CHAPTER 1: AN OVER VIEW OF AUDITING

1.1. Nature and Definition of Auditing

Different persons have defined auditing in different ways.
For example, Auditing is a process of collection and evaluation of evidence for the purpose of
reporting on economic transaction. The other definition of auditing given by the Instate of
Chartered Accountants of India, in its publication titled, General Guidelines on Internal Auditing
has defined auditing as ‘’ a systematic and independent evaluation of data, statements, records,
operations and performances ( financial or otherwise) of an enterprise for stated purpose. In any
auditing situation, the auditor perceives and recognizes the propositions before him for
examination, collects evidence, evaluates the same and on this basis formulates his/her judgment
which is communicated through audit report.
As it is cited in Kanal Gupta and Arora A.(1996,p6), Arens and Loebbecke; Auditing as the
process by which a complete, independent person accumulates and evaluates evidence about
quantifiable information related to specific economic entity for the purpose of determining and
reporting on the degree of correspondence between the quantifiable information and established
criteria.
To sum up, Auditing is the process of verifying the assertions produced by accounting, as to
whether they present a true and fair view of the entity's financial position in accordance with
accounting standards and GAAP. In other words, auditing seeks to verify whether or not
financial records have been properly prepared.
1.2. Historical Evolution and Development of Auditing
The development of auditing is closely linked to the development of accounting. In the early
stage of civilization, the number of transaction was usually so small that able to record the
transactions himself. However, with the growth of civilization and consequential growth in
volume and complexity of transactions, it becomes necessary to entrust the job of recording the
transactions to other persons. The trend started with maintenance of accounts to em pires by
public officials. Almost simultaneously, a need was felt of institute a check on the fidelity of
persons responsible for maintaining the accounts. To accomplish this purpose, it became
customary to hear those who had maintained the accounts. In the course of time, such persons
came to be known as auditors, the term being derived from the Latin word ‘’audiure’’ which
means to hear.

1
The major development of auditing may be summarized as follows:
2. Auditing was conducted through a public hearing and its objective was verification of cash
receipts. It was simply a cash audit.
3. Auditing started to be conducted through examination of all the transactions of an
organization instead of hearing what the bookkeepers say the objective of auditing was to
detect errors and frauds.
4. The objective has become, starting from the first half of the 20 th century, determination of
whether the financial statements present the true and fair view of the organization.
5. Sampling technique has been introduced instead of examining each and every transaction.
6. Computer is being used to effective carry out the auditing process.
1.3. The need for Auditing
The company structure is built upon the principles of stewardship. Shareholders invest capital
into the company and hire professional managers to manage the company. The disadvantage is
that these same managers might perform fraud and errors. In public listed companies, it is very
hard for shareholders to actually check on the performance of management. That is why
accounting standards were developed. The standards prescribe the proper procedures for
financial reporting. But how do shareholders know whether or not managers have been following
these accounting standards? The answer is simple - the auditor's report will tell them the answer.
In other words, accounting standards are the law, and auditors are the law enforcers.
There are a number of advantages of auditing to the modern society. The more significant of
these are as follows.
i. A tool of control over those who handle resources belonging to others.
The first and foremost advantage of auditing is that it acts as a tool of control over those who
handle the resources belonging to others. For example, in the case of government departments,
audit seeks to ensure that the officials use the public funds properly. Whenever a person or
authority is entrusted with the resources belonging to others, it becomes necessary to exercise
suitable control over such person or authority to ensure that the resources are used properly.

The mere fact that there would be an audit of accounts acts as a check on those using the funds
and makes them cautious. Similarly, it acts as a moral check on employees, since they fear that

2
any errors or frauds would be discovered by the auditor. Thus it acts as a means of protection
against misuse of funds and reduces the possibility of errors and frauds.
ii. A tool for enhancing credibility of economic information
This is another important advantage of auditing that it enhances the credibility of economic
information. It is obvious that one would place greater reliance on statement if it had been
audited than would be the case otherwise. This is because the auditor is an independent and
objective expert who has no stake in the management of the organization under audit. Thus, the
shareholders of a company would place greater reliance on the balance sheet and the profit and
loss account of the company, if the auditor expresses the opinion that this statement presents a
true and fair view. Apart from the shareholders, other users of financial statements of an
enterprise (like tax authority, banks, creditors, investors, labor-representatives, etc) also place
greater reliance on them if they have been audited.
iii. A tool for improving economy and efficiency in the use of resources
Certain types of audit conducted specifically to review the operations and activities so that
wastages and losses can be minimized, weaknesses in the system can be identified and
overcome, and controls can be strengthened. In such audits (generally known as internal audit or
operational audit or management audit), the auditor makes recommendations for improving the
economy and efficiency with which resources are employed.
iv. A tool for certain special audit
Some types of audit are conducted for certain special purposes such as for checking income for
tax purpose, emergent audit of a company cash in box, periodic checking of a company
inventories, etc.
In summary, the contribution (need) of auditing from the view point of owners, management,
third parties like investors, creditors and employees, and the government are discussed below.
A. To owners:
 Greater reliability of financial statements
 Improvement in efficiency with consequential audit increase in profitability
 Over all check on integrity of management
B. To management:
 Improvement in management control and check integrity of employees
 Relatively easier to deal with third parties like banks, financial institution, creditors, and
insurance companies due to credibility of audited financial statements

3
 Greater reliability of tax returns
 Greater confidence of owners in management’s integrity
 Assurance about compliance with specified legal requirements
 More efficient use of resources through identification of inefficiencies leading to the
remedial action
C. To potential investors, creditors, employees, and others:
Greater reliability of financial statements as providing a data base for taking investments,
credit, and other decisions.
D. To government:
 Greater reliability of financial and cost information as basis for policy decisions like
reduction/ increase in subsidies, tax rates, etc and for price fixation
 Greater reliability of tax returns submitted by taxpayers
1.4. Types of Audits and Auditors
There are three types of audits. These are discussed below’
1. Financial statement audit: is conducted to determine whether or not financial
statements are presented in accordance with GAAP. The most common financial
statements that should be audited by the auditors are Balance sheet, Profit and loss
statement, and cash flow statement including the accompanying foot notes.
Financial statement audits are normally performed by firms of certified public
accountants and users of auditor’s report include management, investors, bankers,
creditors, financial analysts, and government agencies.
2. Operational audit: is a review of any part of an organization’s operation
procedures and method for the purpose of evaluating effectiveness and efficiency.
This type of audit examines1) the economy of administrative activities in
accordance with sound administrative principles and practices, as well as
management policies; 2) the efficiency of utilization of human, financial, and
other resources including examination of information systems, performance
measures and monitoring arrangements, and procedures followed by audited
entities for remedying identified deficiencies; and 3) the effectiveness of
performance in relation to achievement of the objectives of the audited entity and
audit of the actual impact of activities compared with the intended impact. Here,
some of the areas that should be audited are evaluation of organizational structure,

4
 computer operations, production methods, marketing, and any other areas in
which the auditor is qualified.
3. Compliance audit: the purpose of compliance audit is to determine whether the
client is following rules, procedures, regulations, and policies set down by the
management. Such type of audit includes the process prescribed by a company
controller, reviewing wage, bonus, and dividend rates, and examining contractual
agreements.
Like that of audits there are also three types of auditors.
1. Independent (External) auditors: these are the auditors’ of private audit firm. The audit
firm will sign audit contract in order to examine evidence and provide audit report to the
concerned party. Thus, the independent auditors received a fee from the audited organization
and they are primarily responsible to third parties (share holders).
2. Internal auditors: are permanent employees of the client and get a monthly salary. They are
primarily responsible to the management or the board of directors. Internal auditors lack
independent in appearance(are not free from financial and family relationship) from the client
since they are the employees of the audited organization, but they should satisfy
independence in fact ( objective). To be objective:
 They should not be a member of any committee in the organization
 They should provide their report not to the department heads rather to the manager.
3. Government auditors: are the employees of the government not the audited organization.
They are the auditors’ of Federal government and/or Regional government and primarily
responsible the legislative or executive body. Such type auditors will assign to audit selective
government organization.
1.5. Generally Accepted Auditing Standards (GAAS)
Standards are means of measuring the quality and performance of auditors. In order to provide
and maintain uniformly high quality audit work there is a need to have generally accepted
auditing standards. There are ten GAAS recognized by AICPA which are divided in to three
categories.
I. General standard( skill, objective,& due care)
These standards speak to the capability in the field of accounting and auditing as well as
technical knowledge of specific industry or organization under audit, character, and
conscientiousness of auditors. The auditors’ capability can be acquired through education and

5
 experience. The auditors’ character relates with their objectivity in performing the audit work. In
addition to auditors’ capability and character, auditors should be wise or careful in the audit
activities.
Under this standard, there are three GAAS as shown below.
a. The audit is to be performed by person or persons having adequate technical training and
proficiency as an auditor (competence).
b. In all matters relating to the assignment, independence in mental attitude is to be maintained
by the auditor or auditors (independence).
c. Due professional care is to be exercised in the performance of the audit and the preparation
of the report (careful, conscious, or wise).
II. Field work standards(well planning ,understanding the ICS &gathering sufficient data)
The standards of field work are necessary of an audit plan which would be developed after the
auditor has sufficient understanding of the client. This standard also requires an auditor to gather
sufficient evidence using various auditing techniques to issue an opinion concerning the financial
statements. Thus, there are also three standards of GAAS under field work standards (planning,
understanding the client’s internal control system, and competence of the audit work).
a. The audit work should be adequately planned. The reasons for planning the audit work are:
 To complete the audit work based on the stated time
 It helps to the auditor not to skip some works if he/she became busy
 To assign assistances, if any
b. A sufficient understanding of ICS of the client is to be obtained in order to plan the audit and
determine the nature, timing, and extent of testing to be performed.
c. Sufficient and competence evidential data is to be obtained through inspection, observation,
inquiry, examination, and/or conformation to afford reasonable bases for an opinion
regarding the financial statements under audit.
III. Reporting standards(GAAP, consistency, disclosure, and fair opinion)
a. The audit report shall state whether or not financial statements are prepared in accordance
with GAAP.
b. The report shall identify those circumstances in which such principles have not been
consistently observed in the current period in relation to the preceding period.
c. Informative disclosures in the financial statements are to be regarded as reasonably adequate
unless otherwise stated in the report.

6
d. The report shall either contain an expression of opinion regarding the financial statements,
taken as a whole, or an assertion to the effect that an opinion cannot be expressed. When an
overall opinion cannot be expressed the reasons therefore should be stated. In all cases when
an auditor’s name associated with financial statements, the report should contain a clear-cut
identification of the charter of the auditor’s work, if any, and the degree of responsibility
he/she is taking. In other words, the auditor should provide fair opinion to the concerned
party.
The standards of reporting requires that the auditor should, in his/her report state whether the
financial statements are prepared according to GAAP, and state if these principles have been
applied consistently. The auditor should also describe the presence of necessary information in
the financial statements that may have material effect on the reported data. After completing the
audit, the auditor should issue an audit opinion on the financial statements, and justify whatever
the opinion.

7
 CHAPTER 2: PROFESSIONAL ETHICS AND
LEGAL RESPONSIBILITIES OF AUDITORS
2.1 Professional ethics and rules of professional conduct
Profession is a specialized body of knowledge that provides intellectual services to the best
interest of the public and which has gained public confidence and trust. Ethics consists of moral
principles and standards of conduct imposed by a profession on its members. Professional ethics
provides guidance to practitioners for maintaining professional attitude and it encourages high
level of performance.
The American Institute of Certified Accountant’s code of ethics consists of two parts: the
principles and the rules. The principles are basic frames of references for the rules. The rules
govern the performances of professional services by members and are enforceable applications
of the principles.
A. Principles: there are six principles of professional ethics
i. Responsibilities
In carrying out their services as professional, members should exercise sensitive professional and
moral judgments in all their activities. Auditors play significant role in the society by rendering
different types of services that are essential to make various decisions, which involves usage of
scarce resources. Therefore, all members have responsibilities to those who use their professional
services. Besides, auditor has responsibility to corporate which each other to:
 Improve their profession
 Maintain the public confidence ,and
 Carryout the profession’s self-governance responsibilities
Application of this principle increases the quality of professional services rendered by auditors
and thereby boosts the status of the profession.
ii. The public interest
Members should accept the obligation to act in a way that will serve the public trust and
demonstrate commitment to professionalism. The public interest of an auditor is the collective
well being of the community of people and institutions that use its services. These include
clients, creditors, governments, employers, investors, and the public at large, who rely on the
objectivity and integrity of auditors. This reliance imposes high reliance of responsibility on the
auditors.

8
In discharging their responsibilities, members of the profession may encounter conflicting
pressures between information providers and users. This conflict would be resolved when
auditors carryout their responsibilities with integrity.
Auditors should show their commitment to honor the public trusts to those who rely on their
services: i.e. they expected to provide quality services within integrity, objectivity, and due
professional care.
iii. Integrity
To maintain and broaden public confidence members should perform all professional services
with the highest form of integrity.
In order to maintain the public trust and confidence members should act in an honest manner.
Integrity is measured by what is right and just in the circumstances. Integrity means in this case,
acting according to the code of professional conduct (ethical standards).
iv. Objectivity and independence
A member should maintain objectivity and be free of conflicts of interest in discharging
professional responsibility. A member in public practice should be independent in fact and
appearance when providing auditing and other attestation services.
This principle requires auditors to avoid circumstances that involve conflicts of interest.
Independence in fact refers that the auditor should maintain an objective and impartial mental
attitude throughout the engagement. Independence in appearance refers to the relationship
between the CPA and the client must appear to be independent to third parties. The auditors’
opinion will get credibility if the users perceive that the auditor as objective and impartial.
v. Due Care
A member should observe the profession technical and ethical standards, strive continually to
improve competence and quality of service; and discharge professional responsibility to the best
of the member’s ability.
Due professional care applies to the exercise of professional judgment in the conduct of the work
performed. Due professional care implies that the professional approaches matter requiring
professional judgment with proper diligence.
vi. Scope and nature of service
A member in public practice should observe the principles of the code of professional conduct in
determining the scope and nature of services to be provided.

9
The auditor should consider the above principles in deciding to provide the specific services in
specific situations. In addition, members should:
 Practice only in firms that have adequate internal control procedures
 Determine whether the scope and nature of other services requested by an audit client
would create a conflict of interest in providing auditing
 Assess whether the requested service is consistent with his role as a professional
B. Rules:
Rule 101 Independence
A member in public practice shall be independent in the performance of professional services as
required by council. A member should be independent in financial statement audit, review, and
examination of prospective financial statements for his/her is attesting information to third party.
But he/she does not have to be independent in rendering accounting, tax, or management
advisory services.
The AICPA has also adopted the following interpretation of the rule. Independence shall be
considered to be impaired if, for example, a member has any of the following transactions,
interests, or relationships.
a) During the period of professional engagement or at the time of expressing an opinion, a
member or a member’s firm:
1. Has/or was committed to acquire any direct or indirect financial interest in the
enterprise.
2. Was a trustee of any trust or executor or administrator of any estate if such trust or
state has or was committed to acquire any direct or material indirect financial interest
in the enterprises?
3. Had any joint, closely held business investment with the enterprises or with any
officer, director, or principal stockholders thereof that of material in relation to the
member’s net worth or to the net worth of the member’s firm.
4. Had any loan to or from the enterprise or any officer, director, or principal
stockholder of the enterprise. This prescription does not apply to the following loans
from a financial institution when made under normal lending procedures, and
requirements:-
o Loans obtained by a member or a member’s firm that are not
material in relation to the net worth of such borrower

10
 o Home mortgages
o Other secured loans
b) During the period covered by the financial statements, during the period of the professional
engagement, or at the time of expressing an opinion, member or a member’s firm:
1. Was connected with the enterprise as a promoter, underwriter or voting trustee,
as a director or officer, or in any capacity equivalent to that of member of
management or of any employee.
2. Was a trustee of any pension or profit sharing trustee of the enterprise?
The above examples are not intended to be all-inclusive. To have a clear understanding of the
rules, in what follows we will see the application of independence rule in relation to professional
services, individuals, and time period.
Professional services; independence rules applies to auditing and other attestation services such
as review of financial statements, examination of financial forecasts. The independence rule
applies to:
All parents or shareholders of the audit firm
All managerial employees assigned to an office that significantly participates in the
engagement
All professional staff personally participating in the engagement
Therefore it is not required that all employees of the firm be independent if the client, i.e.
independence of the employee is impaired does not necessarily mean that independence of the
firm is also impaired.
If independence of an employee having no managerial responsibility is impaired, independence
of the audit firm will be maintained by assigning the employee to other engagements. If
independent of a managerial staff is affected, he/she has to be transferred to an office of the firm
that is not significantly participating in the audit engagement.

Period: an auditor is required to be independent of the client during the following time period
 During the period of examination(auditing) process
 During the period covered by the financial statements
 At the time of expressing the auditor’s opinion(the date of the report)
During these time period holding of financial interest, or a commitment to acquire a financial
interest, establishing business relationships may adversely affect the auditor independence.

11
Financial interest
According to the interpretation of rule 101:
 A member or a member’s firm client cannot have any direct financial interest in the
client. Direct financial interest indicates any involvement in the client. Direct financial
interest comprises independence. Hence firm’s entire partners and all other
professional staff that would participate in that specific engagement should not have
any direct financial interest. Indirect financial interest exists when a member or a
member’s firm owns stock in a mutual fund, and/or when a member’s non-dependent
close relative has a financial interest in the client.
 A member should not have joint closely held business investment with a client
company. Or officers, directors, or a principal stockholder of such enterprise that is
material to either of the member’s or the audit firm’s net worth.
 A member is not permitted to have any loan to or from a client, or its officers, directors
or principal stockholders, which is not made under normal lending, procedures, terms
and requirements. This prevents any favoritism that affects or (appear to have affected)
the auditor’s independence.
The following may considered as ways of maintaining independence:
 Training: members should be adequately trained to help them understand the
technical standards relevant to various types of professional engagement. Advice
should also be given to members for specific situations.
 There should be a controlling body that sanctions the public accounting firm
and or auditors for misconduct.
 Public accounting firms should give much emphasis to independence as it is the
vital means of gaining reputation, and therefore there should be internal pressure
that forces members to act in professional manner. Before accepting a new client
public accounting firms should evaluate as the existence of threats of
independence.
Rule 102 integrity and objectivity
In the performance of any professional service a member shall maintain objectivity and integrity.
Integrity means being honesty or truthfulness whereas objectivity refers to members to be free of
conflicts of interest and shall not knowingly misrepresent facts or subordinate his/her judgment
to others.

12
This rule requires the members to be free of any bias and his/her opinion should be based on
facts rather than on any predetermined judgments, and it applies to all types of professional
services rendered by the CPAs.

Rule 201 General standards

A member in public practice shall comply with the following standards and with any
interpretations thereof by bodies designed by council.
a. Professional competence: undertake only those professional services that the
member or the member’s firm can reasonably expect to be completed with
professional competence.
b. Due professional care: members should exercise due professional care in the
performance professional services.
c. Planning and supervision: a member should adequately plan and supervise the
performance of professional services.
d. Sufficient and relevant data: a member should obtain sufficient and relevant data
to afford basis for conclusion or recommendations in relation to any professional
service performed.
All types of professional services rendered by CPAs should be performed with competence and
due professional care. Before accepting any professional engagement, CPAs should evaluate the
capability to carry out the assignment according to the professional standards. For example, if the
client organization has a sophisticate electronic data processing system, the firm should make
sure the availability of a professional staff having detailed computer knowledge. If such a person
is not available, the engagement should not be accepted since it cannot be performed completely.
Rule 202 Compliance with standards
A member who performs auditing reviewing, compilation management, consulting tax or other
professional services shall fulfill with the standards circulated by bodies designated by council.
Rule: 203 Accounting principles
A member shall not:
1. Express an opinion or state affirmatively(positively) that the financial statements or other
financial data of any entity are presented in conformity with GAAP, if such statements or
data contain any departure from accounting principles disseminated by bodies designated

13
 by council to establish such principles that has a material effect on the statements or data
taken as a whole or
2. State that he/she is not aware of any material modifications that should be made to such
statements or data in order for them to be in conformity with GAAP, if however the
statements or data contain such a departure and the member can demonstrate that due to
unusual circumstances the financial statements or data would otherwise have been
misleading the member can comply with rule by describing the departure, its approximate
effect if possible, and the reasons why compliance with the principle would result in
misleading the statements.
An auditor should not issue unqualified opinion on financial statements unless these statements
are prepared according to the principles and standards outlined by the various designated bodies
like the Financial Standard Board (FASB). However, if application of the principles and
standards results in misleading financial statements, the auditor should express the departure and
show the effect of the departure in the financial statement.
Rule: 301 Confidential client information
A member in public practice shall not disclose any confidential client information without the
specific consent of the client. Auditors, due to their profession, do have access to confidential
client information. Some of such information may be of sensitive nature and may negatively
affect the client, if disclosed. Hence, an auditor should not disclose any confidential client
information without a written consent of the client. But this rule also requires the auditor to
fulfill his/her legal and professional requirements when there is a need to disclose relevant
information to third party (legal bodies) without the authorization of the client. In this case the
auditor may become liable for disclosing confidential client information, if it results loss to the
client, he/she may also become liable for not disclosing criminal acts of the client.
Rule: 501 Acts discreditable
A member shall not commit an act discreditable (shameful) to the profession. This rule requires
auditors to avoid acts that may damage the reputation (name or status) of the profession. All acts
that may create negative attitude towards to the profession cannot be mentioned. However, the
following are identified by the AICPA as acts that may adversely affect the reputation of the
profession.
I. Retention of client records and auditor working papers such as adjusting entries in to
complete the client records.

14
When auditors are discharged their services, they may retain working papers to enforce payment
of their fee. Since the working papers are property of the auditors such retention may not
considered as unethical. But if the working papers are the only supporting documents for client’s
financial records, the auditors should give the working papers to the client after payment is
collected.
II. Discrimination in employment
Employment should not be based in age, sex, color, race, or any other discriminatory acts.
III. Failure to follow standards and/or other procedures, or any other requirements in
governmental audit.
IV. Negligence in carrying out duties and responsibilities
A member should carry his/her duties with care. Acting negligently reduces the quality of the
professional services, which in turn would reduce the public trust and confidences.
Rule: 502 advertising and other forms of solicitation
A member in public practice shall not seek to obtain clients by advertising or other forms of
solicitation in a manner that is false, misleading, or deceptive. Solicitation by the use of coercion
(force), over-reaching or harassing conduct is prohibited. The major points of rule 502 are:
 Members should not try to obtain work in unprofessional manner
 Members should not make comparisons with other implying that services provided by
others is of inferior in quality
 Fees for professional work should be quoted with great care
 No fees, commission or reward should be given to third party for introduction.
Rule: 503 Commission and referral fees
1. Prohibited commissions: a member in public practice shall not for a commission
recommend or refer to a client any product or service, or for a commission recommend or
refer any product or service is to be supplied to a client, or receive a commission when
the member or the member’s firm also performs for that client:
a. An audit or review of financial statement
b. A completion of a financial statement when the member expects. Or reasonably might
expect that a third party will use the financial of independence
c. An examination of prospective financial information

15
This prohibition applies during the period in which the member is engaged to perform any of the
services listed above and the period covered by any historical financial statements involved in
such listed services.
2. Disclosure of permitted commission: a member in public practice who is not prohibited
by this rule from performing services or receiving a commission and who is paid or
expects to be paid a commission shall disclose that fact to any person or entity to which
the member recommends or refers a product or service to which commission relates.
3. Referral fees: any member who accepts a referral fee for recommending or referring any
service of a CPA to any person or entity or who pays a referral fee to obtain a client shall
disclose such acceptance or payment to the client.
In most cases clients consult their CPAs for advice on products or services they plan to acquire.
A member shall not recommend or refer to client a product or service if the member is involved
in audit reviews, or compilation or examination of prospective financial information. If the
member or the members firm is not involved in the above mentioned activities, the member may
receive commissions and referral fees, and should disclose the existence of the commission to
the client.
Rule: 505 Form of organization and name
A member may practice public accounting in a form of organization permitted by a state law or
regulation whose characteristics conform to resolution of council. A member shall not practice
public accounting under a firm name that is misleading.
Rule 505 requires members of the public accounting practice not to form and operate a firm
under a misleading name, regardless of whether it is formed as a professional corporation,
partnership, or sole proprietorship.
In order to establish a public accounting firm as a professional corporation, the following
conditions should be met:
 All shareholders must be engaged in the practice of public accounting
 The principal executive officer shall be a shareholder and director
 To the extern possible all other director & officer should be CPAs an examination of
prospective financial information.
2.2Need for minimum competence & technical standards
The following are the common needs for minimum competence and technical standards for
professionals.

16
 1. Complexity of services: a profession has specialized body of knowledge that every
member of the profession should acquire it through formal education. The member
should update their knowledge when they are new pronouncements. Thus, it is
difficult to clients in order to evaluate the quality or healthiness of professional
services in which they are acquired from professionals.
2. Acceptance of legal and social responsibility: a professional, since he/she serves the
society, he/she has to accept social responsibility. That is, he/she has to provide
services to the society without any bias to the interested party.
3. Standards or qualifications for admission: standards or qualification for admission
should be restricted by legal and educational requirement so as to provide quality
services to the society and being competent.
4. Standards of conduct of behavior: a profession has to have standards of conducts of
behavior to govern activities of the members of the profession. The code of
professional conduct is meant by which the public measures and judge the
professional quality of the members.
5. Need for public confidence: the services provided by a profession should be accepted
by the public with full confidence and trust.
2.3Legal liability and responsibility of auditors
An auditor has legal liability and responsibility to his/her client due to contractual obligation and
to third party under the common law. An auditor becomes legally liable for breach of contract
under contractual law for failure to detect embezzlement or fraud committed by client
employees. The client may sue the auditor alleging (claiming) that the auditor was negligent in
not detecting the scheme. The auditor will be liable if he/she is proved that the reason for not
detecting fraud is his/her negligence. But the auditor may not be liable if, performed his/her
duties according to GAAS and/or if the auditor proves that his/her negligence was not the main
cause of the client’s loss.
An auditor has an obligation to exercise due professional care in rendering any type of
professional service, even if this obligation is not specifically stated in the contract. Failure to
exercise due professional care has two aspects: ordinary negligence and gross negligence.
Ordinary negligence: an auditor is considered to be negligent when he/she fails to act
professionally or when he/she fails to exercise the degree of care (unintentionally) a

17
reasonable person would exercise under the same circumstances which results damages to
another party.
Gross negligence: refers to failure to exercise due professional care intentionally to deceive
or uncover fraud.
The auditor may use contributory negligence as a defense if the client has contributed for the
incurrence of losses or for the damages caused to the client by the auditor’s negligence.
Auditors may become liable to third party if the third party proves that it sustained loss as a
result of decisions made relying on the auditors’ opinion, and that the auditors were guilty
(accountable) of certain degree of negligence. Auditors may be sued for misleading others
associating their name with professional services other than auditing. Therefore, the auditor
should clearly show his/her position in such service, e.g. marking’’ un audited’’ on the financial
statements compiled.
In general, an auditor may be sued for negligence for acts of others, lack of privileged
information for attempting to withhold information that is not privileged, or for not discharging
his/her legal responsibilities mentioned under rule 301.
Auditors may also be held liable for failure to apply GAAS or GAAP, for not reviewing events
subsequent to balance sheet date, and for not disclosing information that may have material
effect on the financial statements.
Moreover, auditors have legal liability to their colleagues, to potential investors, to creditors,
financial institutions, to the government, and to any stakeholders of the audited financial
statements in giving honest information.
2.4 Views on the Ethiopian experience
Auditors are liable to the client and third party for losses they cause in exercise of their and
punishable in accordance with the penal code.
Article 380 of the commercial code states that:
(1) Auditors shall be civilly liable to the company and third parties for any fault in the
exercise of their duties that occasioned loss.
(2) An auditor who knowingly gives or confirms an untrue report concerning the position of a
company or fails to inform the public prosecutor of an office, which he knows to have been
committed, shall be punished under Article 438 or Article 664 of the penal code as the case
may be.

18
The civil liabilities of the auditor arise if he/she has caused a loss to his/her clients through
his/her negligence or non-performance. These liabilities are governed under the contract
provisions of the commercial code.
Art. 2031 of the civil code, which addresses professional default, states the following
(1) A person practicing a given profession or activity shall in the practice of such profession
or activity observe the rules governing that practice.
(2) He/she is liable where after due consideration of scientific data or rules recognized by the
practitioners of his/her profession, he/she appears to be guilty of imprudence or
negligence constituting definitive disregard of duty.

19
 CHAPTER THREE: INTERNAL CONTROL
3.1 The meaning of internal control
In the best broad sense an organization organizational structure (also referred to as internal
control system) consist of the policies and procedures establish to provide reasonable assurance
that the organization objectives will be achieved.
The general objectives of ICS can be:
 Improving operational efficiency and effectiveness
 Reliability of financial reporting
 Safeguarding of assets and
For the purpose of auditor’s internal controls may be defined as all the policies and procedures a
company uses to prevent, detect, and correct material errors, irregularities and misstatements that
might get into financial statements.
The following are the major reasons for evaluation of internal control:
1. To give the internal auditor a base for planning the audit and to determine the nature, timing,
and extent of audit procedure.
2. To formulate constructive suggestion for improvement in the organizational internal controls
deficiencies such as:
Absence of appropriate segregation of duties
Absence of appropriate reviews and approval of transactions
Evidence of failure of control procedures by persons in authority to the detriment of control
objectives.
Evidence of willful wrong doing by employees or management including manipulation,
falsification or alteration of accounting records.
3.2 Internal control components

20
Internal control system varies significantly from one organization to the other because of many
factors such as:
 The size of the entity
 The characteristics of the organization and ownership
 The nature of the business
 Diversity and complexity of its operation
 Methods of processing data
 Legal and regulatory requirement
The following are the three major components of internal control system.
A. The control environment
B. Control procedures
C. The accounting system
A. The control environment
The control environment is the collective effect of various over all factors that establish,
enhance, or mitigate the effectiveness of specific control policies and procedures. In other
words, it is the client’s environment (internal as well as external) within which controls exist or
operate. The flow of hierarchy in the organization may be upward, downward or both.
It includes the attitude, awareness, and actions of the board of directors, management, owners,
and other parties in controlling the firm’s overall situations. The following are factors that affect
the internal control environment.
1. Management philosophy and operational style: managers differ in both their philosophies
towards financial reporting and their attitudes towards business risk.
2. Organizational structure: a well designed organizational structure provides a basis for
planning, directing, and controlling operations. A sound organizational structure of an entity
should separate responsibilities for authorization of transactions, record keeping of
transactions, custody of resulting assets, and execution of the operation.
The responsibilities for financial matters and operating problems should be given to two separate
departments namely finance and accounting departments respectively. While the finance
department conducts financial activities, the accounting department establishes accountability
through accounting record.

21
3. Personnel policies and procedures: the effectiveness of an internal control structure is
affected by the characteristics for hiring, training, evaluating, promoting, and compensating
employees.
4. Method of assigning authority and responsibility:
 The effectiveness of method of communicating employees’ authority and responsibilities (job
description) including the organization’s rules and regulation affects the quality of the
organization
 Having sound organizational policies related to such matters as acceptable business practices,
conflicts of interests and codes of conduct
 Very effective methods of assignment of authority and responsibility will reduce the
likelihood of irregularities that may result in a significant misstatement in financial statement
figures.
5. Management control method
 Management control methods are used to exercise control over the authority delegated to
others
 One good example is developing plans and monitoring the process toward accomplishment
of those plans: budgeting and control system and variance analysis.
6. Internal auditing
 Another component of the internal control environment is an internal auditing staff or unit.
 Internal auditors investigate and appraise the internal control structure and the efficiency with
which the various units of the business are performing their assigned functions, and report
their findings and recommendations to top management.
 The amount and quality of work done by internal auditors are important considerations to
external auditors in assessing the control environment of a firm.
 The effectiveness of the internal audit unit of an organization mainly affected by factors such
as its authority, the qualification of its staff, and the resources made available it.
B. Control Procedures
In addition to the control environment and the accounting system, management establishes other
control over the entity’s transactions and assets. Control procedures that can be implemented by
a firm may be categorized as procedures for:
1. Proper authorization of transactions and activities
2. Appropriate segregation of duties

22
3. Adequate documentation and recording of transactions and events.
4. Effective safeguards over access to and use of assets and records access controls, and
5. Independent checks on performance and proper valuation of recorded amounts
1. Authorization of Transactions
o Authorization of transactions may be either general or specific
o General authorization occurs when management establishes criteria for acceptance of a
certain type of transaction such as quantity discounts. Specific authorization occurs when
transactions are authorized on an individual basis (e.g. sale of a major asset).
2. Segregation of Duties
A functional concept of internal control is that no one department or person should handle all
aspects of a transaction from beginning to end.
No one department or individual should perform more than one of the functions of
authorizing transactions, recording transactions, and maintaining custody over assets.
3. Adequate Documentation
 A system of well-designed forms and documents is necessary to create records of the
activities of all departments like use of serial numbers for business documents or preparing
documents in different colors.
 Adequate safeguarding and numerical control should be maintained at all times for unused
pre numbered documents.
4. Safeguarding of assets and records
Physical access to assets and important records, documents, and blank forms should be limited to
authorized personnel. Limit access to assets such as cash inventory and securities, cost
documents and account receivable records, and blank forms like a blank checks, blank sales
invoices and shipping orders. Generally, direct physical access to assets may controlled through
the use of safes, locks, fences, guards, surveillance cameras, and security codes and so on.
5. Independent checks on performance and proper valuation
 The accuracy of the work of various individuals in a company may be verified by
independent checks on performance and valuation such as clerical checks, computer program
controls, independent review report and reconciliations.
 An independent body should make periodic comparison of accounting records and the
physical assets on hand.

23
 Any discrepancies thus obtained, when investigated, will uncover weakness either in
procedures for safeguarding assets or in maintaining the related accounting records-recorded
accountability.
 Periodic comparisons may include counts of cash on hand, reconciliation of bank statements,
counts of securities, confirmation of accounts receivable and payables, and other such
comparison of operations.
 The frequency of such comparison is governed by the related costs and benefits. Yet,
periodic comparison and action to correct errors lowers the risk that material misstatements
remain the account.
C. The Accounting System
An accounting system consists of the methods and records established to gather and report an
entity’s transactions and to maintain accountability for the related assets and liabilities. An
accounting system is maintained to attain the following objectives:
1. Identify and record all valid transactions
2. Describe on a timely basis the transactions in sufficient detail to permit proper classification
of transactions for financial reporting.
3. Measure the value of transactions in a manner that permits recording their proper monetary
value in the financial statements.
4. Determine the time period in which transactions occurred to permit recording of transaction
in proper accounting period
5. Present properly the transactions and related disclosures in the financial statements.
3.3 Internal Control Objectives
Following are the general objectives of internal control of any organization.
1. Accomplishment of established goals and objectives: the focus of implementing and
maintaining internal control systems should be on accomplishing institutional objectives and
goals. Management should, therefore, strive towards establishing an internal control system,
which is not only cost-effective, but also ensures the achievement of institutional goals and
objectives.
2. Reliable information: for an institution to carry out different activities and projects,
management requires reliable and accurate information. The objective of internal control is,
therefore, to maintain the reliability and integrity of the system.

24
3. Safeguarding assets: another objective of an internal control system is the protection of an
institution’s assets. It is for this reason and purpose that the most visible internal controls,
such as locks on the doors, computer passwords, fences, and joint responsibility for certain
valuable assets are developed and utilized.
4. Promote efficiency: the promotion of efficiency of an internal activities as well as the
efficient use of resources is also objective that the internal control system should strive for. It
is, therefore, necessary that the various controls prevent unnecessary duplication of efforts,
prevent wastage in all aspects of institutional activities, and discourage the inefficient use of
resources. The efficient use of resources is based on the fact of limited supplies never being
sufficient to provide for the infinite needs of a public institution.
5. Ensure compliance: management usually uses policies, strategic and business plans as well as
procedures in maintaining internal control systems. Staff therefore, is encouraged to act in
accordance with these control devices. On the other hand, controls described and contained
in policies and procedures are necessarily applied ensuring planned implementation of
program.
6. Encourage adherence (devotion): the internal control system should provide reasonable
assurance that set policies and procedures are followed by all staff members. If these are not
adhered to, management should take institutional measures.
3.4 Classification of Internal Control
Two different approaches to the classification of internal controls can be followed: broad and
specific.
i. Broad categories: internal control system vary broadly into two categories:
organizational and procedural.
A. Organizational Controls: these are often referred to as general or environmental controls
involving organizational structures, segregation of duties, supervision, management and
personnel.
Structural: the structural aspect of organizational controls refers to a clear structure and
hierarchy of responsibilities according to which authority is delegated. The structure creates an
environment where employees on one level can exercise control over employees on one another.
Segregation of duties: this aspect of control is designed to avoid concentration of control and
execution (implementation) of duties in a single official. Segregation can be instituted at various
stages of processing and recording of transactions. Practically, the following three functions are

25
separated-custody of goods received, authorization of payments, and their records in
accounts. If a computerized accounting system is used, which is usual, system development
including programming should be separated from operations.
Supervision: supervision refers to daily arrangement for overseeing and checking transactions
and asset security.
Management: internal control should ensure management achieves their objectives. These
management controls represent among others, provision of institutions, financial regulation,
reviews and checks by internal audit, budgetary controls, and monitoring of income and
expenditures. Most of them are long-term arrangement for over all staff supervision.
Personnel: the reliability of personnel responsible for the application and maintenance of
internal controls is an important factor in determining that controls are reliable.
B. Procedural Control
Procedural control often referred to as application or specific control, involve three aspects.
Physical: these are designed to safeguard the custody of assets such as cash and easily
removable important documentation and these can be stored safes with only authorized personnel
having access.
Authorization: the authorization and approval of transactions by responsible and designated
officials, with regulatory limits, is a control ensuring accountability.
Accounting: these include arithmetical and recording functions such as trial balances,
reconciliation of cash and bank accounts, and the matching of orders with goods-received notes.
ii. Specific categories: internal control are, however, usually classified as, management,
accounting, and administrative.
Management control
Accounting officers, financial managers, departmental heads, and line managers are responsible
for ensuring that government’s resources are managed effectively. They must necessarily
develop implement administrative and operational procedures to ensure that these procedures are
adhered to, and internal control is a key management tool in this regard. This is the reason
managers depend on control process by utilizing:
 Effective plans of the organization with clear lines of reporting and responsibility,
 Adequate administrative structures including budgetary and cost control and policy and
procedural manuals,
 An effective and streamlined(efficient) approval and authorized process, and

26
 Professional and well-trained personnel.
Management control depending on information generated by the procedures that they have
implemented to assist them in exercising their control responsibilities. That is why it is necessary
for management to have reassurance that these internal control procedures are functioning
properly, and are adequate to provide them with all the relevant information to control their
responsibility affairs. Essentially the procedure consists of:
o The process of comparing results with the institutional plan,
o Explaining variance(deviations from the initial plan), and
o Taking corrective action.
Picket and Vinten (1997, p.172) describe the management control system as consisting of these
areas:
 Objectives- clear statement of goals
 Strategic plans- an efficient way of achieving goals
 Structuring- the way in which resources will be deployed
 Human resource management- process of acquiring the required resources
 Quality standard- stands applied to the operation in terms of quality and quantity
 Procedures- the way work will be undertaken
 Operational activities- the activities themselves
 Marketing- the way the clients’ needs are defined and met, and
 Management information-information required to manage and control the activities
Accounting controls: are internal control related to the accounting system of organizations.
They are related with achieving the following controls objectives. They are designed to make
sure that:
 Transactions are implemented in accordance with the management’s authorization, i.e., in
accordance with the laid down policies and procedures.
 Transactions are promptly recorded in proper manner to ensure timely preparation and
communication of reliable financial information.
 Accountability for assets is maintained and assets are safeguarded from unauthorized access,
use or disposal
For example, preparation of bank reconciliation by an employee independent of (not authorized)
to issue checks or handle cash is an internal control that increases the probability that cash
transactions are presented fairly in the accounting records and financial statements.
27
Administrative controls: some of these controls have little or no bearing on the financial
statements and are thus not direct interest to auditors. Administrative controls emphasize the
effectiveness and efficiency of management decision making process. Administrative controls
emphasize controls for management decision concerning on authority and responsibility for
authorization of information. Administrative controls include the plan of organization structure,
procedures & records related to the decision process. The plan of the organization refers to the
organization structure and methods of assigning authorities and responsibilities. A proper plan of
organization is important for effective operation of the entire internal control system.
Accounting controls have a direct compact on the reliability of financial information while
administrative controls have only an indirect effect on the financial information. The first
concern in financial statement audit is with reviewing accounting controls but not forgetting
administrative controls which have an indirect impact on the reliability of financial statements.
3.5 Elements of Sound Internal Control System
An internal control system usually contains elements forming the basis for an effective system
and contributes to accomplishing set objective of the institution. These elements can be
separately identified as:
Sound management characteristics: the management style and characteristics of managers’
display have a significant effect on the internal control environment. Managers should
necessarily set an example as far as application and adherence to controls is concerned. If
managers, on the different levels, continuously attempt to override or ignore these, then it can be
expected that their subordinates do the same.
Efficient Organizational Structure: the organizational structure of the organization indicates
the responsibility and authority of various officials as well as the lines of communication to be
followed. If all officials clearly understood the structure and their responsibilities relative to
other officials, this would certainly contribute to applying and maintaining the system.
Acceptable Personnel Policies: since competent and trustworthy personnel will produce reliable
and accurate financial information and ensure internal controls are adhered to, it is important that
personnel policies and practices form a critical part of internal control environments. As such, it
is essential that policies be developed to the extent that personnel employed enhance compliance
with controls and do not undermine the system.
Written Procedure: written procedures in the form of procedure manuals, instructions, and
directives require developing for use by all staff. These written procedures are part of internal

28
control, and therefore their practical application is vital in ensuring uniform approaches to tasks.
This approach strengthens the system by setting minimum standards of conduct.
Effective Internal Audit Function: legislation requires the establishment of internal audit unit
in each organization. One function of an internal audit unit is monitoring the effectiveness of the
internal control system and reporting deficiencies to an audit committee and management. The
auditors belonging to such a unit should be independent of the institution being monitored and
should, therefore, report directly to the committee.

3.6 Limitation of Internal control

Even if internal control can do much to protect against both errors and irregularities & assure the
reliability of accounting data, it has inherent limitation. What so ever its structure is. Besides, the
following situations increase the limitation of any internal control system.
Collusion: collusion can be defined as an agreement between two parties to defeat an internal
control system to carry out an improper act. For instance, you may assign a store keeper and a
guard to prevent assets from being taken for personal use, but what if these two persons collude.
Management outride or manipulation and collusion: management may override procedures
designed to assure execution and recording of transaction in accordance with management
authorization. For example, the manager may authorize improper payment to him and threaten
employees under him to hide the theft.
Cost versus benefit: organization is faced with challenge to find the right cost-versus –benefit
balance for internal control. Excessive control can be too costly and counterproductive, as result
100% control might not be adapted.
Temporary failure: there are two basic reasons under this limitation:
1. Human error: due to carelessness, interruption, fatigue(tiredness), misunderstanding
institutions, etc.
2. Change: a new employer may hire and he/she makes mistake until they understand the
system.
Mistake in judgment: this includes such as mistakes in recording transactions in wrong
accounting period, erroneous classification of transactions, in capitalizing expenditure, etc.

29
30