AUDITING (TC7)

Technician Diploma in Accounting

THE INSTITUTE OF
T

MALAW
I
CHARTERED ACCOUNTANTS
AUDITING IN MALAWI
‘January 2014 
TAXATION (TC10(B)
TECHNICIAN DIPLOMA IN
ACCOUNTING

PUBLIC ACCOUNTANTS EXAMINATION 
COUNCIL OF MALAWI 

AUDITING
 Copyright © The Institute of Chartered Accountants in Malawi

The Institute of Chartered Accountants in Malawi

P.O. Box 1 Blantyre
E-mail: icam@icam.mw
www.icam.mw

ISBN: 978-99908-0-409-6

All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means-
graphic, electronic or mechanical including photocopying, recording, taping or information storage and
retrieval systems-without the written permission of the copyright holder.

Design
PRISM Consultants
prismmw@gmail.com

AUDITING
CONTENTS

Chapter 1 CONCEPT OF ASSURANCE 8

Chapter 2 ROLE AND ORIGINS OF AUDIT 15
Chapter 3 CORPORATE GOVERNANCE 23
Chapter 4 PRINCIPLES OF AUDITING 33
Chapter 5 LEGAL ASPECTS OF AUDIT 40
Chapter 6 PROFESSIONAL REQUIREMENTS 58
Chapter 7 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT 81
Chapter 8 RISK ASSESSMENT AND AUDIT STRATEGY 91
Chapter 9 GENERAL PRINCIPLES OF INTERNAL CONTROLS 132
Chapter 10 TEST OF INTERNAL CONTROLS 147
Chapter 11 AUDIT EVIDENCE AND SAMPLING 164
Chapter 12 SUBSTANTIVE PROCEDURES ON FINANCIAL STATEMENT 190
Chapter 13 COMPUTER ASSISTED AUDIT TECHNIQUES (CAATS) 206
Chapter 14 AUDIT COMPLETION 223
Chapter 15 NATURE AND FORMS OF AUDIT REPORTS 230

AUDITING
TC7: AUDITING

AIM OF THE COURSE

To develop candidates’ practical knowledge and understanding of the process of performing an audit and
other assurance services in the context of the professional and legal framework (s) both globally and
locally.

OBJECTIVES

Upon completing this paper, candidates should be able to

 Explain the objectives of an audit within the concept of assurance
 Understand regulatory framework within which the accountancy profession operates, the audit and
other assurance services are provided and the need for the services to be carried out by
appropriately qualified professionals.
 Understand and discuss the structure of an audit process and the fundamental concepts guiding the
process.
 Understand and discuss the impact of computers and electronic processing and information
management systems of a client on the auditor’s work.
 Prepare draft reports from a given assignment, and
 Explain the purpose and scope of internal audit, another form of assurance services.

FORMAT AND STANDARD OF THE EXAMINATION PAPER

The paper will consist of seven questions each carrying 20 marks one of which will be compulsory and it
will be on the application of audit procedures in a computer environment and use of computers in the audit
process in the audit process. Candidates will be required to answer the compulsory question and any 4
questions.

SPECIFICATION GRID
This grid shows the relative weightings of sections within this course. Marks available in the examination
assessment will roughly equate to the weightings below, although slight variations may occur in individual
sessions assessments to enable suitably rigorous questions to be set.

Syllabus Area Weightings %

Nature and purpose of audit and other assurance engagements 30
Legal and professional requirements of the auditor 25
Gathering Evidence: planning, internal controls and substantive tests. 35
Review and reporting 10
Total 100

Learning Outcomes
The course syllabus endeavor to achieve the following learning outcomes from the syllabus.
1. Nature and purpose of audit and other assurance engagements

Candidates will be able to explain the concept of assurance, its purpose and where an audit and
other assurance services fit within the concept.
In the assessment, candidates may be required to:
a. Define the concept of assurance amongst many other services a professional may be
engaged in.

AUDITING
 b. State the purpose of assurance reports and provide examples of the benefits gained from
them such as to assure the entity’s report quality with respect to a subject matter reported
on.
c. Compare the functions and responsibilities of the different parties involved in an
assurance engagement.
d. Identify and compare the purposes and characteristics of, and levels of assurance
obtained from, different assurance engagements and define the concepts of reasonable
assurance.
e. Define an audit as one of the assurance engagement relating to its present form.
f. Review an audit historical origins and its development over time to its present form.
g. Identify principles of corporate governance and the role of internal audit within the
corporate governance structure.
h. Describe the roles of the audit guidelines and the structure of the audit process which
includes: (obtaining engagement, determination of score of work, planning and risk
assessment of the client, determination of scope of work, obtaining evidence and
evaluation of the results and reporting to the engagement party).

2. Legal and professional requirements of the auditor

Candidates will be required to identify the legal and other regulatory issues which have a direct
impact on the professional work in general and audit and other assurance engagements in
particular. The legal aspects are mainly contained in the company’s Act and the Public
Accountants and Auditor’s Act, while professionally, candidates will be able to understand the
importance of ethical behavior, and identify issues relating to: integrity , objectivity, competence,
confidentiality and courtesy behavior amongst other.

In the assessment they may be required to:

a. Outline the process of obtaining an audit engagement.
b. State the contractual requirements between the auditor and other parties in the
engagement.
c. State the qualifications requirement under the Companies Act and the Public
Accountants and Auditors Act for a person or a firm to be engaged to carry out a
statutory audit.
d. State the auditor’s and entity directors or management respective duties and rights during
the engagement as provided for by the Companies Act.
e. Explain the auditors’ contractual performance expectations and resulting liability for
negligence.
f. Explain the auditors’ responsibility and liability with respect to money laundering and
other illegal acts or non-compliance with other relevant laws and regulations.
g. State the role of ethical code and identify features of the professional ethics adopted by
the IFAC, and how they work in public interest.
h. Suggest courses of actions that may be taken to resolve ethical conflict of interests
relating to the ethical fundamental principles identified.
i. State the importance of confidentiality, identifying the risk of accidental disclosure of
client’s information, and stating exceptional cases when this may not apply.
j. Define objectivity and independence and recognize why those undertaking assurance
engagements are required to be independent of their clients.
k. Identify threats to fundamental ethical principles and independence of auditors as
identified by the IFAC, and possible safeguard to eliminate or reduce such threats.

AUDITING
3. Audit planning, internal controls and substantive tests

Candidates will be able to plan and select methods of obtaining sufficient and appropriate
evidence from which conclusions can be drawn, or reference to senior colleagues where necessary.
In the assessment, candidates will be able to do the following:

Planning
a. Describe appropriate tasks and procedures to understand the client’s entity’s business and
its environment before any ground work can be carried out.
b. Identify audit risk associated with the client and set appropriate materiality levels,
including determination of whether or where there is need to gather evidence on sampling
basis.
c. Develop an audit strategy and draw an audit program including determination of the
nature, extent and timing of specific audit tests and procedures.

Internal Controls
a. Define internal controls and state the reasons for organizations having effective systems
of control.
b. State why the auditor needs to identify the entity’s main areas of a business and test the
effectiveness of its control systems.
c. Identify the components of internal control in both manual and IT environments
including: the overall control environment, preventive and detective controls and internal
audit.
d. Define and classify different types of internal control, with particular emphasis on those
which impact upon the quality of financial information.
e. Show how specified internal controls mitigate risk and state their limitations.
f. Explain internal control challenges in a small entity
g. Identify internal controls for an organization in a given scenario and explain the testing of
controls in various aspects.
h. Identify and explain internal controls in a computerized environment
i. Identify internal control weaknesses in a given scenario, state the possible eventualities of
such weaknesses and suggest possible improvements.
j. Identify the process through which the auditor can communicate to those charged with
governance of a specified organization.

Substantive Testing
a. State the nature and attributes of good audit evidence
b. Explain financial statements assertions and state techniques that may be employed to
gather audit evidence.
c. Carry out detailed tests of elements of financial statements, including collection and
evaluation of samples thereof.
d. Design and carryout appropriate tests in clients’ computerized systems, including use of
computer assisted audit techniques (CAATs).
e. Explain the advantages and disadvantages of using CAATs

4. Review and Reporting

Candidates will be able to carry out overall reviews of financial and other information related to
the financial statements under audit to form an overall conclusion on financial statements to report
on them.

AUDITING
In the assessment, candidates may be required to:

Overall Reviews
a. Perform appropriate analytical reviews and consistency reviews to see whether
information as a whole make sense.
b. Assess whether opening balances for the current period financial statements were
properly brought forward from previous periods and whether all the comparative
information from previous periods has been properly disclosed, and they seem to be
consistent with current period.
c. Review any event occurring after the reporting date and whether they have any effect on
financial statements under review.
d. Seek any other additional information and explanations through management
representations.

Reporting
a. Identify key parties to the audit engagements and demonstrate awareness of other
immediate stakeholders to the report and the auditors’ responsibility towards them.
b. Identify key parts and appropriate wording in the audit report. (new reporting format
effective 15 December 2016)
c. Identify and explain all forms of modification to the reports and circumstances under
which such modifications are appropriate.
d. Identify and state the purpose and contents of the management (weaknesses) letter issued
to those charged with governance of an entity in addition to the main report.

AUDITING
References

ICAM Auditing Manual

A.H. Millichamp – Auditing (DP Publications)
M.J. Pratt – Auditing (Longman)
F.A. Attwood & N.D. Stein-dePaula’s Auditing (Pitman)
Introduction to Malawi Auditing Standards and Guidelines (ICAM)
E. Woolf – Auditing (MacDonald and Evans)
Coopers & Lybrand Students Manual of Auditing (Gee & Co)
Spicer & Pegler – Practical Auditing (Butterworths)
Malawi Companies Act 1984

AUDITING
 SECTION A
Nature and purpose of assurance engagement and corporate
governance principles

AUDITING
 CHAPTER 1

CONCEPT OF ASSURANCE

Topic list

1. The objective and nature of assurance engagement

2. Types of assurance engagements

Learning outcomes

By the end of this chapter students should be able to:

 Define the concept of assurance
 Identify five elements of an assurance engagement
 Know the professional framework which regulates accountancy profession.
 Explain the meaning of limited and reasonable assurance reports
 Give example of assurance and non assurance services

Introduction

This chapter looks at the concept of assurance as it relates to auditing and other
engagements performed by professional accountants. It starts with outlining the objective
and nature of assurance engagement and ends with explaining different types of
assurance engagements.

1 The objective and nature of assurance engagement

An assurance engagement is one in which a practitioner expresses a conclusion designed

to enhance the degree of confidence of the intended users other than the responsible party
about the outcome of the evaluation or measurement of a subject matter against criteria.

The above definition displays the following elements:

 A three party relationship involving: a practitioner, a responsible party, and

intended users.
 Subject matter: for example data – business projections, system or processes
 Suitable criteria: for example accounting standards, quantity surveying standards
 Sufficient appropriate evidence: for example information is required to support
the conclusion.
 Written assurance report in appropriate form.

Objective and nature of assurance engagements

Traditionally, the ‘assurance’ role of the professional accountant has mainly been
concerned with provision of audit services within a statutory framework – the audit of
published annual financial statements. An audit provides a high level (but not absolute

AUDITING
level) of assurance. The requirement for an audit of the annual financial statements
therefore has the objective of adding ‘assurance’ (or ‘credibility’) to the financial
statements under audit.

However, the management of companies and other organisations are required or expected
to report to stakeholders on a wide range of information, both financial and non-financial,
that is not subject to statutory audit. This might include such matters as:

 corporate governance issues, including risk assessment and internal control

systems
 e-commerce and the operation of e-commerce activities
 systems reliability
 performance measurement (both financial and non-financial)
 value for money (VFM).

Although information about these matters may not be subject to a statutory audit, it is
often considered important that the information should have credibility. Credibility may
be obtained from an assurance report provided by a professionally qualified accountant.

To appreciate the concept of assurance it is important to know the professional

framework under which such services are regulated. The table below outlines the
professional structure and the roles of each body within it to appreciate the context and
concept of assurance engagements from the IFAC perspective.

The International Framework for the accountancy profession

IFAC
IASB IAASB IPSASB IAESB IAESB Other Boards and
Committees
Issues Issues Issues Issues Issues Issue

IAS ISA IPSAS IAES CEPA Other professional

ISAE pronouncements
IFRS
ISRE
ISRS
IAPS
ISQC

The International Federation of Accountants (IFAC) is a representative body of the

accountancy profession worldwide whose aim is to develop and enhance the profession to
enable it to provide services of consistently high quality in the public interest. Its
membership comprises over a hundred world national and regional professional
regulators and other accountancy bodies such as SOCAM, the East, Central and Southern
African Federation of Accounts (ECSAFA), Institute of Chartered Accountants in
England and Wales (ICAEW), Chartered Institute of Management Accountants (CIMA),

AUDITING
association of Certified Chartered Accountants (ACCA) amongst many. It works in close
cooperation with top world economic bodies such as World Bank, IMF and the OECD.
IFAC operates through several boards under it, each being responsible for specialized
issues.

The International Accounting Standards Board (IASB) issues International Financial

Reporting Standards (IFRS), formerly, International Accounting Standards (IAS) to guide
preparers and users of financial statements.

The International Audit and Assurance Standards Board (IAASB) issues International
Standards on Audit (ISA) and International Audit Practice Statements (IAPS) used to
guide the audit process and procedures on historical financial statements. It also issues
International Standards on Assurance Engagements (ISAE), for other forms of assurance
services, International standards Review Engagements (ISRE) and International
Standards on Related Services (ISRS) to guide services which are non-assurance in
nature.

Other notable boards include; the International Public Sector Accounting Standards
Board (IPSASB) which issues International Public Sector Accounting Standards (IPSAS)
used by governments and government related institutions, the International Accounting
Education Standards Board (IAESB) which issues professional accountants’ International
Education Standards (IAES) used by professional accountancy examining bodies as a
guide for minimum expected accountancy competence for their members. The
International Ethical Standards Board (IESB) has issued the Code of Ethics for
Professional Accountants (CEPA), referred to in short as the Code of Ethics, and other
such relevant bodies which have issued other relevant pronouncements.

Students who have already attempted the accounting course are likely to have
encountered some relevant IAS/IFRS or their national equivalents. Other relevant
standards or pronouncements with the profession are referred to in the relevant areas
where they are suitably covered.

The International Framework for Assurance Engagements is a series of pronouncements

that came into effect on 1 January 2005.
The Framework makes a distinction between:
 audits and reviews of historical financial information (regulated by ISAs and
ISREs), and
 assurance engagements other than audits and reviews of historical financial
information. These engagements are regulated by International Standards on
Assurance Engagements (ISAEs).

Guidance on the conduct of assurance engagements is provided by:

10

AUDITING
  the International Framework for Assurance Engagements, and
 International Standard on Assurance Engagements (ISAE) 3000

A statutory audit, which is the main focus of the manual, is therefore an assurance
engagement regulated by the ISAs. It is also governed by the relevant national laws, such
as the Companies Act. The conduct of those involved in provision of the accountancy
services, including assurance ones is regulated by the Code of Ethics. Details of the afro
mentioned regulations are outlined in the relevant progressive text materials.

2 Types of assurance engagements

There are two general types of assurance engagements identified by the standards.
 An assertion based engagement where the accountant declares that a given
premise (assertion) is either correct or not.
 A direct reporting engagement, where the accountant reports on issues that have
come to his attention during his evaluation.

There are also two identified levels of assurance:

 Reasonable levels of assurance, such as that of an audit, where the practitioner
concludes that the subject matter materially conforms with the criteria.
 Limited level of assurance, ie. the practitioner has no reason to believe that that a
subject matter does not conform with the criteria

An absolute assurance cannot be issued in the above engagements due to the inherent
limitation in the process as a result of:
 the lack of precision often associated with the subject matter
 the nature of the evidence available
 the timescale involved.

Reasonable level of assurance

In order for an assurance service to be provided on a subject matter, it must have several
characteristics such as:
o Must be identifiable
o Must be capable of consist evaluation and measurement
o It must also be capable of being subject to procedures and evidence gathering.

Where a reasonable level of assurance is given, the risk attached to the assignment is
at a sufficiently low level to enable the practitioner to give positive assurance.
Reasonable assurance can only be given in the following circumstances:
 the subject matter of the assurance service engagement is the responsibility of
another party, and
 the subject matter is identifiable and can be subjected to evidence-gathering
techniques.

11

AUDITING
In other words, a reasonable level of assurance can be given only if the accountant is
carrying out an assignment that looks at information that has not been prepared by the
accountant (or relates to some other subject matter that is not the responsibility of the
accountant). In addition, the accountant must be able to obtain sufficient evidence for
giving a positive opinion.

Limited level of assurance

Where only a limited level of assurance is given:

 the risk is higher than that for an engagement where the accountant is able to give
a reasonable assurance, but
 the risk is sufficiently low to allow for a ‘negative’ expression of the accountant’s
conclusions (a negative opinion, as in a review report).

2.1 Examples of typical assurance and non assurance engagements

Statutory audits

The statutory audit is an assertion based engagement. This is because the auditor’s
opinion is given in relation to the assertions made by the directors in the financial
statements, analyzed as follow:
Three party relationship
o Practitioner Auditor
o Responsible parties Management/directors
o Intended users shareholders
o Subject matter financial statements
o Criteria accounting standards and relevant national law
o Conclusion truth and fairness
o Level of assurance high (rendered as reasonable assurance)

In this type of engagement the auditor issues a positive assurance by stating in his report
whether financial statements show a true and fair view or not of the entity’s
performance and state of affairs for a given period.

Review of prospective financial information (PFI)

This engagement has all the elements as in the audit on historical financial statements
above. It involves reviewing and reporting on the reasonableness of the assumptions a
responsible party used in preparation of PFI such as profits forecasts.

By their nature, forecasts are only intentions whose actual results are likely to be different
from the forecasts results. This is a typical example of a limited level of assurance where
the practitioner will issue a negative expression of his conclusion, i.e. that the
practitioner has no reason to believe that that a subject matter does not conform with the
criteria. Specifically, the practitioner will state in his report that; based on our
examination of the evidence supporting the assumptions, nothing has come to our

12

AUDITING
attention that causes us to believe that these assumptions do not provide a
reasonable basis for the forecast.

Attestation Engagements

An attestation engagement is an engagement in which a practitioner, by virtue of issuing

a report, provides some level of assurance on information that is the responsibility of
another party.

Non-assurance engagements

Audit/Accounting firms may also provide other non audit services to their clients such as;
 To perform agreed-upon procedures regarding financial information
 To compile financial information
 Liquidation and receivership work
 Compilation of tax returns, tax planning and advice to clients. Etc
 Forensic investigations and audits
A forensic investigation is a forensic audit carried out in response to a suspicion of
wrong-doing, usually to prove or disprove certain assumptions, for example,
• A person or group are carrying out a fraud
• A person was negligent in carrying out his work
• To substantiate an insurance claim or to provide evidence to a court of law, etc

The objective of a forensic investigation is to obtain evidence that might be used in legal
proceedings to resolve a dispute or prove innocence/guilt in a criminal case, such as
providing evidence of money laundering. Often forensic investigations are usually
reactive, meaning that they seek to prove or disprove suspicions of wrongdoing and
provide evidence for legal proceedings. Reporting on forensic audits should be suitably
framed to reflect the type of assurance required in the engagement.

End of chapter question

Question 1

Auditors are frequently required to provide assurance for a range of non-audit

engagements.

Required
a) State five elements of an assurance engagement 10 Marks
b) Give reasons why it is not appropriate to give an absolute assurance 4 Marks
c) Give three examples of assurance and non assurance services a professional
accountant may be engaged to carry out. 6 Marks

13

AUDITING
reactive, meaning that they seek to prove or disprove suspicions of wrongdoing and
provide evidence for legal proceedings. Reporting on forensic audits should be suitably
framed to reflect the type of assurance required in the engagement.
Total 20 Marks

End of chapter question

Question 1

Auditors are frequently required to provide assurance for a range of non-audit

engagements.

Required
a) State five elements of an assurance engagement 10 Marks
b) Give reasons why it is not appropriate to give an absolute assurance 4 Marks
c) Give three examples of assurance and non assurance services a professional
accountant may be engaged to carry out. 6 Marks

13

14

AUDITING
 CHAPTER 2

ROLE AND ORIGINS OF AUDIT

Topic list

1. The role of an audit

2. Historical development

Learning outcomes

By the end of this chapter students should be able to:

 Define an audit and list down reasons as to why an audit is important.
 Describe types of audit.
 Explain the limitations of audit.
 State the important historical developments of auditing.

Introduction

This chapter covers the nature of auditing. It starts with why auditing is required, the
definition of auditing, objectives/purposes, types of audits and historic origins of auditing.

1. The role of an audit

1.1 Definition of an audit

The Auditing Practices Board (APB) defines an audit as “an exercise whose objective is
to enable auditors express an opinion whether the financial statements give a true and fair
view of the entity’s affairs for the period then ended and have been properly prepared in
accordance with the applicable reporting framework”

We have to get to know the important parts of this definition.

 Auditor: An auditor is a professional who, by evaluating a subjective matter like

financial statements, expresses an opinion on the subject matter.

 Opinion: This is a conclusion arrived at using a set criteria.

 Financial statements: These comprise annual accounts which show performance

and financial position of an entity i.e. the statement of comprehensive income,
statement of financial position, statement of changes in equity, statement of cash
flows and notes the accounts.

 Truth and fairness

15

AUDITING
Truth

Truth is having facts in accordance with reason or correct principle or received standard
like generally accepted accounting principles and the accounting standards.
It also means that the accounts have been correctly extracted from the books and the
records. Numerous accounts items can be seen in this light. For example, freehold land at
cost K4m; it is either true or false that:

(a) Freehold land exists.

(b) The freehold land is the property of the company which holds good title.

(c) The freehold land belonging to the company is included in the financial statement.

On the other hand, the matter may not be as simple as it seems, for example, good title
may be a matter of opinion as well as historical cost may be a matter of opinion.

Fairness

Fair means that the accounts should reflect the commercial substance of the business
entity’s underlying transactions.
The idea of fairness involves a number of thoughts including:

(a) Expectation: Any user has certain expectations from a set of accounts. He/she
presumes that the accounts will conform to generally acceptable accounting
principles and accounting standards.

(b) Relevance: This means that the view given by the accounts will be relevant to the
information need of the user.

(c) Objectivity: This consists of externally verifiable facts.

(d) Freedom from bias: The producer of accounts should not allow personal
preferences to enter into their accounts preparation work.

(e) Beyond simple conformity: Users of accounts expect accounts to conform to

generally acceptable accounting principles and accounting standards.

(f) Least as good: At one time, the prudence convention was so highly esteemed that
shareholders and auditors expectations went no further than making sure that the
true position was at least as good as that shown by the balance sheet.

(g) Accounting principles: The accounting principles and policies used should be in
conformity with accounting standards; generally accepted; widely recognized and
supported; and appropriate and applicable in the particular circumstances.

16

AUDITING
(h) Disclosure: Disclosure at times can serve the users well, as accounting is an
aggregating and summarizing process.

(i) Materiality: An item is material if its disclosure or non-disclosure would make

any difference to the view received by the user of the accounts. Fairness is,
therefore, a function of materiality.

 Entity: This is a general term representing all types of business enterprises

including limited liability companies, charities, local authorities, government
agencies etc.

 Reporting framework: This comprises all laws, regulations and guidelines that
govern the preparation of financial statements e.g. Companies Act, accounting
concepts and accounting standards.

1.2 Why an audit is necessary

This can be understood from the stewardship accounting concept. Stewardship

accounting is the name given to the practice by which productive resources owned by one
person or group of persons are managed by another person or group of persons.

A classic example of stewardship accounting can be found in the bible in the gospel
according to St. Matthew Chapter 25. In this story told, we learn about a rich man who
was embarking on a long journey. He called his servants and asked them to look after his
wealth when he was gone. To each, he gave gold coins to manage according to his
abilities. One was given five thousand gold coins; the second was given two thousand
gold coins whilst the third one was given one thousand gold coins. On his return, he
asked each one of them to account for the gold coins they were entrusted with. The rich
man was pleased with the servants he had entrusted with five thousand gold coins and
two thousand gold coins because they had doubled their investments. He was not pleased
with the servant whom he gave one thousand gold coins, since he had not made any
return on the money.

Today, the practice by which managers of businesses account or report to the owners of
the business is called stewardship accounting. The accounting and reporting is done
through financial statements.

The question that has always existed when those entrusted with resources of other people
report on the performance of the same is; can the owners of the resources believe the
report?

The report may:

 contain errors
 not disclose fraud
 inadvertently be misleading
 fail to disclose relevant information

17

AUDITING
  fail to conform to regulations

The solution to the problem of credibility of the reports and accounts can be solved by
appointing an independent person called an auditor to investigate the reports and accounts
and report back to those who appointed him on their truth and fairness.

1.3 Objective of an audit

The primary objective of an audit is to enable the auditor produce a report of his opinion
of the truth and fairness of financial statements so that any person reading and using them
can have belief in them.

1.4 Benefits of an Audit

An audit has a number of benefits.

(i) Owners of company are given an independent opinion as to the truth and
fairness of the accounts.

(ii) An audit gives more confidence in the financial statements used by third
parties like banks.

(iii) The auditors can help the directors improve the business as a by-product of
the audit through reporting weaknesses identified in the course of audit.

(iv) Disputes between members of management like in partnership may be more

easily settled.

(v) Major changes in ownership may be facilitated if past accounts contained an

unqualified/clean audit report.

(vi) The government relies more on audited accounts to ascertain profit or loss for
tax purposes.

(vii) Helps to prevent and detect errors and fraud: An audit has deterrent and moral
effect which helps entities to prevent errors and fraud. In addition errors and
fraud may be detected in the course of the audit work.

1.5 Limitations of an audit

(a) Auditing is not a purely objective exercise because auditors use judgement in
areas like risk assessment, which tests to perform, determination of materiality
levels etc.

(b) In auditing, auditors do not check every item in the accounting records.

18

AUDITING
 (c) Accounting and internal control systems on which auditors rely have inherent
limitations ( refer to inherent limitation of internal controls topic) .

(d) Audit does not and cannot tell that directors and management are telling the truth
and have colluded in fraud.

(e) An audit only indicates what is probable rather than what is certain.

(f) Audit reports are issued some months after the financial statements date.

(g) The audit report format is unlikely to reflect all aspects of the audit.

(h) The auditor’s opinion is not a guarantee of the future viability of the entity;
effectiveness and efficiency of management and that fraud may not have been
perpetrated on the company.

1.6 Types of audits

Audits can either be statutory or non statutory.

(a) Statutory audit

This is an audit carried out because the law (i.e. Companies act) requires it.

(b) Non statutory audit

A non statutory audit is an audit conducted on affairs of the firm by independent auditors
because it is required by the owners.

2 Historical development of auditing

To facilitate the examination of the historical development of auditing, it is necessary to

divide it into the following chronological periods: prior to 1840, 1840s to 1920s, 1920s to
1960s, 1960s to 1990s, 1990s to date.

Prior to 1840

Auditing in the form of checking activities was found in ancient civilizations of China,
Egypt, and Greece, with the Greek (around 350 BC) appearing to be closest to the present
day audit. Similar kinds of checking activities were also found in the Exchequer of
England during the reign of Henry I (1100-1135), where special audit officers were
appointed to make sure that state revenues and expenditure transactions were properly
accounted for, focusing on preventing or detecting fraudulent activities. It can also be
traced later to the Italian city states of Genoa and Venice where auditors were engaged to
help verify the riches brought by captains from the Old World into the European
continent. The audits prior to 1840 were restricted to performing detailed verification of
every transaction.

19

AUDITING
1840s – 1920s

The practice of auditing did not become firmly established until the advent of industrial
revolution during the period of 1840s-1920s in the UK. The large scale operations that
resulted from the industrial revolution drove the corporate form of enterprise to the
forefront. Large factories and machine based production were established, which as a
result required large amount of capital to facilitate the large capital expenditure, hence
pooling of growing numbers of middle class and small investors capital. In response the
Joint Stock Companies Act was passed in UK in 1844.

The Act stipulated that directors shall cause the books of the company to be balanced and
the balance sheet to be made up. In addition it provided for the appointment of the
auditors to check the accounts of the company. However, the annual presentation of the
balance sheet to the shareholders and the requirement of a statutory audit were only made
compulsory under the Companies Act 1900. Auditors during this period were merely
shareholders chosen by their fellow members. In the Kingston Cotton Mill (1896) it was
established that an audit objective was to detect fraud and errors. It can be concluded that
the role of the auditors during the period of 1840s to 1920s was mainly on fraud detection
and the proper portrayal of the company’s solvency in the balance sheet.

1920s – 1960s

The growth of the US economy in the 1920s to the 1960s had caused a shift of auditing
development from the UK to the USA. Investments in business entities grew rapidly, and
advancement in the securities markets and credit granting institutions facilitated the
growth of capital markets in this period. As companies grew in size the separation of
ownership and management function became more evident. Hence, to ensure the
continued flow of funds from investors to companies, and the smooth functioning of the
financial market, there was need to convince the participants in the market that the
companies’ financial statements provide a true and fair portrayal of the relevant
companies’ positions and performance. The consensus was generally the primary
objective of an audit is adding credibility to the financial statements rather than detection
of fraud and errors.

With such a shift in emphasis developed the concept of materiality and sampling
techniques due to the voluminous transactions involved in the conduct of business by
large corporations, where it was no longer practical for auditors to verify all transactions.
Corresponding with this, the auditors also increasingly started to rely on internal controls
as a source of preliminary assurance. Later the McKesson and Robbins (1938) case
resulted in the emphasis of physical observation of assets such as cash and stocks and use
of external evidence. In addition, the Royal Mail case highlighted the need for the audit
of the profit and loss statement, which was only made mandatory with the enactment of
the Securities and Exchange Commission Act (1934) in the USA and the corresponding
Companies Act (1948) in the UK. These legislations clearly provided for the following;

20

AUDITING
  For auditors to be independent of the companies influence.
 Audit requirement for the profit and loss and the balance sheets.
 Set up a minimum legal enforceable disclosure requirement framework.
 Set up a requirement that an auditor should be suitably qualified professional
accountant.
 Set up specific duties, powers and responsibilities of an auditor.
 Required the auditor to report whether adequate books and records had been kept
from. which financial statements were prepared to give a true and fair view,
shifting the primary audit objective from fraud detection.

1960s – 1990s

The world economies continued to grow in the 1960s – 1990s. This period marked an
important development in technological advancements and the size and complexity of the
companies. In the early 1980s, when reliance on internal controls was found to be an
expensive process, auditors began to cut back on them and make greater use of analytical
procedures instead, then developing further to risk-based auditing by the mid 1980s,
calling for a thorough understanding of the clients by auditors to carry out such an audit.
Since most of the companies in this period had introduced computer systems to process
their financial and other data and to perform, monitor and control many other operational
and administrative activities, auditors also placed heavy reliance on the advanced
computer auditing skills to facilitate their audit procedures.

At this time there was also a surge in provision of other advisory services to clients in
addition to audit of financial statements, with firms becoming multidisciplinary (ie
extending to management consultancy).

1990s – present

The auditing profession witnessed substantial and rapid change since 1990s as a result of
the accelerating growth at the world economies. It can be observed that auditing in the
present day has expanded beyond the basic financial statement attest function. According
to Porter et al (2005), present-day auditing has developed into new processes that build
on a business risk perspective of their clients. The business risk approach rests on the
notion that a broad range of the client’s business risks are relevant to the audit. Advocates
of the business risk approach opined that many business risks, if not controlled, will
eventually affect the financial statement. Furthermore by understanding the full range of
risks in businesses, the auditor will be in a better position to identify matters of
significance and relevance to the audit profession on a timely basis.

Since the early 1990s, the audit profession began to take increased responsibility to detect
and report fraud and to assess, and report more explicitly, doubts about an auditee’s
ability to continue in conformance with society’s and regulators’ increasing concern
about corporate governance matters. Adoption of the business risk approach in turn
enhances auditor’s ability to fulfill these responsibilities (Porter, et al., 2005).

21

AUDITING
Presently, the ultimate objective of auditing is to lend credibility to financial and non-
financial information provided by management in annual reports; however, audit firms
have been largely providing consultancy services to businesses. By 2000, consulting
revenues exceeded auditing revenues at all the major audit firms in the USA.

Regulators of the auditing profession and the investing public began to doubt whether
audit firms could remain independent on audit issues when the firms were so dependent
on consulting revenues. The quality of audits is being placed under scrutiny after a series
of financial scandals of public companies such as Sunbeam, Waste Management, Xeror,
Adelphia, Enron and WorldCom. The collapses of these giant corporations had brought
about a crisis of confidence in the work of auditors (Boynton & Johnson, 2006).

As a consequence of the high level of litigation and criticism against the auditors, nearly
all large accounting firms split their consulting arms into separate companies and made
announcements on their more stringent rules and measures to ensure better independence
and audit quality. In addition, a spate of radical reforms was undertaken in various
countries, by the accounting bodies, governments, stock exchange commissions and
academics to strengthen the audit practice (Leung, et al., 2004).

In conclusion, an audit as it is known today is mainly that which was adopted by the land
mark Acts in the USA and UK just before the mid twentieth century.

End of Chapter Questions

Question 1

An audit, in early part of its development, was an assurance service that involved
checking all the records under consideration for accuracy and confirmation that fraud has
or has not taken place during the period under consideration.

A modern audit has shifted the emphasis from fraud detection to ascertainment whether
financial statements show a true and fair view or not. A number of approaches have also
emerged with time including: gathering audit evidence on sampling basis, reliance on
internal controls, external confirmations and use of Computer Assisted Audit Techniques
(CAATs) amongst others.

Required:
a) State the legislation that marked a major shift of an audit into the state as it is known
today, and mention the main principles the legislation introduced. 8 Marks
b) Outline and explain four factors that led to the change of the audit focus from that of
fraud detection to ascertainment of the truth and fairness of financial statements and
subsequent emergence of different approaches mentioned above. 8 Marks
c) State, in your opinion, whether fraud is no longer an issue of concern to a company,
and how it is dealt with in the modern audit. 4 Marks
d) What do you understand by ‘true and fair view’? 2 Marks
Total 22 Marks

22

AUDITING
 CHAPTER 3

CORPORATE GOVERNANCE

Topic list

1. Meaning of corporate governance

2. Principles of corporate governance
3. Pillars of corporate governance
4. Codes of corporate governance

Learning Outcomes

By the end of this chapter, you should be able to:

• Define corporate governance;

• Explain the key principles to corporate governance systems;
• Explain the role of internal audit in corporate governance;
• Compare and contrast external audit and internal audit.

Introduction

Good corporate governance enhances performance of organization, this chapter therefore

will cover corporate governance and its pillars. Much emphasis in this chapter will placed
on explaining the role of internal audit in corporate governance and how it is compared
with external audit.

1 Meaning of corporate governance

Corporate governance is the means by which a company is operated and controlled.

It encompasses such matters as:

• The responsibilities of directors

• The appropriate composition of the board of directors
• The necessity for good internal control
• The necessity for an audit committee
• Relationship with the external auditors

Corporate governance is about ensuring that companies are run well in the interests of
their shareholders and other stakeholders.

It encourages transparency and accountability of those who run the companies through
presentation of financial statements to stakeholders. The credibility of these financial

23

AUDITING
statements is enhanced by an audit. Therefore, there is need for an audit to centre on the
requirements of the users of financial statements.

Examples of users of audited financial statements include shareholders, directors,

employees, creditors, the public, customers and government.

2. Principles of Corporate Governance

The key principles of corporate governance include transparency, accountability, fairness,

responsibility and reputation.

Principles are the reasons why companies or institutions need corporate governance. It is
therefore, important that all stakeholders in the company not only understand these
principles but also believe in them.

Otherwise, if these are not understood and embraced, corporate governance cannot bring
about the change and therefore, the benefits that are accrued to it. This will be true in
situations where stakeholders do not understand and accept the principles but undertake
corporate governance for the sake of complying with requirements.

The five principles of corporate governance are explained as follows:

2.1 Transparency

Transparency means providing information about activities, plans, actions to stakeholders

that are entitled to. In good corporate governance, directors should clarify to shareowners
and other key stakeholders why every material decision has been made.

This is accomplished by ensuring timely, accurate disclosure on all material matters,

including the financial situation, performance, ownership and corporate governance. This
does not include disclosing the company secrets.

The main reason why transparency is important is that it reduces potential conflicts
between the owners of companies and the managers of those companies. Most companies
are not managed by the owners. The owners simply provide capital and lose control of it
in the sense that they appoint directors who in turn employ managers to run the day to
day business of the company. Transparency therefore, ensures that managers show how
the owners money has been used in the company. Similarly it reassures investors in the
sense that they get confidence that the company has been well run.

2.2 Accountability

Accountability is about explaining how powers or authority and resources entrusted have
been used. Directors should be held accountable for their decisions to shareowners, and,
in certain cases, key stakeholders, submitting themselves to rigorous scrutiny.

24

AUDITING
In turn, management should also be accountable to the board. Producing financial
statements and making them available to the entitled stakeholders is one way how
directors and management can account for their decisions and also how they have used
financial and other resources entrusted to them.

2.3 Fairness.

The Board should consider Key stakeholder views when making decisions with a sense
of justice and avoidance of bias or vested interests.

The Board and management should apply fair practice in their dealings with stakeholders
and adhere to the spirit not just the letter of all rules and regulations that govern the
organisation. The organisation should provide effective redress for violations.

2.4 Responsibility

Responsibility means management accepting the credit or blame for governance

decisions. It implies clear definition of the roles and responsibilities of the roles of senior
management. To this end, directors should carry out their duties with honesty, probity
and integrity. They should exercise independent judgement when making decisions.

Honest and probity relates not only to telling the truth, but also not misleading
shareowners and other stakeholders. Lack of probity includes not only obvious examples
of dishonesty such as taking bribes, but also reporting information in a slanted way that is
designed to give an unfair impression.

Integrity can be taken as meaning someone of high moral character, who sticks to strict
moral or ethical principles no matter the pressure to do otherwise. In working life, this
means adhering to the highest standards of professionalism and probity. It also means
straight forwardness, fair dealing and honest relationships with different people and
constituents. Trust is vital in relationships and belief in the integrity of those with whom
you are dealing with underpins this. Thus integrity is an underlying principle of corporate
governance. All those in agency relationships should posses and exercise absolute
integrity. To fail to do so breaches the relationship of trust.

Exercising independent judgement, is another key ingredient of a responsible board.

Judgement means that the board making decisions that enhance the prosperity of the
organization. This means that the board members must acquire a broad knowledge of
business and its environment to be able to provide meaningful direction to it.

For management to be held properly responsible, organisations should ensure that

procedures and structures are in place so as to minimize, or avoid completely, potential
conflict of interests that could arise. In addition, there must be a system in place that
allows for corrective action and penalizing mismanagement.

25

AUDITING
2.5 Reputation

Reputation defines an organisation as well as the individuals associated with that

organisation. The Board must manage reputation risk. Good practices ensure a good
reputation. Bad practices can destroy a reputation overnight.

Consequences of poor reputation include:

 suppliers and customers unwillingness to deal with the organisation for fear of being
victims of dishonesty;
 inability to recruit high quality staff;
 fall in demand because of consumer boycotts;
 increased public relations costs because of adverse stories in the media;
 increased compliance costs because of close attentions from regulatory bodies or
external auditors; and
 loss of market value because of a fall in investor confidence.

3 Pillars and Codes of Corporate Governance

3.1 Pillars of corporate Governance

Corporate governance is built on four main cornerstones which all need to have a stable
foundation in all well controlled and directed organizations. The four Corporate
Governance Cornerstones are the board, management, external audit and internal audit.

3.1.1 Board

It is a body of elected or appointed members who jointly oversee the activities of a

company or organization. A board's activities are determined by the powers, duties, and
responsibilities delegated to it or conferred on it by an authority outside itself, usually by
shareholders. The powers, duties and responsibilities are typically detailed in the
organization articles of association.

Typical duties of boards of directors include:

 governing the organization by establishing broad policies and objectives;

 selecting, appointing, supporting and reviewing the performance of the chief
executive officer;
 ensuring the availability of adequate financial resources;
 approving annual budgets;
 accounting to the stakeholders for the organization's performance;
 setting the salaries and compensation of company management

26

AUDITING
3.1.2 Management

It is a collection of people that implements policies and strategies of the organisation as

set by the board. Management is led by a Chief executive officer or Executive director
and may have other managers such as Chief Finance officer, Chief Operating Officer,
Chief Commercial officer and many more. The responsibility of management is to plan,
coordinate and manage all business operations to achieve corporate goals.

3.1.3 External audit

It is the examination of financial statements in order to provide assurance that the

statements have been fairly presented. Chapter 2 explains more about external audit.

3.1.4 Internal audit

In order to run a company effectively, and meet their legal responsibilities, directors need
assurance in a number of areas in addition to the accuracy of their published financial
statements. Much of this work involves financial matters and is therefore likely to be
carried out by accountants and/or auditors.

With company collapses at an increasing trend, often due to fraud or a failure to

adequately appreciate the risks facing the business, the role of internal audit has been
growing for some time. Internal audit is now seen as an almost essential element of good
‘corporate governance’, and most large companies have at least an element of internal
audit activity.

Definition – Internal Audit is an independent, objective assurance and consulting activity

designed to add value and improve an organisation’s operations. It helps an organisation
accomplish its objectives by bringing a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control, and governance processes.

Internal audit is an appraisal function that aims at providing assurance on the adequacy of
internal controls. It also aims at providing recommendations to management and board on
how to improve systems of control and effectiveness of various processes in an
organization. Scope of internal audit therefore is wide and does not confine to financial
reporting matters.

Since internal audit reviews the organization as a whole, it therefore, follows that various
assignments can be carried out by internal audit and such engagements can be
operational, financial, compliance or otherwise. Examples of assignments conducted by
internal audit include Value for money audits, Environmental audits, IT audits, Fraud
investigations and many more. In this chapter, the first two have been explained.

27

AUDITING
3.1.4.1 Value for money audit

Value For Money (VFM) audit could be defined as an independent assessment of the
extent to which an entity operates efficiently, effectively and with due regard to
economy.

VFM is concerned with obtaining the best possible combination of services from the least
resources. Economy, efficiency and effectiveness (3Es) are the alternative ways of
describing VFM.

The achievement of the three EEEs depends upon the existence of sound arrangements
for planning, appraisal, authorization and control of the use of resources.

 Economy- is concerned with obtaining resources at lowest costs.

 Effectiveness- is the extent to which a programme achieves its established policy

goals and objectives or other intended effects.

 Efficiency is the relationship between output, in terms of goods, services or other

results, and the resources used to produce them, the inputs. An efficient operation
produces the maximum output for any given set of resources or alternatively, it
has minimum inputs for any given quantity and quality of services provided.

3.1.4.2 Environmental audit

Definition

It is an audit which determines the degree of compliance with emission and pollution
standards.

This type of audit is slowly increasing in importance due to the concern of the public and
hence governments with the effect that organizations, particularly industrial, can have on
the environment.

The method of audit is straightforward. Predetermined targets are established either

voluntarily by the organization or set by government and actual outcomes are compared
to the targets.

Eco – audit scheme

The European Commission (EC) has adopted a scheme for the establishment of a
voluntary community environmental auditing scheme – eco-audit scheme or green audits.
It is aimed at companies carrying on industrial activities.

A company would, under the scheme, have an environmental audit on each of its sites at
regular intervals and set up a framework for acting on the audit findings. A statement

28

AUDITING
would be prepared on the results of the audit which would be available for public
inspection. The statement could be carried out by internal staff but would need to be
validated by authorized environmental auditors.

Impact on annual reports

The Institute of Chartered Accountant of England Wales (ICAEW) in 2009 produced a

report which suggests that companies should act in a number of areas to respond to the
growing importance of ‘green issues’.

It is recommended that the annual report should contain details of:

 The company’s environmental policy and objectives;

 The impact of the business on the environment;
 The extent to which the company complies with external requirements;
 Identity of director with environmental responsibility.

External auditors need to be aware of contingent liabilities that may require disclosure
because of the consequences of damage caused to the environment. The auditor may view
many of these liabilities as too remote to be included within the financial statements.
Therefore it may be appropriate to have additional environmental audit reports.

3.1.5 Comparison between external audit and internal audit

External audit is the activity carried on by the auditor when he/she verifies accounting
data; determines the accuracy and reliability of accounting statements and reports on
them. This activity is carried out by an independent person.

Internal audit is an independent appraisal function established by the board of an

organization for the review of the internal control system as a service to the organization.
It objectively examines, evaluates and reports on the adequacy of internal control as a
contribution to the proper, economic, efficient and effective use of resources. It is mainly
done by employees of the firm and thus independence is not always easy to achieve.
However, independent audit firms provide such services.

3.1.6 Similarities between external audit and internal audit

Both external audit and internal audit are interested in the following.

(i) An effective system of internal control.

(ii) A continuous effective operation of internal control system.

(iii) Safeguarding of assets of a business.

29

AUDITING
(iv) An adequate accounting system which complies with the Companies Act and
which provides basis for producing accounts in true and fair terms.

(v) Adequate management information flow.

(vi) Compliance with statutory and regulatory requirements.

In addition both external audit and internal audit use similar methods of approach. The
similar methods are:

(i) Examination of the system of internal check, for both soundness in design and
effectiveness in operation.

(ii) Examination and checking of accounting records and statements.

(iii) Verification of assets and liabilities.

(iv) Observation, inquiry, and the making of statistical comparisons and

accounting ratio measurements.

3.1.7 Differences between external audit and internal audit

External audit Internal audit

 Work is laid down by statute  Work is determined by management
 The auditor must be  The auditor is an employee and may not
independent be independent
 The auditor is interested in the  The auditor is interested in appraising
truth and fairness of the the efficiency of the system of internal
financial statements in terms control and management information
of statutory obligation systems.
 The auditor is paid on a fee  The auditor is paid on salary basis
basis
 The auditor has responsibility  The auditor is answerable only either to
to shareholders and management or board of directors
sometimes to other users of
accounts
 The auditor is appointed by  The auditor is appointed by management
shareholders or board

3.1.8 How external auditor cooperates with internal auditor

The wide experience of the external auditor may be of assistance to the internal auditor.
On the other hand the internal auditor’s intimate acquaintance with the business
concerned may be of help to the external auditor.

External auditor and internal auditor may cooperate in the following ways.

30

AUDITING
(i) They can agree which aspects of work to be carried out only by internal auditor or
together with the external auditor.
(ii) The external auditor may accept work done by the internal auditor, for example,
confirmation of customer accounts, verification of assets and audit schedules
prepared by the internal auditor.

3.2 Codes of corporate governance

The need to improve corporate governance came to prominence in the United Kingdom
(UK) in the 1980s, following the high profile collapses of a number of large companies
(Maxwell, Polly Peck, etc). Poor standards of corporate governance had led to
insufficient controls being in place to prevent wrongdoing in the United States of
America (US) in the 1990s, as demonstrated by the collapses at Enron and WorldCom.

As a result of the challenges in UK and US corporate governance scholars saw the need
to produce guidelines to assist in operating and controlling companies. The guidelines are
in forms of codes of best practice.

Some of the recent codes of corporate governance are:

 Malawi code of corporate governance
 King report of South Africa
 Combined code of UK

End of Chapter Question

Question One:

You are in charge of the internal audit department of ZX Ltd, a rapidly expanding
company. Turnover has increased by about 20% per annum for the last five years, to the
current level of K50 million. Net profits are also high, with an acceptable return being
provided for the shareholders.

The internal audit department was established last year to assist the board of directors in
their control of the company and prepare for possible listing on the stock exchange. The
managing director is keen to follow the principles of good corporate governance with
respect to internal audit. However, he is also aware that the other board members do not
have complete knowledge of corporate governance and detailed knowledge of
International Standards on Audit.

Required:
a) Explain what you understand by corporate governance and its pillars in a
company. 10 Marks

31

AUDITING
 b) Explain how the internal audit department can assist the board of directors fulfill
their obligations under the principle of good corporate governance. 10 Marks
Total 20 Marks
Source: ACCA

32

AUDITING
 CHAPTER 4

PRINCIPLES OF AUDITING

Topic list

1. Fundamental concepts
2. Structure of an audit

Learning objectives
By the end of this chapter students should be able to:
 Explain the fundamental concepts of auditing
 Explain the stages in the modern audit.

Introduction

This chapter starts with key fundamental concepts of auditing which are materiality, true
and fair view, audit evidence, independence and audit risk. The role of auditing
guidelines will also be discussed and close with structure of an audit.

1 Fundamental concepts

Below are the fundamental auditing concepts (all the concepts have been explained in
other chapters of this manual)

 Materiality
Materiality is the expression of the relative importance of a particular matter in the
context of the financial statements as a whole. Information is generally considered to be
material if its omission or misstatement could influence the economic decisions of users
taken on the basis of the financial statements.
 Independence
Independence is essentially an attitude of mind characterized by integrity and objective
approach to professional work. An auditor must be and be seen to be independent; this
helps the auditor to give an unbiased opinion on the financial statements.
 Audit evidence
Audit evidence is all the information used by the auditor in arriving at the conclusion on
which the audit opinion is based. Audit evidence is any information that corroborates or
refutes an assertion.
 Audit risk
Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the
financial statements are materially misstated.

33

AUDITING
  Auditor’s responsibility to consider fraud and error in the audit of financial
statement.
ISA 240 - The auditors’ responsibilities to relating to fraud in audit of financial
statements, gives guidance on how auditors should carry out their procedures in relation
to fraud and error.
 True and Fair view.

The role of audit guidelines

Rules governing audits

We discussed in Chapter 1 the various stakeholders in a company, and the various people
who might read company's financial statements. Consider also that some of these readers
will not just be reading a single company's financial statements, but will also be looking
at those of a large number of companies and making comparisons between them.

Readers want assurance when making comparisons that the reliability of the financial
statements does not vary from company to company. This assurance will be obtained not
just from knowing that each set of financial statements has been audited, but knowing
that this has been done to common standards. There is a need for audits to be regulated so
that auditors follow the same standards. As we see in this chapter, auditors have to follow
rules issued by a variety of bodies. Some obligations are imposed by governments in law,
or statute. Some obligations are imposed by the professional bodies to which auditors are
required to belong, such as the ACCA. International Standards on Auditing (ISAs) are
produced by the International Auditing and Assurance Standards Board (IAASB), a
technical standing committee of International Federation of Accountants (IFAC), which
also issues standards relating to review engagements, other assurance engagements,
quality control and related services. An explanation of the workings of the IAASB, the
authority of ISAs and so on are laid out in the Preface to the International Standards on
Quality Control, Auditing, Review, Other assurance and related services, and these are
discussed below.

The preface states that the IAASB’s objective is the development of a set of international
standards that are accepted worldwide. The IAASB’s pronouncements relate to audit,
other assurance and related services that are conducted in accordance with international
standards.

Within each country, local laws and regulations govern, to a greater or lesser degree, the
practices followed in the auditing of financial or other information. Such regulations may
be either of a statutory nature, or in the form of statements issued by the regulatory or
professional bodies in the countries concerned. For example, Malawi adopted the ISAs
and the Companies Act provides legislative regulations.

34

AUDITING
International Auditing Practice Statements (IAPSs) provide interpretive guidance and
practical assistance to professional accountants in implementing ISAs and to promote
good practice.

Any limitation of the applicability of a specific ISA is made very clear in the Preface.
ISAs do not override the local regulations referred to above governing the audit of
financial or other information in a particular country;
 To the extent that ISAs conform with local regulations on a particular subject, the
audit of financial or other information in that country in accordance with local
regulations will automatically comply with the ISA regarding that subject.
 In the event that the local regulations differ from, or conflict with, ISAs on a
particular subject, member bodies should comply with the obligations of members
set forth in the IFAC Constitution as regards these ISAs (ie encourage changes in
local regulations to comply with ISAs).The IAASB also publishes other papers,
such as Discussion Papers, to promote discussion on auditing, review, other
assurance and related services and quality control issues affecting the accounting
profession, present findings, or describe matters of interest relating to these
engagements.

Below is a list of International Standards on Audit (ISA) issued by the International Audit
and Assurance Standards Board (IAASB) under the International Federation of
Accountants (IFAC) – 2013 Edition:

Number Title
200 Overall objectives of the independent auditor and the conduct of an audit
in accordance with international standards on auditing.
210 Agreeing the terms of audit engagement.
220 Quality control for an audit of financial information.
230 Audit Documentation.
240 The auditors’ responsibilities to relating to fraud in audit of financial
statements.
250 Consideration of laws and regulations in an audit of financial statements.
260 Communication with those charged with governance.
265 Communication deficiencies in internal control to those charged with
governance and management.
300 Planning an audit of financial statements.
315 Identifying and assessing the risks of material misstatement through
understanding the entity and its environment.
320 Materiality in planning and performing an audit.
330 Auditor’s responses to assessed risk.
402 Audit considerations relating to entities using service organizations.
450 Evaluation of misstatement identified during audit.
500 Audit evidence.
501 Audit evidence – specific consideration for specific items.
505 External confirmations.
510 Initial audit engagements – opening balances.

35

AUDITING
520 Analytical procedures.
530 Audit sampling.
540 Auditing accounting estimates, including fair value accounting estimates and
related disclosures.
550 Related parties.
560 Subsequent events.
570 Going concern.
580 Written representations.
600 Special considerations – audits of group financial statements (including the work
of component auditors).
610 Using the work of internal auditing.
620 Using the work of an auditor’s expert.
700 Forming an opinion and reporting on financial statement.
705 Modifications to the opinion in the independent auditors’ reports.
706 Emphasis of Matter paragraphs and other matter paragraphs in the independent
auditor’s report.
710 Comparative information – corresponding figures and comparative financial
Statements.
720 The auditor’s responsibilities relating to other information in documents
containing audited financial statements.
800 Special considerations- audits of financial statements prepared in accordance with
special purpose frameworks.
805 Special consideration – audits of single financial statement and specific elements,
accounts or items of a financial statement.
810 Engagements to report on summary financial statement.

2 Structure of an Audit

This section discusses the stages in the modern audit which help the auditor to carry out
the audit methodically. There are twelve main stages for modern audits;

Planning

Stage 1 The scope of the audit and the general audit approach should be
determined. The scope looks at audit procedures necessary to achieve
audit objectives.

The letter of engagement will set out the terms of the audit and will be
confirmed before the start of any audit.

Auditors must prepare an audit strategy to be placed on the audit file

Stage 2 The aim of the stage is to enable the auditor to obtain information to
enable the auditor to assess the risk of material misstatements in the

36

AUDITING
 financial statements. Procedures include; enquiries of management,
observation and inspection and prior period knowledge.

Stage 3 The objective at this stage is to determine the flow of documents and the
extent of controls in existence. This is a fact finding exercise

Stage 4 The objective here is to prepare a comprehensive record for use in the
evaluation of the systems.

Stage 5 The auditors’ objective here is to confirm that the system recorded is the
same as the system in operation. Walk through tests may be used

Stage 6 The purpose of evaluating the system is to assess their reliability and
formulate a basis for testing their effectiveness in practice.

Control evaluation

Stage 7 If controls are assessed as effective in theory, tests should be performed to

check that they do work in practice .These are called tests of controls.

This should only be performed if controls evaluated have been confirmed

as being effective

If the auditors know that the controls are ineffective, then there is no point
in carrying out tests of controls which confirms what is already known.
Instead the auditors should just go straight to substantive procedures.

Stage 8 After evaluating the systems and carrying out tests of controls, auditors
normally send management a report to management identifying
weaknesses and recommending improvements.

Detailed substantive testing

Stage 9 The auditor must always carry out substantive procedures on material
items. These tests are not concerned with the working of the system but
substantiating the figures in the accounting records and financial
statements.

Review and reporting

Stage 10 The aim of the overall review is to determine whether the financial
statements are consistent with the auditors’ understanding of the business
and the audit evidence obtained, and comply with accounting regulations.
The auditors do this by critical analysis of the content and presentation of
the financial statements.

37

AUDITING
Stage 11 The report to the members is the end product of the audit in which the
auditors express an opinion of the accounts

Stage 12 The report to management is an additional end product of the audit. Its
purpose is to make further suggestions for the improvements in the
systems and to place on record specific points in connection with the audit
and accounts.

END OF CHAPTER QUESTION

Question one
(a) Explain the legal requirements for incorporated companies and other interest
groups to have a statutory audit.
5 Marks
(b) Explain the role played by the International Standards on Audit (ISAs) and other
related pronouncements in the conduct of the audit. 5 Marks
Total 10 Marks

38

AUDITING
 SECTION B
Legal and professional requirements of audit

39

AUDITING
 CHAPTER 5

LEGAL ASPECTS OF AUDIT

Topic list

1. Appointment of an auditor
2. Rights and duties of an auditor
3. Law of contract and the auditor
4. Negligence
5. Tort law
6. Auditor’s liability
7. Money laundering and whistle blowing
8. Unlawful acts of clients and their staff

Learning outcomes

By the end of this chapter students should be able to:

 Outline the process of obtaining an audit engagement.
 State the contractual requirements between the auditor and other parties in the
engagement.
 State the qualifications requirement under the Companies Act and the Public
Accountants and Auditors Act for a person or a firm to be engaged to carry out a
statutory audit.
 State the auditor’s and entity directors or management respective duties and rights
during the engagement as provided for by the Companies Act.
 Explain the auditors’ contractual performance expectations and resulting liability
for negligence.
 Explain the auditors’ responsibility and liability with respect to money laundering
and other illegal acts or non-compliance with other relevant laws and regulations.

Introduction

The chapter covers appointment of an auditor, qualification and process of audit

engagement, duties and rights of the auditor as an expert, resignation and dismissal and
associated rights and duties. These are covered by the Malawi Companies Act.

Contract law, law of tort and criminal law have also been discussed and the chapter ends
with a discussion of money laundering and unlawful acts of clients.

1 Legal aspects

1.1 Appointment of an auditor (Section 191)

40

AUDITING
The Act requires every company to appoint an auditor. The auditors will be appointed by
the following persons.

1.1.1 Appointment of the auditors by the members

The company shall at each general meeting, at which financial statements are presented
(usually at each Annual General Meeting (AGM), appoint an auditor. Note that it is the
company (i.e. shareholders) who appoint the auditor. The appointment is for the period of
time known as tenure of office and is from the conclusion of the meeting to the
conclusion of the following annual general meeting at which financial statements are laid.

1.1.2 Appointment of auditors Directors of company

In exceptional circumstances the directors of the company can appoint auditors either to;
 Fill a casual vacancy, for example when the existing auditor resigns
 Appoint the first auditor between the date of incorporation and the first AGM or if
the company qualifies to have an audit, before the next AGM
As noted above, however, in both cases the members must then reappoint the auditors at
the next AGM, by ordinary resolution.

1.1.3 Appointment of auditors by Registrar of Companies

In very rare circumstances, where the auditor has not been appointed at the appropriate
time the Registrar of Companies will then appoint auditors.

1.2 Qualification of an auditor (Section 192)

A person is eligible for appointment as a company’s auditor if is qualified under the

Public Accountants and Auditors Act. The auditors must be members of a Recognized
Supervisory Body and if the auditor is the firm, the firm must be controlled by members
of the Recognized Supervisory Body. In Malawi, the Recognized Supervisory Body is the
Malawi Accountants Board (MAB).

The following cannot act as auditors;

 An officer or an employee of a company

 A shareholder of the company

 A partner or employee of such a person

 A partner in a partnership in which such a person is a partner

 Ineligible by the above for appointment as auditor of any directly connected

companies.

 A person disqualified from acting as an auditor to any other corporate body within the
same group.

41

AUDITING
It is an offence for a person to act as a company auditor if he/she is ineligible and requires
vacation of office if he becomes ineligible. A second audit is requested if the first one
was carried out by an ineligible auditor.

1.3 Remuneration of an auditor

Remuneration refers to earnings generated through provision of goods and services.

Auditor’s remuneration is fixed by those who appoint him, that is, the shareholders or
directors. Sometimes it is fixed in such a manner as the company thinks fit, this is
usually the basis taken in practice.

The auditors’ remuneration shall be stated in a note in the company’s accounts. This is
disclosable for auditing services only and must include sums paid in respect of expenses
and the money value and nature of any benefit in kind. Disclosure in the accounts must
also be made of remuneration including benefits in kind paid to the auditor for non-audit
work.

1.4 Resignation of auditors

An auditor has a right to resign if he wishes. Resignation is one of the rights of an

auditor and this brings further rights to the auditor.

1.4.1 Why auditors resign

The following are the factors that can cause the auditor to resign.

(a) Poor health: Sickness may cause the auditor fail to execute his/her duties.

(b) Growth in the size of the audit firm such that the fee is inadequate.

(c) Restriction to the extent of audit work: This is where the auditor concludes that
because of fraud or other irregularity the accounts do not show a true and fair
view and there is no immediate opportunity to report to the members.

1.4.2 Resignation procedures

An auditor may resign by depositing a notice of resignation to the registered (or head)
office of the audit client. This notice must be accompanied by a statement of
circumstances. A statement of circumstances is a description of matters which the
auditor considers should be brought to the attention of members or creditors as well as
the absence of such, for example, fraudulent trading.

The statement of circumstances is sent by the auditors to Registrar of companies within

twenty-eight days. This statement can also be sent by the company to everyone entitled
to receive a copy of accounts and a copy of the statement to Registrar of companies or

42

AUDITING
otherwise face a fine within fourteen (14) days unless the company applies to court
because the statement is defamatory.

The auditor can cease to be auditor by simply not seeking re-election. In that case, the
auditor must still deposit a statement of circumstances. This statement must be sent to
the company and the Registrar of companies.

1.4.3 Further rights and duties of the auditor on resignation

The auditor must deposit a notice of resignation and statement of circumstances and
notice calling the company to call an extraordinary general meeting. The directors must
call for meeting within twenty-one days and must send out copies of the statement of
circumstances.

The auditor can receive all notices that relate to a general meeting where their term of
office would have expired and a general meeting where causal vacancy caused by their
resignation is to be filled. Auditors can speak at these meetings on any matter which
concerns them as auditors. When the directors fail to send out copies of the statement of
circumstances, the auditor can require that the statement be read at the meeting.

1.5 Dismissal (removal) of auditors

Company law takes the view that auditors must be capable of being changed or removed
if the shareholders wish it but is designed:

(a) To give the auditors, who the directors would like to remove, every opportunity to
state their case.
(b) To ensure maximum publicity is given to any proposed change of auditor so that
members are aware of the matter and can make informed choices.
(c) To ensure that the auditors that are appointed by the shareholders, cannot be
removed by the directors if the auditors disagrees with the directors

A company can remove an auditor before expiry of his tenure of office. The following
requirements have to be followed.

First the company must pass an ordinary resolution at an extraordinary general meeting.
Second, a special notice of dismissal must be given to the auditor within twenty-eight
(28) days. This avoids the removal being done secretly without the auditor knowing.

If the auditor feels that his/her dismissal is unjustified, he has other statutory rights. The
auditor has right to make representations which require the company to state that
representations have been made by the auditor and notice given to the shareholders. If
the representations are not sent to the shareholders the auditor may require them to be
read out at meeting.

43

AUDITING
The representations need not be sent out nor be read out in a meeting if on application of
either the company or any other person who claims to be aggrieved and the court is
satisfied that the auditor’s right is being abused to obtain needless publicity for
defamatory matter.

The auditor has also a right to receive notices of meeting. The auditor can attend a
general meeting at which his/her term of office could have expired and also at which it is
proposed to fill the casual vacancy caused by his/her removal. The auditor must also be
heard at such meeting.

1.6 Duties and rights of an auditor

The Malawi Companies Act 1984 (section 194) lays out duties and rights of auditors as
detailed below:

1.6.1 Duties of an auditor

(i) To make a report to the members or shareholders on all financial statements laid
before members in an annual general meeting.

(i) To state in his report whether accounts comply with the requirements of the Act
and that they show a true and fair view in his opinion.

(iii) To report if proper accounting records have not been kept.

(iv) To report if proper returns from branches not visited by the auditor have not been
received.

(v) To report if financial statements are not in agreement with books of accounts.

(vi) To consider if any information in the Director’s report is inconsistent with the
accounts and to report any such instances.

(vii) To investigate (this is an implied duty) if there are indications that material errors
and fraud have occurred.

1.6.2 Rights of an auditor

The auditor has the following rights under the Companies Act 1984 (Section 194) in
order to carry out the above duties.

(i) Right of access at all times to the books, accounts, vouchers or documents of the
company.

(ii) Right to require from directors, employees of the company any information which
the auditor thinks necessary.

44

AUDITING
(iii) Right to receive notices and attend meetings and to report on any matters
concerning him as auditor.

(iv) Right to make a report on his findings including failure of the directors to provide
him with information and explanation which he deems necessary.

(v) Right to be heard when making a presentation during a meeting.

(vi) Right to reasonable remuneration.

(vii) Right of lien. A lien is right to hold or keep somebody’s property until that
somebody settles a debt.

(viii) Right to receive correct information

1.7 False statements to auditors (Section 335)

An officer of a company commits an offence if he/she knowingly or recklessly makes to

the company auditors a statement which the auditors require and is misleading, false or
deceptive. The person guilty of this offence is liable to imprisonment or a fine or both.

1.8 Law of contract and the auditor

Contract law is the law which regulates legally binding agreements.

The law of contract affects the auditor as follows.

 The auditor and the client agree on express terms of the contract set out in the
engagement letter.
 The law may also impose implied terms into contractual agreements.

Implied terms

Implied terms are terms deemed to form part of a contract even though not expressly
mentioned by the parties to the contract.
Examples of implied terms are:

 The auditors have a duty to exercise reasonable care and skill.

 The auditors have a duty to carry out the work required with reasonable
expediency.
 The auditors have a right to reasonable remuneration.

45

AUDITING
Meaning of reasonable care

Reasonable care is the degree of care, diligence, or precaution that may fairly, ordinarily,
and properly be expected or required in consideration of the nature of the action, the
subject matter, and the surrounding events.

The following guidelines help to know when an auditor is said to have displayed
reasonable care.

 Auditors should use generally accepted auditing techniques contained in auditing

standards.
 If auditors’ suspicions are aroused (this is called being ‘put upon enquiry’), they
must carry out investigations until they are satisfied as to what those suspicions
mean.
 Auditors must act honestly and carefully when making judgements.

1.9 Auditor’s civil and criminal liability

1.9.1 Civil liability

All auditors can be sued in a civil court when they have breached their position of trust
e.g. if an auditor uses information acquired during the course of the audit to make
financial gain ,then in such a case he or she can be sued for breaching his position of trust
and confidentiality.

1.9.2 Negligence liability

Negligence

Negligence is an act or omission which occurs because the person concerned failed to
exercise that degree of reasonable care and skill which is reasonably expected in the
circumstances of the case. The degree of care and skill to be shown should be in terms of
depth of the auditor’s investigation and the type of check to be made. Simply defined,
negligence is the breach of the duty of care

Indications that negligence exists and results there of

(i) Failure to exercise sufficient skill and care.

(ii) Failure to discover fraud or error when put upon enquiry. In the absence of
suspicious events, the auditor is entitled to accept the work of a responsible
company official. But once an auditor’s suspicions have been aroused there is a
duty to probe the matter to the bottom.

As a result,
(i) Somebody who relies on the work of the auditor may lose money.
(ii) There is loss of money flow from the failure of the auditor to do his/her job.

46

AUDITING
If the above are proved the auditor may have to make good from his own resources the
loss suffered by another person.

Consequences of breach of implied duty of care by auditors

When the auditors breach their implied duty of care under the contract, the client may be
entitled to bring a claim against the auditor.

In order for the claim to be successful, three things must be proved.

(i) There must have been a duty of care enforceable at law. (Always the case when
there is a contract)
(ii) The auditors are negligent in the performance of a duty judged by the accepted
professional standards of the day.
(iii) The client has suffered some monetary loss as a result of the auditors’ negligence.

Re Thomas Gerrard & Son 1968

The facts: The managing director of the company falsified the accounts to conceal
company losses causing dividend to be paid either wholly or partially out of capital over
a number of years. He had done this by including non-existing stock and altering
invoices which the auditors discovered and pursued no further.

Decision: The court held that the discovery of the altered invoices put the auditors on
enquiry; they were no longer entitled to rest content. The auditors were negligent.

1.9.3 Law of Tort

Tort law is a body of law that addresses and provides remedies for civil wrongdoings not
arising out of contractual obligations. A person who suffers legal damage may be able to
use tort law to receive compensation from someone who is legally responsible, or liable,
for those injuries. Tort law involves the relationships between individual citizens or
business entities. It is the legal mechanism, which is part of civil law, through which
individuals can assert claims against others and have those rights adjudicated and
enforced
An auditor to a limited company is an agent of the shareholders. He is required to
exercise reasonable care and skill in the performance of the work entitled to him, and if
he fails to do, then the question of his liability with reference to the negligence arises.
This matter is discussed in the light of legal provisions as follows:

(a) Where an auditor is proved to be negligent but no loss is sustained by his client
arising out of his negligence, he is not liable

(b) An auditor cannot restrict his liability by entering into an agreement as his duties
are defined and laid down in the Companies Act, 1984, and therefore any such

47

AUDITING
 agreement (if executed) would be against the law and will be void. He will be
liable for damages in spite of such an agreement.

(c) An indemnity clause inserted in the articles of a company, by which the directors,
managing agents, auditor and other officers of the company are relieved from
liability has been declared void by Section 194. However, the court may relieve
an auditor of liability for negligence, or misfeasance if it is proved that he acted
honestly and reasonably.

(d) If the auditor fails to perform his job with reasonable care and skill and
consequently his client suffers a loss due to his negligence, he is liable to make
good the loss on an action being taken against him by the company.

1.9.4 Misfeasance liability

After a company has gone into liquidation, misfeasance proceedings can be instituted
against the liquidator, creditor and a contributor of the company. The term 'misfeasance'
means breach of duty involving the company in a loss. When a company is in liquidation,
its past and present directors, promoters, managing agents and auditors are liable to make
good all losses sustained by the company on account of negligence of duty or breach of
trust if misfeasance proceedings are initiated against him within the prescribed time.

(iii) Legal liabilities of auditors

Auditors are supposed to perform their work in an honest and careful manner since they
can be held liable for negligence in the following ways:

(a) They don't carry out their work as required by the auditing standard.

(b) They fail in the duty of protecting the interest of the various users of the financial
statements i.e. any person who relies on their work.

(c) They don't carry out their work with due care and skill i.e. what an
ordinary skilled person would do in that circumstance.

1.9.5 The auditor's liability falls under three categories

 To their clients
 To third parties in case of negligence
 Civil and criminal liabilities

1.9.5.1 Liability under the law of contract (To the client)

There is a contractual relationship between the auditor and his client. Under this contract
it is implied that the auditor will carry out the work with a reasonable degree of skill and
care. The degree of care and skill required will mainly depend on the nature of work

48

AUDITING
undertaken. Generally if the auditor has complied with ISA it is difficult to prove that he
was negligent. In the absence of suspicious circumstances the auditor will not be liable
for failing to uncover fraud and error which could not be discovered by exercise of
normal skill and care.

The auditor can be accused of negligence if:

• He fails to detect fraud or error that he could have reasonably detected i.e.
material misstatement.

• He fails to comply with the Generally Accepted Auditing Standards (GAAS) and
practices e.g. attending stock take, circularizing debtors, writing to the bank etc.

For the client to succeed in a claim for financial loss he must satisfy the court in relation
to three matters:

(i) That there existed a duty of care enforceable by the law

(ii) That where the duty did exist the auditor was negligent in the performance of that
duty judged by acceptable professional standards.
(iii) That the client suffered some financial loss as a direct consequence of the
auditor's negligence.

1.9.5.2 Liability to third parties

An auditor may be liable for negligence not only under the law of contract but also in the
law of tort i.e. if a person to whom he owed a duty of care has suffered financial loss as a
result of the auditor's negligence. For the third party to succeed, he must prove the
following:
• The auditor owed him a duty of care
•The auditor was negligent
• He has suffered financial loss resulting from the auditor's negligence

1.10 Duty of care towards a third party

In third part negligence claims, the key issue is whether the auditor owed the third party a
duty of care. As a general rule, judges do not think that auditors owe third parties a duty
of care. This general rule was established in the landmark case of Caparo Industries v
Dickman and Touche Ross and Co (1989).

The Caparo case is fundamental to understanding professional negligence. It was

decided that auditors do not owe a duty of care to the public at large or to shareholders
increasing their stakes.

49

AUDITING
Caparo Industries v Dickman and Touche Ross and Co (1989).
The facts: Caparo, which already held shares in Fidelity plc, bought more shares and later
made a takeover bid, after seeing accounts prepared by the defendants that showed a
profit of £1.3m. Caparo claimed against the directors (the brothers Dickman) and the
auditor for the fact that the accounts should have shown a loss of £400,000. The
claimants argued that the auditors owed a duty of care to investors and potential investors
in respect of the audit. They should have been aware that a press release stating that
profits would fall significantly had made Fidelity vulnerable to a takeover bid and that
bidders might well rely upon the accounts.

Decision: the auditor’s duty did not extend to potential investors or to existing
shareholders increasing their stakes. It was a duty owed to the body of shareholders as a
whole.

By the House of Lords, a duty was not owed to potential investors or takeover bidders for
the company having regarded:

(i) The lack of proximity between auditor and potential investor

(ii) The fact that it would not be just and reasonable to impose a duty on the auditor to
such investors.

In the Caparo case, the House of Lords identified the auditors’ functions as being:

(a) To protect the company itself from errors and wrongdoing not its owners.

(b) To provide shareholders with information such that they can scrutinize the
conduct of a company’s affairs and remove or reward those responsible, that is,
the directors. This means that the auditor does not exist to aid investment
decisions.

Where is duty of care owed: Principles established in Hedley Byrne v Heller &
Partners

A duty of care exists where there is a special relationship between the parties, that is,
where the auditors knew or ought to have known that the audited accounts would be
available and would be relied upon by a particular person or class of persons. An
example is where the directors tell the auditors that the bank will rely on the accounts or
if someone notifies the auditor that he will purchase new shares on the strength of the
audited accounts.

The essence of Hedley Byrne v Heller & Partners case is that the third parties must have
been identified in some way to the auditors.

50

AUDITING
Hedley Byrne v Heller & Partners

The facts: The plaintiff lost money when a bank reference from the defendant turned out
to have been negligently produced. Basically the bank indicated that a mutual client was
a good credit risk when this was not the case.

Decision: The court ruled that Hedley Byrne, although they did not have a contract with
the bank Heller & Partners, could recoup their losses due to the negligence and loss
involved. However, the bank did not have to pay any damages due to a general
disclaimer in its letter absolving it from any liability.

The decision affected accountants in that if a third party canshow that it relied on the
work of an accountant which later turned out to be wrong, it can claim damages.
However, this principle was only extended to plaintiffs whom the auditor actually knew
by name. Unidentified third parties would still not be able to claim against the auditor.

A duty of care would exist where the third party has suffered a loss and that the auditors
knew that third party by name. This was the situation in Jeb Fasteners v Marks Bloom,
where it was stated that a duty of care will exist where the defendant auditors:

(i) Knew or reasonably should have foreseen at the time that the accounts were
audited and that a person might rely on those accounts for the particular purpose;
and

(ii) That in all the circumstances it would be reasonable for such reliance to be
placed on those accounts for that particular purpose.

The existence of the duty of care is irrelevant if the loss was not suffered as a direct result
of the breach of duty, as in this case. The question that therefore arises from Jeb
Fasteners is the possible liability of an auditor to a member of the general public who
reads the accounts and then buys shares in the company in reliance on those accounts.

Jeb Fasteners v Marks Bloom

The facts: The plaintiff acquired the share capital of the company. The audited accounts,
due to the negligence of the auditors, did not show a true and fair view of the state of
affairs of the company. It was accepted that at the time of the audit the defendant
auditors did know of the plaintiffs but did not know that they were contemplating a take-
over bid.

Decision: Both at first instance and in the court of Appeal it was decided that the auditors
were not liable because the plaintiff had not suffered any loss. It was proved on the
evidence that the plaintiffs would have bought the share capital of the company at the

51

AUDITING
agreed price whatever the accounts had said. Therefore, whether or not a duty of care
existed was not directly relevant to the decision.

Arguments for and against extending auditors’ liability

Extending auditors’ liability means that auditors should be liable to anybody who uses
audited accounts.

Arguments for extending liability

 Third parties do rely on the integrity of audited accounts and would seem right
that a legal liability should reflect that.

 Professional people are paid and should therefore be accountable.

 Where the company suffers loss because of the auditors’ negligence then the
current existing legal remedy by the company against the auditor is appropriate.

 If liability is not extended then the public may perceive that the auditor is liable to
no-one; there is no need for the auditor to exercise skill and care and the accounts
are not reliable and are of little benefit.

Arguments against extending liability

 It is unreasonable and unrealistic to say auditors have a liability in an

indeterminate amount for indeterminate time to an indeterminate class.

 There are practical difficulties in deciding whether accounts were relied upon.

 The current legal framework sees the purpose of preparing and auditing accounts
as assisting shareholders in assessing stewardship of the directors but not in
assisting investors in their investments.

 Audit fees would be too high if full liability for investment decisions were taken
into account.

 The legal responsibility for producing accounts rests with directors and it would
seem inequitable if the liability arising out of incorrect accounts were transferred
to auditors.

 The work required on an audit would need to be greatly extended at an enormous

cost which on a welfare economics viewpoint would be a misuse of scare
resources.

52

AUDITING
  (g)The company pays the auditors and consequently expects to recover damages
if the company loses as a result of auditor negligence. However, investors do not
pay the auditor and so should not expect to recover.

 Insurance cover for professional indemnity would be even more difficult and
expensive to obtain.

Minimising liability

Auditors and accountants can minimise their potential liability for professional
negligence in the following several ways.

 By not being negligent

 By following the precepts of the auditing standards.

 By agreeing the duties and responsibilities in an engagement letter.

 By defining in their report the precise work undertaken, the work not undertaken,
and any limitations to the work.

 By stating in the engagement letter the purpose for which the report has been
prepared and that the client may not use it for any other purpose.

 By stating in any report the purpose of the report and that it may not be relied on
for any other purpose.

 By advising the client in the engagement latter of the need to obtain permission to
use the name of the auditor and withholding permission in appropriate cases.

 By identifying the authorized recipients of reports in the engagement letter and in

the report.

 By limiting liability by a term in the engagement letter or to third parties.

 By obtaining an indemnity from the client or third party.

 By defining the scope of professional competence to include only matters within

the auditor’s/accountants’ competence.

1.9.5.3 Criminal liability

 An auditor shall be criminally liable if he willingly makes a material false

statement in any report, certification or in the financial statement with the

53

AUDITING
 intention to deceive and mislead. Examples of criminal liabilities include:

 (i) The auditor accepts appointment when he is ineligible to do so or continue

in office after becoming ineligible.

(ii) The auditor obtains the advantage of deception.

(iii) The auditor falsifies accounting records or documents.

(iv) When the auditor publishes misleading statements intended to deceive
members.

(v) When an auditor misappropriates a clients' property

2 Money laundering and whistle blowing

2.1 Money laundering

Money laundering is a process by which criminals try to make the proceeds of their
crimes appear clean. The criminals use professionals like banks, accountants and lawyers
to clean their dirty money.

Accountants or auditors should not assist others to retain the benefit of criminal conduct.
Accountants must report knowledge or suspicion of money laundering relating to drug
trafficking or terrorism. It is a crime not to report suspicions of money laundering to the
relevant authorities. It is equally a crime to warm a client of the impending money
laundering investigations (tipping off the client)

Audit partners and employees should be trained on how to recognize suspicious clients
and transactions. Evidence of client’sidentity should be kept for at least five years and
firms should have Money Laundering Reporting Officer to whom suspicions of money
laundering must be reported.

2.2 Whistle blowing

Whistle blowing means informing the proper authorities of some breach of law or
regulation. The risk here is that the informer will suffer reprisals.

There are three issues for auditors:

(a) Breaches of law or regulation may have an impact on the truth and fairness of
financial statements.

(b) Breaches of law or regulation may in certain circumstances need to be reported

immediately to the proper authorities as a statutory requirement.

54

AUDITING
(c) Breaches of law or regulation may need to be reported to the proper authorities in
the public interest.

Where the auditor comes across a situation where a breach of law or regulation has
occurred and he feels that this should be reported to the proper authorities in the public
interest but there is no specific statutory duty to report the auditor should:

 Take legal advice.

 Discuss the matter with the Board of Directors.

 Request that the Board disclose the matter to the proper authorities.

 Inform the proper authorities themselves, if the board of directors fails to do so.

3.3 Insider dealing

Insider dealing is described as dealing in securities(shares) whilst in possession of inside

information as an insider, the securities being price-affected by the information ones
possesses.

Insider dealing is illegal and it is also contrary to the ethical rule. People who during the
course of their work come across unpublished price sensitive information are prohibited
from dealing in securities to which that information relates. This prohibition applies to
anyone who has a connection at present or any time in the previous six months and to any
third person who the insider may wish to instruct.

4 Unlawful acts of clients and their staff

The auditor must act correctly and in accordance with the law when he/she discovers
crimes committed by a client or members of the client staff.

Actions of the auditor

The auditor should do the following.

 Take legal advice if necessary.

 Read the guidance provided by the professional body and by the auditing
standards.

An auditor/accountant must not himself commit a criminal offence. An

auditor/accountant would have committed offence if he/she:

 Advises a client to commit a criminal offence.

55

AUDITING
 Aids a client in devising or executing a crime.

 Agrees with a client to conceal or destroy evidence or mislead the law

enforcement agencies with untrue statements.

 Knows a client has committed an arrestable offence and acts with intent to impede
his arrest or prosecution. Impede does not include refusing to answer questions or
refusing to produce documents without the client’s consent.

 Knows the client has committed an offence and agrees to accept consideration for
withholding information.

 Knows that the client has committed treason or terrorism offences and fails to
report the offence to the proper authority.

 Deals in various activities in connection with money laundering.

4.1 Disclosure of unlawful acts

If an auditor discovers an unlawful act he/she will not usually disclose this to the police
or other authority unless:

 The client authorizes disclosure.

 The disclosure is compelled by process of law.

 Disclosure is required in the auditor’s own interest, for example, in defending

himself against civil or criminal actions.

 The circumstances are such that the auditor has a public duty to disclose. If
he/she discovers an intention to commit a serious crime or tort for example.

 Disclosure is required in the circumstances envisaged by advice given on money

laundering and disclosure to regulators in the financial sector.

The auditor on discovering an unlawful act should act as follows;

 The auditor must do nothing to assist in the offence or to prevent its disclosure.

 The auditor must bring all offences of employees to the notice of his client.

 If the offence is such that its non-disclosure means that the accounts do not show
a true and fair view, the auditor must insist on disclosure or qualify the audit
report.

56

AUDITING
 The auditor should point out to the client with a recommendation for disclosure of
material defects in previous year’s accounts.

End of Chapter Questions

Question 1

Dunde Plc was formed on 1 July 2000 to assemble minicomputers. The directors of the
company do not know their responsibilities and the nature of their relationship with the
external auditor. You have been asked to explain to the directors the financial aspects of
their accountability to the company and their relationship with the auditor.

Required:
a) Explain to the directors of Dunde Plc why there is need for an audit.
5 Marks
b) Explain how an auditor of a public company may be appointed under the
companies Act 1984. 5 marks
c) What are the auditor’s rights under the Companies Act 1984? 6 Marks
d) Explain the responsibilities of the directors with regard to the preparation of
financial statements of a company. 4 Marks
(TOTAL: 20 MARKS)

Question 2

(a) What powers and duties are conferred on an auditor of a limited company by the
Companies Act 1984. 5 Marks
(b) What are the rights given to such an auditor by the same Act. 5 Marks
(c ) The directors and shareholders of a limited company have the powers to engage
and/or remove auditors from office. Comment on this statement. 10 Marks
(TOTAL: 20 MARKS)

57

AUDITING
 CHAPTER 6

PROFESSIONAL REQUIREMENTS

Topic list

1. Ethical guidelines
2. Advertising, publicity and obtaining professional work
3. International standards on quality control (ISQC 1)
4. Consideration of laws and regulations

Learning outcomes

By the end of this chapter students should be able to:

 State the role of ethical code and identify features of the professional ethics
adopted by the IFAC, and how they work in public interest.
 Suggest courses of actions that may be taken to resolve ethical conflict of interests
relating to the ethical fundamental principles identified.
 State the importance of confidentiality, identifying the risk of accidental
disclosure of client’s information, and stating exceptional cases when this may not
apply.
 Define objectivity and independence and recognize why those undertaking
assurance engagements are required to be independent of their clients.
 Identify threats to fundamental ethical principles and independence of auditors as
identified by the IFAC, and possible safeguard to eliminate or reduce such threats.

Introduction

In this chapter ethical guidelines for the auditor will be explored. In the course of their
duty, auditors come across confidential information; this is dealt with in area of
professional duty of confidence.

The chapter will also cover International Standards on quality control, advertising,
publicity, how auditors obtain professional work and ends with professional liability of
auditors.

1 Ethical guidelines

1.1 Fundamental principles

58

AUDITING
Auditors require an ethical code because they hold positions of trust, and people rely on
them.

IFAC Code of Ethics for Professional Accountants give the key reasons why accountancy
bodies produce ethical guidance: the public interest.

A distinguishing mark of the accountancy profession is its acceptance of the

responsibility to act in the public interest. Therefore, a professional accountant’s
responsibility is not exclusively to satisfy the needs of an individual client or employer.
The public interest is considered to be the collective well – being of the community of
people and institutions the professional accountant serves, including clients, lenders,
governments, employers, employees, investors, the business and financial community,
and others who rely of the work of professional accountants.

The key reason that accountants need to have an ethical code is that people rely on them
and their expertise.

As the auditor is required to be, and seen to be, ethical in his dealings with clients, IFAC
publishes guidance for its members in its Code of Ethics. This guidance is given in the
form of fundamental principles.

The five fundamental principles are summarized below:

 The ACCA’s fundamental principles of professional ethics
 Integrity: Members should be straightforward and honest in all professional and
business relationships.

 Objectivity: Members should not allow bias, conflicts of interest or undue

influence of others to override their professional or business judgements.da
principles of professional ethics
 Professional competence and due care: Members have a continuing duty to
maintain professional knowledge and skill at a level required to ensure that a
client or employer receives competent professional service based on current
developments in practice, legislation and techniques. Members should act
diligently and in accordance with applicable technical and professional standards
when providing professional services.

 Confidentiality: Members should respect the confidentiality of information

acquired as a result of professional and business relationships and should not
disclose any such information to third parties without proper or specific authority
of the client or unless there is a legal or professional right or duty to disclose.
Confidential information acquired as a result of professional and business
relationships should not be used for the personal advantage of members or third
parties.

 Professional behavior: Members should comply with relevant laws and

regulations and should avoid any action that discredits the profession. Members

59

AUDITING
 should be courteous towards other people as they discharge their duties as
auditors.

Members should consider, in general, when providing professional services whether there
are any threats to compliance with fundamental principles above. Members providing
assurance services such as audit are supposed to be impartial, unbiased an under no
conflict of interests or undue influence from others or the client. Independence and
confidentiality have been covered in detail below:

1.2 Independence

An auditor must be and be seen to be independent, and this helps the auditor to give an
unbiased opinion of the financial statements. Independence is essentially an attitude of
mind characterised by integrity and objective approach to professional work. A member
in the public practice should be, and be seen to be independent in each professional
assignment he undertakes of any interest that might detract him/her from objectivity.
There is independence of mind and independence in appearance.

 Independence of mind: This is the state of mind that permits the provision of an
opinion without being affected by influences that compromise professional judgment
allowing an individual to act with integrity and exercise objectivity and professional
skepticism.

 Independence in appearance: This is the avoidance of facts and circumstances that

are so significant that a reasonable and informed third party, having knowledge of all
relevant information including safeguards applied, would reasonably conclude a firm’s
integrity, objectivity or professional skepticism had been compromised.

Types of independence

There are three main ways in which the auditor’s independence can manifest itself;

(i) Programming independence

This is the independence which essentially protects the auditor’s ability to select the most
appropriate strategy when conducting an audit. Auditors must be free to approach a piece
of work in whatever manner they consider best. As a client company grows and conducts
new activities, the auditor’s approach will likely have to adapt to account for these. In
addition, the auditing profession is a dynamic one, with new techniques constantly being
developed and upgraded which the auditor may decide to use. The strategy/proposed
methods which the auditors intend to implement cannot be inhibited in any way.

(ii) Investigative independence

This protects the auditor’s ability to implement the strategies in whatever manner they
consider necessary. Basically, auditors must have unlimited access to all company

60

AUDITING
information. Any queries regarding a company’s business and accounting treatment must
be answered by the company. The collection of audit evidence is an essential process, and
cannot be restricted in any way by the client company.

(iii) Reporting independence

This protects the auditors’ ability to choose to reveal to the public any information they
believe should be disclosed. If company directors have been misleading shareholders by
falsifying accounting information, they will strive to prevent the auditors from reporting
this. It is in situations like this when auditor independence is most likely to be
compromised.

The importance of auditor’s professional independence

The auditor acts as a bridging point, helping to make management accountable to the
shareholders through the annual financial statements. It is vital to the strength of this
bridging point that the auditor is not only independent in mind, but also seen to be
independent. Shareholders and other users need an objective and honest assessment and
evaluation of the accounting information presented to them by management if they are to
treat the information with confidence. It is because of these factors that user confidence
in the information is closely related to the degree of independence of the auditor. The
more independent he is the greater is the probability that shareholders and others will
have confidence in his work and opinion.

1.3 Threats to professional independence

There are five general sources of threats identified by the Code:

 Self-interest threats – arises when the auditor has something to lose, be it

reputation, credibility, money and relationships. For example having financial
interest in the client
 Self-review threats – this arises when the auditor has to evaluate a material that
was originally prepared by himself. For example auditing the financial statements
prepared by the auditor himself
 Advocacy threats – This arises when the auditor supports the position of the
client to the extent that subsequent objectivity of the auditor becomes
questionable. eg assisting the client obtain financing from the bank
 Familiarity threats – This occurs when due to long association the auditor and
the client becomes too close resulting in auditors becoming sympathetic toward
the client and losing professional skepticism.
 Intimidation threats–This is when for one reason or another the auditor is
threatened by the client. For example the auditor receiving threats of dismissal,
physical threats and gifts.

The Code also identifies three general categories of safeguards against threats as follows:

61

AUDITING
  Safeguards created by the profession, legislation or regulations
 Safeguards within the firm’s own systems and procedures

Examples of safeguards created by the profession, legislation or regulation:

 Educational training \and experience requirements for entry into the profession
 Continuing professional development requirement
 Corporate governance regulations
 Professional standard

Examples of safeguards within the firm’s own systems and procedures

 Involving an additional professional accountant to review the work done

 Consulting an independent third party, such as a committee of independent
directors, a professional regulatory body and another professional accountant
 Rotating senior staff
 Discussing ethical issues with those charged with governance.

Integrity, objectivity and independence

In this section we shall look closely at integrity, objectivity and independence

because the public trust in the work of the auditor depends on these attributes.
Safeguards must be applied where independence and objectivity are put at risk. If the
risk is too great, then the auditor should not accept or withdraw from the engagement

Threats and safeguards

Self – interest

Examples of scenarios that could result in self-interest include the following:

Financial interest – where the auditor or his family members has shares in the company
he is auditing. The safeguard is to dispose all the financial interest in the client or remove
the one with the financial interest from the audit team

Close business relationship – examples include operating a joint venture between the
firm and the client, arrangements to combine one or more services of the firm with one or
more products of the client and market the package with reference to both parties. The
safeguard here is that the auditors must choose one thing either the audit or the business
relationship depending on the profitability levels

Gifts and hospitality- Auditors, their spouses and even their relations should not receive
gifts and hospitality from the client unless the value of gifts and hospitality is trivial and
inconsequential that a reasonable and informed third party would conclude that the
auditor’s objectivity is not impaired.

62

AUDITING
High percentage fees and contingent fees

If the auditor is receiving a high proportion of his fees from one client, i.e. over 15% of
gross practice fees from one client, the auditor may become dependent on the client and
this may impair the auditor’s objectivity. The safeguard here is take steps to reduce the
high proportion of the fees by finding new clients and in exceptional circumstances the
auditors must resign as auditors.
Contingent fees arrangement is where the fees that the auditors will be paid will depend
on the outcome of the assignment. For example auditors could be paid based on the profit
made by the company. Auditors are not allowed to enter into contingent fees
arrangements.

Loans, guarantees and overdue fees

Auditors are prohibited from making a loan to a client or guaranteeing a loan of the
client. However, auditors can obtain a loan from the client if the client is the bank and the
loan is on the normal business terms. Employees of the firm are also allowed to obtain
loans from the clients that are bank if the loans are at an arm’s length business terms.
Auditors are not allowed to obtain a loan from clients that are not banks.
If the fees from the client have been overdue for a long time, the auditors should take
steps to collect the fees for they could be seen as if the auditors have made a loan to a
client.

Personal relationships – Personal relationships can also affect objectivity. There is a

particular need, therefore, for a practice to ensure that its objective approach to any
assignment is not endangered as a consequence of any personal relationship. The
safeguard is to remove the person with personal relationship issues from the team.

1.1 Self-review threat

The situations that can result in self-interest include the following

Preparation of accounting records – An auditor should not participate in the

preparation of the accounting records of a public limited company he audits, save in
emergencies. In the case of a private limited company audit client, it is frequently
necessary to provide much fuller service but in all these cases where an auditor is
involved in the preparation of records. The safeguard here is to ensure that the client
accepts full responsibility for such records and independent third party reviews of the
work.

Previous appointment in a company reported on – No one should personally take part

in the exercise of the reporting function on a company if he has, during the period upon
which the report is to be made, or at any time in the two years prior to the first day
thereof, been an officer, or employee of that company.

63

AUDITING
Internal audit services – There is a significant risk of self-review threat if s firm
provided internal audit work that will be relied on in the conduct of the audit. The
safeguard includes the client designating an appropriate and competent person to be
responsible at all times for internal audit services. For listed companies the auditor shall
not undertake to provide internal audit services.

Current appointment in a company reported on – An audit firm, wherever it may be

situated, should not report on a company, even if the law of the country in which the
company is registered would so permit, if a partner or employee of the audit firm is an
officer or employee of the company. Nor should an audit firm report on a company of a
company associated with it fills the appointment of secretary to the client.

1.2 Advocacy threat

This threat arises when the auditors are in a position of taking a client’s part in a dispute
or somehow acting as an advocate (lawyer). Typical example of this threat is when the
firm helps the client convince a bank to offer financing to the client. The safeguard is
using different teams for the non-audit service and the audit. If the threat is too high, the
auditors must withdraw from the engagement.

1.3 Familiarity threat

This threat arises where the client’s independence is jeopardized by the firms and its staff
members becoming overfamiliar with the client and its staff. There is substantial risk of
loss of professional skepticism in such circumstances. Familiarity threat can arise due to
long association with the client or due to an employee being recently engaged by the
client or the auditor. As a rule, the engagement partner should not serve a listed entity for
more than five years without being rotated. For a non-listed client the maximum number
of years that the engagement partner can serve is as a partner is 10 years. The safeguards
that can be applied include rotation of the engagement staff members and having
engagement quality control reviews.

1.4 Intimidation threat

This threat arises when the auditors have reason to be intimidated by the client staff.
Examples of these threats include auditors being threatened with dismissal, litigation and
even physical intimidation. Safeguards include disclosing the issue to the audit committee
and involving an additional professional accountant on the team to review the work.

1.5 Other ethical guidelines

Liquidations following receiverships – Where an audit firm or a partner or an employee

of that firm has, or during the previous two years has had, a continuing professional
relationship with a company, no partner or employee of the audit firm should accept
appointment as liquidator of the company if the company is insolvent. Where the

64

AUDITING
company is solvent, such appointment should not be accepted without careful
consideration being given to the implications of acceptance in that particular case.

Audit following receivership – Where a partner in or an employee of an audit firm has

been receiver of any of the assets of a company, neither the practice nor partner in or
employee of the audit firm should accept appointment as auditor of the company, or of
any company which was under control of the receiver, for accounting period during
which the receiver acted or exercised control
.

Commission – Where advice given to a client is such that, if acted upon, it will result in
commission being earned by the audit firm or anyone in it, special care should be taken
that the advice is in fact in the best interests of the client. The client should be informed,
in writing, both of the fact that commission will be received and, as soon as practicable,
of the amount and terms of such commission.

3. Confidentiality

Confidentiality is about observing secrecy when dealing with any information an

individual comes across in an official capacity. An auditor should not use information
acquired in the course of work, for his personal benefit or for the advantage of a third
party. Auditors must respect the value and ownership of information they receive during
an audit and do not disclose information to any third party, orally or in writing, without
appropriate authority, and unless there is a legal or professional obligation to do so.

However, there are recognised exceptions to confidentiality;

 There can be obligatory disclosure where a client has committed an offence of

treason.

 Disclosure can be made to protect auditor’s interest.

 Disclosure may be required by legal process.

 Public duty can compel an auditor to disclose.

 There may be need to comply with technical standards and ethical requirements.

 When there is need to comply with the quality review of the auditor.

 There is need for an inquiry or investigation by a regulatory body.

Having decided that confidential information can be disclosed, auditors must consider the
following.

 Whether all relevant facts are known and substantiated.

65

AUDITING
 What type of communication is expected and to whom should it be addressed.

 Whether the auditor will incur legal liability as a result of disclosure.

4. Obtaining an engagement

4.1 Publicity and obtaining professional work

Auditors in public practice are in business offering audit and other professional services
like any other firm in any other field or profession. It is therefore acceptable to advertise
their services so as to obtain new business. However such advertisements or any other
form of marketing should be done in a manner or medium that does not reflect adversely
or bring the profession into disrepute.

Particularly, the advertisements or any promotional materials should reflect honesty and
truthfulness, and should not;

 Make exaggerated claims for services offered, qualifications or experience

possessed, or be misleading either directly or by implication.
 Make disparaging reference in comparison to the work of another, or particularly
discrediting services offered by others or claiming superiority of one’s services
over others’
 Fall short of any recognised national advertising standards or codes.

4.2 Fees and Commissions

It is generally inappropriate to include fees in promotional materials meant to increase the

potential clients’ general awareness of the firm. This issue might be reserved for a free
consultation or discussion with interested potential clients.

It is allowable to offer or receive commissions for introducing to clients:

 An employee of a member of the profession

 Another public accountant

Because it is only appropriate to deal in commissions with people who are subjected to
similar ethical requirements to avoid contravention of ethical requirements such as
independence.

4.3 Tendering

Firms may obtain new clients in response to tender, either by being approached by a
prospective client or in response to an advertisement from the media. When writing this

66

AUDITING
proposal or tender the firm should be aware of all ethical considerations in the practical
issues and fee quotations.

The firm should ascertain the work required or involved, which staff or levels will be
required and in what proportion they will be involved, and the period it is likely to take.
The firm standard charge out rates can then be applied to that information and a fee
estimated.

IFAC code states that, the fact that in response to tenders, one firm may quote a fee lower
than another is in itself not unethical. However there may be threats to compliance with
ethical principles arising from the level of fees quoted. The practice of undercutting fees,
known as lowballing, to the extent that it is less than the expected market rate which
makes the firm willingly undertake the work at less than it is worth or at a loss, without
compromising its quality, will make the auditor’s independence to be called into
question.

4.4 Accepting an audit engagement

Audit engagement comprises all procedures and documents needed to acquire or procure
services of an auditor.

There are professional requirements governing the appointment of new auditors.

The key requirement is for the current and proposed auditors to communicate about the
client’s affairs before the prospective auditor can accept the appointment.

4.4.1 Why there is need to communicate

 To preserve the integrity of the auditor’s position. The auditors must communicate
with the outgoing auditors when the client has given permission. If the client refuses,
the proposed auditors should decline nomination.

 To give the proposed auditors information. This information will help the auditors
decide whether to accept nomination. The auditors can also get references about the
client.

4.5 Appointment considerations

These are the procedures that the auditors must undertake to ensure that their
appointment is valid and that they are clear to act.

4.5.1 Procedures before accepting nomination

The nominee auditors must carry out the following procedures before accepting the
nomination

 The nominee auditors must ensure that they are professionally qualified to act

67

AUDITING
  They should also ensure that they have adequate resources in terms of personnel,
technical expertise and time to undertake the engagement
 Obtain references and make independent enquiries if the directors are not
personally known
 Communicate with present auditors. Find out whether there are reasons behind
the change which new auditors ought to know; but do with courtesy.

4.5.2 Procedures after accepting nomination

 Ensure that the outgoing auditors’ removal or resignation has been properly
conducted in accordance with the law. Check valid notice or confirm that the
outgoing auditors were properly removed.

 Ensure that the new auditor’s appointment is valid. The new auditors should
obtain a copy of resolution passed at the general meeting appointing them as
company auditors.

 Set up and submit an engagement letter to the directors of the company.

4.5.3 Additional procedures

 Find out whether the previous auditors have fees owed to them. The new auditors
should decide how far they may go in helping the former auditors to obtain their
fees, as well as whether they should accept appointment.

 The new auditors should obtain all books and papers which belong to the client
from the auditors unless the former auditors have a lien over the books because of
unpaid fees.

 The old auditors should also pass any useful information to the new auditors if it
will be of help, without charge unless a lot of work is involved.

4.5.4 Client Screening

Client screening is the conduct of stringent checks on potential audit clients and their
management.

The purpose of client screening procedures is to determine whether the prospective client
is suitable for the firm.

Following the procedures, in arriving at the decision as to whether to accept an audit

appointment the firm should evaluate the potential risk to the firm of acceptance.

When a client is deemed to represent a high audit risk to the firm, the firm should
carefully consider the implications arising should it fail in meeting its objective of giving
an accurate audit opinion. If the firm is not confident that the benefit to be derived from

68

AUDITING
accepting the appointment outweighs the potential risks (including financial and
reputational risk of being sued), then the firm should decline the appointment.

In client screening, consider the following issues.

(1) Consider the following factors like

 Management integrity
 Risk: There may be low risk and high risk clients and they have the
following contrasts.

Low risk High risk

Good long-term prospects Poor recent or forecast performance
Well-financed Lack of finance
Strong internal control Significant control weaknesses
Conservative prudent accounting policies Evidence of questionable integrity doubtful
accounting policies
Competent honest management Lack of finance director
Few unusual transactions Significant unexplained transactions

 Expected fees from a new client should reflect the level of risk expected.
 Relationship: The audit firm wants the relationship with a client to be
long term.

(2) Get the information about new clients from available sources like

 Enquiries of other sources like bankers and lawyers.

 Review of documents like most recent annual accounts
 Previous accountants/auditors
 Review of rules and standards. Consider specific laws/standards that
relate to the industry.
 Obtaining legal information from the Registrar of Companies, for example
certificate of incorporation, the registered address and list of shareholders.

4.6 Agreeing terms of an engagement

Once all the relevant procedures and information gathering has taken place the company
must draft and submit an engagement letter. The engagement partner will have
completed a client acceptance form which will be submitted with other relevant
documents to the managing partner.

Engagement Letter

Engagement letter is a document which documents and confirms that the auditor has
officially accepted the appointment.

69

AUDITING
It is important that before commencing any professional work an auditor should agree, in
writing, the precise scope, terms and nature of the work to be undertaken.

Purpose of an engagement letter

(i) To define clearly the extent of the auditor’s responsibility.

(ii) To minimise misunderstandings between auditor firm and client in the future.

Possible areas of misunderstanding include:

 The objective of the audit of the financial statements.

 The extent to which reliance may be placed on the audited financial

statements.

 With whom the responsibility for the preparation of the financial statements
rests.

 The extent to which the auditor has a right to unhindered access to accounting
and other records necessary to form an opinion on the financial statements.

 The extent to which the auditor is responsible for detecting fraud and (other)
misstatements.

 The extent to which the auditor is responsible for reporting weaknesses in

internal control procedures.

 The extent to which the auditor is responsible for reporting deficiencies in

operating procedures.

 The amount of the audit fee and when it is payable.

(iii) To confirm in writing verbal arrangements.

(iv) To confirm acceptance by the auditor of his engagement.

(v) To inform and educate the client about the audit

(vi) To avoid a situation where terms of engagement are implied as arising out of the
articles of association or previous conduct of the auditor.

When the letter should be sent:

 To all new clients before any professional work has been started.

70

AUDITING
  To all existing clients who have not received such a letter previously.

 Whenever there have been major changes at the client e.g. change of top
management at the client and changes in the structure and nature of the business

 Whenever the auditor has reasons to believe that the client does not understand
the purpose of the audit

Contents of an engagement letter

The letter should outline the clients’ statutory duties on accounting records and the
auditor’s statutory and professional responsibilities on the report and auditing
guidelines.

The section in the letter may

 The objective of the audit of financial statements.

 The management’s responsibility to keep proper records and prepare financial

statements which show a true and fair view.

 The auditor’s responsibility to report on the financial statements.

 Scope of the auditors work i.e., should be in accordance with auditing standards
and guidelines, accounting systems review be conducted, collection of audit
evidence and tests and reliance on internal controls.

 Letter of weakness.

 Special factors e.g. relations with internal audit and audit of branches or divisions.

 Need for a letter of representation from management.

 Management’s primary responsibility on fraud and irregularities and the auditor’s

consideration in his plan of the audit.

 Any agreement to carry out tax and other services apart from the audit.

 The basis on which fees are charged.

 Written acknowledgement of the letter creating a contractual obligation.

 Irregularities and fraud: this covers directors’ primary responsibility, auditor’s

plan of his audit expecting to discover misstatements

Recurring Audits

71

AUDITING
On recurring audits, the auditor should consider whether circumstances require the terms
of the engagement to be revised and whether there is need to remind the client of existing
terms of the engagement.

Factors that may require the issuing of a new letter of Engagement

(i) An indication that the client misunderstands the objective and scope of the audit.
(ii) Any revised or special terms of the engagement.
(iii) A recent change of senior management, board of directors, or ownership committee.
(iv) A significant change in the nature or size of the client’s business.
(v) Legal requirement.
(vi) A change in the financial reporting framework adopted by management in preparing
the financial statements.

5. International Standards on Quality Control

The International Standards on quality control ISQC 1 Quality control for firms that
perform audits and review of historical financial information, and other assurance and
related services engagements, was issued by the IAASB to enhance the quality of the
process and product of the audit in the following areas:

5.1 Engagement Process

The firm should establish policies and procedures to provide it with reasonable assurance
that the firm and its personnel comply with relevant ethical requirements. The following
are the elements of the firm quality control system.

 Leadership responsibilities for quality within the firm

 Ethical requirement
 Engagement Process
 Human resources/Education and training
 Engagement performance
 Monitoring

4.1.1 Leadership

The standard points out the importance of quality being an established part of the culture
of the firm. This must be instigated by the leaders of the firm, that is, its partners. In
practical terms, the people directing the firm and its resources should ensure that:

 Commercial consideration do not override the quality of the work performed

 The firm policies in relation to staff promotion, remuneration and performance
review incorporate the importance of quality work.

72

AUDITING
  Sufficient resources are allocated to the development, documentation and support
of quality control policies and procedures.

4.1.2 Ethical requirement

The firm should have policies and procedures designed to ensure that ethical
requirements are met. The firm should establish policies and procedures designed to
provide it with reasonable assurance that the firm, its personnel and, where applicable,
others subject to independence requirement (including experts contracted by the firm and
personnel), maintain independence where required by the IFAC Code and the national
ethical requirements. Such policies and procedures should enable the firm to:

 Communicate its requirements to its personnel and, where applicable, others

subject to them.
 Identify and evaluate circumstances and relationships that create threats to
independence, and to take appropriate actions to eliminate those threats or reduce
them to acceptable level by applying safeguards, or, if considered appropriate, to
withdraw from engagement.

According to the standard, such policies and procedures should require:

 Engagement partners to provide the firm with relevant information about client
engagement, including the scope of services, to enable the firm to evaluate the
overall impact, if any, on independence requirements.
 Personnel to promptly notify the firm of circumstances and relationships that
create a threat to independence so that appropriate actions can be taken.

5.1.3 Engagement Process

The firms should also have policies and procedures designed to ensure that only
appropriate clients are accepted in the first place and retained. The engagement partner
should carry out similar considerations a he did when he accepted the client every year
when bearing in mind whether to retain the client

5.1.4 Human resources/ Education and training

As part of the firms overall culture of quality control, it should have policies and
procedures to ensure hat that it employs and trains staff with the capabilities,
competencies and commitment to ethical principles necessary to perform the
engagements. There should be policies on recruitment, career development, performance
evaluation and promotion. It is also important to allocate staff to assurance engagements
appropriately.

5.1.5 Engagement performance

73

AUDITING
Key issues under engagement performance are supervision, direction, review,
consultation and resolution of disputes

Supervision

The partner has overall responsibility for supervising the audit, but will normally delegate
supervisory duties to a manager or supervisor who will similarly delegate to the senior or
the in charge who is responsible for day to day management of the engagement

Direction

This is again largely the responsibility of the engagement partner who controls how the
assurance engagement should be conducted. The engagement partner is responsible for
ensuring that team members know:

 What work they are supposed to do

 The nature of the entity’s business
 Any risk relevant to audit
 Problems that might arise during the engagement

Review

The work performed by staff must be reviewed by other more senior staff or the
engagement partner. The purpose of the review is to consider whether the work done is in
line with the audit strategy

Consultation and resolution of disputes

When difficult or contentious issues arise, the assurance team must consult properly on
the matter and conclusion drawn as a result of the consultation must be properly
recorded. Any differences of opinion must be resolved prior to the assurance report being
issued.

5.1.6 Monitoring

This involves an ongoing evaluation of the system of quality control and periodic
inspection of selected completed engagements, identifying the effects of any deficiencies
found (one off or systematic or repetitive) that require correction (such as: remedial or
disciplinary action with an individual, communication of findings with the training
department, or changes in policies and procedures themselves)

Quality Control at Firm Level (ISQC 1.3)

The standard requires the firm to establish a system of quality control designed to provide
it with reasonable assurance that the firm and its personnel comply with professional

74

AUDITING
standards and regulatory and legal requirements and that reports issued by the firm or
engagement partners are appropriate in the circumstances.

All quality control policies procedures should be documented and communicated to the
firm’s personnel, and should include:

 Leadership responsibility for quality within the firm:

The standard requires that the firm implement policies such that the internal
culture of the firm is one where quality is considered essential. Such a culture
must be inspired by the leaders of the firm who must sell this culture through their
actions and messages.

 Human resources:
The firms’ policies and procedures should ensure excellence its staff in terms of
capabilities, competence and commitments to principles in performance of its
engagements, and engage partners to issue reports that are appropriate in the
circumstances. (these include: recruitment, career development, staff performance
evaluation, promotion amongst others). Assignment of engagement teams with
appropriate competences and capabilities to particular audits.
 Engagement performance:
The firm should establish policies and procedures designed to provide it with
reasonable assurance that:
Appropriate consultations take place on difficult or contentious matters (including
external consultations such as other firms or supervisory professional boards)
Other such necessary review on the audit process should be carried out and
completed before the report is signed.

Quality Control on an Individual Audit

The requirements concerning control on individual audit are found in ISA 220 Quality
control for audits of historical financial information. ISA 220.2 requires that the
engagement team should implement quality control procedures that are applicable to the
individual audit engagement. Areas of consideration include:

Leadership Responsibilities;

ISA 220.6 requires engagement partners to take responsibility for the overall quality on
each audit engagement to which that partner is assigned.

Ethical requirements

ISA 220.8 requires the engagement partner to consider whether members of the audit
team have complied with ethical requirements, such as independence and other
fundamental requirements in the Code of Ethics.
Assignment of engagement teams (ref: human resources above)

75

AUDITING
Engagement Performance
 Direction of the audit process by the engagement partner, briefing and discussion
with the team, determination of detailed approach to the performance of the
engagement
 Supervision, including: tracking the progress of the engagement, addressing
significant issues arising during the engagement and modifying planned approach
where necessary etc.
 Reviews include: whether work has been performed in accordance with
professional standards and other regulatory and legal requirements.
 Consultation of any contentious matters related to the particular engagement and
ensuring conclusion thereon are properly reached and recorded
 Quality control review includes: evaluation of the significant judgments made by
the team and conclusions reached in formulating the auditor’s report, and such
other matters as considered above.

6. Consideration of laws and regulations

The professional requirement of the auditors with regard to their liability is covered under
ISA250 Considering of laws and regulations in an audit of financial statements. It states
that auditors should plan and perform their audit procedures and evaluate and report on
the results thereof recognising that non-compliance by the entity with law or regulations
may materially affect the financial statements.

Auditors plan their work with reasonable expectation of detecting material misstatements
in the financial statements that may arise through non-compliance. It must be noted that
the auditor cannot be expected to detect non-compliance hidden by collusive behaviour,
forgery, override of controls, or intentional misrepresentations by management.

It is the responsibility of directors to take steps to ensure that their entity complies with
laws and regulations to establish arrangements for preventing and detecting any non-
compliance and to prepare financial statements which comply with all laws and
regulations.

Directors may fulfill their responsibilities by:

 Maintaining an up-to-date register of relevant laws and regulations and

monitoring any changes to these.

 Instituting and operating appropriate systems of internal control.

 Developing a code of conduct to inform employees and to ensure employees are

trained and that sanctions exist against breaches.

 Engaging legal advisers to assist in this area.

76

AUDITING
 Maintaining a register of complaints and breaches.

 In large companies, maintaining internal audit and compliance functions as

separate departments.

The auditors should obtain sufficient and appropriate audit evidence about compliance
with those laws and regulations which relate directly to the preparation of or the inclusion
or disclosure of specific items in the financial statements.

The auditors should perform procedures to help identify possible or actual instances of
non-compliance with those laws and regulations which provide a legal framework within
which the entity conducts its business.

On the audit, staff should be alert for instances of actual or possible breaches which
might affect the financial statements. When actual or possible breaches are encountered
the auditors should gather all possible information and evidence evaluate if and fully
document their evidence, reasoning, findings and conclusions.

6.1 Money laundering

There is a risk of criminal offences added on accountants and auditors. It is now a

criminal offence not to maintain appropriate procedures for the prevention or reporting of
money laundering while carrying out relevant financial business like banking, insurance,
investment business, and advising on setting up of trusts.

In engaging in such activities accountants need to have procedures to recognise, prevent

and report money laundering. Reporting of money laundering suspicions is exempted
from all confidentiality requirements. Additionally it is criminal offence to disclose that
a money laundering suspicions have been reported to the authorities (tipping off).

6.1.1 Effect of money laundering provisions

The consequence of provisions on money laundering is that firms must have procedures
in place for identification of clients, as well as for keeping records of all transactions for
five years. There must also be procedures for internal reporting and as may be necessary
for the purposes of forestalling and preventing money laundering.

6.2 Liability to detect fraud

Fraud is an intentional act by one or more individuals among management, those charged
with governance, employees or third parties involving the use of deception to obtain an
unjust or illegal advantage. Fraud may be perpetrated by an individual, colluded in, with
people internal or external to the business. ISA 240 The Auditors Responsibility Relating
to Fraud in an Audit of Financial Statements stresses that auditors have no responsibility
for the prevention and detection of fraud as such - that is managements job, but fraud can
have a material impact on financial statements so it becomes part of audit after all.

77

AUDITING
6.2.1 Types of fraud

ISA 240 makes a crucial distinction between two types of fraud:

 Misstatements arising from fraudulent financial reporting usually perpetrated by

the management of the company
 Misstatements arising from misappropriation of assets usually committed by the
juniors in the company

6.2.2 Responsibilities with regard to fraud

Management and those charged with governance in an entity are primarily responsible for
preventing and detecting fraud. It is up to them to put a strong emphasis within the
company on fraud prevention by putting in place internal controls to prevent and detect
fraud.
The auditors’ approach to the possibility of fraud is similar to the approach to the
possibility of error. The key requirement for an auditor is set out in the ISA 240: ‘In
planning and performing the audit to reduce audit risk to an acceptability low level, the
auditor should consider the risks of material misstatements due to fraud’.

An overriding requirement of the ISA is that auditors are aware of possibility of there
being misstatements due to fraud. The team must have professional skepticism and must
discuss the possibility of material misstatements due to fraud (how fraud could be
perpetrated and by whom, how unpredictability could be added into the audit and such
like)

6.3 Risk assessment procedures

The auditor should undertake risk assessment procedures which should include assessing
the risk of fraud. These procedures will include:
 Inquiries of management and those charged with governance: This requires
the auditor to make specific enquiries of management regarding fraud. For
example, what they think the risk is, what their process for identifying and
responding to fraud is, management communications on the topic. Auditors are
also required to enquire of management, internal audit and others whether any
alleged, actual or suspected fraud has taken place.

 Consideration of when fraud risk factors are present: The auditors should be
alert for evidence of factors for management or employees to carry out frauds.

 Consideration of results of analytical procedures: Analytical procedures can be

used at every level of the audit and as well as assessing risks including fraud risks.

78

AUDITING
 Consideration of any other relevant information: The auditor should evaluate
the design of the entity’s related controls, including relevant control activities, and
determine whether they have been implemented.

 Reporting fraud to appropriate authorities. The auditor should report to those

charged with governance or relevant external authorities where appropriate.

End of Chapter Question

Question 1

Discuss, with reasons, the ethical requirements issued by the accountancy regulatory
body relating to the four matters listed below in order to maintain integrity, independence
and objectivity of the auditor.

(a) A senior partner of the firm lent K1 million to a client at a rate of interest equal to
that charged by the bank.
(b) The wife of one of the partner and her cousins own a controlling shareholding in a
company where the husband is a reporting auditor.
(c) A computer manufacturing company contributes 25% of the gross recurring fees
of the partnership.
(d) A firm also acts for Computer Dealers Limited which is a direct competitor of
Computer Manufacturers Company.

(Each part carries 5 marks) TOTAL: 20 MARKS)

79

AUDITING
SECTION C
Audit Planning

80

AUDITING
 CHAPTER 7

UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT

Topic list

1. Nature of the entity

2. Laws and Regulatory environment
3. Related parties
4. Litigation and claims

Learning outcomes

By the end of this chapter students should be able to:

 Describe appropriate tasks and procedures to understand the client’s entity’s business
and its environment before any ground work can be carried out.

Introduction

This chapter looks at the auditors understanding of the entity and its environment. It
starts with a discussion of the nature of industry as it affects audit of financial statements.
The importance of laws and regulatory issues together with an understanding of related
parties are discussed before ending with a look at litigation and claims

1 Nature of the entity

ISA 315 Identifying and Assessing the Risk of Material Misstatement through
Understanding the Entity and its Environment states that the objective of the auditor is to
identify and assess the risk of material misstatements, whether due to fraud or error, at
the financial statement and assertion levels, through the understanding of the entity and
its environment , including the entity’s internal control, thereby providing a basis for the
designing and implementing responses to the assessed risk of material misstatement.

1.1 Why should auditors obtain an understanding of the entity and its environment?

 To identify and assess the risk of material misstatements in the financial

statements
 To enable the auditor to design and perform further audit procedures
 To provide a frame of reference for exercising audit judgment, for example ,
when setting audit materiality

1.2 How do auditors obtain the understanding?

81

AUDITING
There are several methods that auditors can use to obtain the understanding:

 Enquiries of management and others within the client

 Analytical procedures
 Observation and inspection
 Prior period knowledge
 Discussion of the susceptibility of the financial statements to material
misstatements among the engagement team members

1.3 What should auditors understand about the entity and its environment?

The ISA sets out a number of requirements about what auditors must consider in relation
to obtaining an understanding of the business. Some of the elements that auditors must
understand are:

1.3.1 Business operations of the entity

In terms of business operations the auditor looks at matters such as: nature of revenue
sources, products or services, and markets involvement in electronic commerce such as
internet sales and marketing activities, conduct of operations (for example, stages and
methods of production, or activities exposed to environmental risks).

1.3.2 Financial reporting

The auditor also considers the entity's selection and application of accounting policies,
including the reasons for changes thereto; an evaluation of whether the entity's
accounting policies are appropriate for its business and consistent with the applicable
financial reporting framework and accounting policies used in its industry.

1.3.3 Objectives and strategies and relating business risk

The auditor looks at the entity's objectives and strategies. He/she considers whether
management does adequately monitor the results of the operations of the business units
against objectives and expected results, including budget and forecast. In addition the
auditor considers whether management does have adequate procedures in place to ensure
that all personnel understand the entity’s objectives and how their actions interact and
contribute to those objectives, and those related business risks that may result in risks of
material misstatement, the measurement and review of the entity's financial performance.

1.3.4 Industry, regulatory and other external factors

Examples of matters the auditor may consider include the market and competition,
including demand, capacity, and price competition, cyclical or seasonal activity, product
technology relating to the entity's products energy supply and costs.

82

AUDITING
The auditor should also consider relevant industry external factors including industry
conditions such as the competitive environment, suppliers and customer relationships, the
general economic conditions, interest rates, availability of financing, inflation or currency
revaluation and technological developments.

Other matters to consider include;

 Geographic dispersion and industry segmentation
 Location of production facilities, warehouses, and offices
 Location and quantities of inventories
 Key customers
 Important suppliers of goods and services
 Research and development activities and expenditures.

The auditor needs also to understand critical accounting policies and practices. Critical
accounting policies and practices are those that, in the auditor’s judgment, are both most
important to the portrayal of the entity's financial condition, position, performance and
cash flows, and require management's most difficult, subjective, or complex judgments,
often as a result of the need to make estimates about the effect of matters that are
inherently uncertain. Critical accounting policies generally comprise a subset of the
entity's significant accounting policies. Most entities have one or more critical accounting
policies.
Significant accounting policies and practices. Significant accounting policies and practices
are those policies that are relevant to a user's understanding of the financial statements and
are disclosed in the financial statements in accordance with the applicable financial
reporting framework. Such policies include critical accounting policies.

1.3.5 Internal controls

Auditors will need to appreciate the control activities, control environment, the entity’s risk
assessment process, control activities, internal audit if it exists and how the entity monitors
the control

1.3.6 Measurement and review of the entity’s performance

Auditors will need to appreciate the key operating statistics of the entity; key performance
indicators; trends; use of forecasting, budgets , analysts reports competitor analysis and
period – on – period financing performance.

2 Laws and regulations

The effect on financial statements of laws and regulations varies considerably. Those laws
and regulations to which an entity is subject constitute the legal and regulatory
framework. The provisions of some laws or regulations have a direct effect on the
financial statements in that they determine the reported amounts and disclosures in an
entity's financial statements. Other laws or regulations are to be complied with by

83

AUDITING
management or set the provisions under which the entity is allowed to conduct its
business but do not have a direct effect on an entity's financial statements. Some entities
operate in heavily regulated industries (such as banks and chemical manufacturers).
Others are subject only to the many laws and regulations that relate generally to the
operating aspects of the business (such as those related to occupational safety and health,
and equal employment opportunity). Non-compliance with laws and regulations,
including illegal acts, may result in fines, litigation or other consequences for the entity
that may have a material effect on the financial statements.
Laws and regulations may affect an entity's financial statements in different ways: for
example, most directly, they may affect specific disclosures required of the entity in the
financial statements or they may prescribe the applicable financial reporting framework.
They may also establish certain legal rights and obligations of the entity, some of which
will be recognized in the entity's financial statements. In addition, laws and regulations
may impose penalties in cases of non-compliance with laws and regulations, including
illegal acts.
The entity is obliged to comply with laws and regulations; for example company law
governing its regulatory filings with the local authorities. This legislation includes
provisions on the information to be filed/ the time permitted to make required filings/
penalties for non-compliance. The entity is obliged to comply with import and export
regulations governing the sale of its products abroad and the import of goods from abroad.
This legislation also includes provisions on the types of goods that can be sold/ the
notification of sales and purchases to the authorities/ duties. Accounting principles and
industry specific practices, regulatory framework for a regulated industry, legislation and
regulation that significantly affect the entity's operations, including direct supervisory
activities taxation (corporate and other).

The auditor monitors legal requirements and ensuring that operating procedures are
designed to meet these requirements. For example the auditor considers whether the
entity;

 Employment arrangements (including the existence of union contracts, pension and

other post-employment benefits, stock option or incentive bonus arrangements, and
government regulation related to employment matters) comply with employment laws.
 Monitors compliance with the code of conduct and acting appropriately to discipline
employees who fail to comply with it.
 Has engaged legal advisors to assist in monitoring legal requirements
 Government policies currently affecting the conduct of the entity's business, such as
monetary, including foreign exchange controls, fiscal, financial incentives (for
example, government aid programs), and tariffs or trade restriction policies
 Environmental requirements affecting the industry and the entity's business

The auditor looks at laws and regulations applicable to the entity and the industry or sector
in which the entity operates. To obtain a general understanding of the legal and regulatory

84

AUDITING
framework, and how the entity complies with that framework, the auditor may, for
example:
 use existing understanding of the entity's industry, regulatory and other external factors
 update the understanding of those laws and regulations that directly determine the
reported amounts and disclosures in the financial statements

 inquire of management as to other laws or regulations that may be expected to have a

fundamental effect on the operations of the entity, such as laws relating to bribery and
corruption
 inquire of management regarding the policies or procedures adopted for identifying,
evaluating and accounting for litigation and claims
 Consider auditor’s knowledge of the entity's history of non-compliance with laws and
regulations, including illegal acts.
The auditor’s responsibilities in relation to the entity’s compliance with laws and
regulations are distinguished between the following two different categories:
Direct effect
Certain laws and regulations are well-established, known to the entity and within the
entity's industry or sector, and relevant to the entity's financial statements as described
above. These laws and regulations generally are directly relevant to the determination of
material amounts and disclosures in the financial statements and readily evident to the
auditor. They could include those that relate to, for example:
 The form and content of financial statements (for example, statutorily-mandated
requirements)
 Industry-specific financial reporting issues
 Accounting for transactions under government contracts (for example, laws and
regulations that may affect the amount of revenue to be accrued) the accrual or
recognition of expenses for income tax or pension costs, or employment and social
security regulations.
Some provisions in those laws and regulations may be directly relevant to specific
assertions in the financial statements (for example, the completeness of income tax
provisions), while others may be directly relevant to the financial statements as a whole (for
example, the required statements constituting a complete set of financial statements).
Our responsibility regarding misstatements resulting from non-compliance with laws and
regulations, including illegal acts, having a direct effect on the determination of material
amounts and disclosures in the financial statements is the same as that for misstatements
caused by fraud or error.
Non-compliance with other provisions of such laws and regulations and other laws and
regulations, including illegal acts, may result in fines, litigation or other consequences for
the entity, the costs of which may need to be provided for or disclosed in the financial
statements, but are not considered to have a direct effect on the financial statements.
Not a direct effect
Certain other laws and regulations may need particular attention by the auditor because they

85

AUDITING
have a fundamental effect on the operations of the entity. Non-compliance with laws and
regulations that have a fundamental effect on the operations of the entity, including illegal
acts, may cause the entity to cease operations, or call into question the entity's continuance
as a going concern.
For example, non-compliance with the requirements of the entity's license or other
entitlement to perform its operations could have such an impact (for example, for a bank,
non-compliance with capital or investment requirements).
There are also many laws and regulations relating principally to the operating aspects of the
entity that typically do not affect the financial statements (their financial statement effect is
indirect) and are not captured by the entity's information systems relevant to financial
reporting, for example, laws relating to bribery and corruption. Their indirect effect may
result from the need to disclose a contingent liability because of the allegation or
determination of identified or suspected non-compliance. Those other laws or regulations
may include those related to securities trading, occupational safety and health, food and
drug administration, environmental protection, equal employment, and price-fixing or other
antitrust violations. We may not have a sufficient basis for recognizing possible non-
compliance with such laws and regulations.
For the "Not a direct effect”, our responsibility is limited to performing specified audit
procedures that may identify non-compliance with those laws and regulations, including
illegal acts, that may have a material effect on the financial statements. Even when those
procedures are performed, we may not become aware of the existence of non-compliance or
illegal acts unless there is evidence of non-compliance or illegal acts in the records,
documents or other information normally inspected in an audit of financial statements.
As the financial reporting consequences of other laws and regulations can vary depending
on the entity's operations, the audit procedures included are directed to bringing to our
attention instances of non-compliance with laws and regulations, including illegal acts that
may have a material effect on the financial statements.
In some cases, the amount of an entity's correspondence with licensing or regulatory
authorities is voluminous. In exercising professional judgment in such circumstances, we
may consider the following in determining the extent of inspection that may identify
instances of non-compliance or illegal acts:
 the nature of the entity
 The nature and type of correspondence.

3. Related parties
A related party is a party that is either: a related party as defined in the applicable
financial reporting framework where the applicable financial reporting framework
establishes minimal or no related party requirements: a person or other entity that has
control or significant influence, directly or indirectly through one or more intermediaries,
over the reporting entity another entity over which the reporting entity has control or
significant influence, directly or indirectly through one or more intermediaries, or another
entity that is under common control with the reporting entity through having:

86

AUDITING
Common controlling ownership owners, who are close family members, or common key
management
However, entities that are under common control by a state (i.e. a national, regional or
local government) are not considered related unless they engage in significant
transactions or share resources to a significant extent with one another.
During the audit, the auditor shall remain alert, when inspecting records or documents,
for arrangements or other information that may indicate the existence of related party
transactions that management has not previously identified or disclosed to the auditor.
A related party transaction is a transfer of resources or obligations between related
parties, regardless of whether a price is charged.
In particular, the auditor shall inspect the following for indications of the existence of
related party relationships or related party transactions that management has not
previously identified or disclosed to the auditor:
 Bank and legal confirmations obtained as part of the auditor’s procedures
 Minutes of meetings of shareholders and those charged with governance, including
any relevant committees of these groups
 Such other records or documents as the auditor consider necessary in the
circumstances of the entity.
 Additionally, auditors may review the prior years’ audit documentation for
information about related party relationships and related party transactions. If
applicable, the auditor may inquire of a predecessor auditor about the predecessor’s
knowledge of existing relationships and the extent of management involvement in
material transactions.
Significant influence;
The existence of the following relationships may indicate the presence of control or
significant influence:
 Direct or indirect equity holdings or other financial interests in the entity
 The entity's holdings of direct or indirect equity or other financial interests in other
entities
 Being part of those charged with governance or key management (i.e. Those members
of management who have the authority and responsibility for planning, directing and
controlling the activities of the entity)
 Being a close family member of any person referred to in relationship
 Having a significant business relationship with any person referred to in relationship
Significant influence is generally defined as the power to participate in the financial and
operating policy decisions of an entity, but is not control over those policies. Significant
influence may be gained by share ownership, statute or agreement. Significant
influence may be exercised by representation on the board of directors, but may also be
apparent by such means as participation in the policy-making process, material inter-
company transactions, interchange of managerial personnel and dependency on technical
information.
Special-purpose entities as related parties

87

AUDITING
In some circumstances, a special-purpose entity may be a related party of the entity
because the entity may in substance control it, even if the entity owns little or none of the
special-purpose entity's equity.
Measurement and review of financial performance
The auditor considers third party expectations related to the entity's financial
performance, particularly those that may put pressures on, or provide incentives to
management to engage in fraudulent financial reporting.
The following matters include guidance regarding obtaining an understanding of the
measurement and review of the entity's financial performance, including the
consideration of third party expectations:
Why we obtain an understanding of the measurement and review of financial
performance, including the consideration of third party expectations
Management and others will measure and review those things they regard as important.
Performance measures, whether external or internal, create pressures on the entity.
These pressures, in turn, may motivate management to take action to improve the
business performance or to misstate the financial statements. For example:
 For listed entities, analysts may have expectations concerning financial
performance measures, for example revenue and net income growth that may put
pressure on management to record fraudulent revenue in order to meet such
expectations.
 For private entities, banks may have expectations concerning debt covenants,
minimum capital requirements, etc.

Accordingly, an understanding of the entity's performance measures assists the auditor in

considering whether pressures to achieve performance targets may result in management
actions that increase the risks of material misstatement, including those due to fraud.
Smaller entities often do not have processes to measure and review financial
performance. Inquiry of management may reveal that it relies on certain key indicators
for evaluating financial performance and taking appropriate action. If such inquiry
indicates an absence of performance measurement or review
The auditor shall include in his/her audit documentation:

 The key elements of the understanding obtained regarding each of the aspects of
the entity and its environment
 The sources of information from which the understanding was obtained, and
 The risk assessment procedures performed.
 Key elements of the auditor’s understanding are those elements which are related
to the identification and assessment of risks and to the design of further audit
procedures. It is not necessary to document the entirety of our understanding of
the entity and matters related to it.
Using professional judgment, the auditor may consider the following in determining the
nature and extent of his/her audit documentation:
 The nature, size and complexity of the entity and its internal control
 The availability of information from the entity

88

AUDITING
  For entities that have uncomplicated businesses and processes relevant to
financial reporting, the documentation may be simple in form and relatively brief
The extent of documentation may also reflect the experience and capabilities of the
members of the engagement team. Provided the requirements of audit documentation
are always met, an audit undertaken by an engagement team comprising less
experienced individuals may require more detailed documentation to assist them to
obtain an appropriate understanding of the entity than one that includes experienced
individuals. For recurring audits, certain documentation may be carried forward or
updated as necessary to reflect changes in the entity's business or processes.

4. Litigation and claims

Litigation and claims are actual or potential legal actions, demands, fines and/or
proceedings against the client related to alleged wrongful conduct brought by an
individual, entity and/or regulatory or governmental body.
The auditor does the following
 Evaluates management's assessment of each litigation, claim and assessment (in
addition to required evaluations and related procedures performed for estimates that
give rise to significant risks:
 Understand the relevant facts related to the litigation and claims including: (a) when
the underlying cause for legal action occurred (b) the degree of probability of an
unfavourable outcome and (c) the amount or range of potential loss;
 Evaluate the response to any relevant audit inquiry letter that was sent and;
 Evaluate and document conclusions regarding the accounting and disclosure related to
the litigation, claims and assessments.

 Design and perform audit procedures in order to identify litigation and claims
involving the entity which may give rise to a risk of material misstatement, including:
 Reviewing minutes of meetings of those charged with governance, documents
obtained from management concerning litigation and claims, and correspondence
between the entity and its external legal counsel
 Reviewing legal expense accounts and invoices from external legal counsel.
 In addition, other relevant procedures include, for example, using information
obtained through risk assessment procedures carried out as part of obtaining an
understanding of the entity and its environment to assist us to become aware of
litigation and claims involving the entity. For example, the auditor may: read minutes
of meetings of owners, directors, governing bodies of governmental entities and
appropriate committees held during, and subsequent to, the period being audited
 Read contracts, loan agreements, leases and correspondence from taxing or other
governmental agencies, and similar documents
 Obtain information concerning guarantees from bank confirmations
 Inspect other documents for possible guarantees by the entity

89

AUDITING
End of Chapter Questions

Question 1
City Housing, a house building company established for many years, has recently
approached your firm to act as the company’s auditors. Professional clearance has been
obtained from previous auditors and an audit engagement letter has been issued. It is now
1 December 2013 and your firm’s audit partner has asked you to visit the company in
order to obtain as much relevant knowledge as possible for use in planning the audit of
the company.

Required
a. Identify to whom in a limited company and audit engagement letter should be
addressed, and explain how acceptance of the terms of engagement should be
conveyed to the auditor. 6 Mark
b. Explain the purpose of an audit engagement letter, state when such a letter should
be issued to an audit client and identify occasion when it may be appropriate to
issue a new letter. 6 Marks
c. State procedures and matters would consider about the clients background before
acceptance of the engagement. 6 Mark
d. Write a paragraph in your own words for inclusion in an audit engagement letter,
setting out the responsibilities of the directors and auditors for safeguarding the
assets of the company and for the prevention and detection of fraud, errors and
non-compliance with laws and regulations. 2 Marks
Total 20 Marks

Question 2
ISA 315 (Redrafted) Identifying and Assessing the Risks of Material Misstatement
Through Understanding the Entity and Its Environment requires auditors to obtain an
understanding of the entity and its environment, including its internal control.
Required:
a) Explain why obtaining an understanding of the entity and its environment is
important for the auditor. 6 Marks
b) State five matter and sources of information you would consider to understand the
entity 10 Marks
Total 16 Marks

90

AUDITING
 CHAPTER 8

RISK ASSESSMENT AND AUDIT STRATEGY

Topic list

1 Introduction to risk assessment

2 Materiality
3 Understanding the entity and its environment
4 Assessing the risk of material misstatements
5 Responding to risk assessment
6 Fraud, law and regulations
7 Documentation of risk assessment
8 Audit planning
9 Audit strategy
10 Audit plan
11 Audit program
12 Audit documentation

Learning outcomes

By the end of this chapter students should be able to:

 Describe appropriate tasks and procedures to understand the client’s entity’s business
and its environment before any ground work can be carried out.
 Explain the concepts of audit risk and materiality
 Describe the techniques used in risk assessment
 Explain the effect of fraud, law and regulations on risk assessment
 State the contents of risk assessment documentation
 Develop an audit strategy
 Explain contents of an audit plan
 Prepare an audit program including determination of the nature, extent and timing of
specific audit tests and procedures.
 Describe different types of audit documentation

Introduction

It is very important that as auditors are about to start audit work on their client (of course
as part of their planning), they must get to know their client very well so as to know areas
of audit risk. Auditors get to know their client through a process called risk assessment
and this is the subject of this chapter as well as the techniques that the auditors use to get
this done. The general concept of audit risk is introduced first where components such as

91

AUDITING
control risk, inherent risk and detection risk are covered. The distinction between audit
risk and business risk is also made.

The chapter will also cover the concept of materiality for the financial statements as a
whole. You may recall from your earlier studies that information is material if its
omission or inclusion will affect the decision of a user on the basis of financial
statements. Auditors use judgement to calculate materiality and it must be reviewed as
the audit progresses and revised if necessary.

The last section of this chapter covers the contents of the overall audit strategy and the
detailed audit plan as well as the audit program. Documentation of audit work, which
provides the evidence of the work performed, will also be covered.

1 Introduction to risk assessment

Risk is any event that prevents the achievement of a set objective. Risks are everywhere
whether in business or audit; hence we have business risk and audit risk.

1.1 Meaning of risk assessment

Risk assessment comprises all the procedures the auditor carries out to assess the risk of
material misstatement in the client’s financial statements.

Auditors are required to carry out the audit with an attitude of professional scepticism,
exercise professional judgement and comply with ethical requirements. When planning
and carrying out these risk assessment procedures auditors must show pprofessional
scepticism, professional judgement and fulfil ethical requirements.

1.1.1 Professional scepticism, professional judgement and ethical requirements

Professional scepticism is an attitude that includes a questioning mind, being alert to
conditions which may indicate possible misstatement due to error or fraud, and a critical
assessment of audit evidence.

Professional judgement is the application of relevant training, knowledge and experience

in making informed decisions about the courses of action that are appropriate in the
circumstances of the audit engagement.

ISA 200 Overall objectives of the independent auditor and the conduct of an audit in
accordance with International Standards on Auditing states that auditors must plan and
perform an audit with an attitude of professional scepticism recognising that
circumstances may exist that cause the financial statements to be materially misstated.

This requires the auditor to be alert to:

 Audit evidence that contradicts other audit evidence obtained
 Information that brings into question the reliability of documents and responses to
inquiries to be used as audit evidence
 Conditions that may indicate possible fraud

92

AUDITING
 Circumstances that suggest the need for audit procedures in addition to those
required by ISAs

Professional scepticism needs to be maintained throughout the audit to reduce the risks of
overlooking unusual transactions, over-generalising when drawing conclusions, and using
inappropriate assumptions in determining the nature, timing and extent of audit
procedures and evaluating the results of them.

Professional scepticism is also necessary to the critical assessment of audit evidence. This
includes questioning contradictory audit evidence and the reliability of documents and
responses from management and those charged with governance.

1.1.2 Professional judgement

ISA 200 also requires the auditor to exercise professional judgement in planning and
performing an audit of financial statements.

Professional judgment is the process used to reach a well-reasoned conclusion that is

based on relevant facts and circumstances available at the time of the conclusion. A
fundamental part of the process is the involvement of individuals with sufficient
knowledge and experience. It involves the identification without bias, of reasonable
alternatives, and therefore careful and objective consideration of information that may
seem contradictory to a conclusion is key to its application.

Professional judgement is required in the following areas:

 Materiality and audit risk
 Nature, timing and extent of audit procedures
 Evaluation of whether sufficient appropriate audit evidence has been obtained
 Evaluating management’s judgements in applying the applicable financial reporting
framework
 Drawing conclusions based on the audit evidence obtained

1.1.3 Ethical requirements

ISA 200 states that the auditor must comply with the relevant ethical requirements,
including those relating to independence, that are relevant to financial statement audit
engagements.

1.2 Overall audit risk

Auditors usually follow a risk-based approach to auditing as required by International
Standards on Auditing (IASs). In this approach, auditors analyse the risks associated with
the client's business, transactions and systems which could lead to misstatements in the
financial statements, and direct their testing to risky areas. This is in contrast to a
procedural approach which is not in accordance with ISAs. In a procedural approach, the
auditor would perform a set of standard tests regardless of the client and its business. The
risk of the auditor providing an incorrect opinion on the truth and fairness of the financial
statements might be higher if a procedural approach was adopted.

93

AUDITING
1.3 Audit risk
Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the
financial statements are materially misstated. It is a function of the risk of material
misstatement (inherent risk and control risk) and the risk that the auditor will not detect
such misstatement (detection risk).

Audit risk may bring damage to the audit as a result of giving a wrong audit opinion. A
wrong audit opinion means, for example, saying that the accounts show a true and fair
view when in fact they do not.

Damage to the audit firm may be in the form of:

 Monetary damage paid to the client

 Monetary damage paid to a third party for loss caused by auditor’s negligence.

 Loss of reputation with the client.

 Loss of the audit or the business community.

Audit risk has two elements, the risk that the financial statements contain a material
misstatement and the risk that the auditors will fail to detect any material misstatements.

Audit risk has two major components. One is dependent on the entity, and is the risk of
material misstatement arising in the financial statements (inherent risk and control risk).

The other is dependent on the auditor, and is the risk that the auditor will not detect
material misstatements in the financial statements (detection risk). Audit risk can be
represented by the audit risk model:

Audit risk = Inherent risk x control risk x detection risk

1.3.1 Inherent risk

Inherent risk is the susceptibility of an assertion to a misstatement that could be material
individually or when aggregated with other misstatements, assuming there were no
related internal controls.

Inherent risk is the risk that items will be misstated due to the characteristics of those
items, such as the fact they are estimates or that they are important items in the accounts.
The auditors must use their professional judgement and all available knowledge to assess
inherent risk. If no such information or knowledge is available then the inherent risk is
high.

Inherent risk is affected by the nature of the entity; for example, the industry it is in and
the regulations it falls under, and also the nature of the strategies it adopts.

94

AUDITING
Factors that affect inherent risk

The relevant factors are considered based on two headings.

(I) Factors affecting client as a whole

(a) Integrity and attitude to risk of directors and management – domination by a

single individual can cause problems.

(b) Management experience and knowledge. This may be changes in management

and quality of financial management.

(c) Unusual pressures on management, e.g. tight reporting deadlines or market or

financing expectations.

(d) Nature of business. Potential problems include technological obsolescence or

over-dependence on a single product.

(e) Industry factors. Competitive conditions, regulatory requirements technology

developments, changes in customer demand.

(f) Future plans of the client. This includes sale or floatation on stock exchange.

(g) High gearing. A client that has a large proportion of prior charge capital has high
inherent risk.

(h) Liquidity problems. Cash-flow problems increase inherent risk.

(i) Information technology. Problems include lack of supporting documentation,

concentration of expertise in a few people, potential for unauthorised access.

(j) The existence of put upon enquiry situation or audit query. There are certain
situation when the auditor discovers evidence that either fraud or error occurred in
the accounts.

(II) Factors affecting individual account balances or transactions

(a) Financial statement accounts prone to misstatement. Accounts which require

adjustment in previous period or require high degree of estimation.

95

AUDITING
(b) Complex accounts. Accounts which require expert valuations or are subject of
current professional discussion.

(c) Assets at risk of being lost or stolen like cash, inventory, and portable non-current
assets.

(d) Quality of accounting systems. Strength or weaknesses of individual departments

like sales, purchases, cash etc can increase or decrease the inherent risk.

(e) High volume transactions. This may make the accounting system fail to cope.

(f) Unusual transactions. Transaction for large amounts with unusual names not
settled promptly (particularly important if they occur at period end). There are
also transactions that do not go through the system that relate to specific clients or
processed by certain individuals.

(g) Staff. Staff changes or areas of low morale.

(h) Some aggressive or unsuitably risky business practices pursued by management.

1.3.2 Control risk

Control risk is the risk that a misstatement could occur in an account balance or class of
transactions, which could be material either individually or when aggregated with
misstatement in other balances or classes and would not be prevented or detected and
corrected on a timely basis by the accounting and internal control systems. Alternatively
it is defined as risk that internal controls will not prevent or detect material errors.

The auditor should assess control risk at the planning stage of the audit if the auditors
intend to rely on their assessment to reduce the extent to their substantive procedures.
This assessment should be subsequently supported by tests of control.

Factors affecting control risk

The following are the factors that affect control risk.

(i) The quality and effectiveness of management and the degree of supervision
exercised by management.

(ii) The existence and quality of internal control.

(iii) The competence of accounting staff.

(iv) The nature of accounting records kept.

(v) The existence and effectives of the internal audit department, if there is one.

96

AUDITING
1.3.3 Detection risk

Detection risk is the risk that the auditors’ substantive procedures do not detect a
misstatement that exists in an account balance or class of transactions that could be
material either individually or when aggregated with misstatements in other balances or
classes. Alternatively it is the risk that auditors’ substantive procedures and his review of
the financial statements will not detect material errors.

Detection risk relates to the inability of the auditors to examine all evidence. Additional
to this is the fact that audit evidence is usually persuasive rather than conclusive so that
some detection risk is usually present allowing the auditors to seek reasonable
confidence.

Examples of areas of detection risk include:

 Failure to recognise ‘put upon enquiry’ situations.

 Failure to draw the correct inferences from audit evidence and the analytical review.

 Use of wrong procedures in a particular situation.

 Failure to perform necessary audit work because of time or cost considerations.

 Failure to detect error or fraud because of poor sampling method or inadequate

sample sizes.

Assessment of inherent risk, control risk and audit work

The auditor’s inherent risk and control risk assessments influence the nature, timing and
extent of substantive procedures required to reduce detection risk and thereby audit risk.

Auditors need to be careful when relying on control risk assessment as good controls may
impact upon some but not other aspects of audit areas. For example, good controls over
the recording of sales and trade debtors (receivables) would not reduce audit testing on
bad debts, as the amounts recorded may represent amounts that will not be collected.

In order to design an efficient audit methodology auditor should consider extent of

testing, design of testing and timing of tests.

97

AUDITING
On extent of testing, if inherent and control risks are low, number of items to be tested is
reduced. On design of testing, tests may be changed by placing more reliance on
analytical procedures. Carrying out certain procedures at a certain time and placing
reliance upon controls functioning at year end, affects the timing of tests.

Audit firm organisation and audit risk

It is essential that an audit firm should organize its affairs in such a way as to minimize
the risk of paying damages to clients or third parties.

Features of audit firm which may minimize risk

 Proper recruitment and training of all personnel.

 Allocation of staff with appropriate ability to particular audits.

 Planning of the work of the firm in such a way that each audit can be approached
in a relaxed but disciplined way and timing problems can be accommodated.

 Two way communication with staff on matters of general concern and in

connection with specific audits.

 Use of audit manuals which conform to the audit standards and guidelines.

 Use of audit documentation which is comprehensive and yet which allows for
special situations.

 Use of budgeting and other techniques to ensure that audits are remunerative and
yet risk-minimising.

 Use of precise and frequently updated letters of engagement.

 Use of review techniques for all audits.

 Existence of a technical section so that all new developments are rapidly

incorporated into the audit firm’s action.

Minimising risks that may rise from particular audit

The audit firm may minimize risks associated with specific audits in the following ways.

 Use of techniques for recognising the existence of audit risk.

 Segregating normal risk areas from high risk areas.

 Allocating audit staff that are competent to do the work especially in high risk areas.

98

AUDITING
 Extensive background research into the client and its industry.

 Careful planning with emphasis on high risk areas.

 Comprehensive documentation.

 Good briefing of audit staff.

 Emphasizing to staff on the need for recognition of high risk situations and good
communication when high risk or put upon enquiry situations are discovered.

 Particular attention to the conclusions reached from audit evidence.

 Special emphasis on the analytical review.

 Review of the audit work by a senior auditor unconnected with the particular audit.
 Emphasis on materiality consideration and sample sizes.

1.4 Management of audit risk

ISA 200 states that 'to obtain reasonable assurance, the auditor shall obtain sufficient
appropriate audit evidence to reduce audit risk to an acceptably low level and thereby
enable the auditor to draw reasonable conclusions on which to base the auditor’s
opinion.’

Auditors will want their overall audit risk to be at an acceptable level, or it will not be
worth them carrying out the audit. In other words, if the chance of them giving an
inappropriate opinion and being sued is high, it might be better not to do the audit at all.

The auditors will obviously consider how risky a new audit client is during the
acceptance process, and may decide not to go ahead with the relationship. However, they
will also consider audit risk for each individual audit, and will seek to manage the risk.

As we have seen above, it is not in the auditors' power to affect inherent or control risk.
These are risks integral to the client, and the auditor cannot change the level of these
risks.

The auditors therefore manage overall audit risk by manipulating detection risk, the only
element of audit risk they have control over. This is because the more audit work the
auditors carry out, the lower detection risk becomes, although it can never be entirely
eliminated due to the inherent limitations of audit.

The auditors will decide what level of overall risk is acceptable, and then determine a
level of audit work so that detection risk is as low as possible.

99

AUDITING
It is important to understand that there is not a standard level of audit risk which is
generally considered by auditors to be acceptable. This is a matter of audit judgement,
and so will vary from firm to firm and audit to audit. Audit firms are likely to charge
higher fees for higher risk clients. Regardless of the risk level of the audit, however, it is
vital that audit firms always carry out an audit of sufficient quality.

Auditors will want their overall audit risk to be at an acceptable level or it will not be
worth them carrying out the audit.

The auditors will consider how risky a new audit client is during the acceptance process
and may decide not to go ahead with the relationship.

The auditors will also consider audit risk for each individual audit and will seek to
manage that risk. It is not in the auditors’ power to affect inherent or control risk.

The auditor, therefore, manages overall audit risk by manipulating detection risk. This is
because the more audit work the auditors carry out, the lower detection risk becomes
although it can never be entirely eliminated due to the inherent limitations of audit.

This audit risk management can be shown crudely in a mathematical equation. The
auditor will decide what level of overall risk is acceptable and then determine a level of
audit so that detection risk makes the equation work.

Example 1

This example 1 will have the following effect on the audit. The auditors will not rely on
tests of control but will carry out extended substantive tests. Detection risk must be
rendered low which will mean carrying out detailed substantive testing.

Example 2

In example 2, as control risk is low the auditors are likely to carry out tests of control and
seek to rely on the client’s system. However, this does not mean substantive tests can be

100

AUDITING
eliminated entirely. Detection risk in this case would be affected by the amount of
controls and substantive testing carried.

1.5 Identifying and assessing the risks

The auditor should identify and assess the risks of material misstatement at the financial
statement level, and at the assertion level for classes of transactions, account balances and
disclosures’. He/she should take the following steps:

Step 1: Identify risks throughout the process of obtaining an understanding of the

entity.

Step 2: Relate the risks to what can go wrong at the assertion level.

Step 3: Consider whether the risks are of a magnitude that could result in a
material misstatement.

Step 4: Consider the likelihood of the risks causing a material misstatement.

1.6 Business risk

Business risk is defined as the threat that an event or action will adversely affect a
business ability to achieve the ongoing objectives. The threat can be internal or external.

The idea is that business face risks and an understanding of these risks gives the auditor a
thorough understanding of the clients business and also suggests where misstatement may
occur in the financial statements.

1.6.1 External business risks

External risks are those threats arising from outside the company and include the
following.

 Changing legislation.

 Changing interest rates.

 Public opinion, attitudes, fashions.

 Price wars initiated by competition.

101

AUDITING
 Import competition.

 Untried technologies and ideas.

 Natural hazards.

 Bad debts.

 Litigation.

 Environmental factors.

1.6.2 Internal business risks

Internal risks are risks arising from inside the company and can include the following.

 Failure to modernize products, processes, labour relations, and marketing etc.

 The process of dealing with suppliers or customers.

 Excessive reliance on a dominant chief executive.

 Cash-flow including overtrading.

 Gearing

 Inappropriate acquisitions.

 Excessive reliance on one of few products, customers, suppliers.

 Weak internal controls.

 Lack of research and development.

 Computer system failure.

 Fraud.

1.7 Business risk approach

Business risk approach in auditing is an approach that focuses upon how an organisation
responds to the risks it faces in achieving its goals and objectives; it aims to provide
assurance on the management of the identified risks within the context of the entity’s
corporate plans and aims.

102

AUDITING
In the business risk approach the direction of the audit is from the risks to the financial
statements. The scope of an audit planning should be driven by relative business risk. In
other words, audit resources should generally be applied to the areas of greatest business
risk. It is a high level approach. This concept implies a continuing relationship with the
client rather than a one off each year separate view.

It must be noted that auditors need more understanding of business and to that end large
audit firms set up databases of information about the economy and the business world.

The ideas of inherent risk and control risk can be called residual risk which has to be
minimized by audit action; the audit action carries with it detection risk. Residual risk is
the level of risk remaining after the relevant controls have been applied by management
to the gross (or 'absolute') risk. Residual risk represents the actual level of exposure that
the entity faces. Since it leads to better understanding of the client’s business, it is
possible to use analytical review more frequently as a verification of assertions
procedure.

The business risk approach is an aid to the client acceptance and continuation procedures.
This makes the audit to be tailor-made and a generalized approach to audits is neither
productive nor economical.

Going concern considerations are a natural product of a business risk investigation and
separate consideration of going concern may be necessary.

1.7.1 Importance of business risk approach

There are a number of reasons why a business risk approach is used.

(a) Research showed that processing errors rarely cause audit problems.

(b) Major audit problems arise out of issues such as going concern, major fraud by
top management, large scale systems breakdown, failure to modernize products
and lack of response to market forces.

(c) This approach helps the auditor to have a profound knowledge of the business.

(d) This approach helps the auditor to focus the audit on the high risk areas.

(e) The approach adds value to the audit and enables the auditor to offer some
commercial benefits to the audit.

(f) Helps auditors to be aware of changes happening in the industry of the client.

(g) This helps to make audit economical as emphasis on transaction-based audit is

expensive.

103

AUDITING
(h) Business risk approach show the fact that companies are much more at risk of
failure than before due to the pace of change in business and computing and
communication.

(i) This helps audit firms to become innovative so as to attract clients.

(j) The business risk review may show up areas where the audit firm can suggest that
its highly paid services can be offered to the client.

(k) This facilitates audit firms to show product differentiation to potential clients.

(l) The business, environmental, corporate governance issues and the nature of
management control are all now more significant for businesses.

(m) This approach tends to involve audit partners and senior managers much more in
the planning stages of the audit.

1.7.2 Disadvantages of the business risk approach

This approach has the following disadvantages.

(a) More highly qualified and competent employees are required and that this negates
some of the efficiency gains.

(b) The added value idea does tend to oppose the notion of independence which is
very important currently.

1.8 Implications of the business risk for the auditor

The auditor needs to plan the audit and have understanding of the business.

The effect on planning may include the following.

 A consideration of the control environment.

 A consideration of risk management by management.

 Adequacy of accounting system in terms of Companies Act and nature of

business.

 Consideration of going concern status of the company.

 Effect of risks on cash flow.

 Risk of fraud.

104

AUDITING
 Existence of related parties with different agendas.

 Threat of management misstating financial statements.

 Risk of withdrawal of support by loan or trade creditors.

1.9 Business risk and audit risk

Audit risk is divided into inherent risk, control risk and detection risk, and in a sense
business risk encompasses inherent risk and control risk.

The first argument for this is that the business faces numerous external and internal risks.
The other is that the auditor faces the risk of giving an inappropriate audit opinion on the
financial statements.

The third point is that the effect of business risks is that the financial statements may
contain misstatements. The audit risk arises out of the possibility of undetected
misstatements in the financial statements.

There is also a fact that a major risk facing most companies is the failure of internal
controls to prevent or detect material errors or fraud leading to misstatements in the
financial statements. Finally a major risk to auditors is their tests may fail to detect errors
and fraud which lead to misstatements in the financial statements.

2 Materiality

Materiality is the expression of the relative importance of a particular matter in the

context of the financial statements as a whole. Information is generally considered to be
material if its omission or misstatement could influence the economic decisions of users
taken on the basis of the financial statements. Materiality should be considered by the
auditor when determining the nature, timing and extent of audit procedures and when
evaluating the effects of misstatements.

2.1 Determining materiality and performance materiality when planning the

audit
Performance materiality is the amount or amounts set by the auditor at less than
materiality for the financial statements as a whole to reduce to an appropriately low level
the probability that the aggregate of uncorrected and undetected misstatements exceeds
materiality for the financial statements as a whole.

Performance materiality also refers to the amount or amounts set by the auditor at less
than the materiality level or levels for particular classes of transactions, account balances
or disclosures.

105

AUDITING
During planning, the auditor must establish materiality for the financial statements as a
whole. However, if there are classes of transactions, account balances or disclosures for
which misstatements less than materiality for the financial statements as a whole could
reasonably be expected to influence the economic decisions of users taken on the basis of
the financial statements, the auditor must also determine materiality levels to be applied
to these.

The auditor must also determine performance materiality in order to assess the risks of
material misstatement and to determine the nature, timing and extent of further audit
procedures.

Determining materiality for the financial statements as a whole involves the exercise of
professional judgement (which we covered in section 1 of this chapter). Generally, a
percentage is applied to a chosen benchmark as a starting point for determining
materiality for the financial statements as a whole. The following factors may affect the
identification of an appropriate benchmark:

 Elements of the financial statements (e.g. assets, liabilities, equity, revenue,

expenses)
 Whether there are items on which users tend to focus
 Nature of the entity, industry and economic environment
 Entity’s ownership structure and financing
 Relative volatility of the benchmark

The following benchmarks and percentages may be appropriate in the calculation of

materiality for the financial statements as a whole.

Value %
Profit before tax 5
Gross profit ½–1
Revenue ½–1
Total assets 1–2
Net assets 2–5
Profit after tax 5 – 10

The determination of performance materiality involves the exercise of professional

judgement and is affected by the auditor’s understanding of the entity and the nature and
extent of misstatements identified in prior audits.

2.2 Revision of materiality

The level of materiality must be revised for the financial statements as a whole if the
auditor becomes aware of information during the audit that would have caused the
auditor to have determined a different amount during planning.

106

AUDITING
If the auditor concludes that a lower amount of materiality for the financial statements as
a whole is appropriate, the auditor must determine whether performance materiality also
needs to be revised, and whether the nature, timing and extent of further audit procedures
are still appropriate. A revision to materiality might be required for example if during the
audit it appears that actual results are going to be significantly different from the expected
results, which were used to calculate materiality for the financial statements as a whole
during planning.

2.3 Materiality considerations

The following considerations are important when deciding materiality.

(a) The Companies Act makes references to materiality.

(b) Materiality consists of aggregating, classifying and presenting financial

information. It requires professional judgement.

(c) An item will be disclosed on the basis of materiality.

(d) Materiality may require that the accounts be altered.

(e) Materiality requires that a certain formula or accounting basis allow for special
factors.

(f) Assessment of materiality of an item involves:

 Comparison of the magnitude of the item with the overall view presented by
the accounts.

 Comparison of the magnitude of the item with the magnitude of the same item
in the previous year.

 Comparison of the magnitude of the item with the total of which it forms part.

 Consideration of the presentation and context of the item.

 Consideration of statutory provisions.

 Nature of the item, for example, directors remuneration are always material.

 Consideration of degree of approximation of the item of which it is part.

 Materiality should be judged in the light of the normal

dimensions of the business.

107

AUDITING
  Assessment of critical points, for example, turning small profit into a loss is
material.

2.4 Audit risk and materiality

Auditors should consider materiality and its relationship with audit risk. The following
are key issues:

 Materiality is a matter of professional judgement and it has both quantity and quality
dimensions.
 Auditors should take materiality into account when considering the nature, timing and
extent of audit procedures.
 Materiality should be taken into account at the planning stage and reconsidered if the
outcome of tests, enquiries or examinations differs from expectation.
 In evaluating whether the financial statements give a true and fair view auditors
should assess the materiality of aggregate of uncorrected statements.

2.5 How materiality affects the audit work

(a) Materiality affects the nature and size of audit tests. The auditor needs to design
audit procedures to verify only those items which could be materially wrong.

(b) When deciding whether to seek adjustment for errors found, the auditor is
concerned that adjustments are made only of material errors.

2.6 Approaches to assignment of Materiality

There are two approaches that can be used.

 Bottom - up approach. This is judging materiality amounts in each account

separately, and then combining them to determine the overall effect.

 Top-down approach. This is judging an overall material amount for the financial
statements and then allocating it to particular accounts.

2.7 Planning Materiality

The concept of materiality is used by auditors as a guide to planning the audit program, to
evaluation of the evidence, and for making decisions about the audit report.

2.8 Documentation of materiality

ISA 320 requires the following to be documented:

 Materiality for the financial statements as a whole
 Materiality level or levels for particular classes of transactions, account balances or
disclosures if applicable

108

AUDITING
 Performance materiality
 Any revision of the above as the audit progresses

3 Understanding the entity and its environment

3.1 Why auditors need an understanding

ISA 315 Identifying and assessing the risks of material misstatement through
understanding the entity and its environment states that the objective of the auditor is to
identify and assess the risks of material misstatement, whether due to fraud or error,
through understanding the entity and its environment, including the entity’s internal
control, thereby providing a basis for designing and implementing responses to the
assessed risks of material misstatement.

A summary is given below.

Why?
 To identify and assess the risks of material misstatement in the financial statements
 To enable the auditor to design and perform further audit procedures
 To provide a frame of reference for exercising audit judgement, for example, when
setting audit materiality

What?
 Industry, regulatory and other external factors, including the applicable financial
reporting framework
 Nature of the entity, including operations, ownership and governance, investments,
structure and financing
 Entity’s selection and application of accounting policies
 Objectives and strategies and related business risks that might cause material
misstatement in the financial statements
 Measurement and review of the entity's financial performance
 Internal control

How?
 Inquiries of management and others within the entity
 Analytical procedures
 Observation and inspection
 Prior period knowledge
 Client acceptance or continuance process
 Discussion by the audit team of the susceptibility of the financial statements to
material misstatement
 Information from other engagements undertaken for the entity

3.3 How do auditors gain an understanding?

ISA 315 sets out the methods that the auditor shall use to obtain the understanding and
combination of these procedures should be used.

109

AUDITING
 Inquiries of management and others within the entity
 Analytical procedures
 Observation and inspection

ISA 315 also states the auditor shall consider whether information obtained from client
acceptance or continuance processes is relevant.

If the engagement partner has performed other engagements for the entity, he/she shall
consider whether information from these is relevant to identifying risks of material
misstatement.

ISA 315 states that if the auditor is going to use information from prior year audits, the
auditor shall determine whether changes have occurred that could affect the relevance to
the current year’s audit.

ISA 315 also requires the engagement partner and other key team members to discuss the
susceptibility of the financial statements to material misstatement, and the application of
the applicable financial reporting framework to the entity’s facts and circumstances. The
engagement partner shall determine what matters are to be communicated to team
members not involved in the discussion.

3.3.1 Inquiry
The auditors will usually obtain most of the information they require from staff in the
accounts department, but may also need to make enquiries of other personnel, for
example, internal audit, production staff or those charged with governance.

Those charged with governance may give insight into the environment in which the
financial statements are prepared. In-house legal counsel may help with understanding
matters such as outstanding litigation, or compliance with laws and regulations. Sales and
marketing personnel may give information about marketing strategies and sales trends.

3.3.2 Analytical procedures

Analytical procedures consist of the evaluations of financial information made by a study
of plausible relationships among both financial and non-financial data. They also
encompass the investigation of identified fluctuations and relationships that are consistent
with other relevant information or deviate significantly from predicted amounts.

Analytical procedures can be used at all stages of the audit. ISA 315 requires their use
during the risk assessment stage of the audit.

Analytical procedures include:

(a) The consideration of comparisons with:

 Similar information for prior periods
 Anticipated results of the entity, from budgets or forecasts

110

AUDITING
  Predictions prepared by the auditors
 Industry information

(b) Those between elements of financial information that are expected to conform to
a predicted pattern based on the entity's experience, such as the relationship of
gross profit to sales.

(c) Those between financial information and relevant non-financial information, such
as the relationship of payroll costs to number of employees.

A variety of methods can be used to perform the procedures discussed above, ranging
from simple comparisons to complex analysis using statistics, on a company level, branch
level or individual account level. The choice of procedures is a matter for the auditors'
professional judgement. The use of information technology may be extensive when
carrying out analytical procedures during risk assessment.

Auditors may also use specific industry information or general knowledge of current
industry conditions to assess the client's performance.

As well as helping to determine the nature, timing and extent of other audit procedures,
such analytical procedures may also indicate aspects of the business of which the auditors
were previously unaware. Auditors are looking to see if developments in the client's
business have had the expected effects. They will be particularly interested in changes in
audit areas where problems have occurred in the past.

Analytical procedures at the risk assessment stage of the audit are usually based on
interim financial information, budgets or management accounts.

3.3.3 Observation and inspection

These techniques are likely to confirm the answers made to inquiries made of
management. They will include observing the normal operations of a company, reading
documents or manuals relating to the client's operations or visiting premises and meeting
staff.

3.3.4 Companies that use e-business

IAPS 1013 Electronic commerce – effect on the audit of financial statements provides
guidance to auditors auditing entities that engage in e-commerce. The IAPS identifies
specific matters to assist the auditor when considering the significance of e-commerce to
the entity’s business and the effect on the auditor’s risk assessment.

The auditor needs to consider whether the skills and knowledge of team members are
appropriate to perform the audit, and also whether an expert is required.

The auditor also needs to have a good understanding of the business to assess the
significance of ecommerce and its effect on audit risk. The auditor should consider the
following:

111

AUDITING
 The entity’s business activities and industry
 The entity’s e-commerce strategy
 The extent of e-commerce activities
 Outsourcing arrangements

The IAPS identifies specific business risks affecting entities that engage in e-commerce,
which are outlined below.

 Loss of transaction integrity

 Security risks
 Improper accounting policies (e.g. capitalisation of expenditure, translation of
foreign currency, allowances for warranties and returns, revenue recognition)
 Non-compliance with taxation and other laws and regulations
 Failure to ensure that contracts are binding
 Over-reliance on e-commerce
 Systems and infrastructure failures or crashes

The auditor uses the knowledge of the business gained to identify events, transactions and
practices related to business risks arising from e-commerce activities that may result in
material misstatements in the financial statements.

The auditor also considers the control environment and control procedures that are
relevant to the financial statement assertions, in accordance with ISA 315, in particular
those relating to security, transaction integrity and process alignment.

4 Assessing the risks of material misstatement

4.1 Identifying and assessing the risks of material misstatement

ISA 315 says that the auditor shall identify and assess the risks of material misstatement
at the financial statement level and at the assertion level for classes of transactions,
account balances and disclosures.

It requires the auditor to take the following steps:

 Identify risks throughout the process of obtaining an understanding of the entity
and its environment
 Assess the identified risks, and evaluate whether they relate more pervasively to the
financial statements as a whole
 Relate the risks to what can go wrong at the assertion level
 Consider the likelihood of the risks causing a material misstatement

Assertions are representations by management, explicit or otherwise, that are embodied

in the financial statements, as used by the auditors to consider the different types of
potential misstatements that may occur.

4.2 Significant risks

112

AUDITING
Significant risks are those that require special audit consideration. It is important that the
auditor determine whether any of the risks are significant risks.

The following factors indicate that a risk might be significant:

 Risk of fraud
 Its relationship with recent economic, accounting or other developments
 The degree of subjectivity in the financial information
 It is an unusual transaction
 It is a significant transaction with a related party
 The complexity of the transaction

Routine, non-complex transactions are less likely to give rise to significant risk than
unusual transactions or matters of management judgement. This is because unusual
transactions are likely to have more:

 Management intervention
 Complex accounting principles or calculations
 Manual intervention
 Opportunity for control procedures not to be followed

When the auditor identifies a significant risk, if he has not done so already, he shall
obtain an understanding of the entity’s controls relevant to that risk.

5 Responding to the risk assessment

The main objective of ISA 330 The auditor’s responses to assessed risks is to obtain
sufficient appropriate audit evidence regarding the assessed risks of material
misstatement, through designing and implementing appropriate responses to those risks.

5.1 Overall responses

Overall responses include issues such as emphasising to the team the importance of
professional scepticism, allocating more staff, using experts or providing more
supervision.

Overall responses to address the risks of material misstatement at the financial statement
level will be changes to the general audit strategy or re-affirmations to staff of the general
audit strategy. For example:

 Emphasising to audit staff the need to maintain professional scepticism

 Assigning additional or more experienced staff to the audit team
 Providing more supervision on the audit
 Incorporating more unpredictability into the audit procedures
 Making general changes to the nature, timing or extent of audit procedures

113

AUDITING
The evaluation of the control environment that will have taken place as part of the
assessment of the client's internal control systems will help the auditor determine what
type of audit approach to take.

5.2 Responses to the risks of material misstatement at the assertion level

The ISA says that the auditor shall design and perform further audit procedures whose
nature, timing and extent are based on and are responsive to the assessed risks of material
misstatement at the assertion level. 'Nature' refers to the purpose and the type of test that
is carried out, which include tests of controls and substantive tests.

5.2.1 Tests of controls

Tests of controls are audit procedures designed to evaluate the operating effectiveness of
controls in preventing, or detecting and correcting, material misstatements at the assertion
level.

When the auditor's risk assessment includes an expectation that controls are operating
effectively, the auditor shall design and perform tests of controls to obtain sufficient
appropriate audit evidence that the controls were operating.

The auditor shall also undertake tests of control when it will not be possible to obtain
sufficient appropriate audit evidence simply from substantive procedures. This might be
the case if the entity conducts its business using IT systems which do not produce
documentation of transactions.

In carrying out tests of control, auditors shall use inquiry, but shall also use other
procedures. Re-performance and inspection will often be helpful procedures.

When considering timing in relation to tests of controls, the purpose of the test will be
important. For example, if the company carries out a year-end inventory count, controls
over the inventory count can only be tested at the year-end. Other controls will operate all
year round, and the auditor may need to test that those controls have been effective
throughout the period.

Some controls may have been tested in prior audits and the auditor may choose to rely on
that evidence of their effectiveness. If this is the case, the auditor shall obtain evidence
about any changes since the controls were last tested and shall test the controls if they
have changed. In any case, controls shall be tested for effectiveness at least once in every
three audits.

If the related risk has been designated a significant risk, the auditor shall not rely on
testing done in prior years, but shall perform testing in the current year.

5.2.2 Substantive procedures

114

AUDITING
Substantive procedures are audit procedures designed to detect material misstatements at
the assertion level. They consist of tests of details of classes of transactions, account
balances and disclosures, and substantive analytical procedures.

The auditor shall always carry out substantive procedures on material items. The ISA
says that irrespective of the assessed risk of material misstatement, the auditor shall
design and perform substantive procedures for each material class of transactions,
account balance and disclosure.

In addition, the auditor shall carry out the following substantive procedures:
 Agreeing or reconciling the financial statements to the underlying accounting
records
 Examining material journal entries
 Examining other adjustments made in preparing the financial statements

Substantive procedures fall into two categories: analytical procedures and tests of details.
The auditor must determine when it is appropriate to use which type of substantive
procedure.

Analytical procedures as substantive procedures tend to be appropriate for large volumes

of predictable transactions (for example, wages and salaries). Tests of detail may be
appropriate to gain information about account balances for example, inventory or trade
receivables.

Tests of detail rather than analytical procedures are likely to be more appropriate with
regard to matters which have been identified as significant risks, but the auditor must
develop procedures that are specifically responsive to that risk, which may include
analytical procedures. Significant risks are likely to be the most difficult to obtain
sufficient appropriate audit evidence about.

6 Fraud, law and regulations

6.1 What is fraud?

Fraud is an intentional act by one or more individuals among management, those charged
with governance, employees or third parties involving the use of deception to obtain an
unjust or illegal advantage. Fraud may be perpetrated by an individual, or colluded in,
with people internal or external to the business.

Fraud risk factors are events or conditions that indicate an incentive or pressure to
commit fraud or provide an opportunity to commit fraud.

Fraud is a wide legal concept, but the auditor's main concern is with fraud that causes a
material misstatement in financial statements. It is distinguished from error, which is
when a material misstatement is caused by mistake, for example, in the misapplication of
an accounting policy.

115

AUDITING
Specifically, there are two types of fraud causing material misstatement in financial
statements:
 Fraudulent financial reporting
 Misappropriation of assets

6.1.1 Fraudulent financial reporting

Fraudulent financial reporting involves intentional misstatements, including omissions of
amounts or disclosures in financial statements, to deceive financial statement users.

This may include:

 Manipulation, falsification or alteration of accounting records/supporting
documents
 Misrepresentation (or omission) of events or transactions in the financial
statements
 Intentional misapplication of accounting principles

Such fraud may be carried out by overriding controls that would otherwise appear to be
operating effectively, for example, by recording fictitious journal entries or improperly
adjusting assumptions or estimates used in financial reporting.

6.1.2 Misappropriation of assets

Misappropriation of assets involves the theft of an entity's assets and is often perpetrated
by employees in relatively small and immaterial amounts. However, it can also involve
management who are usually more capable of disguising or concealing misappropriations
in ways that are difficult to detect.

This is the theft of the entity's assets (for example, cash, inventory). Employees may be
involved in such fraud in small and immaterial amounts, but it can also be carried out on
a larger scale by management who may then conceal the misappropriation, for example
by:
 Embezzling receipts (for example, diverting them to private bank accounts)
 Stealing physical assets or intellectual property (inventory, selling data)
 Causing an entity to pay for goods not received (payments to fictitious vendors)
 Using assets for personal use

6.2 Fraud and the auditor

ISA 240 The auditor’s responsibilities relating to fraud in an audit of financial
statements provides guidance to auditors in this area.

6.2.1 Responsibilities of management and auditors

The primary responsibility for the prevention and detection of fraud is with those charged
with governance and the management of an entity. This is effected by having a
commitment to creating a culture of honesty and ethical behaviour and active oversight
by those charged with governance.

116

AUDITING
The auditor is responsible for obtaining reasonable assurance that the financial statements
are free from material misstatement, whether caused by fraud or error. The risk of not
detecting a material misstatement from fraud is higher than from error because of the
following reasons:
 Fraud may involve sophisticated schemes designed to conceal it.
 Fraud may be perpetrated by individuals in collusion.
 Management fraud is harder to detect because management is in a position to
manipulate accounting records or override control procedures.

The auditor is responsible for maintaining professional scepticism throughout the audit,
considering the possibility of management override of controls, and recognising that audit
procedures effective for detecting errors may not be effective for detecting fraud.

6.2.2 Risk assessment

ISA 315 requires a discussion among team members that places particular emphasis on
how and where the financial statements may be susceptible to fraud.

Risk assessment procedures to obtain information in identifying the risks of material

misstatement due to fraud shall include the following:

(i) Inquiries of management regarding:

 Management’s assessment of the risk that the financial statements may be
misstated due to fraud

 Management’s process for identifying and responding to the risk of fraud

 Management’s communication to those charged with governance in respect

of its process for identifying and responding to the risk of fraud

 Management’s communication to employees regarding its views on business

practices and ethical behaviour

 Knowledge of any actual, suspected or alleged fraud

(ii) Inquiries of internal audit for knowledge of any actual, suspected or alleged fraud,
and its views on the risks of fraud

(iii) Obtaining an understanding of how those charged with governance oversee

management’s processes for identifying and responding to the risk of fraud and the
internal control established to mitigate these risks

(iv) Inquiries of those charged with governance for knowledge of any actual, suspected
or alleged fraud

(v) Evaluating whether any unusual relationships have been identified in performing
analytical procedures that may indicate risk of material misstatement due to fraud

117

AUDITING
(vi) Considering whether any other information may indicate risk of material
misstatement due to fraud

(vii) Evaluating whether any fraud risk factors are present

In accordance with ISA 315, the auditor shall identify and assess the risks of material
misstatement due to fraud at the financial statement level and at the assertion level for
classes of transactions, account balances and disclosures. These risks shall be treated as
significant risks.

In accordance with ISA 330, the auditor shall determine overall responses to address the
assessed risks of material misstatement due to fraud at the financial statement level. In
this regard, the auditor shall:

 Assign and supervise staff responsible taking into account their knowledge, skill
and ability.

 Evaluate whether the accounting policies may be indicative of fraudulent financial

reporting.

 Incorporate unpredictability in the selection of the nature, timing and extent of audit
procedures.

6.2.3 Communication to management and those charged with governance

If the auditor identifies fraud or receives information that a fraud may exist, the auditor
shall report this on a timely basis to the appropriate level of management.

If the auditor identifies or suspects fraud involving management, employees with

significant roles in internal control, and others where fraud could have a material effect
on the financial statements, he shall communicate this on a timely basis to those charged
with governance.

The auditor also needs to consider whether there is a responsibility to report to the
regulatory or enforcement authorities – the auditor’s professional duty of confidentiality
may be overridden by laws and statutes in certain jurisdictions.

6.3 Law and regulations

The auditor is also required to consider the issue of law and regulations in the audit.
Auditors are given guidance in ISA 250 Consideration of laws and regulations in an
audit of financial statements, the objectives of the auditor are:

118

AUDITING
 To obtain sufficient appropriate audit evidence regarding compliance with the
provisions of those laws and regulations that have a direct effect on the
determination of material amounts and disclosures in the financial statements

 To perform specified audit procedures to help identify non-compliance with other

laws and regulations that may have a material effect on the financial statements

 To respond appropriately to non-compliance/suspected non-compliance identified

during the audit

6.3.1 Responsibilities of management and auditors

It is management’s responsibility to ensure that the entity complies with the relevant laws
and regulations. It is not the auditor’s responsibility to prevent or detect non-compliance
with laws and regulations.

The auditor’s responsibility is to obtain reasonable assurance that the financial statements
are free from material misstatement, and in this respect, the auditor must take into
account the legal and regulatory framework within which the entity operates.

ISA 250 distinguishes the auditor’s responsibilities in relation to compliance with two
different categories of laws and regulations:

 Those that have a direct effect on the determination of material amounts and
disclosures in the financial statements

 Those that do not have a direct effect on the determination of material amounts and
disclosures in the financial statements but where compliance may be fundamental
to the operating aspects, ability to continue in business, or to avoid material
penalties

For the first category, the auditor’s responsibility is to obtain sufficient appropriate audit
evidence about compliance with those laws and regulations.

For the second category, the auditor’s responsibility is to undertake specified audit
procedures to help identify non-compliance with laws and regulations that may have a
material effect on the financial statements. These include inquiries of management and
inspecting correspondence with the relevant licensing or regulatory authorities.

6.3.2 Audit procedures

In accordance with ISA 315, the auditor shall obtain a general understanding of:
 The applicable legal and regulatory framework

 How the entity complies with that framework

119

AUDITING
The auditor can achieve this understanding by using his/her existing understanding and
updating it, and making inquiries of management about other laws and regulations that
may affect the entity, about its policies and procedures for ensuring compliance, and
about its policies and procedures for identifying, evaluating and accounting for litigation
claims.

The auditor shall remain alert throughout the audit to the possibility that other audit
procedures may bring instances of non-compliance or suspected non-compliance to the
auditor’s attention. These audit procedures could include:

 Reading minutes

 Making inquiries of management and in-house/external legal advisors regarding

litigation, claims and assessments

 Performing substantive tests of details of classes of transactions, account balances

or disclosures

The auditor shall request written representations from management that all known
instances of noncompliance or suspected non-compliance with laws and regulations
whose effects should be considered when preparing the financial statements have been
disclosed to the auditor.

6.3.3 Audit procedures when non-compliance is identified or suspected

The following factors may indicate non-compliance with laws and regulations:
 Investigations by regulatory authorities and government departments

 Payment of fines or penalties

 Payments for unspecified services or loans to consultants, related parties,

employees or government employees

 Sales commissions or agents’ fees that appear excessive

 Purchasing at prices significantly above/below market price

 Unusual payments in cash

 Unusual transactions with companies registered in tax havens

 Payment for goods and services made to a country different to the one in which the
goods and services originated

 Payments without proper exchange control documentation

120

AUDITING
 Existence of an information system that fails to provide an adequate audit trail or
sufficient evidence

 Unauthorised transactions or improperly recorded transactions

 Adverse media comment

The following is a summary of audit procedures to be performed when non-compliance is

identified or suspected.

 Obtain understanding of nature of act and circumstances.

 Obtain further information to evaluate possible effect on financial statements.

 Discuss with management and those charged with governance.

 Consider need to obtain legal advice if sufficient information not provided and
matter is material.

 Evaluate effect on auditor’s opinion if sufficient information not obtained.

 Evaluate implications on risk assessment and reliability of written representations.

6.3.4 Reporting identified or suspected non-compliance

The auditor shall communicate with those charged with governance, but if the auditor
suspects that those charged with governance are involved, the auditor shall communicate
with the next higher level of authority such as the audit committee or supervisory board.
If this does not exist, the auditor shall consider the need to obtain legal advice.

The auditor shall consider the impact on the auditor’s report if he/she concludes that the
non-compliance has a material effect on the financial statements and has not been
adequately reflected or is prevented by management and those charged with governance
from obtaining sufficient appropriate audit evidence to evaluate whether non-compliance
is material to the financial statements.

The auditor shall determine whether identified or suspected non-compliance has to be

reported to the regulatory and enforcement authorities. Although the auditor must
maintain the fundamental principle of confidentiality, in some jurisdictions the duty of
confidentiality may be overridden by law or statute.

7 Documentation of risk assessment

The need for auditors to document their audit work is discussed in the next chapter where
we will look in particular at the audit plan and the audit strategy, two documents for

121

AUDITING
planning. ISAs 315 and 330 contain a number of general requirements about
documentation, and we shall briefly run through those here.

The following matters shall be documented during planning

 The discussion among the audit team concerning the susceptibility of the financial
statements to material misstatements, including any significant decisions reached
 Key elements of the understanding gained of the entity regarding the elements of
the entity and its internal control components specified in ISA 315, the sources of
the information gained and the risk assessment procedures carried out
 The identified and assessed risks of material misstatement at the financial statement
level and at the assertion level
 Risks identified and related controls evaluated
 The overall responses to address the risks of material misstatement at the financial
statement level
 Nature, extent and timing of further audit procedures linked to the assessed risks at
the assertion level
 Results of audit procedures
 If the auditors have relied on evidence about the effectiveness of controls from
previous audits, conclusions about how this is appropriate
 Demonstration that the financial statements agree or reconcile with the underlying
accounting records

8 Audit planning

Planning an audit involves establishing the overall audit strategy for the engagement and
developing an audit plan. Adequate planning benefits the audit of financial statements in
several ways, including the following noted, but simply put planning is required because
an audit is an expensive process and a potentially complex project which needs to be
managed effectively.

8.1 The importance of planning

An effective and efficient audit relies on proper planning procedures. The planning
process is covered in general terms by ISA 300 Planning an audit of financial statements
which states that the auditor shall plan the audit so that the engagement is performed in
an effective manner.

Audits are planned to:

 Help the auditor devote appropriate attention to important areas of the audit.
 Help the auditor identify and resolve potential problems on a timely basis.
 Help the auditor properly organise and manage the audit so it is performed in an
effective manner.
 Assist in the selection of appropriate team members and assignment of work to
them.
 Facilitate the direction, supervision and review of work.
 Assist in coordination of work done by auditors of components and experts.

122

AUDITING
Audit procedures should be discussed with the client's management, staff and/or audit
committee in order to co-ordinate audit work, including that of internal audit. However,
all audit procedures remain the responsibility of the external auditors.

A structured approach to planning will include:

Step 1
Auditors must ensure that ethical requirements are met, including independence

Step 2
Auditors must ensure the terms of the engagement are understood

Step 3
Auditors must establish the overall audit strategy that sets the scope, timing and direction
of the audit and guides the development of the audit plan
 Identify the characteristics of the engagement that define its scope.
 Ascertain the reporting objectives to plan the timing of the audit and nature of
communications required.
 Consider significant factors in directing the team’s efforts.
 Consider results of preliminary engagement activities.
 Ascertain nature, timing and extent of resources necessary to perform the
engagement.

Step 4
Finally auditors develop audit plan that includes the nature, timing and extent of planned
risk assessment procedures and further audit procedures

8.2 The overall audit strategy and the audit plan

The overall audit strategy and audit plan shall be updated and changed as necessary
during the course of the audit.

8.2.1 The audit strategy

Audit strategy is defined as the planning process to develop an efficient and effective
audit which includes making decisions in relation to the scope of the audit, the general
evidence requirements for the forming of an opinion, and the initial choice as to the
nature, timing and extent of audit procedures to make efficient use of resources.

The matters the auditor may consider in establishing an overall audit strategy are set out
below.

Matters to consider in the overall audit strategy

(i) Characteristics of the engagement

 Financial reporting framework
 Industry-specific reporting requirements

123

AUDITING
 Expected audit coverage
 Nature of business segments
 Availability of internal audit work
 Use of service organisations
 Effect of information technology on audit procedures
 Availability of client personnel and data

(ii) Reporting objectives, timing of the audit and nature of communications

 Entity’s timetable for reporting
 Organisation of meetings with management and those charged with governance
 Discussions with management and those charged with governance
 Expected communications with third parties

(iii) Significant factors, preliminary engagement activities, and knowledge gained

on other engagements
 Determination of materiality
 Areas identified with higher risk of material misstatement
 Results of previous audits
 Need to maintain professional scepticism
 Evidence of management’s commitment to design, implementation and
maintenance of sound internal control
 Volume of transactions
 Significant business developments
 Significant industry developments
 Significant changes in financial reporting framework
 Other significant recent developments

(iv) Nature, timing and extent of resources

 Selection of engagement team
 Assignment of work to team members
 Engagement budgeting

Examples of items to include in the overall audit strategy could be:

 Industry-specific financial reporting requirements
 Number of locations to be visited
 Audit client's timetable for reporting to its members
 Communication between the audit team and the client

8.2.1.1 The impact of fraud on the audit strategy

Fraud may lead to a material misstatement in the financial statements. If the auditor
assesses that the risk of fraud is high, there is an increased probability of misstatement.
The impact on the audit strategy may be:

 A reduction in the materiality level set

 An increase level of testing in the areas where fraud is suspected.

124

AUDITING
 A reduced reliance on evidence generated internally by the client.
 An increased focus on externally generated evidence.
 If senior management is suspected of involvement with the fraud, a reduced
reliance on management representations.

9 The audit plan

The audit plan converts the audit strategy into a more detailed plan and includes the
nature, timing and extent of audit procedures to be performed by engagement team
members in order to obtain sufficient appropriate audit evidence to reduce audit risk to an
acceptably low level.

The audit plan shall include the following:

 A description of the nature, timing and extent of planned risk assessment
procedures
 A description of the nature, timing and extent of planned further audit procedures at
the assertion level
 Other planned audit procedures required to be carried out for the engagement to
comply with ISAs

The planning for these procedures occurs over the course of the audit as the audit plan
develops.
Examples of items included in the audit plan could be:
 Timetable of planned audit work
 Allocation of work to audit team members
 Audit procedures for each major account area (e.g. inventory, receivables, cash
etc.)
 Materiality for the financial statements as a whole and performance materiality
Any changes made during the audit engagement to the overall audit strategy or audit
plan, and the reasons for such changes, shall be included in the audit documentation.

9.1 Interim and final audits

Auditors usually carry out their audit work for a financial year in one or more sittings.
These are referred to as the interim audit(s) and the final audit.

The interim audit visits are carried out during the period of review and work focuses on
planning and risk assessment and tests of controls and systems, although substantive
audit procedures may also be carried out. The final audit visit is at the year-end or shortly
after and work focuses on the audit of the financial statements.

ISA 330 The auditor’s responses to assessed risks states that the higher the risk of
material misstatement, the more likely it is that the auditor will decide that it is more
effective to undertake substantive procedures nearer to, or at, the period-end rather than
earlier. However, performing audit procedures before the period-end can assist in
identifying significant matters at an early stage of the audit and being able to resolve

125

AUDITING
them with management’s assistance or developing an effective audit approach to address
them.

Auditors must obtain evidence that controls have operated effectively throughout the
period. ISA 330 states that when the auditor obtains evidence about the operating
effectiveness of controls during an interim audit visit, the auditor must determine what
additional audit evidence should be obtained for the remaining period.

The ISA makes a similar observation with regard to substantive procedures: when
substantive procedures are performed at an interim audit visit, the auditor shall perform
further substantive procedures or substantive procedures combined with tests of controls
to cover the remaining period that provide a reasonable basis for extending the audit
conclusions from the interim date to the period-end.

Some audit procedures can only be performed at the final audit visit, such as agreeing the
financial statements to the accounting records and examining adjustments made during
the process of preparing the financial statements.

9.2 Documenting the planning process

The auditor is required by ISAs 315 and 330 to document the following (which may be
contained within or referred to in the audit strategy):

 The discussion among the audit team concerning the susceptibility of the financial
statements to material misstatements, including any significant decisions reached.
 Key elements of the understanding gained of the entity including the elements of
the entity and its control specified in the ISA as mandatory, the sources of the
information gained and the risk assessment procedures carried out.
 The identified and assessed risks of material misstatement.
 Significant risks identified and related controls evaluated.
 The overall responses to address the risks of material misstatement
 Nature, extent and timing of further audit procedures linked to the assessed risks
at the assertion level.
 The results of the audit procedures including the conclusions where these are not
otherwise clear.
 If the auditors have relied on evidence about the effectiveness of controls from
previous audits, conclusions about how this is appropriate.

10. Audit program

An auditor prepares a plan after the selection of senior and junior staffs allocating the
jobs to them, mentioning when to start, how to do the work etc. This plan is known as
audit program. An auditor should include all the procedures in written form, objectives
of each sector and all the directions which are to be given to the staffs which helps to

126

AUDITING
control their works and helps to implement such programs into action. Following are the
facts regarding meaning of audit program:

 Audit program is a detailed work plan which includes the time of doing work and
how to do the works.
 Audit program includes audit procedures
 Audit program estimates the duration to complete the audit task
 Senior staffs prepare audit program to junior staffs on the basis of nature of
business
 Generally accepted points are included in the audit program
 Audit team members put tick marks in the completed tasks

10.1 Contents of audit program

Audit program is a detailed program which helps to guide and control the junior staffs.
Audit program classifies the work of junior audit team members which helps to complete
the audit task without leaving any points uncovered. Audit program is prepared on all the
programs, nature and size of business, internal check and internal control.

The contents are as follows.

 Detailed information of instructions of all the audit team members like audit of
bank/ cash book, purchase book, sales book etc.
 Auditor should prepare audit program considering the nature of client.
 Separate list of work assigned to team member
 Time period to complete task assigned
 Signature of audit staff to indicate completion of task

10.2 Objectives of audit programs

Audit program has the following objectives:

(a) Audit program helps to check systematically the books of accounts which help to
conduct an effective audit.
(b) Audit program specifies the time period clearly, which helps to complete the work
of audit in less time.
(c) The signature that audit staff writes after the completion of work specifies the
responsibility and accountability of audit team members. It also helps to prove the
completion of task.
(d) Helps review of proposed scope of audit preparing proper plan.
(e) Audit program shows the way to the new staffs to perform work of audit.

10.3 Advantages of audit program

127

AUDITING
(a) Audit program saves time and labour
All the directions which are to be given to assistant are clearly stated in the audit program
which helps to complete the task in time. Audit program also helps to conduct the audit
of the business in coming years which saves time and labour.

(b) Audit program increases efficiency

All the responsibilities of auditor are divided among the number of staffs considering
their skill and intelligence which helps to complete the work of audit properly. Similarly,
the works are divided among the assistant staffs on the basis of their calibre which helps
to increase efficiency.

(c) Audit program helps to control

An auditor can compare the work performed by the assistants on the basis of audit
program which helps to control their work if there are any deficiencies.

(d) Audit program helps to maintain uniformity

Tasks are divided among the team members; so there is no any chance of leaving non
audited statements. If the work of audit is performed on the basis of audit program every
year, uniformity can be maintained in the work of audit which helps to compare the
report of various years.

(e) Audit program helps in accountability

Work of juniors is clearly defined in the audit program and assistant puts signature in the
completed work and this makes them liable for such work.

(f) Audit program helps to maintain continuity

Audit program clearly shows the completed task and procedures of doing work. So, if any
staff leaves the job or remains absent, new staff can easily continue the job of audit.

(g) Audit program helps to present as proof

Auditor can present audit program as proof if he/she has been accused of misfeasance or
negligence and can get clearance from such accusation. Audit program can be presented
in the court also as evidence.

10.4 Disadvantages of audit program

Even though audit program has number of advantages, it is not free from limitations.
Some of the major disadvantages of audit program are as follows:

(a) Audit program harasses audit staff

All the staffs should perform task within the limitation given in audit program. Audit
staff cannot use their knowledge and calibre or creativity and this harasses them.

(b) Unsuitability
Nature and size of business differs. The audit program which is prepared at the beginning
of the year remains unsuitable. Different organizations may have their own problems;
hence similar type of program may not be applicable to all.

128

AUDITING
(c) Audit program is unsuitable to small concern
Small concern has less transactions and work of audit can be completed in short period of
time. So, audit program is not essential to audit such concern.

(d) Exclusion of Problems of new technology

New techniques and technologies are used in the work of accounting. Such technology
creates the problem in the work of audit but such problems and remedial measures are not
included in the audit program.

10.5 Types of audit program

Audit program can be classified into following two groups such as fixed audit program
and flexible audit program

10.5.1 Fixed audit program/ Standardised Audit program

Generally, auditor prepares audit program on the suggestions and recommendation of
assistant staffs but such program cannot be changed during the course of audit which is
known as fixed audit program. Such program, due to pace of time or change in the
situation and size of the client needs to change even though it cannot be changed. Fixed
audit Program can be used in all the organizations

Advantages of fixed audit program

(a) Fixed audit programs are prepared once and program is used in all the organization.
So, it saves time and cost.
(b) All the works are completed within the stipulated time because auditor does not
change such program on the request of assistant staff.
(c) Audit program fixes the responsibility of assistant staffs. So, they know their
responsibility and complete their work in time which helps to prepare and present
report in time.

Disadvantages of fixed audit program

(a) Such program is rigid and then it cannot be used in all organizations because nature
and size of all the businesses do not remain same.
(b) Same program will not be useful in the big and small organizations.
(c) Fixed audit program is unscientific and impracticable because it does not
incorporate the changes caused by time and situation.
(d) Fixed audit program harasses the staffs because intelligent staffs cannot use their
skill and knowledge.

10.5.2. Flexible audit program

An audit program which can be changed as per the need, time, nature of business and
auditing standard is known as flexible audit program. Such program should be reviewed
on the recommendations and suggestions of assistants. Such change can be made due to
change in number of work, nature of business, change in management and their feelings.
It is just taken as helping part but assistants can use their knowledge, calibre and
intelligence.

129

AUDITING
Advantages of flexible audit program
(a) Auditing remains effective because it can be changed if the change is made in the
nature and size of business.
(b) Assistant audit staff members remain happy because such programs are prepared
incorporating to the problems of assistant staffs.

(c) Flexible audit program remains effective because it incorporates to the change
made due to time and situation.

End of chapter question

Question 1

ISA 300 Planning an Audit of Financial Statements provides guidance to assist auditors
in planning an audit. It is at this point when the auditor would determine materiality
levels and whether to sample in certain areas of an audit.

Required:
a) Explain the benefits of audit planning. 5 marks
b) Identify stages involved in planning an audit 4 Marks
c) Define materiality 1 Marks
d) Identify and explain four methods of selecting a sample. 8 marks
Total 18 Marks

130

AUDITING
SECTION D

Internal Controls

131

AUDITING
 CHAPTER 9

GENERAL PRINCIPLES OF INTERNAL CONTROLS

Topic list
1. Internal Control system

2. Components of internal control system

3. Internal controls of information systems

4. Inherent limitations of internal controls

Learning outcomes

By the end of this chapter, readers should be able to:

 Explain the meaning and use of internal controls;

 Identify relevant controls to mitigate risks in any environment including in

computerized systems;

 Outline limitations relating to application of controls

Introduction

This chapter covers the role of internal controls in an organization. Components and
specific examples of internal controls have also been explained including controls
available in an information system.

1 Internal control system

Internal control is a process, system or procedure designed and implemented by board,

management or other personnel with the aim of directing the organization towards
achieving its objectives in the following categories:

 Effectiveness and efficiency of operations

 Reliability of financial reporting
 Compliance with applicable laws and regulations

Two key points should be made about this definition:

(a) People at every level of an organization effect internal controls.

132

AUDITING
Internal control is everyone's responsibility. Every employee has objectives to achieve
and is responsible for ensuring processes are in place that will assist the organization
achieve its objectives.

(b) Effective internal control helps an organization achieve its operations, financial
reporting, and compliance objectives.

Effective internal control is a built-in part of the management process (i.e., plan,
organize, direct, and control). Internal control keeps an organization on course toward its
objectives and the achievement of its mission, and minimizes surprises along the way.
Internal control promotes effectiveness and efficiency of operations, reduces the risk of
asset loss, and helps to ensure compliance with laws and regulations. Internal control also
ensures the reliability of financial reporting (i.e., all transactions are recorded and that all
recorded transactions are real, properly valued, recorded on a timely basis, properly
classified, and correctly summarized and posted).

2 Components of internal control system

Internal control consists of five interrelated components as follows:

 Control (or Operating) environment
 Risk assessment
 Control activities
 Information and communication
 Monitoring

All five internal control components must be present to conclude that internal control is
effective.

2.1 Control Environment

The control environment is the control consciousness of an organization; it is the

atmosphere in which people conduct their activities and carry out their control
responsibilities.
An effective control environment is an environment where competent people understand
their responsibilities, the limits to their authority, and are knowledgeable, mindful, and
committed to doing what is right and doing it the right way. They are committed to
following an organization's policies and procedures and its ethical and behavioral
standards.
The control environment encompasses technical competence and ethical commitment; it
is an intangible factor that is essential to effective internal control.
A governing board and management enhance an organization's control environment when
they establish and effectively communicate written policies and procedures, a code of
ethics, and standards of conduct. Moreover, a governing board and management enhance
the control environment when they behave in an ethical manner-creating a positive "tone
at the top"—and when they require that same standard of conduct from everyone in the
organization.

133

AUDITING
2.1.1 Responsibility of control environment

Management is responsible for "setting the tone" for their organization. Management
should foster a control environment that encourages:
 The highest levels of integrity and personal and professional standards
 A leadership philosophy and operating style which promote internal control
throughout the organization
 Assignment of authority and responsibility.

2.1.2 Control Environment Tips

Effective human resource policies and procedures enhance an organization's control

environment. These policies and procedures should address hiring, orientation, training,
evaluations, counseling, promotions, compensation, and disciplinary actions. In the event
that an employee does not comply with an organization's policies and procedures or
behavioral standards, an organization must take appropriate disciplinary action to
maintain an effective control environment.

The control environment is greatly influenced by the extent to which individuals

recognize that they will be held accountable.

Make sure that the following policies and procedures are available in your department
(hard copy or Internet access): This list is not all inclusive, nor will every item apply to
every department; it can, however, serve as a starting point.

 Administrative Procedures
 Business and Finance Bulletins
 Employee Handbook
 Purchasing Manual

 Make sure that the organisation has well-written departmental policies and
procedures manual which addresses its significant activities and unique issues.
Employee responsibilities, limits to authority, performance standards, control
procedures, and reporting relationships should be clear.

 Make sure that employees are well acquainted with the organisation’s policies and
procedures that pertain to their job responsibilities.

 Discuss ethical issues with employees. If employees need additional guidance,

issue standards of conduct.

134

AUDITING
  Make sure that employees comply with the Conflict of Interest policy and disclose
potential conflicts of interest (e.g., ownership interest in companies doing
business or proposing to do business with the organisation).

 Make sure that job descriptions exist, clearly state responsibility for internal
control, and correctly translate desired competence levels into requisite
knowledge, skills, and experience; make sure that hiring practices result in hiring
qualified individuals.
 Make sure that each department has an adequate training program for employees.
 Make sure that employee performance evaluations are conducted periodically.
Good performance should be valued highly and recognized in a positive manner.
 Make sure that appropriate disciplinary action is taken when an employee does
not comply with policies and procedures or behavioral standards.

2.2 Risk Assessment

The process of providing assurance about achievement of objectives starts with

understanding of risks such objectives face. The process of understanding risks involves
determining the objectives, identifying risks relating to the objectives and analysing the
risks.

2.2.1 Determine Goals and Objectives

The central theme of internal control is

(1) To identify risks to the achievement of an organization's objectives and
(2) To do what is necessary to manage those risks.
Thus, setting goals and objectives is a precondition to internal controls.
At the highest levels, goals and objectives should be presented in a strategic plan that
includes a mission statement and broadly defined strategic initiatives. At the department
level, goals and objectives should support the organization's strategic plan. Goals and
objectives are classified in the following categories:

Operations objectives: These objectives pertain to the achievement of the basic

mission(s) of a department and the effectiveness and efficiency of its operations,
including performance standards and safeguarding resources against loss.
Financial reporting objectives: These objectives pertain to the preparation of reliable
financial reports, including the prevention of fraudulent public financial reporting.
Compliance objectives: These objectives pertain to adherence to applicable laws and
regulations.

A clear set of goals and objectives is fundamental to the success of an organisation.

Specifically, an organisation or work unit should have:

 A mission statement,
 Written goals and objectives for the organisation as a whole, and
 Written goals and objectives for each significant activity in the organisation

135

AUDITING
There are certain activities which are significant to all organisations: budgeting,
purchasing goods and services, hiring employees, evaluating employees, accounting for
vacation/sick leave, and safeguarding property and equipment. Thus, all organisations
should have appropriate goals and objectives, policies and procedures, and internal
controls for these activities.

2.2.2 Identify Risks after Determining Goals

Risk assessment is the identification and analysis of risks associated with the
achievement of operations, financial reporting, and compliance goals and objectives.
This, in turn, forms a basis for determining how those risks should be managed.

Who is responsible?
To properly manage their operations, managers need to determine the level of operations,
financial and compliance risk they are willing to assume. Risk assessment is one of
management's responsibilities and enables management to act proactively in reducing
unwanted surprises. Failure to consciously manage these risks can result in a lack of
confidence that operation, financial and compliance goals will be achieved.

Risk Identification
A risk is anything that could jeopardize the achievement of an objective. For each of the
department's objectives, risks should be identified. Asking the following questions helps
to identify risks:
 What could go wrong?
 How could we fail?
 What must go right for us to succeed?
 Where are we vulnerable?
 What assets do we need to protect?
 Do we have liquid assets or assets with alternative uses?
 How could someone steal from the department?
 How could someone disrupt our operations?
 How do we know whether we are achieving our objectives?
 On what information do we mostly rely?
 On what do we spend the most money?
 How do we bill and collect our revenue?
 What decisions require the most judgment?
 What activities are most complex?
 What activities are regulated?
 What is our greatest legal exposure?

It is important that risk identification be comprehensive, at organisational level and at the

activity or process level, for operations, financial reporting, and compliance objectives.
Both external and internal risk factors need to be considered. Usually, several risks can be
identified for each objective.

136

AUDITING
2.2.3 Risk Analysis

 After risks have been identified, a risk analysis should be performed to prioritize
those risks:
 Assess the likelihood (or frequency) of the risk occurring.
 Estimate the potential impact if the risk were to occur; consider both quantitative
and qualitative costs.
 Determine how the risk should be managed; decide what actions are necessary.

Prioritizing helps organisations focus their attention on managing significant risks (i.e.,
risks with reasonable likelihood of occurrence and large potential impacts).

2.2.4 Risk Assessment Tips

Listed below are tips to guide an organisation through its risk assessment:
 Make sure the organisation has a mission statement and written goals and
objectives.
 Assess risks at the department level.
 Assess risks at the activity (or process) level.
 Complete a Business Controls Worksheet for each significant activity (or process)
in the department; prioritize those activities (or processes) which are most critical
to the success of the department and those activities (or processes) which could be
improved the most.
 Make sure that all risks identified at the department level are addressed in the
Business

2.3 Control Activities

Control activities are actions, supported by policies and procedures that, when carried out
properly and in a timely manner, manage or reduce risks.

2.3.1 Internal control responsibility

In the same way that managers are primarily responsible for identifying the financial and
compliance risks for their operations, they also have line responsibility for designing,
implementing and monitoring their internal control system.

2.3.2 Types of Internal Controls

Controls can be either preventive or detective. The intent of these controls is different.
Preventive controls attempt to deter or prevent undesirable events from occurring. They
are proactive controls that help to prevent a loss. Examples of preventive controls are
segregation of duties, proper authorization, adequate documentation, and physical control
over assets.
Detective controls, on the other hand, attempt to detect undesirable acts. They provide
evidence that a loss has occurred but do not prevent a loss from occurring. Examples of

137

AUDITING
detective controls are reviews, analyses, variance analyses, reconciliations, physical
inventories count, and audits.
Both types of controls are essential to an effective internal control system. From a quality
standpoint, preventive controls are essential because they are proactive and emphasize
quality.
However, detective controls play a critical role providing evidence that the preventive
controls are functioning and preventing losses.

2.3.3 Examples of internal controls

Control activities include approvals, authorizations, verifications, reconciliations, review

of performance, security of assets and segregation of duties.

(a) Approvals (Preventive)

One of the important control activities is authorization/approval. Authorization is the

delegation of authority; it may be general or specific. Giving a company permission to
expend funds from an approved budget is an example of general authorization. Specific
authorization relates to individual transactions; it requires the signature or electronic
approval of a transaction by a person with approval authority. Approval of a transaction
means that the approver has reviewed the supporting documentation and is satisfied that
the transaction is appropriate, accurate and complies with applicable laws, regulations,
policies, and procedures.

Approvers should review supporting documentation, question unusual items, and make
sure that necessary information is present to justify the transaction-before they sign it.
Signing blank forms should never be allowed.
Approval authority may be linked to specific Kwacha levels. Transactions that exceed the
specified Kwacha level would require approval at a higher level. Under no circumstance
should an approver tell someone that they could sign the approver's name on behalf of the
approver.

Similarly, under no circumstance should an approver with electronic approval authority

share his password with another person. To ensure proper segregation of duties, the
person initiating a transaction should not be the person who approves the transaction. A
company's approval levels should be specified in a company policies and procedures
manual.

(b) Reconciliations (Detective)

Broadly defined, reconciliation is a comparison of different sets of data to one another,

identifying and investigating differences, and taking corrective action, when necessary, to
resolve differences. Reconciling monthly financial reports from the Accounting
Department(e.g., Statement of Accounts, Ledger Sheets, etc.) to file copies of supporting
documentation or departmental accounting records is an example of reconciling one set
of data to another. This control activity helps to ensure the accuracy and completeness of
transactions that have been charged to a department's accounts. To ensure proper

138

AUDITING
segregation of duties, the person who approves transactions or handles cash receipts
should not be the person who performs the reconciliation. Another example of
reconciliation is comparing vacation and sick leave balances per departmental records to
vacation and sick leave balances per the payroll system.

A critical element of the reconciliation process is to resolve differences. It does no good

to note differences and do nothing about it. Differences should be identified, investigated,
and explained--corrective action must be taken. If expenditure is incorrectly charged to a
department's accounts, then the approver should request a correcting journal entry; the
reconciler should ascertain that the correcting journal entry was posted. Reconciliations
should be documented and approved by management.

(c) Reviews (Detective)

Reviewing reports, statements, reconciliations, and other information by management is

an important control activity; management should review such information for
consistency and reasonableness. Reviews of performance provide a basis for detecting
problems. Management should compare information about current performance to
budgets, forecasts, prior periods or other benchmarks to measure the extent to which
goals and objectives are being achieved and to identify unexpected results or unusual
conditions which require follow-up. Management's review of reports, statements,
reconciliations, and other information should be documented as well as the resolution of
items noted for follow-up.

(d) Physical asset security (Preventive and Detective)

Liquid assets, assets with alternative uses, dangerous assets, vital documents, critical
systems, and confidential information must be safeguarded against unauthorized
acquisition, use, or disposition. Typically, access controls are the best way to safeguard
these assets. Examples of access controls are as follows: locked door, key pad systems,
card key system, badge system, locked filing cabinet, guard, terminal lock, computer
password, menu protection, automatic callback for remote access, smart card, and data
encryption.

Departments with capital assets or significant inventories should establish perpetual

inventory control over these items by recording purchases and issuances. Periodically, the
items should be physically counted by a person who is independent of the purchase,
authorization and asset custody functions, and the counts should be compared to balances
per the perpetual records.

Missing items should be investigated, resolved, and analyzed for possible control
deficiencies; perpetual records should be adjusted to physical counts if missing items are
not located.

(e) Segregation of duties (Preventive and Detective)

139

AUDITING
No one person should initiate the transaction, approve the transaction, record the
transaction, reconcile balances, handle assets and review reports.
Segregation of duties is critical to effective internal control; it reduces the risk of both
erroneous and inappropriate actions. In general, the approval function, the
accounting/reconciling function, and the asset custody function should be separated
among employees. When these functions cannot be separated, due to small department
size, a detailed supervisory review of related activities is required as a compensating
control activity. Segregation of duties is a deterrent to fraud because it requires collusion
with another person to perpetrate a fraudulent act.
Specific examples of segregation of duties are as follows:
 The person who requisitions the purchase of goods or services should not be the
person who approves the purchase.
 The person who approves the purchase of goods or services should not be the
person who reconciles the monthly financial reports.
 The person who approves the purchase of goods or services should not be able to
obtain custody of checks.
 The person who maintains and reconciles the accounting records should not be
able to obtain custody of checks.
 The person who opens the mail and prepares a listing of checks received should
not be the person who makes the deposit.
 The person who opens the mail and prepares a listing of checks received should
not be the person who maintains the accounts receivable records.

2.4 Information and Communication

Information and communication are essential to effecting control; information about an

organization's plans, control environment, risks, control activities, and performance must
be communicated up, down, and across an organization. Reliable and relevant
information from both internal and external sources must be identified, captured,
processed, and communicated to the people who need it--in a form and timeframe that is
useful. Information systems produce reports, containing operational, financial, and
compliance-related information that makes it possible to run and control an organization.

Information and communication systems can be formal or informal. Formal information

and communication systems--which range from sophisticated computer technology to
simple staff meetings-should provide input and feedback data relative to operations,
financial reporting, and compliance objectives; such systems are vital to an organization's
success. Just the same, informal conversations with faculty, students, customers,
suppliers, regulators, and employees often provide some of the most critical information
needed to identify risks and opportunities
When assessing internal control over a significant activity (or process), the key questions
to ask about information and communication are as follows:

 Does our company get the information it needs from internal and external sources
in a form and timeframe that is useful?

140

AUDITING
  Does our company get information that alerts it to internal or external risks (e.g.,
legislative, regulatory, and developments)?

 Does our company get information that measures its performance-information

that tells the company whether it is achieving its operations, financial reporting,
and compliance objectives?

 Does our company identifies, capture, process, and communicate the information
that others need (e.g., information used by our customers or other companies)-in a
form and timeframe that is useful?

 Does our company provide information to others that alerts them to internal or
external risks?

 Does our company communicate effectively--internally and externally?

Information and communication are simple concepts. Nevertheless, communicating with

people and getting information to people in a form and timeframe that is useful to them is
a constant challenge. When completing a Business Controls Worksheet for a significant
activity (or process) in a department, evaluate the quality of related information and
communication systems.

2.5 Monitoring

Monitoring is the assessment of internal control performance over time; it is

accomplished by ongoing monitoring activities and by separate evaluations of internal
control such as self-assessments, peer reviews, and internal audits.

The purpose of monitoring is to determine whether internal control is adequately

designed, properly executed, and effective. Internal control is adequately designed and
properly executed if all five internal control components (Control Environment, Risk
Assessment, Control Activities, Information and Communication, and Monitoring) are
present and functioning as designed. Internal control is effective if management and
interested stakeholders have reasonable assurance that:

 They understand the extent to which operations objectives are being achieved.
 Published financial statements are being prepared reliably.
 Applicable laws and regulations are being compiled.

While internal control is a process, its effectiveness is an assessment of the condition of

the process at one or more points in time.
Just as control activities help to ensure that actions to manage risks are carried out,
monitoring helps to ensure that control activities and other planned actions to effect
internal control are carried out properly and in a timely manner and that the end result is
effective internal control.

141

AUDITING
Ongoing monitoring activities include various management and supervisory activities
that evaluate and improve the design, execution, and effectiveness of internal control.
Separate evaluations, on the other hand, such as self-assessments and internal audits, are
periodic evaluations of internal control components resulting in a formal report on
internal control.

Company employees perform self-assessments; internal auditors who provide an

independent appraisal of internal control perform internal audits.

Management's role in the internal control system is critical to its effectiveness. Managers,
like auditors, don't have to look at every single piece of information to determine that the
controls are functioning and should focus their monitoring activities in high-risk areas.

The use of spot checks of transactions or basic sampling techniques can provide a
reasonable level of confidence that the controls are functioning as intended.

The importance of internal control and risk management

 A company’s system of internal control has a key role in the management of risks
that are significant to the fulfillment of its business objectives. A sound system of
internal control contributes to safeguarding the shareholders’ investment and the
company’s assets.
 Internal control facilitates the effectiveness and efficiency of operations, helps
ensure the reliability of internal and external reporting and assists compliance
with laws and regulations.
 Effective financial controls, including the maintenance of proper accounting
records, are an important element of internal control. They help ensure that the
company is not unnecessarily exposed to avoidable financial risks and that
financial information used within the business and for publication is reliable.
They also contribute to the safeguarding of assets, including the prevention and
detection of fraud.

3. Internal Controls of Information Systems

Employees use a variety of information systems: mainframe computers, local area and
wide area networks of minicomputers and personal computers, single-user workstations
and personal computers, telephone systems, video conference systems, etc. The need for
internal control over these systems depends on the criticality and confidentiality of the
information and the complexity of the applications that reside on the systems. There are
basically two categories of controls over information systems, general controls and
application controls.

3.1 General Controls

General controls apply to entire information systems and to all the applications that reside
on the systems.

142

AUDITING
General Controls Include:
 Access Security, Data & Program Security, Physical Security
 Software Development & Program Change Controls
 Data Center Operations
 Disaster Recovery

General controls consist of practices designed to maintain the integrity and availability of
information processing functions, networks, and associated application systems. These
controls apply to business application processing in computer centers by ensuring
complete and accurate processing. These controls ensure that correct data files are
processed, processing diagnostics and errors are noted and resolved, applications and
functions are processed according to established schedules, file backups are taken at
appropriate intervals, recovery procedures for processing failures are established,
software development and change control procedures are consistently applied, and
actions of computer operators and system administrators are reviewed.

Additionally, these controls ensure that physical security and environmental measures are
taken to reduce the risk of sabotage, vandalism and destruction of networks and computer
processing centers.

Finally, these controls ensure the adoption of disaster planning to guide the successful
recovery and continuity of networks and computer processing in the event of a disaster.

3.2 Application Controls

Applications are the computer programs and processes, including manual processes that
enable us to conduct essential activities; buying products, paying people, accounting for
research costs, and forecasting and monitoring budgets.

Application controls apply to computer application systems and include input controls
(e.g., edit checks), processing controls (e.g., record counts), and output controls (e.g.,
error listings), they are specific to individual applications.

Application controls include programmed procedures within application software and

consists of:

(a) Input Controls (Data Entry): these include

 Authorization
 Validation
 Error Notification and Correction
(b) Processing Controls
(c) Output Controls

They consist of the mechanisms in place over each separate computer system that ensures
that authorized data is completely and accurately processed. They are designed to
prevent, detect, and correct errors and irregularities as transactions flow through the

143

AUDITING
business system. They ensure that the transactions and programs are secured, the systems
can resume processing after some business interruption, all transactions are corrected and
accounted for when errors occur, and the system processes data in an efficient manner.

Electronic Data Interchange, Voice Response, and Expert Systems are types of
applications that may require certain controls in addition to general application controls.
When a company decides to purchase or develop an application, company personnel must
ensure the application includes adequate application controls: (1) input controls, (2)
processing controls, and (3) output controls.

Input controls ensure the complete and accurate recording of authorized transactions by
only authorized users; identify rejected, suspended, and duplicate items; and ensure
resubmission of rejected and suspended items. Examples of input controls are error
listings, field checks, limit checks, self-checking digits, sequence checks, validity checks,
key verification, matching, and completeness checks.

Processing controls ensure the complete and accurate processing of authorized

transactions. Examples of processing controls are run-to-run control totals, posting
checks, end-of-file procedures, concurrency controls, control files, and audit trails.

Output controls ensure that a complete and accurate audit trail of the results of processing
is reported to appropriate individuals for review. Examples of output controls are listings
of master file changes, error listings, distribution registers, and reviews of output.

If a company has applications that are critical to its success, then company personnel
must ensure that application controls reduce input, processing, and output risks to
reasonable levels.

3.3 Application Controls: End User Computing

Twenty years ago, an information systems professional was needed to operate a

computer.

Today company personnel can obtain and use information on the computer themselves.
Some of the common applications used by companies are word processing, desktop
publishing, spreadsheets, database management systems, graphics programs, electronic
mail, project management, scheduling software, and mainframe-based query systems that
are used to generate reports. In addition to computer applications, companies use other
information systems applications such as voice mail and video conferencing.

Advancing technology enables departments to purchase or develop information systems

and applications, shifting certain general control responsibilities from the centralized
information systems department to end-user departments. This often happens in the move
from the mainframe to a client-server environment.

144

AUDITING
The end-user department becomes responsible for segregation of duties within the
company's information systems environment, backup and recovery procedures, program
development and documentation controls, hardware controls, and access controls. If a
company has end-user information systems that are critical to its success, then company
personnel must ensure that application and general controls reduce information systems
risks to reasonable levels.

4 Inherent limitations of internal controls

It is important to learn that internal controls have certain limitations. The limitations
include:
a) Cost v benefit. The cost of establishing a system of internal control may be
greater than the benefits. To take a ridiculous example, it’s very unlikely that
anyone is going to establish a system of internal control over the issue of
paperclips or envelopes. The amount of management time taken up with
authorizing trivial amounts of expenditure simply makes it uneconomic. At some
stage however the benefits may outweigh the costs and for example it comes to
photocopying many organizations do have some sort of authorization or at least
accounting system to track who uses most of the photocopying resource.

b) Human error. For example, one person makes out an invoice using the wrong
selling price and another one checks it and doesn’t see the error, this is always a
possibility even in the best regulated circumstances.

c) Collusion. Where two or more cooperate to get around the internal control system,
the collusion might be to carry out a fraud or it might be to cover up some error
that was made. The more segregated duties are, the more people it would need to
collude to carry out an entire transaction.

d) Bypass of controls. Say someone has forgotten to order a vital piece of equipment
and that to speed matters up, instead of getting the proper authorization for the
purchase; they issue the purchase order without that authorization. They are
bypassing the controls: it may be done with the best possible intentions, but if
bypass of controls becomes too common essentially the controls are not operating.

e) Non-routine transactions. These are transactions that are so rare that no system of
internal control has been devised. An example can be the disposal of fixed assets.
Many fixed assets are scrapped when they are disposed of, and to establish a
system of internal control might not have been thought worthwhile. However,
occasionally a fixed asset with a substantial value might be disposed of, and if
there is no system for getting the right price and for ensuring that the proceeds
come to the organization, then there is a possibility that those transactions are not
properly recorded.

145

AUDITING
End of chapter questions

Question One
Define a system of internal controls. 3 Marks
State four components of internal controls and give relevant examples 5 Marks
Explain any four limitations of internal controls. 4 Marks
12 Marks

146

AUDITING
 CHAPTER 10

TEST OF INTERNAL CONTROLS

Topic list

1. The sales system

2. The purchases system
3. The inventory system
4. The payroll system
5. Cash and banking system
6. Non-current assets
7. Controls in small entities
8. Reporting control weaknesses

Learning outcomes

By the end of this chapter, students should be able to:

 Identify internal control objectives

 Describe internal controls for an organization in a given scenario

 Explain the testing of controls in various aspects.

 Explain how internal control weaknesses are reported to those charged with
governance

Introduction

This chapter will look at how tests of controls might be applied in practice. Major
components of a typical accounting system, as listed above will also be examined.

The auditors must establish what the accounting system and the system of internal control
consist of. The auditors will then decide which controls, if any, they wish to rely on and
plan tests of controls to obtain the audit evidence as to whether such reliance can be
warranted. For each of the transaction systems we will look at the system objectives the
auditors will bear in mind while assessing the internal controls and give examples of
common controls. The chapter also covers 'standard' programme of tests of controls.
Controls in small entities as well as reporting of control weaknesses to management will
also be considered.

147

AUDITING
 1 The sales and receivables system
Sales and receivables system can be illustrated by the diagram below

The Sales and Receivable System

order taken  order 
documented 

payment 
received  order made 

invoice sent 
Debit  Note 
Raised 

invoiced 
invoice 
raised/ goods 
accounted  for 
sent 

The table below shows the stages, control objectives, internal controls and test of controls in the sales and
receivables systems.

Area Control objective Control Test of control

To ensure that:
Ordering • goods are • segregation of • Confirm
and supplied to credit duties segregation of
granting of worthy customers duties
credit
• customers are • authorisation of • Review new
encouraged to pay credit terms customers for
promptly authorisation of
credit limits
• orders are • Orders accepted • Match debtor
recorded correctly from credit worth balances with
customers credit limits
• sequential • Check sequential
numbering of blank numbering of
pre-printed book copies of
documents documents

Invoicing • all goods and • authorisation of • Check

services are delivery notes authorisation
correctly invoiced
• all invoices raised • Examination of • Match delivery
relate to goods and goods outwards notes with
services supplied invoices

148

AUDITING
 • Recording of goods
outwards
• pre-numbering of • Check
dispatch notes numerical
sequences
• Signatures of • Check
delivery notes signatures

Accounting • all sales which have • Segregation of • Confirm

for invoices been invoiced are duties segregation of
accounted for duties
• all credit notes which • Recording of sales
have been issued are invoices
recorded
• Matching of cash • Trace invoices
receipts and invoices to cash receipts
• Regular preparation • Confirm
of trade receivables preparation
statements
• Authorisation of • Confirm
write offs authorisation of
write offs by
authorised
personnel

Question
You are the auditor of Anansi ndi nkhondo Stationery, and you have been asked to
suggest how audit work should be carried out on the sales system.

Anansi ndi nkhondo Stationery Ltd sells stationery to shops. Most sales are to small
customers who do not have a sales ledger account. They can collect their purchases and
pay by cash. For cash sales:

(a) The customer orders the stationery from the sales department, which raises a pre-
numbered multicopy order form.
(b) The dispatch department make up the order and give it to the customer with a copy
of the order form.
(c) The customer gives the order form to the cashier who prepares a hand-written sales
invoice.
(d) The customer pays the cashier for the goods by cheque or in cash.
(e) The cashier records and banks the cash.

Required

(a) State the deficiencies in the cash sales system.

(b) Describe the systems-based tests you would carry out to audit the controls over the
system.
Answer
Answer

149

AUDITING
(a) Deficiencies in the cash sales system

 The physical location of the dispatch department and the cashier are not
mentioned here, but there is a risk of the customer taking the goods
without paying. The customer should pay the cashier on the advice note
and return for the goods, which should only be released on sight of the
paid invoice.

 There is a failure in segregation of duties in allowing the cashier to both

complete the sales invoice and receive the cash as he could perpetrate a
fraud by replacing the original invoice with one of lower value and
keeping the difference.

 No-one checks the invoices to make sure that the cashier has completed
them correctly, for example by using the correct prices and performing
calculations correctly.

 The completeness of the sequence of sales invoices cannot be checked

unless they are pre-numbered sequentially and the presence of all the
invoices is checked by another person. The order forms should also be
pre-numbered sequentially.

 There is no check that the cashier banks all cash received, and this is a
further failure of segregation of duties.

If the sales department prepared and posted the invoices and also posted the cash for cash
sales to a sundry sales account, this would solve some of the internal control problems
mentioned above.

In addition, the sales department could run a weekly check on the account to look for
invoices for which no cash had been received. These could then be investigated.
All of these deficiencies, and possible remedies, should be reported to management.

(b) Tests

 Select a sample of order forms issued to customers during the year. Trace the
related sales invoice and check that the details correlate (date unit amounts etc).
The customer should have signed for the goods and this copy should be retained
by the dispatch department.

 For the sales invoices discovered in the above test, I would check that the correct
order form number is recorded on the invoice, that the prices used are correct (by
reference to the prevailing price list) and that the castings and cross-castings are
correct.
 I would then trace the value of the sales invoices to the cash book and from the

150

AUDITING
 cash book that the total receipts for the day have been banked and appear
promptly on the bank statement.
 I would check that the sales invoices have been correctly posted to cash or sundry
sales account. For any sales invoices missing from this account (assuming they
are sequentially numbered), I would trace the cancelled invoice and check that the
cancelled invoice was initialed by the customer and replaced by the next invoice
in sequence.
 Because of the weaknesses in the system I would carry out the following
sequence checks on large blocks of order forms/invoices, eg four blocks of 100
order forms/invoices.

(1) Inspect all order forms to ensure all present; investigate those missing
(2) Match sales invoices to order forms
(3) Check all sales invoices in a sequence have been used; investigate any missing
(4) Cash for each sales invoice has been entered into the cash book

Using the results of the above tests I would decide whether the system for cash sales has
operated without material fraud or error. If I am not satisfied that it has then this may
impact on the audit

2 The purchases and payables system

The table below shows the stages, control objectives, internal controls and test of
controls in the purchases and payables systems.

Control Objectives Control Procedures Audit Tests of Controls

To ensure that:
Ordering  orders and  Control policy for the  Check that all purchases
expenditure for choice of suppliers have been authorized at
goods are appropriate level
properly  Production of evidence
authorized. for the requirement of  Check against purchase
purchases ie. purchase requisitions.
 goods ordered requisition
are for the authorization.  Test-check number
benefit of the sequence of order forms
entity  Maintenance of pre- and requisitions and
numbered order forms enquire into any missing
 orders are only and safeguarding blank numbers.
made to ones.
authorized  Check whether client staff
suppliers  Review of orders not responsible for purchases
received. shop around before
 orders are made selecting suppliers.
at competitive  Constant monitoring of
prices supplier terms
Receiving To ensure that;
goods and  Goods received  Goods received should  Check if invoices for goods
invoices are used for the be checked for are supported by goods
organization’s quantity, quality and received notes
purpose. conditions.

151

AUDITING
  Trace entries into stock
 goods are only  Recording of goods in records
accepted if they pre numbered goods
were ordered and received notes.  Trace entries of goods
orders were returned
authorized.  Comparison of goods
received notes and  Check entries and additions
 goods received purchase orders. into the purchase day book
are accurately and the purchases ledger.
recorded.  Recording of goods
returned.  Test number sequence of
 liability is goods received notes and
recognized for  Checking of supplier enquire into missing
goods received. invoices against orders numbers
for quantity, prices and
discounts if any.  Obtain explanations for
unusual and long
outstanding items
Maintaining To ensure that;
accounting  all expenditure is  Segregation of duties  Verify recording of
records authorized and is between ordering, invoices and credit notes
for goods receiving and
received. accounting  Check calculations and
cross reference with
 all expenditure is  Prompt recording of authorization for payments
recorded purchases and returns
correctly.  Check postings to the
 Regular maintenance ledger and test check
 all credit notes of purchases ledger castings and ledger
received are balances
recorded.  Comparison of
supplier statements  Note any contra entries to
 antries are made with purchases ledger the sales ledger
to correct balances
accounts.  Check that control
 Review of allocation accounts are maintained
 aut-off is applied of expenditure and regularly reconciled
correctly with the purchases ledger
 Reconciliation of
control accounts with  Note any unusual items and
purchases ledger obtain explanations from
balances management.

4. The inventory system

Below

Area Control objective Control Test of control

To ensure that:
Recording  all inventory  Segregation of  Confirm
movements, duties segregation of
authorisation & duties
recorded
 inventory records  Receipting,  Trace goods

152

AUDITING
 include items checking & received notes
belonging to client recording of (GRN) to bin
goods cards
 records include  Inventory counts  Confirm
inventory that exists inventory
counts take
place.
 cut off procedures  Maintenance of  Trace delivery
are properly applied inventory notes to bin
to inventory records i.e. cards
Ledger, bin
cards,
Transfer records
 check sequence
of records

Protection  inventory is safe  Restricted access  Consider

of inventory guarded (against to stores environment
loss, damage etc)  Observe
security
arrangements
 Controls over
stores
environment ie
right
temperature
 Inventory counts  Obtain counts,
check evidence
of
reconciliation
of counts with
book balances

Valuation  Inventory is  Computation of  Obtain cost

of inventory properly valued inventory sheets,
valuation  Check
valuation
 Slow moving,  Review of  Review records
damaged and inventory
obsolete inventory records
is provided for

Inventory  Reasonable levels  Control over  Check records

holding of inventory are inventory levels
held .
o Maximum
inventory levels
o Minimum
inventory limits
o Re-order levels

153

AUDITING
 5. The payroll system

The table below shows the stages, control objectives, internal controls and test of controls
in the payroll systems.

Area Control objective control Tests of control

To ensure that:
Setting of wages and  employees are  Segregation of  Check authorisation of
salaries paid for work duties changes in rates of pay
done

 gross pay has  Maintenance of  Check starters and

been calculated personal records leavers are formalised
correctly in writing
 Authorisation  Trace gross pay to
personnel records
 Recording of
transactions

Recording of wages  gross and net  Authorisation  Trace monthly payroll

and salaries pay deductions to general ledger
are correctly
computed
 wages and  Review of  Check reconciliations
salaries are computation (list to G/L)
correctly
recorded in the
general ledger

Payment of wages  Correct  Segregation of

and salaries employees duties
 Authorisation of  Check authorisation
wage cheque
 Custody of cash  Check unclaimed wages
 Verification of  Arrange to attend salary
identity pay out
  Check if employees sign
for cheques, produce
identity

Deductions  Deductions have  Reconciliation of  Re-perform

been calculated total pay and computation
correctly deduction
 Correct taxes,  Surprise cash  Ensure correct payments
pensions etc are counts to taxation authorities
remitted to
respective
departments
 Comparison of
actual pay with
budget

154

AUDITING
Question

A small manufacturing company, Delux, pays its staff by cash and bank transfer. The payroll department
consists of a payroll clerk who maintains its payroll on a stand-alone computer. The payroll clerk is
supervised by the Chief Accountant, who in turn reports to the managing Director. You are the auditor of
Delux.

For the payroll department of Delux, describe the internal control objectives that should be in place.

Answer
Internal control objectives
 Only genuine staff are paid for work performed
 Gross pay has been calculated and recorded accurately
 Deductions from gross pay are calculated and recorded accurately
 Correct employees are paid what they are entitled to
 Wages and salaries paid are accurately recorded in the bank and cash records
 Right amounts due in respect of tax are paid to the revenue authority on a timely basis

6. Table of Tests and evaluations of controls over Cash/Bank

The table below shows the stages, control objectives, internal controls and test of controls over
cash and bank systems.
Control Objectives Control Procedures Audit Tests of Controls
To ensure that;  Segregation of duties  Verify cash sales with till
Receipts of  All money between those involve in rolls and pay-in slips.
Money received is executing and dealing
(cash and properly with money.  Verify that takings are
cheques) recorded. banked intact and promptly.
 Restriction of receipts
 Money and recording to some  Check any payments out of
received is individuals only. receipts
banked
promptly.  Agreements and  Observe that cheques
investigations of received over the post are
 Cash and discrepancies such as immediately crossed.
cheques are shortages.
properly  Verify cash/cheques
safeguarded  Safeguarding mail received with invoices or
against loss or receipts from goods delivered to
theft. interception, protection customers.
by crossing cheques, and
have a responsible person  Check postings to the
to supervise mail. ledgers’

 Appropriate custody of  Check whether regular bank

cash and cheques, receipt reconciliations are carried
books, daily banking and out with the cashbook.
holiday arrangements.
 Check and investigate into
 Limitation of direct any unusual items
payments out of cash
received.

 Supervision of cash

155

AUDITING
 counts by management.

 Regular bank
reconciliations

 Appropriate security on
transportation of large
amounts of cash
To ensure that;  Authorization of  Check payments to
expenditure by supporting documents
Payment of  all payments appropriate staff
money are properly  Check authorization of
authorized.  Appropriate supporting payments through
documentation for such signatures on payment
 aayments are payments vouchers.
recorded and
made to the  Limitation of only minor  Check number sequence of
right payments through petty vouchers and cheques and
recipients. cash. enquire into missing ones.

 security of  Secure custody of cash  Verify whether the

cash blank and cheques and authorized cash float is
cheques and limitation of cash maintained and whether the
other advances to employees, imprest system is properly
accountable IOU and cheque cashing. followed
documents
 Maintenance of numerical  Agree payees and cheques
 payments are sequence of vouchers and paid.
only made cheques, including
once for items cancelled ones  Check postings and castings
or services. in the cashbook.
 Prohibition of pre-signing
cheques  Rebalance the cashbook and
re-perform bank
 Recording payment in the reconciliations.
cashbook and posting to
the appropriate accounts  Enquire into any
in the ledger expenditure that looks
unusual.

7. Controls over Non-Current Assets

The auditor should assess the adequacy and effectiveness of internal control procedures
over non-current assets as follows:
 Check whether management have established on overall policy over acquisition,
operation and disposal of the assets.
 Check authorization of acquisition and disposal of assets at appropriate level of
management, through verification of signatures.
 Verify whether assets are deployed to proper use as intended by the entity’s
management and unsure that they are insured from any danger (damage, loss etc)
 Check whether assets are properly maintained as per manufacturers or dealers
recommendations and that maintenance is carried out by competent persons of
firms.

156

AUDITING
  Check whether appropriate segregation of duties are instituted between those
involved in different functions covering non-current assets.
 For direct income generating assets, ensure all the income is appropriately
accounted for.
Verify that all assets are appropriately or adequately insured against possible risks they
may be exposed to.

8. Controls in small entities

Application and effectiveness of internal controls may be difficult in small entities set up.
This could be due to a number of reasons.

Financial resources:
Small entities have limited resources such that not much of the resources can be
committed to implement a comprehensive set of controls even if they were necessary for
proper running the entities.

Segregation of duties:
It is not necessary for a small entity to be expected to employ more than an adequate
number of staff. A single person may be responsible and manage to handle multiple tasks,
some of which would have been segregated between more people to reduce the risk of
fraud and errors (ie, it is common o note that one person is responsible for all
procurement, all receipts and payments and maintenance of records)

Owner-managed small entities

In such entities there is less information gap, such that a need may not be felt to maintain
an elaborate control systems and records by managers. In addition, some owner-managers
often feel that some information should remain personal and there is often a tendency
overriding of controls.

On the other hand, one expects more commitment from management, and the day to day
involvement in running the entity may reduce the risk of fraud by employees.

Below are some of the typical controls in a small entity

Area Minimum control
Mail  All mail should be opened by either proprietor or someone
independent of accounts

Receipts  All cheques/postal orders received to be counted before handing

over to cashier

 All cheques/postal orders should be crossed

157

AUDITING
Banking  Cash should be banked intact
 Regular reconciliation of receipts and banking

Payments  All payments (except small/petty cash) should be made by

cheque
 All cheques to be signed by designated signatories
 Petty cash to be controlled by imprest system

Bank statement  Bank statements /and paid cheques to be sent directly to the
proprietors

 Bank reconciliation to be prepared

Orders  Should be serially numbered

 Should be approved

9. Reporting control weaknesses

ISA 265 Communicating deficiencies in internal control to those charged with

governance and management sets out guidance on internal control deficiencies. Many
external auditors produce a report to management as a by-product of an external audit,
listing any deficiencies they have found in systems and making recommendations for
improvements. The report to management may also be referred to as the
management letter, letter of weakness or letter on internal control.

8.1 The report to management

Recommendations regarding internal control are a by-product of the audit of the financial
statements, not a primary objective, but nonetheless are frequently of great value to a
client. The auditors shall communicate with those charged with governance any material
deficiencies in the design, implementation or operating effectiveness of internal control
which have come to their attention during the course of the audit. This shall be done on
timely basis.

When auditors prepare a written communication on internal control matters, the

following points should be considered:

(a) It should not include language that conflicts with the opinion expressed in the
auditor’s report.
FAST FORWARD
(b) It should state that the accounting and internal control system were considered only
to the extent necessary to determine the auditing procedures to report on the financial

158

AUDITING
statements and not to determine the adequacy of internal control for management
purposes or to provide assurances on the accounting and internal control systems.

(c) It will state that it discusses only deficiencies in internal control which have come to
the auditors' attention as a result of the audit and that other deficiencies in internal control
may exist.

(d) It should also include a statement that the communication is provided for use only by
management (or another specific named party).

After the above items and the auditors' suggestions for corrective action are
communicated to management, the auditors will usually ascertain the actions taken,
including the reasons for those suggestions rejected. The auditors may encourage
management to respond to the auditors' comments in which case any response can be
included in the report.

The significance of findings relating to the accounting and internal control systems may
change with the passage of time. Suggestions from previous years' audits which have not
been adopted, if any, should normally be repeated or referred to.

8.1.1 Example report to management

This is an example of a report to management or letter on internal control which

demonstrates how the principles described above might be put into practice.

ABC
Chartered Accountants
Global House
Blantyre

1 April 20X8

The Board of Directors

Manufacturing Ltd
Blantyre

Members of the board,

Financial statements for the year ended 31 May 20X8

We set out in this letter certain matters which arose as a result of our review of the accounting systems and
procedures operated by your company during our recent interim audit. The matters dealt with in this letter
came to our notice during the conduct of our normal audit procedures which are designed primarily for the
purpose of expressing our opinion on the financial statements. Consequently our work did not encompass a
detailed review of all aspects of the system and cannot be relied on necessarily to disclose defalcations or
other irregularities or to include all possible improvements in internal control.

Purchases: ordering procedures

159

AUDITING
Deficiency
During the course of our work we discovered that it was the practice of the stores to order certain goods
from X Co orally without preparing either a purchase requisition or purchase order.

Implication
There is therefore the possibility of liabilities being set up for unauthorised items and at a non-competitive
price.

Recommendation
We recommend that the buying department should be responsible for such orders and, if they are placed
orally, an official order should be raised as confirmation.

Payables ledger reconciliation

Deficiency
Although your procedures require that the payables ledger is reconciled against the control account on the
nominal ledger at the end of every month, this was not done in December or January.
331
Implication
The balance on the payables ledger was short by some K500,000 of the nominal ledger control account at
31 January 20X8 for which no explanation could be offered. This implies a serious breakdown in the
purchase invoice and/or cash payment batching and posting procedures.

Recommendation
It is important in future that this reconciliation is performed regularly by a responsible official independent
of the day-to-day payables ledger, cashier and nominal ledger functions.

Receivables ledger: credit control

Deficiency
As at 28 February 20X8 trade receivables accounted for approximately 12 weeks of sales, although your
standard credit terms are cash within 30 days of statement, equivalent to an average of about 40 days (6
weeks) of sales.

Implication
This has resulted in increased overdraft usage and difficulty in settling some key suppliers' accounts on
time.

Recommendation
We recommend that a more structured system of debt collection be considered using standard letters and
that statements should be sent out a week earlier if possible.

Preparation of payroll and maintenance of personnel records

Deficiency
Under your present system, just two members of staff are entirely and equally responsible for the
maintenance of personnel records and preparation of the payroll. Furthermore, the only independent check
of any nature on the payroll is that the chief accountant confirms that the amount of the wages cheque
presented to him for signature agrees with the total of the net wages column in the payroll. This latter check
does not involve any consideration of the reasonableness of the amount of the total net wages cheque or the
monies being shown as due to individual employees.

Implication
It is a serious weakness of your present system that so much responsibility is vested in the hands of just two

160

AUDITING
people. This situation is made worse by the fact that there is no clearly defined division of duties as
between the two of them. In our opinion, it would be far too easy for fraud to take place in this area (eg by
inserting the names of 'dummy workmen' into the personnel records and hence on to the payroll) and/or for
clerical errors to go undetected.

Recommendations
(i) Some person other than the two wages clerks be made responsible for maintaining the personnel records
and for periodically (but on a surprise basis) checking them against the details on the payroll.

(ii) The two wages clerks be allocated specific duties in relation to the preparation of the payroll, with each
clerk independently reviewing the work of the other.

(iii) When the payroll is presented in support of the cheque for signature to the chief accountant he should
be responsible for assessing the reasonableness of the overall charge for wages that week.
Our comments have been discussed with your Finance Director and the Chief Accountant and these
matters will be considered by us again during future audits. We look forward to receiving your
comment on the points made.

This letter has been produced for the sole use of your company. It must not be disclosed to a third party, or
quoted or referred to, without our written consent. No responsibility is assumed by us to any other person.
We should like to take this opportunity of thanking your staff for their co-operation and assistance during
the course of our audit.

Yours faithfully

ABC Chartered Accountants

End of chapter questions

You are one of the members of an audit team of your firm carrying out an audit of Lifuwu
Manufacturers Ltd, which purchases a number of raw materials for manufacturing its
finished products. In addition it also purchases other items for direct resale.

You have been assigned by your manager to carry out appropriate audit work to provide
an assurance over the sales system and year-end sales and receivables balances for credit
sales.

Required:
a) Give two respective control objectives and control procedures that you would expect to
find over the sales and receivables system, and the auditor’s tests to evaluate their
effectiveness with respect to:
i. Acceptance of orders 4 Marks
ii. Dispatch of goods and invoicing 4 Marks
iii. Maintenance of accounting records 4 Marks

b) What audit tests would you carry out to assess the validity and accuracy of the year-end
sales and receivables balances. 4 Marks

161

AUDITING
c) It is the company’s policy to maintain a minimum level of inventories of finished goods
and raw materials. However, recent increase in demand has made Lifuwu Manufacturers
Ltd to experience stock-outs. In some instances goods have been dispatched to customers
straight from the manufacturing plant without being recorded in the finished goods
account or sent through the company’s warehouse

Required:

Explain any problem with this development, possible implications if any, and your
recommendation to management. 4 Marks
(TOTAL : 20 MARKS)

162

AUDITING
 SECTION E
Substantive testing

163

AUDITING
 CHAPTER 11

AUDIT EVIDENCE AND SAMPLING

Topic list

1 Audit Evidence and Documentation

2 Audit Sampling

Learning outcomes.

By the end of this session, students should be able to:

Audit evidence and documentation:

 Explain the assertions contained in the financial statements
 Explain the principles and objectives of transaction testing, account balance testing
and disclosure testing
 Explain the use of assertions in obtaining audit evidence
 Discuss the sources and relative merits of the different types of evidence
 available
 Discuss the quality of evidence obtained

Audit sampling and other means of testing:

 Define audit sampling and explain the need for sampling
 Identify and discuss the differences between statistical and non-statistical sampling
 Discuss and provide relevant examples of the application of the basic principles of
statistical sampling and other selective testing procedures
 Discuss the results of statistical sampling, including consideration of whether
additional testing is required

Introduction

This chapter discusses audit evidence by considering practical issues concerning audit
evidence. It also discusses sample selection methods and evaluates sample results.

164

AUDITING
1 Audit evidence and documentation

1.1 Audit evidence

Audit evidence is all the information used by the auditor in arriving at the conclusion on
which the audit opinion is based. Audit evidence is any information that corroborates or
refutes an assertion. Audit evidence includes the information contained in the accounting
records underlying the financial statements and other information.

Sufficient appropriate audit evidence must be obtained by performing audit procedures to

afford a reasonable basis for an opinion regarding the financial statements under audit.

Management assertions embodied in financial statements

Management assertions or financial statement assertions is the set of information that the
preparer of financial statements (that is management) is providing to another party.

When directors or management produce financial statements, they assert that the
individual items are correctly described and are showing figures which are
mathematically correct or fairly stated and above all, the financial statements show a true
and fair view.

The following are the financial statements (management) assertions.

 Existence or Occurrence--Assets, liabilities, and owners’ equity accounts reflected in

the financial statements exist; the recorded transactions have occurred.

 Completeness--All transactions, assets, liabilities, and elements of owners’ equity that

should be presented in the financial statements are included.

 Rights and Obligations--The client has rights to assets and obligations to pay
liabilities that are included in the financial statements.

 Valuation or Allocation--Assets, liabilities, owners’ equity, revenues, and expenses

are presented at amounts that are determined in accordance with generally accepted
accounting principles.

 Presentation and Disclosure--Accounts are described and classified in the financial

statements in accordance with generally accepted accounting principles and all
material disclosures are provided.

 Accuracy – Amounts and other data relating to recorded transactions have been
recorded properly.

 Cutoff – Transactions have been recorded in the proper accounting period.

165

AUDITING
All these assertions can be alternatively categorized into three broad categories as below.

i Transactions

 Occurrence — the transactions actually took place.

 Completeness — all transactions that should have been recorded have been recorded.

 Accuracy — the transactions were recorded at the appropriate amounts.

 Authorization — all transactions were properly authorized.

 Cutoff — the transactions have been recorded in the correct accounting period.

 Classification — the transactions have been recorded in the proper accounts.

ii Accounts balances

 Existence — assets, liabilities and equity balances exist.

 Rights and Obligations — the entity holds or controls the rights to its assets and
owes obligations to its liabilities.
 Completeness — all assets, liabilities and equity balances that should have been
recorded have been recorded.

 Valuation and Allocation — assets, liabilities and equity balances are included in
the financial statements at appropriate amounts and any resulting valuation or
allocation adjustments are appropriately recorded.

iii Presentation and disclosure

 Occurrence — the transactions have occurred.

 Rights and Obligations — the transactions pertained to the entity.

 Completeness — all disclosures that should have been included in the financial
statements have been included.
 Classification and Understandability — financial statements are appropriately
presented and described, and information in disclosures is clearly expressed.

 Accuracy and Valuation — financial and other information is disclosed fairly and
at appropriate amounts.

The auditor’s attitude to each item in the accounts will be to identify the express and
implied assertions made by directors or management in including the item in the
accounts. The other is that the auditor must evaluate each assertion for relative

166

AUDITING
importance to assess quality and quantity of evidence required; the auditor will collect the
evidence and all information necessary to conduct the audit.

Types of Audit Evidence

The following are the types of audit evidence.

 Physical evidence: This is evidence that can actually be seen by auditors. This
involves examination of physical assets, witnessing the internal control and
bookkeeping procedures being carried out. This type of evidence is generally
effective for supporting the existence assertion.

 Third-party representations: These are testimonies from independent third parties.

They include third party representations, debtors’ circularization confirmations,
lawyers’ letters and reports of specialists.

 Documentary evidence: These are findings from documentation of items recorded in

the accounts; this demonstrates that a transaction occurred. Confirmation that items
recorded in the supporting documentation are recorded in the accounting records
supports completeness.

There are three basic types of documentary evidence. There are those documents
created by outside parties and transmitted directly to auditor like bank statements;
those created by outside parties and held by client like share certificates, title deeds,
loan certificates, leases, contracts, franchises and invoices; those created and held by
client like policy documents, copy invoices and minutes of meetings and electronic
documents.

 Re computations: This is the results obtained from checking of arithmetic accuracy

of client records. Computations are performed independently by auditor and are used
to verify mathematical accuracy of client’s analyses and records.

 Results of data interrelationships: Data interrelationships (i.e., analytical

procedures) rely on plausible relationships among financial and non-financial data.
These are effective for testing reasonableness of certain account balances and can be
used as primary or corroborating evidence, depending on the nature of account.

 Client representations: These are oral and written client representations. Responses
to questions and inquiries to clients during an audit constitute audit evidence. Oral
representations are generally not sufficient as primary evidence, but may provide
corroboration for other evidence. Written representations (representation letter) are
required, but should not be used as a substitute for other audit procedures.

 Accounting records: Clients’ accounting records (e.g. ledgers and journals) may
provide worthwhile evidence in themselves. This can also include checking the
internal control system of the client.

167

AUDITING
 Results of inspection of assets: Inspection of assets that are recorded in the
accounting records confirms existence and also gives evidence about valuation.
When an asset is recorded in the accounts, it gives evidence of completeness.

 Reconciliations: Checking the reconciliations of client’s control account can provide

evidence of completeness.

 External events: The auditor should use his knowledge of current events in assessing
company’s accounts, for example, considering the value of overseas subsidiaries.

1.2 Qualities of audit evidence

Auditors are required to obtain sufficient, appropriate (valid or reliable) audit evidence to
be able to draw reasonable conclusions on which to base the audit opinion.

(a) Sufficiency or persuasiveness of audit evidence

Sufficiency of audit evidence is the measure of the quantity of the audit evidence.
There are a number of factors affecting auditor’s judgement about what is sufficient audit
evidence. The following are the factors.

(iii) The auditor’s knowledge of the business and its industry. If the auditor knows the
client and the industry of the client, he/she can collect enough evidence.

(iv) The degree of audit risk. Audit risk is the risk that auditors may give an
inappropriate opinion on the financial statements. In order to reduce this risk the
auditor should collect a lot of audit evidence. Assessment of audit risk is done by
considering nature and materiality of items in the accounts; for example,
inventory is material and difficult to measure. Furthermore there is auditor’s
experience of the reliability of the management and staff and the records. The
financial position of the client and possible management bias can also affect audit
risk.

(v) The persuasiveness of the evidence. This refers to the nature of the evidence and
whether it will influence the auditor to use it or not.

(vi) The nature of the accounting and internal control system. Weak accounting and
internal control system will influence auditors to obtain large amount of evidence.

(b) Appropriateness or reliability or validity of audit evidence

Appropriateness of audit evidence is the measure of the quality and reliability of the
evidence. Reliability can be measured based on the following factors, which are also
known as the generalizations of audit evidence.

168

AUDITING
(i) Documentary evidence. This is more reliable than oral evidence.

(ii) Evidence from outside the enterprise is more reliable than that secured from
within the enterprise.

(iii) Evidence originated by the auditor is more reliable than the one obtained from
others.

(iv) Availability of many sources to obtain the same evidence. The cumulative effect
of several evidential sources is greater than that from a single source.

(v) Original documents are more reliable than photocopies or facsimiles.

(vi) Strong internal control increases reliability of evidence created within the client
organization.

(vii) Directly obtained evidence is more reliable than evidence obtained through an
intermediary.

(c) Relevance of audit evidence

This means that evidence should be logical and sensible to the audit finding. In this way
the auditor will be able to make valid conclusions on his/her work.

(d) Usefulness of audit evidence

The evidence collected should support the goals and objectives of the audit exercise.

Basic techniques for collecting audit evidence

Audit technique refers to a method and means adopted by the auditor for collection and
evaluation of audit evidence in different situations.

The following are the audit techniques for collecting audit evidence.

Physical examination and count:

 This involves examining assets to determine their existence and valuation like
inventory.

Observation:

 Watching a procedure (e.g. physical inventory counts, distribution of wages,

opening of mail)
 Limited to the point in time when the observation takes place
 The person performing the procedure may act differently when being observed

169

AUDITING
Enquiry:

 Seeking information from knowledgeable persons inside or outside the entity,

 Evaluating responses to those enquiries, and corroborating those responses with
other audit evidence
 External confirmation, a specific type of enquiry that involves seeking
confirmation from a third party (e.g. a bank or trade receivable)

Re performance:

 Checking the mathematical accuracy of documents or records (e.g. adding up the

list of year-end trade receivables)
 Independently carrying out procedures or controls, which were originally
performed by the client (e.g. reperforming the aging of year-end trade
receivables)

Analytical procedures:

 Evaluating and comparing financial and/or non-financial data for plausible

relationships and investigating unexpected fluctuations for example, comparing
last year’s gross profit percentage to this year’s and ensuring any change is in
line with expectations

1.3 Reliance on Others’ Work

Using the Work of an Auditor’s Expert (ISA620)

An expert is a person or firm possessing special skills, knowledge and experience in a

particular field other than accountancy and auditing (for example; lawyers, engineers,
chemists etc.). Accountant/auditors are highly trained and experienced in their field but
may have limited knowledge in other fields. An expert may be engaged by the client to
provide specialized advice on certain matters, or may be engaged by the auditor to help
obtain certain evidence and assurance on certain matters regarding financial statements.

Experts may be engaged to help in matters such as;

 Valuation of certain types of assets such as land and buildings or plant and
machinery.
 Determination of quantities or physical condition of assets such as stocks.
 Determination of amounts using specialized methods and techniques such
pensions and actuaries.
 Measurement of work completed and work in progress on contracts.

170

AUDITING
  Offering professional opinion such as legal opinion etc.

When planning to use the work of an expert the auditor should assess the need,
materiality of the matter and the risk associated with the work of an expert. The auditor
should also consider the following factors;
 Expert’s professional competence in his field, by assessing professional
qualification, experience and resources of the expert.
 Independence of the expert from the client company, by assessing whether he is
an employee or not, or related in some way to the company. More independent
experts are preferable.
 The expert’s scope and quality of work, which can be carried out by assessing;
assumptions and techniques used and data sources, and the results of the expert’s
work in light of the auditor’s knowledge of the business of the client and the
results obtained by auditor’s other procedures.

Note: Even if an auditor relies on expert’s work, he is still responsible for the overall
assessment and conclusion of the audit. The auditor should not make any
reference to the work of experts in his overall conclusion. If there were any
problems in the work of an expert’s work on which the auditor placed reliance, it
is the auditor who will be answerable (refer to detection risk)

1.4 Using the work of Internal Auditors (ISA 610 -Revised)

When planning the audit procedures auditors should consider the presence and activities
of internal audit. He should assess their effect, if any, on the external audit work. While
the external auditor is still responsible for the overall audit opinion, he may rely on some
of the internal audit work to complement his.

An internal audit is an appraisal or monitoring function or activity established within an

entity to examine, evaluate and report to management on the adequacy and effectiveness
of accounting systems and internal controls. This is a non-statutory yet important
function for achieving one of the corporate governance objectives, especially in large
companies. It is mostly an established department within an entity, but the service may
also be outsourced from external firms.

Scope of Internal Audit in an Entity

The scope of internal audit may vary widely but normally include the following
activities;

171

AUDITING
  Review of accounting systems and internal controls for adequacy and
effectiveness.
 Examination of financial and operational information for accuracy and reliability.
 Review of economy, effectiveness and efficiency of business operations.
 Review the entity’s compliance with laws and regulations.
 Carry out special investigations as may be required by management from time to
time (i.e., investigations into suspected fraud)

Factors to Consider When Relying on Internal Audit Work

Reliance on some of the internal audit work might reduce the procedures the external
auditor would carry out to form conclusions. When planning to rely on internal audit
work on certain matters as source of evidence to form these conclusions, the external
auditor should assess the need, materiality of the matter and the risk associated with it.
This is so because as noted with experts’ work, the external auditor will still be
responsible for any work they rely on internal auditors. The following are some of the
factors to be considered by the external auditor when placing reliance on internal audit
work;

i. Organizational Status
Consider to whom internal auditors report (preferably to the board of directors or audit
committee of the board) and whether there exist some restriction to their work. This
would enhance or affect their operational independence.

ii. Scope of the Function

Consider the extent and nature of their assignment performed and actions taken by
management to assess the internal audit effectiveness in the entity.
iii. Technical Competence
Assess whether internal auditors are properly qualified and experienced through checking
their membership of professional bodies such ACCA, the Institute of Internal Auditors
(IIA) and other relevant bodies.

iv. Due Professional Care

Assess whether internal audit work is properly carried out such as; planning, supervision,
review and documentation and the quality of their internal audit reports

Service Organizations

A service organization is an organization, person or firm that provides services to another

organization. In modern business environment most organizations outsource some of

172

AUDITING
their non-core services or activities to outside firms such as; security, sanitation,
accounting, information technology, legal etc. instead of employing their own staff to do
them. This is done through established contracts with the outsourced firms. This can be
considered at two levels;

 Where the firm’s services are limited to recording and processing clients
transactions to the clients while the client retains authority over them (i.e.,
accounting services, tax compilation etc.).
 Where firms execute transactions and maintain accountability over them (i.e.,
most legal services and audit services)

Therefore the auditor should determine the significance of the service organization or
firm’s activities to the client and their relevance to the audit, and how he would obtain
evidence from them if necessary, especially in the second case above, such as reports and
direct confirmations including, with permission from the client, communicating directly
with service organizations auditors. Care should however be exercised to avoid
noncompliance or contravention of the professional duty of confidentiality. The auditor is
again still responsible for his conclusions even where some of the information was
obtained from client’s service organizations or their auditors.

1.5 Documentation

Auditors are required to prepare on a timely basis audit documentation that; provides a
sufficient and appropriate record of the basis of the audit report, and evidence that the
audit was performed in accordance with standards and regulatory requirement (the
Companies Act)

Audit documentation is the record of audit procedures performed, relevant audit evidence
obtained and conclusions reached. The term 'working papers' or 'work papers' are also
sometimes used.

Documentation should be in form of audit working papers, which are a record of audit
procedures performed and relevant audit evidence obtained and conclusions reached.
Audit working papers should always be sufficiently complete and detailed to enable the
reporting partner with no previous connection with the audit to subsequently ascertain
from them what work was performed and to support the conclusions reached.

Importance and purpose of Documentation

(a) It provides evidence of the auditor’s basis for a conclusion about the achievement
of the overall objective.

173

AUDITING
(b) It provides evidence that the audit was planned and performed in accordance with
ISAs and other legal and regulatory requirements.
(c) It assists the engagement team to plan and perform the audit.
(d) It assists team members responsible for supervision to direct, supervise and
review audit work
(e) It enables the team to be accountable for its work
(f) It allows a record of matters of continuing significance to be retained for future
reference.
(g) It enables the conduct of quality control reviews and inspections (both internal
and external).
(h) To ensure work delegated by the reporting partner has been properly performed.
The only source is detailed working papers prepared by the audit staff.
(i) They encourage the auditor to adopt a methodical approach.

1.5.1 Form and content of working papers

The ISA requires working papers to be sufficiently complete and detailed to provide an
overall understanding of the audit. Auditors cannot record everything they consider.
Therefore judgement must be used as to the extent of working papers, based on the
following general rule:

General rule
Good audit documentation is one that “would be necessary to provide an experienced
auditor, with no previous connection with the audit, with an understanding of the work
performed, the results of audit procedures, audit evidence obtained, significant matters
arising during the audit and conclusions reached”.

1.5.2 Factors affecting form and content of audit work papers

The form and content of working papers are affected by matters such as:
 The size and complexity of the entity
 The nature of the audit procedures to be performed
 The identified risks of material misstatement
 The significance of the audit evidence obtained
 The nature and extent of exceptions identified
 The need to document a conclusion or the basis for a conclusion not readily
determinable from the documentation of the work performed or audit evidence
obtained
 The audit methodology and tools used

1.5.3 Examples of working papers

 Information obtained in understanding the entity and its environment, including its
internal control, such as the following:
i. Information concerning the legal documents, agreements and minutes
ii. Extracts or copies of important legal documents, agreements and minutes
iii. Information concerning the industry, economic environment and legislative
environment within which the entity operates.
iv. Extracts from the entity's internal control manual

174

AUDITING
 Evidence of the planning process including audit programs and any changes thereto
 Evidence of the auditor's consideration of the work of internal audit and
conclusions reached
 Analyses of transactions and balances
 Analyses of significant ratios and trends
 Identified and assessed risks of material misstatements
 A record of the nature, timing, extent and results of audit procedures
 Evidence that the work performed was supervised and reviewed
 An indication as to who performed the audit procedures and when they were
performed
 Details of audit procedures applied regarding components whose financial
statements are audited by another auditor
 Copies of communications with other auditors, experts and other third parties
 Copies of letters or notes concerning audit matters communicated to or discussed
with management or those charged with governance, including the terms of the
engagement and material weaknesses in internal control
 Letters of representation received from the entity
 Conclusions reached by the auditor concerning significant aspects of the audit,
including how exceptions and unusual matters, if any, disclosed by the auditor's
procedures were resolved or treated.
 Copies of the financial statements and auditors’ reports
 Notes of discussions about significant matters with management and others
 In exceptional circumstances, the reasons for departing from a basic principle or
essential procedure of an ISA and how the alternative procedure performed achieve
the audit objective

The auditor should record the identifying characteristics of specific items or matters
being tested. Firms should have standard referencing and filing procedures for working
papers, to facilitate their review.

1.5.4 Types of Audit files

For recurring audits, working papers may be split between permanent audit file and
current audit file.

Permanent audit file

Permanent audit files (containing information of continuing importance to the audit).
These contain:
 Engagement letters
 New client questionnaire
 The memorandum of association
 Articles of association
 Other legal documents such as prospectuses, leases, sales agreement
 Details of the history of the client’s business
 Board minutes of continuing relevance
 Previous years’ signed accounts, analytical review and management letters

175

AUDITING
 Accounting systems notes, previous years’ control questionnaires

Current audit files

Current audit files contain information of relevance to the current year’s audit. These
should be compiled on a timely basis after the completion of the audit and should
contain:
 Financial statements
 Accounts checklists
 Management accounts details
 Reconciliations of management and financial accounts
 A summary of unadjusted errors
 Report to partner including details of significant events and errors
 Review notes
 Audit planning memorandum
 Time budgets and summaries
 Representation letter
 Management letter
 Notes of board minutes
 Communications with third parties such as experts or other auditors

They also contain working papers covering each audit area. These should include the
following:
 A lead schedule including details of the figures to be included in the accounts
 Problems encountered and conclusions drawn
 Audit programmes
 Risk assessments
 Sampling plans
 Analytical review
 Details of substantive tests and tests of control

If it is necessary to modify/add new audit documentation to a file after it has been

assembled, the auditor should document:
 Who made the changes, and when, and by whom they were reviewed
 The reasons for making changes
 The effect of changes on the auditors' conclusions

If, in exceptional circumstances, changes are made to an audit file after the audit report
has been signed, the auditor should document:

 The circumstances
 The audit procedures performed, evidence obtained, conclusions drawn
 When and by whom changes to audit documents were made and reviewed

176

AUDITING
Working papers should be headed with the following:

 The name of the client

 The year-end date
 The file reference of the working paper
 The name of the person preparing the working paper
 The date the working paper was prepared
 The subject of the working paper
 The name of the person reviewing the working paper
 The date of the review

Working papers should also show:

 The objective of the work done

 The sources of information
 How any sample was selected and the sample size determined.
 The work done
 A key to any ticks or symbols
 Appropriate cross referencing
 The results obtained
 Analysis of errors or other significant observations
 The conclusions drawn
 The key point highlighted including the need for further work.

Working papers should be clearly referenced. The referencing system used should be
logical, facilitate review by enabling reviewers to be able to find their way about the audit
file easily and help ensure that audit work is completely carried out and no important
tasks are missed.

1.6 Review of audit working papers

Audit work performed by each assistant should be reviewed by personnel of appropriate
experience to consider whether:

(a) The work has been performed in accordance with the audit plan.
(b) The work performed and the results obtained have been adequately documented.
(c) Any significant matters have been resolved or are reflected in audit conclusions.
(d) The objectives of the audit procedures have been achieved.
(e) The conclusions expressed are consistent with the results of the work performed
and support the audit opinion.

When the audit work has been completed and reviewed, the audit engagement partner
completes an overall review of the working papers to ensure that he is able to issue his
opinion.

177

AUDITING
Throughout the audit, a system of review of all working papers will be used. In the case
of a large audit, the work of assistants will be reviewed by the supervisor(s). When a
review takes place, the reviewer will often use a separate working paper to record queries
and their answer.

Review of audit work takes a number of different forms:

(i) Hot review (Pre –issuance review). The working papers produced by a member
of the audit staff are checked by a more experienced member of the staff prior to
the signing of the audit report. Such a review is usually evidenced by the
reviewer initialing that particular working paper.

(ii) Cold review (Post-audit review). At the end of the audit, but before the audit
report is signed, the manager or partner should review the audit file and the final
accounts.

(iii) Audit review department. Some firms use a small group of experienced
employees to form a review team or department. This team has the job of
reviewing in detail the work performed by an audit group and ensuring that the
audit has been conducted in accordance with the firm’s standard procedures.

(iv) Peer review. A system where one firm of auditors reviews the working practices
of another firm and reports to the partners of the investigated firm on the ways in
which their procedures might be improved.

1.7 Changes to working papers

It is necessary to modify or and add new audit documentation to a file after the audit
report has been signed, the auditor should document:

 Who needs the changes, and when, and by whom they were reviewed.
 The reasons for making changes
 The effect of changes on the auditors’ conclusions

If, in exceptional circumstances, changes are made to an audit file after the audit report
has been signed, the auditor should document:

 The circumstances
 The audit procedures performed, evidence obtained, conclusions drawn
 With and by whom changes to audit documents were made and reviewed

1.8 Standardised and automated working papers

The use of standardised working papers, for example, checklists and specimen letters,
may improve the efficiency of audit work but they can be dangerous because they may
lead to auditors mechanically following an approach without using audit judgement.

178

AUDITING
Automated working paper packages have been developed which can make the
documenting of audit work much easier. Such programs aid preparation of working
papers, lead schedules, the trial balance and the financial statements themselves. These
are automatically cross-referenced, adjusted and balanced by the computer.

1.8.1 Advantages of automated working papers

Use of automated working papers benefits the auditor as follows
 The risk of errors is reduced.
 The working papers will be neater and easier to review.
 The time saved will be substantial as adjustments can be made easily to all working
papers, including those summarising the key analytical information.
 Standard forms do not have to be carried to audit locations.
 Audit working papers can be transmitted for review via a modem or fax facilities.

1.8.2 Disadvantages of standardised working papers

 It may be inappropriate to follow set procedures for a particular client.
 Adopting a standard approach may stifle initiative and discourage the exercise of
professional judgement
 If audit staff adopt a ‘mechanical’ approach to completing the working papers and
the audit tests this may lead to a lack of appreciation of test objectives and may
lead to staff failing to appreciate the implications of errors and deviations found.

1.9 Safe custody and retention of working papers

Judgement may have to be used in deciding the length of holding working papers, and
further consideration should be given to the matter before their destruction. The Malawi
Company’s Act recommends seven years as a minimum period.

Working papers are the property of the auditors. They are not a substitute for, nor part of,
the entity’s accounting records.

Auditors must follow ethical guidance on the confidentiality of audit working papers.
They may, at their discretion, release parts of or whole working papers to the entity, as
long as disclosure does not undermine ‘the independence or validity of the audit process.
Information should not be made available to third parties without the permission of the
entity.

2 Audit Sampling

2.1 Meaning of Audit Sampling

Audit sampling is the testing of less than 100% of the items within a population to obtain
and evaluate evidence about some characteristic of that population, in order to form a
conclusion concerning the population. The definition of audit sampling specifically
states that “all sampling units have a chance of selection”. Thus, 100% examination and
selecting specific items are clearly non-sampling procedures.

179

AUDITING
Objectives of Audit sampling

Auditors should carry out procedures designed to obtain sufficient appropriate audit
evidence to determine with reasonable confidence whether the financial statements are
free of material misstatements.

The words ‘reasonable’ and ‘material’ show that it is not necessary that auditors should
ensure that financial statements are absolutely 100% accurate. Sampling does not
provide absolute proof of 100% accuracy but it can provide reasonable assurance that
some elements of the financial statements are free from material misstatements.

Definitions

(i) Population: This is a set of data which may be a set of account balances or
transactions.

(ii) Sampling units: These are the individual items making up the population.

(iii) Non-sampling tests: These are audit tests where no sampling is required.

Why a complete check of all balances and transactions may not be required?

The following are the reasons why sampling is justified.

(i) Economic reason: The cost in terms of expensive audit resources would be
prohibitive.

(ii) Time reason: The complete check would take so long that accounts would be
delayed and be irrelevant for decision making.

(iii) Practical reason: Users of accounts do not expect 100% accuracy of the accounts.

(iv) Psychological reason: A complete check would be boring to the audit staff and
render their work ineffective.

(v) Fruitfulness reason: A complete check would not add much to the worth of
figures if, as would be normal, few errors were discovered.

Cases where a 100% check is still necessary

(a) Categories which are few in number but of great importance e.g. land and
buildings.

(b) Categories with special importance where materiality does not apply, for example,
directors’ emoluments and loans.

180

AUDITING
(c) Unusual, one-off or exceptional items.

(d) Any area where the auditor is put upon enquiry.

(e) High risk areas.

Matters to consider when deciding whether to sample or not

Factors which may be taken into account in considering whether or not to sample include
the following.

(a) Materiality

Material item can affect the truth and fairness of the accounts.

(b) The number of items in the population

If the items are few a hundred percent check is appropriate.

(c) Reliability of other forms of evidence

If other evidence is very strong, then a detailed check of a population may be

unnecessary.

(d) Cost and time considerations

If a complete and detailed check may increase audit costs and time then sampling would
help.

(e) A combination of evidence seeking methods

If the auditor has at his disposal a number of audit evidence collection methods, then
sampling would be justified. To obtain the overall level of assurance required, a cost-
effective combination of sampling and non-sampling procedures should be determined.

Stages of audit sampling

Audit sampling goes through the following stages.

Stage 1: Planning the sample. When planning the sample the following issues are
considered.

 Audit objectives: This looks at the aim of carrying out the test and the
contribution it makes to the overall assessment of true and fair view.

181

AUDITING
 The population: It is important to define the population.

 The sampling unit: Consider the items that make up the population.

 The definition of error in substantive tests: For example, in stock calculations,

an error of greater than K1 only may be considered an error for this purpose.

 The definition of deviation in compliance tests: The deviation may be any

failure to carry out a control procedure or it may be a partial failure.

 The assurance required: This is a function of the other sources of evidence

available.

 The tolerable error: This is the maximum error in the population that auditors
are willing to accept and still conclude that audit objectives have been achieved.
It is related to and affected by materiality considerations, assessment of control
risk, and results of other audit procedures.

The essential procedure is to set a tolerable error rate and then to project the error
rate in the population implied by the sampling results and then to compare the
two. If the projected error is larger than the tolerable error then further auditing
procedure will be necessary in the area.

 Stratification: It may be desirable to stratify the population into sub-populations

and sample them separately or in some cases as high value items, do a hundred
percent check.

Stage 2: Selection of the items to be tested.

Stage 3: Testing the items.

Stage 4: Evaluating the results. This should also be done in stages:

 Analyze the errors/deviations detected in relation to the planning

definitions.

 Use the errors/deviations detected to estimate the total error in the

population. This is called projection of the errors from the sample to the
population.

 Assess the risk of an incorrect solution. This will be related to the amount
of projection of error compared with tolerable error and the availability of
alternative evidence.

182

AUDITING
Definitions of related terms

(a) Stratification: This is the process of dividing a population into sub-populations,

each of which is a group of sampling units, which have similar characteristics
often monetary value.

(b) Error: This means either control deviations, when performing tests of controls or
misstatements when performing tests of details.

(c) Expected error: This is the error that the auditor expects to be present in the
population.

(d) Tolerable error: This is the maximum error in the population that the auditor
would be willing to accept.

(e) Anomalous error: This is an error that arises from an isolated event that has not
recurred other than on specifically identifiable occasions and is not representative
of errors in the population.

(f) A confidence level is the degree of assurance that material error does not exist; it
is the converse of risk.

(g) Sampling risk is the risk that the sample is not representative of the population
from which it is drawn and thus the auditor’s conclusion is different to that which
would be reached if the whole population was examined. Sampling risk is
frequently expressed as a %. For example, 5% means that there is a 1 in 20 chance
of material error going undetected (this is the risk accepted by many audit firms
for any specific audit tests). Risk can also be expressed in terms of confidence
levels (assurance required) and reliability factors.

This may result in:

 The risk of incorrect rejection (also called Alpha risk) which arises when the
sample indicates a higher level of errors than is actually the case. This situation is
usually resolved by additional audit work being performed. This risk affects audit
efficiency but should not affect the validity of the resulting audit conclusion.
 The risk of incorrect acceptance’ (also called Beta risk) when material error is not
detected in a population because the sample failed to select sufficient items
containing errors. This risk, which affects audit effectiveness, can be quantified
using statistical sampling techniques. Although it is possible that an unqualified
auditors’ report could be issued inappropriately, such errors should be detected by
other complementary audit procedures (assuming that the sample size is
appropriate to the level of detection risk).

(h) Non-sampling risk is the component of detection risk that is not due to examining
only a portion of the data. Non-sampling risk is the risk which “arises from

183

AUDITING
 factors that cause the auditor to reach an erroneous conclusion for any reason not
related to the size of the sample”. Thus non-sampling risk can also arise, for
example, if the auditor fails to recognize an error in an individual item in a
sample. The auditor seeks to minimize the risk of erroneous conclusions by
proper planning, supervision and review. Examples of sources of non-sampling
risk include;

 Failure to investigate significant fluctuations in relationships when placing

reliance on analytical procedures

 Placing reliance on management representations as a substitute for other

audit evidence that could reasonably be expected to be available

 Selective testing which does not constitute audit sampling (e.g., selection
of risk-prone items) is also subject to non-sampling risk.

Factors to consider when selecting a sample

The auditor should select items for the sample with the expectation that all sampling units
in the population have equal chance of selection.

An audit sample should be:

 Random: Each items of the population should have an equal chance of being
selected.

 Representative: The sample should be representative of the differing items in the

whole population i.e. should not be biased.

 Protective of the auditor: More intensive auditing should occur on high value
items known to be of high risk.

 Unpredictable: Client should not be able to guess which items will be examined.

2.2 Sampling Techniques

There are two techniques.

(a) Judgemental sampling

Judgemental sampling is the selection of a sample of appropriate size on the basis of the
auditor’s judgement of what is desirable. It is also called non-statistical sampling.

Advantages of judgemental sampling

184

AUDITING
(i) Well understood and refined by experience.

(ii) His judgement and expertise can be brought into play.

(iii) No special knowledge of statistics is required.

(iv) No time is spent on mathematical calculations; all audit time is spent on auditing.

Disadvantages of judgemental sampling

(i) It is unscientific

(ii) It is wasteful because unusually large samples are taken for testing.

(iii) No quantitative results are obtained.

(iv) There may be personal bias in the selection of samples.

(v) There is no real logic in sample selection.

(vi) Vague conclusions are reached on the evidence from samples.

(b) Statistical sampling

Statistical sampling is any approach to sampling that involves random selection of a

sample and use of probability theory to evaluate sample results including measurement of
sampling risk.

Advantages of statistical sampling

(i) It is scientific

(ii) It is defensible (it can be justified)

(iii) It is efficient because reasonable sample sizes are taken.

(iv) It provides precise mathematical statements about probabilities of being correct.

(v) Uniform standards among different audit firms are achieved.

185

AUDITING
Disadvantages of statistical sampling

(ii) This requires highly competent audit employees that have knowledge of statistics.

(ii) This method could be time consuming because of complicated mathematical

formulae involved.

(iv) Time is spent performing mathematical calculations which are time consuming.

(v) Audit judgement takes second place to precise mathematics.

(vi) This method is inflexible through its use of statistics.

Methods of selecting items

(a) Haphazard method

Choosing items subjectively but avoiding bias. This method is good for non-statistical
sampling.

(b) Simple random

All items in the population are given or have a number. Numbers are selected by making
use of random number tables.

(c) Stratified method

This means dividing the population into sub populations and is useful when parts of the
population have higher than normal risk e.g.; high value items like overseas debtors,
some items may be 100% checked and the remainder are sampled.

(d) Cluster sampling

This method involves selection of a group or bunches randomly and then examines all the
items in the group chosen, e.g.; sales invoices for the month of June.

(e) Random systematic

This method involves making a random start and then taking every nth item thereafter.
This is commonly used method which saves the work of computing random numbers.

(f) Multi stage sampling

This method is appropriate when data is stored in two or more levels e.g. stock in a retail
chain of shops. First of all a sample of shops is randomly selected and then secondly
stock items from the chosen shops are randomly selected.

186

AUDITING
(g) Block sampling

This involves choosing at random one block of items e.g.; all March invoices. This
method is however not recommended because it does not have the desired characteristics.

(h) Value weighted selection ( Monetary unit sampling)

This method uses the currency unit rather than the items as the sampling population.

Sample size

There are several factors which must be considered when deciding upon the sample size.

(a) Population size. The larger the population the larger the sample size.

(b) Level of confidence. Auditors work to levels of confidence which can be

expressed e.g. a 95% confidence level means that there are 19 out of 20 that the
sample is representative of the population as a whole. The converse view is that
there is one chance in twenty that the sample is non-representative of the
population as a whole.

(c) Precision. In a given sample size higher confidence can be expressed in a wider
precision interval making sample size smaller.

(d) Risk. In high risks areas a large sample will be desirable because high confidence
levels narrow precision intervals are required.

(e) Materiality. Materiality should be considered in fixing sample size because first
populations that are material to the overall audit opinion must be sampled with
smaller precision intervals and higher confidence levels. The second reason is
within a population; a materiality factor can be subjectively estimated.

(f) Subjective factors. The auditor expects to gain audit evidence about a
population from a sample. However other audit evidence is available in addition
to the evidence from the sample.

(g) Expected error or deviation rate. Sample size required is a function of the error
rate. If the results indicate that the level of error was higher than expected, a
larger sample may have to be taken.

Uses of statistical sampling

Statistical sampling plans can be used in all auditing situations when evidence about a
population is obtained by sampling.

187

AUDITING
Some popular uses are in compliance testing and substantive testing. In compliance
testing, for example, the auditor would wish to confirm a particular control with
sampling. In substantive testing, a client with very unreliable internal controls the auditor
may wish to verify that all dispatches in a year have resulted in invoices in that year; the
correspondence between dispatch note and invoice can be sampled.

2.3 Evaluation of Sample Results

When designing tests to be carried out on a particular account balance or class of

transaction the auditor should have a pre-define error or misstatements that he wants to
discover or confirm their absence, such as overstatements/understatements, miscasting,
non disclosures etc. Some might be quantitative while others may be qualitative, but the
auditor should consider any possible effects on other parts of the audit or the overall
financial statements.

The auditor needs also to consider whether the misstatements seem to be anomalous, or
they are likely to be repetitive.

Anomalous errors are errors that arise from isolated events that has not recurred other
than on specifically identifiable occasion and is therefore not representative of errors in
the population. Extra work has to be carried out to prove that an error is not
representative of the errors in the population.

Projection of Errors in the Population

The auditor should project errors results from the sample to those expected or probable
errors from the population by extrapolation. For substantive tests the auditor will estimate
any further errors that might not have been detected because of the techniques. Before
forming conclusions the auditor should consider the effects of the projected errors on
other areas and make comparison between the projected population errors to the tolerable
errors and materiality rates set earlier. If it exceeds or is close to tolerable errors, then the
auditor should reassess the sampling risk. If it is unacceptable they should consider
extending audit procedures or performing alternative procedures.

Sampling risk is the possibility that the auditor’s conclusion about the population based
on sample results, may be different from the conclusions that could have been reached
had the entire population been subjected to the same audit procedures. This may arise
from two circumstances:
 Risk of incorrect rejection, that’s although the sample results support the
conclusion that an account balance or class of transaction is materially misstated,
it is in fact not materially misstated.
 Risk of incorrect acceptance, that’s although sample result support the conclusion
that an account balance of class of transaction is not materially misstated, it is in
fact materially misstated.

188

AUDITING
In statistical sampling, the auditor can use widely accepted statistical calculation to infer
the possible results that are expected for the population from the sample results such as
through use of proportions below:

End of Chapter Questions

Question 1

The audit guidelines on planning, control and documentation contains the following
statement with regard to audit working papers:

‘Audit working papers should always be sufficiently complete and detailed to enable an
experienced auditor with no previous connection with the audit to subsequently ascertain
from them what work was performed and to support the conclusions reached.’

Required:
a) Describe four benefits that the auditor will obtain from working papers. 8 Marks
b) List four types of information that are retained in the audit permanent file and
state why they should be available for easy reference. 8 Marks
c) Comment on the problems with using standardized working papers. 4 Marks
Total 20 Marks

189

AUDITING
 CHAPTER 12

SUBSTANTIVE PROCEDURES ON FINANCIAL STATEMENT

Topic list

1. Non-Current Assets
2. Investments
3. Inventory
4. Sales and Receivables
5. Purchases and Payables
6. Cash and Bank
7. Capital, Reserves, Liabilities.
8. Contingencies and Provision
9. Analytical Procedures

Learning outcome

By the end of this chapter, students should be able to:

 Carry out detailed audit tests on elements of financial statements.

 Collection and evaluation of evidence obtained.

Introduction

This chapter covers detailed audit tests carried out to verify financial statements
assertions relevant to each element of the financial statements. They involve carrying out
substantive tests on their resulting records and assets and obligations on their account
balances, classes of transactions and disclosures.

1 Non-Current Assets

1.1 Year End Substantive Tests on Non-Current Assets

The auditor should obtain sufficient appropriate evidence to support financial statements
assertions relevant to non-current assets (ie, existence, valuation, completeness and
ownership) in addition to the control tests outlined above.

Existence
The auditor should;
 Obtain or compile a list of assets to support the balances shown in the financial
statements and verify them in the non-current assets register
 Verify the existence of each asset through physical inspection, matching the
detailed descriptions in the register with actual assets

190

AUDITING
  Check through all records on each asset and ensure that there is no indication that
the assets have not been lost, disposed of or stolen
 Seek confirmation from responsible management about the existence of the
assets if not around the premises for some reasons.

Ownership (rights and obligation)

The auditor should;
 Check whether assets are owned by the client by inspecting ownership documents
(ie, registration books for motor vehicles, title deeds for land and buildings etc)
and ensure they are in the client’s name.
 Verify through purchase documents (purchase invoices, quotations etc) and
ensure they were ordered and paid for by the company.
 Observe use of the assets by the client without any encumbrances or attached
conditions from any third party.
 Confirm with responsible management of the ownership of any asset which the
auditor doubts or other proof is not readily available.
 Check all assts held under lease agreement and conditions attached to such leases
in the lease agreements
 Assess whether each asset is adequately ensured against risks to which it is
exposed, accidents, theft and so on.
 Check whether any asset is held subject to loan security against providers of loan
capital.
 For self-constructed assets verify through costing information in contracts
accounts.

Completeness, Presentation and Disclosure

The auditor should;
 Obtain or compile a list of all the non-current assets held by the client entity and
trace each asset in the non-current asset register.
 Check whether appropriate details about each asset are contained in the register
such as;
Dates of acquisition
Original cost
Names and details of suppliers
Description of each asset (ie, year of make, model, serial numbers, part number,
colour etc)
Current location, use and condition
Asset life history in terms of major repairs or replacement of parts
Asset depreciation policies and rates
Asset insurance policies and annual premiums paid

191

AUDITING
  Verify information from the register with other information for example, with the
asset ledger.

Valuation
The auditor should;
 Trace the original cost of each asset through the asset register and cross-check
with purchase documents and ensure they were appropriately classified as capital
expenditure.
 Trace any subsequent capital additions and ensure they meet the requirement to be
classified as such (ie, that the costs enhance the capacity or capability of the
assets, not maintenance and other running costs)
 Check any subsequent revaluation of the assets for reasonableness, especially
noting the competence of valuers, assumptions and methods used to arrive at the
values.
 Check whether annual reviews are carried out at the balance sheet date and any
impairments are provided for.
 Check reasonableness of depreciation policies, adequacy and accuracy of the
calculations of annual depreciation.
 Assess whether each asset is adequately ensured against risks to which it is
exposed.

2 Investments

These include investments in: joint ventures, associates, subsidiaries and bond stocks

The following are the typical assertions to be considered:

Ownership and Existence:

 These should be verified by inspection of details about each investment through

certificate of title from stock brokers
 Obtain third party confirmation from brokers
 Verify income received in respect of these assets through dividends, interests etc.
 Check through board minutes or statutory books

Valuation:
 Review valuation from the market through relevant media for those listed on the
stock exchange.
 Perform independent valuation techniques to assess the reasonableness of the
reported values, for any over or under valuations

192

AUDITING
  Check additions and disposals within the period and reconcile opening and
closing balances.
 Review revaluations and impairment provisions for the period.
 For investments where there is control, check the determination and annual
reviews of goodwill on them
 Obtain appropriate management representations over investments.

3 Inventory (Stocks)

Auditors need to pay particular attention to inventory figure in the financial statements
when verifying assertions relevant to it for the following reasons;
 In some organizations inventory may be composed of a large number of different
items.
 There exists different valuation methods under the Companies Act and the
International Accounting Standard 2 (IAS 2) on inventory.
 It is usually composed of small items or valuable items susceptible to loss,
pilferage, damage and deterioration.
 Misstatements in valuation (or different valuation methods used) would have a
direct impact on the gross profit and net profit in the income statement.
 Valuation of work in progress may be difficult since it depends on completion
levels.

3.1 Accounting for Inventory:

Principles of accounting for inventory are contained in the Companies Act and the IAS 2
Inventories.
Valuation of inventory movements can be done on the following bases:
 FIFO: this is a recommended method by IAS2 and the Companies Act (1984) for
published financial statements in Malawi
 LIFO and WAC – allowed alternatives in certain circumstances.
 Other methods such as standard cost and replacement cost etc, can be used for
management accounts only.
Inventory should be presented in financial statements at cost value (as above) or at its net
realizable value if lower.

Cost is the expenditure that has been incurred in normal course of business in bringing
the item to its present location and condition.
Net realizable value (NRV) is the actual or estimated selling price of the item less any
further costs to sale (ie completion, marketing and distribution costs).

193

AUDITING
3.2 Auditors Responsibility

The auditor should obtain sufficient appropriate evidence to ensure completeness in the
inventory records, existence, measurement and valuation of inventories shown in
financial statements.

The auditor should therefore carry out the following to obtain the evidence;
 Ascertain, test and evaluate control exercised over inventory
 Carry out substantive tests over year-end inventory balances shown in the
financial statements for any possible misstatements. This largely achieved through
attendance of year-end inventory count (Stock take), conducted by management
to determine the inventory figures to be included in the financial statements.

3.4 Inventory Count (Stock Taking)

Inventory count is the responsibility of management. It is carried out to achieve the

following objectives;
 As a control and accuracy check over inventory records and actual inventory held
(regular and continuous stock takes).
 Carried out at year-end or around that period to establish or confirm inventory
figures to be included in the financial statements as closing stocks for the period.

The auditor’s responsibility is to attend one of the counts, especially the year end count to
verify existence, quantities and values of inventories included in the financial statements
by carrying out the following procedures;

Planning the Attendance Before the Count

 Review previous periods’ arrangements (if it is a continuing audit) and discuss

with management any changes in arrangements to the count.
 Familiarization with the nature, volume and location of the inventories
 Check specific methods of counting and measuring the inventory.
 Consider the allocation of audit staff and ensure appropriate attention is paid to
items with high values.
 Consider any items held by third parties and make arrangements to verify them,
while also considering whether the client entity holds any items that belong to
third parties.
 Consider whether the nature of some items of inventory would require an expert’s
assistance to verify or value.

194

AUDITING
  Review count instructions for organization and reasonableness and check the
count procedures and recording and discuss with management any inadequacies in
terms of:
o Counting is to be carried out by pairs
o Adequacy of supervision arrangements
o Restriction of movements of inventory during the count
o Systematic counting, checking and recording in serial numbered sheets

Procedures During the Count

 Check whether the client’s staff are following instructions as laid down, during
the count.
 Make test-counts or request recounts where in doubt to confirm the results.
 Check procedures over identification of damaged or deteriorated items.
 Ensure restriction of movements, or that proper account is taken of any inventory
movements during the count.
 Make conclusions as to whether the count has been properly carried out and is a
sufficient and reliable basis for determining existence, quantities and values of
inventory.
 Consider the results of the count in light of evidence obtained from other
procedures.

Procedures After the Count

 Check that all count records have been included and consolidated into the final
inventory sheet.
 Ensure that continuous inventory records have been adjusted to the amounts
physically counted and that discrepancies have been investigated.
 Confirm that appropriate cut-off procedures were applied to ensure items included
are only those that belong to the accounting period (ie, use of serial number and
dates for purchases and goods, and sales and goods outwards)
 Check whether proper account has been taken for any inventory held by third
parties, or the client holding of any items belonging to third parties.
 Confirm the client’s final valuation of inventory has been calculated correctly (at
the lower of cost and NRV, especially taking into consideration damages,
deteriorate and obsolete items identified during the count.

195

AUDITING
3.5 Sales and Receivables (Debtors)

The auditor should obtain sufficient appropriate evidence to support financial statements
assertions relevant to sales and receivables such as, validity, accuracy and completeness
on year-end figures, in addition to the control tests carried out above.

4 Year-End Substantive Tests on Receivables (Debtors) Balances

Auditors should obtain sufficient appropriate evidence to ensure validity, accuracy and
completeness of the sales records and year end balances and existence and valuation of
debtors. There is particularly a risk that they may be overstated. In addition to control
tests carried out above, the auditor should carry out the following tests;
 Compile or obtain a list of debtors outstanding at the year end to support the total
debtors figure in the balance sheet.
 Confirm the totals with control accounts balances
 Follow up with management with any unusual items, for example; contra entries
against the purchases ledger, irregular accounts etc.
 Carry out a debtors age analysis and enquire into any long outstanding balances.
 Check bad debts written off during the year for reasons, correspondence and
authorization for write-off of debts considered irrecoverable.
 Check adequacy of provisions for doubtful debts in light of subsequent bad debts
for previous estimates or provisions.
 Review and test the year end cut-off procedures for the sales.
 Supplement the evidence obtained from internal sources with debtors’
circularization.

4.1 Receivables (Debtors) Circularisation

A debtors’ circularization is a direct confirmation of balances from debtors themselves. It

is an important source of evidence because it provides a direct external evidence about
debtors existence and ownership. It also confirms the effectiveness of internal controls
but may also reveal evidence of items in dispute.

A circularization may be positive, where the auditor requires the debtors to respond
whether they agree with the balances or not, or negative where the auditors requires
debtors to respond only where they don’t agree with the balance indicated. When
selecting which debtors to circularize, particular attention should be paid to the
following; (why?)
 Long outstanding accounts
 Accounts written off during the period under review
 Accounts with credit balances, or zero balances

196

AUDITING
  Accounts settled by round sum payments.
 Accounts with significant closing balances
 Accounts with large throughput irrespective of their year-end amounts
outstanding.

Although it should bear the client’s letter head, a circularization letter should be sent
direct to the debtors and their response should be addressed direct to the auditors. The
auditors should then review the responses and enquire into any disputed balances to
establish the cause of the differences (it could be items in transit, or errors or even fraud).
Non response should be followed up especially positive circularization (by a second letter
or telephones etc), or else they may indicate non-existence.

The auditor should also carry out analytical procedures relevant to credit sales, debtors
and irrecoverable debts to assess reasonableness and discover any unexpected
relationships and trends, for example; calculate debtors/sales ratios, bad debts/debtors
ratios and debtors days and compare them with previous periods ratios or other entities’
ratios in the same industry.

5. Substantive Tests on Year-End Payables (Creditors) Balances

Auditors should obtain sufficient appropriate evidence on purchases and payables

balances to ensure; the existence of liabilities shown in the balance sheet
 Rights and obligations over these liabilities
 Correctness of the amounts shown and completeness in the information,
appropriateness of descriptions and disclosures.

This area is particularly susceptible to understatement in the financial statements. The

auditor should therefore carry out the following tests;
 Obtain or compile a list of payables balances to support the total balance shown in
the balance sheet.
 Reconcile the ledger totals with control account balances.
 Carry out a balance age analysis and enquire from management into any long
outstanding balances.
 For selected balances, check the appropriateness of debit and credit entries and
balances.
 Recast and rebalance the purchases ledger, especially accounts with large
throughput.
 Obtain direct confirmation from selected balances through a circularization and
enquire into any disputed balances.

197

AUDITING
 Review the year end cut-off procedures for appropriateness to ensure that all
items included really relate to the accounting period under review and that
relevant items have not been excluded.
 Carry out appropriate analytical procedures around purchases and payables such
as calculating, creditors to purchases ratios and creditors days and comparing
them with previous periods results or other entities in the same industry.

198

AUDITING
6 Cash and Bank

The auditor needs to pay particular attention to cash/bank because of the following
reasons:
 It is the centre of all business operations with high throughput of entries.
 Because of their liquidity, they represent the most vulnerable of the entity’s assets
irrespective of their relative materiality in the year-end figures in the financial
statements

6.1 Substantive Audit Tests on Year-End Bank and Cash Balances

The auditor should satisfy himself that year-end cash and bank balances are not misstated
by carrying out the following tests;

Bank Balances

 Obtain bank balances from the cashbook and check and arithmetical accuracy
from bank reconciliations.
 Trace any outstanding cheques and obtain explanation for any large or unusual
items not cleared at that time.
 Review other bank reconciliations prior to the year end.
 Verify contra entries appearing in the cashbook or bank statements with original
documents.
 Examine all lodgments in respect of which the bank has refused payment.
 Obtain a direct bank confirmation and follow up on any disputed balances.
 Enquire from management and confirm whether any accounts are secured on the
assets of the entity.

Cash

Normally entities should strive to keep cash transactions to the minimum, especially on
the payments side. Any cash received should be banked intact and promptly as seen
above. Where the entity maintains some petty cash, because of the inevitability to make
small payment in cash, then an imprest system should be used.

Audit tests should be carried out to obtain evidence to support the validity of cash
transactions, the accuracy of the record and the existence of the cash balances. The
auditor should therefore carry out the following procedures;
 Obtain the petty cashbook and the validity of entries by tracing each entry to the
original documents

199

AUDITING
  Check casting and balances for accuracy.
 Verify the existence of the cash by attending a cash count and ensure all
discrepancies have been resolved.

7 Share Capital, Reserves and Long Term Liabilities

The auditor should carry out his work with the objective to ensure that;
 Share capital has been properly classified and disclosed in the financial
statements.
 Movements on reserves, such as capitalization through bonus share issue, have
been properly authorized and that statutory reserves are only used for permitted
purposes.
 Statutory records have properly maintained.

Types of Reserves;
 Share premium reserves
 Revaluation reserves
 Capital reserves
 Replacement reserves
 Debenture redemption reserves
 Profit reserves

The auditor should carry out the procedures;

 Check authorized capital limit to the memorandum and articles of association.
 Check changes to issued capital in the year, through fresh, rights or bonus issues,
and confirm with its authorization to the board minutes.
 Trace all transactions involving cash to the cashbook and bank statement.
 Obtain confirmation that all statutory and appropriate returns have been made to
the registrar of companies and inspect all statutory books for appropriate
disclosures
 Ensure that all related parties, including directors’ interests and transactions with
the company, have been properly disclosed in accordance with IAS 24 on related
party disclosures.
 Ensure capital and reserves have been appropriately disclosed and presented in
accordance with IAS 39 on financial instruments

The auditor should also carry out audit procedure on long term liabilities to verify
completeness, disclosure and correctness of measurement of the amounts of liabilities. He
should carry out the following procedures;

200

AUDITING
  Obtain or compile a schedule of loans to support the totals in the financial
statements.
 Compare opening balances to the previous periods closing balances and trace
changes within the period.
 Trace them to the ledger and check clerical accuracy of the records.
 Check names and other details of lenders.
 Trace additions and repayments and compare with borrowing limits imposed by
the articles of association and other agreements.
 Verify interest rates in the loan agreements and interest charges and payments for
the period in the cashbook.

8 Provisions and Contingences

A provision is a liability of uncertain timing or amount.

A liability is a present obligation arising from past events.
An obligation may be;
Legal; if there exists a contract or if required by the law
Constructive; if there exists an established pattern of past practices, policies etc

A Contingent Liability (IAS 37),

Is a possible obligation arising from past events whose existence would be confirmed
only by occurrence or non-occurrence of an uncertain future event not wholly within the
entity’s control.

A Contingent Asset
Is a possible asset arising from past events whose existence would be confirmed only by
occurrence or non-occurrence of an uncertain future event not wholly within the entity’s
control.

A contingent asset should not be recognized in the financial statements. However if it

becomes probable that outflows of future economic benefits will occur because of
previous contingent liabilities, a provision should be made.

Examples of situations from which provisions may arise include;

 Guarantees
 Lawsuits
 Share options
 Discounted bills of exchange etc

201

AUDITING
Audit Tests

When considering the audit of contingent liabilities and provisions, auditors should bear
in mind that most such matter’s knowledge is confined to management and there is
possibility of non-disclosure of such matters especially if they have unfavorable effect on
the financial statements or the entity. Auditors should carry out the following procedures;
 Make appropriate enquiries and obtain confirmations from management.
 Review board minutes.
 Examine legal expenses account.
 Obtain any other information regarding the entity’s business that may lead to
contingencies or provisions including obtaining experts’ opinion such as legal
opinions on lawsuits.
 Check whether appropriate disclosures and descriptions and recognition have
been carried out by management.
 For directly indentified litigation or where the auditor reasonably believes they
exist, he should seek direct confirmation from lawyers
 Obtain detailed list of provisions included in the financial statements.
 Assess for each whether there is a present obligation as a result of past events and
review correspondences to that effect and discuss with management.
Consider the adequacy of disclosures of provisions, contingent assets and liabilities and
ensure contingent assets have not been recognized.

9 Analytical Procedures (ISA 520)

Analytical procedures involve analysis of relationships between items of financial data,

or financial and non-financial data, derived from the same period with comparative
financial information derived from different periods or organizations in the same
industry. The purpose of analytical procedures or reviews is to identify consistencies and
predicted patterns or significant fluctuations and unexpected relationships and trends.

Comparisons can be made with:

 Similar prior periods analyses
 Other businesses in the same industry, subject to the availability of information.
 Budgeted results
 Auditor’s own expected results

Analytical procedures are helpful and can be carried out at different stages of the audit
process as follows;

202

AUDITING
9.1 Audit Planning

Auditors should apply analytical procedures when planning their audits (for example,
through a preliminary ratio analysis) to assist them to understand the client’s business,
identify areas of potential risk, and planning the nature, timing and extent of other audit
procedures to be carried out (Analytical procedures use during audit planning has
extensively been covered in earlier chapters).

9.2 Analytical Procedures as Substantive Tests

Auditors should assess the effectiveness and use of analytical procedures with other
substantive tests to reduce detection risk for specific statements or elements’ assertions,
such as debtors, creditors and stocks.

Analytical procedures in this context are not tests of detail as such. They can be
considered a more global approach to substantive testing. Instead of selecting a sample of
transactions or balances that make up the overall figures in the accounts, the overall
figure itself can be analysed for accuracy using various techniques. Analytical procedures
involve the analysis of relationships between:
 Balances within the accounts
 Balances in the accounts with other internal data
 Balances in the accounts with other external data

Specific examples could include:

 Monitoring the trend in key ratios over time
 Comparing key ratios with similar companies or with industry averages
 Comparing balances with other known information

The approach to analytical procedures is:

 Identify relationships between data, ensuring they are fully understood
 Develop expectation of balance in the accounts
 Compare expectation to actual balance
 Seek explanations for material differences

Factors that will affect the use of analytical procedures:

 Strength of relationships
 Reliability of the data being used in the analysis
 Depth of knowledge auditor has of client business and industry in general, use of
analytical procedures can be particularly difficult for new clients

In general, a company with many similar divisions (e.g. a chain of shops) provides great
scope for comparison of data. Comparison of data is one of the general types of internal
control procedure. In other words, many companies will be doing their own regular
analytical procedures themselves. It may be possible for the external auditor to rely on

203

AUDITING
the analysis carried out by the company, but this will depend on the reliability of those
who did the work.
For example, we could get evidence as to the accuracy of the current year payroll expense
in the statement of comprehensive income by:
 Comparing the figure with last year’s figure, noting: Starters and leavers, any pay
rises/tax changes during the year
 Comparing payroll with other related figures in the FS. This will depend on the
specific company, but could include:
– Turnover (especially if staff time is charged to clients)
– Profit (especially if staff get profit-related bonuses)
– Staff entertainment expenses

9.3 At final Stage

When completing the audit, auditors should use analytical procedures in forming an
overall conclusion as to whether financial statements as a whole are consistent with the
auditor’s expectation and knowledge of business.

Auditors should carry out further investigations when significant fluctuations and
unexpected relationships are identified that are inconsistent with other relevant
information or that deviates from predicted patterns, to obtain adequate explanations and
appropriate corroborative evidence. Significant areas that need consideration include;
 Liquidity and working capital ratios.
 Long term gearing ratios
 Profitability ratios and
 Efficiency ratios.

Such analysis may also help the auditor understand the client’s business and its
performance more and be able to assess its ability to continue as a going concern and
compare its consistency with the basis on which financial statements have been prepared,
discuss with management or qualify the audit report if appropriate.

End of Chapter Questions

Question 1

You are the auditor of Takondwa Traders Limited whose year-end receivables balance, you
have verified in the ledgers, is K4,319,400. You have also requested for and provided with
the debt age analysis given below. The chief accountant has informed you that receivable
days have increased from 40 to 55. As a source of additional evidence you intend to obtain a
direct confirmation from some of the balances through a circularization.

204

AUDITING
 Number of range of debt current 1 to 2 more than total
Accounts (K) (K) months (K) 2 months (K) (K)
3 negative (58,250) (58,250)
150 1 to 50,000 350,000 495,200 645,000 1,490,200
8 50,001 to 100,000 578,450 750,500 387,000 1,715,950
2 100,001 or more 875,000 - 296,800 1,171,800
163 1,745,200 1,245,200 1,328,800 4,319,400

Required:

a. What would you aim to discover by carrying out a circularization of the receivables’
balances? 4 Marks
b. Explain the advantages of using a positive circularization in one instance and a negative
circularization in another. Can both procedures be used in the same audit?
4 Marks
c. What action should you take if Takondwa Traders Limited management refuses to agree
to the debtors’ circularization being undertaken? 4 Marks
d. Circularization has been undertaken, and one of the companies circularized has replied
that it disputes the amount claimed by Takondwa Traders. Briefly describe the possible
causes of such disputes and the action you would take as auditor. 4 Marks
e. Your audit firm intends to obtain confirmation from at least 50 accounts. Which ones,
from the above, should you particularly not ignore from the selection and why?
4 Marks
(TOTAL: 20 Marks)

Question 2

You are a member of the audit team that is currently conducting a final audit at one of the
Bela Group subsidiaries.

Required:

State how you would verify the following items appearing in the annual financial
statements of the subsidiary:
a) Bank overdraft 3 Marks
b) Trade Debtors 6 Marks
c) Land and buildings 6 Marks
d) Trade creditors 3 Marks
e) Current account with head office 2 Marks
Total 20 Marks

205

AUDITING
 CHAPTER 13

COMPUTER ASSISTED AUDIT TECHNIQUES (CAATS)

Topic list

1. Effects of Client’s Computerised Accounting Systems

2. Effects of computers on audit work
3. Internal controls in computerised environment
4. Computer Assisted Audit Techniques (CAATs)

Learning outcomes

By the end of this chapter, you should be able to:

 Describe the effects of using computers in accounting

 State how computers can be used in audit
 Distinguish between ‘auditing around the computer’ and ‘auditing through the
computer’
 Design and carry out appropriate tests in clients’ computerized systems, including
use of computer assisted audit techniques (CAATs)
 Explain the advantages and disadvantages of CAATs

Introduction

Most audit clients would be using computers to process accounting transactions, and for
financial reports production. In this chapter we look at how the client’s computerized
systems impacts their operations. These computerized systems present unique controls as
compared to manual accounting system; hence we later look at controls in a
computerized accounting environment.

When a client uses computers to process accounting transactions it is an opportunity for

auditors to know how these computers can be used in the audit of a set of historical
financial statements. Advancement in technology has enabled the development of
computer assisted audit techniques (CAATs), which auditors are using now for example
in testing controls e to audit are also covered in this chapter. Concepts like ‘auditing in
the computer’ and ‘auditing around the computer’ are highlighted while advantages and
disadvantages of CAATs are provided.

1 Effects of computerization of the client entity’s systems and processes;

 Computers are able to process large volumes of work at much faster speed than
manual systems.

206

AUDITING
 They are also likely to have less processing errors or more accurate, except errors
that occur in input data
 Large volumes of information are stored in the computer memory, greatly reducing
office paperwork, except where printouts are necessary. However reduced
paperwork leads to easy loss of audit trail. An audit trail is a step by step detail of
the various stages of processing transactions go through, between their initiations to
their final recording or backward from the final records back to their initiation.

Features of computerised accounting systems

A computerised accounting system has unique features as compared to manual
accounting system.

(a) There is concentration of controls in the computer department.

(b) There is generally lack of primary records.
(c) Encoded data exists.
(d) There is loss of audit trail.
(e) Data needed for audit purposes may be overwritten.
(f) Program controls may be important to ensure the completeness and accuracy of
accounts records.
(g) They require specialist expertise.
(h) Availability of computer time. Use of CAATs involves the use of the client’s
computer facilities.

2 Effect of computers on the work of auditor

The client may use a computer to produce all or part of the financial accounting data.
The auditor may be able to use a computer to assist in his audit, particularly, when the
client has a computer system. When the auditors note that the client system on which
they are to audit are computerized the auditors should:

 Consider whether they are generally competent to complete the assignment

successfully as required by the competence, due skill and care ethical requirement.
If not they should consider withdrawal.
 Assign proficient and experienced staff in auditing computerized environment.

2.1 Uses of computers in managing an audit engagement

Computers affect the work of the auditor in two ways. The client may use a computer to
produce all or part of the financial accounting data. Secondly the auditor may be able to
use a computer to assist in his audit, particularly, when the client has a computer system.

Auditors can use computers in the following ways

(a) Flowcharting client’s systems.

207

AUDITING
(b) Evaluation of audit risk - a computer can record assessments of audit risk in a
word processing package and may give guidance to the level of testing required
via an expert systems shell.
(c) Preparation of audit programmes.
(d) Analytical procedure.
(e) Preparation of audit working paper. All this can be done using commercially
available packages or specialist programs written in-house.
(f) As automated working papers
(g) Auditors can use software packages to perform audit functions such as analytical
procedures, or drawing statistical samples on which to perform their audit tests
(h) Computers can also be used by auditors as a decision support system, for
example, through automation of checklists, materiality estimations etc.
(i) Computer Assisted Audit Techniques (CAATs)

Auditors should also properly plan and determine the best or suitable approach to their
computerized clients by considering ‘auditing around the computer’ and ‘auditing
through the computer’.

2.1.1 Audit around the Computer

This audit approach assumes that auditors could fulfill their function without having any
detailed knowledge of what is happening inside computers. Audit tests concentrate on
inputs and their corresponding outputs, ignoring the processing procedures within
computer programs. This can be a suitable approach where there is less risk of
misstatements or where auditors have limited knowledge of programs and are satisfied
that they can still obtain sufficient and reliable evidence from these sources only.

2.1.2 Audit through the Computer

This involves an examination of the detailed processing routines of the computers to
determine whether they are adequate and reliable in processing of date. Typically,
auditors use computer assisted audit techniques (CAATs), discussed below, to achieve
this task.

3 Internal controls in computerised accounting system

There are two classifications general controls and application controls.

3.1 General controls

These controls cover the general environment within which application controls operate.
Such controls can be expected to be relevant to all applications.

The objective of such controls is to ensure the integrity of application development and
implementation and to ensure that computer operations are properly administered to
protect hardware, programs and data files.

208

AUDITING
The Auditing Guideline envisages controls in the following areas and the control
objectives for each area:

(a) Controls over systems development (application development)

 To ensure developments are fully authorised.
 To ensure proper standards are followed during development.
 To ensure changes are properly tested and documented.

(b) Controls to prevent/detect errors during program execution

 To ensure any errors arising are noted and resolved.

(c) Controls to prevent/detect changes to data files

 To ensure changes are authorised.
 To ensure changes are made accurately.

(d) Controls to ensure continuity of operations

 To ensure the system can continue to function in the event of disaster or
breakdown.

3.1.1 Control techniques for general controls

ERRORS DURING CHANGES TO DATA CONTINUITY OF

PROGRAM FILES OPERATIONS
EXECUTION
 Back up procedures
 Systems software should  Prior authorisation
report errors e.g.,;  Standby arrangements
wrong file  Password protection
 Testing back up
 Detailed operations  Back up files procedures

 Job scheduling  Record of amendments  Protecting against fire

for subsequent checking and
theft
 Physical protection of
files  Maintenance agreements

 Insurance

 Several Copies of files

GENERAL
CONTROLS

SYSTEMS DEVELOPMENT

209

AUDITING
APPLICATION PROGRAM CHANGES INSTALLATION,
DEVELOPMENT MAINTENANCE &
DOCUMENTATION
 Systems design
standards  Supervision and training  Testing and documentation
should be kept
 Programming standards  Authorisation of changes
 Protection of systems
 Testing procedures  Documentation of software (read only memory)
changes
 Segregation of duties
 Full documentation  Password protection to (programmers, operators,
prevent unauthorised users)
access
 Approval by users  Good quality
before implementation  Back up of programs documentation

 Internal audit  Physical protection of

involvement files
 Rotation of duties
 Segregation of duties  Thorough testing
between development  Approval of changes
and operations

3.2 Application controls

They cover the transaction and master files which are specific to an individual
application. they consist of both manually - performed and computer-performed controls.

Their objective is to ensure the completeness and accuracy of all processing and the
validity of the accounting entries made.

They fall under the following six main headings and the control objectives for each are:

(1) Completeness of input

 To ensure that a document is raised for every transaction.
 To ensure that each document is input in timely fashion.

(2) Accuracy of input

 To identify the accuracy of data fields on input transactions.

(3) Authorisation of input

 To ensure that each transaction is authorised.

210

AUDITING
 To ensure that the individual who authorised the transaction was empowered to do
so.

(4) Controls over processing (updating)

 To ensure that all input date is processed.
 To ensure that the correct version of master files and standing data files are used.
 To ensure that the processing of each transaction is accurate to produce accurately
updated master files.

(5) Control over output

 To ensure that output is checked for completeness and accuracy.
 To ensure that output is properly distributed and actioned.

(6) Controls over master files

 To ensure that all data held on master files is accurate and up-to-date.
 To ensure that any amendment to standing data is properly authorised.

The control techniques for application controls under six headings are shown below.

211

AUDITING
3.2.1 Control techniques for application controls

PROCESSING OUTPUT MASTERFILE

 Batch reconciliation  Check batch control  Check amendments on a

output to inputs one to one basis

 Run to run totals to  Summary of totals  Periodic printout and

ensure checks
completeness  ‘End of Report’ message
 Record counts checked
 Summary processing eg;  Checklist for distribution
check total depreciation of output  Independent control
equal to summary of totals
individual elements  Follow up exception
reports
 External file labels

 Internal file labels

APPLICATION
CONTROLS

INPUT

COMPLETENESS ACCURACY AUTHORISATION

 One for one check ie;  Check digit verification  Manual authorisation
each input checked to
output  Reasonableness checks  Clerical review of
 Batch control totals to ensure data within transactions
 Harsh documents certain ranges
 Documents counts
 Sequence checks  Existence checks e.g; to  One for one checking of
 Matching each master- check that customer Amendments to
file record to a transaction account exists standing data
record
 Manual control e.g;  Programmed checks on
batch controls and authorisation limits
arithmetic checks

212

AUDITING
It should be noted that techniques which control the accuracy of input and processing will
help to control master file data. As master file standing data items are used many times
over in processing they take on a greater importance than transaction data and more
costly controls such as one-for-one checks may be justified.

3.3 Some controls explained

(a) Physical controls

Designed to limit accesses to computer room, for example.

(b) Back up files

The creation and updating of an identical back-up disk for every disk in the system.

(c) Data filing

The need for a filing system, each disk should be labelled clearly following a certain
pattern.

(d) Proofing
This is manual checking to control data on disk. It is normally carried out after data has
been keyed onto the disk for the first time.

Mistakes identified during proofing should be corrected and corrections proofed.

(e) Passwords
When a disk contains information that should not be widely available (eg; data
concerning salaries) it is possible to hide it, using a password.

(f) Date/Time Stamps

Most computers have their own internal controls and calendars and will automatically fill
in a program’s requests concerning time and date.

(g) Prompts
Controls designed to ask the user if he/she is sure that the deletion command was
intentional for example.

(h) Check digits

A means of control in that they ascertain whether or not a number is valid. The computer
will detect if the number is ever input incorrectly eg; through transposition.

(i) Batch totals

A batch (or control) total is the sum of one of the numerical fields on the documents in
the batch eg; total of the sales invoice values. The computer calculates the batch total and
this is compared with the manually calculated total.

213

AUDITING
(j) Hash total
Works in a similar manner as batch total. Unlike the batch total the value of the hash
total is meaningless but it is still useful for control purposes to detect errors on input or
omissions (eg; a total of customer account numbers).

(k) Reasonableness checks

The program will check to ensure that the data input is reasonable given the type of input
it is eg; hours recorded for a week should fall between 30 and 50.

(l) Existence checks

The computers will check to ensure that the data input is valid by checking that the entity
already exists in the system.

(m) Dependency checks

Data input fields can be compared with other fields for reasonableness eg; check that tax
is a sensible amount as compared with the net amount.

3.4 The relationship between application and general controls

It may be appropriate for the auditor to concentrate upon application controls before
deciding how far to proceed with examining general controls. The reasons for this are as
follows:

(a) Application controls can be more easily related to a specific control objective, and
therefore a specific audit objective, than can general controls.
(b) Application controls can be more easily tested by using specific transactions to act
as a medium for the test which is then performed either clerically or by using
computer-assisted audit techniques.
(c) As a result of (a) and (b) the testing of application controls may be effective than
general controls.

There are, however, certain reasons for still considering general controls may be highly
relevant to the auditor:

(a) If application controls become concentrated in the computer department, the

environment within which the application controls function will be fundamental.
(b) If certain application controls are lacking the auditor may attempt to limit his
substantive testing by placing more reliance on general controls.

Auditing guideline sets out these basic rules relating to audit testing of controls:

(a) The auditor can test and rely on general controls alone without having to test
application controls.
(b) The auditor can test and rely on manual application controls alone without having
to test general controls.
(c) In order to rely on programmed application controls the auditor must first be
satisfied with general controls. This is because if the controls covering the whole

214

AUDITING
 computer environment are poor, then the programmed application controls within
it will be worthless.

4 Use of Computer Assisted Audit Techniques (CAATs)

These are audit techniques that use computer applications as the primary tool. Uses
generally include sampling, statistical analyses and exception reporting. The internal
audit department uses specialized software for this purpose.

4.1 Audit software

Audit software comprises computer programs used by the auditor to examine an
enterprise’s computer file. It may consist of generalized package programs, specially
written programs or the client’s own programs.

4.1.1 Generalised package programs

These are programs already written either by the auditor or a specialist software company
which are designed to be used on different types of machines. They need to be tailored to
each specific case by defining the format of the files to be interrogated and by specifying
the parameters of output data required and the form of that output. In some cases
supplementary program coding is required.

4.1.2 Specially written programs

In some cases it is not possible to adapt program due to the type of machine, processing
or file organisation used. In such cases a purpose-written program is required. It could
be written by the auditor himself, by a software specialist or by the client acting on the
instructions of the auditor. In all cases it should be fully tested before being used
‘live’.

4.1.3 The client’s own programs (‘enquiry programs’)

These can often be useful to the auditor. For example, when using a terminal it is
necessary to use the existing enquiry programs to refer to data held on files, or to obtain a
print-out of parts of a file. In many cases, however, the client’s own programs will not
provide all the facilities needed by the auditor. It is likely that the team responsible for
writing the enquiry programs produced the rest of the system and there is therefore a
danger that the defects apply to all such programs in the system.

Uses of audit software

Audit software may be used during many audit testing procedures. Its use is particularly
appropriate during substantive testing of transactions and balances, as it may scrutinise
large volumes of data and extract information leaving skilled manual resources to
concentrate upon the investigation of the results.

215

AUDITING
Typical uses of such programs include:

1) Calculation checks
Here the program adds the value of open items on a file to ensure that they agree with
control records which are maintained.

2) Detecting violation of systems rules

The program checks all accounts on the sales ledger to ensure that no customer has a
balance above a specified credit limit.

3) Detecting unreasonable items

This is a check that no customer is allowed trade discount of more than 50%, or that no
sales ledger balance is more than total sales made to that customer.

4) Conducting new calculation and analyses

This involves obtaining a statistical analysis of stock movements to identify slow-moving
items.

5) Selection of items for audit testing

This involves obtaining a stratified sample of sales ledger balances to be used as a basis
for a debtors circularisation.

6) Completeness checks
This does checking continuity of sales invoices to ensure they are all accounted for.

Difficulties in using computer audit programs

1) Costs
There will be substantial set-up costs even in using a generalised package. This is
because the client’s procedures and files need to be investigated thoroughly prior to
identifying audit tests. The use of specially written programs will be even more
expensive.

2) Changes to client’s systems

These can mean costly alterations to the programs or at least require the programs to be
run regularly during the year to test the system at different dates.

3) Small installations
There may be no suitable audit software package for use on mini-computer or micro-
computer installations. Software documentation may be incomplete so that it is very
difficult to identify all procedures. It may be impossible to justify and hence recover the
cost of specially written audit software.

4) Over-elaboration
There may be a tendency to produce over-elaborate enquiry programs which are
expensive to develop, take up considerable computer running time and extensive
reviewing time. The auditor should be able to justify the costs of using the program to
the benefit in audit terms of its use.

216

AUDITING
5) Quantities of output
An enquiry program may produce huge quantities of output. This may be because the
system is wrong or the enquiry program was badly designed. To avoid this problem
some packages can be set to terminate after a given number of items have been included
in the count. The auditor must distinguish between cases when he has merely misjudged
the parameters and obtained too large a sample and cases where the print-out is long
because lots of items are wrong. In the latter case he must follow the audit work through
and consider the implications of the problems encountered.

6) Version of files used in the test

The audit software only tests the files against which it is run. It is therefore preferable to
use the software on the actual files of the client. The permission of the client is needed
and the software must be carefully tested prior to its use on ‘live’ data.

An alternative approach is to run the programs against copies of the data file. To be valid
there must be adequate general controls to ensure that the client uses the same file.
Provided this is so the use of copy files enables the auditor to be more flexible in
deciding when to test and to retain the copy files for further testing.

4.2 Test data

Audit test data consists of data submitted by the auditor for processing by the client’s
computer-based accounting system. It may be processed during a normal production run
(running test data ‘live’) or during a special run at a point in time outside the normal
cycle (running the test data ‘dead’.)

Test data could be held in the form of a batch of documents put through the system to test
both manual and computer controls. It is more often meant to refer to data recorded
on magnetic tape or disk used to test programmed controls. Its primary use is in the
testing of application controls.

Note that the use of test data is not confined to the external auditor. It is a method used
by programmers, analysts and internal auditors as part of systems development and
monitoring procedures. There may be scope for co-operation between internal and
external auditor in creating such test data.

Use of test data

There are three major approaches:

i. Using live data

At its simplest level the auditor could use real data that has been processed which
involves the controls he wants to test. The auditor should then predetermine the results
which he would expect from the processing of the data. Later checks are done to confirm
that the actual processing has been carried out in the expected way and investigate any
differences.

217

AUDITING
This method is not usually feasible. The auditor will usually want to use a collection of
normal, exceptional and even absurd data to test controls. He is unlikely to find all these
conditions in a batch of data. The vast bulk of day-to-day items will contain few
exceptions and no absurd data. It would take the auditor a long time to find a suitable
range of data items to use.

ii. Dummy data in a normal production run

The auditor constructs a series of dummy transaction which contain the required
condition. These are processed along with normal data. Actual results are then compared
with predetermined results.

This method has the advantage of producing a realistic test environment. The client’s
actual programs and data files are being used in the test.

The dangers of this method are, however, considerable. Computer-generated

documentation may have to be intercepted before it is released. There may be a need to
reverse the transactions after testing to eliminate the effects of test data. This may be
time-consuming and require program amendments. It may distort management
information by swelling the number of cancelled orders and credit notes. It would indeed
be ironic if a client’s accounting records were corrupted by the auditor’s own test data.
Therefore great care is needed in planning and controlling the test.

iii. Dummy data in a special run

In this method the auditor creates special data and uses it against copies of the client’s
data files. The dangers associated with ‘live’ testing are therefore largely eliminated
although the interaction of one file with another must still be carefully considered.

It is still essential to obtain the client’s permission which reduces the independence of the
test. It is also necessary to obtain assurance that the program being used in the test is
identical to that used by the client for production runs and not a special program kept
aside for the auditor’s use!

Difficulties in using audit test data

i. Costs
There may be considerable costs involved in ascertaining the relevant controls and in
constructing test data from scratch. It may be very difficult to identify all relevant
conditions. The need to predetermine the results manually may be both time-consuming
and tedious. These costs, however, are normally substantially less than for audit
software.

ii. Objectives of the test

Test data is likely to be confined to tests of control and therefore may be less valuable in
audit terms than using audit software.

iii. Dangers of live testing

218

AUDITING
Careful planning and control is needed to expurgate the test data from the records.

iv Dangers from testing during a special run

If special test runs are used, an artificial testing environment is created. Assurance is
needed that the normal programs and files have been used.

v. Recording
The use of test data does not necessarily provide visible evidence of the audit work
performed. Working papers should therefore include details of the controls to be tested,
an explanation of how they are to be tested, details of the transactions and files used,
details of the predicted results, the actual results and evidence of the predicted and actual
results having being compared.

4.3 Other techniques

There are other more sophisticated techniques do exist and they could be tested perhaps
in part of a question. Try to grasp the main principles and don’t spend too much time on
this section. In many cases the techniques were first developed for internal purposes e.g.
during program development. They often require considerable IT expertise to be used
accurately.

4.3.1 Integrated test facilities (ITF)

This is an extension of the test data technique. The system is designed at the output stage
to handle audit test data without unwanted side effects. The auditor uses test data, input
as part of a normal run, and applied to ‘dummy’ test records held on master files. The
weakness of this is that there is a danger of test data being subject to special procedures
which are not applied to normal transactions.

ITF allows test data to be left in the system to see what happens eg; a dummy sale record
eventually creates an overdue sales ledger balance. The auditor can use ITF to carry out
regular testing of the system without using a special test run and indeed without being
present during processing.

ITF is used largely to test application controls.

4.3.2 Embedded audit facilities

A wide variety of terms is used to describe this technique, including ‘intergrated audit
monitors’, ‘resident audit software’ and ‘intergrated audit modules’. It consists of a
module of a computer program written by the auditor which is incorporated into the
client’s computer system either temporarily or permanently.

This technique allows tests to be made at the time the data is being processed. It is ‘real
time auditing’. it is useful where the audit trail is deficient so that historical audit work is
difficult, or where files are constantly being updated eg; in a real time or database system.
The facilities may allow results to be printed immediately or to be written onto tape or
disk for later evaluation by the auditor.

219

AUDITING
This technique may achieve the following objectives:
(a) To store information as it is processed for subsequent audit review.
(b) To check the integrity of files which are being processed.
(c) To spot and record items which are of some special audit interest, as previously
defined by the auditor.

4.4 Considerations affecting use

The main issues the auditor needs to consider whether to use CAATs are.

 Computer knowledge, expertise and experience of the audit team

 Cost/benefit analysis
 Availability of CAATS and suitable computer facilities.
 Impracticability of manual tests if no visible evidence is available.
 Time available

4.5 Advantages and disadvantages of Computer Assisted Audit Techniques

Using CAATs can benefit the auditor in a number of ways as noted below.

4.5.1 Advantages of Computer Assisted Audit Techniques

(i) In a computer-based system the large volume of transactions is likely to force the
auditor to rely upon programmed controls. CAATs are likely to be the only
effective way of testing programmed controls.

(iii) The use of CAATs will enable the auditor to test a much larger number of items
quickly and accurately and therefore increase the confidence he has in his
opinion.

(iv) CAATs enable the auditor to test the accounting system and its records (ie, the
tapes and disk files) rather than relying upon testing printouts of what he believes
to be a copy of those records.

(v) Once set up CAATs are likely to be a cost effective way of obtaining audit
evidence provided that the enterprise does not regularly change its systems.

(v) Careful planning by the auditor should enable the results of his work using

4.5.2 Disadvantages of Computer Assisted Audit Techniques

However, using CAATs has its challenges, which are listed below.

220

AUDITING
(i) CAATs can be expensive and time consuming to set up, the software must either be
purchased or designed (in which case specialist IT staff will be needed);
(ii) Client permission and cooperation may be difficult to obtain;
(iii) Potential incompatibility with the client's computer system;
(iv) The audit team may not have sufficient IT skills and knowledge to create the
complex data extracts and programming required;
(v) The audit team may not have the knowledge or training needed to understand the
results of the CAATs; and
(vi) Data may be corrupted or lost during the application of CAATs.

End of Chapter Questions

Question 1

You are responsible for training in your audit firm. You have been asked to make a presentation
to junior employees on the audit of a computer based accounting system.

Required
a) Explain the effects of computerization of an accounting system on:
i. The client company 4 Marks
ii. The auditors work 4 Mark
b) Explain the following terms with regard to audit in a computerized system:
i. Audit software 3 Marks
ii. Test data 3 Marks
c) State any two manual controls and two automated controls in such a system.
4 Marks
d) Define a data base management system (DBMS). 2 Marks
(TOTAL : 20 MARKS)

221

AUDITING
 SECTION F
Review and reporting

222

AUDITING
 CHAPTER 14

AUDIT COMPLETION

Topic list

1. General reviews of financial statements

2. Opening balances and comparatives
3. Events after the reporting date
4. Going concern
5. Management representations
6. Audit completion

Learning outcomes
 Perform appropriate analytical reviews and consistency reviews to see whether
information as a whole make sense.
 Assess whether opening balances for the current period financial statements were
properly brought forward from previous periods
 State whether all the comparative information from previous periods has been
properly disclosed, and they seem to be consistent with current period.
 Review any event occurring after the reporting date and whether they have any effect
on financial statements under review.
 Obtain any other additional information and explanations through management
representations.

Introduction

Upon completion of detailed audit tests over different transactions and account balances
contained in the financial statements, the auditor should carry out such additional reviews
deemed necessary to all the findings in focus to draw an overall picture they portly. The
auditor should consider the following areas.

1. General Review of Financial Statements.

At the end of an audit, after the bulk of an audit work has been completed, but before
auditors can give an opinion, there are various other procedures that auditors must
undertake.

ISA 700 requires auditors to carry out such reviews of financial statements as is
sufficient, in conjunction with the conclusions drawn from other evidence obtained, to
give them a reasonable basis for the opinion on financial statements.

223

AUDITING
Firstly auditors should consider compliance with regulations governing the preparation
and presentation of financial statements, by confirming that;
 Presentations are overall in compliance with the Companies Act
 Accounting policies employed are reasonable and are consistent with appropriate
financial reporting framework, in this case the internationally generally accepted
accounting principles (GAAP).

Review of Consistency and Reasonableness

The auditor should consider whether the financial statements are consistent with
knowledge of the entity’s business and with results of other procedures and the manner of
disclosure is fair by considering the following issues;
 Whether they adequately reflect the information and explanations obtained and
conclusions drawn during the course of the audit.
 The presence of any new factors which may affect the presentation of, and
disclosures in the financial statements.
 An assessment of the results of analytical procedures, as to whether financial
statements as a whole are consistent with auditors’ knowledge of the business
 An assessment of any apparent undue influence or pressure that may have been
exerted on directors or management and may have an effect on the presentations.
 Consider potential impact on financial statements of aggregating all uncorrected
misstatements.

2 Opening Balances and Comparatives

Opening balances are those account balances that existed at the beginning of the period,
brought forward from the previous periods closing balances.
Comparative figures are amounts and other disclosures of preceding periods included for
comparison with current periods financial statements, but do not form part of the current
periods’ financial statements, though it is the Companies Act requirement that they be
presented.

The extent to which the auditor would need to check them depends on whether it is the
auditor’s first or continuing audit, and whether prior periods were audited or not.

ISA510 requires auditors to obtain sufficient appropriate evidence that;

 Opening balances do not contain misstatements that may materially affect current
period financial statements.

224

AUDITING
  The prior period’s closing balances have been duly brought forward as current
periods opening balances.
 Appropriate accounting policies have been consistently applied, and that any
changes to policies were reasonable and have been properly accounted for and
adequately disclosed.

The auditor should consider their effects on his opinion if, either he is unable to obtain
sufficient appropriate evidence concerning opening balances, or
If the effects of any misstatements in the opening balances were not properly accounted
for and adequately disclosed

ISA710- Although the auditor is not reporting on prior periods financial statements, he
should carry out appropriate tests to determine whether the comparisons comply in
material respect with appropriate financial reporting framework and consistent
application of policies for ease in comparison.
 Where prior periods financial statements were not audited the auditor should state
in his report.
 Where material misstatements are discovered in prior periods figures which have
material effects on the current period financial statements, auditors should discuss
with management for amendment in accordance with International Accounting
Standard (IAS) 8, or qualify his report to the extent of their materiality if not
amended.

3 Events occurring after the reporting date (Subsequent Events)

International Accounting Standard (IAS) 10 classifies events occurring after the balance
sheet date as;

Adjusting events: Events that provide additional information or evidence on

conditions that existed at the reporting date
Non-adjusting events: These events are new and completely relate to the accounting
period after the reporting date.

ISA560- The auditors’ responsibility is to design and perform audit procedures to obtain
sufficient appropriate audit evidence that all events up to the auditors’ report that may
require adjustments or disclosures in the financial statements have been identified and
appropriate adjustments made by management.

225

AUDITING
If such events occur and management does not make appropriate adjustments where the
auditor believes they need to, the auditor should consider the impact on financial
statements and report to the extent of their materiality.

The auditor should continue monitoring the occurrence of such events after the report but
up to the financial statements issuing or passing date, and if he becomes aware of facts
that may materially affect financial statements and need amendments and management do
not amend the financial statements, and the facts would change the audit opinion, he
should issue another report or opinion to replace the prior one. The auditor is generally
not responsible for events after that date.

4 Going Concern

Going concern is an assumption that an entity shall continue operational into the foreseen
future (at least twelve months from the reporting date). This means that there is neither
intention, nor do there exist conditions that may force it to close down or severely curtail
its current operations. This assumption has the effect on presentation of information in
financial statements, for example, the distinction between current and non-current items.
The alternative, if no going concern is assumed, is to present information on a realization
basis.

The auditors’ responsibility is to assess the appropriateness of the use or non-use of the
going concern assumption in preparation of financial statements by considering the
possible impact of any apparent factors that may affect its ability to continue as a going
concern. Such factors may include (the list is not exhaustive):

Financial Indicators;
 Liquidity problems such as adverse current and quick ratios
 Poor profits or constant loss making
 Inability to raise new capital when required
 Major restructuring of debt
 Substantial sale of non-current assets without replacement possibility etc.

Operational indicators;
 Loss of key management without appropriate replacement
 Loss of key markets, suppliers and chains or franchises
 Fundamental changes in technology to which the entity is unable to adequately
adapt or renders its key products obsolete.
 Labour difficulties including shortages and unrests.

226

AUDITING
Other indicators;
 Non-compliance with pertinent regulations
 Major litigations faced by an entity
 Changes in legislation or government policies

Audit Procedures
 The auditor should remain alert, throughout the audit, for evidence or conditions
which may cast doubt on the entity’s ability to continue as a going concern.
 He should also enquire from management as to its knowledge of any such events
that may indicate future problems.
 He may carry out additional analytical procedures, particularly those that may
help predict business failure such as the Altman’s Z score, a combination of a
number of accounting ratios.
 He should also assess the possible effects of such indicators, for example, non-
compliance with major regulation or liquidity or cash flow problems may bring an
entity to a quicker end than loss making.
 He should note the presence of any mitigating factors to some identified
problems.
 The auditor should also obtain management future plans and management
representation on matters involving the entity’s going concern.

If such matters or uncertainties exist and the auditor is still in doubt as to whether going
concern can be assumed, he should qualify the report to the extent that financial
statements are misleading. If material uncertainties exist and management has recognized
and properly disclosed them, the auditor should not qualify but only modify his report
through an emphasis of matter paragraph.
He should qualify (adverse opinion) his report otherwise. However if the uncertainties are
pervasive he should qualify (adverse opinion) his report whether they have been properly
disclosed or not.

5 Management Representations

This is the acknowledgement of management of their responsibility for financial

statements for their fair presentation and in accordance with relevant financial reporting
framework and supply specific information to the auditor as may be needed from time to
time during the course of audit.

Auditors should obtain written confirmations from management on matters material to

financial statements when other sufficient appropriate evidence cannot be reasonably
expected to exist, for example, where knowledge of the facts of some matters may be

227

AUDITING
confined to management. They help to confirm auditors’ understanding of oral
representations made by management during the course of the audit.

When relying on representations the auditor should;

 Seek corroborative evidence from other sources
 Evaluate the reasonableness of the representations and their consistence with
other relevant information.
 Consider the responsibility of those making representations and if they appear to
be well informed on particular matters.
 Evaluate any representations that seem to contradict other evidence and consider
whether it casts doubt on the reliability other evidence from the representations.
 If management refuses to provide written representations the auditor should
consider the extent to which that represents a limitation of scope and
appropriately qualify his report.

ISA 240 requires the auditor to obtain written representations from management and
those charged with governance that:
 They acknowledge their responsibility for the design, implementation and
maintenance of internal control to prevent and detect fraud.

 They have disclosed to the auditor management’s assessment of the risk of fraud in
the financial statements.

 They have disclosed to the auditor their knowledge of fraud/suspected fraud

involving management, employees with significant roles in internal control, and
others where fraud could have a material effect on the financial statements.

 They have disclosed to the auditor their knowledge of any allegations of

fraud/suspected fraud communicated by employees, former employees, analysts,
regulators or others.

Written representations can take the form of;

 Representation letter from management.
 A letter from the auditor outlining his understanding of management
representations due for management acknowledgement.
Relevant minutes of meetings

Elements of management representation letter;

 Should be addressed to the auditor
 Contains specified information
 Be appropriately dated and signed by management.

228

AUDITING
A management representations letter is different from and should not be confused with a
management letter (or letter of control weaknesses) referred to in chapter 10.

6 Audit Completion

The auditor should complete the audit work by carrying out the following procedures;
 Summarize and aggregate all uncorrected misstatements from different area and
assess their overall impact on financial statements and his opinion.
 Revisit the previously assessed audit risk levels and evaluate the adequacy of
evince obtained as a reasonable basis on which to base the overall audit opinion
which is not inappropriate.
 Prepare a completion checklist outlining all the audit work performed and assess
their adequacy against the audit program, carrying out limited additional work
where necessary.
 Form an overall opinion on financial statements.

End of Chapter Questions

Question One

When finalizing an audit process the auditor needs to review a number of other issues before
arriving at the final conclusion of the audit. These include: contingent liabilities and their related
provisions, opening balances and comparative figures, and subsequent events amongst others.

Required:

i. Define a contingent liability 3 marks

ii. What audit procedures would you carry out to confirm the adequacy of disclosure of
contingent liabilities and their related provisions in the financial statements of an entity.
5 Marks
iii. State the audit objective and procedures with regard to the following:
(i)Opening balances and comparative figures. 3 Marks
(ii) Subsequent events (events occurring after the reporting date) 3 Marks
(TOTAL: 14 MARKS)

229

AUDITING
 CHAPTER 15

NATURE AND FORMS OF AUDIT REPORTS

Topic list

1. Stakeholders to the statutory audit

2. Nature of standard audit reports on historical financial statements
3. Modifications and their bases
4. Management Report

Learning outcomes

 Identify other immediate stakeholders to the report and the auditors’ responsibility
towards them.
 Identify key parts and appropriate wording in the audit report.
 Explain all forms of modification to the reports and circumstances under which
such modifications are appropriate.
 State the purpose and contents of the management (weaknesses) letter issued to
those charged with governance of an entity in addition to the main report.

Introduction

Once the audit process is completed the auditor should compile a report, as the product of
assurance service designed to enhance the reliability of financial statements, which are
prepared by the company’s management to users in this tripartite relationship, by
expressing an opinion on them. The opinion is expressed in form of an audit report. This
audit report is usually addressed to shareholders, but it can also be addressed to other
persons charged with governance of the organization.

This chapter will firstly examine the standard audit report and its pertinent components.
This will be followed by a consideration of some specific variations, especially arising
from modifications where the auditor expresses some reservations on his findings. It will
finally look at the management report which the auditor produces as a by-product of the
main report.

1 Stakeholders to a statutory audit

The audit has a clearly identified (and statutory) purpose which is to provide an
independent opinion to the shareholders on the truth and fairness of the financial
statements that are prepared by the board of directors.
Audit affects a wide variety of people (we refer to them as ‘stakeholders’) who have
different expectations. For example, we know that shareholders (as the main
stakeholders) want the audit to serve and protect their interests in the organizations they
own but:

230

AUDITING
  Directors may want auditors to support them in discharging their responsibilities;
 Managers may want auditors to understand their organizations and add value by
providing business advice and helping them to access finance at reduced cost;
 Audit regulators may want auditors to be accountable for meeting clear standards
of performance and maintaining audit quality;

 Regulators of organizations may see the audit as providing comfort that

organizations are complying with their rules and regulations;
 creditors and lenders may see the audit as providing comfort that organizations
will continue to be able to pay for goods and services or finance;
 Audit firms may want auditing to provide challenging and rewarding work for
auditors so that they can attract the brightest and best; and
 Employees may want the audit to provide some comfort about job security and
the future direction of the organization. The audit might be seen as one way of
seeking some comfort over this.
The above stake holders can be depicted in a diagram as follows:

Shareholders
S
T Directors
A
Management
K
E Audit regulators (like MAB)
Statutory Audit H
Regulators of organizations
O
L Creditors and lenders
D
E Audit firms
R Auditors
S
Employees

It should be recognized that within each broad category of stakeholder group (including
shareholders) there are likely to be a number of different and potentially conflicting
expectations to be met.

231

AUDITING
2 Nature of Standard Audit Reports on Historical Financial Statements.

The auditor has duty under the Companies Act to examine financial statements and other
relevant information and form an overall opinion on them and present a report to the
shareholders.

This report, whose structure and contents are laid out according to the audit standards
such as International Standards on Audit, unless otherwise stated, implies fulfillment of
the conditions outlined in Act as follows:
 Proper accounting records have been kept as a basis for the preparation of
financial statements.
 Proper returns from the branches not visited have been received
 Reports are in agreement with books of accounts
 Auditors have received all necessary information from directors
 Directors report is consistent with the reports

ISA700 – Auditors’ report on financial statements contains a clean expression of opinion

based on reviews and assessments of the conclusions drawn from evidence obtained in
the course of the audit.

The standard auditors report has the following elements:

 Title
 Addressee (addressed to those charged with corporate governance)
 An introductory paragraph identifying financial statements audited
 Respective responsibilities of directors and auditors
 Description of audit scope, findings and the basis of the audit opinion.
 Auditors’ opinion on financial statements
 Auditors’ signatures
 Date of the report.

Unmodified (or Unqualified) Reports

This is a clean report in which the auditor states in his opinion that financial statements
give a true and fair view of the financial position of the company as on the reporting date,
and of its financial performance and cash flows for the year then ended in accordance
with International Financial Reporting Standards and in accordance with provisions of
the Companies Act 1984, so far as concerns the members of the company.

232

AUDITING
Implied information

Unmodified (or unqualified) audit reports may not appear to give a great deal of
information. The report says much, however, by implication. Remember that the
auditor’s report by exception, so an unmodified report tells the user that, for example:
 Adequate accounting records have been kept.
 The accounts agree with the records.
 The auditors have received all necessary information.
 All directors' transactions have been disclosed.
 The directors' report is consistent with the accounts.

The real problem here is that, unfortunately, most users do not know that this is what an
unmodified audit report tells them. This issue is also confused by the fact that many users
do not understand the responsibilities of either the auditors or the directors in relation to
the financial statements.

Note:
According to ISA 700, an unqualified opinion may be expressed only when the auditor is able to conclude
that financial statements give a true and fair view in accordance with the identified financial reporting
framework.

Example of an Unmodified/Unqualified audit opinion taken from ISA 700 is given

below:

Independent Auditor’s Report

To the Members (or shareholders) of XYZ Limited

We have audited the company and consolidated financial statements of XYZ Limited as
set out on pages xx to xx, which comprise the statement of profit or loss and other
comprehensive income for the year ended 31 March 20x6, the statement of financial
position, statement of changes in equity and the statement of cash flows for the year then
ended and summary of significant accounting policies and other explanatory notes.

Management’s Responsibility for the Financial Statements

Management is responsible for preparation and fair presentation of these financial
statements in accordance with International Financial Reporting Standards and in a
manner required by the Companies Act, 1984. And for such internal controls as the
directors determine is necessary to enable the preparation of financial statements that are
free from material misstatements, whether due to fraud or error.

233

AUDITING
Auditor’s Responsibility
Our responsibility is to express an opinion on these financial statements based on our
audit. We conducted our audit in accordance with International Standards on Auditing.
The standards require that we comply with ethical requirements and plan and perform the
audit to obtain reasonable assurance whether financial statements are free from material
misstatements.

An audit involves performing audit procedures to obtain audit evidence about the
amounts and disclosures in financial statements. The procedures selected depend on the
auditor’s judgment, including the risk of material misstatement of financial statements,
whether due to fraud or error. In making those risk assessments, the auditor considers
internal controls relevant to the entity’s preparation and fair presentation of the financial
statements in order to design audit procedures that are appropriate in the circumstances,
but not for the purpose of expressing an opinion on the effectiveness of the entity’s
internal controls. An audit also includes evaluating appropriateness of accounting policies
used and the reasonableness of accounting estimates made by the directors, as well as
evaluating the overall presentation of the financial statements.

We believe that the audit evidence we have obtained is sufficient and appropriate to
provide a basis for our audit opinion.

Opinion
In our opinion, the financial statements give a true and fair view of the financial position
of the group as at 31 March 20x6, and of its financial performance and cash flows for the
year then ended in accordance with International Financial Reporting Standards and in
accordance with provisions of the Companies Act 1984.

Signature of audit firm

ABC
Chartered Accountants
Blantyre, Malawi
26 May 20x6

234

AUDITING
3 Modified (Qualified) Reports

These are issued out where the auditor expresses some reservations on the financial
statements. The circumstances and types of reports that can be issued are summarized in
a modification (qualification) matrix below:

According to ISA 705, modified reports arise when auditors do not believe that they can
state without reservation that financial statements give a true and fair view, to issue
unmodified report. There are two general types of modified reports:
1. Matters that do not affect the auditor’s opinion: emphasis of matter
2. Matters that do affect the auditor’s opinion:
# Qualified opinion (Same as Except for opinion)
# Adverse opinion
# Disclaimer of opinion

Table 2.1 Modification (or Qualification) Matrix

Nature of Circumstances Material but not fundamental Fundamental or

or pervasive pervasive
2a Disagreements Except for……… opinion Adverse
2b Uncertainties or limitation Except for………… opinion Disclaimer of
of scope opinion

For each of the above circumstances the standard audit report wording is similar to the
unmodified report above. However the reservations or misgivings are expressed in the
findings and opinion paragraphs. We in turn consider the circumstances and appropriate
wording in each of the four situations above.

An example for ‘except for’ opinion taken from ISA 701 relating to disagreement is
shown below

Independent Auditor’s Report

To the Members (or shareholders) of XYZ Limited

The first three paragraphs are the same as in an unqualified audit opinion above

Basis of Qualified opinion (arising from disagreements about accounting treatment):

Included on the balance sheet is an amount of KY due from a company which has ceased
trading. Horace Ltd has no security for this debt. In our opinion the company is unlikely

235

AUDITING
to receive any payments and a full provision of KY should have been made, reducing
profit before tax and net asset by that amount.

Opinion
In our opinion, except for the absence of this provision, financial statement give a true
and fair view of the company’s state of affairs as at the reporting date and of its financial
performance and cash flows for the year then ended in accordance with International
Financial Reporting Standards and in accordance with provisions of the Companies Act
1984.

Signature of audit firm

ABC
Chartered Accountants
Blantyre, Malawi
26 May 20x6

An example of an ‘adverse’ opinion

Independent Auditor’s Report

To the Members (or shareholders) of XYZ Limited

The first three paragraphs are the same as in an unqualified audit opinion above

Basis of adverse opinion

As fully explained in the note, no provision has been made for losses expected to arise on
certain long term contracts currently in progress, as the directors consider that such losses
should be offset against amounts recoverable on other long term contracts. In our opinion
provisions should be made for foreseeable losses on individual contracts as required by
the IAS 11 Construction Contracts. If losses had been recognized the effect would have
been to reduce the profit before and after tax for the year and the contract work in
progress as at the year end.

Opinion

In view of the effects of the failure to provide for the losses referred to above, financial
statement do not give a true and fair view of the company’s state of affairs as at the
reporting date and of its financial performance and cash flows for the year then ended in
accordance with International Financial Reporting Standards and in accordance with
provisions of the Companies Act 1984.

Signature of audit firm

236

AUDITING
ABC
Chartered Accountants
Blantyre, Malawi
26 May 20x6

Disclaimer of opinion

Take note that in a disclaimer of opinion, the first three paragraphs as in an unqualified
opinion are excluded. The full wording of a disclaimer is shown below:

An example of a disclaimer of opinion

Independent Auditor’s Report

To the Members (or shareholders) of XYZ Limited

We planned our audit so as to obtain all the information and explanations which we
considered necessary in order to provide us with sufficient evidence to give a reasonable
assurance that financial statements are free from material misstatements, whether caused
by errors or other irregularities. However the evidence available to us was limited
because management did not supply us with all the information we needed in the audit of
existence, rights and obligations and valuation of non-current assets; inventory
receivables and payables appearing in the in the balance sheet at a total of K….. In
forming our opinion, we also evaluated the overall adequacy of the presentation of
information in the financial statements.

Because of the effects of the limitation above, we are unable to form an opinion as to
whether financial statement give a true and fair view of the company’s state of affairs as
at the reporting date and of its financial performance and cash flows for the year then
ended in accordance with International Financial Reporting Standards and in accordance
with provisions of the Companies Act 1984.

Signature of audit firm

ABC
Chartered Accountants
Blantyre, Malawi
26 May 20x6

237

AUDITING
Emphasis of matter

Take note that an emphasis of matter is not a qualification of opinion. The auditor just
wishes to bring to the readers of the opinion an important item. Because it is not a
qualification to the opinion. The emphasis of matter paragraph will come after the
opinion. The opinion is exactly that of an unqualified/unmodified audit opinion, but with
the last paragraph being that of emphasis of matter.

Emphasis of matter paragraphs are used to draw readers’ attention to a matter already
disclosed in the financial statements that the auditor feels is fundamental to their
understanding, provided that the auditor has obtained sufficient appropriate audit
evidence that the matter is not materially misstated.

When an emphasis of matter paragraph is included in the auditor’s report, it comes

immediately after the opinion paragraph and is entitled ‘Emphasis of matter’. The
paragraph must contain a clear reference to the matter being emphasised and to where
relevant disclosures that fully describe it can be found in the financial statements. The
paragraph must state that the auditor’s opinion is not qualified/modified in respect of the
matter emphasised.

The following are examples of situations in which the auditor might include an emphasis
of matter
paragraph in the auditor’s report:
• An uncertainty relating to the future outcome of exceptional litigation or regulatory
action
• Early application of a new accounting standard that has a pervasive effect on the
financial statements

Example of unqualified report with emphasis of matter paragraph

Independent Auditor’s Report

To the Members (or shareholders) of XYZ Limited

The first four paragraphs (all paragraphs) are the same as in an unqualified/unmodified
audit opinion above. The ‘Emphasis of matter paragraph’ comes after the ‘Opinion’
paragraph.

Emphasis of matter
Without qualifying our opinion, we draw attention to note xx to the financial statements
which indicates that as at year end, the company’s total current liabilities exceeded its
total current assets by MKxx million (20x5: current liabilities exceeded current assets by

238

AUDITING
Knn million). This condition indicates the existence of a material uncertainty which may
cast doubt on the company’s ability to continue as a going concern.

Signature of audit firm

ABC
Chartered Accountants
Blantyre, Malawi
26 May 20x6

4 Management Report

Also known as a letter of weaknesses or management letter is the communication from

the auditor to management about matters or weaknesses that came to their attention
during the audit course of work. It is a by-product of the audit work and is normally
written at the end of audit work.

However, should the auditor come across matters which in his professional opinion
requires him to communicate urgently to those charged with corporate governance or
other regulatory bodies like Financial Intelligence Unit, then the auditor will not have to
wait to communicate such matters at the end of the audit work. Instead, the auditor will
communicate to relevant authorities such matters immediately.

It contains:
• A list of weaknesses and inadequacies in accounting systems and control policies
encountered during the course of the audit.
• Explanations of their possible implications, risks and eventualities if uncorrected
on a timely basis,
• Offer recommendations, possible improvements to management on such
weaknesses and inadequacies.
• It may also point out areas where management could be effective or efficient on
economic resources, but auditors should avoid carrying out client’s managerial or
consultancy roles in that capacity.

An interim letter may be issued soon after evaluation of control depending on the nature
or urgency of the matters discovered and their impacts if unattended to timely. An
example of such letters has been covered under the test of controls.

239

AUDITING
End of Chapter Questions

Question 1

a) ISA 700 The Independent Auditor’s Report on a Complete Set of General Purpose Financial
Statements explains the form and content of the audit reports.

Required:

State three ways in which an auditor’s report may be modified and briefly explain the use of each
modification. 5 Marks

b) When asked to explain a qualified audit report, a candidate wrote: “a qualified audit
report is issued when the auditor cannot give an entity’s financial statement a true and
fair view because of material misstatements”.

Required;
i. Comment on the appropriateness of the above explanation and/or give your alternative
explanation if in disagreement with the above explanation. 3 Marks
ii.Distinguish between a disclaimer of opinion and an emphasis of matter with respect to audit
reporting. 4 Marks
12 Marks

240

AUDITING
Appendices

Appendix one:

Suggested Answers to end of chapter questions

Chapter One
Question one

a) An assurance engagement is one in which a practitioner expresses a conclusion designed

to enhance the degree of confidence of the intended users other than the responsible party
about the outcome of the evaluation or measurement of a subject matter against criteria.
3 Marks

b) An assurance engagement has the following elements:

It is a tripartite relationship involving a practitioner, a responsible party, and intended
users. 1 Mark
It should have a subject matter which the practitioner reviews. 1 Mark
The subject matter should be measurable against a suitable criteria 1 Mark
The practitioner should be able to gather sufficient appropriate evidence on the subject
matter. 1 Mark
The practitioner should issue a written assurance report in appropriate form
1 Mark
5 Marks

c) An absolute assurance cannot be issues in most engagements due to the inherent

limitation in the process as a result of:
 the lack of precision often associated with the subject matter 1 Mark
 the nature of the evidence available may also not permit. 1 Mark
 Performance of the engagement is usually not instantaneous with occurrence of
transactions of the subject matter. 1 Mark
 Not all items may be checked, for example, in an audit assurance engagement involves
sampling where appropriate because of the timescale involved. 1 Mark
4 Marks

d) Some examples of assurance and non-assurance engagement include the following:

Assurance engagements:
 Statutory audits on historical financial information 1 Mark
 Review of prospective financial information 1 Mark
 Attestation services 1 Mark

Non-assurance engagements
 To perform agreed-upon procedures regarding financial information 1 Mark
 Liquidation and receivership work. 1 Mark
 Compilation of tax returns, tax planning and advice to clients. 1 Mark
4 Marks

241

AUDITING
 18 Marks

Chapter Two
Question One

a) The UK Companies Act and the USA Securities and Exchange Commission Act
introduced considerable matters to enhance the audit as it is today. They clearly provided
for the following; 2 Marks

 For auditors to be independent of the companies influence

 Audit requirement for the profit and loss and the balance sheets
 Set up a minimum legal enforceable disclosure requirement framework
 Set up a requirement that an auditor should be suitably qualified professional accountant
 Set up specific duties, powers and responsibilities of an auditor.
 Required the auditor to report whether adequate books and records had been kept from
which financial statements were prepared to give a true and fair view, shifting the
primary audit objective from fraud detection.
1 Mark each = 6 Marks
8 Marks

b) Four factors, amongst others, that led to the change of the audit focus from that of fraud
detection to ascertainment of the truth and fairness of financial statements include:
 The expansion of stakeholders to the companies from shareholders to others such as the
financial institutions, stock markets etc
 The shift in appreciation of financial statements as a measure of performance rather than
their accuracy
 The growth of business and volume of transactions such that it was no longer feasible for
auditors t check everything, which lead to the development of the concept of sampling
and materiality.
 The enactment of the above laws above endorsed the shift from fraud detection to
ascertainment of the truth and fairness of financial statements
2 Marks each = 8 Marks

c) In current times, though the main focus of an audit has shifted to ascertainment of the
truth and fairness of financial statements, fraud detection by the auditors is still relevant
as far as it has material effect on financial statement. The primary responsibility to fraud
is the management of the entity. Auditors are required to plan and perform their work
with professional skepticism, suspecting that fraud may occur anywhere within their
scope, otherwise they may be liable for negligence if they give misleading conclusions.
4 Marks

d) True and fair view means information in financial statements is factual and conforms
with reality, and is free from discrimination and bias and is in compliance with expected
standards and rules. It further implies that it reflect the commercial substance of the
business entity’s underlying transactions. 2 Marks
22 Marks

Chapter Three
Question One

242

AUDITING
 a) Corporate governance is about ensuring that companies are run well in the interests of
their shareholders and other stakeholders. It encourages transparency, accountability and
fairness of an entity, and is focused on a number of pillars. 2 Marks

The Board
This is elected or appointed members who jointly oversee the activities of XYZ Ltd. A
board's activities are determined by the powers, duties, and responsibilities delegated to it or
conferred on it by shareholders of the company. 2 Marks

Management
implements policies and strategies of the organisation as set by the board. In the XYZ Ltd
case management seem to have executed their responsibility successfully as turnover has not
only increased by about 20% per annum for the last five years but net profits are also high
2 Marks

Internal audit
It helps an organisation accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management, control, and
governance processes. 2 Marks

External audit
It is the examination of financial statements in order to provide assurance that the statements
have been fairly presented. It aims at enhancing accountability between the board,
management and external stakeholders. 2 Marks
10 Marks

b) Internal Audit is an independent, objective assurance and consulting activity designed to

add value and improve an organisation’s operations. It is an appraisal function that aims
at providing assurance on the adequacy of internal controls. It also aims at providing
recommendations to management and board on how to improve systems of control and
effectiveness of various processes in an organization. Scope of internal audit therefore is
wide and does not confine to financial reporting matters.

Since internal audit reviews the organization as a whole, it therefore, follows that various
assignments can be carried out by internal audit and such engagements can be operational,
financial, compliance or otherwise. Examples of assignments conducted by internal audit
include Value for money audits, Environmental audits, IT audits, Fraud investigations and
many more. In this chapter, the first two have been explained.

Internal audit is therefore an important function as far as achievement of corporate

governance objectives are concerned. 10 Marks
20 Marks

Chapter Four
Question One

a) It is a requirements under the Companies Act for incorporated companies registered by

the office of the Registrar of Companies to submit to the office an audited set of financial
statements for every twelve months of operations. Other entities, such as those in the
public interest may also be required to have financial statements audited.

243

AUDITING
 To auditors of financial statements of these entities must be properly qualified and
independent of them. This is to enhance the degree of confidence with which users of the
financial statements can have on them.

The auditor are required to plan and perform their work to enable them give an opinion as
to whether financial statements of these entities give a true and fair view or not of the
state of the entities affairs during the period under review.
5 Marks

b) This assurance will be obtained not just from knowing that each set of financial
statements has been audited, but knowing that this has been done to common standards.
There is a need for audits to be regulated so that auditors follow the same standards.

In addition to obligations are imposed by the law International Standards on Auditing

(ISAs) are issued by the International Auditing and Assurance Standards Board (IAASB)
to provide guidelines on the performance of the audit.

The authority of ISAs and so on are laid out in the Preface to the International Standards
on Quality Control, Auditing, Review, Other assurance and related services, which states
that the IAASB’s objective is the development of a set of international standards that are
accepted worldwide. 5 Marks
10 Marks

Chapter Five
Question One: Dunde Plc

1 (a) The need for an audit arises from the division, in many companies, between ownership of
the company and the day to day running of the company. In many companies, particularly
public companies, the shareholders who are owners of the company will not normally be
involved in the actual running of the company. The company will then be run by the
directors, who are elected by shareholders at the annual general meeting of the company.

At the end of each year the directors will produce financial statements to show the results
of he company. The shareholders need confidence that these financial statements are
correct i.e. that the directors have actually told the truth regarding the company’s results.
To ensure that the financial statements are correct shareholders employ an auditor. The
job of the auditor is to check the financial statements and then report back to shareholders
whether these financial statements are correct or show a true and fair view.

By having these independent check, the shareholders will gain confidence that the
accounts are correct and therefore that there investment, in terms of money, is being
properly looked after.
5 Marks

(b) The auditor of a public company is appointed in different ways , depending on the
situation , as noted below.

244

AUDITING
 Initial appointment, new company: in a company that has just commenced trading, the
directors have the power to appoint auditors, who will hold office until the first annual
general meeting (AGM). The appointment of auditors can be made at a general meeting
by the shareholders, if they wish to do this. If the directors or the shareholders do not
appoint auditors, then the Registrar of Companies (RoC) will do so.

On-going appointments: all companies, at their AGM, appoint auditors to serve from the
end of that meeting until the next AGM. The appointment of auditors is a statutory
requirement of an AGM. If the meeting does not appoint auditors then the RoC must be
informed within seven days and he will then appoint auditors.

Appointment to fill a casual vacancy: at certain times the office of an auditor may fall
vacant through death or the resignation of the current auditor. In this situation, the
directors may appoint a new auditor whose term of office will cease at the next annual
general meeting of the company.
5 Marks

(c ) The right of an auditor under the Companies Act 1984 are as follows.
i. To receive information and explanations from directors and officers of the company.
ii. Access the company’s books and records at all times.
iii. To receive notice of all general meetings of the company as if he were a member of the
company.
iv. To attend and to be heard at general meetings of the company concerning matters
affecting him as auditor or former auditor.
v. Where the company is attempting to remove the auditor, to make written representations
to the members, and to attend and speak at the meeting where he is being removed and
the meeting where his term of office would otherwise have expired if he was previously
removed..
vi. Where the auditor resigns, to make written representations to members of the company,
and to require the directors to convene an extra-ordinary general meeting to consider the
circumstances of his resignation.
5 Marks

(d) The responsibilities of directors with regard to the preparation of financial statements are
as follows:
i. To ensure that the company keeps proper accounting records which will form the basis
for the financial statements.
ii. To safeguard the company’s assets and prevent fraud and errors in the company.
iii. To prepare annual financial statements to show the results of the company for the year
and the state of affairs of the company at the balance sheet date.
iv. To deliver to the RoC a copy of the company’s financial statements. 5
Marks
Total 20 Marks

245

AUDITING
Chapter Six
Question One

(a) Loan to Audit Client of K1 million

Any loan of any amount to a client is most irregular. A loan of this magnitude to a client can only
destroy, in the eyes of third parties, the appearance of independence and objectivity of the auditor.
It would be very difficult for the auditor to maintain his stance of disinterestedness when such a
relationship exists. Such a client relationship could lead to censure by the disciplinary committee
of the regulatory body.

(b) Matrimonial relationship with audit client

Statement GI on independence points out that the accountant in public practice should avoid any
engagement where he cannot act or perceived to act with total freedom. Independence, like
justice, must not only exists but must also be seen to exist. As the client is a public limited
company, the social responsibility of the auditor is much greater. It must be wise therefore, for
the firm to resign as auditors rather than be vulnerable to adverse comments by remaining in
office.

( c) significant fee income

It is recommended that no one audit client should contribute more than 15% of gross recurring
fees. It would obviously be a significant loss of income if the firm resigned from their
appointment (ignoring the question of personal relationship in b). this guideline is very difficult to
follow. Many audit firms in the present economic climate may prefer to keep the client but
introduce improved reviewing procedures to ensure true independence.

(d) Acting for a direct competitor

This may well produce a conflict of interests if an auditor learns something from one party or
client which would be to the benefit of the other client. The auditor must ensure that his clients’
confidences must be preserved. An auditor faced with this situation may well chose to resign
from one or the other of the appointments.
5 Marks each = 20 Marks

Chapter Seven
Question One

a) It is important for the auditor to obtain an understanding of the entity and its environment
so as to:
 To identify and assess the risk of material misstatements in the financial statements
arising from its characteristics 2 Marks
 To enable the auditor to design and perform further audit procedures so as to arrive at
reasonable conclusions on the entity 2 Marks
 To provide a frame of reference for exercising audit judgment, for example , when setting
audit materiality, and when carrying subsequent reviews of the audit work
2 Marks
6 Marks
b) The following are some of the matters the auditor may consider when understanding the
client’s business:

246

AUDITING
 Business operations of the entity:
This information may be gathered through briefing meeting and discussion with
management 2 Marks

Objectives and strategies and relating business risk:

This information can also be gathered through briefing meeting and discussion with
management as well as through the client’s documentation 2 Marks

Industry, regulatory and other external factors:

This information can be gathered from industrial regulatory and other authoritative
documentation, stock markets and financial literature. 2 Marks

Geographic dispersion and industry segmentation:

This information may be gathered through briefing meeting and discussion with
management and analysis or visitation of some of the segments 2 Marks

A general overview of the client’s systems Internal controls:

This information may be obtained through analysis of the client’s documentation and
enquiries from management. 2 Marks
10 Marks
16 Marks

Chapter Eight
Question One

a) The following are some of the benefits derived from planning an audit, audit plnning:
 Help the auditor devote appropriate attention to important areas of the audit.
 Help the auditor identify and resolve potential problems on a timely basis.
 Help the auditor properly organise and manage the audit so it is performed in an
effective manner.
 Assist in the selection of appropriate team members and assignment of work to them.
 Facilitate the direction, supervision and review of work.

b) Audit planning involves the following steps:

 Auditors must ensure that ethical requirements are met, including independence.

 Auditors must ensure the terms of the engagement are understood.

 Auditors must establish the overall audit strategy that sets the scope, timing and
direction of the audit and guides the development of the audit plan

 Finally auditors develop audit plan that includes the nature, timing and extent of
planned risk assessment procedures and further audit procedures.
4 Marks

c) Materiality is the relative significance of a matter in financial statements. The

significance can be due to its nature, size or impact. 1 Mark

247

AUDITING
 d) The following are some of the sampling selection methods:

Simple random
All items in the population are given or have a number. Numbers are selected by making
use of random number tables.

Stratified method
This means dividing the population into sub populations and is useful when parts of the
population have higher than normal risk e.g.; high value items like overseas debtors,
some items may be 100% checked and the remainder are sampled.

Cluster sampling
This method involves selection of a group or bunches randomly and then examines all the
items in the group chosen, e.g.; sales invoices for the month of June.

Judgemental sampling
Judgemental sampling is the selection of a sample of appropriate size on the basis of the
auditor’s judgement of what is desirable. It is also called non-statistical sampling
8 Marks.
18 Marks

Chapter Nine
Question One

a) Internal control is a process, system or procedure designed and implemented by board,

management or other personnel with the aim of directing the organization towards
achieving its objectives in the following categories: 3 Marks

b) A system of internal controls is composed of the following interrelated components:

 Control environment, such as the organizational culture and structure.
 Risk assessment, which includes organizational risk appraisal and risk management
processes
 Control activities, these are actual control procedure such as authorization of
transactions, segregation of duties etc
 Information and communication including the IT systems
 Monitoring, this ensures the integrity and effectiveness of the controls such as the
internal audit function. 5 Marks

The following are some of the limitations of internal controls:

 Cost v benefit. The cost of establishing a system of internal control may be greater
than the benefits.
 Human error. For example, one person makes out an invoice using the wrong selling
price and another one checks it and doesn’t see the error, this is always a possibility
even in the best regulated circumstances.
 Collusion. Where two or more cooperate to get around the internal control system,
the collusion might be to carry out a fraud or it might be to cover up some error that
was made.
 Non-routine transactions. These are transactions that are so rare that no system of
internal control has been devised. 4 Marks

248

AUDITING
 12 Marks

Chapter Ten
Question One

(a) Some of the control objectives, the control procedures expected in Lifuwu Manufacturers
Ltd sales and receivables system, and the auditor’s tests to evaluate their effectiveness
can be summarized in the table below:

Control Objective Control Procedures Audit Tests of controls

Acceptance of To ensure; Segregation of duties between Check that references are obtained for all
orders Orders are recorded ordering, credit control and new customers.
correctly. invoicing.
Check authorization of new accounts and
Customer orders are Authorization of credit terms and their credit limits.
promptly authorized. changes to customer data.
Check that customer orders are being
Goods are supplied to Sequentially numbering of order matched with dispatch notes.
customers with good credit documents.
ratings. Test-check their number sequence and
Matching orders with dispatch enquire into missing numbers.
Orders are fulfilled notes.

Any two = 1 Mark Any two = 1 Mark Any two = 2 Marks

Dispatch and To ensure that; Authorization of dispatch of goods. Verify sales with invoices, checking
invoicing All dispatches of goods are quantities, prices, discounts and entries into
recorded. Examination and recording of the sales day book.
goods outward.
All goods/services sold are Check stock records updates with dispatches.
correctly invoiced. Agreement of orders, invoices and
dispatch notes. Verify credit notes for correspondence,
Invoices raised relate to approval and entries into returns inwards day
goods really supplied. Sequentially pre-numbering of book.
dispatch notes and delivery notes.
Test-check numerical sequence of the
Issuance of credit notes for good documents such as invoices and enquire into
returned. any missing numbers

Any two = 1 Mark Any two = 1 Mark Any two = 2 Mark

Maintenance of To ensure that: Segregation of duties between Check entries of invoice details into sales day
accounting All sales have been dispatch and maintenance of books, casting and posting to the sales ledger.
records invoiced and properly customer record.
recorded. Check entries into the ledger, additions and
Recording on invoices sequence balances.
All credit notes issued are and control over blank and spoilt
recorded. copies. Note and enquire into any contra-entries with
purchase ledger.
Cut-off procedures are Matching of cash/cheques receipts
applied correctly to the with invoices. Check whether control accounts are
sales ledger maintained and regularly reconciled with the
Recording of returns, discounts and ledger.
price adjustments.
Check whether credit limits have not been
Regular preparation of debtors exceeded.
statements and reminders
Check that debtors reviews, statements and
Review and follow up on overdue reminders are sent out regularly and overdue
accounts. Authorisation of write- accounts are followed up
off of bad debts.
Check authorization of bad debts written off
Maintenance and reconciliation of and treatment of subsequently recovered bad
sales ledger and control accounts. debts previously written off

Any two = 1 Mark Any two = 1 Mark Any two = 2 Mark

249

AUDITING
 (b) the following are some of the audit procedures that can be carried by auditors to assess the
validity and accuracy of year-end sales and receivable balance:

i. Compile or obtain a list of debtors outstanding at the year end to support the total debtors
figure in the balance sheet. 1 Mark
ii. Confirm the totals in the individual debtors ledgers with control accounts balances.
1 Mark
iii. Follow up with management with any unusual items, for example; contra entries against
the purchases ledger, irregular accounts etc. 1 Mark
iv. Carry out a debtors age analysis and enquire into any long outstanding balances.
1 Mark
v. Check bad debts written off during the year for reasons, correspondence and
authorization for write-off of debts considered irrecoverable. 1 Mark
vi. Check adequacy of provisions for doubtful debts in light of subsequent bad debts for
previous estimates or provisions. 1 Mark
Any four = 4 Marks

(c) the increase in demand has put pressure on Lifuwu Manufacturers Ltd. This increases the
risk of material misstatements because of the increase in volume. There is also a chance
of certain employees taking an advantage to involve themselves in fraudulent sales.
1 Mark

We are also told in the scenario that the company experienced stock-outs and lost out on
sales. It has also transpired that certain goods were dispatched directly from the
manufacturing plant without proper records or being sent through the warehouse. This
means that some sales will not be properly accounted for and will be misstated.
1 Mark

If the company has spare capacity, it should temporally increase production of its goods,
while also maintaining effective controls over acceptance of orders, dispatch of goods
and invoicing them. 2 Marks
4 Marks
(TOTAL : 20 MARKS)
Chapter Eleven
Question One

a) Documentation of audit evidence in working papers is important in that:

 It provides evidence of the auditor’s basis for a conclusion about the achievement
of the overall objective.
 It provides evidence that the audit was planned and performed in accordance with
ISAs and other legal and regulatory requirements.
 It assists the engagement team to plan and perform the audit.
 It assists team members responsible for supervision to direct, supervise and
review audit work 8 Marks

b) The following are some of the information that should be retained in the audit permanent file:

250

AUDITING
  New client questionnaire, this contains basic and crucial information about the client to which
reference can be made from time to time.
 The memorandum of association and Articles of association, which contain regulations
governing the running of the company and its interaction with outsiders
 Other legal documents such as prospectuses, leases, sales agreement, because these
will help the auditor understand the terms of such agreements
 Details of the history of the client’s business, helps in the analysis of shifts and trends in
the performance and financial position of the entity. 8 Marks

c) Using standardized working papers pause the following challenges:

 It may be inappropriate to follow set procedures for a particular client. 1 Mark
 Adopting a standard approach may stifle initiative and discourage the exercise of
professional judgement 1 Mark
 If audit staff adopt a ‘mechanical’ approach to completing the working papers and
the audit tests this may lead to a lack of appreciation of test objectives and may
lead to staff failing to appreciate the implications of errors and deviations found.
2 Marks
4 Marks
20 Marks

Chapter Twelve
Question One

(a) A receivables’ circularization is a direct confirmation of balances from account holders

themselves. It is an important source of evidence because it provides a direct external
evidence about debtors existence. It also confirms the right of the client to receive
payment and the debtors’ obligation to make such transfers at some point in the future.
Using the results of the circularization the auditor can also confirm the effectiveness of
the internal controls by counter-checking internal records against third parties. It would
also reveal evidence of items in dispute. 4 Marks

(b) A circularization may be positive, where the auditor requires the debtors to respond
whether they agree with the balances or not, or negative where the auditors requires
debtors to respond only where they don’t agree with the balance indicated. In a positive
circularization an auditor obtains reliable evidence from the responses of all balances
circularized. Follow ups can be made for any non-response. A negative circularization is
more suitable where the auditor has assessed the clients controls as reliable, and where
there are a large number of small account balances.

In some circumstances such as where there is a small number of large balances and a
large number of small account balances, a combination of both can be used in the same
audit. 4 Marks

(c) The auditor has the right to obtain information on the client he deems necessary to form
his conclusions. Management refusal to allow the auditor to obtain direct confirmation
from debtors on their balances constitutes a limitation of scope on audit work. The
auditor should discuss with management and explain to them the importance of a direct

251

AUDITING
 confirmation to his work. If they insist the auditor should consider the materiality of the
receivables and their risk of misstatement and the reliability of other evidence obtained
using alternative procedures. If doubtful the auditor should qualify his report to the extent
of their materiality. 4 Marks

(d) Possible causes of disputes or disagreement with the account balances could be due to the
following reasons:
Some items could be in transit such as posted cheque payments that have not yet received
by the Takondwa Traders. 1 Mark
The disputes may also be due to disagreements on certain invoice values, may be arising
from unsuitable or damaged goods invoiced at normal price. 1 Mark
There could be errors in Takondwa Traders books or their debtors accounts.
1 Mark
There could be contra entries for debtors who also happen to be creditors by one party
which reciprocated by the other. 1 Mark
4 Marks

(e) When selecting which account balances to circularize, particular attention should be paid
to the following:
Consider all long outstanding accounts such as those that are more than two months
which are amounting to K1,328,800. A substantial number of these them might be facing
difficulties to pay and may end up as irrecoverable. 1 Mark
Accounts written off during the period under review should also not be overlooked to
confirm reasons and whether they indeed could not manage to pay up. 1 Mark
The accounts selected should also include all the three accounts with credit balances, or
those with zero balances because they are unusual and the auditor would want to confirm
reasons why they are such as contra entries. It may also be indicative of window dressing.
1 Mark
Accounts whose balances are large or individually material such all the ten debtors above
K50,000 each because if any or a number of such accounts did not exist then it would
represents a significant misstatement. 1 Mark
Accounts settled by round sum payments should also be considered because they may be
indicative of the debtors liquidity problems. 1 Mark
Any four = 4 Marks
(TOTAL: 20 MARKS)

Chapter Thirteen
Question One

(a)(i) The following are some of the effects of computerizing an accounting system of the
client:
 Computers are able to process large volumes of work at much faster speed than manual
systems. 1 Mark
 They are also likely to have less processing errors or more accurate, except errors that
occur in input data. 1 Mark

252

AUDITING
  Large volumes of information are stored in the computer memory, greatly reducing office
paperwork, except where printouts are necessary. 1 Mark
 Off-the-shelf or tailor made specialized packages or programs can also be used to
perform specific tasks in addition to the general packages. 1 Mark
4 Marks

(ii) Computerising the accounting systems of the clients can also have the following effects
on the auditor’s work:
 The reduction in paperwork leads to easy loss of audit trail because of integration of
several processes and that information storage is done in invisible media unless printouts
are made. 1 Mark
 Consideration as to whether to audit around the computer or audit through the computer
such as through use of computer assisted audit techniques (CAATs) depending on the
complexity of the computerisation. 1 Mark
 Automated working papers can be developed to make the documentation of audit work
easier. 1 Mark
 Auditors can use software packages to perform audit functions such as analytical
procedures, or drawing statistical samples on which to perform their audit tests.
1 Mark
 Computers can also be used by auditors as a decision support system, for example,
through automation of checklists, materiality estimations etc. 1 Mark
Any four = 4 Marks

(b)(i) Audit software is the software administered on the client systems to perform checks to
client data similar to what would have been done manually. These include; interrogation
software, used for carrying out analytical reviews, age analysis of debtors and other
accounts, checking calculations, confirming completeness and other procedures auditors
would have been doing by hand in a manual system, embedded audit facility embedded in
the client’s computerized systems over the entire accounting period to allow continuous
review of the data recorded and the manner in which it is treated by the systems.
3 Marks

(ii) Test data is dummy data used by the auditor to test whether the client’s system processes
data as it should. The auditor uses both valid data to check that the system produces
required documentation and automatically updates the accounting records, and invalid
data to check on controls that prevent processing of data that is wrong (for example,
giving it information that breaches the credit limits to any customer, or negative sales
figures etc, to see whether it rejects them). By comparing outputs after processing of the
test data with predetermined expected results, the auditor can assess the extent to which
the necessary controls exist. 3 Marks

(c) Two manual controls over a computerized system include:

i. Protection of equipment from physical damage arising from different disasters.

1 Mark

253

AUDITING
 ii. Restriction of physical access to computers to only authorized users by placing them in a
secure site or under locked room when not in use. 1 Mark

Two automated controls over a computerized system include:

i. Use of passwords and systems log protection for authorized users only. 1 Mark
ii. Record maintenance of program changes 1 Mark
4 Marks

(d) Data base is a single collection of structured data stored to ensure minimum duplication
and provide a consistent and controlled pool of data. A data base management system is a
software system which constructs and maintain the data base by amongst other things;
adding new records or deleting dead records and providing interface with different users
or user programs while maintaining the data integrity. 2 Marks
(TOTAL : 20 MARKS)

Chapter Fourteen
Question One

i) A Contingent Liability, according IAS 37, is a possible obligation arising from past
events whose existence would be confirmed only by occurrence or non-occurrence of
an uncertain future event not wholly within the entity’s control. 3
Marks

(ii) The auditor would carry out the following audit procedures to confirm the adequacy of
disclosure of contingent liabilities and their related provisions in the financial statements
of an entity;
 Make appropriate enquiries and obtain confirmations from management. 1 Mark
 Obtain any other information regarding the entity’s business that may lead to
contingencies or provisions including obtaining experts’ opinion such as legal opinions
on lawsuits. 1 Mark
 Check whether appropriate disclosures and descriptions and recognition have been
carried out by management. 1 Mark
 For directly indentified litigation or where the auditor reasonably believes they exist, he
should seek direct confirmation from lawyers 1 Mark
 Assess for each whether there is a present obligation as a result of past events and review
correspondences to that effect and discuss with management. 1 Mark
5 Marks

(iii) ISA510 requires auditors to obtain sufficient appropriate evidence that;

 Opening balances do not contain misstatements that may materially affect current period
financial statements.
 The prior period’s closing balances have been duly brought forward as current periods
opening balances.
 Appropriate accounting policies have been consistently applied, and that any changes to
policies were reasonable and have been properly accounted for and adequately disclosed.

254

AUDITING
 3 Marks

ISA560 places the responsibility on auditors is to design and perform audit procedures to
obtain sufficient appropriate audit evidence that all events up to the auditors’ report that
may require adjustments or disclosures in the financial statements have been identified
and appropriate adjustments made by management.

If such events occur and management does not make appropriate adjustments where the
auditor believes they need to, the auditor should consider the impact on financial
statements and report to the extent of their materiality. 3 Marks
(TOTAL: 14 MARKS)

Chapter Fifteen
Question One

a) According to ISA 705, modified reports arise when auditors do not believe that
they can state without reservation that financial statements give a true and fair
view, to issue unmodified report.

There are two general types of modified reports:

3. Matters that do not affect the auditor’s opinion: emphasis of matter
4. Matters that do affect the auditor’s opinion:
o Qualified opinion (Same as Except for opinion)
o Adverse opinion
o Disclaimer of opinion
5 Marks

b(i) Firstly, the auditor does not give an entity’s financial statements a true and fair view as
implied by the candidate. Rather, the auditor assess and states whether financial
statements of an entity give (or reflect) a true and fair view of the entity’s state of affairs.

Secondly, a qualified audit report, according to ISA 701 Modifications to the Independent
Auditors’ Reports, is a report where the audit expresses some misgivings on material but
not pervasive matters relating to either disagreements with the they have been presented
or uncertainty due to limitation of auditor’s scope over those matters. For example, in his
opinion paragraph the auditor might state: except for the overstatement of closing
inventory….. financial statements give a true and fair view…... or, except for any
misstatement that might occur in closing inventory…. financial statements give a true
and fair view………. 3 Marks

(ii) A disclaimer of opinion, according to ISA 701, is a type of a modification where the
auditor’s uncertainty due to limitation of scope is on matters so pervasive or fundamental
to the audit work that the auditor believes cannot reach any reasonable conclusion on
financial statement, while an emphasis of matter is a type of modification where the
auditor believes he ought to bring certain matters of uncertainty to the attention of users,
but such matters do not affect the auditors opinion on current financial statements. Such
matters are highlighted in a separate paragraph after the opinion paragraph. 4 Marks

255

AUDITING
 (TOTAL: 12 MARKS)

256

AUDITING
AUDITING
AUDITING
AUDITING
AUDITING
 AUDITING (TC7)
Technician Diploma in Accounting

THE INSTITUTE OF
CHARTERED ACCOUNTANTS
IN MALAWI

Institute of Chartered Accountants in Malawi

Stansfield House
Haile Selassie Road
P.O. Box 1
Blantyre

Tel: 01 820 301/318/423 Fax: 01 822 354

Email: icam@icam.mw Website: www.icam.mw
AUDITING