Audit and Internal review

Assurance engagement:
Is one where a professional accountant evaluates or measures a subject
matter that is the responsibility of another party against suitable criteria, and
expresses an opinion which provides the intended user with a level of
assurance about the subject matter.
An assurance engagement means an engagement in which the practitioner
expresses a conclusion designed to enhance the degree of confidence of the
intended user other than the responsible party about the outcome of the
evaluation or measurement of a subject matter against criteria.

Types of assurance engagements:

1. engagements intended to provide high or moderate levels of assurance
2. engagements to report internally and externally
3. engagements in the private or public sector

Levels of Assurance:
Auditing Related services

nature of Audit Review Agreed upon compilation

service porcedures
Comparative High, but moderate No assurance No assurance
level of not absolute assurance
assurance assurance
provided
Report Positive Negative Factual Identification
provided assurance on assurance on findings of of info
assertion(s) assertion(s) procedures compiled

Audit engagement:
The objective of an audit of F/S is to enable the auditor to express an
opinion whether the F/S are prepared, in all material respects, in
accordance with an identified financial reporting framework.

Review engagement:
The review engagement enables an auditor to state whether, on the basis of
procedures which do not provide all the evidence that would be required in
an audit, anything that has come to the auditor’s attention that causes the
auditor to believe that the financial statements are not prepared, in all
material aspects, in accordance with an identified financial reporting
framework.

Agreed-upon procedures:
The auditor simply provides a report of the actual findings, so no assurance
expressed. Users of the report must instead judge for themselves the
auditor’s procedures and findings, and draw their own conclusions from the
auditor’s work.

Compilation engagement:
Users of the compiled information gain some benefit from the accountant’s
(as opposed to auditor’s) involvement, but no assurance is expressed on
report.

Positive and Negative assurance:

Positive: in giving this, an accountant reports that financial statements do
give true and fair view.
Negative: an accountant reports that nothing has come to his attention to
suggest that the financial statements do not give a true and fair view.

Advantages of an Audit:
The need for an external audit arises primarily when the ownership and
management of an enterprise are separated. There are however, certain
inherent advantages in having financial statements audited even when no
statutory requirement exists for such an audit.

• Disputes between management may be more easily settled.

• Major changes in ownership may be facilitated if past accounts contain
an unqualified audit report.
• Applications to third parties for finance may be enhanced by audited
accounts.
• The audit is likely to involve an in-depth examination of the business so
may enable the auditor to give constructive advice to management on
improving the efficiency of the business.

Disadvantages of an audit:
• The audit fee. Unless required by local statute, it is unlikely that many
businesses would like to have their accounts audited.
• The audit involves the client’s staff and management in giving time to
providing information to the auditor. A professional auditor should
therefore plan his audit carefully to minimize disruption which his work
will cause.

Differences between internal and external audit:

Internal auditing External auditing
Objectives Means of advising the To provide an opinion on
organization, as to whether its whether the financial
systems are running soundly. statements provide a true
and fair view of the org.
Legal basis No legal basis, although it is Usually a requirement
advised that company should imposed by statute. For
have regular internal audits. larger ltd and public comp.
Scope Operational and financial Financial focus
Approach Risk based Increasingly risk based
Assess risks
Evaluate internal control
make recommendations for
improvements
Responsibilit Advice and recommend Form an opinion
y

The Scope of External Audit

Chronology of an Audit:

• Determine audit approach

1. Determine scope of audit.
2. The scope is already laid out by legislation for statutory audits.
 3. Prepare an audit plan and file it.

• Ascertain the system and controls

1. Determine the flow of documents and extent of controls in
existence in the client’s system.
2. Prepare a comprehensive record of the system to facilitate
evaluation of the systems. The records may be in various formats
e.g. charts, narrative notes, internal control questionnaire and flow
charts.
3. Confirm the system recorded is the same as that in operation.

• Assess the system and internal controls

Evaluate the systems to gauge their reliability and formulate a basis for
testing heir effectiveness in practice.

• Test the system and internal controls

These tests should only be carried out if the controls in the previous stage
are evaluated as effective.
1. Testing of controls
2. If controls are strong, then the records should be reliable and the
amount of detailed testing is reduced, otherwise more substantive
testing is required.

• Test the financial statements

1. Substantiating the figures given in the final financial statements.
2. these also serve to assess the effect of errors.

• Review the financial statements

1. Substantiating the figures given in the financial statements.
2. These also serve to assess the effect of errors, should they exist.

• Express an opinion

1. Evaluate the evidence obtained and express opinion to members in the

form of an audit report.
2. The final report to management is an important end product of an
audit.
 3. The purpose of it is to make further suggestions for improvements in
the system and to place on record specific opinion points in
connection with the audit and the accounts.
CHAPTER 4:
INTERNAL AUDIT AND INTERNAL REVIEW 1

Corporate governance: Corporate governance is the set of processes,

customs, policies and laws affecting the way a corporation is directed,
administered or controlled.

• Corporate governance spells out the rules and procedures for making
decisions on corporate affairs. It also provides structure through which
the company objectives are set, as well as the means of attaining and
monitoring the performance of those objectives.

• It is used to monitor whether outcomes are in accordance with plans; and

to motivate the organization to be more fully informed in order to
maintain or alter organizational activity.

Why have corporate governance?

In organizations, shareholders delegate decision rights to the manager to act

in their best interest. This separation of ownership from control implies a
loss of effective control by shareholders over managerial decisions. As a
result a system of corporate governance is implemented to assist in aligning
the incentives of shareholders with mangers, in order to limit the self-
satisfying opportunities of managers.

A key factor in an individual’s decision to participate in an organization is

trust that they will receive a fair share of the organizational returns. If some
parties are receiving more than their fair return, then participants may
choose to not continue participating, potentially leading to organizational
collapse. Corporate governance is the key mechanism through which this
trust is maintained across all stakeholders.

PRINCIPALS OF CORPORATE GOVERNANCE:

1. Rights and Equitable treatment of shareholders: organizations should

respect the rights of shareholders and help shareholders to exercise those
rights by communicating information that is understandable and
 accessible. The corporate governance framework should ensure the
equitable treatment of all shareholders, including minority.

2. Role and responsibilities of the board: the board needs to be of

sufficient size and accommodate a range of skills to be able to deal with
various business issues. It should review and challenge management
performance and its commitment towards fulfilling roles and
responsibilities.

3. Integrity and ethical behavior: organizations should develop a code of

conduct of their directors and executives that promotes ethical and
responsible decision making. It is important to understand, though, that
systematic reliance on integrity and ethics is bound to eventual failure.

4. Disclosure and transparency: the corporate governance framework

should ensure that all material matters are disclosed. Implementation of
procedures to safeguard the integrity of the company’s financial reporting
should be undertaken.

5. The role of stakeholders in corporate governance: organizations

should realize that they have legal and other obligations to all legitimate
stakeholders.

Auditor’s communication with those involved in corporate governance:

The auditor should first clearly identify those charged with governance, if
for some reason he is unable to do so, then that should be addressed in the
engagement letter. It is left to the auditor to decide what should be
communicated. These include:
• The general approach and scope of the audit, including any limitations or
requirements.
• The selection of or changes in, significant accounting policies and
practices that have, or could have, a material effect on the entity’s
financial statements.
• Any disclosures that might need to be made, having potential effect on
the F/S.
• Material uncertainties related to events that may case significant doubt on
the entity’s ability to continue as a going concern.
• Disagreements with management about matters that could be significant
to the auditor’s report.
• Expected modifications to the auditor’s report.
Any other matter that the auditor deems worthy of a report should be
raised.
AUDIT COMMITTEE:
• Is a committee of the board of directors, consisting of three to five
directors with no operating responsibility in the financial management. It
primarily consists of non-executive directors who are able to view the
company’s affairs in a detached and independent manner.
• Their primary function is to assist the board to fulfill its managing
responsibilities by reviewing the systems of internal control, the audit
process and the financial information which is provided to shareholders.

AUDIT COMMITTEE ROLES:

i. To monitor the integrity of the financial statements.
ii. To review the company’s internal control functions & internal control
and risk management systems (unless addressed to a separate board
risk committee).
iii. To monitor and review the internal audit function.
iv. To make recommendations in relation to appointments of external
auditors and to approve the remuneration and terms of engagement of
the external auditor.
v. To review the effectiveness of the audit process & the independence
and objectivity of the auditor.
vi. To report to the Board, identifying any matters in respect of which it
considers that action or improvement is needed.

Advantages:
i. Increasing public confidence in the credibility and objectivity of
published financial information.
ii. Assisting directors in meeting their responsibilities in respect of
financial reporting.
iii. Strengthening the independent position of a company’s external
auditor by providing an additional channel of communication.
Leading to better communication between the directors, external
auditors and management.

Disadvantages:
i. Fear that their purpose is to catch management out.
ii. Non-executive directors being over burdened.
iii. A two-tier board of directors, making it difficult and cumbersome to
administer.
iv. There is an additional cost to the company in terms of money and time
involved.
The two-tier board of directors:

This consists of executive directors who take part in the day to day
management of the company, & non-executive directors who act as a
corporate conscience, over viewing the functions of the board. Along with a
supervisory board made up of representatives of employees and investors.

This type of structure is problematic in two ways:

1. The non-executive directors lose a lot of credibility if they condone any

misbehavior on the part of the company. The expectation is that the non-
executive directors will either restrain any proposals that are unacceptable or
they will resign.

2. The supervisory board is referred to for major decision approvals,

however this is not entirely true. The supervisory board is too often ill-
informed or informed too late of major decisions (often after they have been
implemented). Also, investors and other stakeholders are often reluctant to
discuss many key issues in the presence of employees’ representatives.

INTERNAL AUDIT AND CORPORATE GOVERNANCE:

Corporate governance mirrors itself upon internal auditing. Internal auditing

has converted from purely accountancy type auditing to operational
controlling. Companies now have an internal audit function to provide the
board with much of the assurance it requires regarding the effectiveness of
the system of internal control.

An internal control system is concerned with the following areas:

• Risk requirements
• The nature and extent of the risks regarded as acceptable
• The threat of such risks realizing
• The ability to reduce their incidence and impact if risks arise
• Costs and benefits relating to operating relevant controls
OUTSOURCING OF INTERNAL AUDIT FUNCTION:

The mere pressure of providing ‘best value’ and to adopt competitive

tendering has resulted in companies looking toward outsourcing.
Advantages:
1. Quick provision of professional services by a professional firm.
2. Better quality of service as the personnel working at outsourcer are
expected to have wider experience of all sectors of industry market.
3. Reduces the risk of high turnover or loss of staff from the internal audit
department.
4. Skills required for only a short time each year can be provided without
incurring excessive costs of maintaining an in-house expertise.
5. With a professional outsourced department, less management time is
required on internal audit, e.g. in appraisals, training and development.
6. The relationship with the outsourcer is contracted and can be revoked at
any point of time. In other words, the contract is flexible to extend or
terminate.

Disadvantages:
1. Conflict of interest may arise if the outsourced internal audit service is
being provided by the external auditors.
2. Outsourcing charges might not prove cost effective.
3. Exit routes must be defined with the outsourcer.
4. There is a risk of lack of knowledge or awareness of the organizational
objectives.
5. An outsourced department may not be able to provide the same flexibility
or ready staff available.
6. Company might lose strategic or sensitive info, as internal audits will
have access to all the info of the company and might lose competitive
edge if internal auditing would disclose the info to other clients of the
outsourcing firm.

Procedures of outsourcing:

Certain procedures should be carried out to minimize the risks or

outsourcing.
1. Controls over acceptance of internal audit contracts to ensure no impact
on independence.
2. Regular reviews of the quality of internal audit work performed
3. Separate departments covering internal and external audit
4. Clearly agreed scope, responsibilities and reporting lines
5. Performance measures and procedure manuals for internal audit.

INTERNAL AUDIT AND INTERNAL REVIEW -2

LIMITATIONS ON THE INTERNAL AUDIT FUNCTION:

Independence: internal audit should be an independent and objective

function. However this is not the case. The department carrying out the
internal audit function is still part of the entity, and there is always pressure
to avoid confrontation when providing a critical comment on a function (e.g.
Finance), even when one is required. Rather such a comment is omitted or
softened.

Relationships of internal versus external audit: a relationship between

internal and external audit cannot exist if the two functions don’t have a
common understanding of the organization’s needs.

Variations of standards: since approaches to internal audit differ from

industry to industry comparisons cannot be made, and the ‘best value’
cannot be determined.

Relatively new profession: internal auditing being a fairly new profession is

looked upon as being inferior as compared to mainstream accountancy
profession.

Expectation gap: organizations are increasingly subject to change in

objectives, systems and processes which impact the company risk profile.
Internal auditors may not always be geared up for such constant change,
which impacts both the scope of work carried out and the skills required.

MANAGEMENT ROLE IN INTERNAL AUDITING:

Management is responsible for implementing an internal control system in

order to achieve the corporate objectives such as the accurate maintenance of
accounting records.

The key to an effective control system is the creation of a sound control

environment. The control environment includes the governance and
management functions along with the attitudes, awareness and actions of
those charged with governance and management. In other words, senior
management set the tone for the control system within the entity. If they are
committed to internal control then the system is far more likely to be well
designed and also to work in the prescribed manner.

NATURE AND PURPOSE OF INTERNAL AUDIT ASSIGNMENTS:

Value for money: is concerned with obtaining the best possible combination
of services for the least resources. It is the pursuit of ‘Economy’,
‘Efficiency’ and ‘Effectiveness’.

Economy: least cost. Cost is proportionate with the risk.

Efficiency: best use of resources. Goals and objectives are accomplished
with accurate and timely fashion and minimal use of resources.
Effectiveness: best results. Providing assurance that the organization
objectives will be achieved

VFM audits tend to focus on either economy and efficiency or effectiveness,

but not both. This is because, economy and effectiveness are usually
opposed to each other. For example, it would be relatively easy to reduce
costs by providing a lower standard of service or to improve effectiveness by
spending more. The solution to this is usually to treat current effectiveness
levels as fixed and to try to identify ways of cutting costs or to aim to spend
the same as before but to improve results in the process.

Best value: is a requirement for organizations to demonstrate achievement

of the 4C principles (challenge, compare, consult and compete). This
includes meeting customer needs through effective performance
management systems.

The ‘Best Value’ approach cannot be ignored by internal audit as it has an

influence on the way in which decisions are made about the provision of all
services and activities.

Challenge: review internally the different options for providing services and
question the status quo.
Compare: comparing with other service providers to review options for
improving performance.
Consult: consult all users of services and those affected by services.
Compete: demonstrate through performance management and continuous
improvement that the most effective and efficient service is being provided.

The 4Cs equally apply to internal auditors, who must demonstrate best value
in the provision of their own service, including appropriate consultations
with users and effective performance management information.

Information technology auditing:

Information technology auditing is a specialist type of internal auditing,

reviewing and reporting on all aspects of IT systems.

Project auditing:

Project auditing is a specialist type of internal audit review, examining and

evaluating the way that change is managed. Internal auditors can help to
improve the effectiveness of a project by reviewing its management and
associated risks and controls.

Financial internal audit:

Financial audit embraces the conventional tasks of examining records and

evidence to support financial statements and management reporting. This
includes analyzing information, identifying trends and potential significant
variations from the norm.

Operational internal audit:

This reviews the business operations and control procedures, to ensure

whether they are being adhered to. The audit would also identify areas for
improvement in efficiency.

The business functions that operational and internal audit deals with include:

• Procurement
• Marketing
• Treasury
• Human resources
Audit work includes identification of areas (above) where there are principal
business risks that are preventing an organization to achieve its objectives.

Procurement: is the process of purchasing goods and services within the

organization. Organizations spend significant amounts of money on goods
and services. As a result effective control should be established here to
minimize risk of financial loss, fraud or damage to company reputation.

Main areas of risk exposure:

• Fraudulent payments to suppliers
• Inaccurate payments for goods and services
• Delays in payment resulting in damage to company reputation

Control procedures:
• Establishing policy and procedures for procurement, communicated to all
levels of management.
• Approved list of suppliers
• Authorization and approval procedures required before any sale or
purchase is made.
• Making the best deals in the market place using a fixed procedure.

Test of controls:
• Conducting a walk-through to ensure that procedures are being followed.
• Trace orders of goods and services through the system, confirming use of
authorized suppliers, correct pricing and appropriate terms.
• Review a sample of purchasing transactions to ensure that they have been
correctly authorized.

Marketing: includes all aspects about marketing (promotion, advertising,

placement, image, pricing etc).

Main areas of risk exposure:

There are significant risks associated with marketing that need to be
identified and controlled.
• Poor brand image – resulting in damage to shareholder reputation.
• Poor cost control – resulting from poor investment decisions.
• Fraudulent practices
• Excessive or inappropriate use of marketing entertainment.

Control procedures:
• Placement of a marketing strategy
• Approved policy and procedures
• Authorization of key activities
• Appropriate skills and training of staff
• Proper market research along with cost/benefit analysis produced for
market campaigns.

Tests of control:
• Walk through tests of marketing campaign
• Reviewing of market strategy placed
• Review training plans

Treasury: is the process of managing cash flow and investments within an

organization to maximize use of available finances.

Main areas of risk exposure:

• Lack of records of deals leading to financial loss
• Inaccurate cash flows listed
• Duplicate transactions or settlements
• Errors in accounting records
• Errors in management reporting
• Poor investment performance

Control procedures:
• Authority levels for the processing and placing of deals.
• Data maintenance controls
• Regular update of cash flow forecasts
• System controls, including security and access.
• Appropriate levels of staff, training and expertise

Tests of controls:
• Check sample of reconciliations and confirm that they have been
completed in a timely manner
• Review trends in performance to identify any potential areas of concern.
• Check agreement with counterparties
• Review valuations

Human resources: includes (recruitment, pay and benefits, performance

management, training and development, disciplinary and grievance
procedures etc)

Main areas of risk exposure:

• Failure to identify and recruit the right skills
• Setting up of ghost employee
• Inaccurate standing data on staff, resulting in failure to maximize the
potential of individuals.
• Failure to provide feedback to staff on performance
• Failure to provide training and development
• Incorrect or fraudulent payments

Control procedures:
• Policy and procedure manuals should be up to date and should be
formally approved
• Training of HR to ensure delivery of agree and approved policy (above)
• System access controls
• Audit trail of key actions and decisions

Tests of controls:
• Walk through tests of key procedures
• Review of reconciliations undertaken
• Review of access and security to HR systems.
• Review a sample of key transactions to ensure that they have been
processed accurately and appropriately.

CHAPTER 6:
PLANNING AND RECORDING THE AUDIT
ANALYTICAL PROCEDURES: (AT THE REVIEWING STAGE)
Analytical procedures mean the analysis of significant ratios and trends,
including the resulting investigation of fluctuations and relationships that are
inconsistent with other relevant information or which deviate from predicted
amounts.
1. Introduction (Comparisons, Relationships, Methods and Purpose)
2. Auditor Knowledge of the Business
3. Procedure

1. Introduction: Analytical review involves doing an analysis of the

financial and non-financial information. The analysis usually considers both
comparisons and relationships.

Comparisons:
Financial information is compared, for example, with:
• Prior periods (historical data);
• Budgets and forecasts (future-oriented data);
• Predictive estimates (e.g., of the annual depreciation charge);
• Industry averages

It is common practice for the auditor to prepare a schedule of account

balances for the current year (un-audited) with comparatives (audited) with
± difference columns expressed in both absolute (i.e. $) and relative (i.e. %)
terms.

Relationships:
Typically, relationships are considered between:
• Elements of financial information which are expected to adhere to a
predicted pattern (e.g., gross profit percentages);
• Financial and non-financial information (e.g., hotel revenue to room
occupancy).

Methods used:
Methods of analysis vary considerably, from simple comparisons to complex
analyses using advanced statistical techniques. Analytical procedures may be
applied to:
• Consolidated financial statements;
• Components (e.g., subsidiaries, divisions, segments);
• Individual elements of financial information (e.g., account balances).
Purposes:
• To assist in PLANNING the nature, timing and extent of other audit
procedures.
• As SUBSTANTIVE procedures when their use is more effective or
efficient then tests of detail.
• As an overall REVIEW, to conclude whether financial statements as a
whole are consistent with auditors’ knowledge of the business.
Analytical procedures at this stage (sometimes called ‘preliminary analytical
review’) assist in:

• Increasing knowledge and understanding of the business through the

accumulation of information on trends in key relationships;
• Identifying areas of potential risk (e.g. relating to the enterprise’s
financial condition);
• Determining the nature, timing and extent of other audit procedures (i.e.
audit strategy) by directing tests to areas of potentially material
misstatement.

2. Auditor knowledge of the business:

3. Procedure: The procedures remain the same whatever the stage of the
audit. A series of steps are identified which are listed below:

• Obtain understanding of the business

• Identify relevant and credible relationships – e.g. the gross profit %
expresses the relationship between sales revenue and cost of sales.
• Establish the validity of any data to be used – this involves independently
verifying the cost of sales and then applying the percentage to it.
• Predict the likely range of expected values – the audited cost of sales
percentage can be used to predict the value of sales. Auditors must take
all their knowledge of the business into account in making this
prediction. For example, they may know of a factor in this particular
 accounting period affecting the gross profit percentage and should adjust
their calculations accordingly.

• Compare predictions: with actual and consider the implications of any

variances. The auditor here is looking at two things:
1. The changes which do occur but which differ significantly from
those expected.
2. The changes which would normally be expected to occur but
which fail to do so.

Auditors should investigate both categories fully.

• Seek explanations for the above (auditors should never take the word of
the management for why a change has happened or failed to happen).

ANALYTICAL PROCEDURES: (AT THE PLANNING STAGE)

Auditor’s work on planning the audit will usually take place before annual
financial statements are available. Accordingly, any analytical procedures
performed at this stage of the audit will be based on interim financial
statements.

The auditor will have expectations as to the relationships between various

items in the financial statements and will examine the financial data
available at the planning stage to see whether these expectations match with
recorded values. In any case, where the results vary from expectations, the
auditor should plan to conduct further work.
In developing expectations, the auditor should consider non-financial data
and the likely impact of changes in factors external to the enterprise.

TYPICAL AUDIT PLANINNG PROCEDURES:

• Consider the background of the client’s business and attempt to ascertain

any problem for that sector of industry which may affect the audit work.

• Consider an outline plan of the audit including the extent to which the
auditor ay wish to reply upon internal controls and the extent to which
work can be allocated to interim or final audit stages.
• Review matter raised in the audit of the previous year by examining the
audit files.

• Assess the effect of any changes in legislation or accounting practice on

the financial statements of the client.

• Review any management accounts which the client has prepared as these
may indicate areas of concern in audit.

• Meet with the senior management to identify problem areas.

• Consider the timing of significant phases in the preparation of the

financial statements. E.g. dates of physical inventory counting, balancing
of receivables and payables, preparation of trial balances etc.

• Consider the extent to which the client’s employees may be able to

analyze and summarize the financial data to the relevance of the audit
work.

• Determine the number and grade of audit staff to be allocated to each

stage of the audit.

• Consult members of the audit team to discuss any foreseeable problems.

The preparation of a memorandum setting out the outline audit approach
may be helpful.

• Assign a budget to allocate the time to each member of the audit team.
The timing of audit work: The timing of the audit work must be planned to
suit the nature of the business being audited. There are three main
possibilities:

• All the audit work is done at or after the year end. (small businesses)
• The work is divided into interim and final audits, planning and tests of
controls taking place at the interim stage, while substantive balance sheet
audit taking place at the final stage. (medium size businesses)
• The third possibility is continuous audits, where the client is so large that
the auditor is present throughout the year. (large businesses)
AUDIT RISK: At its most simple ‘Audit Risk’ is the risk that the auditor
will get his opinion wrong. This means that the auditor will fail to qualify an
audit report that he should have qualified. In order for this situation to arise
there needs to be a material error in the accounting records or the financial
statements which was not corrected before the accounts were published and
to which the auditor did not refer in the Audit Report.

1. Explanation of the approach and the Audit Risk model:

The situation referred to in the preceding paragraph can only come about if
three things have happened in sequence:

• Firstly, a material error needs to have occurred. The chance of this

happening is commonly referred to as the Inherent Risk.

• Secondly, the error needs to have not been detected by the client’s system
of Internal Control. The chance of this happening is referred to as the
Control Risk.

• Thirdly, the auditor must have failed to find the error in the course of his
substantive testing or analytical review procedures. The chance of this
happening is known as the Detection Risk.

It is only when all of these conditions are fulfilled simultaneously that the
auditor will give an inappropriate opinion on a set of financial statements,
and the Audit Risk will materialize. Thus it can be said that the Audit Risk is
the product of the Inherent Risk by the Control Risk by the Detection Risk.

This is normally abbreviated to:

AR = IR x CR x DR

Note: Maximum Risk is assessed as 1 and lower levels between 0 and 1

e.g. Control Risk might be assessed e.g. 0.25 or 0.5.

2. Use of the model:

In order to make use of the model we need to realize that only some
elements of the model are within the auditor’s control. In particular the
auditor can do nothing about the Inherent Risk and the Control Risk. He can
assess them but cannot change them. The auditor can, however, decide what
level of overall Audit Risk he wishes to take. Naturally this will normally be
quite low: usually about 5% is considered acceptable.

So now we have .05 = IR x CR x DR

Theoretically, the auditor can make Detection Risk as low as he pleases. To

eliminate risk altogether the auditor simply has to check every transaction,
every asset and every liability! Of course, in practice this is usually just not
possible.

The usefulness of this model is that it allows the auditor to set quantitative
values on Inherent Risk and Control Risk so as to allow for an increased
amount of Detection Risk and hence a lower level of substantive testing.

In other words, the auditor will need to do less substantive testing if the
Inherent Risk and/or the Control Risk are low. If, for example, the system
of internal control is good then the Control Risk will be low leading to less
substantive testing.

On the other hand, the auditor might decide to take no comfort from inherent
or control factors and to base his audit opinion purely on substantive
procedures (including analytical review). In terms of this model that would
mean putting IR and CR = 1 and thus AR = DR. This approach is often taken
in the case of smaller or owner- managed enterprises, and it is purely the
substantive or vouching approach to auditing.

More commonly nowadays auditors will place at least some reliance on

internal control and hence control risk will be evaluated at less than one. The
exact figure will be found by means of an analysis of the results of tests of
control but the auditor should err on the side of caution. In particular, control
risk should never be assessed as zero.

Placing a numeric value on Inherent Risk is more difficult. Many auditors

will always regard Inherent Risk as maximum (i.e., one), but to do this,
while prudent, is to reduce the usefulness of the model somewhat.
Factors which need to be considered when placing a value on Inherent Risk
would include:

• The financial position of the client;

• The type of industry in which the client is operating (e.g., newer, more
high-tech industries carry higher levels of risk);
• The history of the client and the auditor’s past experiences with the
client. This is sometimes referred to as CAKE — Cumulative Auditing
Knowledge and Experience;
• The amount of pressure on the client or the client’s staff to produce
results which live up to expectations, or the extent to which the
remuneration of the management and staff are dependent upon the
client’s results.

In summary, let us take an example of a client who has decided that an

overall Audit Risk of 5% is acceptable, that the Inherent Risk is 80% and the
Control Risk is 50%. We have:

0.05 = 0.5 x 0.8 x DR

Therefore DR = 0.05 / 0.5 x 0.8

DR = .125 or 12.5%

The auditor now knows that he can afford to take a 12.5% chance of not
detecting an error during the substantive testing. Conversely he needs 87.5%
assurance that the substantive testing will pick up all material errors. He can
use this information in conjunction with statistical sampling techniques
(which are outside the scope of this article) so as to determine appropriate
sample sizes for the purposes of substantive testing.

3. Relationship to the traditional ‘systems-based’ approach:

Thus, it can be seen that the ‘Risk Based Approach’ is, in substance, no
different from the more traditional ‘Systems Approach’. Both are based on
the simple idea that an auditor can reduce substantive procedures if the
results of tests of control are good. The Risk Based approach is, however,
more specific. It should thus help to reduce the possibility of the auditor
doing too much or too little work.

4. Advantages and disadvantages of the model:

Advantages:
• It helps to eliminate ‘under’ or ‘over’ auditing;
• The results appear more rational and defensible than if the model is not
used. This may be important if the auditor is called upon to support his
decisions in a Court of Law;
• The model should help to allow work to be delegated to more junior
members of staff who will be able to proceed without having to rely too
much on their own judgment;
• The increased use of computers should make the statistical calculations
required easier.

Disadvantages:

• It is very difficult to put a quantitative value on Inherent Risk. Hence, the

model may give an impression of accuracy which is unrealistic.
• For the model to be useful the populations (i.e., numbers of items)
involved need to be sufficiently large to allow for valid statistical
conclusions to be drawn. This rules out the use of the model in many
smaller audits.
• As is always the case with such models, there is a danger of adapting an
overly mechanistic approach and that the auditor will lose his ‘feel’ for
the assignment.

5. The audit risk matrix considered:

An alternative form of the AR = IR x CR x DR model is the Audit Risk
Matrix. This places the Inherent Risk and the Control Risk on the vertical
and horizontal axis respectively and accesses them as maximum, high,
moderate or low. Reading off the correct combination gives the level of
detection risk required.
Planning Materiality: An item is material if its omission or misstatement
could influence the economic decisions of users taken on the basis of
financial statements. Materiality is considered in planning audit procedures
and in evaluating the effect of misstatements. In planning, the auditor
therefore needs to establish materiality levels to ensure that any material
misstatement or omissions in the accounting records are discovered.

Materiality levels: there are two levels to be considered here:

1. Materiality at the overall financial statement level.
2. Materiality for individual balances of transactions.

• There is an inverse relationship between materiality and audit risk.

Higher the materiality, lower the Audit Risk.
• Materiality at the planning stage is often set a lower level in order to
reduce the risk of undiscovered misstatements.

STAFFING AND TRAINING ISSUES:

Staffing issues include:
• Number of staff required
• Level of expertise required
• Length of time each member of staff will be needed
• Exact timing of their work
Job title Job description as regards the Audit
Partner • Agree fees with client
• Review audit
• Sign audit report
Manager • Assign staff to job
• Agree detailed timetable with supervisor
• Review staff requirements
• Review audit in detail at end of interim and final audits
Supervisor • Take charge of large jobs e.g. a large group of companies
or junior where each company or division is audited by a senior
manger
Senior • Take charge of the audit
• Agree audit timetable with manager
• Decide on detailed audit work
Clerks, • Compile audit working papers
juniors and • Perform detailed audit work assigned by seniors
semi seniors

It is important that staff with the correct mix of experience and knowledge of
the client and industry are employed on the audit.

Training needs include:

• Sitting in professional examinations such as ACCA
• Practical training (article-ship)
• Fulfillment of CDP requirement (continuing professional education)

RECORDING THE AUDIT PROCESS:

Working papers
ISA 230 Documentation states that auditors should document matters which
are important in providing evidence to support the audit opinion and
evidence that the audit was carried out in accordance with ISAs’. Working
papers should be sufficiently complete and detailed to provide an overall
understanding of the audit. They should record:

• Planning information
• The work done and when it was done
• Results and conclusions
Auditors are required to record all matters which are important in supporting
the report. They are particularly required to record matters that demand the
exercise of opinion, as auditors may/will be questioned later on any matter
and they should be able to show what they knew at that time.

Extracts from working papers can be made available to the client at the
discretion of the auditor, but working papers should not be made available to
third parties without client consent.

Contents of working papers:

Working papers should include the following:
• Information that can be used again i.e. permanent file information that
could be used on recurring audits.
• Audit planning information (time and budget)
• Detail of the internal control systems and auditor’s evaluation and risk
assessment.
• Detail of audit work carried out, including notes of errors, action taken
and conclusions drawn.
• Evidence of review of audit work.
• Audit summary including copies of engagement letter, representation
letters and approved financial statements.

Standardization of working papers:

Standardization offers several advantages:
• It improves efficiency of the audit work in terms of its preparation and
review.
• It helps in delegation of work.
• It helps to maintain quality control.

However a certain amount of flexibility is essential to exercise professional

judgment rather than mechanically following a standardized procedure.

Engagements to review financial statements:

Auditors may be required to carry out a review of the financial statements.
This is called a review engagement and it cannot be termed as a full audit.
The purpose of such a review is to bring anything to the auditor’s attention
that causes him to believe that the financial statements are not prepared, in
all material respects, in accordance with an identified reporting framework.
Principles of review engagement:
• The auditor should review with an attitude of ‘professional skepticism
recognizing that circumstances may exist that cause the financial
statements to be materially misstated.
• The auditor should obtain sufficient appropriate evidence (through
analytical procedures) to be able to draw a conclusion.

Detailed procedures of a review engagement:

• Obtain an understanding of the entity’s business and the industry.
• Info concerning the accounting principals and practices followed.
• An inquiry on all material statements included.
• Analytical procedures carried out to identify relationships. This can be
done through comparison with previous year financial statements and
their comparison with expected results. A pattern of relationships should
then be formed that would be expected to conform to a predictable
pattern.

CHAPTER: 7
RELIANCE ON THE WORK OF OTHERS IN THE AUDIT:

RELIANCE ON EXPERTS:
Auditors need to be aware of areas within the audit which may require the
use of an expert. An auditor may not have expertise in certain areas of an
audit and may need to obtain evidence in the form of reports, opinions,
valuations or statements from an expert.

The need to use an expert depends on the materiality and nature in terms of
complexity of the matter at hand and the risk of misstatement. If however, it
is decided that expert evidence is needed, the expert should be engaged or
employed either by the client, or by the auditor with the consent of the
client. If the client refuses and there are no other sources of evidence for the
item concerned, the auditor should qualify the audit report.
Competence and objectivity:
In order to rely on the evidence provided by the expert, the auditor must be
satisfied that the expert is competent and objective.
1. Competence would be evidenced by certification or membership of a
professional body.
2. Objectivity requires that the expert should work with a fair mind without
having any interest in the business. Objectivity will be impaired if the
 expert is the employee of the entity or is dependant on it in some other
way (financially).

Scope of the expert’s work:

This is to be decided in a meeting between the auditor, the client and the
expert. Where the following is discussed:
• the objectives of the expert’s work
• sources of info available to expert
• the form and content of work required by the expert
• expert’s access to books and records
• the assumptions and methods the expert is to use

Assessing the work of the expert:

This will be done by examining the expert’s report and determining whether
it is appropriate in the light of other work performed. The auditor should
obtain an understanding of the assumptions and methods used and consider
whether they are appropriate. If unsatisfied, the problem is discussed with
the client’s management and the expert. It may occasionally be necessary to
obtain an opinion of a second expert.

The audit report:

The auditor should not show reference of use of an expert in the audit report,
as this may imply a division of responsibilities. If the auditor has used an
expert in part of the audit work, the auditor must evaluate the work done in
detail, so as to satisfy himself that the results are sufficient, reliable and
relevant. The auditor is doing so, is taking upon himself the responsibility
for the work completed and hence does not make any reference of use of an
expert in the audit report.

The above procedure is important as the work of the auditor may be

challenged by the client or in a court of law, and hence needs to be defect
free.
RELIANCE ON INTERNAL AUDIT:
The extent to which the external auditor can depend directly on the work
done by the internal audit depends on its relevance to the external audit
function and its quality.

Relevance: A number of objectives of the internal audit may be similar to

those of external audit. The extent of dissimilarity can be amended by the
external auditors to suit their own audit work. In order to do this the external
auditors will need to take in account the internal audit’s program of work.

Quality: Quality of the work will depend on the internal auditor’s technical
competence. The internal audit department needs to be fully equipped in
terms of staffing, experience and qualification.

Factors to be considered when assessing the internal audit department:

1. The organizational status of internal audit:

The internal auditors should:
• be able to plan and carry out their work as they wish
• have access to the highest level of management
• be free of any operating responsibility
• be able to communicate fully with the external auditor

2. The scope of the internal audit function:

Scope of work underlined by IAS includes:
• pay roll and accounts
• IT and HRM
• Corporate governance

3. Due professional care:

External auditors need to make a judgment as to whether the work of
internal audit generally appears to be properly planned, controlled and
recorded.

4. Technical competence:
The internal audit department should include the right mix of core
competencies. This should be reviewed by the external auditors time after
time and significant weaknesses notified and reported to the management in
writing.
Evaluating and testing the work of internal audit:

The external auditors need to set out the extent to which they will rely on the
internal audit function, along with the reasons for doing so. Once relied
upon, the auditors must ensure that:
• The work has been performed by those with adequate technical training
and that under proper supervision.
• Sufficient relevant evidence is obtained to support the conclusions
reached.
• Conclusions reached are appropriate and that reports are consistent with
conclusions.

In planning out the audit, the external auditors need to consider:

• The materiality of areas that need to be tested.
• The information that can be obtained from IA department.
• The level of audit risk inherent in the areas to be tested or info from
IA.
• The sufficiency of complementary audit evidence
• Specialist skills possessed by internal audit staff

AUDIT CONSIDERATIONS RELATING TO ENTITIES USING

SERVICE ORGANIZATIONS:

Planning the audit: The auditor should identify at the planning stage of the
audit whether or not an organization uses service organizations to assist it;
the auditor needs to assess the type and range of service provided in order to
asses audit risk. The use of a service organization affects the audit
procedures dramatically, as now it is more difficult to state whether the
financial statements are free from material misstatement.

Planning will include assessment of inherent risk of the organization and its
control environment. This will be affected by:
• The nature of the service provided
• The degree of authority delegated to SO
• Arrangements of ensuring quality service is provided.
• Whether the activities involve assets which are susceptible to loss or
misappropriation.
• The financial status of the service organization.

If the auditors determine that they can rely on the controls within the
organization, they should perform a thorough assessment of control risk.
This includes:
• The nature of controls operated by the client and the extent to which the
service organization operates these controls.
• The actual occurrence of errors detected by the client arising from the
SO.
• The information the service organization provides to show its compliance
with controls.
• Whether the SO has its own external auditors who provide the client with
relevant information on the appropriateness of controls within the service
organization.
• The skills and knowledge of staff within the SO.

Audit procedure:
• Inspection of documents and records held by the client
• Assess effectiveness of controls with the client and the SO.
• Obtain written statement from SO in respect of confirmation of balances
and transactions.
• Performing analytical review procedures.
• Requesting the service organization’s auditor or client’s internal audit
function to do specific procedures.
• Reviewing the reports produced by the SO regarding the design of
internal control systems.

OUTSOURCING OF ACCOUNTING FUNCTIONS

Degree of risk Characteristics
High Complex transactions

Delegated authority to initiate and execute transactions

Reversal of outsourcing costly/difficult

High proportion of finance functions outsourced

Medium Some business knowledge is outsourced

Transactions can be initiated but execution requires

approval from user entity

Analytical techniques are insufficient for an adequate

degree of control

Discrete functions are outsourced

Low Little requirement for judgment in processing transaction

Non-complex transactions

Analytical control techniques are effective

Easy to reverse the outsourced function

Low proportion of functions outsourced

CHAPTER 8
INTERNAL CONTROL SYSTEMS:

Internal control: Is a process designed by those charged with governance &

management to provide reasonable assurance about the achievement of the
entity’s objectives with regard to reliability of financial reporting,
effectiveness and efficiency of operations and compliance with applicable
laws and regulations.

Internal control system consists of:

a) The control environment
b) The entity’s risk assessment process
c) The information system
d) Control activities
e) Monitoring of controls

a) Control environment: refers to the general attitude, awareness and

actions of directors and management regarding the internal control system
and its importance to the entity. This includes management style, corporate
culture, values, operating style, the organizational structure and policies and
procedures.

b) Risk assessment process: is the process for identifying and responding to

business risks. Risks relevant to financial reporting include external and
internal events that may adversely affect an entity’s ability to process and
report financial data. Once the risks are identified, management considers
their significance, the likelihood of occurrence and how they should be
managed. Management may now decide either to take steps to reduce the
risk or accept the risk (as the cost of removing the risk will be more than the
cost of the risk itself).
Risks can arise due to the following reasons:
• Changes in operating environment
• New personnel
• New information systems
• New technology
• Corporate restructuring
• New accounting standards

c) Information systems: this consists of infrastructure, software, people and

procedures relevant to financial reporting that are used to perform the
following:
• Recording of accounting transactions
• Present properly the transactions and related disclosures in the financial
statements.
• Helps in determining the time period in which transactions occurred to
permit recording of transactions in the proper accounting period.
• Measures the value of transactions in a manner that permits recording
their proper monetary value in financial statements.

d) Control activities: are policies and procedures that help ensure that
management orders are carried out. Control activities can take a number of
forms:

• Performance reviews: Involve looking at reports to identify mgt and

control issues from the past performance. E.g. a comparison or budgeted
and actual figures, which might highlight book keeping problems if the
variance is due to errors in the recorded figures.

• Information processing: Encompasses controls that are performed to

check the accuracy and completeness of transactions. E.g. a print out of
every name added to the company payroll might help prevent the
fraudulent addition of bogus employees.

• Physical controls: E.g. physical security to prevent staff or third parties

from simply stealing high value items.
e) Monitoring of controls: is a process to assess the quality of internal
control performance over time. It involves assessing the design and
operation of controls on a timely basis and taking necessary corrective
actions.

Types of internal control: There are a number of controls that an auditor

should consider:

1. Preventive: these are controls that prevent risks from occurring. E.g.
authorization controls should prevent fraudulent transactions taking
place.

2. Detective: these are controls that detect if any problems have occurred.
They are designed to pick up errors that have not been prevented. E.g.
large amounts paid without being authorized, reconciliations etc.

3. Corrective: are ones that address any problems that have occurred.
Where problems are identified, the controls ensure that they are properly
rectified. E.g. follow up procedures and management action.

Specific control procedures:

• Reporting, reviewing and approving reconciliations
• Checking the arithmetical accuracy of records
• Maintaining control accounts and trial balance
• Comparing internal data with external sources such as supplier statement
reconciliations
• Limiting direct physical access to assets and records. An alternative to
this is segregation of responsibilities. There should be a division of
responsibilities for:
- authorizing the transaction
- the physical custody and control of assets
- recording the transaction

No one person should be in a position both to misappropriate an asset and

to conceal his act by falsifying the records.

Documenting the internal control system: documenting the internal

control system has two portions: first the auditor learns about the system and
then he records the system.
1. Learning about the system: an auditor can learn about the system in the
following ways:
- Examining previous audit work: the audit files should contain a
record of the system as it operated at the last audit date. Unless there
have been major changes, this will only require updating.

- Client’s own documentation of the system: these will be in the form

of manuals of accounting procedures; these are usually a valuable
source of info.

- Interviews with client’s staff: this involves the auditor taking

interviews of the staff to find out how they carry out their functions.

- Tracing transactions: also known as walk through checks, this

involves following a particular sequence relating to a single
transaction in order to learn how the system works.

- Observation of client’s procedures: it will often be useful to watch

the client carrying out procedures such as wages pay out and opening
of the mail.

2. Recording the system: an auditor can record the system in the following
ways:
- Narrative notes: this is a simple and convenient way of describing
systems. However it can become cumbersome as system notes take up
a disproportionate amount of space. Furthermore, notes may be
difficult to interpret in order to show the changes made in the system.

- Organization charts: this provides a convenient way of describing

the relationships between individuals in an organization. However, it
does not specify the precise duties of then individuals concerned and
it only describes the formal relationships between them.

- Internal control questionnaires: these can be divided into two

categories: 1. Internal Control Evaluation Questions (ICEs) and
2. Internal Control Questions (ICQs)
1. ICE: the ICE is designed to determine whether desirable controls are
present that prevent particular errors or omissions and are answered using
knowledge of the system obtained from the flow chart or ICQ.
E.g. ‘Can goods be dispatched without being invoiced?’ they are often
referred to as control questions that require the exercise of the auditor’s
judgment.

An answer of ‘No’ to the ICE implies that the system is strong as controls
exist to prevent the specified problem. A compliance test (test of control)
will be required to ensure the controls are operating

An answer of ‘Yes” to the ICE implies that the system is weak and a
substantive test (test of detail) will be required to quantify the effect of any
errors that may have occurred.

2. ICQ: these are objective questions which focus on specific controls and
the information obtained in completing the ICQs are used to answer the
relevant ICE. The objectives of ICQs are to ascertain, record and identify
controls in the client’s system.

- Flow charts: A flow chart is a diagrammatical representation of a

system such as the accounting system. These are also used by the
auditor to document the system. Symbols are used to represent the
flow of documents and books of account, where they are filed and the
accounting operations performed on them.

Testing the internal control system:

• Strong internal controls: if the conclusion to the ICE indicates that the
entity appears to have a strong internal control system, certain
compliance tests will be performed by the auditor to obtain ‘sufficient
evidence that the controls were operating effectively at relevant times
during the period under audit’.

Compliance tests can take three main forms:

1. Examination of evidence: e.g. an auditor might examine a sample of
recorded invoices to ensure that they have been initialed. This provides
evidence that the sampled items have been signed, although it does not
necessarily prove that the client’s staff member actually checked the
invoice before signing it.
2. Re-performance: e.g. the auditor takes a sample of recorded invoices
and traces them back to their supporting order forms and goods received
records. This proves that the original comparison by the staff member
 could have taken place because the necessary evidence exists. If the
supporting records are missing and the invoices have been signed then
the auditor would have strong grounds for believing that the control has
not operated.

3. Enquiry and observation: e.g. the auditor asks staff to describe the
system and listens carefully for confirmation that a system operates as
described. The secret is to ask indirect questions and to avoid leasing the
interviewee. Rather than asking whether X compares invoices to records,
ask X to explain what the process involves and listen for references to
order forms and good records.

Note: it does not matter that the auditor cannot prove conclusively that any
given control or controls operated consistently throughout the year. It is
sufficient that the auditor can prove that sufficient care and skill has been
applied to the collection of audit evidence.

• Weak internal controls: if the ICE indicates an absence of controls to

prevent a particular error or omission then the auditor might conduct
detailed substantive testing in order to determine whether the weakness
has resulted in error and if so to quantify the effect on the financial
statements.

If the system is generally weak then the external auditor is more likely to
consider more extreme options, such as resignation, rather than staying
and attempting to resolve the problem. It is unlikely that a cost effective
audit could ever be conducted on a system that is very seriously flawed.

CHAPTER 9
INTERNAL CONTROL – REVENUE AND PURCHASES:

Control objectives: can be outlined as follows:

• Only authorized transactions are correctly and promptly recorded in the
appropriate accounts.
• And that access to assets is only in accordance with proper authorization
and that recorded assets are compared with existing assets.
Control procedures: can be outlined as follows:
• Sequential numbering of documents
• Maintenance of batch and other totals at the input stage with subsequent
checking for completeness and accuracy
• Authorization, verified by the signature of responsible officials for the
distribution or input of documents.

Tests of control: by the auditor involve ensuring that the procedures above
(control procedures) have been applied, by looking for evidence of, for
example, the checking of sequence, batch totals, control account
reconciliations etc.

Tests of control are performed by either looking for a signature to give

evidence that the control procedure has been performed. Or by re-
performing the control, to check whether all the documents are actually
there, with no omissions or duplications, in order to prove to themselves that
the control has actually been performed, rather than the document simply
having been signed.

INTERNAL CONTROL - REVENUE SYSTEM

The revenue system includes revenue obtained from sales. The control
objectives outlined above can now be translated into control objectives for
sales.

1. Control objectives: the control objectives for sales include the following:
• Sales are made in accordance with company objectives
• Customer’s orders should be authorized, controlled and recorded in order
to execute them and determine any allowance required for losses arising
from unfulfilled commitments.
• Goods shipped and work completed should be controlled to ensure that
invoices are issued and revenue recorded for all sales.
• Goods returned and claims from customers should be controlled in order
determine the liability for goods being entered in the accounts.
• Invoices should be appropriately checked as being accurate and
authorized before entered in the accounts
• There should be procedures to ensure that sales invoices are subsequently
paid and that doubtful amounts are identified in order to determine
allowance for losses.
Achievement of objectives: in order to achieve these objectives there
should be good segregation of duties. There are three distinct processes in
the sales system which should be separated and performed by different staff
in order to establish effective internal controls. They are:

• Accepting customer’s orders:

1. Sequence controlled documents should be used to acknowledge all
orders received. Any uncompleted orders should be regularly
reviewed.
2. Credit limits should be checked by the credit control department.
3. Selling prices, discounts and delivery dates should be fixed by
senior members of the sales department – never by the accounts
staff.

• Dispatch department:
1. Sequence controlled documents should be used for all goods
leaving the premises.
2. Dispatch notes should be completed by the gatekeeper or the
dispatch department – never by the accounts staff.

• Invoicing the goods:

1. Sequence controlled documents should be raised by the sales
department and then passed to the accounts department for
recording.
2. Strict control of credit notes is essential to ensure that they are
raised by proper authority in the sales department.

2. Control procedures: control procedures for sales can be explained using

a sales cycle, covering, orders, dispatch, invoicing, returns and receivables.

Orders:
• The orders should be checked against the customer’s account; this should
be evidenced by signing. Any new customer should be reffered to the
credit control department before the order is accepted.
• All orders received should be recorded on pre-numbered sales order
documents.
• All orders should be authorized before any goods are dispatched.
• The sales order should be used to produce a dispatch note for the goods
outwards department. No goods may be dispatched without a dispatch
note.
Dispatch:
• Dispatch notes should be pre-numbered and a register kept of them to
relate to sales invoices and orders.

Invoicing and credit notes:

• Sales invoices should be authorized by a responsible official.
• All invoices should be entered in sales day book, accounts receivable
ledger and accounts receivable ledger control account.
• Sales invoices and credit notes should be serially pre-numbered and
regular sequence checks should be carried out.
• Credit notes should be authorized by someone unconnected with dispatch
or accounts functions.
• Copies of cancelled invoices should be retained.
• Cancelled invoices should be signed by a responsible official.

Returns:
• Any goods returned by the customer should be checked for obvious
damage and when accepted, a document should be raised.
• All goods returned should be used to prepare appropriate credit notes.

Receivables:
• A receivables ledger control account should be prepared regularly and
checked to individual sales ledge balances.
• Formal procedures should exist for following up overdue debts.
Reminders should be sent regularly to customers for collection of
overdue debts.

Bad debts:
• The authority to write off a bad debt should be given in writing and
adjustments made to the accounts.

3. Tests of control:
Tests of control should be designed to check that the control procedures are
being applied. Appropriate testing includes:

• Carry out sequence test checks on invoices, credit notes and dispatch
notes. Ensure that all items are included and that there are no omissions
or duplications.
• Check the authorization for the:
- acceptance of the order
- dispatch of goods
- raising of invoice
- pricing and discounts
- write off of bad debts

• Check arithmetical accuracy of invoices, credit notes and sales tax.

• Check dispatch notes and good returned notes to ensure that they are
referenced to invoices and credit notes and vice versa.
• Check that control account reconciliations have been performed.

Substantive procedures
1. Accounting records:
• Check additions of the sales day book and sales returns day book.
• Check the posting of individual invoices to the general ledger and the
control account.

2. Invoices and credit notes:

• Obtain a sample of potential sales
• Check sales invoices to ensure that quantities and descriptions are
correctly stated.
• Compare invoiced prices with authorized, up to date price lists.
• Check calculations and additions of invoices and credit notes.
• Ensure that invoices are posted to the appropriate accounts.

3. Control account reconciliations:

• Test the year end control account reconciliations, checking back to
source documentation. Ensure that any reconciling items are dealt
with properly.
Analytical procedures
1. Fluctuations in sales levels: fluctuations around the year can be
identified by comparing levels of sales throughout the year on a month to
month basis, or by comparing the sales in the last month of the year to sales
in the first month of the next year.

Significant fluctuations from month to month may indicate misclassification

between months or the omission of sales.

2. Cut of problems: an increase in sales just before the year end with low
sales just after the year end may indicate that the client has tried to distort
profits. The auditor should consider identifying and checking large items in
the last month and the first month of the next period to ensure delivery took
place before the year end.

3. Disclosure: sales revenue must be disclosed by class of business and

geographical market.

INTERNAL CONTROL – PURCHASES SYSTEM

1. Control objectives: control objectives for purchases are to ensure that:

• Purchased goods are ordered under proper authority.
• They are only ordered as required.
• When received, they are properly checked for quality and quantity.
• Invoices and related documentation are properly checked and approved.

2. Control procedures: as with the sales system, controls procedures are

also required for purchases, they can be described using the purchases cycle
as follows:

Orders:
• Requisition notes for purchases should be authorized. Being authorized
by a responsible official.
• All orders to be recorded on documents showing supplier’s name,
quantities and price. Copies of orders should be maintained.
• Re-order levels should be pre-set.
Receipt of goods:
• Goods inwards centers should be identified to deal with the receipt of all
goods.
• All goods should be checked for quantity, quality and condition. Goods
received notes should be created for all goods accepted. This note should
be signed by an official.
• GRNs should be checked against purchase orders and procedures should
exist to notify the supplier of under or over deliveries.

Invoicing and returns:

• Purchase invoices received should be stamped with an approval grid and
given a unique serial number to ensure purchase invoices do not go
astray.
• The invoice should be matched with the order and the GRN.
• The invoices should be signed as approved for payment by a responsible
official.
• Invoice sequential numbers should be checked against purchase day book
details.
• Any recoverable purchase tax should be separated from the expense.
• Invoices should be properly allocated to the general ledger accounts.
• A record of goods returned should be kept and checked to the credit notes
received from suppliers.

Accounts payable ledger:

• An accounts payable ledger control account should be maintained and
regularly checked against balances in the ledger.
• Reminders of payment from suppliers should be checked against the
purchase ledger account.

3. Tests of control: as before, these should be drawn up to check whether

the control procedures have been properly applied.

Purchase order: purchase order should be tested for:

• Evidence of a sequence check
• Evidence of approval and authority.

Goods received notes: tested for sequence check

Purchase invoice: test for:
• Serial numbering
• Evidence of sequence checking
• Evidence of matching purchase invoices with GRNs and orders.
• Evidence of correct treatment of purchase taxes.

Credit note:
• Test for evidence of matching credit notes to GRNs.

Payables ledger control account: test for

• Evidence of reconciliation to purchase ledger
• Evidence of authorization of adjustments.

Substantive procedures
1. Accounting records:
• Check additions of the purchase day book and purchase returns book
• Check posting from the day books and the general ledger to the
control account.

2. Invoices and Credit notes:

• Check additions of credit notes and invoices.
• Check invoices and credit notes with day books
• Ensure invoices have been approved for payment.
• Agree invoices to orders
• Agree prices charged on invoices and credit notes to supplier’s price
lists.

3. Control accounts: test the year end control account reconciliations

checking back to source documents.

Analytical procedures
Can be used to review unusual purchasing trends, levels of purchasing
outside agreed limits or non-authorized suppliers
CHAPTER -10
INTERNAL CONTROL – PAYROLL, CASH AND OTHER AREAS;
REPORTS TO MANAGEMENT

INTERNAL CONTROL – PAYROLL

1. Control objectives: the control objectives of internal control for wages

and salaries are as follows:
• Wages and salaries should only be in respect of client’s staff and of
correct rates.
• Wages and salaries should be in accordance with records of work
performed.
• Payment should be made to correct employees.
• Liabilities to tax authorities for income tax should be properly recorded.

2.1 Control procedures (wages):

Authorization and control of documents

• There should be written authorization to employ or dismiss any
employee.
• Changes in rates of pay should be authorized in wiring by an official
outside the wages department.
• Overtime worked should be authorized by the works manager.
• The wages cheque should be signed by two signatories.
• Where pay relates to hours at work, some form of rime recording should
be used, e.g. time keys. There should be supervision of time recording.
There is a clear risk that staff can manipulate systems to obtain additional
hours and therefore additional payments. The supervisor should know the
hours worked by staff and check outputs to ensure that expected and
actual hours tally.
• When employees have been absent for a significant period, their
entitlement to salary should be checked against personnel details.
• Personnel records should be kept for each employee giving details of
engagement, retirement, dismissal or resignation, rates of pay, holidays
etc.
Prompt recording and arithmetical accuracy
• Payroll should be prepared from job cards and a sample checked for
accuracy against current rates of pay.
• Payroll should provide for accurate calculation of deductions such as tax,
pension, insurance etc.

Access to assets and records

• Employees should sign for their wages.
• No employee should be allowed to take the wages of another employee.
• When wages are claimed late, the employee should sign for the wage
packet and release should be authorized.
• The wages department should be a separate department with their
personnel not involved with receipts and payments functions.
• Unclaimed wages should be recorded in a register and held by someone
outside the wages department until claimed.

Control accounts
• Control accounts should be maintained in respect of each of the
deductions showing amounts paid periodically to the tax authorities.
• Management should exercise overall control.

2.2 Control procedures (salaries):

• Personnel records should be kept similar to those for hourly paid
employees.
• Written authority should be required to employ or dismiss an employee
or change salary rate.
• Overtime should be authorized by someone outside the payroll
department.
• The usual checks on deductions are required.
• Direct bank transfers of salaries should be signed.

3. Tests of Payroll controls: tests of payroll control include the following:

• Test sample of time sheets, clock cards for approval by responsible
official.
• Test the authority for payment to casual labour.
• Observe wages distribution, ensuring employees sign for wages, that
unclaimed wages are re-banked.
• Test control over payroll amendments.
• Examine evidence of approval of payrolls by a responsible official.
• Inspect payroll reconciliations.
• Test authorities for payroll deductions and test controls over unclaimed
wages.
Substantive procedures
Substantive testing procedures include the following:
• Select sample of personnel records
• Test sample for: rates of pay, authorization of changes in pay and
personal details.
• Ensure employees are paid only for work done
• Test personnel records to ensure that employees exist and are being paid
at the correct rate.
• Check whether deductions are actually being paid over to the tax
authorities on time and that no unrecorded penalties may arise.
• If payroll control account is maintained, check this against the general
ledger.
• Test totals of cheques drawn with 1. Net amount paid to employees. 2.
Amount paid to tax authorities.

INTERNAL CONTROL – CASH SYSTEM

1. Control objectives: control objectives for cash are of prime importance

in any business. The central objectives are that:
- All sums are received and accounted for.
- No payments are made which should not be made.
- All receipts and payments are accurately recorded.

2. Control procedures: there are a number of areas of the business that have
different control procedures, these are as follows:

Controls over cash receipts by post

• The company should safeguard against possible interceptions between
the receipt and opening of the post. E.g. by using a locked mail box and
restricting access to keys.
• The opening of the post should be supervised by a responsible official.
• All cheques and postal orders should be restrictively crossed ‘Account
payee only, not negotiable’ as soon as the mail is open to prevent them
from being endorsed and paid into someone else’s account.
• A record should be kept of all the cheques and cash received by post; this
should be done in the form of a rough cash book.

Controls over cash collected by salespeople

• Authority to collect cash should be clearly defined.
• Salespeople should be required to report sales at regular intervals which
should be formally notified to such employees.
• A responsible official should quickly follow up salespeople who do not
submit returns as required.
• Collections should be recorded when received, e.g. in a rough cash book
register.
• Periodically a responsible official should check the salespeople’s own
receipt books with cash book entries.

Control over cash sales

• Cash sales should be recorded when sale is made
• If cash sale invoices are used they should be pre-numbered, a register
should be maintained of cash sale invoice books.
• Cash received should be reconciled daily with the invoice totals.
• Daily banking of the cash sales should be checked against the invoice
total and differences investigated.
• A responsible official should sign cancelled cash sale invoices at the time
of cancellation.

Controls over banking

• Each day’s receipts should be banked and recorded in the cash book.
• Sales ledger personnel should have no access to the cash.
• Periodically a comparison should be made between the split of cash and
cheques received and banked.

Controls over cheque payments

• Unused cheques should be held in a secure place
• The person who prepared the cheques should have no responsibility over
purchase ledger or sales ledger.
• Cheques should be signed after evidence of a properly approved
transaction is available.
• Cheque signatories should be restricted to a minimum practical number.
• The signing of blank cheques should be prohibited.
• Cheques should be crossed before being signed.
• Supporting documents should be cancelled as paid to prevent their use to
support further cheque payments. This cancellation is to be done by the
cashier before the cheque is signed.
• Returned cheques may be obtained from the bank.

Bank reconciliations
• Bank reconciliations should be prepared at least once a month.
• Person responsible for preparation should be independent of the receipts
and payments function.
• Bank statements should be obtained directly from the bank and held until
reconciliation is completed.

Controls over petty cash

• The level of cash float should be laid down formally
• There should be restricted access to the floats
• Cash should be securely held.
• All expenditure should require a voucher signed by a responsible officer,
not the petty cashier.
• The ‘imprest system’ should be used to reimburse the float i.e. at any
time the total cash and value of vouchers not reimbursed equals the float.
• Vouchers should be cancelled once reimbursements have taken place.
• Periodically the petty cash should be reconciled by an independent
person.

3. Tests of control:

Cash receipts
• Attend mail opening and ensure procedures are adhered to
• Test independent check of cash receipts to bank lodgments.
• Test authorization of cash receipts
• Test for evidence of arithmetical accuracy on cash received records.
Cash payments
• Inspect cheque books for, any signatures on blank cheques and controlled
custody of blank cheques.
• Test to ensure that paid invoices are marked paid
• Examine evidence of authority for current standing orders and direct
debits.

Bank reconciliations
• Examine evidence of regular bank reconciliations
• Examine evidence to follow up outstanding items on bank reconciliations
such as un-presented cheques.

Petty cash:
• Test petty cash vouchers for approval.
• Test cancellations of petty cash vouchers.
• Test for evidence of arithmetical accuracy.

INTERNAL CONTROL – OTHER SYSTEMS (INVENTORIES AND

NON-CURRENT ASSETS)

INVENTORIES

1. Control objectives:
• Control over goods inwards, outwards and dispatches.
• Inventory records authenticated by physical counts
• Adequate steps should be taken to identify all inventories for which
write-downs may be required.
• Inventory levels should be controlled so that materials are available when
required but that inventory is not unnecessarily large.

2. Control procedures:

Approval and control of documents

• Issues from inventories should be made only on properly authorized
requisitions.
• Reviews of damaged and obsolete inventories should be carried out.

Arithmetical accuracy
• All receipts and issues should be recorded on inventory cards, cross
referenced to the appropriate GRN.
• The costing department should allocate direct and overhead costs to the
value of work in progress according to the stage of completion method.
• To do this standard costs are normally used. Such standards must be
regularly reviewed to ensure that they related to actual costs being
incurred.

Control accounts
• Total inventory records should be reconciled with the detailed inventory
records and discrepancies investigated.

Comparison of assets to records

• Inventory levels should be periodically checked against the records by a
person independent of the stores personnel, and material differences
investigated.
• Maximum and minimum inventory levels should be pre-determined.
• Re-order quantity should be pre-determined and regularly reviewed for
adequacy.

Access to assets and records

• Deliveries of goods from suppliers should pass through a goods inwards
section to the stores. All goods should pass through stores and hence be
recorded and checked as received.
• Inventories should be held in their locations so that they are safe from
damage and theft.
• Access to the stores should be limited.

3. Tests of control:
• Observe physical security of inventories and environment.
• Test procedures for recording of movements of goods in and out of
inventory.
• Test authorization for adjustments to inventory records.
• Tests controls over recording of inventory movement belonging to third
parties.
• Inspect reconciliation of inventory counts to inventory records.
NON-CURRENT ASSETS

1. Control objectives: control objectives are to ensure that:

• Non-current assets are correctly recorded, secured and maintained.
• Acquisitions of disposals of non-current assets are properly authorized.
• Non-current assets are properly recorded, depreciated and written down
when necessary.

2. Control procedures:
• Annual capital expenditure budgets should be prepared by someone
directly responsible to the board of directors.
• Applications to authority to incur capital expenditure should be submitted
to the board for approval and should contain reasons for the expenditure,
estimated cost and any non-current asset replaced.
• A document should show what is to be acquired and be signed as
authorized by the board.
• Capital projects made by the company itself should be separately
identifiable in the company’s costing records.
• Disposal of non-current assets should be authorized and any proceeds
from sale should be related to the authority.
• A physical inspection of non-current assets should be carried out
periodically and checked to the non-current asset register. Any
discrepancies should be noted and investigated.
• Assets should be properly maintained and adequately insured.
• Depreciation rates should be authorized and a warren statement of policy
produced, this should be reviewed annually to assess the need of changes.
• The calculation of depreciation should be checked for accuracy.

3. Tests of control:
• Check authorization of purchase of non current assets.
• Check authorization of disposal of significant assets.
• Confirm existence of non-current asset register. Ensure register
reconciles to nominal ledger.
• Test evidence of reconciliation of register to physical checks of existence
and condition of assets.
• Check authorization of depreciation rates and changes in rates if any.
• Ensure correct calculations of depreciation have taken place.
CHAPTER 11
AUDIT EVIDENCE

Sufficient, appropriate evidence

ISA 500 Audit Evidence requires that auditors ‘obtain sufficient appropriate
audit evidence to be able to draw a reasonable conclusion on which to base
the audit opinion.

‘Sufficient’ relates to the quantity of evidence, ‘Appropriate’ relates to the

quality or reliability and relevance of evidence.

The auditor’s judgment as to what constitutes sufficient appropriate evidence

is influenced by such factors as:
• The nature of the accounting and internal control system and control risk.
• The materiality of the item
• Experience gained during previous audits
• Results of audit procedures
• The source and reliability of information available.

Substantive procedures – relevance

Substantive procedures are tests performed to obtain evidence of any
material misstatements in the financial statements. Financial statement
assertions must be used to obtain sufficient evidence.

Financial assertions
1. Existence: An asset of liability exists at a given date. Auditors spend a
great deal of time on this assertion confirming the existence of assets such as
tangible non-current assets, inventories and cash etc.

2. Rights and Obligations: Here the auditor must ensure that it is the
business which owns the asset at the balance sheet date. There are many
situations where an asset could be on the business premises but belong to
someone else. Inventories, for example, may have been sold but not yet
delivered.

3. Occurrence: A transaction or event occurred during the relevant

accounting period which concerns to the reporting entity.
4. Completeness: There are unrecorded assets or liabilities, transactions or
events.

5. Valuation: This assertion deals with the valuation of assets and liability to
see whether they have been valued at an appropriate carrying value.

6. Measurement: A transaction or event is recorded at the proper amount

and in the correct period. This refers to income statement transactions.

7. Presentation and disclosure: Presentation and disclosure must be in

accordance with accounting standards.

Note: Mnemonic got the assertions above ‘COVER MP’

Substantive procedures – reliability

Although the reliability of audit evidence is dependent upon particular

circumstances, the following general presumptions may be found helpful:

• Evidence obtained from external sources is more reliable from that

obtained from the entity’s records.
• Evidence obtained from the entity’s records is more reliable where the
accounting and internal control systems operate effectively.
• Evidence obtained directly by auditors by such means as analysis and
physical inspection is more reliable than evidence obtained by or from
the entity.
• Documentary evidence is more reliable than oral evidence.
• Documentary evidence is least reliable if created and held by the entity. It
is more reliable if created by third parties and held by the entity. It is
most reliable if it is created by third parties and held by the auditor.

Synergy
The auditor should consider whether conclusions drawn from differing types
of evidence are consistent with one another. If however it does appear
inconsistent with one another, the reliability of each remains in doubt until
further work is done to resolve the inconsistency. However, when the
individual items of evidence relating to a particular matter are all consistent,
then the auditor may obtain a cumulative degree of assurance higher than
that which they obtain from individual items. This is a form of ‘Synergy’
Problems with obtaining reliable evidence: there are no hard fast rules for
reliability of evidence, as it is a matter of professional judgment. There can
be situations where the auditor does not have a great deal of choice; for
example, the figures of payroll are likely to be supported by evidence that is
almost totally from the entity’s records. Therefore it is sometimes impossible
to replace internally generated evidence with third party evidence.

Analytical Procedures:
 Nature and Purpose of
Analytical Procedures

Substantive procedures:
Assertions and their tests:

AUDIT EVIDENCE AND WORKING PAPERS

Working papers provide an experienced auditor with no previous connection
with the audit with an understanding of the work performed and the basis of
decisions taken. Therefore it can be said that audit files are a prime source of
audit evidence and thus must be capable of supporting the audit opinion.
However working papers should be sufficiently complete and detailed to
provide an overall understanding of the audit.

AUDIT EVIDENCE & THE AUDIT OF ACCOUNTING ESTIMATES

An accounting estimate can be defined as an approximation of the amount of
an item in the absence of a precise means of measurement. E.g. estimates for
accumulated depreciation, deferred tax, net realizable value, losses on long
term contracts, legal claims against the company and other contingent
liabilities.

Such items are inherently more risky than non-judgment items and control
risk is usually higher as these are non-routine transactions. Management is
responsible for making estimates.

The audit of accounting estimates involves the following steps:

• Review and test the process used by management – this will involve
evaluation of the data and consideration of assumptions on which the
estimate is based. It will also involve checking of the mechanical
calculations, comparison with estimates made in prior periods and
consideration of management’s approval procedures.
• Use an independent estimate (generated by the auditor) to compare with
management’s estimate.
• Review subsequent events which confirm the estimate.

Where in case of contingent liabilities, subsequent events ‘crystallize’ the

liability, there will be no need to review management’s processes or use
independent estimates.
CHAPTER 12
THE AUDIT OF NON-CURRENT ASSETS
PROCEDURES TO VERIFY LAND AND BUILDINGS

1. Ownership, rights and obligations:

The extent of testing will depend upon the materiality of the land and
buildings. Verification of existence is unlikely to be an issue, although the
auditor may have to make special arrangements to prove that a piece of
property actually exists. The bigger problem is obtaining proof of
ownership. The auditor will have to look for documents of title, transfer
documentation from lawyers, mortgages or other securities.

2. Valuations:
• Check a sample of entries in the asset register and trace back to source
documentation to ensure properly stated at cost.
• Review company policy for depreciation and ensure appropriate in the
light of useful life of the building (commonly 50 years). And ensure that
land is not depreciated.
• Ensure accurate calculation of depreciation.
• Establish the need for any write-down for impairments
3. Existence:
• Physical check of sample of assets.

4. Completeness and measurement:

• Ensure asset register reconciles to the general ledger.

PROCEDURES TO VERIFY PLANT AND EQUIPMENT

1. Ownership, rights and obligations:

• Here the auditor should look for evidence of vehicle registration
documents to ensure ownership entitlement.

2. Valuation and measurement:

• Review company policy for depreciation and ensure that they are
appropriate in the light of the useful life of the asset.
• Ensure accurate calculation of depreciation.
• Establish the need for any write down for impairments in value.

3. Existence:
• Physical existence inspected using sample of assets.

PROCEDURES TO VERIFY INVESTMENTS

Audit procedures relating to long term investments normally include

considering evidence as to whether the entity has the ability to continue to
hold the investments on a long term basis, discussing the matter with
management and obtaining written representation to that effect.

1. Existence and ownership:

• Evidence in the form of share certificates
• Dividends/interests from securities, dividend warrants.
• Internal control procedures.

Valuation:
Valuation of listed securities is easily confirmed with appropriate financial
publications. Director’s valuation of unlisted securities is something on
which audit report, and the basis of the calculations must therefore be
examined. The auditor must also consider whether any write-downs for
impairment in value are adequate, which may mean examining copies of
accounts of companies in which investments are held.

Income:
Income from securities can be verified with known interest rates for fixed
interest securities.

CHAPTER 13
THE AUDIT OF RECEIVABLES, PREPAYMENTS, BANK & CASH

PROCEDURES TO VERIFY RECEIVABLES

Confirmation:
Confirmation is the name given to a specific form of inquiry that is
particularly widely used. It involves obtaining written confirmation from a
third party, typically, although not exclusively, in relation to an account
balance in which the third party has an interest.

Situations for using confirmations

Confirmations are best used where there is a knowledgeable party,

independent of the entity and where alternative reliable evidence is not
readily available. The most knowledgeable parties are those in a
commercial relationship with the entity holding reciprocal information as to
entity balances. These include debtors, creditors, banks, lenders, borrowers
and custodians of entity assets such as stocks and securities. It is in their
own interest for such parties to maintain reliable records of their relationship
with the entity.

As a general rule, larger organizations are more likely to have reliable

internal control. This ensures that their own accounting information is
accurate. Therefore, larger organizations are more likely to have a positive
policy for responding to audit confirmations. Smaller organizations may
have less reliable accounting records and may be more likely to regard a
request for confirmation as an imposition on their time.

Generally speaking, parties from whom confirmation is sought are likely to

be independent, ensuring the evidence is reliable. However, there are two
situations where the auditor may need to exercise caution. The first is
where the other party is ‘related’, e.g. a fellow subsidiary. The second is
where the other party might be economically dependent on the entity and
may be motivated to provide an inaccurate response for fear of losing
business with the entity. Again, the larger the third party, the less likely it is
to be economically dependent and thus the more reliable the evidence from
confirmation.

Form of request

As a general rule, the request must be presented in such a form that

facilitates a response by the other party. This can be achieved by using a
standard form with space for the response and enclosing a return addressed
envelope. However, there is sometimes a conflict between facilitating a
response and the reliability of that response. For example, it is possible that
the other party might confirm the information without checking it.
Hopefully, such instances are rare.

More likely is a general reluctance to confirm through misunderstanding the

purpose of the request. Debtors may misinterpret the confirmation as a
demand for payment. Other parties may fear that confirmation might be
binding if they should subsequently discover an error in their own records. It
is usually customary to draft the wording of the confirmation to allay such
fears when dealing with parties not accustomed to receiving such requests.
Nevertheless, some respondents disclaim responsibility should their
response be in error. This is usually the case with bank confirmations.
However, this does not necessarily compromise the reliability of the
confirmation.
Types of request:
• Positive: customers are asked to confirm to the auditor directly in all
cases, whether they agree or disagree with the balance.
• Negative: customers are only asked to respond if they disagree. This
method may give some assurance, although many positive confirmation
requests are ignored and so a failure to respond to a negative
confirmation does not mean that the customer has actually agreed the
balance.

Positive confirmations provide more reliable evidence than negative

confirmations. The choice depends on the auditor’s assessment of risk. The
positive form is generally preferred. The negative form is unlikely to be used
unless inherent risk and control risks are relatively low. Where detection risk
is high, or the materiality of the account balance is high, positive
confirmation will be needed to provide substantive evidence.

When request for confirmation is made, the likeliness of a respond is more

probable if the request is sent to the right party. For example, a request
addressed to the senior management is more likely to be ignored. However a
request addressed to the party responsible for maintaining the relevant
records has a greater probability of being responded to. A potential danger is
that the response might conceal errors in the other party’s records for which
the respondent is responsible.

It is nearly always the case that management of the audited entity must
authorize each confirmation request. This exposes the risk that the process
could be interfered with by the entity because the confirmation is usually in
the form of a request – from the entity – for information to be supplied to
their auditor. It is important that auditors control the process by ensuring that
confirmations sent are in agreement with those selected for confirmation. It
is also important that the envelopes bear the auditors’ return address in the
event of non delivery.

Interpretation of evidence

Confirmation responses are at their most reliable when the auditor has
reason to believe that the information has been checked by responsible
officials against the other party’s records. Reliability must be questioned
where the auditor has reason to suspect that the request might not have been
given appropriate consideration or that the other party’s records might not be
wholly reliable.

Where no response to a request is received to a positive request for

confirmation even after suitable follow-up requests, alternative evidence
must be obtained depending upon the materiality of the transaction.

Debtors’ confirmations

The use of confirmation evidence is usually very important in the audit of

trade debtors because there are few other sources of external corroborative
evidence. It is important that the source from which the sample is selected is
tested for completeness. This usually requires selecting the sample from a
list of balances that has been tested against the sales ledger, totaled and
agreed with the general ledger balance.

The list of debtors is usually subdivided into current due balances and
overdue balances. Each present separate audit risks. Overdue balances are
more likely to contain errors and thus require a proportionately larger
sample.

It is necessary to verify non-responses with alternative reliable evidence of

the outstanding balance in order to maintain the integrity of the sample
where positive confirmations are used. Such evidence includes delivery
notes signed for by the customer, written customer sales orders and, if
subsequently paid, a remittance advice accompanying the payment
identifying the specific invoices being paid.

Creditors’ confirmations

Creditors are much less frequently confirmed than debtors. The auditor
already has external evidence in the form of supplier invoices and
statements. Although held by the entity and thus potentially at risk from
being manipulated, they are likely to provide sufficient appropriate evidence
in the absence of any suspicious circumstances. In addition, the principal
assertion verified by confirmation evidence would be that of completeness.
The available population (creditor balances recorded by the entity), is not a
suitable starting point for selecting a sample for confirmation when verifying
completeness. If time is available, auditors tend to prefer to use the
complementary/reciprocal population of purchases (or payment transactions
recorded after the period end) when verifying the completeness of recorded
creditors.

Bank confirmations

In many countries, the auditing profession has come to a mutual agreement

with the banking industry on the method to be employed in seeking
confirmations. A standardized form is commonly used with open questions
for the bank to complete. The evidence should be reliable because banks
usually maintain a high level of internal control over records of customer
balances. However, because the task of completing the confirmation is often
entrusted to relatively junior personnel and is not subject to independent
checks, auditors must be alert for the possibility of clerical errors when
making use of the evidence obtained by confirmation.

Another consideration when confirming bank balances is that they involve

both debit and credit balances and contingencies. Therefore, evidence of
both completeness and existence is sought. Although balances with each
bank are usually individually material (in that all banks are confirmed – not
just a sample), the auditors must take reasonable care that all banks which
the entity has had dealings with during the year are identified. Auditors
should request confirmations from each bank, not just those with recorded
balances outstanding at the period end.
CHAPTER 14
THE AUDIT OF INVENTORIES

Risks associated with inventory

• Inadequate inventory held to meet the demand of sales and production.
• High inventory levels resulting in poor cash flow and financial loss.
• Lack of security over inventory resulting in theft.
• Inventory inappropriately stored resulting in damage or deterioration.
• Obsolete inventory held or incorrectly supplied to customers, resulting in
financial loss and damage to reputation.
• Omission from the accounting records of inventory owned by the
business but held externally by third party. Auditor may seek an external
confirmation on this.

PHYSICAL INVENTORY COUNTS

Client’s procedures
There are two methods of carrying out inventory counts:
- Made at or close to the year end (periodical)
- On a continuous basis over the whole year. (perpetual)

Perpetual counting: in perpetual counting each item is physically inspected

at least once a year, and more frequently in case of items liable to loss.
Adequate records are kept up to date. Investigation procedures are
undertaken for discrepancies.

Advantages of perpetual counting:

• There is little or no disruption caused as opposed to periodical count
which causes a lot of disruption.
• There is more accurate and regular counting. Earlier identification of
errors leaves way for less disruption to be caused in the closing months
of the year.
• There is increased discipline of store keepers because of surprise
elements of checks.

Periodical counting: this is usually undertaken towards the end of the

financial year, or around the financial year end. If undertaken around the
financial year end, the time gap between the physical count and financial
year end should be kept to a minimum, so as to ensure the accuracy of the
records, which are necessary to adjust the year end figures.

The auditor and the inventory count

When inventory is material to the financial statements, the auditor should
obtain sufficient evidence regarding its existence and condition by
attendance at physical inventory counting.

Where attendance is impracticable, the auditor should consider whether

sufficient evidence is available to avoid a qualification of audit report.

Note: counting inventory does not fall within the duties of the auditor.
However there are certain duties that the auditor has to fulfill that lie
before, during and after the counting of inventory.

1. Planning (before the count): the auditor should carry out the following:
• Review prior year’s working papers, to familiarize with the nature,
volume and location of inventories.
• Identify problems areas in the internal control system to assess the
amount of reliance to be put on internal auditors.
• Assess inherent control, and detection risks.
• Establish whether inventory is material to the financial statements.
• Arrange third party confirmations of inventories held by third parties.
• Auditor should also perform analytical procedures on inventory as part of
planning process, this can be done using ratios:

Inventory turnover (cost of sales/average inventory)

Inventory days (average inventory/cost of sales) x 365

2. During the counting: the main task is to ensure that the client’s staff are
carrying out their duties effectively.
• Make notes of items counted, damaged inventory, instances where the
counting procedures are not being followed.
• Make test counts: from physical inventory to inventory sheets, and from
inventory sheets to physical inventory.
• Compare the test inventory sheets with the client’s inventory sheet
register.
• Reach a conclusion as to whether or not the counting was satisfactory.

3. After the counting: the auditor should check the cut-off details obtained
at the inventory count to the ledgers to ensure items are accounted for in the
correct period. The auditor should also ensure that inventory records have
been adjusted or reconciled to the physical count and all differences
investigated.

Cut-off: the auditor should examine the link between purchases records and
inventories, and between sales and inventories, to ensure that there is
complete agreement between inventory and financial records. These are
known as cut-off procedures.

Tests the auditor would carry out to ensure correct cut-off include the
following:
• During the inventory count note the serial numbers of the last sales
invoice, dispatch note and goods received note generated before the
inventory count.
• After the inventory count, check the year end dispatch notes to sales
invoices and sales day book and vice versa to ensure that dispatches and
the related invoice both fall before the year end.
• Similarly for purchases, ensure year-end goods receipts notes and related
purchase invoices are correctly treated in the current period.

Internal audit and inventory audits:

The external auditor may be able to rely on the work done by the internal
auditor. The internal auditor should approach the inventory count in the
same way as any other auditor. In particular the internal auditor will:
• Evaluate previous audits; find information on company policy on
inventory management.
• Identify risks associated with inventory and assess impact and probability
of risks.
• Review whether controls are in place.

To test the controls the auditor must:

• Review evidence of inventory counts being undertaken on a regular basis
• Confirm accuracy of data inputs
• Sample disposals to confirm authorization of transactions
The internal auditor will be able to formulate a report based on conclusions
from the testing including an overall evaluation of the level of risk exposure.

Summary diagram on physical inventory count:

INVENTORY VALUATION PROCEDURES

Raw materials and consumables

• Ascertain what elements of cost are included, e.g. carriage inwards,
duties etc.
• Ascertain method of valuing material.
• If standard costs are used, check against budget and analyze variances.
• Test check cost prices with purchase invoices received in the month.
• Follow up valuation of all damaged or obsolete inventories with a view
of establishing a net realizable value.

Work-in-progress
• Ascertain what elements of cost are included. If overheads are included,
test basis on inclusion.
• Ensure material costs exclude abnormal wastage factors.
• Ensure that any addition for overheads includes only normal expenses
based on normal production, and that any cost arising from under-
utilization of production facilities or excessive waste are not carried
forward in the inventory valuation.

Finished goods and goods for resale

• Enquire into what costs are included and how they have been established.
• Test check prices on inventory lists with official sales list.
• Ensure that inventories are held valued at NRV is less than cost.
• Ascertain damaged or obsolete finished goods.

NRV
Inventories should be measured at the lower of cost and net realizable value.
Net realizable value is calculated by adding the current selling price of
goods plus the selling and distribution directly attributable to the goods.

Post balance sheet events may influence the NRV calculation. Low selling
prices after the year end may result in NRV value being less than cost. In
such a situation, the individual inventory line affected should be revalued at
the (lower) NRV. The only exception to this rule is for raw materials and
components to be used in manufacture. No reduction in value is needed if it
can be shown that the product made from these items can still be sold at a
profit.
CHAPTER -15
THE AUDIT OF LIABILITIES AND CAPITAL

LIABILITIES (CURRENT LIABILITIES)

1. Trade payables (creditors): the auditor needs to find sufficient evidence

to conclude that trade payables are not materially understated. The main
procedures are as follows:
• Check trade payables schedule with the control account and the purchase
ledger.
• A sample of credit balances should be obtained from a list of known
suppliers. Similarly, a sample of debit balances from the purchases
account will be taken that will serve as a sample of contacts from whom
credit purchases have been made in the past.
• The amount due to creditors should be calculated by direct confirmation
through telephone or writing to creditors.
• Review the cut-off procedures for purchases. Large purchases recorded
after the year end should be checked to ensure that the goods were not
received before that date.
• Review internal control over the purchases system, which ensures that all
goods received are properly recognized as liabilities of the company.
• Perform analytical procedures using ratios and comparison.

2. Accrued charges:
• Consider the client’s own system for capturing accruals.
• Obtain a schedule for accruals and ensure that it is made correctly.
• A sample of accruals should be test checked for correct calculation. This
can be done by reference to supporting invoices received in the next
period.

3. Short-term borrowings: short term borrowings include bank overdrafts.

Verification of bank overdrafts are in every respect similar to the
verification of bank balances.

LIABILITES (LONG-TERM LIABILITIES)

1) Loan notes: An issue of loan notes will be dealt by the auditor by

reference to the company’s constitutional documents and other borrowing
agreements to ascertain the borrowing powers of the company. The
 auditor should also inspect any registration documents. Disclosure by
notes of loan notes by the financial statements should also be checked.

If the loan notes are to be redeemed, the auditor should examine the
provisions of the contract relating to the redemption.

2) Bank loans: verification of bank loans are similar to verification of cash

balances.

3) Provisions and contingent assets & liabilities: IAS 37 requires that the
amount recognized as a provision should be the best estimate of the
expenditure required to settle the obligation at the balance sheet date. No
provision should be recognized unless a present obligation exists. An
intention to make a payment is not enough; an actual obligation to pay
must exist.
The auditor’s main task will be to decide whether a provision has been
set up properly in accordance with IAS 37.

Contingent asset/liability: is a possible asset/liability that arises from

past events and whose existence will be confirmed only be the
occurrence or non-occurrence of one ore more uncertain future events not
wholly within the control of the enterprise.

Contingent assets should be disclosed where an inflow of economic

benefits is probable.

Contingent liability (definition 2): is a present obligation that arises

from past events but it is not recognized because it is not probable that an
outflow of resources will be required to settle the obligation, or the
amount of the obligation cannot be measured with sufficient reliability.

Contingent liabilities should be disclosed, unless the possibility of an

outflow of resources is remote.
Sources of audit evidence for liabilities, provisions and contingencies
SHARE CAPITAL

Audit of share capital: changes in share capital should be checked.

Sampling would not be appropriate except for an issue of shares for cash
involving a substantial number of shareholders. Appropriate procedures:
• Check authorized share capital limit to company constitutional
documents.
• Check changes in issued capital in the year and agree to board minutes.
• Trace all transactions involving cash to the cash book and bank
statement.
• Ensure appropriate disclosure as either debt or equity. (ordinary or
preference)
• Ensure that all transactions are legal and that premiums have been
accounted for properly.

Audit of revaluation reserve:

• Assessment of the reason for revaluation, the basis of revaluation.
Compare with current property market list.
• Evaluation of the qualifications, experience and independence of the
valuer.
• Ensure that adequate disclosures are made.

Audit of replacement and redemption reserve: In order to finance the

replacement of inventory and non-current assets in the future, some
businesses set aside additional amounts of profits by transferring them to
replacement reserves. Within the conventional accounting system, these
should be regarded as appropriations of profit.

Loans notes are often issued to finance the purchase of non-current assets.
Thus, in the balances sheet, the liabilities of loan notes are represented by
non-current assets. When the loan notes are redeemed, the liability is
removed by a payment of cash. In such circumstances, some companies
transfer an amount equivalent to the nominal value of the loan note
redeemed out of un-appropriated profit and into a loan note redemption
reserve account.
Although these reserves are legally distributable, the directors have
effectively indicated that they should not be distributed. The auditor should
examine the basis of transfers to reserves and their disclosure in the financial
statements.
CHAPTER 16
AUDIT SAMPLING & COMPUTER AIDED AUDIT TECHNIQUES

AUDIT SAMPLING
Involves the application of audit procedure to less than 100% of the items
within:
• An account balance; and
• Class of transaction

Sampling risk: because auditors do not examine all the items in the
population when applying audit sampling, there is a risk that the conclusion
they draw will be different from that which they would have drawn had they
examined the entire population. In order to reduce the risk, auditors should
use a rational basis for planning, selecting and testing the sample and for
evaluating the results so that they adequate assurance that the sample is
representative of the population.

Non-sampling risk: this component of risk arises from audit mistakes e.g.
failing to identify errors or incorrect evaluation of sample results. Audit
firms can minimize the risk by improving training and review procedures.

Constructing samples
The steps involved in sampling can be summarized as follows:
• Sample design
• Sample size
• Selection of the sample
• Evaluation of the sample

SAMPLE DESIGN: when designing the sample, the auditor should

consider the specific audit objectives and the population from which the
sample must be taken and the sample size.

Objectives: audit objectives relate to tests of control or substantive

procedures. The auditor may want to use statistical sampling (i.e. may want
to be 90% or 95% sure that control procedures are being applied). This
makes it possible to quantify the results. Judgment sampling, however, tends
to offer little or no scope of quantifying the relationships.
The degree of certainty is known as the confidence level and the parameters
are known as the precision limits. Clearly the more confident auditor
wished to be and the narrower the precision limits, the larger the sample size
will be.

Population: a homogenous sample of population should be chosen. If there

are elements of changes being brought during the year, the auditor will need
to make two populations.

If however the population needs to be tested for completeness or

understatement, the test should go from source documentation to the
financial statements. For example, if auditors wish to test for the
overstatement of debtors, the population will be the debtors listing. If they
wish to test for understatement of creditors, they might use a supplier’s
turnover report, but not the accounts payable listing.

Stratification: stratification is used to reduce the degree of variation

between items within a population and enables auditors to direct attention to
those areas where there is the greatest potential monetary error. It often has
the effect of reducing sample sizes.

SAMPLE SIZE: when determining the sample size, the auditor should
consider sampling risk, the tolerable error and the expected error.

Sample risk: auditors are faced with sampling risk in both tests of control
and substantive procedures as follows:

Tests of control:
• Risk of under reliance: the risk that, although the sample result does not
support the auditors' assessment of control risk, the actual compliance
rate would support such an assessment.
• Risk of over reliance: the risk that, although the sample result supports
the auditors' assessment of control risk, the actual compliance rate would
not support such an assessment.

Substantive procedures:
• Risk of incorrect rejection: the risk that, although the sample result
supports the conclusion that a recorded account balance or class of
transactions is materially misstated, in fact it is not materially misstated.
• Risk of incorrect acceptance: the risk that, although the sample result
supports the conclusion that a recorded account balance or class of
transactions is not materially misstated, in fact it is materially misstated.

Points:
The risk of under reliance and the risk of incorrect rejection may affect audit
efficiency as they may lead to additional work being performed by the
auditors, or the entity.

The risk of over reliance and the risk of incorrect acceptance may affect
audit effectiveness and are more likely to lead to an erroneous opinion on the
financial statements than either the risk of under reliance or the risk of
incorrect rejection.

Sample size is affected by the level of sampling risk auditors are willing to
accept from the results of the sample. The level of acceptable sampling risk
depends upon the importance of the results of the audit procedure involving
sampling to the auditors' conclusions. The greater the reliance on the results,
the lower the sampling risk auditors are willing to accept and the greater the
sample size needs to be.

The extent of reliance on the results of the procedure is related to the extent
to which other substantive procedures provide audit evidence regarding the
same financial statement assertion. The more other substantive procedures
lower the detection risk for a particular assertion, and therefore the lower the
reliance on the results of the substantive procedure using audit sampling, the
higher the acceptable sampling risk relating to the sampling procedure and
consequently, the smaller the sample size.

Tolerable error: Tolerable error is the maximum error in the population that
auditors would be willing to accept and still conclude that the result from the
sample has achieved the audit objective. Tolerable error is considered during
the planning stage and, for substantive procedures, is related to the auditors'
judgment about materiality. The smaller the tolerable error, the greater the
sample size needs to be.

In tests of control, the tolerable error is the maximum rate of deviation from
a prescribed control procedure that auditors would be willing to accept and
still conclude that the preliminary assessment of control risk is valid.
In substantive procedures, the tolerable error is the maximum monetary
error in an account balance or a class of transactions that auditors would be
willing to accept so that when the results of all audit procedures are
considered, auditors are able to conclude, with reasonable assurance, that the
financial statements are not materially misstated.

Expected error: If auditors expect errors to be present in the population, a

larger sample than when no error is expected ordinarily needs to be
examined to conclude that the actual error in the population is not greater
than the planned tolerable error. Smaller sample sizes are justified when the
population is expected to be error free.

In determining the expected error in a population, auditors would consider

such matters as error levels identified in previous audits, changes in the
entity's procedures and evidence available from other procedures, including
tests of control.

STATISTICAL VS. NONSTATISTICAL SAMPLING

The difference between the two types of sampling is that the sampling risk
of a statistical plan can be measured and controlled, while even a perfectly
designed non-statistical plan cannot provide for the measurement of
sampling risk.

The basic similarity between the two types is that both sampling approaches
require the exercise of auditor judgment during the planning,
implementation and evaluation of the sampling plan. In other words, the use
of statistical methods does not eliminate the need to exercise judgment.

In some circumstances, statistical sampling is more appropriate than

judgment sampling. Before deciding whether to use statistical or judgmental
sampling, the auditor must determine the audit objectives; identify the
population characteristics of interest; and state the degree of risk that is
acceptable. After making those determinations, it may be advisable to use
statistical sampling if the auditor has a well-defined population and can
easily access the necessary documentation.
STATISTICAL PROBABILITY SAMPLING

Simple Random Sampling

In auditing, this method uses sampling without replacement; that is, once an
item has been selected for testing it is removed from the population and is
not subject to re-selection. An auditor can implement simple random
sampling in one of two ways: computer programs or random number tables.

Systematic (Interval) Sampling

This method provides for the selection of sample items in such a way that
there is a uniform interval between each sample item. Under this method of
sampling, every "Nth" item is selected with a random start.

Stratified (Cluster) Sampling

This method provides for the selection of sample items by breaking the
population down into stratas, or clusters. Each strata is then treated
separately. For this plan to be effective, dispersion within clusters should be
greater than dispersion among clusters. An example of cluster sampling is
the inclusion in the sample of all remittances or cash disbursements for a
particular month. If blocks of homogeneous samples are selected, the sample
will be biased.

Note:
Remember, an essential feature of probability sampling methods is that each
element of the population being sampled has an equal chance of being
included in the sample and, moreover, that the chance of probability is
known. Only in this way, is a probability sample representative of a
population.
NON-STATISTICAL SAMPLING

Some selection methods can be used only with non-statistical sampling

plans.

Haphazard Selection

In this method, the auditor selects the sample items without intentional bias
to include or exclude certain items in the population. It represents the
auditor's best estimate of a representative sample -- and may, in fact, be
representative. Defined probability concepts are not employed. As a result,
such a sample may not be used for statistical inferences. Haphazard selection
is permitted for non-statistical samples when the auditor believes it produces
a fairly representative sample.

Block Selection

Block selection is performed by applying audit procedures to items, such as

accounts, all of which occurred in the same "block" of time or sequence of
accounts. For example, all remittances in the month of November.
Alternatively, remittances 300-350 may be examined in their entirety. Block
selection should be used with caution because valid references cannot be
made beyond the period or block examined. If block sampling is used, many
blocks should be selected to help minimize sampling risk.

Judgment Selection

Judgment sample selection is based on the auditor's sound and seasoned

judgment. Three basic issues determine which items are selected:

1. Value of items. A sufficient number of extensively worked or older

accounts should be included to provide adequate audit coverage.

2. Relative risk. Items prone to error due to their nature or age should be
given special attention.

3. Representative-ness. Besides value and risk considerations, the auditor

should be satisfied that the sample provides breadth and coverage over all
types of items in the population.
Evaluation of sample results
Having carried out, on each sample item, those audit procedures that are
appropriate to the particular audit objective, auditors should:

a. Analyze any errors detected in the sample; and

b. Draw inferences for the population as a whole. (SAS 430.5)

Analysis of errors in the sample

Before analyzing the errors detected in the sample, auditors
first would determine that an item in question is in fact an
error. In designing the sample, auditors define those
conditions that constitute an error by reference to the audit
objectives. For example, in a substantive procedure relating
to the recording of debtors, a misposting between customer
accounts does not affect the total debtors. Therefore, it may
be inappropriate to consider this an error in evaluating the
sample results of this particular procedure, even though it
may have an effect on other areas of the audit such as the
assessment of doubtful accounts.

When the expected audit evidence regarding a specific sample item cannot
be obtained, auditors may be able to obtain sufficient appropriate audit
evidence through performing alternative procedures. For example, if a
positive debtor confirmation has been requested and no reply was received,
auditors may be able to obtain sufficient appropriate audit evidence that the
debtor is valid by reviewing subsequent payments from the customer. If
auditors do not, or are unable to, perform satisfactory alternative procedures
or if the procedures performed do not enable auditors to obtain sufficient
appropriate audit evidence the item would be treated as an error.

Auditors would also consider the qualitative aspects of the errors. These
include the nature and cause of the error and the possible effect of the error
on other phases of the audit.

In analyzing the errors discovered, auditors may observe that many have a
common feature, for example, type of transaction, location, product line or
period of time. In such circumstances, auditors may decide to identify all
items in the population which possess the common feature, thereby
producing a subpopulation, and extend audit procedures in this area.
Auditors would then perform a separate analysis based on the items
examined for each sub-population.
Inferences to be drawn for the population as a whole

Projection of errors and re-assessing sampling risk

Auditors project the error results of the sample to the population from which
the sample was selected in order to form a conclusion about the possible
level of error in the population as a whole. The projection of the error results
of the sample to the population as a whole involves estimating the probable
error in the population by extrapolating the errors found in the sample.
When7 projecting error results, auditors would ensure that the method of
projection is consistent with the method used to select the sampling unit.
This is in addition to considering the qualitative aspects of the errors found.
When the population has been divided into sub-populations, the projection
of errors is done separately for each sub-population and the results are
combined.

Auditors would consider whether errors in the population might exceed the
tolerable error. To accomplish this, auditors compare the projected
population error to the tolerable error taking into account the results of other
audit procedures relevant to the specific control or financial statement
assertion. The projected population error used for this comparison in the
case of substantive procedures is net of adjustments made by the entity.
When the projected error exceeds tolerable error, auditors re-assess the
sampling risk and if that risk is unacceptable, consider extending the audit
procedure or performing alternative audit procedures, either of which may
result in them proposing an adjustment to the financial statements.
CHAPTER 17:
GOING CONCERN

The auditor and going concern evaluation

Going concern means that the entity will continue in operational existence
for the foreseeable future. This means that the balance sheet or the income
statement assume no intention or necessity to liquidate or curtail
significantly the scale of operations.

Accounting standards have made it clear that, when preparing financials

statements, management must make an assessment of the enterprise’s ability
to continue as a going concern. In order to do this, management should look
ahead at least one year from the balance sheet date (if circumstances compel,
depending upon the type of industry). The management will need to satisfy
itself that the going concern assumption is reasonable.

Auditor’s relation to going concern: when planning audit procedures, the

auditor should consider the appropriateness of management’s use of the
going concern assumption in the preparation of financial statements.
Indicators of problems: there will be certain events that may cast
significant doubt about the going concern assumption set by the
management. These indicators are listed below:

Financial indicators:
• Net liability
• Indications of withdrawal of financial support by lenders
• Negative operating cash flows
• Adverse financial ratios
• Substantial operating losses
• Discontinuance of dividends
• Inability to pay of debts on due dates

Operating indicators:
• Loss of key managers without replacement
• Loss of major market, franchise, license.
• Labor difficulties

Other:
• Changes in government policy that may adversely affect the entity.
• Pending legal proceedings against the entity that may result in claims that
are unlikely to be satisfied. E.g. damages, cash payment etc.

The Auditor’s Responsibility

Planning considerations: in planning the audit, the auditor should consider

whether there are events or conditions which may cast significant doubt on
the entity’s ability to continue as a going concern.

If these events or conditions are identified, the auditor should consider

whether they affect the auditor’s assessments of the components of audit
risk.

Evaluating management’s assessment: the auditor should consider the

same period as that used by management in making its assessment. If the
period assessed by the management covers less than twelve months, the
auditor should ask the management to extend it to twelve months from the
balance sheet date, and also ask the management of any events subsequent to
the assessment that may have an effect on the going concern.
Additional audit procedures once events or conditions are identified:
When events or conditions are identified which may cast significant doubt
on the entity’s ability to continue as a going concern, the auditor should:
• Analyze and discuss cash flow, profit and other relevant forecasts with
management
• Discuss the entity’s latest available interim financial statements
• Review the terms of debentures and loan agreements and determine
whether any have been breached
• Read minutes of the meetings for reference to financial difficulties
• Inquire entity’s lawyer against the existence of litigation or claims, their
outcomes and financial implications.
• Review events after period end to identify those that either mitigate or
otherwise affect the entity’s ability to continue as a going concern.

Audit conclusions and reporting:

After detailed testing, the auditor must now consider whether the
organization is a going concern. If it is considered that the organization is
not a going concern, then the auditor needs to discuss the issues with the
management and determine how F/S should be prepared. Financial
statements may be prepared on a break up basis. This would require all
assets and liabilities to be re-classified as ‘current’ and revalued at NRV.
Further provisions for liquidation cost may also be required.

Details of different ways in which the auditor may reports are as follows:
1. The auditor believes that there is a doubt over the going concern, but
considers that the financial statements give adequate details of the
problem. In this case the auditor will give an unqualified report but
include an ‘emphasis of matter’ paragraph drawing attention to any notes
or details in the F/S explaining the position.

2. The auditor believes that there is a doubt over the going concern status,
but considers that the F/s do no give adequate disclosure. In this case the
auditor’s report will be qualified.