AUDIT AND ASSURANCE

Unit 1: AN OVERVIEW AND HISTORICAL DEVELOPMENT OF AUDITING

1.1 Historical Development

From the religious perspective auditing can be trace back to the account of creation where God
created Adam and eve, place them in the garden and made them stewards with the task to
manage His assets. The Holy book also made it clear that God the Principal comes every evening
to look into their daily events of His stewards. From the creation story we can derive the theory
of stewardship. The theory posits that there is a principal (shareholders, the owner of the
business) employs an agent (manager or management or employee) whose responsibility is to
manage the assets on behalf of the principal (Principal- Agent relationship).
Here God is the principal and we are His agents. The Agent (we) must work in accordance to the
principal‟s term of condition. He must ensure that he maximizes the principal assets (wealth).
His objective as an agent is solely to achieve the objective of the principal (shareholders
maximization).

Historically, Auditing dates back to early Babylonian times, around 3000 BC. Evidence of
auditing activities was also found in ancient China, Greece and Rome. In Rome, auditors heard
tax payers such as farmers give public accounts of the results of their business and the tax due.
Thus, the word „audit‟ came from the latin word „audire‟, meaning to hear. The Auditor was a
hearer or listener. In China and Egypt, auditors were supervisors of the accounts of Chinese
Emperor and the Egyptian Pharoah. The govt. accounting system of the Zhao dynasty in China
included an elaborate budgetary process and audits of all government departments. The dynastic
era in Egypt (from about 3000 BC) made extensive use of scribes (accountants) who were held in
very high esteem. Over the centuries, the role of auditors as hearers and verifiers of reports
evolved to include that of verifying written records. This was given more push by the discovery
and documentation of double entry bookkeeping in Italy by a Catholic priest, Luca Pacioli in his
Summa de Arithmetica dated 20 November 1494. He also recommended the verification of
accounting records by auditors.

Modern auditing began around 1844 with the emergence of modern corporations at the dawn of
the industrial revolution. Britain passed the Joint Stock Companies Act in 1844 which among
other provisions, required company directors to report to shareholders through audited financial
statements. In 1853, the Society of Accountants was founded in Edinburgh. Several other
Institutes emerged in Great Britain, merging in 1880 into the Institute of Chartered Accountants
in England and Wales. The 1862 English Companies Act required the use of trained and
specialized professionals to conduct an independent review of company financial
statements and the preparation of the corrected accounts and financial statements. The
role of auditors became more important with the separation of ownership and management
of corporations as these companies continued to grow in size and capital was provided by
1
investors from different stakeholder groups. Managers have control over the accounting systems
and determine the way in which financial information is presented to providers of capital
(investors). Investors and creditors may have different objectives from management and thus
these providers of resources depend on an independent party – the auditor – to lend credibility to
the information provided by the agent – the managers. This probably led to the English
Companies Act, 1900, to legally make it compulsory for every company to appoint independent
auditors as we know them today.

At the early stages of the development of auditing, prevention and detection of fraud was the
central concern of auditing. This was done through extensive and detailed examination of the
companies‟ books and records. As this was an inefficient and expensive way of auditing, the idea
of sampling and testing emerged around 1895. By 1940, after the Mckesson & Robbins scandal
of 1939, the responsibility for fraud detection and prevention began to shift to management.
Auditor‟s main concern became the determination of the truth and fairness of the reported
financial statements and there was an agreement that the auditor‟s main technique was testing,
and the extent of tests to be done became dependent on the auditor‟s assessed strength of the
company‟s internal controls. Though the primary objective has not changed, the emergence of
information Technology (IT) has changed auditing approach as data/information are currently
being held in micro-chips and memory cards.

1.2 Definition of Auditing

There are many definitions of auditing, many of which capture the audit process, the audit
objective or both. Some of the definitions are given below:
Spicer and Pegler: Auditing is “…an examination of the books, accounts and vouchers of a
business as will enable the auditor to satisfy himself that the balance sheet is properly drawn up,
so as to give a true and fair view of the state of affairs of the business and whether he is satisfied
with the profit or loss for the financial period according to the best of the information and
explanations given to him and as shown by the books, and if not, in what respect he is not
satisfied.

Lawrence Dicksee: Auditing is an examination of accounting records undertaken with a view to

establishing whether they correctly and completely reflect the transaction to which they relate. In
some instances, it may be necessary to ascertain whether the transactions themselves are
supported by authority.

American Accounting Association (AAA): Auditing is a systematic process of objectively

obtaining and evaluating evidence regarding assertion about economic actions and events to
ascertain the degree of correspondence between those assertions and established criteria and
communicating the result to intended users.

This definition is widely accepted as it point out what auditing entails as well as what the auditor
does. Auditing is a planned, logical and scientific activity (systematic process); it involves the

2
auditor gathering and evaluating evidence on the representations made by management
(assertions) with regard to elements of financial statements (economic actions and events). The
auditor compares the evidences he has gather and evaluated and the accepted accounting
practices to know if they are in agreement to enable him express an opinion. He eventually
communicates the outcome of his examination, evidence gathering and evaluation and
comparison to users through his audit report.

1.3 Objectives of Auditing

This is divided into primary and secondary objectives.

1.3.1 Primary Objective: The primary objective of an audit of financial statements is to

enable the auditor express an opinion whether the financial statements are prepared, in all
material respects, in accordance with an applicable financial reporting framework. Thus, the
primary objective of an audit is the expression of professional opinion as to whether or not, the
financial statements examined by the auditor, for a reporting period, give a true and fair view
(that is, fairly presented in all material respects).

1.3.2 Secondary Objectives

In the course of the audit process geared towards achieving the primary objective of expressing
an independent opinion, the following secondary objectives may be achieved:
 Prevention of fraud and errors by the deterrent and moral effect of audit.
 Detection of fraud and errors through the audit procedures designed and implemented by
the auditor
 Evaluation of the effectiveness and appropriateness of internal control system over
financial reporting and submitting a report to management for needed improvements
 Evaluating and reporting on the likelihood of the business continuing as a going concern
 Providing valuable advice to the entity audited on areas such as accounting systems,
taxation matters, risk management practices and other incidental matters.

1.4 Advantages and Limitations of an Audit

1.4.1 Advantages of an audit

a) Audited financial statements are more credible and carry more authority than unaudited
ones.
b) Errors and fraud can be identified and rectified on time
c) Audit acts as a deterrent, through its moral influence, to personnel who may be tempted
to commit fraud.
d) As a by-product of the audit, a management letter (report to those charged with
governance) will be produced, identifying weaknesses and making recommendations on
areas such as systems and controls which will improve the smooth running of a business.
e) It is easier and potentially cheaper to raise finance from banks and other providers of
funds with an audited set of financial statements.

3
 f) Audited accounts are used as a basis of evaluation when determining the value of a
business in the event of sales or purchase of a business and during merger negotiations.
g) An audit will give the directors of a company comfort that the financial statements are a
sound basis for making business decisions.
h) Accurate financial statements will be the best basis for tax assessment and tax planning.
An audit opinion will enhance the credibility of the figures.

1.4.2 Limitations of an Audit and Materiality

The primary objective of an audit is to express a professional opinion on the „Truth and Fairness‟
of financial statements examined by the auditor. Giving this opinion involves judgments and
materiality levels set by the auditor while designing his procedures and tests.
Based on the above, the following limitations of auditing could be noted:
1. Auditing is not objective. Judgments have to be made during risk assessments regarding
what to test, how much to test and whether errors are representative of errors present in
the financial statements.
2. Not all items in the financial statements are tested. Tests are based on samples with
associated sampling risks.
3. There are limitations in accounting and control systems:
 Some non-routine transactions introduce significant risks;
 Human errors in recording and testing exist;
 There are possibilities of collusion in fraud; and
 There are possibilities of control overrides by those who exercise oversight
function.
4. Audit evidence sometimes indicates what is probable and not certain in that they are
based on intention, estimates and judgments.
5. The audit report has inherent limitations imposed by the standard format and layman‟s
lack of understanding of audit jargons.

Note: In the context of the auditor‟s report -

Information is true when it is factual and conforms with reality. In addition, the information
complies with required standards and law. The financial statements agree with the books and
records.
Information is fair when it is free from discrimination and bias and in compliance with expected
standards and rules. It requires that the accounts reflect the commercial substance of the
underlying transactions.

Materiality is an expression of the importance of a matter in the context of the financial

statement as a whole. A matter is material if its omission or misstatement would reasonably
influence the economic decision of the users taken on the basis of the financial statement.

The following limitations/disadvantages of annual audits should also be noted -

a) Financial statements and events being audited are usually historical.
b) Audits are expensive, especially to small organizations

4
 c) Activities of auditors during the engagement performance period cause disruptions in the
organization‟s operations.
d) There is loss of productive time as staff and management must respond to auditor‟s
inquiries and queries and in providing explanations and information when the audit is
going on.

1.5 Types/classification of Audits

Audits may be classified according to the nature of work done by the auditor or according to
approach to the audit.

1.5.1 Classification according to nature of work done by Auditor

The following types of audits exist under this category:
 Statutory audits – these are audits required by law. The companies Act in Nigeria makes
it mandatory that companies incorporated under that Act must be audited every year. This
statute also specifies the scope of the audit which cannot be restricted by the owners of
the business or by their managers.
 Private audits – a private audit is not required by law; it is optional. The person who
engaged the auditor will usually agree the scope of work to be done with the auditor.
Examples of private audits include the audit of sole traders and partnerships.
 Internal audit – these are audits carried out by employees of an organization (called
internal auditors) to ensure adherence and compliance to policies and controls established
by the management. It is an independent appraisal function established by the
management for the purpose of evaluating the organisation‟s operations and improving
the effectiveness of management controls and governance processes. The internal audit
unit is increasingly involved in corporate risk management.
 External audit – this is an audit carried out by an independent party (non-employee of
the organization). It examines the operations and financial statements prepared by
management and reports to owners of the organization. Examples are the statutory and
private audits.

1.5 Classification according to Approach

 Management Audit – an audit that enquires into the effectiveness and efficiency of
management in executing the organization‟s policies, programmes and plans. The audit
examines the organizational structure, or any component of it, its plans and objectives, its
means of operation and how management deploys human resources and physical
facilities. Management is usually carried out by the internal audit unit or a management
consultant. The benefits of a management audit include:
 Providing the board with access to constructive advice and report of their
performance,
 Providing meaningful feedback for managers at all levels; and
 Discouraging unhealthy and fraudulent management practices and procedures
 Transaction audit (Vouching approach) – this audit approach tries to authenticate the
validity and accuracy/correctness of accounting records and the source documents used in

5
 preparing the financial statements. It is a direct method of generating audit evidence to
support the transactions and events that occurred in the organization within the reporting
period.

 Balance Sheet (Statement of Financial Position) audit – it is known as verification

audit as it seeks to xamines the balance sheet of the organization with the objective of
verifying the assets, liabilities and equity (capital) by tracing the items back to the
underlying records and source documents. It also confirms the existence of the item. The
main objective of a balance sheet audit is to confirm that the financial statements
presented agree with the underlying records and other books of account. The merits of
Balance sheet audits lie on the fact that they help in confirming the existence, ownership
and proper valuation and presentation of assets, liabilities and components of equity.
Balance sheet audits also highlight the control measures over assets and liabilities.

 Continuous audit – This involves carrying out continuous reviews, tests and procedures
on the operations of an entity. Internal auditors mostly adopt this approach since they are
always in the work environment. Although, where volume of transactions is large and
there is a tight reporting deadline to meet, the external auditor also adopts this approach.
Continuous audit, for the external auditor, ensures a timely conclusion of the audit and
helps in effective deployment of audit staff, especially during slack periods.
The disadvantages of this audit approach include:
 Increasing the chances of over-auditing;
 Interrupting the client‟s daily routines;
 It is generally expensive to carry out; and
 The independence of the auditor may be impaired where there is too much
familiarity.
 Final or completed audit – This is also known as periodic or annual audit and it is
usually conducted by the financial year end after the books of account are closed. The
auditor visits the client once in the year during which period the entire audit assignment
is carried out.
The advantages of this audit approach include:
 Audit evidence obtained is more reliable;
 Financial statements are finalized and published on time;
 Figures cannot be altered after the audit; and
 Work is carried to conclusion in one session without recourse to return visits.
But where audit firm has many clients with common year end, there may be a challenge
in getting adequate audit staff to meet the demand of clients and as a result, there may be
delays in finalizing the audit.

 Interim audit – an audit carried out on the interim accounts up to a particular period
within the year; it does not cover a full year. The auditor wants to ascertain the accuracy,
reliability and validity of the interim accounts prepared. It may be done to enable the
management pay interim dividends. It assists the auditor in the timely completion of the

6
 final audit and in timely identification and correction of errors and misstatements. Interim
audits impose some moral checks on client staff.

 Regulatory (Compliance) Audit

This is aimed at ensuring that expenditures have been incurred on approved services and
in accordance with the enabling statutory provisions and regulations governing the
particular expenditure. It seeks to determine if an organization is following specific
procedures, rules or regulations set by itself or by regulatory authorities.

 Procedural Audit
This is an examination and review of the internal procedures and records of an
organization, in order to ascertain their reliability as a basis for compiling the final
accounts. The objectives of a procedural audit usually include:
 To assess the adequacy of the internal control system;
 To establish whether the records are sufficiently reliable for the preparation of the
final accounts;
 To ascertain whether the procedures laid down by management are being
followed.
 Value for Money Audit

Value-for- money audit, also referred to as Performance or efficiency audit, seeks the
maximization of the use of resources for the welfare of the public by ensuring that
activities and programmes are carried out at low cost and to high standard. In addition to
ensuring that financial statements faithfully represent the affairs of the establishment in
relevant cases, the audit objective includes an ascertainment of whether the establishment
being audited is achieving the purposes for which its programmes are authorized and
whether it is doing so efficiently, effectively and economically.

 Forensic audit - is the specific use of audit procedures within a forensic investigation to
find facts and gather evidence, usually focused on the quantification of a financial loss.it
is applied in the detection of different types of fraud, employee fraud, criminal
investigations etc.

1.6 Assurance Engagements

We have before now discussed the role of auditing that it lend credence to the financial statement
prepared by the management. However, this is not the only assurance service that the
independent auditor performs. Assurance Engagements is another service in a broader and wider
concept than auditing. Assurance engagement is performed by professional Accountants with
the intention to enhance the credibility of information about the subject matter. The subject
matter of an assurance engagement is the topic about which the assurance engagement is
conducted. According to the American Institute if Certified Public Accountant, Assurance
engagement is an independent professional service that improve the quality of information in the
context for decision maker.

7
As defined by the Assurance Engagement Framework, Assurance engagement means an
engagement in which a practitioner expresses a conclusion designed to enhance the degree of
confidence of the intended users other than the responsible party about the outcome of the
evaluation or measurement of a subject matter against criteria.

An audit is a specific form of assurance engagement. Other examples include:

 Report on internal controls;

 Value for money reviews;
 Environmental and CSR audits;
 Risk evaluations;
 Compliance reviews etc

1.6.1 Elements of Assurance Engagements

There are five elements of Assurance Engagements namely

1. A three party relationship involving a practitioner, a responsible party and the intended
users;
2. A subject matter;
3. Suitable criteria;
4. Evidence; and
5. an assurance report (conclusion)

 Three- Party relationship – the practitioner, a responsible party and intended users.
The practitioner is the professional (e.g. auditor, accountant or an expert) who gathers
evidence to provide a conclusion to the intended users about whether a subject matter
(e.g. financial statement) conforms, in all material respects to identified criteria. The
Practitioner, in brief, is the individual providing professional services that will review the
subject matter and provide assurance.
The responsible party (e.g. the management of Board of directors) is the one responsible
for the subject matter or subject matter information and chooses the criteria and may or
may not engage the practitioner For example when government organization engages a
practitioner to performance assurance engagement regarding a report about private
company‟s sustainability practice that the organization has prepared and is to distribute to
intended users.
The intended users are person (s) or class of persons for whom the practitioner prepares
the assurance report, infact the responsible party can be one of the intended user but not
the only one. The addressees of the assurance report and may be identified by the
responsible party or by law.

 Subject Matter - This is the data to be evaluated, that have been prepared by the
responsible party.
The subject matter of an assurance engagement can take many forms, such as
8
  Financial performance or conditions e.g. historical or prospective financial
performance;
 Non-financial performance indicators
 Physical characteristics e.g. capacity of a facility;
 Systems and processes e.g. internal controls, IT systems etc
 Behaviour (e.g. corporate governance, compliance with laws and regulations,
human resource practices)

The auditor accepts an assurance engagement only if the subject matter is the
responsibility of a party other than the intended user or the auditor. That is, the intended
user is not management or the auditor. The subject matter must be:

 identifiable and capable of consistent evaluation or measurement against

identified, suitable criteria e.g. IFRS
 in a form that can be subjected to procedures for gathering evidences to support
that evaluation or measurement.
 Suitable criteria - are the benchmarks used to evaluate evidence or measure the subject
matter of an assurance engagement. For example, in the preparation of Financial
statements, the suitable criteria may be IFRS; for internal controls, it may be established
framework such as COSO or any other control objectives specifically designed for the
engagement. Suitable criteria, thus are relevant to the circumstances of the engagement.

The characteristics for assessing whether criteria are suitable are:

i. Relevance – relevant criteria contribute to conclusions that meet the objectives of the
engagement and assist decision making by intended users.
ii. Completeness – criteria are complete when there are no omission of factors that could
affect the conclusions in the context of the engagement circumstances.
iii. Reliability - reliable criteria result in consistent evaluation or measurement, including
where relevant, presentation and disclosure of the subject matter, when used in
similar circumstances by similarly qualified practitioners.
iv. Neutrality – neutral criteria are free from bias.
v. Understandability – understandable criteria are clear and comprehensive and are not
subject to significantly different interpretations.

 Evidence – Sufficient appropriate evidence is needed for every assurance engagement.

The quantity (sufficiency) and quality (appropriateness) of evidence available will be
affected by:
 The characteristics of the subject matter. For example, when the subject matter is
future oriented, less objective evidence might be expected to exist than when the
subject matter is historical.
 Other non-subject matter characteristics. For example, when expected evidence is
not available to the practitioner, probably due to the timing of his appointment, an
entity‟s document retention policy or some other restriction imposed by the
responsible party.
9
  Assurance Report – The practitioner gives a written report containing a conclusion that
conveys the assurance obtained as to whether the subject matter conforms, in all material
respects, to the identified criteria. For example, an audit of financial statements provides
an opinion on conformity with standards (IFRS) and other regulatory framework.

1.6.2 Objectives of an Assurance Engagement

The objective of an assurance engagement depends on the level of assurance given. ISAE 3000
Assurance engagements other than audits or reviews of historical financial information
distinguishes between two forms of assurance engagements:

 Reasonable assurance engagements

 Limited assurance engagements

The objective of a reasonable assurance engagement is a reduction in assurance engagement risk

to an acceptably low level in the circumstances of the engagement as the basis for the assurance
practitioner‟s conclusion.

The report (conclusion) would usually be expressed in a positive form, giving a “reasonable
assurance” that the subject matter conforms in all material respects, with criteria. This indicates
that given the evidence gathering procedure and the characteristics of the subject matter, the
practitioner has obtained sufficient appropriate evidence to reduce assurance engagement risk to
an acceptably low level. Thus, for this type of opinion, a significant amount of testing and
evaluation is required to support the conclusion. The opinion on audit of financial statements is
an example of reasonable assurance report.

Limited assurance is a lower level of assurance. The nature, timing and extent of procedures
carried out by the practitioner would be limited compared with what is required in a reasonable
assurance engagement. The report/conclusion could be expressed in negative form of words. For
example, “nothing has come to our attention that causes us to believe that subject matter (e.g.
historical financial statements) does not conform, in all material respects, to criteria (e.g IFRS).”
This form of report conveys a “limited assurance”, indicating that the practitioner has obtained
sufficient appropriate evidence to reduce assurance engagement risk to a moderate level.

1.6.3 Other Assurance Engagements

Review Engagements

Assurance engagements include a range of assignments, from external audit to review

engagements.

The objective of a review engagement is to obtain limited assurance about whether the subject
matter information is free from material misstatements. Thus, a review can provide a cost-
efficient alternative to an audit where an audit is not required by law.

10
Types of review engagements: There are two types of review engagements, namely, an
attestation engagement and a direct engagement.

An attestation engagement: This is a form of engagement in which the practitioner issues a

report/conclusion about the reliability of an assertion made by another party. Though the subject
matter is not measured by the practitioner, he concludes whether or not the subject matter is free
from material misstatement. For example, in a review of CSR or sustainability report prepared by
management, management measures and evaluates the extent to which the company has
achieved its targets, and the practitioner provides a conclusion as to whether the measurement
and evaluation is free from material misstatements.

A direct engagement: Here, the underlying subject matter is measured and evaluated by the
practitioner, who presents a conclusion on the reported outcome in the assurance report. For
example, an engagement where the practitioner is engaged to carry out a review of the
effectiveness of a company‟s system of internal controls; the practitioner would evaluate the
internal controls and then issue an assurance report explaining the outcome of the review.

1.7 REGULATION OF AUDIT AND ASSURANCE SERVICES

1.7.1 Need for Regulation

Audit and Assurance services are regulated primarily for the Public interest. Investors take
economic decisions on the basis of the credibility auditors lend to financial statements whenever
they audit and certify the financial statements true and fair. Thus, it can be said that auditors give
an impartial, professional view on issues that matter to users of financial and other information.
It is important therefore that this view can be trusted. Auditors therefore need to operate within
ethical boundaries and in compliance with standards, laws and regulations.

1.7.2 Sources of Regulation: Regulation of Audit and Assurance services is effected through:
 Legal Regulation – Most countries, including Nigeria, have legal requirements
associated with some assurance providers, particularly auditors. Examples of these legal
requirements are found in CAMA (Companies and Allied Matters Act), 2004, ICAN Act
1965, Banks and other Financial Institutions Act 1991, Insurance Act 2003, Securities
and Exchange Commission (SEC) Act 2007, EFCC Act, the Audit Act, Financial
Reporting Council of Nigeria (FRCN) Act 2011 etc.
 Ethical Regulation – Auditors are given ethical guidance by the professional Bodies e.g.
ICAN, law and IFAC (International Federation of Accountants).
 Professional Regulation – Auditors are required to carry out audits according to
professional standards (International Standards on Auditing –ISAs and Nigerian
Standards on Auditing- NSAs). As assurance provision goes „global‟ the harmonization
of such professional guidance has become necessary.

11
1.7.3 CAMA and the Auditor
Sections 357 – 369 of CAMA relate to the Auditor and his work.
.1 Appointment of an Auditor – s.357
Every company shall at each Annual General meeting (AGM) appoint an auditor or
auditors to audit its financial statements. The auditor‟s tenure shall run from the
conclusion of the AGM where he was appointed till the next AGM.

The directors may appoint an auditor in the following circumstances:

 Where at an AGM, no auditors are appointed or re-appointed;
 The appointment of the first auditors of the company before the company is entitled to
commence business;
 To fill any casual vacancy in the office of the auditor, but while any such vacancy
continues, the surviving or continuing auditor (s) may act.

A retiring auditor however appointed, shall be re-appointed without any resolution being passed
unless –
 He is not qualified for re-appointment;
 A resolution has been passed at the meeting appointing another auditor or providing
expressly that he shall not be re-appointed; or
 He has given the company notice in writing of his unwillingness to be re-appointed.

.2 Qualification of the Auditor – s. 358

A person shall not be qualified for appointment as an auditor of a company, unless he is a
member of a body of Accountants in Nigeria.
The following persons however are disqualified from serving as an auditor of a company:
 An officer or servants of the company;
 A person who is a partner of or in the employment of an officer or servant of the
company;
 A person or firm who or which offer to the company professional advice in a consultancy
capacity in respect of secretarial, taxation or financial management.
 A body corporate.

.3 Reports of the Auditor – S. 359

The auditors of a company are required to make a report to the members of the company on the
accounts examined by them, and on every Balance Sheet (Statement of financial position) and
statement of Profit or loss, and all group financial statements, copies of which are laid before the
company in a general meeting during the auditors‟ tenure of office.

In the case of a public company, the auditor also makes a report to the audit committee which
shall be established by the company. By the provisions of this section (s.359), the committee
shall consist of an equal number of directors and representatives of the shareholders of the
company (subject to a maximum of number of six members). The committee examines the

12
independent auditor‟s report (including the management letter or letter of weakness) and makes
recommendations thereon to the annual general meeting as it thinks fit.

The objectives and functions of the committee as specified by the Act, are to:
 ascertain whether the accounting and reporting policies of the company are in accordance
with legal requirements and agreed ethical practices;
 review the scope and planning of audit requirements;
 review the findings on management matters in conjunction with the external auditor and
departmental responses thereon;
 keep under review the effectiveness of the company's system of accounting and internal
control;
 make recommendations to the Board in regard to the appointment, removal and
remuneration of the external auditors of the company; and
 authorise the internal auditor to carry out investigations into any activities of the
company which may be of interest or concern to the committee.

.4 Duties and Powers of the Auditor – S. 360

The auditor, in preparing his report has as his duty, to carry out such investigations as may
enable him form an opinion as to whether:

 proper accounting records have been kept by the company and proper returns adequate
for his audit have been received from branches not visited by him;
 the company‟s Balance sheet and (if not consolidated) its profit or loss account are in
agreement with the accounting records and returns.

If the auditor is of the opinion that proper accounting records have not been kept or that adequate
returns have not been received from branches not visited by him or that the balance sheet and the
profit or loss account are not in agreement with the accounting records and returns, the auditor
shall state that fact in his report.

To ensure effective discharge of his duties, the Act confers the following powers on the auditor:
 every auditor of a copy shall have unrestricted access at all times to the company‟s
books, accounts and vouchers;
 every auditor of a company shall be entitled to require from the company‟s office
such information and explanations as he thinks necessary.
.5 Remuneration of the Auditor – S. 361.
In the case of auditors appointed by the directors, their remuneration may be fixed by the
directors; or the remuneration may be fixed by the company in a general meeting or in such
manner as the company in general meeting may determine.

.6 Removal of the Auditor – S.362

A company may, by ordinary resolution, remove an auditor before the expiration of his term of
office, notwithstanding anything in the agreement between the company and the auditor. A

13
special notice of 28 days is required for this purpose. Within 14 days of passing the resolution
removing an auditor, the company shall give notice of that fact the Corporate Affairs
Commission (CAC)

.7 Rights of the Auditor – S. 363

A company‟s auditor shall be entitled to attend any general meeting of the company and to
receive all notices of, and other communications relating to any general meeting which a
member of the company is entitled to receive. He is also to be heard on any part of the meeting
which concerns him as auditor.
In addition, an auditor who has been removed from office has the right to attend:
 the general meeting at which the term of his office would otherwise has expired;
 any general meeting at which it is proposed to fill the vacancy caused by his removal;

.8 Special Notice – S.364

Special notices are required for a resolution at an annual general meeting of a company to
transact the following business relating to the auditor:
 appointing as auditor a person other than a retiring auditor;
 filling a casual vacancy in the office of auditor;
 re-appointing as auditor a retiring auditor who was appointed by the directors to fill a
casual vacancy; or
 Removing an auditor before the expiration of his term of office.

.9 Resignation of the Auditor – S.365

An auditor of a company may resign his office by depositing a notice in writing to that effect at
the company‟s registered office. Such notice of resignation by the auditor shall not be effective
unless it contains either –
 a statement to the effect that there are no circumstances connected with his resignation
which he considers should be brought to the notice of thee members or creditors of the
company; or
 a statement of any such circumstances as mentioned above.

Where a notice of resignation is deposited at the company‟s registered office, the company shall
within 14 days, send a copy of the notice to CAC.

.10 Power of Auditors in respect of Subsidiary companies - S367

If the subsidiary is incorporated in Nigeria, it is the duty of the subsidiary and its auditors to give
the auditor of the holding company, such information and explanations as those auditor may
reasonably require.

.11 Liability of Auditors for negligence - S368

 A company‟s auditor shall in the performance of his duties, exercise all such care,
diligence and skill as is reasonably necessary;

14
  Where the company suffers loss or damage due to the failure of the auditor to discharge
his duties, in such manner, the auditor shall be liable for negligence and the director may
institute an action for negligence against him in the court.
 If the directors fail to institute an action against the auditor under subsection (2) of this
section, any member may do so after the expiration of 30 days‟ notice to the company of
his intention to institute such an action.

.12 False statements to the auditors - S369

Any officer or director of the company who gives misleading, false or deceptive information on
which the auditors acted upon, shall be liable to one year imprisonment or fine of N500 or both.

Unit 2: Professional Ethics and Client Acceptance

2.1 Professional Ethics

Ethics refers to a system or code of conduct based on moral duties, values and obligations that
indicates how we should behave within a constituted body or society. In the context of Nigeria,
auditors must comply with the rules of professional conduct for members issued by their
professional bodies and accounting standards issued by the Nigerian Accounting Standards
Board now Financial Reporting Council of Nigeria (FRCN)

The auditor should comply with the Code of Ethics for Members issued by the International
Federation of Accountants.
Ethical principles governing the auditor‟s professional responsibilities are:
a) Independence;
b) Integrity;
c) Objectivity;
d) Professional competence and due care;
e) Confidentiality; f) Professional behavior; and
g) Technical standards

The auditor should conduct an audit in accordance with International Standard of Audit (ISAs).
These contain basic principles and essential procedures together with related guidance in the
form of explanatory and other materials

Fundamental Principles.

Both the IFAC and ICAN codes give the following fundamental ethical principles namely: they
are:

 Integrity

 Objectivity

 Confidentiality

15
  Professional competence and due care

 Professional Behavior

(a) Integrity: This is the principle that imposes an obligation on all professional accountants to
be straightforward and honest in all professional and business relationships. Integrity also
implies fair dealing and truthfulness.
A professional accountant should not be associated with reports and returns, that is false or
misleading statement,

(b) Objectivity –A professional Accountant should not allow bias, conflict of interest or undue
influence of others to override professional or business judgments. A professional accountant
may be exposed to situations that may impair objectivity. A professional accountant shall not
perform a professional service if a circumstance or relationship biases or unduly influences the
accountant‟s professional judgment with respect to that service.

(c) Professional Competence and Due Care – This is the principle impose to a professional
accountant to be knowledgeable, professionally competent and acquire reasonable skills at a
level require to ensure that a client or employer receives competent professional services based
on current developments in practice, legislation and techniques and act diligently and in
accordance with applicable technical and professional standards. Members shall act diligently
and in accordance with applicable technical and professional standards.
Professional competence may be divided into two separate phases:
(a) Attainment of professional competence; this is true writing of exams to qualify, induction
and readiness to practice. and
(b) Maintenance of professional competence.
The maintenance of professional competence requires a continuing awareness and an
understanding of relevant technical, professional and business developments. Continuing
professional development enables a professional accountant to develop and maintain the
capabilities to perform competently within the professional environment.
Diligence encompasses the responsibility to act in accordance with the requirements of an
assignment, carefully, thoroughly and on a timely basis.

(d) Confidentiality – The Accountant has the obligation to respect the confidentiality of
information acquired as a result of professional and business relationships. He should therefore,
not disclose any such information to third parties without proper and specific authority, unless
there is a legal or professional right or duty to disclose. He must not use such information for his
personal advantage or that of third parties.
A professional accountant shall maintain confidentiality of information within his firm or
employing organization including information disclosed by a prospective client or employer.
Although, there are exception to this rule.

16
There are circumstances where professional accountants may be allowed to disclose Confidential
Information of his client.
 Where it is permitted by law
a. To provide evidence in a course of legal proceedings
b. To provide enough disclosure to the public authorities
 Where the client or the employer permits such
 Where it is for the good of the public

(e) Professional Behavior - The principle of professional behavior imposes an obligation on all
professional accountants to comply with relevant laws and regulations and avoid any action that
may discredit the profession. This includes actions that will negatively impact on the client, and
also give a wrong view on how the pub;ic see the profession. a reasonable and informed third
party, weighing all the specific facts and circumstances available to the professional accountant
at that time, would likely to conclude that it would adversely affect the good reputation of the
profession.
In marketing and promoting themselves and their work, professional accountants shall not bring
the profession into disrepute. Professional accountants shall be honest and truthful and not:
(a) Make exaggerated claims for the services they are able to offer, the qualifications they
possess, or experience they have gained; or
(b) Make disparaging references or unsubstantiated comparisons to the work of others.

2.1.2 The concept of Independence and Objectivity

Independence of the auditor adds credibility to the audit report on which users of the financial
information depend to make economic decisions about a company. Thus, auditor independence is
one of the basic requirements to keep public confidence in the reliability of the audit report. The
benefits of safeguarding the independence of the auditor therefore extend so far as to the overall
efficiency of the capital market.
Independence is described by the IFAC Code as:
 Having a position to take an unbiased view point in the performance of audit tests,
analysis of results and attestation in the audit report;
 Independent in fact: accountant‟s ability to maintain an unbiased attitude throughout the
audit, so being objective and impartial;
 Independent in appearance: the result of others‟ interpretations of this independence.
In this regard, the IFAC ethics guideline states that independence requires:
i. Independence of mind: that the auditor proposed in his mind to do that which is rich
regardless of the influence within and without. The state of mind that permits the
provision of an opinion without being affected by influences that compromise
professional judgment, allowing an individual to act with integrity, and exercise
objectivity and profession skepticism.
ii. Independence in appearance: The avoidance of facts and circumstances that are so
significant that a reasonable and informed third party, having knowledge of all relevant
information, including safeguards applied, would reasonably conclude a firm‟s or a

17
 member of the assurance team‟s integrity, objectivity and professional skepticism had
been compromised.

2.1.3 Potential Threats to Independence and Objectivity and Safeguards

Threats to independence and objectivity may arise in the form of self-interest, self-review,
advocacy, familiarity and intimidation threats. Appropriate safeguards need to be put in place to
eliminate or reduce such threats.

(a) Self-interest threat

This is the threat that “a financial or other interest of the professional accountant or of immediate
or close family member will inappropriately influence the professional accountant‟s judgment,
conduct or behaviour. Thus, self-interest threat may arise from:

i. Financial Interest: May exist where an audit firm, for example, owns shares in the client
company or is a trustee of a trust that holds shares in the client. In this regard the following are
not allowed to own direct financial interest or an indirect material financial interest in a client –
 The audit firm;
 A member of the audit team;
 An immediate family member of an engagement team member.

Relevant safeguards:
 Disposing of the interest
 Removing the individual from the team if required
 Keeping the client‟s audit committee informed; and
 Using an independent partner to review work carried out, if necessary.
ii. Close business relationships: These arise from commercial relationships or common financial
interests between the audit client (or its management) and the audit firm, audit team member or a
member of the team member‟s family. Examples include joint venture arrangements, distributing
or marketing arrangements etc.
The materiality and significance of such interests will need to be evaluated by the partners. If
found significant, the audit provider should not participate in such venture with an audit client.
Appropriate safeguards are to terminate the business relation or disengage from the audit
assignment. If an engagement team member is involved, he should be removed from the team.

iii. Employment with an audit client: The severity of the threat will depend on the cadre of the
audit staff that transferred to the audit client. An audit staff employed by the client might want to
impress the employer (self-interest threat); a former audit partner turned Finance Director has too
much knowledge of the audit firm‟s systems and procedures. In general, there may be familiarity
and intimidation threats when a member of the audit team joins an audit client.
iv. Gifts and hospitality: Unless the value of the gift is inconsequential, it should not be accepted.
For example, a two- month paid holiday abroad or a car gift is likely to constitute a threat to
independence.
v. Loans and Guarantees: Where the loans from a bank or other lending institution, either to the
firm or individual team members are material, they constitute a threat, unless they are on normal
18
commercial terms. Otherwise, an independent review of the work done for such client, by a
partner other than the engagement partner will be needed for a safeguard.
Note: An audit firm or engagement team member should not enter into a loan or guarantee
arrangement with a client that is not a bank or similar institution. There would be no appropriate
safeguard for the self-interest threat created.

vi. Overdue Fees: If audit fees due from a client remain unpaid for a long time, especially if not
paid before the issue of the audit report for the following year, a self-interest threat arises. If the
fee becomes long overdue, the auditor runs the risk of, in effect, making a loan to the client
against ethical guidance.
vii. Contingent fees: Contingent fees are fees calculated on a predetermined basis relating to the
outcome or result of a transaction or the result of the work performed. Firms are not allowed to
enter into such arrangements as they constitute a self-interest threat.
Unless suitable safeguards are in place, it is also inappropriate to accept a contingent fee for non-
assurance work. Suitable safeguards will include:
 Using professionals who are not part of the audit team for the non-assurance work;
 Having the relevant audit work reviewed by an independent professional accountant.

viii. High percentage of fees: When a firm receives a high proportion of its fee income from one
client, there arises a self –interest threat and/or intimidation threat, as the firm will be concerned
about losing the client. The severity of threat depends on whether the firm is established or new;
the operating structure of the firm and the significance of the client to the firm.
Possible safeguards include:
 Reducing the dependency on the client;
 External quality control reviews; or
 Consulting a third party, such as a professional regulatory body or a professional
accountant, on key audit adjustments.

viii. Lowballing: This is a practice of charging less than the market rate for an audit when
tendering for new clients. When a firm quotes a significantly lower fee level for an audit service
than would have been charged by the predecessor firm, there is a significant self-interest threat.
Suitable safeguards, if the tender is successful include:
 Complying with all applicable auditing standards, guidelines and quality control
procedures
 Maintaining records that can help demonstrate that appropriate staff and time are
allocated to the engagement.

(b) Self-review threat

There is a self-review threat when a professional accountant reviews his or her own work or
advice as part of an assurance engagement. He/she will not appropriately evaluate the results of
a previous judgment made or service performed by him/her on which the accountant will rely
when forming a judgment as part of providing a current service.

19
Examples of circumstances which create self-review threat for a professional accountant in
public practice include:

i). Recent service with an audit client: Individuals who have served as director or officer of the
audit client or an employee in a position to exert significant influence over the preparation of the
accounting records or financial statements in the period covered by the audit report should not be
assigned to the audit team.
Where the individual had been so closely involved, the audit firm should consider the threat to
independence arising and apply appropriate safeguards such as:
 Obtaining quality control review of the individual‟s work on the assignment.
 Discussing the issue with the audit committee.

ii) Preparing accounting records and financial statements: Preparing accounting records and
financial statements and then auditing them pose a significant self-review threat. However, in
practice auditors routinely assist management in preparing financial statements and give advice
about accounting treatments.
Appropriate safeguards to reduce the risk arising to an acceptable level include:
 Using staff members other than the engagement team members to do the accounting work
 Obtaining client approval for work done.
Where the audit client is a public interest entity, the rules are more stringent. A firm must not
provide accounting, book keeping and payroll services or prepare financial statements on which
the firm will express an opinion, for a client.

iii) Valuation Services: A valuation comprises the making of assumptions with regard to future
developments, the application of certain methodologies and techniques and the combination of
both in order to compute a certain value or range of values for an asset, a liability or for a
business as a whole.
A firm is not permitted to carry out valuations on matters that would have material effect,
separately or in aggregate, on the financial statements on which the firm will express an opinion.
For non-public interest entities, a firm should not carry out valuation on matters which will be
material on the financial statements, which will involve a significant degree of subjectivity.
If the valuation is for immaterial matter, appropriate safe guards should be applied to reduce the
risk to an acceptable level. Safeguards include:
 Second partner review
 Confirming that the client understands the valuation and the assumptions used
 Ensuring that the client accepts responsibility for the valuation
 Using separate personnel for the audit and the valuation.

iv) Taxation services: This falls into 4 categories –

i. Tax return preparation: Does not generally threaten independence, as well as
management takes responsibility for the returns.

20
 ii. Tax calculations for the purpose of preparing accounting entries: May not be permitted
for public interest entities, except in emergency situations. For non-public interest
entities, it is acceptable to do so provided safeguards are in place
iii. Tax planning may be acceptable in certain circumstances e.g. where the advice is
supported by tax authority and other precedent.
iv. Assistance in resolution of tax disputes: May be provided in certain circumstances
provided the service which is the subject of dispute was not provided by the auditor.

v) Internal audit services: A firm may provide certain internal audit services to an audit client
provided the audit firm‟s personnel do not assume management responsibilities. To avoid
inadvertently assuming management responsibility, the firm should ensure that senior
management of the client accepts responsibility for designing, implementing and maintaining
internal control and continue to approve the scope, risk and frequency of internal audit services.

vi) IT System Services: Significant threat will arise if an audit firm provides services to an audit
client involving the design or implementation of IT systems that:
 Form a significant part of the internal control over financial reporting or
 generate information that is significant to the client‟s accounting records or financial
statements.
The implementation of „off-the-shelf‟ accounting or financial reporting software and making
recommendations in relation to a system not designed, implemented or operated by the audit firm
is permitted.

c) Advocacy threat
This threat arises in those situations where the professional accountant will promote the position
of a client or employer to the stage that the professional accountant‟s objectivity is compromised.
Examples of circumstances which create advocacy threats for a professional accountant who is in
public practice include:
(i) When the firm is promoting shares in an audit client (selling, underwriting or otherwise
dealing in financial securities or shares of the client); and
(ii) When a professional accountant is acting as an advocate on behalf of an audit client in
litigation or resolving disputes with third parties when the amounts involved are material to the
financial statements on which the firm will express opinion.
Safeguards will include:
 using different departments to carry out the work
 making disclosures to the audit committee.

d) Familiarity threat: This is the threat that due to a long or close relationship with a client or
employer, a professional accountant will be too sympathetic to their interests or too accepting of
their work.
Examples of circumstances which may create familiarity threats include:
i). a member of the assurance team having a close or immediate family member who is a director
or officer of the assurance client;

21
ii). a member of the assurance team having a close or immediate family member who is an
employee of the client and in a position to significantly influence the subject matter of the
assurance engagement;
iii). A former partner of the firm being a director, officer of the assurance client or an employee
in a position of significant influence;
iv). Acceptance of gifts or hospitality, unless the value is clearly insignificant, from the client, its
directors or employees; and
v). long association of a senior member of the assurance team with the assurance client.
Possible safeguards include:
 Rotating the senior personnel off the audit team
 Review of the work by an independent person (not a member of the engagement team)
 Regular independent internal or external quality reviews of the engagement.

e) Intimidation threat
This is the threat that a professional accountant will be prevented from performing his work
objectively in view of actual or perceived pressure which includes attempts to exert undue
influence over him.

Examples of circumstances which may create intimidation threats for a professional accountant
who is in public service include:
(i) A firm being threatened with dismissal from a client engagement;
(ii) A firm being threatened with litigation by the client;
(iii) A firm being pressurized to reduce inappropriately the extent of work performed so as to
reduce fees;
(iv) An audit client indicating that it will not award a planned non-assurance contract to the firm
if the firm continues to disagree with the client‟s accounting treatment for a particular
transaction;
and
(v) A professional accountant being informed by a partner of the firm that a planned promotion
will not take place except the accountant agrees with an audit client‟s inappropriate accounting
treatment.

Where the threat is serious, it may be advisable to resign from the engagement.

2.3 Audit Engagement

An audit engagement is a contract for the supply of professional service between the company
(or any other party) and the auditor. Here, the terms of the contract are spelt out, understood and
agreed to by all the parties involved. The agreed terms are usually documented and
communicated in an audit engagement letter. Engagement Letter is document that contain the
term and scope of an audit assignment.

22
2.3.1 Accepting Audit Appointments
Before accepting a new audit client, the auditor should ensure that there is no problems that
could militate against the engagement. New auditors should ensure that they have been appointed
in a proper and legal manner.
The nominee auditor should carry out the following pre-acceptance procedures:
i. The auditors should ensure they are professionally qualified to act as auditors and that there are
no legal or ethical grounds that could disqualify them.
ii. The auditors should ensure that there are enough g resources in terms of available time, staff
and technical expertise
iii. The auditors should obtain references concerning the prospective client. Independent
enquiries should be made about the credibility of the directors if not personally known to the
auditors.
iv. Communicate with existing auditors to enquire if there are professional and ethical reasons
that could prevent them from accepting the client.

2.3.2 Procedures after accepting nomination

After client screening (check on the risk level of the client and integrity of management), the
audit firm should carry out the following procedures:
i. Ensure that the outgoing auditor‟s removal or resignation has been properly conducted in
accordance with legislation (law of the land). Sight the resignation letter or confirm
proper removal of the outgoing auditor.
ii. Ensure that your (the new auditor) appointment is valid. Obtain a copy of the resolution
passed at the AGM appointing you as auditor.
iii. Write and submit a letter of engagement to the directors of the company.
iv. Obtain from the old auditors, all books and papers which belong to the client, unless the
old auditors have a lien over the documents for unpaid fees.

Note: Clients Risk Level (Low and High risk client

Low Risk High Risk
Good long term prospects Poor recent or forecast performance
Well financed Likely lack of finance
Strong internal controls Significant control deficiencies
Conservative, prudent accounting policies Evidence of questionable integrity, doubtful
accounting policies
Competent, honest management Lack of finance director
Few unusual transactions Significant related party or unexplained
transactions

2.3.3 Agreeing the terms of the engagement

23
ISA 210 Agreeing the terms of audit engagements requires that the auditor accepts a new
engagement or continues an existing audit engagement if it is established that the preconditions
for an audit are present.
The preconditions for an audit are:
 The use by management of an acceptable financial reporting framework in the
preparation of the financial statements; and
 The agreement of management and those charged with governance to the premise on
which an audit is conducted.
To determine whether the preconditions for an audit are present, the auditor does the following:
 Determine whether the financial reporting framework is acceptable. Consider the nature
of the entity, the purpose of the financial statements and whether regulation prescribes the
applicable financial reporting framework.
 Obtain management‟s agreement that it acknowledges and understands its responsibilities
for:
 Preparing the financial statements (FSs) in accordance with applicable reporting
framework
 Internal control that is necessary to enable the preparation of FSs which are free
form material misstatements.
 Providing the auditor unrestricted access to all information and staff for the
purpose of obtaining audit evidence.

Where these preconditions are not present, the auditor shall not accept the audit engagement.

2.3.4 Audit Engagement Letter

An audit engagement letter is a contract document which defines the terms and scope of the
audit engagement. It is usually written by the auditor and sent to the client for confirmation and
accent. The reasons/rationale for this letter include to:
 describe clearly the respective responsibilities of management and the auditor;
 to avoid misunderstanding that may arise between the auditor and the client regarding the
terms of the engagement;
 use to explain and educate the client on the scope of the audit;
 use to confirm in writing the auditor‟s acceptance of the engagement;
 reduce the client‟s expectation gap; and
 spell out the basis for charging audit fees.

2.3.5 Form and contents of an Engagement Letter

The form and contents of an engagement letter may vary for each client but would usually
include reference to:
 the objective of the audit of financial statements;
 management‟s responsibility for the financial statements;
 the financial reporting framework adopted by management in preparing and presenting
the financial statements;

24
  the scope of the audit, including reference to applicable legislations, regulations or
pronouncements of professional bodies to which the auditor adheres;
 the form of the reports or other communication of the results of the engagement;
 the fact that, due to the test nature and other inherent limitations of an audit, including
the inherent limitations of any accounting and internal control system, there is an
unavoidable risk that even some material misstatements may remain undiscovered;
 the auditor‟s right of unrestricted access to whatever records, documents and other
information requested by the auditor in connection with the audit.

The auditor may also want to include:

 arrangements regarding the planning of the audit;
 expectation of receiving from management written confirmation concerning
representations made in connection with the audit;
 request for the client to confirm the terms of the engagement by acknowledging the
receipt of the engagement letter, that is, by signing and returning to the auditor a copy of
the engagement letter.
 Involvement of other auditors and experts
 Involvement of internal auditors and other staff
 Any restrictions of auditor‟s liability
 Arrangements to be made with predecessor auditor.
 Description of any other letters or reports the auditor expects to issue to the client; and
basis on which fees are computed and any billing arrangements.

2.4 Benefits of an Engagement Letter

1. Risks of misunderstanding between the auditor and the client are avoided to a large
extent.
2. The client is better informed and educated on the nature and scope of the audit.
3. The information contained in the engagement letter assists in planning the audit.
4. It serves as a means of avoiding legal liability for claims of negligence by the client or
third parties.

2.5. THE AUDIT PROCESS AND AUDIT PLANNING AND STRATEGY

2.5.1 AUDIT PLANNING AND STRATEGY – (ISA 300 & NSA 8

Planning the audit is a key factor as well as the audit report. Auditors must ensure, that audit
engagement is planned before implementation. ISA 300/NSA 8 directs that the auditor should
plan the audit so that the engagement will be performed in an effective manner. Planning the
audit involves establishing the overall audit strategy for the engagement and developing an audit
plan, in order to reduce audit risk to an acceptably low level. Planning an audit, thus, demands
developing both a general strategy and a detailed approach for the expected nature, timing and
extent of the audit.

25
Audit planning is the formulation of the general strategy for audit in order to achive the
expected result by developing a reliable. Relvant and suffoicint audit evidence.

2.5.2 PLANNING OBJECTIVES AND PROCEDURE.

The objective of planning an audit is to determine the amount and type of evidence and review
required to assure the auditor that there are no material misstatements of the financial statements.
The planning procedures include:
a. Perform audit procedures to understand the entity and its environment, including its
internal control system.
b. Assess the risk of material misstatement of the accounts.
c. Determine materiality. Materiality for planning purposes is the auditor‟s preliminary
estimate of the smallest amount of misstatement that would influence the judgment of a
reasonable person relying on the financial statements.
d. Prepare the Planning memorandum, the audit plan and audit program containing the
auditor‟s response to identified risks.
2.5.3 BENEFITS OF AUDIT PLANNING
Adequate planning helps to ensure that:
1. The audit objective is established and achieved.
2. Attention is devoted to important areas of the audit, that is, to critical and high risk areas.
3. Potential problems are identified and resolved on timely basis.
4. The resources needed for the engagement, including the use of experts, are identified and
procured.
5. It provide a basis for directing and controlling the audit work
6. Works are properly/appropriately assigned to engagement team members.
7. The audit engagement is properly organized and managed for effectiveness and
efficiency.
8. The direction and supervision of the audit, including the review of the works of team
members, are facilitated.
9. The co-ordination of the works of joint auditors ( in the case of a group audit) and experts
are facilitated.
10. The audit engagement is completed economically and within time schedule.

2.5.4 THE PLANNING PROCESS (POINTS FOR CONSIDERATION IN AUDIT

PLANNING).
Inser page 64 here
The auditor is to ………..
It is important that the planning is documented in a document called the Audit Planning
Memorandum.
The planning process will involve:
1. Review of previous years‟ working papers for key issues and problem areas.
2. Considering the impact of any changes in legislation, auditing or accounting standards,
especially in relation to their effects on the operations and/or reporting requirements of
the enterprise.
26
 3. Considering the background of the client and any changes in the industry or issues that
may affect the audit work.
4. Considering changes in the business, its management or ownership. A change in the
CEO, CFO, a new management structure, establishment of a new business line, new
branch etc will result in significant changes in the circumstances of the company that will
affect the audit plan.
5. If there are changes in systems, accounting procedures and policies, review their effect on
the audit.
6. Carry out analytical review of management accounts and note key performance indicators
(KPIs).
7. Decide on the audit approach (substantive, systems-based or risk-based).
8. Agree on timing of the audit work – interim, final including established deadlines for the
submission of audit report.
9. Agree on time for availability of draft accounts, supporting schedules, analyses and
summaries by client.
10. Evaluate internal controls and decide on level of reliance to be placed on them.
11. Consider the use of experts, if necessary, and incorporate in plan.
12. Plan rotational visits and testing, where many branches exist.
13. Work out time budget.
14. Plan and arrange staffing requirement and decide on likely fee chargeable.
15. Organize liaison with the audit committee (if any) and joint auditors, in case of group
audits.

2.5.5 Audit Plan

An audit plan is a document containing a list of the audit procedures, strategies, process, step to
be performed by the audit team in order to gather relevant, reliable and sufficient audit evidence
on which to base the audit opinion. Auditing standards require a written audit plan as it assists in
the determination of needed resources and their deployment.

An audit plan is an overview of the engagement that outlines the nature and characteristics of the
client and its environment and the overall audit strategy. It highlights the preparations made for
one specific audit engagement.
A typical audit plan includes details on –
1. Objectives of the audit (e.g reporting to shareholders, special- purpose audit or reporting
to any other party).
2. Nature and extent of other services to be performed for the client e.g taxation services.
3. Timing and scheduling of the audit work – what to do before balance sheet date, on the
balance sheet date or after, including dates for cash count, observing of inventory, third
party confirmations/circularization.
4. Description of the client company and its environment.
5. Work to be done by the client staff eg production/presentation of T/balance, schedules,
reconciliations etc
27
 6. Staffing requirements during the engagement.
7. Discussions among team members about significant risks.
8. Target dates for completing major segments of the engagement eg consideration of
internal control, audit report, filing of tax returns etc
9. Significant risks of material misstatement due to fraud or error and auditor‟s response to
those risks.
10. Preliminary judgments about materiality levels for the engagement.

Note: The benefits of an audit plan are the same as in audit planning.

2.5.6 Audit Planning Memorandum

Audit Planning Memorandum (APM) refers to the audit plan documentation prepared by the
Auditors, containing all of the information obtained and the decision reached in the process of
Audit Planning Programme. It is a standing arrangement made by the auditor for the continuing
engagement of a particular client. The objectives of Audit Planning Memorandum are to provide
formal record of the planning process and the programme, communicated to the Audit team to
facilitate the audit process.

CONTENTS OF AUDIT PLANNING MEMORANDUM

The contents of audit planning memorandum can be outlined under five (5) broad categories.
(i) Background Information of the client, which covers the following:
 A brief historical background of the entity
 The nature and trend of the enterprise‟s business.
 The organizational and management structure of the enterprise.
 Significant accounting policies followed by the entity in the preparation of its financial
statements.
 The terms of reference of the audit assignment.
 The Accounting and Internal control procedures of the entity.

(ii) Audit Strategy Memorandum, which contain the following:

 The audit objectives.
 The overall audit approach
 Audit Risk analysis for the various sections of the financial statements and the
approaches to be adopted in respect of each section.
 Areas requiring special audit attention and the procedures to be applied.

(iii) Jobs or Assignment Administration Memorandum, which includes:

 The Partner in charge of the Audit Assignment, the manager, the seniors and other staff
in charge of the Audit.
 Dates of the audit visits including any interim visits, and final audit visit.
 Dates and details of such events as cash count, stock takes, reviews of work done etc

28
(iv) Audit Programme
This section of the Audit Planning Memorandum usually contains programme for the various
sections of the audit work specified. It details what kind of test to be carried e.g. compliance and
Substantive Audit Procedures.

(v) Summary Review Memorandum

This section relates to standard formats of job requirements or scope of work carried out, and
standard information to be supplied as evidence of work done, to guide the review of audit
performance. It includes communication with auditors of groups (primary and secondary
auditors) concerning matters of audit interest; including summary of audit differences.

Benefits of Audit Planning Memorandum

(i) Assists in the review of audit work.
(ii) Shows logical approach adopted in the plan of work
(iii) Serves as a guide for future audit planning.
(iv) Provides evidence of proper audit planning in case of litigation.
(v) It is useful for training audit staff.
(vi) It provides evidence of work performed in case of disagreement on scope.
(vii) It forms the basis for comparison of Audit plan and actual performance.

2.5.7 Audit Programme

This is a detailed schedule of the audit work to be performed and the procedures to be followed
in the verification of each item in the financial statements, including the estimated time period
for each task. It gives the specific audit tests and procedures to be followed by the members of
the audit team to enable them achieve the audit objectives.

Advantages of an Audit Programme

1. It serves as a basic instrument for training the audit staff;
2. It helps in orderly execution of audit work as it provides a clear set on instructions on the
work to be carried out.
3. It can be used as a firm base for planning the audit in the subsequent year
4. It serves as a reference for reviewing future audit planning efforts.
5. It provides a clear record of work done and by whom.
6. No important work will be overlooked or any work duplicated.
7. Evidence of work done is available for use in defending any actions for negligence etc.

Disadvantages of an Audit Programme

1. Work may become mechanical;
2. initiative may be stifled.
3. Programmes are rigidly adhered to, though client systems may have changed.
4. A fixed audit programme and limited time tend to inhibit further probing when the
auditor‟s suspicion is aroused.

29
TYPES OF AUDIT PROGRAM
1. Compliance audit program
2. Substantive audit program

2.6 DECIDING ON AUDIT STRATEGY

The audit strategy is the sets of scope, timing and direction of the audit which guides the
development of detailed audit plan. Establishing the audit strategy involves –
a. Determining the characteristics of the engagement that define its scope, such as the
reporting framework used, industry-specific reporting requirements (eg banks, insurance
companies etc) and the location of the components/branches of the entity.
b. Ascertaining the reporting objectives of the engagement to plan the timing of the audit
and the nature of communication required (eg deadlines for interim and final reporting,
key dates for expected communication with management and those charged with
Governance.
c. Considering the important factors that will determine the focus of the engagement team‟s
efforts e.g. preliminary determination of high risk areas, determination of appropriate
materiality levels, and assessment of the strength of internal control, identification of
recent entity-specific, industry financial reporting or other relevant developments.

2.6.1 FACTORS TO CONSIDER IN DETERMINING AUDIT STRATEGY

1. Auditor‟s responsibility under the terms of the engagement: In addition to regulatory or
statutory requirements (e.g Coys Act provisions regarding audit), the auditor should consider
whether additional responsibilities arise from request by the client‟s management such as
accountancy or taxation work or because the client is required to conform to special regulatory
requirements.
2. The nature of the client‟s business and organization: It is essential to have a good
knowledge of the client‟s business as well as the industry in which it operates, including its
products and services, important customers, significant contracts and suppliers, the accounting
system, the control environment (directors and mgt.‟s attitude to internal control) etc.
Knowledge about the business and organization could be got from –
 Company‟s interim and management accounts, including annual reports and procedures
manual.
30
  Previous years‟ audit files
 Published materials about the client coy and the industry
 Policy statements and minutes of board and committee meetings.
 Legal documents – MEMART, lease and loan agreements, feasibility reports etc
 Tour of the principal places of business.
 Previous auditors
 Previous years‟ financial statements
 Specific rules and regulations pertaining to the industry
 The regulations of the Client Company
 Yellow pages vi. Corporate Affairs Commission
 Trade Journals
 The internet
 Private Investigators
3. The nature and significance of items in the accounts: A very important factor in the
determination of audit strategy is a review of the recent accounts and other financial information
to assess the significance of items appearing in the balance sheet. Obtain information on the
nature and approximate volume of transactions resulting in significant account balances. Subject
insignificant account balances to limited audit procedures.
4. Key features of the entity‟s accounting system and the effectiveness of the control
system: To evaluate the potential for reliance on internal control in respect of significant items in
the accounts, it is essential to gain a preliminary understanding of the key features of the entity‟s
accounting system that gave rise to the items together with the related internal controls. Note
methods of and control over processing and recording of significant transactions/items.
Document your preliminary understanding and evaluation of the potential for reliance on internal
control. Any apparent weakness in internal control should be brought to the attention of the
client.
Summary of steps for preparing Audit strategy
i. Identify/State the client to be audited and the relevant reporting period/year end.
ii. Identify the key characteristics of the client, that is, the nature of the client business and
the industry in which it operates.
iii. State the type of audit to be conducted and the financial reporting framework.

31
 iv. Give key dates/timing (i.e. timetable) for various stages/aspects of the audit – interim,
final, staff briefing meeting, meeting with audit committee, approval of financial
statements by management, issue of final report.
v. Have Overview of the audit approach
vi. Select Materiality determination/setting materiality levels for various transaction cycles
vii. Conduct Risk assessment and identification of high risks areas
viii. Identify Specific audit approach and extent of compliance/substantive testing required.
ix. Review of events after the reporting period – areas of focus.

2.6.2 AUDIT STRATEGIES

There are basically three approaches namely:
1. Vouching/Substantive Approach: This approach is often adopted for the audit of small
organizations where the internal control system is weak, there is limited number of staff and
therefore there is great need to test a large number of transactions. This audit approach involves
complete examination of the transactions of the business together with the documentary evidence
of sufficient validity to satisfy the auditor that the transactions are in order, properly authorized
and accurately recorded. The auditor traces the transactions to their sources in order to ascertain
their full origins and meanings.
Generally, vouching audit is useful in:
(i) Very small organizations with few transactions.
(ii) Organisations where the systems of internal control is weak or nonexistent
(iii) Specialised audits which require investigations such as those of trust, estate, church,
mosque, charity etc.
(iv) Checking of non-recurring, material, unusual and extraordinary items.
(v) When the auditor is put on enquiry
2. Systems-based Approach: This approach relies on the controls contained in the client‟s
financial system to validate accounting records. It is a system to determine what reliance can be
placed on the established controls to ensure that resources are being managed effectively and
financial information provided accurately especially for reporting purposes. Additionally, a
system based audit is an audit of the internal controls in a system. The auditor tests the controls
by means of testing a sample of transactions taken to be representative of the types of
transactions checked by the particular control or set of controls the auditor is testing.
Two procedures may be adopted in a system audit:

32
  Compliance tests which seek evidence that a good and reliable system of control as
established in the organization is being maintained.
 Substantive tests are designed to ensure that the system of controls that have been
established continue to operate at all times confirming the validity, completeness and
accuracy of recorded transactions. The essence is to determine whether especially,
because of the volume of transactions, the sample of the population selected for testing is
representative of the whole population for the purpose of expression of opinion thereof.
Moreover, any balance sheet items or unusual transactions which have not gone through
normal accounting system are subjected to detailed testing (substantive testing).
Generally, Systems Audit is useful in the following areas:
(i) Tests seeking evidence that the internal controls are being applied as prescribed. These
are called compliance tests.
(ii) Once the compliance tests have been completed, further tests may be required to
substantiate the entries in the figures in accounts and the evaluation of financial
information by a study of plausible relationship among both financial and non-
financial data.
(iii)When an auditor investigates a system by identifying the control objectives of the system
and evaluating the system‟s internal control on paper, the auditor should determine
whether the internal controls that currently exist appear to be adequate.
3. Risk-based Auditing/approach: This approach is adopted for very large organizations
or organizations with excellent internal control system. It is an efficient way of auditing large
organizations where errors or misstatements have to be fairly large to have any impact on the
financial statements. The logic is that errors or misstatements will not arise from wrong
recording of transactions but will have their source in identified areas of risk – either operational
risks arising from the nature of the business or from the complexity of the accounting system.
Thus, the auditor in this strategy carries out a limited amount of testing of transactions and
balances and concentrates efforts on analyzing the business risks faced by the organization. The
auditor determines, by applying judgment, what levels of risks pertain to different areas of the
client systems and designs appropriate audit tests. Emphasis of the audit work is directed at
areas in which the financial statements are mostly likely to be misstated materially. In effect,
audit costs are likely reduced. The risk that the auditor will give inappropriate opinion is also
reduced.

33
Practice Exercise
Hurricane Limited
You are the audit manager in charge of the audit of Hurricane Limited. The company‟s year-end
is 31 December, and Hurricane Limited has been a client for seven years. The company
purchases and resells fittings for ships including anchors, compasses, rudders, sails etc. Clients
vary in size from small businesses making yachts to large companies maintaining large luxury
cruise ships. No manufacturing takes place in Hurricane Limited. Information on the company‟s
financial performance is available as follows:
2014 2013
Forecast Actual
₦‟000 ₦‟000
Revenue 45,928 40,825
Cost of sales (37,998) (31,874)
Gross profit 7,930 8,951
Administration costs (4,994) (4,758)
Distribution costs (2,500) (2,500)
Net profit 436 1,693

2014 2013
Forecast Actual
₦‟000 ₦‟000
Non-current assets (at net book value) 3,600 4,500
Current assets
Inventory 200 1,278
Receivables 6,000 4,052
Cash and bank 500 1,590
Total assets 10,300 11,420
Capital and reserves
Share capital 1,000 1,000
Accumulated profits 5,300 5,764
Total shareholders‟ funds 6,300 6,764
Non-current liabilities 1,000 2,058
Current liabilities 3,000 2,598

34
 10,300 11,420
Other information
(i) The industry in which Hurricane Limited operates has seen moderate growth of 7% over the
last year.
(ii) Non-current assets mainly relate to company premises for storing inventory. Ten delivery
vehicles are owned with a net book value of ₦300,000.
(iii) One of the directors purchased a yacht during the year.
(iv) Inventory is stored in ten different locations across the country, with your firm again having
offices close to seven of those locations.
(v) A computerised inventory control system was introduced in August 2014.
(vi) Inventory balances are now obtainable directly from the computer system. The client does
not intend to count inventory at the year-end but rely instead on the computerised inventory
control system.

Required:
a. ISA 300 Planning an Audit of Financial Statements, states that an auditor must plan the audit.
Explain why it is important to plan an audit. (5 Marks)
b. Using the information provided above, prepare the audit strategy for Hurricane Limited for the
year ending 31 December 2014. (15marks)
(Total 20 Marks)
AUDIT RISKS AND AUDIT RISK ASSESSMENT
3.0 The overall objectives of the auditor
ISA 200 Overall objectives of the independent auditor and the conduct of an audit in accordance
with International Standards on Auditing states that, in conducting an audit of financial
statements, the overall objectives are „to obtain reasonable assurance about whether the financial
statements as a whole are free from material misstatement, whether due to fraud or error, thereby
enabling the auditor to express an opinion on whether the financial statements are prepared, in all
material respects, in accordance with an applicable financial reporting framework; and to report
on the financial statements, and communicate as required by ISAs, in accordance with the
auditor‟s findings.‟
To obtain assurance that financial statements are free from material statements, the auditor will
need to identify possible areas of risk (sources of misstatements) through risk assessment. A risk
assessment helps the auditor to ensure that key areas more susceptible to material misstatement
are adequately investigated and tested during the audit.

3.1 Professional Scepticism and Professional Judgement

35
In order to achieve the overall audit objective, ISA 200 requires that the auditor needs to plan
and perform the audit with professional scepticism and apply professional judgement,
recognizing that circumstances may exist that cause the financial statements to be materially
misstated.

Professional skepticism is an attitude that includes a questioning mind, being alert to conditions
which may indicate possible misstatement due to error or fraud and a critical assessment of audit
evidence.
This requires the auditor to be alert to:
 Audit evidence that contradicts other audit evidence obtained;
 Information that brings to question the reliability of documents and responses to enquiries
to be used as audit evidence;
 Conditions that may indicate possible fraud; and
 Circumstances that suggest the need for additional audit procedures and tests.
Professional scepticism is needs to be maintained throughout the audit to reduce the risk of;
 Overlooking unusual transactions
 Over-generalising when drawing conclusions and
 Using inappropriate assumptions in determining the nature, timing and extent of audit
procedures and evaluating the results of them.

Professional Judgement is the application of relevant training, knowledge and experience in

making informed decisions about the courses of action that are appropriate in the circumstances
of the audit engagement.
Professional judgement is required in the following areas:
 Determining materiality and audit risks
 Determining the nature, timing and extent of audit procedures
 Evaluation of whether sufficient appropriate audit evidence has been obtained
 Evaluating management‟s judgements in applying the applicable financial reporting
framework and
 Drawing conclusions based on the audit evidence obtained.

3.2 Audit Risks and Management Assertions in Financial Statements (Audit Objectives).
Every financial statement presented by management embodies the following assertions:
1. Existence or occurrence –Assets, liabilities and owners‟ equity accounts reflected in the
financial statements exist/occurred.
2. Rights and obligations: The client has rights to the assets and obligation to pay the liabilities
that are included in the financial statements.
3. Valuation or Allocation: Assets, liabilities, owners‟ equity, revenues and expenses are
presented at amounts that are determined in accordance with GAAP, that is, balances and
transactions are stated at the appropriate values.

36
4. Completeness: All transactions, assets, liabilities and elements of owners‟ equity that should
be presented in the financial statements are included.
5. Accuracy: That all balances and transactions are recorded accurately.
6. Cut-off/timing: All transactions are recorded in the appropriate period.
7. Presentation and Disclosure: Accounts are described and classified in the financial
statements in accordance with GAAP, that is, in appropriate categories and all material
disclosures are provided.

Any financial statement certified true and fair by the auditor thus constitutes an audit risk in that
the assurance affirms that the above spurious assertions are correct.

Audit Risk is thus the risk that the auditor draws an invalid conclusion and expresses an
inappropriate opinion when the financial statements are materially misstated. Audit risk cannot
be completely eliminated; some level of risk will have to be accepted. Therefore, an auditor will
need to quantify its acceptable level of audit risk. Acceptable audit risk is therefore a measure of
how willing the auditor is to accept that the financial statements may be materially misstated
after the audit is completed (Arens &Loebbecke 2000).
Auditors usually follow a risk-based approach to auditing in which they analyse the risks
associated with the client‟s business, transactions and systems which could lead to misstatements
in the financial statements, and direct their testing to risky areas. Audit risk is therefore, usually
assessed at the organizational level i.e. looking at the financial statements/accounts as a whole
and at the transaction level, i.e. in each of the transaction captions such as stocks and WIP, cash,
sales, capital expenditure, purchases etc. Whether at the organizational level or at the transaction
level, the approach to audit risk assessment is the same.

3.2.1 Assessing the Risk of Material Irregularity/Misstatements.

Material misstatements may arise from irregularities including fraud. In assessing the risk of
material irregularity, the auditor may wish to consider the following areas:
a. The Business Environment:
i. Nature of the business, its products and services e.g. a company selling mainly on cash basis
runs greater risk of misappropriation of its income(cash).
ii. Circumstances that may exert undue influence on management such as holding of shares by
the management.

37
iii. The soundness and/or complexity of the accounting methods.
iv. Transactions with related parties.
v. Company performance – creative accounting/deliberate distortion of financial statements to
meet profit forecasts.
vi. Management integrity, including tax evasion.

b. Control Environment
i. Strength, quality and effectiveness of management.
ii. Competence of control personnel
iii. How good is the segregation of duties?
iv. Existence and effectiveness of the internal audit function.
v. Existence of unusual transactions.
vi. The recruitment and training processes/programs
vii Management‟s over all control – the extent of supervision
viii. Excessive authority vested in a senior staff.

The procedures adopted by the auditor for the purpose of detecting material errors and
misstatements/irregularities during an audit will depend on his judgment regarding:
a. the extent of directly relevant legislation.
b. The relative effectiveness of different audit tests.
c. The risk that a particular type of irregularity, error or breach of relevant legislation could
impair the true and fair view of the financial statements.
d. The risk that such irregularity can occur and remain undetected by the company.

3.2.2 ELEMENTS OF AUDIT RISK

Audit Risk = Risk of material Misstatement x Risk of Non-detection by the Auditor

Inherent Risk Control Risk Detection Risk

As shown above, a firm‟s audit risk is derived from an assessment of the following elements:
1. Inherent Risk (IR): This is the risk of a material misstatement occurring in an assertion
assuming no related internal controls. That is, the susceptibility of an assertion to a misstatement
that could be material individually or when aggregated with other misstatements, assuming there
were no related internal controls. This risk is derived from the nature of the client or industry and

38
its environment or at the transaction level, it is the susceptibility of transactions to possible
misstatement as a result of their nature (e.g. the fact that they are estimates) or complexity.
Factors that influence inherent risk include:
i. The nature of the entity‟s business e.g. a construction company is a more volatile business than
a beverage company.
ii. The level of competition in its market.
iii. The quality and experience of its management.
iv. The financial stability of the company- at present and in the foreseeable future.
v. The complexity of its operations.

At the transaction level, inherent risk is affected by :

i. The susceptibility of the company‟s assets to fraud and misappropriation
ii. the complexity of the transactions
iii. the degree of judgment involved in processing and recording the transactions.

2. Control Risk: The risk that the client company‟s internal control procedures will fail to
prevent or detect a material misstatement in an assertion or error in the financial statements.
Factors influencing control risk include:
a. The control environment – that is, attitude of management and directors towards internal
control.
b. The level of supervision by management
c. The integrity of staff and management
d. The strength of individual controls in each area of the system and the competence of the
accounting staff.
e. The nature of accounting systems in operation – manual or computerized.

3. Detection Risk: The risk that the auditor‟s own procedures and review of the financial
statements will not detect material misstatements. That is, the risk that the auditor‟s own
procedures will lead him to conclude that a material misstatement does not exist in an assertion
when in fact such assertion does exist.
This is the component of audit risk that the auditor has a degree of control over, since the auditor
can carry out more work to reduce this aspect of audit risk, if it is too high. One way to decrease
detection risk is to increase sample sizes.

39
Factors that influence detection risk and help reduce the risk, include:
a. adequate planning
b. recruitment procedures of the audit firm.
c. assignment of more experienced personnel to the audit .
d. use of latest audit techniques and procedures
e. application of professional scepticism
c. increase supervision, method and timing of audit working paper review.

3.2.3 Audit Risk Estimation/Evaluation

Assessing and evaluating risk is the core of every audit. To assess audit risk, the auditor performs
four tasks:
1. Identify risks by developing an understanding of the entity and its environment, including
relevant controls that relate to the risks, key transactions, fairness of account balances and key
financial statement disclosures.
2. Relate the identified risks to what could go wrong in management‟s assertions about
completeness, existence, valuation, occurrence and measurement of transactions or assertions
about rights, obligations, presentation and disclosure.
3. Determine whether the risks are of a magnitude that could result in a material misstatement of
the financial statements.
4. Consider the likelihood that the risks will result in a material misstatement of the financial
statements and their impact on classes of transactions, account balances and disclosures.

Significant Risks
Significant risks are those that require that require special audit consideration. Significant risks
relate to areas susceptible to management override of controls, judgmental matters and
significant non-routine transactions and require special audit consideration. Judgment is used in
the development of accounting estimates. Non-routine transactions are unusual transactions,
either due to size or nature and thus occur infrequently. Risks of material misstatements may be
greater for significant judgmental matters and non-routine transactions.
The following factors indicate that a risk might be significant:
 Risk of fraud
 Its relationship with recent economic, accounting or other developments
 It is an unusual transaction
 The degree of subjectivity in the financial information
 It is a significant transaction with a related party
 The complexity of the transaction.

40
3.2.4 Benefits of Audit Risk Assessment
1. Reduces the possibility of under- or over- auditing.
2. Saves audit costs and fees.
3. Results in more effective and efficient audit work
4. Focuses the auditor‟s attention on factors which are more likely to result in misstatement.
5. Facilitates the use of sampling and the attendant benefits derivable therefrom.

3.2.5 Limitations of Audit Risk Assessment

a. Subjective values are placed on IR and CR.
b. May lead to mechanical approach to auditing which may lead to a loss of auditor‟s
judgment.
c. The assignment of risk levels are often not suitably specific which puts into question the
validity of conclusions reached.

3.2.6 Factors that may Minimize Audit Risk

Audit risk may be lower if the following positive factors are identified:
1. The enterprise is financially stable without excessive debts and is likely to remain so in
the foreseeable future.
2. The enterprise is profitable (for a profit oriented enterprise)
3. The internal controls are strong and the accounting personnel are competent.
4. Past audit experience has provided evidence of good accounting controls with no major
audit problems.
5. The proprietor takes active role in the management of the business.

4.0 Audit testing, Sampling and Analytical Procedures

Audit tests comprise a combination of –
 Inspecting for evidence that control has been operated as described
 Re-performing the accounting procedure on a sample of transactions, in either direction
to ensure they have been carried out correctly
 Carrying out substantive tests on balances and reconciliations including obtaining
independent evidence and analytical reviews.

4.1.1 Forms of Audit Testing

a. Compliance tests
b. Substantive tests.
a. Compliance Tests: These are tests which seek to provide audit evidence that internal control
procedures are being applied as prescribed. They are tests to obtain audit evidence about the
effective operation of the control environment and in particular, the operation of the control
procedures.
41
 In compliance tests, the auditor tests the application of the control procedure and not the
transaction itself, though the testing is through the medium of the transaction. For example,
suppose that a system provides that all credit notes issued by a company must be approved by the
sales manager. To test whether the control operates as prescribed, the auditor will inspect a
sample of credit notes to see if they have been approved/initialed by the sales manager. The
details of the credit note e.g. coding, calculations etc are not relevant to the test being performed.
In the test of controls, the auditor looks at 5 components of an entity‟s internal control viz.
i. The control environment – the control culture of the entity and its impact.
ii. The entity‟s own risk assessment process – how the entity identifies, assesses and responds to
its business risks.
iii. Information systems relevant to financial reporting – those systems related to the capture of
significant transactions, events or accounting activities, data entry of transactions etc.
iv. Control activities relevant to audit – those policies and procedures that help ensure that
management directives are carried out ( i.e control activities designed to prevent/detect
misstatements) e.g controls on authorization, performance reviews, information processing,
physical controls and segregation of duties.
v. Monitoring control activities – activities that entity uses to monitor control activities over
financial reporting as well as how it takes actions to address any identified deficiencies.
Where from preliminary review of the system of controls, the system appears weak or defective,
the auditor may need to abandon the systems approach and apply substantive testing/approach.

b. Substantive Tests: Substantive tests are those tests of transactions and balances and other
procedures such as analytical reviews, which seek to provide audit evidence as to the
completeness, accuracy and validity of the information contained in the accounting records or the
financial statements. All tests other than tests of control are substantive tests. Thus, substantive
test is any test which seeks direct evidence of the correct treatment of a transaction, a balance,
an asset, a liability or any item in the books of account. Substantive tests are designed to obtain
audit evidence to detect material misstatements in financial statements.
Substantive tests are comprised of analytical procedures and other substantive procedures
such as tests of details of transactions, review of minutes of directors‟ meetings and enquiries.
Examples:
i. Transaction (e.g Disposal of item of fixed asset): Auditor will need to examine the
authorization, copy of the invoice, the entry in the fixed asset register and other books, the

42
accounting treatment and evidence of due process in selecting the buyer and that a reasonable
and appropriate price was obtained.
ii. Account balance (e.g bank deposit balance): In addition to inspecting the deposit
certificate, auditor seeks direct confirmation of the balance from the bank.
iii. Analytical Review (e.g stock cut-off procedure): Auditor seeks evidence of correctness of
cut-off by examining the gross profit ratio.
iv. Accuracy of information (e.g directors’ remuneration): Obtaining from each director a
confirmation that an accurate statement of remuneration and expenses had been obtained.
v. Completeness of information(e.g legal expenses): obtaining confirmation from the legal
adviser that all potential payments/liability from current litigation had been considered.
vi. Validity of information (e.g stock in transit): Auditor seeks evidence of ownership and
shipment.

4.1.2 Techniques of Audit Testing

Same as techniques for obtaining audit evidence and include:
 Inspection (of documents, procedures, tangible assets etc)
 Observation
 Inquiry
 Confirmations
 Computations
 Re-performance
 Sample testing
 Analytical procedures

4.1.3 AUDIT SAMPLING (ISA 530/NSA 18)

In many organizations, it is almost impossible within the time frame for the audit to do 100%
examination of transactions and items. Thus, the auditor may try to obtain audit evidence about
the population by selecting and examining specific items based on such factors as his
understanding of the entity, the assessed risks of material misstatement and the characteristics of
the population being tested and/or sampling the population. A sample is thus a representative
of a population (universe of data) and audit sampling involves the application of audit

43
procedures to less than 100% of items within an account balance or class of transactions
such that all sampling units have a chance of selection.

4.1.4 Basis of Sampling

ISA 530/NSA 18, states: “when designing audit procedures, the auditor should determine
appropriate means for selecting items for testing so as to gather sufficient appropriate audit
evidence to meet the objectives of the audit procedures.‟
The objective of all sampling is to draw conclusions about a large volume of data, the
population, based on an examination of a sample taken from that population. Sampling is most
often used in compliance testing but can also be applied to tests of balance sheet items like
stocks, accounts receivable, suppliers, fixed assets etc.
Foe sampling to be meaningful as a procedure:
1. the population should be homogeneous – every item in the population have the same
characteristics/be of the same type e.g. purchases invoices and not a mixture of purchases
invoices and debit notes.
2. every item on the population must have an equal chance of being selected.
Note that sampling may not be appropriate –
a. Where population is too small for a valid conclusion
b. When it is known there exists a high level of errors or systems failures or a possible
fraud.
c. Where all the transactions in a population are material
d. Where data is required to be fully disclosed in the financial statements e.g directors‟
emoluments
e. Where the population is not homogeneous.
f. Where an auditor has been put on enquiry in any areas of the financial statements and/or
company‟s operations
g. In unusual, one-off or extra-ordinary items.

4.1.5 Sampling Risk

This is the risk that the sample chosen may not be representative of the population as a whole.
The auditor‟s conclusion based on the sample may be different from the conclusion he would

44
reach if the entire population were subjected to the same audit procedure. There are two types of
sampling risk:
a. the risk that the auditor will conclude, in the case of test of control, that control risk is lower
than it actually is, or in the case of substantive test, that a material error does not exist when in
fact it does. This type of error affects audit effectiveness and may lead to an inappropriate audit
opinion and is known as Type 1 error. Incorrect rejection of the result
b. the risk that the auditor will conclude, in the case of test of control, that control risk is higher
than it actually is, or in the case of substantive test, that a material error exists when in fact it
does not. This type of error affects audit efficiency as it may lead to additional audit work to
establish that the initial conclusions were incorrect. This type of error is called Type II error.
A higher sampling risk increases audit risk as control and detection risks may be higher.
The level of sampling risk the auditor is willing to accept affects the sample size. Lower risk
acceptance level will imply bigger sample size.

Non-sampling Risk: Arises from factors that cause the auditor to reach an erroneous conclusion
for any reason not related to the size of sample, e.g. the auditor might use inappropriate
substantive procedures or he might misinterpret evidence and fail to recognize an error. Non-
sampling risk can be reduced by proper engagement planning, supervision and review.

4.6.6 Approaches to Selecting Samples

Two major approaches:
1. Non-Statistical or judgment sampling
2. Statistical sampling

1. Non-Statistical or judgment sampling: This involves selecting a sample of appropriate size

based on the auditor‟s professional judgment of what is desirable.
Advantages:
1. The auditor can bring his judgment and expertise into play
2. No special knowledge of statistics is required
3. No time is spent in deciphering mathematical models
4. Well understood by auditors and refined by their experience based on years of use.

Disadvantages.

45
 1. Unscientific
2. Often sample sizes are too large, which can be wasteful, or too small, which renders the
test invalid. Thus the sample size cannot be determined objectively
3. No consistency of result – two different auditors will produce two different results.
Results cannot be evaluated objectively.
4. No quantitative results are obtained
5. Elements of personal bias in sample selection exists.
6. Sample selection may be skewed in favour of auditor‟s needs e.g items near year end are
selected to assist in cut-off procedure.
7. No real logic to the selection of sample or its size.
This approach is scarcely used as it is too subjective to have any real validity.

2. Statistical sampling: Any approach to sampling that has the under-listed characteristics is
statistical sampling:
a. random selection of a sample so that each sampling unit has a known chance of being selected
b. use of probability theory to evaluate results, including measurement of sampling risks.

Advantages:
1. It is scientific
2. It is defensible
3. It can be used by all levels of staff
4. It is efficient – just the correct sample size is selected, not too large, not too small.
5. Tends to result in a uniform standard of testing
6. Provides mathematical statements about probability of being correct.

Disadvantages
1. It is a mathematical process that requires skill and competence on the part of the user to
be effective.
2. The principles of testing have to be applied properly in order for the tests to be valid.

4.1.6 Sample Design

In sample design, there are factors that we consider when determining a sample size of a
population.

46
1. The Population: The population from which the sample is to be drawn must be homogeneous.
For example, suppose a company mid period replaced its invoice recording system, two
population sets have arisen, the old and the new, from which samples have to be selected.
2. Level of Confidence: Any test of less than 100% of the population involves a certain degree of
risk that the sample will not be truly representative of the population. This degree of risk is
expressed in terms of confidence in the results e.g 95% confidence level or 5% level of error
means that there are 19 chances out of 20 that the sample is representative of the population.
3. Tolerable Error: This is the maximum error in a population that can be accepted for the audit
objectives to be achieved. The tolerable error is related to and affected by:
 Materiality considerations
 Assessment of control risks
 Results of other audit procedures.
4. Expected Error: Level of error auditor might expect to find in the population. Sample sizes
should be higher in populations with high expected error.
5. Anomalous Error: This is an error that arises from an isolated event that has not recurred other
than on specifically identifiable occasions and is therefore not representative of errors in the
population.
6. Materiality: This is a major consideration in fixing the sample size. Populations that are
material to the overall audit opinion e,g debtors, stock, fixed assets must be sampled with smaller
precision intervals and higher confidence levels.

4.1.7 Features of a Good Sample

In auditing, a sample should be:
a. Random – each item of the population has an equal (or specified) chance of being
selected.
b. Representative – the sample should be representative of the items in the whole population
e.g should contain similar proportion of high- and low-value items to the population.
c. Protective of the auditor – More intensive auditing should occur on high-value items
known to be high risk.
d. Unpredictable – Client should not be able to know or guess which items will be
examined.

4.1.8 Sampling Methods:

47
Various sampling methods exist e.g random, simple random, stratified sampling, systematic
selection, multi-stage, block sampling, cluster sampling, Quota sampling, Value Weighted
selection (Monetary unit method (MUS).The Nigerian standard recognizes the following
principal methods of selecting samples:
 Use of computerized random number generator
 Systematic selection
 Haphazard selection and
 Block selection.

1. Use of Computerized Random Number Generator: All items in the population are assigned
numbers. Numbers are then selected are then selected using computer generated random
numbers. This method ensures items are chosen without bias.
2. Systematic election: The system involves making a random start and then taking every nth
item thereafter. The sampling interval is fixed by dividing the population by the sample size. E.G
if the population is 1000 and sample size is 20, the sampling interval will be every 50th item.
3. Haphazard Selection: Here the auditor selects the sample without following a structured
technique. Although no structured technique is used, the auditor tries to avoid any conscious bias
or predictability ( e.g. avoiding difficult to locate items or 1st or last entries on a page) and thus
attempts to ensure that all items have a chance of selection. Not appropriate when using
statistical sampling.
4. Block Sampling: This involves choosing at random one block of contiguous items or
transactions in a population e.g March credit sales. This method is rarely recommended because
of its defects.

4.2 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT

ISA 315 requires that the auditor should assess risks of material misstatement through
understanding the entity and its environment, including the entity‟s internal control. This
understanding of the environment provides a basis for designing and implementing responses to
the assessed risks of material misstatement.
Thus, obtaining an understanding of the entity and its environment enables the auditor to:
 Identify and assess the risks of material misstatements in the financial statements
 Design and perform appropriate audit procedures
 Exercise audit judgement whenever that is required, e.g. when setting audit materiality
levels.
48
In relation to the entity, the auditor would want to gain an understanding of the following:
 The industry, regulatory and other external factors, including the applicable financial
reporting framework
 Nature of the entity, including operations, ownership and governance, structure and
financing.
 Entity‟s selection and application of accounting policies.
 The entity‟s internal control etc.

To obtain an understanding of the entity and its environment, a combination of the following
procedures could be used:
 Inquiries of management, internal auditors and others within the entity
 Analytical procedures
 Observation and inspection
 Prior period knowledge/information – has there been changes that could affect the
relevance of this information to the current year‟s audit
 Client acceptance or continuance process – is information obtained during the process
relevant to current audit?
 Discussion by the audit team of the susceptibility of the financial statements to material
misstatement.
 Information from other engagements undertaken for the entity: auditor should consider
whether information from these is relevant to identifying risks of material misstatement.

4.3 ANALYTICAL PROCEDURES (ISA 520/NSA 17).

Analytical Procedures: Defined as the evaluation of financial information made by a study of

the plausible relationships between elements of financial information expected to conform to a
predictable pattern and between financial information and non-financial information. Information
is compared with comparable information for a period or periods, with anticipated results and
with information relating to similar organizations. It involves the breaking down of data into
subdivisions for analysis over time, by product, by location, by management responsibility etc.
In the application of analytical procedures:
 Unexpected variations/deviations are identified and explanations for such deviations are
obtained and substantiated.
 Results of an analytical review are evaluated with other audit evidence obtained.
In the use of analytical procedures
 Trends and ratios are employed and watched
 Comparisons with previous periods are made and explanations sought
 Comparisons with forecast and budgets are made and analysed

49
  Increases in magnitude corresponding to inflation or in excess of inflation are considered
and
 Inter-firm comparisons are made and explanations sought.
Thus, the reasons for carrying out analytical reviews include:
 To gain an understanding of the client‟s business
 To identify areas of potential risks
 To determine the extent of substantive tests that will be required
 To identify areas that require further audit investigation
 To corroborate conclusions formed during the audit
 To assist the auditor in carrying out an overall review of the financial information.

Types of Analytical Procedures

1. Trend Analysis: This involves analysis of changes in an account balance or ratio over time.
Trend analysis gives good results when the account or relationship is fairly stable but less
effective when the audited entity has experienced significant operating or accounting changes.
The number of years to employ in trend analysis is a function of the stability of operations. The
more stable the operations over time, the more predictable the relations and the more appropriate
the use of multiple time periods. More precise results are got when trend analysis is applied to
disaggregated data than on aggregate data ( e.g analysis by segment, product, location, monthly
rather than annually etc).
2. Ratio Analysis: This involves the comparison of elements of financial statements, the
comparison of an account with non-financial data (e.g payroll cost with number of employees),
or the comparison of relationships between firms in an industry. In analytical procedures, five
types/groups of ratios are in common use:
a. ratios that compare client and industry data e.g industry averages published rating agencies or
Trade associations of Bureau of statistics.
b. ratios that compare client data with similar prior period data e.g current year account balances
and ratios with those of preceding year.
c. ratios that compare client data with client determined expected results e.g actual performance
against budgets.
d. ratios that compare client data with auditor-determined expected results e.g. recorded interest
cost compared with auditor computed expected interest balance.

50
e. ratios that compare client data with expected results using non-financial data e.g. multiplying
room rate by number of rooms by average occupancy rate can give an estimate of a period
revenue of a hotel.
3. Reasonableness Testing: This is the analysis of account balances or changes in account
balances within an accounting period in terms of their “reasonableness” in light of expected
relationships between accounts. Reasonableness tests use information (economic, industry etc) to
develop an explicit prediction of an account balance. For example, the auditor could use number
of units sold, the unit price by product line, different pricing structures and factoring in industry
trends within the period, to come up with a reasonableness test for sales within a period.
4. Data Mining: This involves using CAATs to examine large volumes of data with the
objective of indicating hidden or unexpected information or patterns. Data mining is referred to
as knowledge discovery in databases (KDD). Data to be mined can be numerical, textual or even
graphics and audio. Data mining is used to verify auditor‟s expectations or explain events or
conditions observed. E.g. Purchase orders and delivery dates are examined to see if the delivery
date falls after the order date.
Methods and techniques of data mining include:
 Dependency Analysis – with a purpose to search for the most significant relationship
across a large number of variables or attributes
 Classification – the process of finding models, also known as classifiers or functions that
map records into one of several discrete prescribed classes.
 Data description – The objective of this is to provide an overall description of data, either
in itself or in each class or concept. Data description may be in terms of data
characterization or data discrimination. Data characterization summarizes general
characteristics of data while data discrimination (also called comparison) compares the
characters of data between contrasting groups or classes.
 Evolution Analysis – tries to determine the most significant changes in data sets over
time.
 Cluster Analysis – has as its objective the separation of data with similar characteristics
from the dissimilar ones, e.g. accounting transactions can be clustered in such categories
as assets, liabilities, revenues, expenses etc. Clustering does not require pre-identified
class labels as classification.

STAGES IN AUDIT WHEN ANALYTICAL PROCEDURES ARE APLLIED:

51
1. At the audit planning stage – as a risk assessment procedure to obtain an understanding of the
entity and its environment.
2. During the audit – as substantive procedures in reducing risk of material misstatement at the
assertion level. It is employed as a means of gathering audit evidence.
3. At the final review stage of the audit – to provide support for the conclusions arrived at as a
result of other works. It is also used to assess the overall reasonableness of the financial
statements as a whole.
Factors that influence the extent of use of analytical procedures in the conduct of an audit
include:

1. The nature of the entity and its operations: Is the organization a long established company
with old manual systems or a new one with cutting-edge technology? A good level of ICT
adoption and application act as incentive in the use of analytical procedures.
2. Availability or non-availability of nonfinancial information to support financial information
e.g .production statistics, input mixes, labour hours worked etc
3. Knowledge gained in the previous audit of the enterprise – will give indication on areas of
greatest audit risk or where errors and difficulties arose etc
4. The reliability, relevance and comparability of the information available in the client
company. Does client take part in inter-firm comparison exercises? If yes, it is appropriate
for analytical review evidence.
5. The cost effectiveness of the use of analytical procedures in relation to other forms of
evidence. Some analytical procedures, especially those involving the use of complex
statistical techniques (e.g using multiple regression to estimate the sales for a period using
economic and industry data) and computer audit software require experienced and
specialized staff and may be expensive.
6. Management‟s own use of analytical procedures e.g. reliable budgetary control system.

Steps in Performing Analytical Procedures

Four steps are involved in the process namely:

1. Expectation: Develop an expectation of an account (or ratio) balance. Information available

to the auditor to develop expectations for analytical procedures include:
 Financial information for comparable prior periods
 Anticipated results such as budgets and forecasts
 Relationships among elements of financial information within a period
52
  Information derived from similar firms in the same industry such as industry
averages
 Relationships between financial information and relevant nonfinancial information
2. Identification: Identify and compare the amount of difference from the expectation that can
be accepted without investigation. The amount of difference that can be accepted without
investigation is determined primarily by the amount considered to be a material
misstatement by the auditor.
3. Investigation: Investigate possible explanations for material differences between expected
and recorded values. The greater the precision of the expectation, the more likely the
difference between the auditor‟s expectations and recorded values will be due to
misstatements. Conversely, the less precise the expectations, the more likely the difference
may be due to factors related to inherent factors that affect the account being audited and the
reliability of the data used to develop the expectation. In such cases, it may be needful to
reconsider the methods and factors used in developing the model.
4. Evaluation: Evaluate the impact on the financial statements of the difference between the
auditor‟s expected value and the recorded value. Inquiries of management are essential and
their explanations will need to be corroborated with other audit evidence. If auditor is
unable to corroborate management‟s explanation or management has no explanation, the
auditor will need to expand his tests of the related financial statement amounts to determine
whether or not they are materially misstated.

ILLUSTRATION

You are the audit Manager of your Firm. You are planning the audit of UP-TO-DATE
SYSTEMS LTD, a company that develops and licenses specialist computer software and
hardware. The company‟s non-current assets mainly consist of property, computer hardware and
investments, and there have been additions to these during the year. The company is
experiencing increasing competition from rival companies, most of which specialize in either
hardware or software but not both. There is pressure to advertise and cut prices.

You have been provided with the draft income statement below for your preliminary assessment.

INCOME STATEMENT FOR THE YEAR ENDED 31 DECEMBER 2015.

2015 2014
53
 =N=’000 =N=’000
Sales 15,206 13,524
Cost of sales (3,009) (3,007)
Gross profit 12,197 10,517

Distribution costs 3,006 1,996

Selling expenses 3,002 274
Administrative expenses 994 1,768
7,002 4,038
Profit from operations 5,195 6,479
Net interest receivable 995 395
Profit before Tax 6,190 6,874
Company tax (3,104) (1,452)
Profit after tax 3,086 5,422
Dividends paid (1,469) (1,439)
RETAINED PROFITS 1,617 3,983

Earnings Per Share 43 kobo 104 kobo

As part of your risk assessment procedures for UP-TO-DATE SYSTEMS LTD, comment on the
performance of the company for the two years and from your comments identify areas of audit
emphasis for the year 2015.

Suggested Solution
1 UP-TO-DATE SYSTEMS

FINANCIAL ANALYSIS, COMMENTS AND AREAS OF AUDIT EMPASIS – 2015

AUDIT

2015 2014 %CHANGE

PERFORMANCE RATIOS:

Growth in sales (Naira increase/2007 sales) 12% - +12%

Gross margin (GP/SALES) 80% 78% + 2.56%

Operating profit ratio (operating profit/Sales) 34% 48% -29.16%

Profit before tax ratio (PBT/Sales) 41% 51% - 19.61%

Growth in Investment Income 152% - +152%

Expenses as percentage of sales (Expense/Sales):

Distribution cost 20% 15% -33.33%

54
Selling expense 20% 2% -900%

Administrative expenses 7% 13% +46.15%

EPS (Given) 43k 104k - 58.65%

*Possible increase in Equity Capital =N=1.96m (assuming shares of =N=1 each)

*Possible increase in Share Capital is got as follows:

EPS = PAT/no. of Ord. shares
Let X = no. of Ord. shares;
Then, Shares in issue as at 31 Dec. 2007 = 5,422,000/1.04 = 5,213,462 shares.
Shares in issue as at 31 Dec. 2008 = 3086000/.43 = 7,176,744 shares.
Increase in no. of shares: 7,176,744 – 5,213,463 = 1,963,281 shares of =N=1 each.

COMMENTS

 Growth in turnover of about 12% but a marginal increase in gross margin from 78% in
2007 to 80% in 2008. Indicates that, thus far, there has not been material change in
pricing policy and no cut-off problem.
 Rise in cost of sales is less than 1%. Suppression of cost is a reasonable suspicion as cost
is expected to rise in sympathy with revenue.
 Operating profit ratio fell from 48% in 2007 to about 34% in 2008. High operating cost is
implicated.
 Analysis of expenses indicates a rise from 15 kobo per naira sales in 2007 to 20 kobo in
2008, for distribution expenses and a rise from 2 kobo per naira sales in 2007 to about 20
kobo per naira in 2008, for selling expenses. Admin expenses dropped from 13 kobo in
2007 to 7 kobo per naira sales in 2008; suppression of costs could be suspected.
 From EPS ratio, capital injection of about =N=2million is indicated. This did not reflect
in operating profits as it appears to have been channeled to investments.
 A growth in investment income of about 152% is recorded. In spite of this, Earnings
Before tax still fell from about 51% to about 41% in 2008.
 Thus, the fresh capital injection neither magnified sales nor earnings for Equity holders,
as EPS fell from 1.04 in 2007 to 0.43 in 2008.

AREAS OF AUDIT EMPHASIS:

1. The following overhead costs should be disaggregated and investigated:

 Distribution expenses
 Selling expenses
55
  Admin expenses

2. Additions to investments and fixed assets will need to be examined and validated.

3. Company tax should be investigated and re-computation done if necessary.

PRACTICE EXERCISES

1. Maybros Fashion Shops Plc own a chain of shops in major towns in South-East, Nigeria. Each
shop is operated by a separate subsidiary company. All subsidiaries buy from the parent. The
Auditors of Maylux shop are reviewing the accounts for the year ending 31 December 2011
before starting the audit.

These reveal (in extract):

2010 2011 Budget 2012

=N=’000 =N=’000 =N=’000

Turnover 6,000 6,380 6,400

Cost of sales 4,000 4,590 4,250

Gross profit 2,000 1,790 2,150

Wages 780 710 700

Overheads 700 750 740

Net Profit 520 330 710

Stock 580 530 620

Creditors 710 790 740

External data known to the auditors include:

1. Rate of inflation 5%
2. A university survey, found on the internet, of the traders in the area in which the shop is
situated indicates a 5% growth in real terms.
3. The rate of gross profit achieved by other shops in the group was 345% and average stock
was 45 days‟ worth.
4. Creditor days in three other shops averaged 65 days.
5. Wages in the other shops averaged 13% of turnover.

From the above information, and using analytical procedures, highlight areas of audit emphasis
in Maylux shop for the year 2011.
56
2. (a) ISA 520 Analytical Procedures requires that the auditor performs analytical procedures
during the initial risk assessment stage of the audit. These procedures, also known as preliminary
analytical review, are usually performed before the year end, as part of the planning of the final
audit.

Required:

Explain the reasons for performing analytical procedures as part of risk assessment procedures.

(b) Belzy Fashion Shops Plc owns a chain of shops in major towns in South-East, Nigeria. Each
shop is operated by a separate subsidiary company. All subsidiaries buy from the parent. The
Auditors of Benarc shop, a subsidiary of Belzy, are reviewing the accounts for the year ending
31 December 2015 before starting the audit and have computed some ratios in their analytical
review exercise.

Required:

Explain the possible reasons for the following changes found at the planning stage of the audit:

i. A decrease in gross profit percentage

ii. An increase in the inventory holding period
iii. An increase in the current ratio
iv. an increase in dividend cover
v. An increase in capital gearing

4.4 INTERNAL CONTROL

4.4.1 Definitions:
Committee of Sponsoring Organisations of the Treadway Commission (COSO): Internal control
is the process designed and effected by those charged with governance, management and other
personnel to provide reasonable assurance about the achievement of the entity‟s objectives with
regard to reliability of financial reporting, effectiveness and efficiency of operations and
compliance with applicable laws and regulations.

ISA 400: Internal control system means all policies and procedures adopted by management of
an entity to assist in achieving management‟s objective of ensuring, as far as practicable, the
orderly and efficient conduct of its business, including adherence to management policies, the
safeguarding of assets, the prevention and detection of fraud and error, the accuracy and
completeness of the accounting records and the timely preparation of reliable financial
information.

Audting Practices Committee APC): Internal control is the whole system of controls, financial
and otherwise, established by management in order to carry on the business of the enterprise in

57
an orderly manner, ensure adherence to management policies, safeguard the assets, and secure as
far as possible the completeness and accuracy of the records.

An understanding of internal control assists the auditor in:

 identifying the types of potential misstatements and the factors that affect the risks of
material misstatements; and
 designing the nature, timing and extent of further audit procedures.

4.4.2 Components of internal control

There are five components of internal control, namely –
 The control environment
 The entity‟s risk assessment process
 The information systems relevant to financial reporting
 Control activities and
 Monitoring of controls.

The Control Environment

The control environment is the framework within which controls operate. It includes the
governance and management functions and the attitudes, awareness, and actions of those charged
with governance and management concerning the entity‟s internal control and its importance to
the entity.
While a strong control environment does not, by itself, ensure the effectiveness of the overall
internal control system, it is a positive factor when assessing the risks of material misstatement.
Management attitude towards control is a significant factor in determining how controls operate.
Controls are more likely to operate well in an environment where they are considered important.
The existence of internal audit function and budgetary system strengthen the control
environment.
As part of understanding the control environment, ISA 315 requires that the auditor evaluates
whether:
 Management has created and maintained a culture of honesty and ethical behaviour
 The strengths in the control environment provide an appropriate foundation for the other
components of internal control and whether those components are not undermined by
deficiencies in the control environment.
When assessing the effectiveness of the control environment, the auditor should pay attention to
the following elements of control environment:
1. Communication and enforcement of integrity and ethical values – these influence the
effectiveness of the design, administration and monitoring of controls.
2. Commitment to competence – Management‟s consideration of the competence levels for
particular jobs and how such levels translate into requisite skills and knowledge.
3. Management‟s philosophy and operating style – their approach to taking and managing
business risks, attitudes and actions towards financing reporting as well as attitudes
towards information processing and accounting functions and personnel.

58
 4. Participation by those charged with governance – their independence from management,
experience and stature, extent of involvement in control activities and scrutiny of
activities and appropriateness of actions and interaction with internal and external
auditors.
5. Organisational structure – The framework within which an entity‟s activities are
planned, executed, controlled and reviewed.
6. Assignment of authority and responsibility - how authority and responsibility for
operating activities are assigned and how reporting relationships and authorization
hierarchies are established.
7. Human resource policies and practices – recruitment, orientation, training, evaluating,
counseling, promoting, compensation and remedial actions.
The auditor assesses whether these elements of the control environment have been implemented
using a combination of inquiries of management and observation and inspection.

Entity’s Risk Assessment Process

ISA 315 requires the auditor to obtain an understanding of whether the entity has a process for:
 Identifying business risks relevant to financial reporting objectives
 Estimating the significance of the risks
 Assessing the likelihood of their occurrence
 Deciding upon actions to address those risks.
The auditor should note whether has established such a process or not, and discuss with
management whether relevant business risks have been identified and how they have been
addressed.

Information System relevant to Financial Reporting.

Information system relevant to financial reporting consists of the procedures and records to
initiate, record, process and report entity transactions and to maintain accountability for the
related assets, liabilities and equity.
In respect of this component, the auditor looks into the following areas:
 The classes of transactions in the entity‟s operations that are significant to the financial
statements.
 The procedures by which those transactions are initiated, recorded, processed, corrected
and reported in the financial statements.
 The related accounting records, supporting information, and specific accounts in the
financial statements, in respect of initiating, recording, processing and reporting
transactions.
 How the information system captures events and conditions, other than transactions, that
are significant to the financial statements.
 The financial reporting process used to prepare the entity‟s financial statements,
including significant accounting estimates and disclosures.
 Controls surrounding journal entries used to record non-recurring, unusual transactions or
adjustments.

59
The auditor should note how the entity communicates financial reporting roles and
responsibilities and significant matters relating to financial reporting.

Control Activities.
Control activities are those policies and procedures that help ensure that management directives
are carried out. They include all activities designed to prevent or detect and correct errors. The
elements or types of control activities include:

Segregation of duties: This requires that no one person initiates, authorizes, processes, records
and maintains custody of assets arising from a transaction. That is, functions involved in a given
transaction should be separated and carried out by different persons.

Physical controls: This concerns physical custody of assets and the design of procedures to limit
access to authorized personnel only. It involves limiting direct access e.g. by locking up
documents and other values in safes or warehouses or through the use of usernames and
passwords and other digital techniques to restrict access to computer files etc.

Authorisation and Approval: Every transaction should require authorization or approval by an

appropriate person. Authorisation limits should also be specified.

Management controls: These include all supervisory controls by management over and above
daily routine supervision, performance reviews, internal audit and other special review
procedures.

Supervision: All the activities of staff should be supervised by appropriate line personnel.
Responsibilities for supervision should be communicated to people concerned.

Organisation: There should be functional organization chart, defining lines of authority and
responsibilities, including lines of reporting. The delegation of authority and responsibility
should be clearly specified.

Arithmetical and Accounting controls: These involve ensuring that all transactions are
authorized, completely captured, correctly recorded and accurately processed. Procedures
include checking the arithmetical accuracy of the records, reconciliations, use of control
accounts, sequence or continuity checks etc.

Personnel: Procedures should be designed to ensure that personnel have the appropriate skill
sets, are competent, possess integrity and are motivated to carry out the tasks assigned to them.
Systems are as good as the people operating them.

ISA 315 requires that the auditor obtains an understanding of control activities relevant to the
audit and how the entity responds to risks arising from IT.

60
Monitoring of Controls
Monitoring of controls is a process to assess the effectiveness of internal control performance
over time. It includes assessing the design and operation of controls on a timely basis and taking
necessary corrective actions modified for changes in conditions.

The auditor should obtain an understanding of the major control activities that the entity uses to
monitor internal control over financial reporting, and how the entity initiates corrective actions to
deficiencies in its controls. He should also understand the sources of information used in
monitoring activities and the basis on which management considers it reliable.

4.4.3 Limitations of Accounting and control systems

Internal control systems have inherent limitations which include:
 The possibility of controls being by-passed or overridden by management
 Collusion between employees, rendering ineffective segregation of duties as a control
measure
 The potential for human error – the system is as effective as the personnel that implement
it.
 Controls may be designed to cope with routine and not routine transactions.
 The costs of controls not outweighing their benefits.

4.4.4 Recording Client’s accounting and control systems

The techniques used in recording the assessment of a client‟s control risk/internal control system
include:
Narratives: Narrative notes are used to describe and explain the control system, while also
making any comments or criticisms that will demonstrate an understanding of the system.
Narrative notes will highlight:
 The origin of every document and record in the system;
 All processing that take place
 The disposition of every document and record in the system and
 The indication of the controls relevant to the assessment of risk e.g. separation of duties,
authorization and approvals and internal verification.

Advantages of Narrative notes

i. They are relatively simple to record and can facilitate understanding by all engagement
team members.
ii. The method is flexible and thus can be used for any system.
iii. Editing in future years can be relatively easy if they are computerized.

Disadvantages
i. It is much more time consuming to describe systems in narrative than, say in a chart.

61
 ii. If written manually, updating will be untidy.
iii. It can be difficult to identify missing internal controls because notes record the detail of
systems but may not identify control exceptions clearly.

Flowcharts
Flowcharts are graphic illustrations of the physical flow of information through the accounting
system. Flowlines are used to represent the sequence of processes and other symbols represent
the inputs and outputs to a process.

Advantages
i. As information is presented in a standard form, they are fairly easy to follow and to
review.
ii. They generally ensure that the system is recorded in its entirety, as all document flows
have to be traced from beginning to end. Any „loose ends‟ will be apparent from a
cursory examination.
iii. They eliminate the need for extensive narrative and can be of considerable help in
highlighting the salient points of control and any deficiencies in the system.
iv. With a little practice/experience, flowcharts can quickly be prepared.

Disadvantages
i. Most suitable for describing standard systems. Procedures for dealing with unusual
transactions will normally have to be recorded using narrative notes.
ii. Major amendment is difficult without redrawing.
iii. Time can be wasted by charting areas that are of no audit significance.

Internal Control Questionnaires (ICQs)

These are lists of questions designed to determine whether desirable controls are present for each
major transaction cycle e.g. sales system, inventory system, purchases system, accounts
receivable etc. There is usually one list of questions to cover each of the major transaction
cycles. The questions are mostly designed in the form of YES or NO, while a NO answer
indicates a deficiency in the system. For example, “are supplies examined on arrival as to
quantity and quality?” YES/NO/Comments.

Internal Control evaluation Questionnaires (ICEQs)

ICEQs are designed to assess whether specific errors (or frauds) are possible. Thus, control
questions that concentrate on the significant errors or omissions that could occur at each phase of
the appropriate cycle if controls are weak, are asked. For example, some control questions for the
purchases (expenditure) cycle could read:
Is there reasonable assurance that:
a. all payments are properly authorized?
b. All credits due from suppliers are received?
c. All transactions are properly accounted for?
d. Goods or services could not be received without a liability being recorded?

62
 e. Receipt of goods or services is required in order to establish a liability? etc

ICEQ questions can also be phrased to highlight a deficiency that should be prevented by a key
control. In this case, a YES answer indicates a weakness. For example, “Can goods be sent to
unauthorised suppliers?”

Advantages of ICQs and ICEQs

1. If drafted thoroughly, they can ensure all controls are considered.
2. They are quick to prepare
3. They are easy to use and control
4. ICEQs are drafted in terms of objectives; so they are easily applied to a variety of
systems
5. Answers to ICEQs enable auditors to identify the key controls which they are most likely
to test during control testing.
6. ICEQs can highlight deficiencies where extensive substantive testing will be required.

Disadvantages
1. When vaguely drafted, they are misunderstood and important controls may not be
identified.
2. They may contain a large number of irrelevant controls.
3. The client may be able to overstate controls.

Checklists
These may be used in place of ICQs and ICEQs in the documentation and evaluation of internal
controls. Statements made about control issues are ticked/marked off to indicate when the
statement holds true. E.G., „supplies are examined on arrival as to quantity and quality.‟

4.4.5 Internal controls in a computerized environment

Controls in a computerized environment include both manual procedures and procedures
designed into computer programmes. Two types of controls exist, namely general controls and
application controls.

General IT controls
These consist of policies and procedures that support the effective functioning of application
controls. They include controls over data centre and network operations, system software
acquisition, access security, change and maintenance, application system acquisition,
development and maintenance.
Examples of General controls
Development of Computer applications: Controls will include
 Standards over systems design, programming and documentation
 Full testing procedures using test data
 Approval by computer users and management

63
  Segregation of duties so that those responsible for design are not responsible for testing
 Installation procedures so that data is not corrupted in transition

Prevention or detection of unauthorized changes to programmes: Controls will include

 Segregation of duties
 Full records of programme changes
 Password protection of programmes to limit access to computer operations staff
 Maintenance of programme logs
 Back-up copies of programmes – stored in other locations
 Virus checks etc

Testing and documentation of Programme changes:

 Complete testing procedures
 Documentation standards
 Approval of changes by computer users and management
 Training of staff using programmes

Controls to prevent unauthorized amendments to data files:

 Password protection
 Restriction of access to authorized users only

Controls to prevent wrong files being used

 Libraries of programmes
 Proper job scheduling
 Operation controls over programmes.

Controls to ensure continuity of operations

 Storing extra copies of programmes and data files off-site
 Protection of equipment against fire and other hazards
 Back-up power sources
 Disaster recovery procedures e.g. back-up computer facilities
 Maintenance agreements and insurance.

Application Controls
These are manual or automated procedures that operate at a business process level. They are
designed to ensure the integrity of the accounting records. They relate to procedures used to
initiate, record, process and report transactions or other financial data. The purpose of such
controls is to ensure that all transactions are authorized and recorded, and are processed
completely, accurately and on a timely basis.

Examples:
Control over input: Completeness

64
  Manual or programmed agreement of control totals
 Document counts
 One-for-one checking of processed output to source documents
 Programmed matching of input to expected input control file

Controls over input: accuracy

Programmes to check data fields on input transactions for plausibility:
 Digit verification (e.g. reference numbers are as expected)
 Reasonableness check (e.g. VAT to total value)
 Existence check (e.g. customer name)
 Permitted range (no transaction processed over a certain range)
Manual scrutiny of output and reconciliation to source.
Agreement of control totals – manual or programmed.

Controls over input authorization

Manual checks to ensure information input was:
 Authorized
 Input by authorized personnel.

Controls over Processing

Ensures data processing has been done accurately without omissions or duplications. Similar
controls as in input should exist e.g batch reconciliations, control total reports etc. Screen
warnings can prevent logging out before processing is complete.

Controls over master files and standing data

 Cyclical reviews of all master files and standing data
 Record counts (number of documents processed) and hash totals (e.g. the total of all the
payroll numbers) used when master files are used to ensure no deletions
 Controls over the deletion of accounts that have no current balance.

Tests of Control
These are tests performed to obtain audit evidence about the effectiveness of the design of the
accounting and internal control systems and the operation of the internal controls.
Tests of control include:
 Inspection of documents
 Inquiries about internal control e.g. who actually performs each function
 Re-performance of control procedures e.g. bank reconciliations
 Examination of evidence of management views e.g. minutes of management meeting,
 Observation of controls to consider the manner in which the control is being operated
 Tests over overall IT function e.g. access controls.

65
66