CHAPTER ONE
The Nature, Purpose, Scope of Audit and Assurance Services
1.1. Evolution of Auditing
The word ‘audit’ takes its origin from the Latin ‘audire’ which means ‘to hear’. In the middle
ages, the auditor was a person appointed by the owners whenever they suspect fraud to check the
accounts and to hear the explanation given by a person responsible for financial transactions.
Auditing, at that time, was carried out to locate frauds and errors. However, now there is a
noticeable change in the scope of audit and in the duties and responsibilities of an auditor.
Modern auditing has developed since the concept of a company as a separate legal entity came
into existence. This led to the separation of ownership from management. Therefore, directors
must be accountable for their actions to the shareholders on a regular basis. This accountability
mainly occurs when the financial statements are formerly presented to shareholders. Increasingly
the services of professional accountants were being sought and employed in the latter part of the
nineteenth century and it was then that several professional accountancy bodies were formed.
Some of the major auditing developments of the 20th century include:
A shift in emphasis to the determination of fairness in financial statements.
Increased responsibility of the auditor to third parties, such as governmental agencies,
stock exchanges, and an investing public numbered in millions.
A change in auditing methods from detailed examination of individual transactions to use
of sampling techniques, including statistical sampling.
Recognition of the need to consider the effectiveness of internal control as a guide to the
direction and amount of testing and sampling to be performed.
Development of new auditing procedures applicable to electronic data processing
systems, and use of the computer as an auditing tool.
Recognition of the need for auditors to find means of protecting themselves from the
current wave of litigation.
1
�1.2. Meaning of Audit
The American Accounting Association Committee on Basic Auditing Concepts defined
Auditing as:
“a systematic process of objectively obtaining and evaluating evidence
regarding assertions about economic actions and events to ascertain the
degree of correspondence between assertions and established criteria and
communicating the results to interested users.”
The phrases in this definition require additional explanation. The phrase systematic process
implies there should be a well-planned approach for conducting an audit. This plan involves
objectively obtaining and evaluating evidence. The evidence gathered by the auditor must
relate to assertions about economic actions and events. For example financial statements
prepared by management contain numerous assertions. If the balance sheet contains amount of
Br. 10 million for property, plant and equipment, management is asserting (declaring) that the
company owns the assets, uses them in the production of goods and services, and that this
amount represents their un depreciated historical costs.
The auditor compares the evidence gathered to assertions about economic activity in order to
assess the degree of correspondence between those assertions and established criteria. GAAP is
normally used for measuring the degree of correspondence, for financial audits. The last phrase,
communicating the results to interested users, is concerned with the type of report the auditor
provides to the intended users-banker, investors, stockholders, creditors, etc. In short, the
definition implies, auditing encompasses both an investigative process and a reporting process.
An alternative definition of auditing follows
“Auditing is the accumulation and evaluation of evidences about
information to determine and report on the degree of correspondence
between the information and established criteria. Auditing should be
done by a competent, independent person.” (Arens, 2014) )00)
This definition indicates that to undertake an audit there must be:
1. Verifiable information and established criteria.-To do an audit, there must be information
in a verifiable form and some standards (criteria) by which the auditor can evaluate the
information. Auditors routinely audit quantifiable information but they also audit subjective
2
� information. The criteria for evaluating information may be numerous such as GAAP/ISA?,
Internal Revenue Code.
2. Accumulating and evaluating evidence --Evidence is any information used by the auditor
to determine whether the information being audited is stated in accordance with the
established criteria. Evidence can be oral testimony of the auditee (client), observations and
written communication.
3. Competent, independent Person
Competence refers to the qualification of the auditor to understand the criteria used and the
ability to know the type and amount of evidence to accumulate to reach at the proper
conclusion after a careful examination of evidences. The competence of the individual
performing the audit is of little value if he or she is biased in the accumulation and evaluation
of evidence.
Independence refers to the unbiased mental attitude of the auditor. Although absolute
independence is impossible, auditors strive to maintain a high level of independence to keep
the confidence of users relying on their report. Internal auditors try to keep their
independence by reporting directly to top management.
4. Reporting
Preparation of audit report is the final stage in audit process. Audit report is a
communication of auditor’s findings to users. Though reports differ in nature, they all must
inform readers the degree of correspondence between information and established criteria.`
1.3. Assurance Services: Overview
As you may know dependable information is essential to the existence of our society. The
investor making a decision to buy or sell securities, the banker deciding whether to approve a
loan, the government in obtaining revenue based on tax returns, all are relying upon information
provided by others. In many of these situations, the goals of the providers of information run
directly counter to those of the users of the information. Implicit in this line of reasoning is
recognition of the social need for independent public accountants-individuals of professional
competence and integrity who can tell us whether the information that we use constitutes a fair
picture of what is really going on.
3
�Assurance services: Assurance services are independent professional services that improve the
quality of information or its context for decision makers. Decision makers seek assurance
services to improve the reliability and relevance of the information used as a basis of decisions.
Assurance services include many areas of information, including nonfinancial areas.
One category of assurance services is attestation services. Attestation service is a type of
assurance service which results in a report issuance of report on subject matter or an assertion
about the subject matter that is the responsibility of another party. Audit is one type attestation
service. There are five categories of attestation services.
1. Audit of historical financial statements -is a form of attestation service in which the
auditor issues a written report expressing an opinion about whether the financial
statements are in material conformity with the generally accepted accounting principles
(GAAP).
2. Review of historical financial statements -- is another type of attestation service, which is
performed in less scope than an audit and is often adequate to meet users’ needs. They
provide a moderate amount of assurance on the financial statements. Review requires less
supporting evidence than audit.
3. Attestation of internal control over financial reporting –attests the reliability (efficiency
and effectiveness) of internal controls over financial reporting.
4. Attestation service on information technology -report on management’s assertions about
its disclosure of electronic commerce practices and computer information systems.
5. Other attestation services- the auditor give a numerous other attestation services as an
extension of audit of statements. Examples include: Assurance about the debtor’s
compliance with certain financial covenant provision stated in loan agreement;
Compliance with trading policies and procedures; Annual environmental audit.
4
�1.4. Demand for Audit
“Why do organizations request an audit?” The answer to this question lies in the following
paragraphs:
To resolve conflict of interest between management and the owners. The agency
relationship that exists between the owner and manager produces a natural conflict of
interest. Because, the manager has more information about the true financial position and
results of operations of the entity than the owner who is absentee. In both, parties seek to
maximize their own self-interest; it is likely that the manager will not act in the best interest
of the owner. Example the manager may spend organizational funds to provide excessive
personal benefits or manipulate the reported earnings in order to earn a larger bonus. Thus,
the need for independent opinions or view is necessary to resolve such conflicts
Control mechanism – audits are important control mechanisms for accountability. The
auditor’s role is determining whether the reports prepared by management are in conformity
with the responsibility and duties provided in the organization policies. The overall need for
monitoring activities, demands (requests) auditing to provide credible or audited financial
information, audited performance reports, audited implementation of rules, & regulations.
To reduce damaging Consequences – Even though, the function of accounting is to provide
information for economic decision making; this information must be verified by auditors
before they are used for decisions that have serious and subsequent factual economic
consequences.
To simplify complexity – In our age, financial information & translation has become
complex in preparation, content, and format. Therefore, it demands specialized body of
knowledge to prepare (compilation), verify and interpret them. Decisions makers are not
trained to collect, compile, and summarize the key operating information themselves.
Remoteness - Because of the separateness of the management from the owners; information
is prepared in a place far from the user..The user is prevented from directly assessing the
quality of information he/she obtains. For instance, investors are not able to personally visit
locations to check on investments. Thus, the need for auditor services to assess the
information on the users' behalf.
Time sensitivity – Decisions must often be made on a moment’s notice. Thus, it requires
reliable information.
5
� Regulatory requirements –Many business laws, memorandum of association and
government regulation, make annual audits requirements.
In short, ‘independent’ audit provides credibility to information i.e the information can be
believed by the users for making various decisions. Economic decisions are made under
conditions of uncertainty; there is always a risk that the decision maker will select the wrong
alternative and incur a significant loss. The credibility added to the information by the
auditor actually reduces the decision makers’ risk. The auditors, therefore, reduce
information risk; the risk the information used to make decision is materially misstated.
1.5 Types of Audits and Auditors
1.5.1. Types of Audits
a. Financial Statement Audit –The International Federation of Accountants (IFAC) defines an
financial statement audit as:
An audit is a work performed by an auditor to enable him/her to express an
opinion whether the financial statements are prepared, in all material respects, in
accordance with an identified financial reporting framework.
This type of audit is conducted to determine whether the financial statements are stated in
accordance with specified criteria, usually the GAAP. Financial statement audits are normally
performed by firms of certified public accountants (external auditors). The financial statements
most often included are balance sheet, income statement, and statement of cash flows, including
accompanying disclosures (notes to financial statements). The purpose of an external financial
statement audit engagement is to enable the auditor express an opinion on whether the financial
statements audited:
Give a true and fair view or present fairly in all material respects the entity’s affairs
Are prepared, in all material respects, in accordance with an applicable financial
reporting frame work
This opinion is embodied in the audit report and addressed to those interested parties who
commissioned the audit or to whom the auditor is responsible under relevant statue.
6
�In expressing the audit opinion the auditor has to carry out such procedures and take such steps
as designed to obtain reasonable assurance that the financial are properly stated in all material
respects. There are certain inherent limitations present in any kind of examination which require
the use of judgment. Hence, there is an unavoidable risk that even some material misstatements
may remain undiscovered, and absolute certainty in auditing is rarely attainable.
However, it is the sacred duty of the auditor to plan and perform the audit with an attitude of
professional skepticism that the financial statements being audited may be materially misstated
and extend his procedures even at the slightest indication of fraud or error which may result in
material misstatements so that he can confirm or dispel his suspicions.
Thus, the opinion expressed by the auditor helps to establish the extent of credibility of the
financial statements but should not be construed as an assurance as to the future viability of the
organization or as to the efficiency or effectiveness with which the management has conducted
the affairs of that unit.
b. Operational Audit –This is a review of any part of an organization’s operating procedures
and methods for the purpose of evaluating efficiency and effectiveness. The aim of an
operational audit is to improve operations. Therefore, at the completion of operational audit,
managers normally expect recommendations for improving operations. An example of
operational audit is evaluating the efficiency and accuracy of processing payroll transactions
in a newly installed computer system.
Efficiency and effectiveness of operations are far more difficult to evaluate objectively than
compliance or the presentation of financial statements in accordance with GAAP. In addition,
establishing criteria of revaluating the information in an operational audit is an extremely
subjective matter.
c. Compliance Audit – The purpose of compliance audit is used to determine whether the
auditee is following specific procedures, rules, or regulations set by some higher authority.
The regulations may be set by the organization, government or legal and regulatory bodies.
Examples of compliance audit include
Determining whether accounting personnel are following the procedures prescribed by the
company controller.
7
� In private and not-for-profit organizations, prescribed policies, contractual agreements and
legal requirements may call for compliance audit.
d. Comprehensive Audit
A comprehensive audit encompasses the determination of (1) the fair presentation of
financial statements, (2) the compliance with legislative or relative authorities, and (3) due
regard for the economy and efficiency in the administration of resources and the
effectiveness of programs (commonly known as value-for-money). Since the audit for the
fair presentation of financial statements has been discussed earlier, we shall focus our
attention on the value-for-money aspect of the comprehensive audit. The objective of a
value-for-money audit is to assess management's accountability for the economy and
efficiency of the entrusted resources and the achievement of objectives (effectiveness).
Economy measures the relationship between resources acquired and their costs. Thus,
economy is achieved when the appropriate resources are acquired at the lowest possible cost.
Efficiency reflects the relationship between inputs and outputs.
It is considered efficient when a maximum amount of output is produced from a given input
or a minimum amount of input yields a maximum amount of output. Effectiveness refers to
the accomplishment of a set of goal or objective. Therefore, the degree of effectiveness is
judged by the extent to which the goal is achieved.
Table 1-1 Examples of the Three Types of Audits
Type of Example Information Established Available
Audit Criteria Evidence
Financial Annual audit of Financial statements GAAP Documents,
statement financial statements records, and
audit outside sources
of evidence.
Operational Evaluate whether the Number of payroll Company Error reports,
audit / computerized payroll records processed in standards for payroll records,
Performance processing is operating a month, costs of the efficiency and and payroll
efficiently and department, and effectiveness in processing
effectively number of errors payroll costs.
8
� made. department.
Compliance Determine whether Company records Loan agreement Financial
audit bank requirements for provisions statements and
loan continuation have calculations by
been met. the auditor.
1.5.2. Types of Auditors
There are different types of auditors; however, they can be classified under three headings:
internal auditors, external auditors, and government auditors. Each type of auditor will be
discussed briefly. One important requirement of each type of auditor is independence, in some
manner from the entity being audited.
a. Internal Auditors: Nearly every large organization maintains an internal auditing staff. A
principal goal of the internal auditors is to investigate and evaluate the effectiveness with
which the various organizational units of the company are carrying out their assigned
functions. Internal auditors give much attention to the study and appraisal of internal control.
The institute of Internal Auditors (IIA) has developed a set of standards that should be followed
by internal auditors and has established a certification program. An individual meeting the
certification requirements set by the IIA, which includes passing a uniform written examination,
can become a certified internal auditor (CIA).
Like external auditors, internal auditors must be objective and independent. To help ensure the
objectivity and independence of internal auditors, the IIA suggests that the director of internal
auditing report directly to either the board of directors or the audit committee of the board or
have free access to the board. Regardless of their reporting level, however, internal auditors are
not independent in the same sense as external (independent) auditors. The internal auditors are
employees of the company in which they work, subject to the restraints inherent in the employer
– employee relationship.
Internal auditors can be involved in all three types of audits. Their primary activities are to
conduct compliance and operational audits within their organization. However, they may also
assist the external auditors with the annual financial statement audit. Unlike the external auditors,
9
�who are committed to verify each significant item in the annual financial statements, the internal
auditors are not obliged to repeat their audits on an annual basis.
b. External Auditors: External auditors are often referred to as independent auditors or
certified public accountants. Such auditors are called "external" because they are not
employed by the organization being audited. An external auditor conducts financial statement
audits for publicly traded and private companies, partnerships, municipalities, individuals
and other types of entities. They may also conduct compliance and operational audits for
such entities. An external auditor may practice as a sole proprietor or as a member of a CPA
firm.
State law through licensing department in each country regulates the CPA certificate. The
requirements for becoming a certified public accountant vary among countries. In our country
the General Auditors grants the license to work as an independent auditor when someone has the
certificate of certified public accountant through passing the qualification exams given in US
(CPA) or UK (ACCA). In addition to these qualification exams the individual should possess at
least three-year experience in audit.
Professional standards require that external auditors maintain their objectivity and independence
when providing auditing or other attestation services for clients. Later, independence and
objectivity will be discussed in depth.
Table 1.2. Internal Auditor Vs. External Auditor
Internal Auditor/auditing External Auditor/auditing
Is an employee of the organization that is Is not an employee of the auditeei.e. audit
being audited. is made by the registered auditor
It provides the information to owner of Co. Reports to the third parties ,in addition to
and management only the internal parties
Reviews the internal controls primarily to Reviews the internal controls primarily to
improve compliance and develop internal determine whether reliance can be placed
control up on them in carrying out the audit
Is directly concerned with the detection and . primarily concerned on the fairness of the
prevention of fraud. financial statements
Is independent of the function of the entity. Is independent of the entity.
10
� Audit the organization throughout the year- Audit the organization periodically.
continuous in nature. Usually one or at most twice a year.
c. Government Auditors. The Government of Ethiopia has an auditor general. The various
regional governments are expected to have Auditor Generals who are responsible for auditing
the agencies who report to that government. These government auditors may be appointed by
committee or by the government or party in power jurisdiction. They report to their
respective legislatures and are responsible to the body appointing them. The primary
responsibility of the government audit staff is to perform the audit function for government.
The extent and scope of the audits performed are determined by legislation in the various
jurisdictions. (Read the duties responsibilities of OFAG at end of the chapter)
d. Internal Revenue Agents (IRAs). These are responsible to audit the taxpayers’ returns to
determine whether they have complied with the tax laws. The audits performed by the IRAs
are solely compliance audits. An auditor involved in these areas must have considerable tax
knowledge and auditing skills to conduct an effective audit.
Comparison between Accounting and Auditing
Many financial statement users and members of the general public confuse auditing with
accounting. The confusion results because most auditing is concerned with accounting
information, and many auditors have considerable expertise in accounting matters. The
confusion is increased by the fact that individuals described as public accountants perform
auditing.
Accounting is the process of recording, classifying and summarizing economic events in a
logical manner for the purpose of providing financial information for decision-making,
accounting is constructive. It starts with the raw financial data to process and produce financial
summary through reports known as financial statements as the end product of its work. The
function of accounting, to an entity and to society as a whole, is to provide certain quantitative
information that management and others can use to make decisions. To provide relevant
information, accountants need to have a thorough understanding of the rules and principles and
provide the basis for preparing the accounting information.
11
�Auditing, on the other hand, is analytical work; it is critical investigative process that starts with
the end product of accounting to lend credibility & fairness of the measurements. In auditing, the
concern is with determining whether recorded information properly reflects the economic events
that occurred during the accounting period. Since the accounting rules and principles are the
criteria for evaluating whether the accounting information is properly recorded, any auditor
involved with this data must also thoroughly understand the accounting rules and principles. In
the context of financial statements these are generally accepted accounting principles (GAAP).In
addition to understanding accounting, the auditor must also possess expertise knowledge in the
accumulation and interpretation of audit evidence. Determining the proper audit procedures,
sample size, particular items to examine, timing of the tests, and evaluating the results are unique
to the auditor. It is the expertise that distinguishes auditors from accountants. That is, auditing
has its principal roots, not on the accounting it reviews, but in the logic it leans heavily for
ideas and methods.
Scope of an Audit
The scope of an audit is dependent upon:
The terms of agreement between the auditor and the client
Statutory requirements
Requirements of relevant professional bodies
A properly conducted financial statement audit is organized to cover adequately all aspects of the
organization as far as they are relevant to the financial statements under audit. To this end the
auditor:
Studies and evaluates the accounting systems and the related internal controls and tests the
internal controls to decide on the nature, extent and timing of other audit procedures
Carries out such other tests, enquiries and other verification procedures of transactions and
balances as considered appropriate
The auditor then bases his opinion by:
Comparing the financial statements with the underlying accounting records and other
source data to see whether they properly summarize transactions and events
Considering the judgments the management has made in preparing the financial statements
12
� Assessing the selection and consistent application of accounting policies and the manner in
which information has been classified, and the adequacy of disclosure
It should be noted that the auditor is not responsible for the preparation of the financial
statements on which opinion is formed and expressed. This is the responsibility of the
management of the particular organization and also covers:
Maintenance of adequate accounting records and internal controls
The selection and application of appropriate accounting policies and
Safeguarding of the assets of the organization
The managers are not entitled to rely upon the auditor to protect them from any short comings in
carrying out their responsibilities whereas the auditor is entitled to rely upon safeguards and
internal controls instituted by the management.
Of course informing and expressing professional opinion on the financial statements the auditor
has his own independent responsibility. This responsibility is heavy and cannot be discharged
without a full realization of the professional skill and judgment which need to be exercised in
carrying out his duties.
Audit Expectation: -The users of audit services can broadly be classified as auditees (the board
of directors of the company) and third parties (shareholders, bankers, creditors, employees,
customers, and other groups). Each of these groups has its own set of expectations with regard to
an auditor’s duties. Expectations were found with regard to the following duties of auditors:
giving an opinion on the fairness of financial statements;
giving an opinion on the company's ability to continue as a going concern;
giving an opinion on the company's internal control system;
giving an opinion on the occurrence of fraud; and
giving an opinion on the occurrence of illegal acts
13
