CHAPTER ONE

An overview of Auditing
1.1 Introduction to auditing
The practice of auditing existed even in the Vedic period. Historical records show that
Egyptians, Greeks and Roman used to get this public account scrutinized by and
independent official. Kautaly in his book “arthshastra” has stated that “all undertakings
depend on finance; hence foremost attention should be paid to the treasury”.
Meaning of Audit:
The word audit is derived from the Latin word “AUDIRE” which means to hear. Initially
auditor was a person appointed by the owners to check account whenever the suspected
fraud, he was to hear explanation given by the person responsible for financial
transactions. Emergence of joint stock companies changed the approach of auditing as
ownership was pestered from management. The emphasis now is clearly on the
verification of accounting date with a view on the reliability of accounting statement.
Scope of Audit
The scope of audit is increasing with the increase in the complexities of the business. It is
said that long range objectives of an audit should be to serve as a guide to the
management future decisions.
Today most of the economic activities are largely conducted through public finance. The
auditor has to see whether these larger funds are properly used. The scope of audit
encompasses verification of accounts with a intention of giving opinion on its reliability.
Hence it covers cost audit, management audit, social audit etc. It should be remembered
that an auditor just expressed his opinion on the authenticity of the account. He has no
power to take action against anybody, in this regard it said that “an auditor is a watch dog
but not a blood hound”.
Definition Audit
The term auditing has been defined by different authorities.
a) Spicer and Peglar define auditing as “An examination of the books, accounts and
vouchers of a business’s shall enable the auditor to satisfy himself whether or not
the balance sheet is properly drawn up so as to exhibit a true and correct view of

AMJU CBE
ACFN
15
 the state of affairs of the business according to his best of the information given to
him and as shown by the book.
b) Mautz: defines auditing as being “Concerned with the verification of accounting
data with determining the accuracy and reliability of accounting statements and
reports.”
c) Prof. L.R.Dicksee. "Auditing is an examination of accounting records undertaken
with a view to establish whether they correctly and completely reflect the
transactions to which they relate.
d) Auditing is the accumulation and evaluation of evidences about information to
determine and report on the degree of correspondence between the information
and established criteria. Auditing should be done by a competent, independent
person. (Arens & Loebbecke, 14the ed.).
The definitions include several key words and phrases. For ease of understanding,
we’ll discuss the terms in a different order than they occur in the last description
auditing.
Information and Established Criteria
To do an audit, there must be information in a verifiable form and some standards
(criteria) by which the auditor can evaluate the information. Information can and does
take many forms. Auditors routinely perform audits of quantifiable information,
including companies’ financial statements and individuals’ federal income tax returns.
Auditors also audit more subjective information, such as the effectiveness of computer
systems and the efficiency of manufacturing operations.

The criteria for evaluating information also vary depending on the information being
audited. In the audit of historical financial statements by CPA firms, the criteria may be
U.S. generally accepted accounting principles (GAAP) or International Financial
Reporting Standards (IFRS). This means that in an audit of
Boeing’s financial statements, the CPA firm will determine whether Boeing’s financial
statements have been prepared in accordance with GAAP. For an audit of internal control
over financial reporting, the criteria will be a recognized framework for establishing
internal control, such as Internal Control—Integrated Framework issued by the

AMJU CBE
ACFN
15
Committee of Sponsoring Organizations of the Treadway Commission (widely known as
COSO).
For the audit of tax returns by the Internal Revenue Service (IRS), the criteria are found
in the Internal Revenue Code. In an IRS audit of Boeing’s corporate tax return, the
internal revenue agent uses the Internal Revenue Code as the criteria for correctness,
rather than GAAP.
For more subjective information, it is more difficult to establish criteria. Typically,
auditors and the entities being audited agree on the criteria well before the audit starts.
For example, in an audit of the effectiveness of specific aspects of computer operations,
the criteria might include the allowable level of input or output errors.

Accumulating and Evaluating Evidence

Evidence is any information used by the auditor to determine whether the information
being audited is stated in accordance with the established criteria. Evidence takes many
different forms, including:
 Electronic and documentary data about transactions
 Written and electronic communication with outsiders
 Observations by the auditor
 Oral testimony of the auditee (client)
To satisfy the purpose of the audit, auditors must obtain a sufficient quality and volume
of evidence. Auditors must determine the types and amount of evidence necessary and
evaluate whether the information corresponds to the established criteria. This is a critical
part of every audit and the primary subject of this course.
Competent, Independent Person
The auditor must be qualified to understand the criteria used and must be competent to
know the types and amount of evidence to accumulate to reach the proper conclusion
after examining the evidence. The auditor must also have an independent mental attitude.
The competence of those performing the audit is of little value if they are biased in the
accumulation and evaluation of evidence.
Auditors strive to maintain a high level of independence to keep the confidence of users
relying on their reports. Auditors reporting on company financial statements are often

AMJU CBE
ACFN
15
called independent auditors. Even though such auditors are paid fees by the company,
they are normally sufficiently independent to conduct audits that can be relied on by
users. Even internal auditors, those employed by the companies they audit usually report
directly to top management and the board of directors, keeping the auditors independent
of the operating units they audit.
Reporting/ Communicating
The final stage in the auditing process is preparing the audit report, which
communicates the auditor’s findings to users. Reports differ in nature, but all must inform
readers of the degree of correspondence between the information audited and
established criteria. Reports also differ in form and can vary from the highly technical
type usually associated with financial statement audits to a simple oral report in the case
of an operational audit of a small department’s effectiveness.
The key parts in the description of auditing are illustrated in Figure 1-1 using an IRS
agent’s audit of an individual’s tax return as an example. To determine whether the tax
return was prepared in a manner consistent with the requirements of the federal Internal
Revenue Code, the agent examines supporting records provided by the taxpayer and from
other sources, such as the taxpayer’s employer.

AMJU CBE
ACFN
15
After completing the audit, the internal revenue agent issues a report to the taxpayer
assessing additional taxes, advising that a refund is due, or stating that there is no change
in the status of the tax return.
Objectives of Auditing
Auditors are basically concerned with verifying whether the account exhibit true and fair
view of the business. The objectives of auditing depend upon the purpose of his
appointment.
Primary Objective
The primary objective of an auditor is to respect to the owners of his business expressing
his opinion whether account exhibits true and fair view of the state of affairs of the
business. It should be remembered that in case of a company, he reports to the
shareholders who are the owners of the company and not tot the director. The auditor is
also concerned with verifying how far the accounting system is successful in correctly
recording transactions. He had to see whether accounts are prepared in accordance with
recognized accounting policies and practices and as per statutory requirements.
Secondary Objective:
The following objectives are incidental to the main objective of auditing.
1. Detection and prevention of errors: errors are mistakes committed unintentionally
because of ignorance, carelessness. Errors are of many types:
a. Errors of Omission: These are the errors which arise on account of transaction
into being recorded in the books of accounts either wholly partially. If a
transaction has been totally omitted it will not affect trial balance and hence it is
more difficult to detect. On the other hand if a transaction is partially recorded, the
trial balance will not agree and hence it can be easily detected.
b. Errors of Commission: When incorrect entries are made in the books of accounts
either wholly, partially such errors are known as errors of commission. Eg: wrong
entries, wrong Calculations, postings, carry forwards etc such errors can be located
while verifying.
c. Compensating Errors: when two/more mistakes are committed which counter
balances each other. Such an error is known as a Compensating Error. Eg: if the

AMJU CBE
ACFN
15
 amount is wrongly debited by Rs 100 less and Wrongly Credited by Rs 100 such a
mistake is known as compensating error.
d. Error of Principle: These are the errors committed by not properly following the
accounting principles. These arise mainly due to the lack of knowledge of
accounting. Eg: Revenue expenditure may be treated as Capital Expenditure.
e. Clerical Errors; A clerical error is one which arises on account of ignorance,
carelessness, negligence etc.
Location of Errors: It is not the duty of the auditor to identify the errors but in the
process of verifying accounts, he may discover the errors in the accounts. The auditor
should follow the following procedure in this regard.
i. Check the trial balance.
ii. Compare list of debtors and creditors with the trial balance.
iii. Compare the names of account appearing in the ledger with the names of
accounting in the trial balance.
iv. Check the totals and balances of all accounts and see that they have been
properly shown in the trial balance.
v. Check the posting of entries from various books into ledger.
2. Deduction and Prevention of Fraud: A fraud is an Error committed intentionally to
deceive/ to mislead/ to conceal the truth/ the material fact. Frauds may be of 3 types.
a) Misappropriation of Cash: This is one of the majored frauds in any organization
it normally occurs in the cash department. This kind of fraud is either by showing
more payments/ less receipt.
The cashier may show more expenses than what is actually incurred and misuse
the extra cash. Eg: showing wages to dummy workers. Cash can also be
misappropriated by showing less receipts Eg: not recording cash sales. Not
allowing discounts to customers. The cashier may also misappropriate the cash
when it is received. Cash received from 1st customer is misused when the 2nd
customer pays it is transferred to the 1st customer’s account. When the 3rd
customer pays it goes forever. Such a fraud is known as “Teaming and Lading”.
To prevent such frauds the auditor must check in detail all books and documents,
vouchers, invoices etc.
AMJU CBE
ACFN
15
 b) Misappropriation of Goods: here records may be made for the goods not
purchased not issued to production department; goods may be used for personal
purpose. Such a fraud can be deducted by checking stock records and physical
verification of goods.
c) Manipulation of Accounts: this is finalizing accounts with the intention of
misleading others. This is also known as “WINDOWS DRESSING”. It is very
difficult to locate because it’s usually committed by higher level management
such as directors. The objective of WD may be to evade tax, to borrow money
from bank, to increase the share price etc. to conclude it can be said that, it is not
the main objective of the auditor to discover frauds and irregularities. He is not an
insurance against frauds and errors. But if he finds anything of a suspicious
nature, he should probe it to the full.
1.2 Economic Need for an audit

Most often, economic resources are entrusted to the organization by groups or

individuals outside it; frequently these outsiders are quite remote from internal
operations. Thus, organizations must issue stewardship reports on the allocation resource
administration: Source, quantity, allocation, accumulation, depreciation, and depletion.
There by, accuracy of the report is determined (proven) by an audit work.
To illustrate the need for auditing, consider the decision of a bank officer in making a
loan to a business. This decision will be based on such factors as previous financial
relationships with the business and the financial condition of the business as reflected by
its financial statements. If the bank makes the loan, it will charge a rate of interest
determined primarily by three factors:
1. Risk-free interest rate. This is approximately the rate the bank could earn by
investing in U.S. treasury notes (የመንግስት ግምጃ ቤት ሰነድ) for the same length of time
as the business loan.
2. Business risk for the customer. This risk reflects the possibility that the business
will not be able to repay its loan because of economic or business conditions, such as
a recession, poor management decisions, or unexpected competition in the industry.

AMJU CBE
ACFN
15
3. Information risk. Information risk reflects the possibility that the information
upon which the business risk decision was made was inaccurate. A likely cause of
the information risk is the possibility of inaccurate financial statements.

Auditing has no effect on either the risk-free interest rate or business risk, but it can
have a significant effect on information risk. If the bank officer is satisfied that, there is
minimal information risk because a borrower’s financial statements are audited, the
bank’s risk is substantially reduced and the overall interest rate to the borrower can be
reduced. The reduction of information risk can have a significant effect on the borrower’s
ability to obtain capital at a reasonable cost. For example, assume a large company has
total interest-bearing debt of approximately $10 billion. If the interest rate on that debt is
reduced by only 1 percent, the annual savings in interest is $100 million.
Causes of Information Risk

As society becomes more complex, decision makers are more likely to receive unreliable
information. There are several reasons for this: remoteness of information, biases and
motives of the provider, voluminous data, and the existence of complex exchange
transactions.
Remoteness of Information: In a global economy, it is nearly impossible for a decision
maker to have much firsthand knowledge about the organization with which they do
business. Information provided by others must be relied upon, when information is
obtained from others, the likelihood of it being intentionally or unintentionally misstated
increases.
Biases and Motives of the Provider: If information is provided by someone whose
goals are inconsistent with those of the decision maker, the information may be biased in
favor of the provider. The reason can be honest optimism about future events or an
intentional emphasis designed to influence users. In either case, the result is a
misstatement of information. For example, when a borrower provides financial
statements to a lender, there is considerable likelihood that the borrower will bias the
statements to increase the chance of obtaining a loan. The misstatement could be
incorrect dollar amounts or inadequate or incomplete disclosures of information.

AMJU CBE
ACFN
15
Voluminous Data: As organizations become larger, so does the volume of their
exchange transactions. This increases the likelihood that improperly recorded information
is included in the records perhaps buried in a large amount of other information.
For example, if a large government agency overpays a vendor’s invoice by $2,000, it is
unlikely to be uncovered unless the agency has instituted reasonably complex procedures
to find this type of misstatement. If many minor misstatements remain undiscovered, the
combined total can be significant.
Complex Exchange Transactions: In the past few decades, exchange transactions
between organizations have become increasingly complex and therefore more difficult to
record properly. For example, the correct accounting treatment of the acquisition of one
entity by another poses relatively difficult accounting problems. Other examples include
properly combining and disclosing the results of operations of subsidiaries in different
industries and properly disclosing derivative financial instruments.
Reducing Information Risk

After comparing costs and benefits, business managers and financial statement users may
conclude that the best way to deal with information risk is simply to have it remain
reasonably high. A small company may find it less expensive to pay higher interest costs
than to increase the costs of reducing information risk.
For larger businesses, it is usually practical to incur costs to reduce information risk.
There are three main ways to do so.
User Verifies Information: The user may go to the business premises to examine
records and obtain information about the reliability of the statements. Normally, this is
impractical because of cost. In addition, it is economically inefficient for all users to
verify the information individually. Nevertheless, some users perform their own
verification. For example, the IRS (in Ethiopia ERCA) does considerable verification of
business and individual tax returns to determine whether the tax returns filed reflect the
actual tax due the federal government. Similarly, if a business intends to purchase another
business, it is common for the purchaser to use a special audit team to independently
verify and evaluate key information of the prospective business.
User Shares Information Risk with Management: There is considerable legal
precedent indicating that management is responsible for providing reliable information to
AMJU CBE
ACFN
15
users. If users rely on inaccurate financial statements and as a result incur a financial loss,
they may have a basis for a lawsuit against management. A difficulty with sharing
information risk with management is that users may not be able to collect on losses. If a
company is unable to repay a loan because of bankruptcy, it is unlikely that management
will have sufficient funds to repay users.
Audited Financial Statements Are Provided: The most common way for users to
obtain reliable information is to have an independent audit. Typically, management of a
private company or the audit committee for a public company engages the auditor to
provide assurances to users that the financial statements are reliable.
External users such as, stockholders and lenders who rely on those financial statements to
make business decisions look to the auditor’s report as an indication of the statements’
reliability. Decision makers can then use the audited information on the assumption that it
is reasonably complete, accurate, and unbiased. They value the auditor’s assurance
because of the auditor’s independence from the client and knowledge of financial
statement reporting matters.
1.3 Distinction between Accounting and Auditing
Many financial statement users and the general public confuse auditing with accounting.
The confusion results because most auditing is usually concerned with accounting
information, and many auditors have considerable expertise in accounting matters. The
confusion is increased by giving the title “certified public accountant” to many
individuals who perform audits.

Accounting Auditing
1. It’s a continuous process carried out 1. It’s a onetime activity after the closure of
throughout the year. accounting year.
2. No prescribed qualification is required to 2. He must be the member of Institute of
be an accountant. Chartered Accountants of India to become an
auditor.
3. An accountant is a employee of the 3. An auditor is an independent professional.
company.
4. An accountant gets regular salary for his 4. He gets remuneration for his professional
work. work. Audit fees.
5. Accounting is concerned with recording of 5. Its concerned with verification of accounts
business transactions systematically. prepared by the accountant.
6. Accounting proceeds, auditing. 6. Auditing succeeds accounting.

AMJU CBE
ACFN
15
1.4 Types of Audits & Auditors

1.4.1 Types of an audits

 Audit may be classified in various ways. It may be classified according to:
1. The primary beneficiary of the audit – Internal and external Audit.
2. The primary objectives of the audit –Financial statement audits, Compliance audits,
Operational audits and Forensic audits.
Internal Vs External Audit
 Internal Audit: it is an audit conducted by employee of an organization into any
aspect of its operation.
 It is conducted for parties (usually management) internal to the entity.
 It may be performed by personnel from an outside source (such as an accounting
firm when the service is outsourced.).
 Internal auditors work focuses on investigation and appraisal of the effectiveness
of the company operations for management.
 The Institute of Internal Auditors (IIA) defined internal auditing as follows:
 “Internal auditing is an independent, objective assurance and consulting activity
designed to add value and improve an organization's operations. It helps an
organization accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management, control,
and governance processes”.
 It is conducted in accordance with management's requirement
 The requirements that may be wide-ranging or narrowly-focused, and continuous
(ongoing) or one-off in nature.
 For example, it may be as broad as investigating the appropriateness and level of
compliance with the organization’s systems of internal control, or as narrow as
examining the entity’s policies and procedures for ensuring compliance with
health and safety regulations.
External Audit
 It is an audit performed for parties external to the auditee.
 Experts, independent of the auditee and its personnel, conduct these audits

AMJU CBE
ACFN
15
  The best known and most frequently performed external audits are statutory
audits (audits carried out because the law requires them of compliances)’ and
public sector entities financial statements (ie financial statement audits).
 Compliance audits conducted by Customs office and the Inland Revenue are also
examples of external audits.
 External audits are also described as a societal control which serves the needs of
internal and, more importantly, external financial information users. Links Ch 1\
Link 2 Ch 1 Internal Vs External Audit.docx
 External auditors conduct opinion audit
1.4.2. Types of Audits based on objective
[A] Financial Statement Audits.

A financial statement audit is conducted to determine whether the financial statements

(the information being verified) are stated in accordance with specified criteria.
Normally, the criteria are U.S. or international accounting standards, although auditors
may conduct audits of financial statements prepared using the cash basis or some other
basis of accounting appropriate for the organization. In determining whether financial
statements are fairly stated in accordance with accounting standards, the auditor gathers
evidence to determine whether the statements contain material errors or other
misstatements.
[B] Compliance Audits:
A compliance audit is conducted to determine whether the auditee is following specific
procedures, rules, or regulations set by some higher authority. Following are examples of
compliance audits for a private business.
 Determine whether accounting personnel are following the procedures prescribed
by the company controller.
 Review wage rates for compliance with minimum wage laws.
 Examine contractual agreements with bankers and other lenders to be sure the
company is complying with legal requirements.
Governmental units, such as school districts, are subject to considerable compliance
auditing because of extensive government regulation. Many private and not-for-profit

AMJU CBE
ACFN
15
organizations have prescribed policies, contractual agreements, and legal requirements
that may require compliance auditing.
Results of compliance audits are typically reported to management, rather than outside
users, because management is the primary group concerned with the extent of compliance
with prescribed procedures and regulations. Therefore, a significant portion of work of
this type is often done by auditors employed by the organizational units. When an
organization such as the IRS/ERCA wants to determine whether individuals or
organizations are complying with its requirements, the auditor is employed by the
organization issuing the requirements.
[C] Operational Audits:

An operational audit evaluates the efficiency and effectiveness of any part of an

organization’s operating procedures and methods. At the completion of an operational
audit, management normally expects recommendations for improving operations. For
example, auditors might evaluate the efficiency and accuracy of processing payroll
transactions in a newly installed computer system.
In operational auditing, the reviews are not limited to accounting. They can include the
evaluation of organizational structure, computer operations, production methods,
marketing, and any other area in which the auditor is qualified. Because of the many
different areas in which operational effectiveness can be evaluated, it is impossible to
characterize the conduct of a typical operational audit. In one organization, the auditor
might evaluate the relevancy and sufficiency of the information used by management in
making decisions to acquire new fixed assets. In a different organization, the auditor
might evaluate the efficiency of the information flow in processing sales.
It is more difficult to objectively evaluate whether the efficiency and effectiveness of
operations meets established criteria than it is for compliance and financial statement
audits. Also, establishing criteria for evaluating the information in an operational audit is
extremely subjective. In this sense, operational auditing is more like management
consulting than what is usually considered auditing.
(D). Forensic audit
The purpose of forensic audit is the detection or deterrence of a wide variety of
fraudulent activities.
AMJU CBE
ACFN
15
Some examples where a forensic audit might be conducted include:
 Business or employee fraud,
 Criminal investigation, Shareholder or partnership disputes,
 Business economic losses and Matrimonial disputes (divorce proceedings).
1.3.2 Types of Auditors
Several types of auditors are in practice today. The most common are certified public
accounting firms (external auditors), government accountability office auditors, internal
revenue agents, and internal auditors.
1. Internal Auditors
Internal auditors are employed by all types of organizations to audit for management,
much as the GAO does for Congress/parliaments. Internal auditors’ responsibilities vary
considerably, depending on the employer. Some internal audit staffs consist of only one
or two employees doing routine compliance auditing. Other internal audit staffs may have
more than 100 employees who have diverse responsibilities, including many outside the
accounting area. Many internal auditors are involved in operational auditing or have
expertise in evaluating computer systems.
To maintain independence from other business functions, the internal audit group
typically reports directly to the president, another high executive officer, or the audit
committee of the board of directors. However, internal auditors cannot be entirely
independent of the entity as long as an employer - employee relationship exists. Users
from outside the entity are unlikely to want to rely on information verified solely by
internal auditors because of their lack of independence. This lack of independence is the
major difference between internal auditors and CPA firms.
In many states, internal audit experience can be used to fulfill the experience requirement
for becoming a CPA. Many internal auditors pursue certification as a certified internal
auditor (CIA), and some internal auditors pursue both the CPA and CIA designations.
2. External Auditors (Certified Public Accountant Firms)
Certified public accounting firms are responsible for auditing the published historical
financial statements of all publicly traded companies, most other reasonably large
companies, and many smaller companies and noncommercial organizations. Because of
the widespread use of audited financial statements in the U.S. economy, as well as
AMJU CBE
ACFN
15
businesspersons’ and other users’ familiarity with these statements, it is common to use
the terms auditor and CPA firm synonymously, even though several different types of
auditors exist. The title certified public accounting firm reflects the fact that auditors who
express audit opinions on financial statements must be licensed as CPAs. CPA firms are
often called external auditors or independent auditors to distinguish them from internal
auditors.
3. Government Accountability Office Auditors
A government accountability office auditor is an auditor working for the Government
Accountability Office (GAO), a nonpartisan agency in the legislative branch of the
federal government. In Ethiopia it is named as Auditors of the Federal Auditory General
(AFAG), headed by the Auditor General, the GAO reports to and is responsible solely to
the House of Peoples’ Representatives.
The GAO’s primary responsibility is to perform the audit function for the House of
Peoples’ Representatives, and it has many of the same audit responsibilities as a CPA
firm. The GAO audits much of the financial information prepared by various federal
government agencies before it is submitted to the House of Peoples’ Representatives.
Because the authority for expenditures and receipts of governmental agencies is defined
by law, there is considerable emphasis on compliance in these audits.
It assists the House of Peoples’ Representatives in carrying out its constitutional
responsibilities regarding:
- Revenue and expenditure of public fund
- Budget related activities, (par lama)
- Financial transactions
- Special audit (like survey and investigations)
An increasing portion of the GAO’s audit efforts are devoted to evaluating the
operational efficiency and effectiveness of various federal programs. Also, because of the
immense size of many federal agencies and the similarity of their operations, the GAO
has made significant advances in developing better methods of auditing through the
widespread use of highly sophisticated statistical sampling and computer risk assessment
techniques.

AMJU CBE
ACFN
15
As a result of their great responsibility for auditing the expenditures of the federal
government, their use of advanced auditing concepts, their eligibility to be CPAs and
their opportunities for performing operational audits, GAO auditors are highly regarded
in the auditing profession. The majority of the audits conducted by government auditors
are compliance and operational audits
The Relationship between the type of Auditors and Audit types
AUDITS OF
OPERATIONAL COMPLIANCE FINANCIAL
AUDITS AUDITS STATEMENTS

PURPOSE To evaluate To determine whether To determine

whether operating the client is following whether the overall
procedures are specific procedures set financial
efficient and by higher authority statements are
effective presented in
accordance with
specified criteria
(usually GAAP)
USERS OF Management of Authority setting down Different groups for
AUDIT organization procedures, internal or different purposes
REPORT external — many outside
entities
NATURE Highly Not standardized, but Highly
nonstandard; often specific and usually standardized
subjective objective
PERFORMED
BY:

CPAs Frequently Occasionally Almost universally

GAO
AUDITORS Frequently Frequently Occasionally
IRS
AUDITORS Never Universally Never
INTERNAL
AUDITORS Frequently Frequently Frequently

AMJU CBE
ACFN
15