditor’s
substantive audit procedures.
• It is a function of the effectiveness of the
substantive audit procedures and audit effort.
• Audit risk is a composite of these three risks.
AR = IR x CR x DR
 Identification of Risk
• There is a set of steps that the auditor can take, but
experience, imagination and judgment are also critical.
– List the programme objectives, assets to be safeguarded and
other results that management need to achieve;
– Identify threats which could prevent achievement of these
objectives;
– Rate the risks, with the probability of occurrence, assuming no
management controls (the inherent risks);
– List controls and assurances which exist within the systems and
practices in place (environment controls and internal controls);
– Identify missing controls and assurances;
– Identify risks that could occur even with the existing controls in
place (control risk); and
– Recommend improved controls and assurances.
 Indicators of Risk
• There are certain indicators that can alert the
auditor to potential risk situations.
– Processing risk;
– Programme risk;
– Regulatory risk; or
– Risk of fraud.
 Factors Affecting Audit Risk
• To determine how much risk the auditor
should accept that an unqualified opinion may
be issued on financial statements that are
materially misstated, the auditor would
consider:
– professional exposure,
– reporting considerations and
– ease of audit.
 Determining Audit Risk
• Though Determination of audit risk is the
auditor's responsibility and not the financial
statement users, but it may be prudent to
discuss the factors affecting audit risk and the
assessed level directly with the users.
– Extent to which the users rely on the entity's
financial statements and audit report.
– Awareness of special circumstances that could
increase the auditor’s professional exposure risk.
 Determining Audit Risk
• As for materiality, the assessment of audit risk
is a subjective process requiring the use of
professional judgment.
• Guidance:
Overall
Situation Audit Risk
Assurance
Entities perceived to be high risk 3 97
(and therefore the auditor wants to
achieve a high level of overall
assurance and set a low level of audit
risk)
All other entities 5 95
Auditor’s Responsibility to Detect Error
and Fraud
• Fraud is the intentional act by one or more
individuals to deceive others.
• The most difficult type of fraud to detect is
fraud committed by management.
• Not all frauds will result in errors in the
financial statements.
• Start by assuming good faith - cannot be blind
faith.
Auditor’s Responsibility to Detect Error
and Fraud
• “The auditor should design audit steps and
procedures to provide reasonable assurance of
detecting errors, irregularities, and illegal acts
that could have a direct and material effect on
the financial statement amounts or the results
of regularity audits. The auditor also should be
aware of the possibility of illegal acts that
could have an indirect and material effect on
the financial statements or results of
regularity audits.”
 Understand the Entity’s Internal
Control Structure
• INTOSAI defines the internal control structure as the
plans and actions of an organisation, including
management's attitude, methods, procedures, and
other measures that provide reasonable assurance that
the following general objectives are achieved:
– Assets are safeguarded against loss due to waste, abuse,
mismanagement, errors, and fraud and other irregularities;
– Laws, regulations, and management directives are
complied with; and
– Reliable financial and management data are developed,
maintained and fairly disclosed in timely reports.
 General Standards for an Internal
Control Structure
• INTOSAI describes five general standards that entity
management and employees should follow:
– Reasonable assurance.
– Supportive attitude.
– Integrity and competence.
– Control objectives.
– Monitoring controls.
 Detailed Standards for an Internal
Control Structure
• INTOSAI describes six detailed standards that
entity management and employees should
follow:
– Documentation.
– Prompt and proper recording of transactions and
events.
– Authorisation and execution of transactions and
events.
– Separation of duties.
– Supervision.
– Access to and accountability for resources and
records.
Responsibility for Maintaining Internal
Controls
• Entity management is responsible for ensuring
that a proper internal control structure is
instituted, reviewed, and updated to keep it
effective.
• It is then the responsibility of everyone in the
entity to ensure that the internal control
structure functions as it should.
• In addition, the Controller General of Accounts
has some responsibility for maintaining an
environment which promotes adequate internal
control.
 The Elements of Control
• There are five basic elements that make up a
control structure:
– Control environment;
– Risk assessment;
– Control activities;
– Information and communication; and
– Monitoring.
 The Role of Internal Audit
• Internal audit is in itself an internal control. It acts as an
independent check on performance. It can be very
effective in helping management fulfil its monitoring
role.
• To be most effective, internal audit must not become
part of the operational controls. The internal audit unit
should not be performing checks on an ongoing basis.
It should audit and review after the fact, or as a
separate, independent and additional check, to ensure
that the management and staff have been carrying out
their duties properly.
 Categories of Controls
• Controls can take different forms and serve
different purposes. Different ways of categorising
controls are:
– Input vs. output;
– Independent vs. interrelated;
– Manual vs. electronic;
– General vs. application;
– Documented vs. undocumented;
– Preventive vs. detective; and
– Compensating.
 Documenting Our Understanding of
Controls
• Methods of understanding the system and
application of controls include:
– Narrative;
– Flowchart;
– Internal Control Questionnaire (ICQ); and
– Walk-through.
 Determine Components
• A component is a discrete item in the financial
statements.
• Financial statement audit: the most logical way
of dividing up the financial statements is to
consider each line item in the financial
statements to be a separate component.
• “Line items” are each of the amounts reported in
the financial statements, including amounts
disclosed in the notes thereto.
 Individually Significant Transactions
and Events
• Individual significant transactions and events
include:
– Very large transactions and events; and
– High risk transactions and events.
• The auditor should audit 100% of these
transactions and events.
 Determine financial audit and compliance with
authority objectives, and error/irregularity conditions

• For a financial statement audit, a component is

considered to be in error if:
– it is not valid (the asset or liability does not exist or the
revenue or expenditure has not occurred
– the asset, liability, revenue or expenditure is not complete;
– the transactions have not been carried out in proper
compliance with relevant laws, regulations and
administrative rules;
– the asset or liability is not properly valued or is
misclassified, or the revenue or expenditure is not
properly measured or is misclassified; or
– the financial statement presentation is not proper.
 Illustration
• Payroll expenditures may be materially misstated if:
– the costs are not valid. This could be due to, among other
things, ghost workers on the payroll.
– the costs are not complete. For example, employees have
not been paid, or the payments have not been recorded.
– the costs are not properly measured. This could be due to
paying employees more or less than they should be paid,
or the amounts being recorded being more or less than
the actual payments.
– the financial statement presentation is not proper. This
could be due to the failure to disclose all of the
information called for in the New Accounting Model.
 Assess inherent risk
• Factors affecting inherent risk include:
– The nature of the component.
– The extent to which the items making up the
component are similar in size and composition.
– The volume of activity.
– Competence of the staff processing the transactions.
– The number of locations.
– The accounting policies being used.
– Factors that could affect the risk of fraud.
 Assess inherent risk

• Following may be useful when assessing

inherent risk:
Resulting
Level of Inherent Risk Risk
Assurance
High inherent risk 60% 40%
Moderate inherent risk 50% 50%
Low inherent risk 40% 60%
 Assess Control Risk

• Following may be useful when assessing

control risk:
Resulting
Level of Control Risk Risk Assurance
High (poor internal controls) 80% Up to 20%
Moderate (moderate internal 50% Up to 50%
controls)
Low (strong internal controls) 20% Up to 80%
 Determine mix of tests of internal controls, analytical
procedures and substantive tests of details

• Tests of internal control include:

– Inquiries of appropriate entity personnel;
– Observation of policies and procedures in use;
– Walk-through procedures; and
– Selecting a sample of transactions and verifying
that the appropriate control procedures were
followed.
 Determine mix of tests of internal controls, analytical
procedures and substantive tests of details

• Analytical procedures are an efficient and

effective way to obtain audit assurance.
Type of Analytical Procedure Risk Assurance
Overall reviews for reasonableness 100% 0%

Comparative analysis 70% or more Up to 30%

Predictive analysis 50% or more Up to 50%
Statistical analysis 30% or more Up to 70%

Overall verification procedures 10% or more Up to 90%

 Determine mix of tests of internal controls, analytical
procedures and substantive tests of details

• Substantive tests of details include such

procedures as physically inspecting an asset,
checking transactions recorded in the books
and records to supporting documentation,
and confirming amounts with third parties.
• The auditor usually tests a sample of
transactions as opposed to verifying 100% of
them. (Exceptions?)
 Determine mix of tests of internal controls, analytical
procedures and substantive tests of details

• Compliance with Authority Tests:

– identify the rules and regulations that apply
to the entity.
– determine which authorities are most
significant and will design tests to check
compliance.
– The auditor will also determine what
sampling approach is appropriate.
 The Audit Risk Model

• The audit risk model is a useful way to tie

together all of the various sources of
audit assurance.
AR = IR x CR x DR
AR = IR x CR x OSPR x STDR
STDR = AR/(IR x CR x OSPR)
Activity and Resource Planning
for individual audit
Chapter-06
ACTIVITY AND RESOURCE Planning for
Individual Audits
• Formulate/update Audit Programmes
• Updating staffing requirements and allocating
resources
• Updating budget requirements
• Updating timing considerations
• Updating information required from the entity
• Re-assessing the general and detailed
planning decisions for individual audits
ACTIVITY AND RESOURCE Planning for
Individual Audits
• Documenting the detailed planning decisions
• Updated planning file
• Approval of the general and detailed planning
decisions
Conducting the audit

Chapter-07
 Conducting the audit
• The auditors will use the information collected
during planning phase in the fieldwork stage
to perform the audit work.
• In particular, the set of updated audit
programmes selected for the audit will guide
the detailed activities of the auditor.
 Compliance Testing
• Compliance testing is the process of evaluating the
effectiveness of internal controls.
• To determine how well internal controls are being
applied, the auditor should test the controls with a
sample of transactions.
• Assumptions on a zero deviation (or error) rate and a
tolerable rate of 5% - Sample size between 30 and 60.
– No errors – Control risk low
– one error – Control risk moderate
– More than one error – the auditor cannot place much
reliance on the controls (and therefore would increase the
amount of substantive testing).
 Substantive Testing
• Substantive analysis: Means of deciding whether
financial data appear reasonable and acceptable
and therefore may allow the auditor to conduct
less detailed testing of transactions.
• Tests of Details: application of one or more of the
following audit techniques to individual
transactions that make up an account balance:
Re-computation, Confirmation, Inspection and
Cut-off-tests
Selecting items for tests of details
• Normally only a proportion of the items within
an account are tested even though the auditor
wants to conclude about the account as a
whole.
• This is done by:
– Selecting key and high value items; or
– Taking a representative sample; or
– A combination of both.
Selecting items for tests of details
• Key items are normally selected when:
– There is reliance on internal controls and there is
substantive audit evidence from analytical procedures
– A small number of high value items form a large
proportion of the account (therefore testing these
items will include a high proportion of the total value
of the account); or
– The population consists largely of non-routine
transactions and therefore the account is unlikely to
consist of similar items that could be sampled.
Selecting items for tests of details
• Representative sampling is likely to be most
effective when:
– There is little or no evidence from analytical
procedures so the auditor has to rely on
substantive audit evidence from tests of details;
– The population contains a large number of
individually insignificant items; and/or
– The population contains routine transactions and
therefore the account is likely to consist mostly of
similar items (i.e. a homogeneous population).
 Substantive Sampling

• In implementing a substantive sampling plan,

the following need to be considered:
– Decide what is to be tested;
– Define the sample and select the sample;
– Audit the sample items; and
– Evaluate and interpret the results.
 Evidence

• The auditor requires evidence to support all

information presented in the audit report.
• Even the background description of the entity and
generalised statements about the organisation must
be supported by appropriate evidence.
• The final audit report must be able to withstand all
challenges and the auditor must be able to
demonstrate his/her professionalism in the way the
audit is carried out and in the presentation and
contents of the final report.
 Attributes of Evidence

To support the auditors’ findings, conclusions

and recommendations the evidence must be:
• Sufficient to lead a reasonable person to the same
conclusions as the auditor;
• Relevant to its use and applicability;
• Reliable based on fact, not opinion; an accurate reflection
of reality; from a reliable source;
• Objective free from bias
 Types of Evidence

Evidence can be classified according to the

following:
• Documentary;
• Observational;
• Physical;
• Oral; or,
• Analytical.
Procedures for Gathering Audit Evidence

• Broad Approach: At the start of an audit, usually

during the planning stage, the auditor is taking a
broad approach to the collection of evidence.
• Specific Approach: information required to answer
the audit objectives and confirm compliance or lack
of compliance with the standards/criteria
• Expanded Approach: As the evidence is collected,
however, further questions arise and new areas for
enquiry are often discovered.
 Matters to deal with during fieldwork

• In the process of obtaining this evidence,

auditors often need to deal with matters that
require the use of professional judgment.
– Unanticipated Matters
– The Substance of the Transaction
– Inadequately Supported Transactions
– Conflicting Audit Evidence
 Cause and Effect Analysis

• Wherever possible, the auditor should

determine the underlying cause(s) of an
observed weaknesses or error.
– Inexperienced individual carrying out the
transaction;
– Insufficient training of that individual;
– Lack of proper systems and procedures;
– Insufficient management involvement / scrutiny;
– Unclear accountability.
 Developing Conclusions and
Recommendations
• Conclusions should focus on significant issues.
These are generally concerned with:
– Inefficient or ineffective operations, or examples
of not achieving intended results; and,
– Failures to measure and report on the efficiency
of operations and the effectiveness of the
programs.
 Significant Findings and Conclusions

• In developing findings, the auditor needs to:

– Determine the frequency of the identified weakness.
– Assess the significance of the weakness, in both terms of
frequency and impact;
– Develop one or more examples or cases, for inclusion in
the report, to clearly illustrate the nature of the deficiency;
– Clearly communicate the actual or potential impact of the
identified deficiencies; and
– Determine whether management is aware of the
deficiency and if corrective action is underway.
 Development of Recommendations
• When developing recommendations, the
auditor should consider:
– The most significant causes of the weaknesses observed
(through cause-and-effect analysis) and what needs to be
done to strengthen the management framework to correct
the underlying cause(s);
– The feasibility and cost of adopting a recommendation
(i.e., the benefits of a recommendation should outweigh
the cost of implementing it);
– Alternative courses for remedial action; and
– Effects, both positive and negative, that may arise if the
recommendations are adopted.
 Keeping Entity Officials Informed

• To successfully complete the fieldwork, the

auditor should:
– Have effective communication skills, both oral and
written; and
– Establish and maintain good working relationships
with entity officials.
 Documenting the Work Performed

• Adequate documentation is important for

several reasons. It will:
– serve as evidence of the auditor's compliance with DAGP’s Auditing
Standards;
– help to ensure that delegated work has been satisfactorily performed;
– increase the efficiency and effectiveness of the audit;
– help the auditor's professional development;
– serve as a source of information for preparing reports;
– provide information to answer enquiries from entity officials, the
Legislature and its committees, or from any other party;
– assist in the planning of the audit for the following year; and
– help auditors in the following year to perform their work.
 Documentation Standards

• To achieve this objective, the fieldwork,

evaluation and reporting files should include:
– evidence that all of the planned audit work was performed;
– an indication as to who performed the audit procedures and
when they were performed;
– evidence that the work performed by lower level staff was
supervised and reviewed;
– copies of communication with experts and other third parties;
– copies of letters or notes concerning audit matters
communicated to or discussed with the entity; and
– copies of the auditor’s reports.
 Standards for Working Paper Files
• the name of the audit entity and audit area;
• the period covered by the audit;
• the date the work was performed;
• initials of the preparer;
• the source from which information or explanations were obtained;
• cross-references to schedules, notes and other documents that support
the working papers;
• cross-references of all amounts and other information in the audit report
to the working papers supporting the amounts and information;
• evidence that the audit procedures were performed;
• an explanation of any “tick marks” that appear on the working paper; and
• the date and initials of the reviewer.
 Standards for Working Paper Files

• Working papers should be neat and easily

readable. The auditor should:
– write or print legibly or type up the notes;
– avoid crowding on a page;
– write on one side of the working paper;
– use correct grammar, spelling and punctuation;
– spell the names of individuals or organizations correctly;
– when appropriate, identify the titles of persons referred to; and
– remove all non-evidential matter from the working papers on
the completion of the assignment (rough notes in the margins,
etc.).
 Custody and maintenance of working
paper files
• Working paper files are confidential and are the property
of DAGP. They are not for general disclosure. However,
they should be shared with other auditors as appropriate
and be available for any independent review.
• Access to the working paper files should be controlled
and secure. Material should not be removed from the
files without the specific authority of the responsible
Director General.
• Audit files should be kept for the length of time specified
by DAGP’s file retention policy.
 Quality assurance during fieldwork

• Supervision
• Review of Working Paper Files
Evaluating Audit Results

Chapter-08
Evaluating Financial Audit Results
• Field work involved the identification of potential
monetary errors, compliance with authority
violations, internal control deviations
• These errors and deviations need to be dealt with
during the evaluation phase.
• Error evaluation is done in stages.
– conclusion on the results of each test, conclusion on
each component and conclusion on the financial
statements as a whole.
 Use of CAATS
• Computer-assisted auditing techniques
(CAATs) are useful in determining the most
likely error and the upper error limit for
individual substantive tests of details, or the
most likely deviation rate and the maximum
possible deviation rate for individual tests of
internal control.
Known Errors, Most Likely Errors, Further Possible
Errors and Maximum Possible Errors

• The known error is the sum of the errors that

the auditor actually finds during the audit.
• The most likely error (MLE) represents the
auditor’s best estimate of the error in the
population.
• The upper error limit (UEL) represents the
maximum possible error that could exist in the
population at a given confidence level.
Known Errors, Most Likely Errors, Further Possible
Errors and Maximum Possible Errors
• The further possible error is the difference
between the UEL and the MLE. It has two
components – basic precision and precision gap
widening.
• Basic precision is the possible error that could
exist in the population even if no errors are found
in the sample.
• Precision gap widening is the additional further
possible error that results from finding errors in
the population.
Known Errors, Most Likely Errors, Further Possible
Errors and Maximum Possible Errors
Determining the cause of errors, violations and
deviations
• The auditor selects the sample from the
population in a way that is designed to produce a
representative sample.
• Therefore, the auditor can conclude that the
sample results are representative of the
population.
• it is normally not acceptable to conclude that a
monetary error, a compliance with authority
violation or an internal control deviation found in
a sample is an “isolated incident”
Determining the cause of errors, violations and
deviations
• However, there may be rare cases where a
particular monetary error, compliance with
authority violation or internal control deviation is
clearly not representative of the entire
population.
• Therefore, the auditor needs to consider the
cause of each monetary error, compliance with
authority violation and internal control deviation
found in sample to determine if there is any
reason why the sample results should not be
projected over the entire population.
 Concluding on the Results of Each Test

• Determining Known Monetary Errors,

Compliance with Authority Violations and
Internal Control Deviations
• Concluding on the Results of Each Test of
Internal Control
• Analytical Procedures
• Substantive Tests of Details
 Concluding on the results of each component

• Determining the Most Likely Error and Upper

Error Limit
• Reaching the Conclusion
• Case Study (Para 8.5.17 to 8.5.23)
 Concluding on the financial statements as a
whole
• Determining the Most Likely Error and Upper
Error Limit
– For most likely errors – Net all overstatements and
understatements;
– For basic precisions – Use the largest basic
precision for each of overstatements and
understatements; and
– For precision gap widenings – Add all precision
gap widenings for each of overstatements and
understatements.
 Concluding on the financial statements as a
whole
• Evaluating the Overall Financial Statement
Presentation and the Reasonableness of the
Overall Results
– The overall financial statement presentation
– The sums expended have been applied, in all
material respects, for the purposes authorised by
Parliament and have, in all material respects, been
booked to the relevant grants and appropriations.
• Assessing the Achieved Level of Assurance
 Dealing with unacceptable results

• Most likely error less than materiality; upper

error limit greater than materiality
– Increase the materiality amount;
– Increase the sample size;
– Request entity officials to record a correcting
entry; or
– Request entity officials to perform a detailed
investigation and then re-audit.
 Dealing with unacceptable results

• Most Likely Error Greater Than Materiality

– Request entity officials to record a correcting entry;
and
– Request entity officials to perform a detailed
investigation and then re-audit.
• Unacceptable Results for Tests of Internal Control
– Increase the upper error limit;
– Increase the sample size; or
– Request entity officials to perform the “missing”
controls, adjust the books for all identified errors, and
audit the work performed.
 Dealing with unacceptable results

• Unacceptable Results for Analytical

Procedures
– Determine the threshold amount (the amount
above which a difference is considered to be
significant);
– Identify significant fluctuations;
– Investigate the significant fluctuations found; and
– Conclude as to whether entity officials have
adequately explained all significant fluctuations.
 Dealing with acceptable results

• Given the impact that a monetary error in one

small transaction can have on the most likely
error and the upper error limit, it is prudent to
discuss all errors and deviations with entity
officials no matter how clear cut they are from
the auditor’s perspective.
 Documenting the evaluation process

• Document individual monetary errors and

compliance with authority violations;
• Calculate errors in each component and in the
financial statements as a whole; and
• Determine the amount of such compliance with
authority violations as:
– Errors in the amount reported for authority available;
– Errors in the amount reported for excess or saving;
– Vote over-expended but not so reported; and
– Spending for purposes not authorised.
 Evaluating Regularity Audit Results

• The auditor does not need an accurate prediction

of the extent of irregularities, but wants to know:
– whether the occurrence of irregularities is low enough
to be ignored, is sufficiently serious to be brought to
the attention of management and Parliament or is so
serious that immediate corrective actions are
required;
– what factors have contributed to the irregularities,
particularly internal control weaknesses that have to
be corrected; and
 Evaluating Regularity Audit Results

– the impact of the irregularities (these may be (i)

minimal where the rules that have been broken are of
a preventive nature but no consequences occurred;
(ii) serious wastage and misappropriation of funds;
and in the most serious case, (iii) loss of Parliamentary
control).
Quality assurance during the evaluation phase

• Considerable professional judgment is required

during the evaluation phase.
• Every step, from the identification of what is a
monetary error, a compliance with authority
violation, or an internal control deviation, through to
the evaluation of the financial statements as a whole
and the resolution of unacceptable results, requires
this judgment.
• If the judgment is not appropriate, the auditor could
issue an incorrect opinion on the financial
statements.