AUDITING AND ASSURANCE

CPA

INTERMEDIATE LEVEL

STUDY TEXT

Revised: September 2021

1
CONTENT

10.1 Assurance engagements

- Definition and objectives
- Elements of an assurance engagement
- Types of assurance engagements
- Levels of assurance and reports
- Non-assurance engagements

10.2 Nature and purpose of an audit

- Nature and objectives
- Audit as an assurance engagement
- Development of audit (early audit and modern audit)
- Types of audit and limitations

10.3 Legal framework and regulation

- Regulatory framework within which external audits take place
- Statutory regulations; auditors' liability, appointment, removal, remuneration,
resignation, rights and duties of auditors
- International standards on auditing and other regulations
- Professional ethics/code of ethics for professional accountants
- Fundamental principles, threats and safeguards, other professional guidelines on
audit fees, conflict of interest, advertising and opinion shopping

10.4 Planning and risk assessment

- Obtaining clients acceptance and retention
- Understanding the entity and its environment
- Audit planning, audit programmes and documentation
- Assessing audit risks
- Errors, fraud and other irregularities

10.5 Overview of forensic accounting

- Nature, purpose and scope of forensic accounting
- Types of forensic investigations: Corruption, asset misappropriation, financial
statement fraud, others
- Fraud prevention and deterrence

10.6 Internal control systems

- Internal controls theory and practice
- Evaluation of internal control system and test of control
- Communication on internal control system (management letter)
- Information technology threats and control

10.7 Audit evidence

- Financial statement assertions and audit evidence

2
 - Audit evidence procedures/techniques
- Audit sampling and other means of testing
- The audit of specific items (income/expenses/assets/liabilities)
- Using the work of others (internal audit and experts)
- Computer assisted audit techniques

10.8 Overall audit review

- Subsequent events review
- Going concern review
- Contingencies and commitments
- Management representations
- Quality control and review
- Role of auditors in receiverships and liquidation

10.9 Audit reports

- 7th Schedule provisions on audit reports
- Basic elements
- Types of opinions
- Emphasis of master paragraph
- Features of audit reports

10.10 Auditing in the Public Sector

- Introduction to auditing in the Public Sector; regulatory provisions
- Establishment, mandate and functions of public sector auditors; Kenya National Audit
Office (KENAO) and similar national audit bodies
- Role of internal audit function in public entities
- Relationship between external and internal auditors in the public sector
- International Standards on Supreme Auditing Institutions

10.11 Emerging issues and trends

CONTENT

TOPIC PAGE
1. Assurance engagements ............................................................................................... 5
2. Nature and purpose of an audit ................................................................................. 12
3. Legal framework and regulation ............................................................................... 31
4. Planning and risk assessment ...................................................................................... 66
5. Overview of forensic accounting ............................................................................... 113
6. Internal control systems ............................................................................................. 125
7. Audit evidence .............................................................................................................139
8. Overall audit review ................................................................................................... 193
9. Audit reports............................................................................................................... 211
10. Auditing in the Public Sector ................................................................................... 224

3
 TOPIC 1

ASSURANCE ENGAGEMENTS

DEFINITION AND OBJECTIVES

The term assurance refers to the expression of a conclusion that is intended to increase the
confidence that users can place in a given subject matter or information. For example, an
auditor’s report is a conclusion that increases the confidence that users can place in a
company’s financial statements.

Audit engagement refers to audit performed by an auditor. It is the very first stage of an audit
procedure where the client is notified by the auditor that the work pertaining to audit has been
accepted by him/her and also provides clarifications with regard to the scope and purpose of
audit. To be more specific, audit engagement can be referred to the written letter that the
auditor uses to notify the client that he/she would be engaging in auditing services. Thus, the
audit engagement procedure is basically a negotiation based on professional terms that takes
place between prospective customer and a public accounting entity. This procedure is used for
finding new customers and offer accounting related services to different businesses.

The auditor uses the term ‘audit engagement’ when the entity has to undergo the auditing
procedure. This could imply varied things and therefore it is necessary that the auditor clarifies
what she/he exactly means by the term. Irrespective of the definition followed by the auditor,
he/she makes it a point to follow certain specific guidelines and procedure for offering the
services.

Full Engagement

Audit engagement consists of several steps that basically revolve around planning,
substantiation, control testing and finalization. The very first step involves providing a letter to
the client reminding him about the audit. Once the client has been contacts, both the auditor
and client meet with each other to determine how, why and when the auditing would take
place. In addition to this, the client also needs to provide the auditor with relevant resources
for conducting the procedure smoothly. Following this, the auditor carries out surveys to find
out more about the organization and its controls. This is followed by testing of controls and
garnering of as much detail and information as is possible. On the basis of the results and

4
information, the auditor prepares a temporary draft and shares the same with client. Once the
client has gone through the draft report, he responds to the recommendations and findings
made in it. After this, the auditor prepares a final audit report and may also request the client
to fill a survey form to better understand his/her performance. The audit is completed after a
follow up meeting with client, which usually happens within 6 m o n t hs .

Objectives of the Practitioner

A practitioner is an the individual(s) conducting the engagement (usually the engagement
partner or other members of the engagement team, or, as applicable, the firm) by applying
assurance skills and techniques to obtain reasonable assurance or limited assurance, as
appropriate, about whether the subject matter information is free from material misstatement
In conducting an assurance engagement, the objectives of the practitioner are:
a) To obtain either reasonable assurance or limited assurance, as appropriate, about
whether the subject matter information (that is, the reported outcome of the
measurement or evaluation of the underlying subject matter) is free from material
misstatement;
b) To express a conclusion regarding the outcome of the measurement or evaluation of the
underlying subject matter through a written report that clearly conveys either
reasonable or limited assurance and describes the basis for the conclusion; and
c) To communicate further as required by relevant ISAE s.

In all cases when .reasonable assurance or limited assurance, as appropriate, cannot be

obtained and a qualified conclusion in the practitioner's assurance report is insufficient in the
circumstances for purposes of reporting to the intended users, the ISAEs require that the
practitioner disclaim a conclusion or withdraw (or resign) from the engagement, where
withdrawal is possible under applicable laws or regulations.

NON-ASSURANCE ENGAGEMENTS

Non-assurance Engagements

If an engagement lacks the five elements of assurance engagements, it is considered non-

assurance (residual definition). Examples of non-assurance engagement are the following:

1. Agreed-upon procedures
2. Compilations engagements
3. Preparation of Income tax returns where no conclusion conveying assurance is
expressed
4. Management advisory services and Consulting
5. Engagement that includes rendering of professional opinions not intended to be an
assurance report

Elements of Assurance Engagements

There are five elements that must all be present in order to qualify the engagement as an
assurance engagement.

1. A three-party relationship involving a practitioner, a responsible party, and intended

5
 users;
2. An appropriate subject matter;
3. Sufficient appropriate evidence;
4. Suitable Criteria;

5. A written assurance report in the form appropriate to a reasonable assurance

engagement or a limited assurance engagement.

Appropriate Subject Matter

The subject matter and the subject matter information of an assurance engagement can take
many forms, such as:

 Financial performance or conditions

 Non-financial performance or conditions
 Physical characteristics
 Systems and Processes
 Behavior

An appropriate subject matter is

 Identifiable and capable of consistent evaluation or measurement against the identified

criteria
 Capable of being subjected to procedures for gathering sufficient appropriate evidence
to support a reasonable assurance or limited assurance conclusion, as appropriate

Sufficient Appropriate Evidence

 Sufficiency is the measure of the quantity of evidence

o The quantity of evidence needed is affected by the risk of the subject matter
being materially misstated.
 Appropriateness is the measure of the quality of evidence, that is, its relevance and
reliability
o The reliability of evidence is influenced by its source and by its nature, and is
dependent on the individual circumstances under which it is o bt a i ne d .
o Generalization about the reliability of evidence – evidence is more reliable if:
 Obtain from independent source outside the entity
 Generated internally when the related controls are effective
 Obtained directly by the practitioner than indirect or by inference
 Exist in documentary form
 Provided by original documents
 Merely obtaining more evidence may not compensate for its poor quality
 The auditor should consider the cost of obtaining the usefulness of the evidence.

Suitable Criteria

The following are the characteristics of criteria to be considered suitable:

 Relevance – contribute to conclusions that assist decision-making by the intended

6
 users.
 Completeness – the relevant factors that could affect the conclusions are not omitted.
Includes benchmarks for presentation and disclosure

 Reliability – allows reasonably consistent evaluation or measurement of the subject

matter including where relevant, presentation and disclosure, when used in similar
circumstances by similarly qualified practitioners
 Neutrality – free from bias
 Understandability – contribute to conclusions that are clear, comprehensive, and not
subject to significantly different interpretations

TYPES OF ASSURANCE ENGAGEMENTS

1. As to level of assurance:
i. Reasonable Assurance – the objective is a reduction in assurance engagement
risk to an acceptably low level as the basis for a positive form of expression of a
practitioner’s conclusion. (e.g., audit of historical financial statements)
ii. Limited Assurance – the objective is a reduction in assurance engagement risks
to a level that is acceptable in the circumstances of the engagement, but where
the risk is greater that for a reasonable assurance engagement, as the basis for a
negative form of expression of the practitioner’s conclusion. (e.g., review of
historical financial statements
2. As to structure of engagement:
i. Assertion-based – the evaluation or measurement of the subject matter is
performed by the responsible party, and the subject matter information is in the
form of assertion to the intended users.
ii. Direct Reporting – the practitioner either directly performs the evaluation or
measurement of the subject matter, or obtains a representation from the
responsible party that has performed the evaluation or measurement that is not
available to intended users. The subject matter information is provided to the
intended users in the assurance report.

Importance of Assurance Engagements

1. Potential bias in providing information

2. Remoteness between a user and the organization
3. Complexity of the transactions, information, or processing systems
4. Investors need to manage their risk and thereby minimize financial surprises as
consequences to investors, and others, of relying on inaccurate information can be quite
significant.

Limitations of Assurance Engagements

1. Use of selective testing (sampling)

2. Use of judgment

7
 3. Inherent Limitations of internal control
4. Persuasive evidence rather than conclusive evidence
5. Characteristics of the subject matter

LEVELS OF ASSURANCE` AND REPORTS

There are broad ranges of assurance engagement and each has distinct differences depending
on the assurance requirements as follows:
Review engagement: The auditor provides a moderate level of assurance that the information
subject to review is free from material misstatement. This is expressed in the form of negative
assurance. Agreed-upon procedures: The auditor simply provides report of the actual findings,
so no assurance is expressed. Users of the report must instead judge for themselves the
auditors’ procedures and findings and draw their own conclusions from the auditors work.
Compilation engagement: Users of compiled information gain some benefit from the
accountant's (as opposed to the auditor's) involvement, but no assurance is expressed in the
report.

REPORTS

The practitioner forms a conclusion on the basis of the evidence obtained, and provides a
written report containing a clear expression of that conclusion that conveys the assurance
obtained about the subject matter information.
Assurance Standards establish basic elements for assurance r e p o r t s .
In an attestation engagement, the practitioner's conclusion can be worded either:

a. in terms of a statement made by the measurer or evaluator, that is, the party
responsible for measuring or evaluating the underlying subject matter (for example: —
In our opinion the responsible party's statement that internal control is effective, in all
material respects, based on XYZ criteria, is fairly stated); or
b. In terms of the underlying subject matter and the criteria (for example: —in our
opinion internal control is effective, in all material respects, based on XYZ criteria). In
a direct engagement, the practitioner's conclusion is worded as for (b) above, that is in
terms of the underlying subject matter and the cri t er ia.

Can the practitioner’s conclusion be worded in terms of:

The underlying subject A statement made by the
matter and the criteria? measurer or evaluator who
is not the practitioner?
Attestation yes yes
engagement

8
 Direct engagement yes No
(the practitioner is the
measurer or evaluator in a
direct engagement, so there
is no statement made by
another party)

 In a reasonable assurance engagement, the practitioner's conclusion is expressed in the

form that conveys the practitioner's opinion on the outcome of the measurement or
evaluation of the underlying subject matter, for example: —in our opinion internal
control is effective, in all material respects, based on XYZ criteria. This form of
expression conveys —reasonable assurance. Having performed procedures of a nature,
timing and extent that were reasonable given the characteristics of the underlying
subject matter and other relevant engagement circumstances described in the assurance
report, the practitioner has obtained sufficient appropriate evidence to reduce
engagement risk to an acceptably low level.
 In a limited assurance engagement, the practitioner's conclusion is expressed in a form
that conveys that, based on the procedures performed, nothing has come to the
practitioner's attention to cause the practitioner to believe the subject matter
information: is materially misstated, for example, —Based on our work described in
this report, nothing has come to our attention that causes us to believe that internal
control is not effective, in all material respects, based on XYZ criteria. This form of
expression conveys a level of —limited assurance that is commensurate with the level
of the practitioner's procedures given the characteristics of the underlying subject
matter and other engagement circumstances described in the assurance report.
 The practitioner may choose a —short form or —long form style of reporting to
facilitate effective communication to the intended users. —Short-form reports
ordinarily include only the basic elements. —Long-form reports include other
information and explanations that are not intended to affect the practitioner's
conclusion. As well as the basic elements, long-form reports may describe in detail the
terms of the engagement, the criteria being used, findings relating to particular aspects
of the engagement, details of the qualifications and experience of the practitioner and
others involved with the engagement, disclosure of materiality levels, and, in some
cases, recommendations. Whether to include any such information depends on its
significance to the information needs of the intended u s e rs .
 The practitioner's conclusion on the subject matter information is clearly separated
from any emphasis of matter, -findings, recommendations or similar information
included in the assurance report, and the wording used makes it clear that findings,
recommendations or similar information is not intended to detract from the
practitioner's conclusion.
 The practitioner's conclusion is modified when the following circumstances exist and,
in the practitioner's professional judgment, the effect of the matter is or may be
material:
a. There is a limitation on the scope of the practitioner's work. The practitioner
expresses The practitioner is unable to obtain sufficient appropriate evidence in
the context of the engagement, in which case a scope limitation exists and a

9
 qualified conclusion or a disclaimer of conclusion is expressed depending on-
how the materiality or pervasiveness of the limitation is. In some cases the
practitioner considers withdrawing from the enga gement .
b. When:

i. The practitioner's conclusion is worded in terms of a statement made by the

measurer or evaluator, and that statement is incorrect, in a material respects;
or
ii. The practitioner's conclusion is worded in terms of the underlying subject
matter and the criteria, and the subject matter information is not free from
material misstatement.

In such cases, a qualified or adverse conclusion is expressed, depending on the materiality and
pervasiveness of the matter
A qualified conclusion is expressed as being —except for the effects, or possible effects of the
matter to which the qualification relates.
In those cases where the practitioner's unqualified conclusion, would be worded in terms of a
statement made by the measurer or evaluator, and that statement has identified and properly
described that the subject matter information is materially misstated:
a. A qualified or adverse conclusion worded in terms of the underlying subject matter and
the criteria is expressed; or
b. If specifically required by the terms of the engagement to word the conclusion in terms
of statement made by the measurer or evaluator, an unqualified conclusion is expressed
but emphasizes the matter by specifically referring to it in the assurance report.

If it is discovered after the engagement has been accepted, that the criteria are unsuitable or the
underlying subject matter is not appropriate for an assurance e n g a g e m e n t .
a. A qualified conclusion or adverse conclusion is expressed depending on how material
or pervasive the matter is, when the unsuitable criteria or inappropriate underlying
subject matter is likely to mislead the intended users; or
b. A qualified conclusion or a disclaimer of conclusion is expressed depending on how
material or pervasive the matter is, in other cases.

In some cases the practitioner considers withdrawing from the e n g ag e m e n t .

A qualified conclusion is expressed when the effects, or possible effects, of a matter are not as
material or pervasive as to require an adverse conclusion or a disclaimer of conclusion. A
qualified conclusion is expressed as being —except for the effects, or possible effects, of the
matter to which the qualification relates.

TOPIC 2

NATURE AND PURPOSE OF AN AUDIT

NATURE AND OBJECTIVES

Definition of an Audit:

10
An audit is the independent examination of an expression of an opinion on the financial
statements of an economic entity by appointed auditor in pursuance of that appointment and in
compliance with any relevant statutory obligation
The objective of an audit is to enable the auditor express an opinion whether financial
statements show a true and fair view of the company state of affairs in accordance with an
identified financial reporting framework.
The purpose of an audit is not to provide additional information but rather it is intended to
provide the users of the accounts with assurance that the information provided to then by
directors is reliable. However, the users should not assume the auditor’s opinion is one to
efficiency with which management has conducted the affairs of the e n t i t y .
Financial statement: According to the Companies Act, the company accounts refers to the
balance sheet and the profit and loss account but due to development in business practice and
shareholders information needs, these are inadequate as to the information regarding financial
position and performance of the company. Since most balance sheets and profit and loss
accounts are summarized statements amplified by notes to the statements, the business
community and the accountancy profession require that a cash flow statement as well as a
statement of changes in equity be prepared. The terms company accounts and financial
statements have the same meaning.

Financial Reporting framework: According to International Auditing Standards (ISA 200, the
framework of international standards of auditing), financial statements are usually prepared
and presented annually and are directed at common informational needs of a wide range of
users.
Many of the users rely on the financial statements as their major source of additional
information to meet their specific information needs. Therefore financial statements need to be
prepared in accordance with one or combination of:
 International Financial Reporting Standards (IFRS)or IASs
 National accounting standards
 Any other authoritative and comprehensive financial reporting framework designed for
use in financial reporting and is identified in the financial statements. In Kenya the
financial reporting framework adopted is as prescribed by IF R S .

Scope of-the Audit

 The auditor's opinion on the financial statements deals with whether the financial
statements are prepared, in all material respects, in accordance with the applicable
financial reporting framework: Such an opinion is common to all audits of financial
statements.
 The auditor's opinion therefore does not assure, for example, the future viability of the
entity nor the efficiency or effectiveness with which management has conducted the
affairs of the entity. In some jurisdictions, however, applicable law or regulation may
require auditors to provide opinions on other-specific matters, such as the effectiveness of
internal control, or the consistency of a separate management report with the financial
statements.
 While the ISAs include requirements and guidance_ in relation to such matters to the
extent that they are relevant to forming an opinion on the financial statements, the

11
 auditor would be required to undertake further work if the auditor had additional
responsibilities to provide such opinions.

STAGES OF AN AUDIT

The suggested audit approach is designed to gather sufficient and reliable evidence to support
the audit opinion in the most efficient and effective way and to enable the engagement team to
fully understand the client's business. There is no difference between an audit of a large and a
small entity except that the procedures adopted may differ depending on the particular
circumstances of each audit
i. Preliminary Engagement Activities
ii. Planning
iii. Execution
iv. Review and Completion

i) Preliminary Engagement Activities

At the Pre-planning stage, the engagement partner ensures that:
- The client acceptance and continuation procedures have been carried out;
- The terms of engagement have been agreed in writing;
- The quality control aspects for the assignment have been reviewed including review of
the competency of the team to carry out the assignment, review of compliance with the
ethical requirements, including review of the independence requirements.

Planning

Planning is an essential component in focusing the audit efforts. The key components of
Identifying the scope of the assignment
Developing an audit strategy taking into consideration the scope of the engagement; the
business and the regulatory environment in which the entity operates; entity specific issues
including reliance on the work of internal audit; reporting objectives, timing of the audit and
the nature of communication required; matters affecting the direction of the audit including

preliminary setting of materiality levels, preliminary review of risk including fraud risk,
preliminary review of internal control including the control environment, the process adopted
by the entity to identify, measure, monitor and control risks.
- Developing, based on the above, the overall audit plan detailing the nature, timing and
extent of the audit procedures to be performed in order to reduce the audit risk to an
acceptably low level; the nature of tests to be adopted; procedures to be adopted at the
assertion level; and tailoring the audit programmes.
- Ascertaining the nature and the extent of the resources required to perform the audit.

iii) Execution
- The key components of the execution stage are:
- Carrying out the test of controls and substantive tests on transactions and balances
including substantive analytical procedures to obtain sufficient and appropriate audit
evidence to enable the engagement team to draw reasonable conclusions on which to

12
 base the audit opinion.
- Evaluating significant assumptions used in fair value measurement to determine the
reasonableness of the basis used and the disclo sures.
- Identification of related parties and obtaining sufficient and appropriate audit evidence
in respect of measurement and disclosure of related party t r a n s a c t i o n s .
- Documenting the nature, timing and extent of the audit procedures performed and the
results and conclusions drawn from the audit evidence obtained

While pre-printed forms and programmes are available in the Manual, the extent and the
timing of the tests should be tailored to the specific assignment. Different tests and different
levels will be appropriate for each assignment. The control of the audit at this stage must be
maintained by a senior team member with the appropriate experience and expertise.

iv) Review and Completion

The review and completion procedures focus on ensuring that sufficient and appropriate
evidence has been obtained to support the audit opinion. This involves ensuring that:
- All outstanding matters have been cleared.
- Consultations on difficult or contentious matters have been documented and adequately
resolved and conclusions therefrom implemented.
- Analytical procedures have been performed to form a conclusion on whether the
financial statements taken as a whole are consistent with the firm's knowledge of the
business.
- Where other appropriate audit evidence cannot be reasonably obtained, written
management representations have been obtained on areas material to the financial
statements.
- Review has been carried out of any material uncertainty relating to events or conditions
that n g may exist which alone or in aggregate cast a significant doubt on the
entity's ability to continue as a going concern.
- There is evidence that the engagement team has considered and confirmed that the
financial reporting framework adopted by the entity is suitable, and that the financial
statements comply with the framework as to recognition, measurement, Presentation
and disclosure. In the context of Kenya, this in most cases will be the IFRS's.
- The engagement partner has reviewed the audit file and is satisfied that sufficient and
appropriate evidence has been obtained to support the conclusions derived and the audit
opinion to be issued. As much of the audit evidence obtained is persuasive rather than
conclusive, absolute certainty is rarely obtainable and .therefore the engagement partner
should ensure that the audit risk is reduced to the lowest level p o s s i bl e .
- Where applicable, sufficient and appropriate procedures have been performed to
identify subsequent events tip to the date of the audit report and ensure that all items
that require adjustment or disclosure in the financial statements have been appropriately
dealt with:
- Where appropriate, an engagement quality .control review has been undertaken and all
the issues arising from the review have been fully dealt with and cleared with the
reviewer.
- At the end of each audit, the engagement team is de-briefed, the audit objectives set out
for the assignment have been achieved and that the engagement team has gained

13
 experience from the assignment which will enhance their personal development.

Though not covered by the terms of audit engagement, the engagement team may, as part of
the audit process carry out a business review of the key issues facing the entity and take a
strategic look at the business and at areas where the firm can add value to the entity. In
providing other value added services, the firm and in particular the engagement partner should
be conscious of the independence requirements of the code of et h i cs

AUDIT AS AN ASSURANCE ENGAGEMENT

It is often not possible to check things for yourself, whether quality, accuracy, performance or
existence.
You might not have the skills or the time, or you might be in the wrong location. Therefore
you must rely on someone else to give you assurance. This means you have to decide:
- What standards should be applied?
- What represents 'good', 'acceptable' or ‘ unacceptable?
- How much checking should be done? All checking and assurance has an associated cost

Audit is one form of assurance

An audit is defined as: the independent examination of and expression of opinion on the
financial statements of an entity by a duly appointed auditor in pursuit of that appointment.
The important words here are 'independent' and ‘opinion’.
Independence is essential and underlies the value of auditing.
Opinion really means that one auditor could look at a set of financial statements and disagree
with the opinion of another auditor.
Judgment is essential to all auditing, there are no certainties and there are no certifications of
correctness or accuracy.

DEVELOPMENT OF AUDIT (EARLY AUDIT AND MODERN AUDIT)

A review of the historical development of auditing has shown that the objective of auditing
and the role of auditors are constantly changing as they are highly influenced by contextual
factors such as the critical historical events (e.g. the collapsed of big corporations), the verdict
of the courts, and technological developments (e.g. advancement of computing systems and
CAATs). It can be observed that any major changes in these contextual factors are likely to
cause a change in the audit function and the role of auditors. As a result, auditing is seen to be
evolving at all times.
However, it is important to note that the change in society's expectation and the response of
the auditing profession towards these changes are not always at the same pace. Hence there is
a natural time gap between the changing expectation of the users and the response by the
profession and due to this time gap there arises what has been stated as the expectation gap or
audit expectation gap. Even though the existence of such a natural time gap is inevitable,
auditors should be sensitive to the changing expectation of the relevant groups while at the
same time containing these expectations within the constraints of what is possible. There are
inevitably economic and practical limitations on what an audit can do, and this is something
which those who wish the benefit must underst and.

14
The evolution of auditing practices

prior to 1840
Generally, the early historical development of auditing is not well documented (Lee, 1994).
Auditing in the form of ancient checking activities was found in the ancient civilizations of
China, Egypt and Greece. The ancient checking activities found in Greece (around 350 B.C.)
appear to be closest to the present-day auditing.
Similar kinds of checking activities were also found in the ancient Exchequer of England.
When the Exchequer was established in England during the reign of Henry 1(1100-1135),
special audit officers were appointed to make sure that the state revenue and expenditure
transactions were properly accounted for. The person who was responsible for the
examinations of accounts was known as the "auditor". The aim of such examination was to
prevent fraudulent actions.

1840s-1920s
The practice of auditing did not become firmly established until the advent of the industrial
revolution during the period 1840s-1920s in the UK. According to Brown (1962), the large-
scale operations that resulted from the industrial revolutions drove the corporate form of
enterprise to the foreground. Large factories and machine-based production were established.
As a result, a vast amount of capital was needed to facilitate this huge amount of capital
expenditure. The emergence of a "middle class" during the industrial revolution period
provided the funds for the establishment of large industrial and commercial undertakings.
However, the share market during this period was unregulated and highly speculative. As a
consequence, the rate of financial failure was high and liability was not limited. Innocent
investors were liable for the debts of the business. In view of this environment, it was apparent
that the growing number of small investors was in dire need of protection (Porter, et al, 2005).
Hence, the time was ripe for the profession of auditing to emerge (Brown, 1962).
In response to the socio-developments in the UK during this period, the Joint Stock
Companies Act Was passed in 1844. The Joint Stock Companies Act stipulated that
"Directors shall cause the Books of the Company to be balanced and a full and fair Balance
Sheet to be made up". In addition the Act provided the appointment of auditors to check the
accounts of the company. However, the annual presentation of the balance sheet to the
shareholders and the requirement of a statutory audit were only made compulsory in .1900
under the Companies Act 1862 (UK).
According to Porter, et al (2005) the accountant particularly in the early years of this period,
was normally the company manager and his duties were to ensure proper use of the funds
entrusted to him. The auditors during this period were merely shareholders chosen by their
fellow members. The auditors during this period were required to perform complete checking
of transactions and the preparation of correct accounts and financial statements. Little attention
was paid to internal control of the company.

1920s-1960s
The growth of the US economy in the 1920s-1960s had caused a shift of auditing development
from the UK to the USA. In the years of recovery following the 1929 Wall Street Crash and

15
ensuing depression, investment in business entities grew rapidly. Meanwhile, the advancement
of the securities markets and credit-granting institutions had also facilitated the development
of the capital market in this period. As companies grew in size, the separation of the
ownership and management functions became more evident. Hence to ensure that funds
continued to flow from investors to companies, and the financial markets function smoothly,
there was a need to convince the participants in the financial markets that the company's
financial statement provided a true and fair portrayal of the relevant company's financial
position and performance. In view of the economic condition, the audit function was mainly to
provide credibility to the financial statements prepared by company managers for their
shareholders. Consensus were generally achieved that the primary objective of an audit
function is adding credibility to the financial statement rather than on the detection of fraud
and errors.
The concept of materiality and sampling techniques were used in auditing during this period.
The development of material Concept and sampling technique was due to the voluminous
transactions involved in the conduct of business by large corporations operating in widespread
locations. It is no longer practical for auditors to verify all the transactions.
Consequently, sampling and the development of judgment of materiality were essential.
The major characteristics of the audit approach during this period i n c l u d e d :
i. Reliance on internal control of the company and sampling techniques were used;
ii. Audit evidence was gathered through both internal and external source;
iii. Emphasis on the truth and fairness of financial statements;
iv. Gradually shifted to the audit of Profit and Loss Statement but Balance Sheet
remained important; and
v. Physical observation of external and other evidence outside the "book of account"

1960s to 1990s
The world economy continued to grow in the 1960s-1990s. This period marked an important
development in technological advancement and the size and complexity of the companies.
Auditors in the 1970s played an important role in enhancing the credibility of financial
information and furthering -the operations of an effective capital market. The duties of
auditors among others were to affirm the truthfulness of financial statements and to ensure
that financial statements were fairly presented.
Hence, the role of auditors with regard to the audit of financial statement generally remained
the same as per the previous period.
Despite the overall audit objectives remaining similar, auditing had undergone some critical
developments in this period. In the earlier part of this period, a change in audit approach can
be observed from "verifying transaction in the books" to "relying on system". Such a change
was due to the increase in the number of transactions which resulted from the continued
growth in size and complexity companies where it is unlike for auditors to play the role of
verifying transactions. As a result, auditors in this period had placed much higher reliance on
companies' internal control in their audit procedures. Furthermore, auditors were required to
ascertain and document the accounting system with particular consideration to information
flows and identification of internal controls. When internal control of the company was
effective, auditors reduced the level of detailed substance testing. In the early 1980 there was a
readjustment in auditors' approaches where the assessment of internal control systems was
found to be an expensive process and so auditors began to cut back their systems work and

16
make greater use of analytical procedures. An extension of this was the development during
the mid-1980s of risk-based auditing. Risk-based auditing is an audit approach where an
auditor will focus on those areas which are more likely to contain errors. To adopt the use of
risk-based auditing, auditors are required to gain a thorough understanding of their audit
clients in term of the organization, key personnel, policies, and their industries. Hence, the use
of risk-based auditing had placed strong emphasis on examining audit evidence derived from a
wide variety of sources, i.e. both internal and external information for the audit client. Most of
the companies in this period had introduced computer systems to process their financial and
other data, and to perform, monitor and control many of their operational and administrative
processes. Similarly, auditors placed heavy reliance on the advanced computing auditing tool
to facilitate their audit procedures. In addition to the auditing of financial statement, auditors at
the same time were providing advisory services to the audit c li e n t s .

1990s-present
The auditing profession witnessed substantial and rapid change since 1990s as a result of the
accelerating growth at the world economies. It can be observed that auditing in the present day
has expanded beyond the basic financial statement attest function. Present-day auditing has
developed into new processes that build on a business risk perspective of their clients. The
business risk approach rests on the notion that a broad range of the client's business risks are
relevant to the audit. Advocates of the business risk approach opined that many business risks,
if not controlled, will eventually affect the financial statement. Furthermore by understanding
the full range of risks in businesses, the auditor will be in a better position to identify matters
of significance and relevance to the audit profession on a timely basis. Since the early 1990s,
the audit profession began to take increased responsibility to detect and report fraud and to
assess, and report more explicitly, doubts about an auditor’s ability to continue in conformance
with society's and regulators' increasing concern about corporate governance matters.
Adoption of the business risk approach in turn enhances auditor's ability to fulfill these
responsibilities. Presently, the ultimate objective of auditing is to lend credibility to financial
and non-financial information provided by management in annual reports; however, audit
firms have been largely providing consultancy services to businesses
Although the overall audit objectives in the present period remained the same, i.e. lending
credibility to the financial statement, critical changes have been made to the audit practice as a
result of the extensive 'reform in various countries. Such reform has implicated the auditing
profession in the following ways:
i. The role of auditors is expected to Converge: refocusing on the public interest,
redefining -audit relationship, ensuring integrity of financial reports, separation of non-
audit function and other advisory services;
ii. The audit methods revert to basics i.e. risk attention, fraud awareness, objectivity and
independence, and.
iii. Increase attention on the needs of financial statement users"

TYPES OF AUDITS AND LIMITATIONS

• Audits can be classified into two broadways.

• According to terms of engagement i.e. nature of work do ne .

17
 • According to the approach to the work to be done/ timing.
According to nature of work done, audits may be either statutory of
private.

Statutory audits

These are carried out as per the requirements of various statutes e.g. Companies Act Cap 486
requires that all public limited companies to have their financial statements subjected to an
independent audit. The objective of the audit is to enable the auditor express an opinion
whether the financial statements have a true and fair view of the company’s state of affairs.

The rights and duties of the auditor are laid down in the relevant statute. The powers of
appointment of the auditors are vested on the shoulders.

Private audits

These are not governed by statutes. They are performed by independent auditors because the
owners, members or interested parties require them carried out. Private audits are carried out
for organizations such as non-governmental organizations, partnerships and clubs and among
others. Appointment of auditors is carried out as a private contract between the auditor and the
relevant shareholder. The scope and objective of the work as well as rights and duties of the
auditor are determined by the agreed terms between the auditor and the client. The auditor is
not liable to third parties.

According to approach of the work to be done, audits can be continuous, interim or final.

Continuous audits

This is an approach whereby an audit is carried out throughout the financial period usually at
predetermined intervals. This approach is ideal for large organizations with tight reporting
deadlines e.g. multinational banks. The approach ensures accounts are kept up to date, errors
and frauds are discovered in early stages and better audit reports are developed since more
time is taken.

However, this approach is expensive considering amount of time taken, has frequent
interruptions of client work and auditors‟ independence may be affected by their continuous
presence at clients premises.

Interim audits

This is an audit carried out halfway through the financial period. It usually precedes the final
audit and is a preparation for the final audit. It is ideal for dynamic businesses, cheaper
compared to continuous audits and enhances keeping of up to date records.

18
Final audits

These are usually done at the end of the year as either a continuation of the interim audit for
large and medium size companies or as a single audit for small companies at end of financial
period.

Other types of audits

Procedural audits - These require examination of procedures or records for reliability and
accuracy. They usually relate to company’s internal control systems, laid down guidelines and
procedures and records of the company.

Management audits -These involve investigation of the company’s entire management to

ascertain whether the directors are running the company in the most optimal way for the
benefit of the shareholders. It improves quality and efficiency of management in addition to
checking the budgetary system.

Balance sheet audits - This tests the strength of internal control system by working
backwards to get the initial transactions using assertion methodology.

Internal Audit
Management upon realizing the advantages of an audit have established within the company
an independent activity to examine and evaluate the organizations risk management process
and systems of control and to make recommendations for the achievement of the company’s
objective‟. This activity is called internal auditing. The duties of internal audit personnel are:

• Reviewing the economic efficiency and effectiveness of the company’s operations.

• Reviewing the company’s compliance with external laws and regulations and
internal policies and procedures.
• Reviewing and advising the management on development of key organizational
systems and implementation of major changes.

The focus of internal auditing is adding value to an organization through improvement in risk
control.

In 1999, the institute of internal auditors (IIA) defined internal auditing as „an independent
objective assurance and consulting activity designed to add value and improve an
organization’s operations, help it achieve its objective and improve the effectiveness of risk
management, control and governance process.

Aspect Internal Auditing External Auditing

19
Objectives The main objective is to advice management The objective is to provide an
on whether organization has sound internal opinion as to whether or not
control systems to protect it against loss. the financial statements show
a true and fair view
Of the company’s state affairs.

Legal basis Internal auditing is not a legal requirement It is a legal requirement for
but corporate governance advises and limited liability companies and
recommends that a company should have an public bodies to have their
internal audit department. accounts audited.
Scope It covers all areas of organization i.e. It has a purely financial focus.
operational as well as financial.
Approach It is increasingly risk based. The approach is Its increasingly risk based as it
to assess risks, evaluate systems of control only tests underlying
and test operation of the systems and finally transactions that form having
make recommendations for improvement. of financial statements.

Responsibility The responsibility is to advise and make The Responsibility is to form

recommendations on an opinion on whether
internal controls and corporate governance financial statements show a
true and fair view.

Scope & Objectives of Internal audit function

This depends on the size and structure of the entity and the responsibility assigned to it by
management. Ordinarily these would include:
 Review of accounting internal control systems. The management is responsible for
establishing internal control system. The system requires proper attention and
continuous review, a function usually assigned to internal audit. Internal Audit function
designs a plan on areas and control procedures that will be reviewed during the
financial year.
 Carrying out examination of financial and operational information. This may include
detailed testing of transactions and operation procedures.
 Review of the economic efficiency and effectiveness of operations including non-
financial controls of the entity.
 Review of company’s compliance with external laws and regulation. The internal audit
functions checks whether procedure are in place to ensure that all relevant laws and
regulations are adhered to.
 Review of entity’s compliance with management policies and other internal
requirements.
 Carrying out independent investigations into company affairs as required by
management e.g. investigation areas of suspected fraud or misuse of company’s
resources.

Similarities between internal audit and external audit

 Both auditors are concerned about the strength and proper functioning of the internal

20
 control system. The internal auditor is concerned it is his or her responsibility while the
external auditor is concerned as he or she relies on the strength of internal control
system to carry out systems based audits.
 Both auditors have as part of their duties to ensure that the company adheres to all
relevant laws and regulations.
 Both auditors interested in ensuring that the company keeps proper books of records.
The internal auditor uses the company accounts to appraise the functioning of the
internal control system while external auditor uses them to collect audit evidence to
corroborate his audit opinion.
 Both auditors are concerned about prevention and detection of errors and frauds. The
internal auditor ensures errors or frauds are prevented and detected by having strong
internal control system while the external auditor has the incidental duty of detecting
and preventing material errors and frauds which would otherwise distort the true and
fair view of the financial statements.
 Both auditors have interest in safeguarding company assets. The internal auditor
through strong internal control system ensures safety of company’s assets while
external auditor must ensure that company assets are safeguarded against theft and
misuse so that the true of fair view of financial statements is maintained.

External auditor’s reliance on work of internal auditor

Before deciding on whether to rely on work of internal audit function with the intention of
reducing audit procedures, the external auditor should evaluate the internal audit function to
determine the scope of the function its independence and the extent to which its work can be
relied on. In evaluating internal audit function, the external auditor considers the following
factors:
 Organization status. Since internal audit function is part of the entity, it cannot be
totally independent. To aid in its independence, the internal audit function should report
to the highest level of management. The internal auditor should also be free from duties
such as accounting functions which may bring about conflict of interest. The internal
auditor should not have any restrictions upon him or her from management which could
impair effectiveness of doing his or her work.
 Scope of the function. The external auditor should ascertain the nature and depth of
coverage of internal audit assignments. Also to be considered are the management
actions on the recommendations of internal auditor. In case the management does not
follow up on the recommendations, the external auditor must reduce his reliance on
work of internal audit function as this means it is weak.
 Technical competence. The external auditor should assess the competence experience,
qualifications, technical training and proficiency of the staff members in the internal
audit function.
 Due professional care. The external auditor should ascertain whether due professional
care has been observed in doing the work of the internal audit function e.g. whether
there were work plans, supervision and documentation of audit evidence in executing
internal audit functions.
 Availability of resources. The external auditor should consider whether the internal
audit function has adequate resources to enable it carry out its functions as expected

21
 E.g. adequate staff and time.

Advantages of Internal Audit function

 It reinforces application of internal controls thus enables the company to operate in an
orderly and efficient way.
 It prevents and detects errors and frauds through periodic comparison of budgets,
routine and surprise checks.
 Assists management in implementation of company policies through reporting on
adherence or non-adherence to laid down policies of the company.
 Assists external auditor in highlighting areas of weaknesses in internal control system.
This reduces audit time for the external auditor and thus there is a saving on audit fees.
 Assists the company in achieving its objective by ensuring that all laid down rules,
procedures and policies are followed e.g. adherence to budgets and forecasts assists in
decision making.
 The internal audit function guards company’s resources against theft and misuse
through proper functioning of the internal control system and periodic verification of
assets.

Limitations of an Internal Audit

 The cost of installing and maintaining an internal audit function is high and in
particular for large companies as they may require highly qualified staff while for small
companies the department may not be justifiable.
 If management ignores the recommendations of internal audit function, members of
internal audit function may be frustrated as errors and frauds may continue being
undetected.
 Management may deny the internal audit function its due independence by assigning it
accounting duties or even management responsibilities.
 If company operations are few or has complex technical aspects may limit the proper
functioning of the internal audit function.
 The internal audit department may fail e.g. if it points out problems without giving
solutions or ignoring some departments within the company.
 The internal audit may lack the necessary support from top level management if top
management views the function as not important.

Factors necessitating growth in Internal Audit

• Increase in business size. As business grow, it becomes more and more necessary to
have a function that checks all the increasing levels of internal control and
operation.
• Dynamic technology– the frequent changes in technology has made some
companies to have their controls updated on a continuous basis. This calls for
constant feedback on controls requiring updating through use of expert advice for
internal audit function.
• Legislation and regulatory requirements. As the concept of corporate governance
becomes necessary in business management, the need of internal audit has
increased. Companies are now required by regulations to have audit committees to
oversee operation of controls within the company and to which the internal audit

22
 function reports.
• Competition. High competition in business calls for efficient operations by
companies so as to survive. This can be achieved through strong controls and cost
effectiveness which is enhanced by internal audit.

Risk and Materiality (ISA 320 Materiality)

ISA 320 discusses the concepts of risk and materiality. An audit risk is the risk that an auditor
may give an inappropriate opinion i.e. an opinion that contradicts the true nature of the
financial situation of the company. Materiality plays a role in each of the following two stages.

a. Planning stage. (in planning what audit work should be done)

b. Reporting stage (in deciding what opinion to give.)

The international auditing and assurance standards board (IAASB) in its framework for
preparation and presentation of financial statement defines materiality as follows;
Information is material if its omission or misstatement could influence the decision of users
taken on basis of the financial statements.‟ Therefore materiality provides a threshold or cut
off point rather than being a primary qualitative characteristic which information must have if
it is to be useful.

ISA 320 further states a number of audit principles as follows:

• The auditor should consider materiality and its relationship to audit risk when
conducting an audit. If the auditor assesses the risk associated with an account balance
or internal control system to be high, it will be reflected in a lower level of materially
thus additional testing will be required.
• The objective of an audit is to enable the auditor express an opinion whether financial
statements are prepared in all material respects and in accordance with the identified
financial reporting framework. The auditor needs to establish an appropriate materiality level
so that quantitatively, material misstatements which are likely to destroy the true and fair view
of financial statements are identified.
• Materiality at planning stage is usually set at lower level than necessary in order to
reduce risk of undiscovered misstatements and to deal with the problem of having to
adjust materially at later date in light of evidence obtained.
• Materiality should be considered by the auditor when;
 Determining nature, timing and extent of audit procedures
 Evaluating effect of misstatements

The auditor should plan sufficient audit procedures so that he or she has reasonable
expectation of detecting material misstatements in financial statements. Any immaterial item
will not affect the truth and fair view of the financial statement and thus can be ignored.

Materiality and judgment

Auditors consider the following before appropriately testing whether an item is material or
not.

23
 1. Qualitative aspects: these may include inadequate or inaccurate descriptions of an
accounting policy.
2. Cumulative effect of small amounts: small errors at a month end procedure could
individually be immaterial but continuous errors of this kind throughout the financial
year could be material.
3. Relatively of materiality. A figure of Kshs. 100,000 may be absolutely immaterial for a
large company but absolutely material for a small company. An amount must be
considered in relation to:

 Items on the overall financial statements level.

 Items at individual account balance or transaction level
 Legal and other disclosure requirements which may require disclosure regardless
of the monetary value e.g. director’s fees.
 The corresponding amount in the previous year

4. The degree of latitude allowable in deciding on the amount attributable to a particular

item. While some items such as director’s fees are capable of an exact definition, others
such as depreciation and allowance for doubtful debts are at best an intelligent estimate.
In some countries e.g. US, the security exchange commission estimate materiality as
follows;
• Errors greater than 10% are material
• Errors between 5% and 10% may be material
• Errors below 5% are not material

5. In evaluating the true and fair presentation of financial statement, the auditor should
assess whether the aggregate of uncorrected misstatements that have been identified in
the audit is material. The auditor should reconsider all uncorrected misstatements and
check whether this total is material.

True and fair view

The true and fair view is a concept of the Companies Act. However, the Companies Act does
not define or even describe what is true and fair view. The companies Act requires that all
limited liability companies to appoint an auditor whose task is to express an independent
opinion as to whether financial statement show true and fair view of the financial performance
and position of the company. True and fair view implies that the financial statements are not
prejudicial to any user of the financial statements. Financial statements will present a true and
fair view if:
• They contain in all material respects with the disclosure requirement of the Company
Act and other relevant regulations.
• They contain material matter and not full of needless details.
• They are complete in every respect within the constraints of materiality and the
inevitable estimation of some items.
• The values attributed to the items in the financial statements are reasonable amounts
within a range in which if a major decision was taken on their basis the user would not
make a material error.
• The information contained therein is presented and disclosed without bias and all

24
 relevant information for evaluation and decision making is available.

Assertion Methodology

In preparing financial statements which show true and fair view of the company’s financial
position and performance, the management explicitly or implicitly makes certain assertions.
These assertions are categorized as:
i. Existence
ii. Completeness
iii. Occurrence
iv. Rights & obligation
v. Measurement
vi. Valuation, presentation and disclosure.
vii. Classification

viii. Cut-off
ix. Accuracy
x. Allocation

Existence
This is the assertion that an asset or liability exists at a given date. It is either true or not true
that an asset or liability reflected in the balance sheet was in existence at the balance sheet
date.

Rights and obligation

This is the assertion that an asset or liability in financial statements pertains to the entity at a
given date i.e. an asset is a right of the entity and a liability a genuine obligation of the entity.

Occurrence
This is the assertion that a transaction or event took place which pertains to the entity during
the financial period or that a recorded event or transaction actually took place as recorded and
it is a valid transaction pertaining the entity. It is either the transaction took place as recorded
or not.

Completeness
This is the assertion that there are no unrecorded assets, liabilities, transactions or undisclosed
items. It would suggest 100% completion and accuracy however, this is impossible under
accrual basis of accounting. The users of the financial statements do not expect 100%
completeness in financial statements but completeness within a certain range such that they
can still make justifiable decisions. This assertion is therefore assessed for reasonableness as
some transactions may be excluded if they are not material.

Valuation
This is the assertion that an asset or liability is recorded at an appropriate carrying value. It is
the most crucial assertion of all the assertions. In arriving at appropriate carrying value of an
asset or liability, the management considers.

25
 1. Overall valuation basis. The management must consider the entity as a whole and make
an assessment whether it is appropriate to apply the going concern assumption in
preparing the financial statements. The basis of preparing financial statement when
entity is going concern is radically different from preparing financial statement on basis
that the entity is not a going concern.
2. Suitable accounting policies. In determining carrying amount of an asset or liability
appropriate accounting policies must be followed. The accounting policies must be in
line with the generally accepted accounting principles (GAAPs), appropriate to the
circumstances of the entity, applied consistently, be in conformity with entity’s industry
practices and be adequately disclosed.
3. Desirable qualitative characteristics. The suitable accounting policy adopted must be
applied after taking into consideration the qualitative characteristics of materiality,
prudence and substance over form. Since it may subjective whether an entity is a going
concern or not, the accounting policy adopted can be subsequently subjective thus the assertion
of valuation can only be assessed for reasonableness.

Measurement
This is the assertion that a transaction or an event is recorded and proper amounts of revenue
and expense are allocated to the proper period for proper reporting purposes. Whether a
transaction brings into being an asset or liability, revenue or expense depends largely on the
capitalization policy of an entity i.e. the guidance as to what items are revenue items and
capital items.

The period in which a transaction took place may be influenced by management’s desire to
reflect a given financial position. However, where revenue or expense of an item is spread
over more than one accounting period is called allocation rather than measurement and is a
component of valuation.

Presentation and disclosure

This is the assertion that an item is disclosed, classified and described in accordance with the
applicable financial reporting framework. The information in financial statements should be
presented without bias, be relevant to the needs of the users and meet qualitative
characteristics of understandability, relevance, reliability and comparability. This assertion is
not assessed for truth but rather adequacy or reasonableness.

In conclusion, truth and fairness of financial statements can be assessed on these seven
assertions i.e. the financial statements will reflect a true and fair view of company’s financial
position and performance if the seven assertions are used as guidelines in preparing the
financial statements.

Classification
Are transactions recorded in appropriate accounts?

Cut-off
Are transactions recorded in appropriate period?

26
Accuracy
Are the amounts disclosed in the financial statements appropriate?

Allocation
Are account balances included in appropriate accounts?

THE USERS OF AUDITED FINANCIAL STATEMENTS AND AUDITOR REPORTS

The annual accounts and report are primarily prepared by the directors to the shareholders.
However, the following parties need financial statements.

1. Those parties with vested interests in a business.

- Employees.
- Creditors or suppliers
- Lenders and debenture holders
- The management
- The shareholders to whom the financial statements are addressed.
- Credit rating agencies.

2. Those with potential interests

- Potential shareholders
- Trustees
- Suppliers Customers

3. Those with representative interests

- Lawyers
- The government
- The general public.

4. Others
- Competitors
- Stock brokers
- Statisticians
- Financial journalists
- Trade unions.

 Present and potential investors. These risk capital providers and their advisors are
concerned with the risk that is inherent in their investment. They need information to
help them determine whether they should buy more shares, hold on to the shares they
have or sell the shares they have.
 Employees. These and their representative groups such as trade unions are interested
in information about the stability and profitability of their employers. They are also
interested in information which enable them assess the ability of the company to
provide adequate remuneration, retirement benefits and employment opportunities.
 Lenders. These are interested in information that enables them determine whether their
loans and interests arising from the loans will be paid back when due.
 Suppliers and other trade creditors. These users are interested in information that

27
 enables them determine whether the amounts owing to them will be paid when due.
Their interest in the company is of shorter period than lenders while they are dependent
upon the continuation of the company as a major customer.

 Customers. These have interest in information about the continuance of the company
especially when they have long term involvement and or are dependent as the company.
 Government. The main interest of the government is allocation of resources. It also
requires information in order to regulate the activities of the enterprise, determine
taxation policies and obtain national income statistics.
 Public. A company affects public in a variety of ways. A company may make
substantial contribution to the local economy by employing people and obtaining
supplies locally.
 Financial statements assist the public in information on trends and recent developments
of the company in the economy.

TOPIC 3

LEGAL FRAMEWORK AND REGULATIONS

STATUTORY REGULATIONS

Auditor’s liability

Auditors are potentially liable for both criminal and civil offences. The former occur when
individuals or organizations breach a government imposed law; in other words criminal law
governs relationships between entities and the state. Civil law, in contrast, deals with disputes
between individuals and/or organizations.

Civil liability
Companies Act Section 206 of the provides that officers of the company and for these
purposes auditors are considered as officers may be liable for financial damages in respect of
the civil offences of misfeasance and breach of trust. This section which is only relevant to
winding up refers to a situation where officers have misused their position of authority for the
purposes of - personal gain e.g. if the auditor uses information acquired in course of an
engagement for his financial gain or for benefit of another party.

Criminal liability
Companies Act Section 46 of the states that an auditor shall be criminally liable if he 'willfully
makes a materially false statement in any report, certificate, financial statement with an
intention to deceive or mislead etc. Willfully implies fraudulently and can be difficult to
prove. Whereby, it is held that where an officer of a body corporate with intent to deceive
members or creditors, publishes or concurs in publishing a written statement of account which
to his knowledge is or may be misleading, false or deceptive in a material particular he shall
on conviction be liable to imprisonment for a term not exceeding 7 years.
Auditors may uncover criminal offences committed by a client or an employee of the client.

28
This puts them in a difficult position, but the auditor should act carefully and correctly and if-
necessary„ take legal advice. The auditor must not commit a criminal offence himself. It is felt
that he would have committed a criminal offence if:
a) He advises his client to commit a criminal offence;
b) Aids the client in devising or examining a crime;
c) If he agrees with a client to conceal or destroy evidence or mislead the police with 'false
statements;
d) If he knows that his client has committed an arrest able offence and tries to impede his
arrest and prosecution. Impede does not include refusing to answer questions or
refusing to produce documents without the client's consent;
e) If he knows that his client has committed an offence. and agreed to accept consideration
to withhold information;
f) If he knows that the client has committed treason and fails to report the offence to the
proper authority.

Case history

The application of the law of tort in the auditing profession, and the way in which auditors
seek to limit their exposure to the ensuing liabilities, has been shaped by a number of recent
landmark cases. The most notable of these are Caparo Industries Plc (Caparo) v Dickman
(1990) and Royal Bank of Scotland (RBS) vs Bannerman Johnstone MacLay (Bannerman)
(2002).

In the first case Caparo pursued the firm Touche Ross (who later merged to form Deloitte &
Touche) following a series of share purchases of a company called Fidelity plc. Caparo alleges
that the purchase decisions were based upon inaccurate accounts that overvalued the company.
They also claimed that, as auditors of Fidelity, Touche Ross owed potential investors a duty of
care. The claim was unsuccessful; the House of Lords concluded that the accounts were
prepared for the existing shareholders as a class for the purposes of exercising their class
rights and that the auditor had no reasonable knowledge of the purpose that the accounts
would be put to by Caparo.

It was this case that provided the current guidance for when duty of care between an auditor
and a third party exists. Under the ruling this occurs when:

 the loss suffered is a reasonably foreseeable consequence of the defendant’s conduct

 there is sufficient ‘proximity’ of relationship between the defendant and the pursuer,
and
 It is 'fair, just and reasonable' to impose a liability on the defendant.

In the second case RBS alleged to have lost over £13m in unpaid overdraft facilities to
insolvent client APC Ltd. They claimed that Bannerman had been negligent in failing to detect
a fraudulent and material misstatement in the accounts of APC. The banking facility was
provided on the basis of receiving audited financial statements each year.

In contrast to Touche Ross, who had no knowledge of Caparo’s intention to rely upon the
audited financial statements, Bannerman, through their audit of the banking facility letter of

29
APC, would have been aware of RBS’s intention to use the audited accounts as a basis for
lending decisions. For this reason it was upheld that they owed RBS a duty of care. The judge
in the Bannerman case also, and crucially, concluded that the absence of any disclaimer of
liability to third parties was a significant contributing factor to the duty of care owed to them.

Decided legal cases have not been consistent on the issue of auditor's liability. Discussed
below are few, of the decided cases on auditors liability

V Crane Christmas & Co.

Majority (Lord Denning dissenting) decided that there could be no liability in the absence of a
contractual relationship. The decision was reached despite Candler having been induced to
invest money in the company on the strength of the accounts which were negligently prepared
by the company's auditors.

Hedley Bryne & Co Ltd V Heller 4 Partners Ltd

The judges took differed with the above Judgment. They were of the view that the case had
been wrongfully decided. They held that a certificate issued in the ordinary course of a bank's
business would be relied upon by the party to whom it is issued and the absence of a contract
did not constitute a valid defence in negligence claim against the bank.
The Counsel of the Institute of Chartered accountants in England and Wales (ICAEW) on their
part maintained that no third party liability would attach auditors if the financial statements
they have audited under the Companies Act are used without their knowledge or consent by
outsider's ill the investment context.
However it is importance to note that any loss traceable: to negligence of auditors would not
be easy to defend.
- Jeb Fasteners Ltd V Marks Bloom & Co in this case it was held that;
 A duty of care was owed by defendant auditors (Marks Bloom & Co.) to the plaintiff.
 The plaintiff in realizing the takeover decision had relied on the financial statements
and unqualified report of the auditors.
 The accounts did not show a true and fair view of the company and were negligently
prepared.
 Judgment would be given for the defendant auditors, but by reason only of the fact that
on the evidence before the court the plaintiff would have acted no differently and would
still have gone ahead to take over the company.

AUDITOR'S PROFESSIONAL LIABILITY UNDER ETHICAL STANDARDS

A member of ICPA K is guilty of professional misconduct if:

 He allows any person to practice in his name as an accountant unless such a person is a
holder of a practicing certificate and lie is in partnership with him or employed by him.
 He enters, for the purpose of or in the course of practicing as an accountant into
partnership with a person who does not hold a practicing certificate or secures any
professional business through the services of such a person.

30
  He discloses information acquired in the course of professional engagement to any
person other than the client without the consent of the client or otherwise as required by
law.
 He certifies or submits in his name or in the name of his firm, a report of an examination
of financial statements and the examination of such statements and related records have
not been made by him, a partner or any employee of his firm:
 He fails to observe and apply professional, technical, ethical or any other standards
prescribed by ICPA K as guidelines for practice by members of the institute.
 He permits his name or that of his firm to be used in connection with an estimate of
earnings contingent' upon future transaction in a manner which may lead to the belief
that vouches or guarantees for the accuracy of the forecast.
 He expresses his opinion as financial statements of any business in which he, his
immediate family, his firm or any partner in his firm has an interest unless he discloses
that interest when expressing his opinion.

 He fails to disclose in financial statements or otherwise, a material fact known to him

the disclosure of which is necessary to ensure that the financial statements are not
misleading.
 He fails to report a material misstatement known to him and therefore causes it to
appear in financial statements with which he is concerned in a professional capacity.
 He is found to engage in fraudulent acts or acts which result into loss.
 He expresses an opinion on any matter with which he is concerned in professional
capacity without obtaining sufficient information on which to base his opinion.
 He includes in any statement, return or form to be submitted to ICPA K knowing it to
be false in any particular matter.
 is found to engage in any other fraudulent acts or fails to do any other act which may be
prescribed

QUALIFICATIONS, APPOINTMENT, DUTIES, RIGHTS AND DISMISSAL OF

AUDITORS APPOINTMENT OF AUDI TORS

Every company shall at each annual general meeting appoint an auditor or auditors to hold
office from the conclusion of that, until the conclusion of the next, annual general meeting.
At any annual general meeting a retiring auditor, however appointed, shall be deemed to be
reappointed without any resolution being passed unless —
a) he is not qualified for reappointment; or
b) a resolution has been passed at that meeting appointing somebody instead of him or
providing expressly that he shall not be reappointed; or
c) he has given the company notice in writing of his unwillingness to be reappointed:

Provided that where notice is given of an intended resolution to appoint some person or
persons in place of a retiring auditor, and by reason of the death, incapacity or disqualification
of that person or of all those persons, as the case may be, the resolution cannot be proceeded
with, the retiring auditor shall not be deemed to be automatically reappointed by virtue of this
subsection.

31
Where at an annual general meeting no auditors are appointed or are deemed to be
reappointed, the registrar may appoint a person to fill the vacancy.
The company shall, within seven days of the registrar's power becoming exercisable, give him
notice of that fact, and, if a company fails to give notice as required by this subsection, the
company and every officer of the company who is in default shall be liable to a default fine.
Subject as hereinafter provided, the first auditors of a company may be appointed by the
directors at any time before the first annual general meeting, and auditors so appointed shall
hold office until the conclusion of that meeting:
Provided that—
i. the company may at a general meeting remove any such auditors and appoint in their
place any other persons who have been nominated for appointment by any member of
the company and of whose nomination notice has been given to the members of the
company not less than fourteen days before the date of the meeting; and

ii. If the directors fail to exercise their powers under this subsection, the company in
general meeting may appoint the first auditors, and thereupon the said powers of the
directors shall cease.

The directors may fill any casual vacancy in the office of auditor, but while any such vacancy
continues the surviving or continuing auditor or auditors, if any, may act.

Remuneration

The remuneration of the auditors of a company-

i. In the case of an auditor appointed by the directors or by the registrar remuneration may
be fixed by the directors or by the registrar as the case may be;
ii. Subject to note (i) above, shall be fixed by the company in general meeting or in such
manner as the company in general meeting may determine.

Any sums paid by the company in respect of the auditors' expenses shall be deemed to be
included in the expression "remuneration".

Provisions as to resolution relating to appointment and removal of auditors

Special notice shall be required for a resolution at a company's annual general meeting
appointing as auditor a person other than a retiring auditor or providing expressly that a
retiring auditor shall not be reappointed.
 On receipt of notice of such an intended resolution as aforesaid, the company shall
forthwith send a copy thereof to the retiring auditor (if any).
 Where notice is given of such an intended resolution as aforesaid and the retiring
auditor makes with respect to the intended resolution representations in writing to the
company (not exceeding a reasonable length) and requests their notification to members
of the company, the company shall, unless the representations are received by it too late
for it to do so
 and if a copy of the representations is not sent as aforesaid because received too late or
because of the company's default, the auditor may (without prejudice to his right to be
heard orally) require that the representations shall be read out at the meeting:
 Provided that copies of the representations need not be sent out and the representations

32
 need not be read out at the meeting if, on the application either of the company or of
any other person who claims to be aggrieved, the court is satisfied that the rights
conferred by this section are being abused to secure needless publicity for defamatory
matter; and the court may order the company's costs on an application under this
section to be paid in whole or in part by the auditor, notwithstanding that he is not a
party to the application.

Disqualifications for appointment as auditor

- A person or firm shall not be qualified for appointment as auditor of a company unless
he, or in the case of a firm, every partner in the firm is the holder of a practising
certificate issued pursuant to section 21 of the Accountants Act.
- None of the following persons shall be qualified for appointment as auditor of a
company—

i. an officer or servant of the company;

ii. a person who is a partner of or in the employment of an officer or servant of the
company;
iii. a body corporate:

Provided that note (ii) above shall not apply in the case of a private company.
- References in this subsection to an officer or servant shall be construed_ as not
including references to an auditor.
- A person shall also not be qualified for appointment as auditor of a company if he is,
disqualified for appointment as auditor of any other body corporate which is that
company's subsidiary or-holding company-or a subsidiary of that company's_ holding
company, or would be so disqualified if the body corporate were a company.
- If any person who is not 'qualified so to act is appointed as auditor of a company such
person and the company and every officer in default shall each be liable to a fine not
exceeding four thousand shillings.

Auditors' report and right of access to books and to attend and be heard at general
meetings
- The auditors shall make a report to the members on the accounts examined by them,
and on every balance sheet, every profit and loss account and all group accounts laid
before the company in general meeting during their tenure of office.
- The auditors' report shall be read before the company in general meeting and shall be
open to inspection by any member.
- Every auditor of a company shall have a right of access at all times to the books and
accounts and vouchers of the company, and shall be entitled to require from the officers
of the company such information and explanation as he thinks necessary for the
performance of the duties of the auditors.
- The auditors of a company shall be entitled to attend any general meeting of the
company and to receive all notices of and other communications relating to any general
meeting which any member of the company is entitled to receive and to be heard at any
general meeting which they attend on any part of the business or the meeting which
concerns them as auditors.

33
INTERNATIONAL STANDARDS ON AUDITING (ISAs)

International Standards on Auditing (ISAs) and International Ethics Standards

International Standards on Auditing (ISAs)

International Standards on Auditing (ISAs) are to be applied in the audit of historical financial
information.

ISAs are written in the context of an audit of financial statements by an independent auditor.
They are to be adapted as necessary in the circumstances when applied to audits of other
historical financial information.
Auditors must include in their report their opinion on whether the financial statements they
report on give a true and fair view. It is generally felt that in order for accounts to show a true
and fair view there must be compliance with the IAS. The auditor therefore must know and
understand the IAS / IFRS in detail.
Auditing students are also expected to know the IAS in detail because invariably, there will be
an examination question that requires this knowledge and students are advised to quote from
the IAS and state which of the IAS is relevant to their answer.
IASs are intended to be applied to all financial statements which show a true and fair view.
They set out the main assumptions underlying statements and they prescribe which accounting
policy should be used when more than one is possible.
They also specify disclosure requirements in many areas including the disclosure of
accounting policies. Again they are not intended to be a comprehensive code of rigid rules. It
is -recognized that such a code sufficiently elaborate to cater for all business situation and
circumstances and for every exceptional and marginal case is impossible.

International Ethics Standards

A uniform set of auditor independence standards would clearly provide a consistent
understanding among- investors, public authorities and others of the independence of auditors.
In principle, this should increase confidence in auditors' reports, at least as regards the
independence aspects. This is an important element of confidence in financial reporting, which
in turn is a vital element of capital markets and public confidence generally.
Differing independence standards may result in:
• Somewhat reduced choice in the audit market arising from the application of multiple
independence rules, including extraterritorial reach;
• Potential confusion among investors and other users of audit reports as to what exactly
it means to be independent;
• Higher costs for companies, audit committee, regulators and the profession;
• Greater risk of violations occurring as a result of having to apply different standards to
clients throughout a network, thus potentially undermining the credibility of the
profession; and
• The potential for the loss of confidence in assurance reports because of the "noise"
associated with technical violations that do not fundamentally impact independence.

34
A uniform set of auditor independence standards would bring consistency in practice through
more effective training and reduced complexity concerning the varying and differing impacts
of the existing range of standards improved compliance. It should also be more efficient for all
parties. Monitoring, quality control and inspection should be more effective and more cost
effective.
The International Ethics Standards Board for Accountants (IESBA) is an independent
standard-setting body that serves the public interest by setting high-quality ethical standards
for professional accountants and by facilitating the convergence of international and national
ethical standards, including auditor independence requirements, through the development of a
robust, internationally appropriate code of ethics
The International Ethics Standards Board for Accountants (IESBA) develops ethical standards
and guidance for use by professional accountants.
The International Ethics Standards Board for Accountants develops and issues in the public
interest high-quality ethical standards and other pronouncements for professional accountants
for use around the world. The IESBA. Code of Ethics for Professional Accountants and
Interpretations apply to all professional accountants, whether in public practice, in business,
education, and the public sector.

Fundamental Principles

The IESBA Code of Ethics requires accountants to adhere to five fundamental principles
1. Integrity -- a professional accountant should be straight forward and holiest in
performing professional -services.
2. Objectivity— a professional accountant should not allow bias, conflict of interest or
undue influence of others to override professional or business judgments.
3. Professional Competence and due Care—a professional accountant has a continuing
duty to maintain professional knowledge and skill at the level required to ensure that a
client or employer receives competent professional service based on current
developments. A professional accountant should act diligently and in accordance with
applicable technical and professional standards when providing professional services.
4. Confidentiality—A professional accountant should respect the confidentiality of
information acquired as a result of professional and business relationships and should
not disclose any such information to third parties without proper and specific authority
unless there is a legal or professional right or duty to disclose. Confidential information
acquired as a result of professional and business relationships should not be used for the
personal advantage of the professional accountant or third parties.
5. Professional Behavior—a professional accountant should comply with relevant laws
and regulations and should avoid any action that discredits the profession.

The IESBA Code serves as the foundation for codes of ethics developed and enforced by
member bodies. No member body of IFAC or firm issuing reports in accordance with
International Auditing and Assurance Standards is allowed to apply less stringent standards
than those stated in the IESBA Code

Accountant's pronouncements

35
 • Research and consultation —A project task force is ordinarily established with the
responsibility to develop a draft standard or interpretation. The task force develops its
positions based on appropriate research and consultation.
• Transparent debate —A proposed standard or interpretation is presented as an agenda
paper for discussion and debate at an International Ethics Standards Board for
Accountants meeting, which is open to the public.

• Exposure for public comment—Exposure drafts are placed on the International Ethics
Standards Board for Accountants' website and are widely distributed for public
comment. The exposure period is ordinarily' no shorter than 90 days.
• Consideration of comments received on exposure—the comments and suggestions
received as a result of exposure are considered at an International Ethics Standards
Board for Accountants meeting, which is open to the public, and the exposure draft is
revised as appropriate. If the changes made after exposure are viewed by the
International Ethics Standards Board for Accountants to be so substantive as to require
re-exposure, the document is reissued for further comment.
• Affirmative approval—Approval of exposure drafts, .re-exposure drafts, standards
and interpretations is made by the affirmative vote of at least two-thirds . of the
members Public Interest Oversight
• The Public Interest Oversight Board (PIOB) oversees the public interest activities
of IFAC. The objective of the PIOB is to increase confidence of investors and others
that such activities, including the setting of standards by the International Ethics
Standards Board for Accountants, are properly responsive to the public interest. PIOB
members are nominated by international institutions and regulatory bodies.

International Ethics Standards Board for Accountants Members

The International Ethics Standards Board for Accountants consists of a chairman and 17
volunteer members from around the world comprising representatives from IFAC member
bodies, practitioners in public practice and other individuals with an interest in the work of
the IESBA.
Members are appointed by the IFAC Board based on recommendations from the IFAC
Nominating Committee and are approved by the PIOB. A complete list of International Ethics
Standards Board for Accountants members along with their biographies is available on the
International Ethics Standards Board for Accountants'.
Relevance of international Accounting Standards and International Financial Reporting
Standards are:
Auditors must include in their report their opinion on whether the financial statements they
report on give a true and fair view. It is generally felt that in order for accounts to show a true
and fair view there must be compliance with the LAS / IFRS. There may be situations where
compliance with LAS / IFRS may result in a true and fair view not being given but this is rare.
S6 effectively, the auditor is being asked to give an opinion on- whether all IAS / IFRS have
been complied with in the preparation of the accounts he is auditing. The auditor therefore
must know and understand the IAS / IFRS in detail. Auditing students are also expected to
know the IAS / IFRS in detail because invariably, there will be an examination question that
requires this knowledge and students are advised to quote from the IAS / IFRS and state which
of the IAS / IFRS is relevant to their answer.

36
International Financial Reporting Standards are intended to be applied to all financial
statements which show a true and fair view. They set out the main assumptions underlying
statements and they prescribe which accounting policy should be used when more than one is
possible.

They also specify disclosure requirements in many areas including the disclosure of
accounting policies. Again they are not intended to be a comprehensive code of rigid rules. It
is recognized that such a code sufficiently elaborate to cater for all business situation and
circumstances and for every exceptional and marginal case is impossible.

THE ROLE OF ICPAK AS A REGULATOR

Institute of Certified Public Accountants of Kenya (ICPAK)

ICPAK serves as the umbrella body that oversees the activities of qualified and registered
Certified Public Accountants (CPAs).
It is the statutory body mandated to develop and regulate the accountancy profession in Kenya
and its mandate includes:
 'Setting and enforcing standards of professional practice including accounting, auditing
and ethical standards.
 Enforcing a programme of quality assurance for the audit profession..
 Monitoring ethical behavior and adjudicating- over eases involving indiscipline through
the Statutory Disciplinary Committee.
 Providing for the Maintenance of competence by 'Updating members' knowledge
through publications of books, periodicals, journals and articles in connection therewith
and the conduct of Continuing Professional Education.
 Providing solutions through which training of accountants can be improved. .
 To advise the Minister on matters relating to financial accountability in all sectors of
the economy
 To promote the international recognition of the Institute.
 To advise the Examination Board on matters relating to examinations standards and
policies

ICPAK also acts as the profession's mouthpiece in Kenya and in this respect holds
membership in international accountancy organizations including:
 International Federation of Accountants (IFAC)
 Eastern, Central and Southern African Federation of Accountants (ECSAFA)

ICPAK is run through a Council of I 1 members, of who 10 are elected and 1 appointed by the
Ministry of Finance. ICPAK also plays active roles in national life by contributing in the
following ways:
 Public Finance Management- making recommendations to the Treasury on public
finance matters including taxation measures and improvement in expenditure
management.
 Regulatory linkages working closely with regulators in various sectors to promote good
corporate governance with particular reference to the integrity of the audit process. As
part of this, ICPAK is represented in decision-making organs of various regulatory

37
 institutions including the Capital Markets Authority.
 Financial reporting and disclosure - ensuring that financial disclosure standards in
Kenya meet internationally recognized benchmarks. Among other things, ICPAK
established the Financial Reporting (FiRe) Award for excellence, an annual competition
that showcases best practice disclosures among Kenyan companies. The FiRe Award
competition is presently promoted jointly with the Capital Markets Authority and the Nairobi
Stock Exchange. It is now the leading competition in Kenya in this regard.

PROFESSIONAL ETHICS FOR AUDITORS

Introduction and Fundamental Principles

A member of a profession owes duty to the public including the employer, the profession itself
and to other members of the profession.
Professional ethics are rules of conduct that govern the behavior of an accountant. In Kenya,
they are issued by institute of Certified Public Accountants of Kenya (ICPA K) in form of
statements and explanatory notes. A professional accountant should act in a manner consisted
with the good reputation of the occupation and refrain from any conduct which might bring
discredit to the profession. The following are fundamental principles stated by ICPAK to
ensure auditors are credible people before they give credibility to financial statements.
A distinguishing mark of the accountancy profession is its acceptance of the responsibility to
act in the public interest. Therefore, a professional accountant's responsibility is not
exclusively to satisfy the needs of an individual client or employer. In acting in the public
interest a professional accountant should observe and comply with the ethical requirements of
this Code.
A registered student is also expected to observe the ethical requirements of the Institute and
has the same right to consult the Institute as a member. He or she should still observe the
ethical requirements of the Institute during the period between successful completion of the
examinations and his or her admission to membership. This applies whether the student is an
associate or not.

Conceptual Framework Approach

The circumstances in which professional accountants operate may give rise to specific threats
to compliance with the fundamental principles. It is impossible to define every situation that
creates such threats and specify the appropriate mitigating action. In addition, the nature of
engagements and work assignments may differ and consequently different threats may exist,
requiring the application of different safeguards.
Conceptual frameworks that requires a professional accountant to identify, evaluate and
address threats to compliance with the fundamental principles, rather than merely comply with
a set of specific rules which may be arbitrary is, therefore, in the public interest. This Code
provides a framework to assist a professional accountant to identify, evaluate and respond to
threats to compliance with the fundamental principles. If identified threats are other than
clearly insignificant, a professional accountant should, where appropriate, apply safeguards to
eliminate the threats or reduce them to an acceptable level, such that compliance with the
fundamental principles is not compromised
A professional accountant has an obligation to evaluate any threats to compliance with the

38
fundamental principles when the professional accountant knows, or could reasonably be
expected to know, of circumstances or relationships that may compromise compliance with the
fundamental principles.
A professional accountant should take qualitative as well as quantitative factors into account
when considering the significance of a threat. If a professional accountant cannot implement
appropriate safeguards, the professional accountant should decline or discontinue the specific
professional service involved, or where necessary resign from the client (in the case of a
professional accountant in public practice) or the employing organization (in the case of a
professional accountant in business).
A professional accountant may inadvertently violate a provision of this Code. Such an
inadvertent violation, depending on the nature and significance of the matter, may not
compromise compliance with the fundamental principles provided, once the violation is
discovered, the violation is corrected promptly and any necessary safeguards are applied.

Threats and Safeguards

Compliance with the fundamental principles may potentially be threatened by a broad range of
circumstances. Many threats fall into the following categories:
a) Self-interest threats, which may occur as a result of the financial or other interests of a
professional accountant or of an immediate or close family" member;
b) Self-review threats, which may occur when a previous judgment needs to be re-
evaluated by the professional accountant responsible for that judgment;
c) Advocacy threats, which may occur when a professional accountant promotes a
position or opinion to the point that subsequent objectivity may be compromised;
d) Familiarity threats, which may occur when, because of a close relationship, a
professional accountant becomes too sympathetic to the interests of others; and
e) Intimidation threats, which may occur when a professional accountant may be deterred
from acting objectively by threats, actual or perceived.

Safeguards that may eliminate or reduce such threats to an acceptable level fall into two broad
categories:
a) Safeguards created by the profession, legislation or regulation; and
b) Safeguards in the work environment.

Safeguards created by the profession, legislation or regulation include, but are not restricted
to:.
• Educational, training and experience requirements for entry into the profession.
• Continuing professional development requirements.
• Corporate governance regulations.
• Professional standards.
• Professional or regulatory monitoring and disciplinary procedures.
• Externally review by a legally empowered third party of the reports, returns,
communications or information ptodU6ed by a professional accountant.

Certain safeguards may increase the likelihood of identifying or deterring unethical behavior.
Such safeguards, which may be created by the accounting profession, legislation, regulation or
an employing organization, include, but are not restricted to:

39
 • Effective, well publicized complaints systems operated by the employing organization,
the profession or a regulator, which enable colleagues, employers and members of the
public to draw attention to unprofessional or unethical behaviour
• An explicitly stated duty to report breaches of ethical requirements.

The nature of the safeguards to be applied will vary depending on the circumstances. In
exercising professional judgment, a professional accountant should consider what a reasonable
and informed third party, having knowledge of all relevant information, including the
significance of the threat and the safeguards applied, would conclude to be unacceptable.

Ethical Conflict Resolution

In evaluating compliance with the fundamental principles, a professional accountant may be
required to resolve a conflict in the application of fundamental principles.
When initiating either a formal or informal conflict resolution process, a professional
accountant should consider the following, either individually or together with others, as part of
the resolution process:
a) Relevant facts;
b) Ethical issues involved;
c) Fundamental principles related to the matter in question;
d) Established internal procedures; and
e) Alternative courses of action.

Having considered these issues, a professional accountant should determine the appropriate
course of action that is consistent with the fundamental principles identified. The professional
accountant should also weigh the consequences of each possible course of action. If the matter
remains unresolved, the professional accountant should consult with other appropriate persons
within the firm" or employing organization for help in obtaining resolution.
Where a matter involves a conflict with, or within, an organization, a professional accountant
should also consider consulting with those charged with governance of the organization, such
as the board of directors or the audit committee.
It may be in the best interests of the professional accountant to document the substance of the
issue and details of any discussions held or decisions taken, concerning that issue.
If a significant conflict cannot be resolved, a professional accountant may wish to obtain
professional advice from the relevant professional body or legal advisors, and thereby obtain
guidance on ethical issues without breaching confidentiality. For example, a professional:
accountant may have encountered a fraud, the reporting of which could breach the
professional accountant's responsibility to respect confidentiality. The professional accountant
should consider obtaining legal advice to determine whether there is a requirement to report.
lf, after exhausting all relevant possibilities, the ethical conflict remains unresolved, a
professional accountant should, where possible, refuse to remain associated with the matter
creating the conflict: The professional accountant may determine that, in the circumstances, it
is appropriate to withdraw from the engagement team" or specific assignment, or to resign
altogether from the engagement, the firm or the employing organization.

FUNDAMENTAL PRINCIPLES

40
A professional accountant is required to comply with the following fundamental principles;-

Integrity
The principle of integrity imposes an obligation on all professional accountants to be
straightforward and honest in professional and business relationships. A member must be
aware of his role in the society and maintain high standards of conduct should not satisfy what
he knows as untrue as true and should take caution not to mislead intentionally or
unintentionally. Integrity also implies fair dealing and truthfulness.
A professional accountant should not be associated with reports, returns, communications or
other information where they believe that the information:
i. Contains a materially false or misleading statement;
ii. Contains statements or information furnished recklessly; or
iii. Omits or obscures information required to be included where such omission or
obscurity would be misleading.

A professional accountant will not be considered to be in breach of matters associated with

reports, returns, communications or other information if the professional accountant provides a
modified report in respect of such matters.

Objectivity
A professional accountant should not allow bias, conflict of interest or undue influence of
others to override professional or business judgments.
A professional accountant • may be exposed to situations that may impair objectivity. It is
impracticable to define and prescribe all such situations. Relationships that bias or unduly
influence the professional judgment of the professional accountant should be avoided.

Confidentiality
The guide to professional ethics states that information acquired in the course of professional
work should not be disclosed except where consent has been acquired from the client, where
there's public duty to disclose or where there is legal or professional duty to disclose such
information. A member acquiring information in the course of professional work, should
neither use nor appear to use that information in his personal or third party advantages e g. if a
member is auditing a limited company and he realizes that the company has made a substantial
increase in profits, it would be unethical to advise a friend to buy the shares of this company in
anticipation of the expected increase in the share prices as a result of increase in profitability.
The principle of confidentiality imposes an obligation on professional accountants to refrain
from:
- Disclosing outside the firm or employing organization confidential information
acquired as a result of professional and business relationships without proper and
specific authority or unless there is a legal or professional right or duty to disclose; and
- Using confidential information acquired as a result of professional and business
relationships to their personal advantage or the advantage of third Parties.

A professional accountant should maintain confidentiality even in a social environment. The

professional accountant should be alert to the possibility of inadvertent disclosure, particularly
in circumstances involving long association with a business associate or a close or immediate

41
family member.
A professional accountant should also consider the need to maintain confidentiality of
information within the firm or employing organization.
A professional accountant should take all reasonable steps to ensure that staff under the
professional accountant's control and persons from whom advice and assistance is obtained
respect the professional accountant's duty of confidentiality.
The need to comply with the principle of confidentiality continues even after the end of
relationships between a professional accountant and a client or employer.
When a professional accountant changes employment or acquires a new client, the
professional accountant is entitled to use prior experience. The professional accountant should
not, however, use or disclose any confidential information either acquired or received as a
result of a professional or business relationship.
A professional accountant should also maintain confidentiality of information disclosed by a
prospective client or employer.
A professional accountant should respect the confidentiality of information acquired as a result
of professional and business relationships and should not disclose any such information to
third parties without proper and specific authority unless there is a legal or professional right
or duty to disclose.
The following are circumstances where professional accountants are or may be required to
disclose confidential information or when such disclosure may be appropriate:
a) Disclosure is permitted by law and is authorized by the client or the employer;
b) Disclosure is required by law, for example:
i. Production of documents or other provision of evidence in the course of legal
proceedings; or
ii. Disclosure to the appropriate public authorities of infringements of the law that
come to light; and
c) There is a professional duty or right to disclose, when not prohibited by law:
i. To comply with the quality review of a member body or professional body;
ii. To respond to an inquiry or investigation by a member body or regulatory body;
iii. To protect the professional interests of a professional accountant in legal
proceedings; or
iv. To comply with technical standards and ethics requirements.

In deciding whether to disclose confidential information, professional accountants should

consider the following points:
a) Whether the interests of all parties, including third parties whose interests may be
affected, could be harmed if the client or employer consents to the disclosure of
information by the. Professional accountant;
b) Whether all the relevant information is known and substantiated, to the extent it is
practicable; when the situation involves unsubstantiated facts, incomplete information
or unsubstantiated Conclusions, professional judgment should be used in determining
the type of disclosure to be made, if any; and

The type of communication that is expected and to whom it is addressed; in particular,

professional accountants should be satisfied that the parties to whom the communication is
addressed are appropriate recipients.

42
Professional competence
Auditing is a structured process that:
a) Involves the application of analytical skills, professional Judgment and
professional skepticism: .
b) Is usually performed by a team of professionals directed with managerial skills:
c) Uses appropriate forms of technology and adheres to a methodology:
d) Complies with all relevant technical standards, such as International Standards on
Auditing (IAS), International Standards on Quality Control (ISQCs), International
Financial Reporting standards (IFRS), International Public Sector Accounting
Standards (IPSAS), and any applicable international or local equivalents: and
e) Complies with required standards of professional ethics.

Auditing is also an integral part of the evolving systems of accountability and responsibilities
within organizations and society worldwide. Although audits of historical financial
information may be mandated by regulation and laws, they may be required as a condition of
borrowing, a matter of contract or for other reasons. In addition organizations may voluntarily
undertake audits to evaluate the fairness of financial representations and assertions, or to
provide a credible report of the financial stewardship of their resources to their stakeholders.
Entities subject to audit operate with diverse organizational structures in public private and not-
for-profit sectors have to adapt to complex and changing environments. Within an audit
assignment many actor must be understood and evaluated appropriately including:
a) The entity and its environment:
b) The industry and regulatory and other external factors: and
c) The applicable financial reporting framework.

Globalization of business has dramatically increased the need for consistent and high-quality
financial reporting within countries and across borders. This directly affects both accounting
and auditing. Many stakeholders in today's global business environment expect compliance
with recognized international standards in accounting and auditing. Establishing
internationally accepted benchmarks for the competence of audit professionals; will help to
promote internationally accepted standards accounting and auditing

Capabilities: The professional knowledge; professional skills: and professional values, ethics
and attitudes required demonstrating competence.
Capabilities are the attributes held by individuals that enable them to perform their roles,
whereas competence refers to the actual demonstration of performance. The possession of
capabilities gives an indication that an individual has the ability to perform competently in the
workplace. Capabilities include content knowledge: technical and functional skills: behavioral
skills: intellectual abilities (including professional judgment): and professional values, ethics
and attitudes. They are sometimes referred to, in other literature as competencies capacities,
abilities key skills, core skills, fundamental skills, and values, attitudes, distinguishing
characteristics, pervasive qualities and individual attributes competence: Being able to perform
a work role to a defined standard, with reference to real working environments.

Explanation: Competence refers to the demonstrated ability to perform relevant roles or tasks
to the required standard. Whereas capability, refers to the attribute held by individuals that

43
give them the potential to perform. Competence may be assessed by a variety, of means
including workplace performance workplace simulation written and oral tests of various types
and self-assessment

Engagement partner is the partner or other person in the audit organization who is
responsible for the engagement and its performance and for the audit report that is issued on
behalf of the firm, and who, where required, has the appropriate authority from a professional,
legal or regulatory body,

Audit professional is a professional accountant who has responsibility or has been delegated
responsibility for significant judgments in all audit of historical financial information.

The engagement partner retains overall responsibility for the audit. The definition of audit
professional does not apply to experts undertake specific tasks within an audit (e.g., taxation,
information technology or valuation experts).

Professional Accountants and Audit Professionals

Although some professional accountants deliver a wide range of accounting and business
related-services others will choose to specialize in one more areas, one professional accountant
can master all areas of accountancy.
Specialization is necessary to ensure services can be provided by professional accountants
having sufficient depth of knowledge and expertise.
One area of specialization is in audit of historical financial information. Competence in this
area requires a higher level of education and training audit and related areas than is required of
other professional accountants.
Audit professionals involved in audits of historical financial information in specific industries
may be more specialized. The nature of the industry and applicable laws and accounting
treatment, may require levels of knowledge and skills beyond those required for other audit
professionals.
Audit engagements vary in complexity and size, requiring different experience and
competence levels, Au audit team could include the engagement partner other audit
professionals other professional accountants, individuals working towards qualification as
professional accountants, and other support staff who do not intend to qualify as professional
accountants. The engagement partner is responsible for ensuring that the work of all
individuals assigned to an audit engagement is appropriately reviewed by other members of
the engagement team to provide reasonable assurance that the work meets appropriate
standards of quality.

Developing and maintaining Capabilities and Competence

All professional accountants should take steps to ensure that they and those working under
their authority in it professional capacity, have appropriate training and supervision and are
competent to undertake the work they perform.
To acquire the capabilities and competence required of audit professionals individuals may
need further education and development beyond that needed to qualify as professional
accountant.
These additional education and development requirements can be met during the education

44
and development program for qualifying as a professional accountant or after.
Education and development for acquiring and maintaining the capabilities of audit
professional; can include:
a) Advanced professional education pursued at academic institutions or through the
programs of professional bodies
b) On-the-job training and experience programs
c) Off-the-job training
d) Continuing professional development (CPO) course, and activities.

IFAC recognizes that each member body needs, to determine not only how best to comply
with this IES but also hat emphasis to place on the various parts of the education and
development process
In addition to acquiring the necessary knowledge e and skill, professional accountants will
have to be assessed to demonstrate the capabilities and competence needed to take on
responsibility for significant judgment in an audit of historical financial information. The
IAESB recognizes that when assessing capabilities measuring output is likely to be superior to
measuring inputs. Output-based approaches concentrate on me assuming the development and
maintenance of competence actually achieved through learning rather than measuring the
various learning activities.
Audit professionals will need further development to progress through supervisory and
managerial roles to acting as-the engagement partner.
All professional accountants are obliged to engage ill lifelong learning to keep up-to-date on
developments influencing the profession and the quality of the services they provide.

Knowledge Content
The appropriate level of education and learning of the intellectual and personal skills
necessary to become an audit-professional is generally found ill it combination of
undergraduate degree and professional education programs.
Where a member body does not require an undergraduate degree, the member body needs to
be able to demonstrate that the intellectual and personal skill; have been developed to the
required level in other ways.
The knowledge content within the education and development program for audit professionals
should include the following subject areas:
a) audit of historical financial information at an advanced level
b) financial accounting and reporting at an advanced level
c) information technology

Audit professionals are expected to have sufficient knowledge of cut-rent developments in the
field of audit of historical financial information to respond to issues in the business
environment. It is important therefore, that education and continuing development programs
for audit professionals include coverage of relevant current issues and developments.
The knowledge content of the audit of historical financial information subject area should
include the following at an advanced level:
a) best practices in the audits of historical financial information including relevant current
issues and developments: and
b) International Standards on Auditing (ISAs) and International Auditing Practice

45
 Statements (IAPSs): and/or
c) Any other applicable standards or laws.

In addition to the knowledge listed above, audit professionals may also require knowledge of
international Standards Quality Control (ISQCs), International Standards on Review
Engagements (ISRE,) International Standard, on Assurance Engagements (ISREs).
International Standards on Related Services (ISRSs), or local equivalents of these.
The knowledge content of the financial accounting and reporting subject area should include
the following:
a. Financial accounting and reporting processes and practices, including relevant
current issues and developments: and
b. International Financial Reporting Standard s (IFRSs): and/or
c. Any other applicable standards or laws

If an audit client is required to prepare financial reports in accordance with standards specific
to the public sector, statements will include International Public Sector Accounting Standards
(IPSAS) and any applicable international national and or local equivalents of these.
The knowledge content of the information technology subject area should include the
following:
a) Information technology systems for financial accounting and reporting including
relevant current issues and developments: and
b) Frameworks for evaluating controls, and assessing risks in accounting and reporting
system as - appropriate for the audit of historical financial information.

Professional skills
The skill requirement within the education and development program for audit professionals
should include:
a) Applying the following g professional skills in all audit environments:
a) identifying and solving problems:
b) undertaking appropriate technical research:
c) working in teams effectively:
d) gathering and evaluating evidence:
e) Presenting discussing and defending views effectively through formal, informal
written and spoken communication': and

b) Developing the following professional skills at an advanced in an audit environment:

i. applying relevant audit standards and guidance:

ii. evaluating applications of relevant financial reporting standards;

iii. demonstrating capacity for inquiry, abstract logical thought and critical analysts
iv. demonstrating professional skepticism:
v. applying professional judgment: and
vi. withstanding and resolving conflict

Professional Values, Ethics and Attitudes

Individuals should be able to apply the required professional values, ethics and attitudes in an
audit environment before taking on the role of an audit professional

46
 - Professional accountants need a thorough understanding of the potential ethical
implications of professional and managerial decisions. They need to be aware that
decision-makers can be under tremendous pressure when it comes to upholding ethical
principles.
- Audit professionals like all professional accountants are expected to apply the
professional values, ethics and attitudes throughout their professional careers. During
their period of practical experience they should receive guidance on the:
a. Professional approach to ethics:
b. Practical application of the fundamental principles:
c. Consequence, of unethical behavior: and
d. Resolution of ethical dilemmas.
- Learning about professional ethics need, to continue after qualification. Audit
professionals need to see this as a career long process.
- The fundamental ethical principles; that apply to' all professional accountants have an
added dimension in the audit domain, because of the heavy public reliance on and
public interest in this aspect of the professional worldwide
- Fundamental principle are essential to the development of the professional and society
as a whole, these fundamental principle are-;
a. Integrity
b. Objectivity:
c. Professional competence and due care
d. Confidentiality: and
e. Professional behavior.
- In addition the IESBA Code requires all members of assurance teams and organizations
to be independent of assurance. Clients members of assurance teams and organizations
are required to apply the independence conceptual framework outlined therein.
- It is important that audit professionals are
a. Aware of potential new ethical dimensions and conflicts in their work: and
b. Keep current on the expectations of their professional accounting bodies and the
public in terms of professional ethics.

Practical Experience
Professional accountants should complete a period of relevant practical experience before
taking on the role of an audit professional. This period should be long enough and intensive
enough to permit them to demonstrate that they have acquired the necessary professional
knowledge: professional skills: and professional values, ethics and attitudes. A substantial
proportion of the period of practical experience should be in the area of audit of historical
financial information.
Practical Experience Requirements sets out the practical experience requirements for all
professional accountants, Professional accountant assuming the role of an audit professional
are also required to demonstrate application of the knowledge and skills specifically required
by this section of IES S, and in an audit environment in accordance with the professional
values, ethics and attitudes
Practical experience that contributes to the competence of an audit professional need: to be
relevant to the type and size of audit assignments audit professionals are, or are likely to be,

47
involved in the period of experience should permit them to:
a) apply, in a properly supervised environment, the requisite knowledge e and skills: and
b) develop and demonstrate the competence required

The period of practical experience relevant to an audit professional may come during or after
qualification as a professional accountant.
A period of practical experience relevant to an audit professional would normally be not less
than three years, of which at least two year should normally be spent in the area of audit of
historical financial information under the guidance of an engagement partner. Where a
member body does not require the completion of this minimum period of experience the
member body need to be able to demonstrate that the application of the knowledge and skill,
required has been achieved in an audit environment and has resulted in candidate, developing
the necessary competence and capability to apply professional judgment in the audit
assignment.
The required audit experience should be obtained with an organization that can provide
suitable audit experience under the guidance of engagement partner.

Continuing Professional Development

Professional capabilities and competence should be assessed before individuals take on the
role of audit Professionals.
Assessment should be comprehensive enough to permit demonstration of the professional
knowledge: professional skills; and professional values ethics and attitudes required to
competently perform the work of audit professionals.
The assessment of the capabilities and competence or audit professionals may be carried out
by:
a) The ICPAK member body of which all individual is a member • (including through the
member body's peer review process):
b) a third party (e.g. education or training organization government or regulatory
authority, or workplace assessor under the authority of the member body);
c) an audit organization (including through the organization's, quality control systems): or
d) a combination of these

Competence requirements for an engagement Partner

To assume the greater responsibilities of the engagement partner will require the development
of additional professional knowledge; professional skills and professional values, ethics and
attitudes. An engagement partner would be expected to demonstrate a comprehensive
understanding of the audit process and an ability to communicate a wide range of matters to a
broad range of parties
As audit professional progress into positions such as engagement partners, they will need to
demonstrate competence in the following areas:
a. Leadership responsibility for the quality of audits:
b. Formation of conclusions on compliance with applicable independence
requirements:
c. Acceptance and continuation of client relationships and specific audit
engagements
d. Assignment of engagement teams, ensuring the collective capabilities and
competence to perform the engagement and issue an audit report:

48
 e. Direction, supervision and performance of the audit engagement in compliance
with professional standards and regulatory and legal requirements:
f. Consultation, review and discussion of work performed: and
g. Development of the audit report that is appropriate and supported by sufficient
appropriate audit evidence

PROFESSIONAL DUE CARE

Due Care: diligence which a person would exercise under a given set of circumstances.

Due Professional Care: diligence which a person, who possesses a special skill, would
exercise under a given set of circumstances. The standard of "due care" is that level of
diligence which a prudent and competent person would exercise under a given set of
circumstances.
"Due professional care" applies to an individual who professes to exercise a special skill such
as information systems auditing. Due professional care requires the individual to exercise that
skill to a level commonly possessed by practitioners of that specialty.
Due professional care applies to the exercise of professional judgment in the conduct of work
performed. Due professional care implies that the professional approaches matters requiring
professional judgment with proper diligence. Despite the exercise of due professional care and
professional judgment, situations may nonetheless arise where an incorrect conclusion may be
drawn from a diligent review of the available facts and circumstances.
Therefore, the subsequent discovery of incorrect conclusions does not, in and of itself, indicate
inadequate professional judgment or lack of diligence on the part of the Auditor.
'Due professional care should extend to every aspect of the audit, including the evaluation of
audit risk, the formulation of audit objectives, the establishment of the audit scope, the
selection of audit tests, and the evaluation of test results. In doing this, the Auditor should
determine or evaluate:

- The type and level of audit resources required to meet the audit objectives
- The significance of identified risks and the potential effect of such risks on the audit
- The audit evidence gathered
- The competence, integrity, and conclusions of others upon whose work the Auditor
places reliance

The intended recipients of the audit reports have an appropriate expectation that the Auditor
has exercised due professional care throughout the course of the audit. The Auditor should not
accept an assignment unless adequate skills, knowledge, and other resources are available to
complete the work in a manner expected of a professional.
The Auditor should conduct the audit with diligence while adhering to professional standards.
The Auditor should disclose the circumstances of any non-compliance with professional
standards in a manner consistent with the communication of the audit results.

INDEPENDENCE OF OPINION

49
Independence is something that is both a matter of fact and a matter of appearance. It is
important to be independent but it is also important to appear to be independent.

Independence Comprises:
a. Independence of mind—the state of mind that permits the provision of an opinion
without being affected by influences that compromise professional judgment, allowing
an individual to act with integrity, and exercise objectivity and professional
skepticism.
b. Independence in appearance—the avoidance of facts and circumstances that are so
significant a reasonable and informed third party, having knowledge of all relevant
information, including any safeguards applied, would reasonably conclude a firm's, or
a member of the assurance team's, integrity, objectivity or professional skepticism had
been compromised.

The auditor's independence from the entity safeguards the auditor's ability to form an audit
opinion without being affected by influences that might compromise that opinion.
Independence enhances the auditor's ability to act with integrity, to be objective and to
maintain an attitude of professional skepticism-

Principles of independence:
• An auditor may not have a mutual or conflicting interest with the client
• An auditor may not audit his own firm's work
• An auditor may not function as management or as an employee of the audit client
• An auditor may not act as an advocate for the audit client

To ensure both independence and the appearance of independence, rules have been set out in
the professional bodies' ethical codes.
Included in the codes are the following matters which impair independence.
• Undue dependence on an audit client as a proportion of fee income

• Actual or threatened litigation

• Family or other personal relationship
• Beneficial interest in shares and other investments
• Beneficial interest in trusts
• Loans to or from client
• The provision of goods and services or hospitality
• The provision of other services

OBJECTIVITY AND INTEGRITY

Integrity, Objectivity and Independence

Integrity
The principle of integrity imposes an obligation on all professional accountants to be straight
forward and honest in professional and business relationships. Integrity also implies fair
dealing and truthfulness.

50
A professional accountant should not be associated with reports, returns, communications or
other information where they believe that the information:
Contains a materially false or misleading statement;
a) Contains statements or information furnished recklessly; or
b) Omits or obscures information required to be included where such omission or
obscurity would be misleading.

A professional accountant will not be considered to be in breath of matters associated with

reports, returns, communications or other information if the professional accountant provides a
modified report in respect of a matter such matters.

Objectivity
Objectivity is essential for any professional person exercising professional judgment. It is as
essential for members in business as for practising members. Objectivity is the state of mind
which has regard to all considerations relevant to the task in hand but no other. It is sometimes
described as 'independence of mind'.
The need for objectivity is particularly evident in the case of a practising accountant carrying,
out an audit or some other reporting role where his professional opinion is likely to affect
rights between parties and the decisions they take.

Threats to objectivity

Threats to objectivity might include the following:

1. The self-interest threat

A threat to the auditor's objectivity stemming from a financial or other self-interest
conflict. This could arise, for example, from a direct or indirect interest in a client or
from a fear of losing a client.

2. The self-review threat

The apparent difficulty of maintaining objectivity and conducting what is effectively
a self-review, if any product or judgement of a previous audit assignment or a non-
audit assignment needs to be challenged or re-evaluated in reaching audit conclusions.

3. The advocacy threat

There is an apparent threat to the auditor's objectivity, if he becomes an advocate for
(or against) his client's position in any adversarial proceedings or situations.
Whenever the auditor takes a strongly proactive stance on the client's behalf, this may
appear to be incompatible with the special objectivity that audit requires.

4. The familiarity or trust threat

A threat that the auditor may become over-influenced by the personality and qualities
of the directors and management, and consequently too sympathetic to their interest.
Alternatively the auditor may become too trusting of management representations so
as to be inadequately rigorous in his testing of them - because he knows the client too

51
 well or the issue too well or for some similar reason.

5. The intimidation threat

The possibility that the auditor may become intimidated by threat, by dominating
personality, or by other pressures, actual or feared, by a director or manager of the
client or by some other party

Each of the above threats may arise either in relation to the auditor's own person or in
relation to a connected person such as a member of his family or a partner or a person
who is close to him for some other reason, such as past or present association or
obligation or indebtedness.

The safeguards which are available to offset the threats

Auditors should always consider the use of safeguards and procedures which may negate or
reduce threats. They should be prepared to demonstrate that in relation to each identified
threat, they have 'considered the availability and effectiveness of the safeguards and
procedures and are satisfied that their objectivity in carrying out the assignment will be
properly preserved.

Safeguards and Procedures

The safeguards and procedures might include:

Factors in the environment of the practice which will operate so as to offset any threat to
objectivity
An exhaustive list of these countervailing factors is not possible, but auditors should expect
where possible to have developed the following characteristics in their firms. Where they have
been developed they will provide safeguards.
i. Chartered accountants are taught from the outset of their training contracts to behave
with integrity in all their professional and business relationships and to strive for
objectivity in all professional and business judgements. These factors rank highly in the
qualities that chartered accountants have to demonstrate prior to admission. They should
therefore be well used to setting personal views and inclinations aside.
ii. Engagement partners should have sufficient regard for their own careers and reputations
to be encouraged towards objectivity and to effective use of safeguards.
iii. Within every firm there should be strong peer pressure towards integrity, Reliance on
one another's integrity should be the essential force which permits partners to entrust
their public reputation and personal liability to each other.
iv. Firms should set great store on their reputation for impartiality and objectivity. It is the
foundation for their ability to practise and to gain work over the medium and long term,
and they should not permit a member of the firm to risk it for short term benefit or gain.
v. Firms of all sizes should have established strong internal procedures and controls over
the work of individual principals, so that difficult and sensitive judgments are reinforced
by the collective views of other principals, thereby also reducing the possibility of
litigation.

52
Safeguards and sanctions built into the structure of the profession itself
These might include:
i. The long-standing ethical code of the profession, of which this guidance forms part.
Where appropriate, this code imposes specific prohibitions where the threat to the
auditor's objectivity is so significant, or is generally perceived to be so, that no other
appropriate safeguards would be effective.
ii. The ethical support provided by the Institute, including the Ethics Advisory Services
helpline, published advice on ethics such as Help Sheets and the Support Member
Scheme involving District Societies.
iii. The reinforcement given to the above safeguards by a policing system which reacts
to complaints, whether by members of the public or members of the profession,
investigates the background to the complaints, and where necessary commences
disciplinary proceedings against an offending Member. Together with monitoring
(below), the system ensures that a firm's past conduct and current procedures are
likely to come under close independent professional scrutiny if the conduct of
practising members gives rise to challenge over their exercise of these guidelines:
iv. The active monitoring procedures conducted by the profession for reserved activities
such as auditing. On behalf of the Institute Committees concerned, the Quality

Assurance Directorate visits firms which are registered to conduct audits. It

examines firms' compliance with the Audit Regulations and reports to those
Committees. The Regulations embrace in their requirements the whole of this
guidance.

Steps taken by firms to ensure that threats to objectivity are recognized, documented
and mitigated

These might not be disclosed to outsiders unless disciplinary or regulatory follow4fp requires
it. Examples of internal procedures within firms which may contribute to reassurance that the
required audit objectivity has been preserved include:
i. Arrangements to ensure that staffs are adequately trained and empowered to
communicate any issue of objectivity that concerns them to a separate principal.
ii. The involvement of an additional principal (in the case of a sole-practitioner, a
qualified colleague) to carry out a review' or otherwise advise.
iii. Rotation of engagement partners and staff.
iv. The evaluation of a potential client when a firm is approached to act, to assess such
facts as the integrity of the client's management, company profile, accountancy
competence, etc.
v. Formal-Consideration and review of the continuance of all engagements before the
firm's name is allowed to go forward for reappointment as auditor.
vi. An overall control environment, starting with a professional approach towards matters
of quality and ethics, and taking in staff training, development and performance
appraisal, and the assurance provided by a regularly monitored and evidenced control
system.

53
The involvement of a third party such as a client audit committee, or a regulatory body
or another firm

Refusal to act where no other course can abate the perceived problem
Some exclusions and prohibitions are the subject of statute or regulation outside the control of
the profession. In addition, there are some situations in which the threat to an auditor's
objectivity is so significant, or generally perceived to be so, that an auditor should, having
regard to preservation of the public image of his profession, decline to accept appointment,
even if he believes that the circumstances are such that available safeguards and procedures
could, in his particular case, enable him to maintain proper objectivity. In this eventuality, he
should decline or resign appointment.
It follows from the preceding paragraphs that the perception of the public or any section of it)
that an auditor's objectivity may be threatened is not, of itself, a reason why an appointment
should be refused. The countervailing pressures and safeguards described above may often
override a threat. Members and firms are encouraged to make clients and others outside the
profession aware of the extensive and sophisticated compliance procedures that they employ.

The self-interest threat

All work that creates a financial relationship between the auditor and the audit client may
appear to create a self-interest threat - as doe’s payment for the audit itself. The nature of the
threat sometimes perceived is that the auditor's objectivity might be impaired by a need to
remain on good terms with the directors of the audited company in order to preserve a working
relationship. The perceived threat grows with the size of the fees and is thus increased by work
or services additional to the audit. But the most significant dimension of any threat, real or
perceived, is likely to reside in the size of the total fees earned from a client in relation to the
whole fees of the firm.
The self-review threat
- Audit work itself gives rise to self-review. The auditor reviews matters that he has
previously judged in prior-year audits, matters that were judged at planning stage, his
recommendations (or lack of them) to management at previous audits, etc. In auditing,
perhaps more than in any other activity, there is a need for a readiness to recognise and
avoid past mistakes.
- The auditor must adopt the objectivity and independence of mind to be able to
acknowledge past errors or mistakes of judgement and report fairly and afresh.
- The provision of other services may give rise to further need for self-review. If, for
example, the firm has designed or recommended any part of the systems or controls on
which the audit relies, the audit team will need to take particular care to ensure that the
audit judgments are objective, perhaps in the case of larger firms by arranging that there
is little or no common membership between the systems work and the audit team.
- If, as is common for smaller companies, the auditor has prepared any of the data
contained in the financial statements or drafted material for the notes, or assisted in the
preparation of the accounting records, a degree of self-review arises.
- There is a spectrum of involvement by the auditor in the preparation of accounting
records. It ranges from the situation prevailing in small companies where the auditor may
prepare much of the accounting records and the financial statements as well as auditing
them, to the other end of the spectrum where in the case of a major listed company the

54
 auditor does not participate in any part of the preparation process. Even in the latter case,
the auditor who detects omissions in the company's proposed disclosures will normally
suggest and draft the amendments required, so that in the end it is uncommon for a set of
financial statements to appear where the auditor has had no hand whatsoever in the
presentation or drafting.
- These processes of assistance, entailing self-review as they do, are not intrinsically
damaging to audit objectivity, but pose a threat to it. Safeguards are necessary.
- At the smaller company end of the spectrum the safeguards reside in a considered
analysis by the auditor of the work done in preparation of records and statements and
careful consideration as to what separate audit procedures and scope are thus required. At
the other end of the spectrum, in the case of a listed company or other public interest
company audit client, an audit practice should not participate in the preparation of the
company's accounts and accounting records save in relation to assistance of a routine
clerical nature or in emergency. Such assistance might include, for example, work on the
finalisation of statutory accounts, including consolidations and tax provisions. The scale
and nature of such work should be regularly reviewed.

Expert services as an example of the self-review threat

The provision for an audit client of expert services, by an audit firm or an associated firm or
organisation in the same country or overseas, which directly affect amounts and disclosures in
the financial statements of an audit client gives rise to a self-review threat to objectivity,
These...services may include reports, opinions, valuations or statements by an expert.
In these circumstances, the auditor should carefully consider whether the threat is so great that
the firm should either not audit the financial statement concerned or advise the client to seek
an alternative source for the particular expert services; in cases where the firm decides to
accept such an engagement, the auditor should determine what appropriate safeguards should
be added to address the threat. To ensure that careful consideration has been given to the key
aspects of the threat firms should record the basis of their decisions and document the
safeguards.
A major issue attesting the self-review threat, which should be carefully considered by the
auditor, is the materiality of the amounts involved in relation to the financial statements. In
addition to the amounts involved, the issue of materiality is likely to be influenced, to a
considerable extent, by the degree of subjectivity inherent in the items concerned.
In evaluating the extent of the threat the auditor should also consider the following matters in
relation to the amounts included in the financial statements:
• The extent of the directors’ knowledge and experience and ability to evaluate the
issues. Concerned and the extent of their involvement in determining and approving
significant matters of judgement;
• the degree to which established methodologies and professional guidelines are utilised
in the type of expert services;
• the reliability and extent of the underlying base data;
• the degree of dependence on future events of a nature which could create significant
volatility inherent in the amounts involved;
• The extent and clarity of related disclosures in the financial statements including
disclosure of the underlying assumptions, and the identity of the provider of the expert

55
 services.

Safeguards
Where a firm has identified a threat it should consider the matters set out in above in relation
to the audit team and take any necessary steps to safeguard its objectivity. Such steps will
often include the use of different partners and separate teams each having separate reporting
lines and additional review procedures sufficient to ensure that objectivity is preserved.
Firms should ensure that their work complies with the International Standards on Auditing
(ISA 620), 'Using the Work of an Auditor's Expert', particularly the elements identified in the
section: 'Assessing the Work of an Expert'.

The advocacy threat

Advocacy arises where a practitioner becomes an advocate for a client's position in any
adversarial proceeding or situation. There is nothing improper about a position of advocacy
and many types of professional services and support to a client may require it.
Advocacy in a simple sense is always present where a firm supports its clients' interests. At the
same time a professional person is always required to strive for objectivity in all professional
work.
But advocacy can take a sharpened form, a more committed and protagonist form, where the
firm supports its client in an adversarial situation.
An auditor's client is in principle the company and its shareholders. But his duty to that
particular client must be set in the context of the wider public interest which requires him
(through. Companies Acts requirements and the Auditing Practices Board pronouncements) to
provide an opinion as to whether a set of financial statements gives a true and fair view. That
true and fair view must be an objective one, not tailored to or influenced by the needs of the
client_
Hence advocacy in any sharpened form is likely to appear to the beholder to be incompatible
with the particular objectivity required by the audit reporting role. And in fact, particular
advocate roles, though adopted with objective judgement, may tend subsequently to form a
degree of commitment in the professional's mind which may make it difficult to return to the
objectivity required for reporting.
The following examples are provided to illustrate the classes of professional services or other
activity which may give rise to these sharper forms of advocacy:
a. The recommendation, or promotion, of shares requires the adoption of a posture of
advocacy in relation to the company concerned which cannot be compatible with
objectivity in reporting. To recommend or promote shares usually requires a mental
commitment to views or assertions about the strengths and qualities of the company.
These views or assertions may have been reached by objective consideration, but once
adopted the mental commitment does not readily permit a return to either the
appearance or the reality of dispassionate and objective judgement.
b. By extension, leading a corporate finance team which takes the responsibility for
recommending or promoting shares will be incompatible with objectivity in reporting.
For this reason Corporate Finance Advice contains what amounts to a prohibition on
the provision of such services to a company on which the firm reports.
c. The adoption of an extreme position on any issue of accounting principles, taxation or
other matter of professional judgement will always raise the risk of putting the

56
 practitioner into a position of sharpened advocacy. This will be heightened if it
becomes necessary for the firm to support the extreme position in adversarial
proceedings such as litigation, Takeover Panel proceedings, or negotiations with
government revenue departments. Such a position may both raise doubts in the minds of
observers and make it genuinely difficult for a firm to preserve its own audit objectivity on the
topics at issue.

The central issue for auditors in illustration (c) is the identification of what is or may become
an extreme position.

Members should endeavor to foresee such difficulties arising, and either avoid the extreme
position or suggest to the company that it may seek alternate advisers to perform any roles
requiring adversarial advocacy. It should be re-emphasised that there is nothing inherently
unethical in advocating an extreme position on a client's behalf, if it can be supported by
objective evidence. But it may be improper to perform such advocacy while at the same time
asserting that the objectivity of the audit role has been maintained. In some situations
separation of roles between different partners may provide a degree of internal safeguards, but
practitioners should recognise the risk of bringing themselves and the profession into disrepute
by entering into a -situation Where a position of advocacy appears to indicate a position of
commitment or a bias in state of mind which is not consistent with the objective state of mind
required for a reporting role.

FEES AND OTHER TYPES OF REMUNERATION

Fees should not be charged on a percentage or similar basis except where it is authorized by
the law or is generally% accepted practice for certain specialist work e.g. construction work.
Also, no instructions should be accepted on a contingency basis e.g. bonus of 3% on profits.
This is because auditor's judgment should not be impaired by hope of a financial gain. If fees
were computed as a percentage of the net profit, the auditor would be hesitant to propose to
the management audit adjustment that would result to reduction of the audit fees derived from
the assignment.
• In practice the most common mode of determination of audit fees is to compute them
on the following considerations:
• The skill and knowledge required for the type of work involved. If the work required an
expert, the fees would be higher
• The seniority of the person engaged in the work i.e. audit partners, managers, seniors
and assistants.
• The time necessarily engaged on each person on the work.
• The nature of responsibility which the work entails.

When entering into negotiations regarding professional services, a professional accountant in

public practice may quote whatever fee deemed to be appropriate. The fact that one
professional accountant in public practice may quote a fee lower than another is not in itself
unethical. Nevertheless, there may be threats to compliance with the fundamental principles
arising from the level of fees quoted. For example, a self-interest threat to professional
competence and due care is created if the fee quoted is so low that it may be difficult to

57
performing the engagement in accordance With applicable- technical and professional
standards for that price.
The significance of such threats will depend on factors such as the level of fee quoted and the
services to which it applies. In view of these potential threats, safeguards should be considered
and applied as necessary to eliminate them or reduce them to an acceptable level. Safeguards
which may be adopted include:
• Making the client aware of the terms of the engagement and, in particular, the basis on
which fees are charged and which services are covered by the quoted fee.

• Assigning appropriate time and qualified staff to the task.

Contingent fee
A fee calculated on a predetermined basis relating to the outcome or result of a transaction or
the result of the work performed. A fee that is established by a court or other public authority
is not a contingent fee.
Contingent fees are widely used for certain types of non-assurance engagements
They may, however, give rise to threats to compliance with the fundament principles in
certain circumstances. They may give rise to a self-interest threat to objectivity. The
significance of such threats will depend on factors including:
• The nature of the engagement.
• The range of possible fee amounts.
• The basis for determining the fee.
• Whether the outcome or result of the transaction is to be reviewed by an independent
third party.

The significance of such threats should be evaluated and, if they are other than clearly
insignificant, safeguards should be considered and applied as necessary to eliminate or reduce
them to an acceptable level. Such safeguards may include:
a) An advance written agreement with the client as to the basis of remuneration.
b) Disclosure to intended users of the work performed by the professional accountant in
public practice and the basis of remuneration.
c) Quality control policies and procedures.
d) Review by an objective third party of the work performed by the professional
accountant in public practice.

In certain circumstances, a professional accountant in public practice may receive a referral

fee or commission relating to a client. For example, where the professional accountant in
public practice does not provide the specific service required, a fee may be received for
referring a continuing client to another professional accountant in public practice or other
expert. A professional accountant in public practice may receive a commission from a third
party (e.g., a software vendor) in connection with the sale of goods or services to a client.
Accepting such a referral fee or commission may give rise to self-interest threats objectivity
and professional competence and due care.
A professional accountant in public practice may also pay a referral fee to obtain a client, for
example, where the client continues as a client of another professional accountant in public
practice but requires specialist services not offered by the existing accountant. The payment of

58
such a referral fee may also create a self- interest threat to objectivity and professional
competence and due care.
A professional accountant in public practice should not pay or receive a referral fee or
commission, unless the professional accountant in public practice has established safeguards
to eliminate the threats or reduce them to an acceptable level. Such safeguards may include:
a) Disclosing to the client any arrangements to pay a referral fee to another professional
accountant for the work referred.

b) Disclosing to the client any arrangements to receive a referral fee for referring the
client to another professional accountant in public practice.
c) Obtaining advance agreement from the client for commission arrangements in
connection with the sale by a third party of goods or services to the client.

A professional accountant in public practice may purchase all or part of another firm on the
basis that payments will be made to individuals formerly owning the firm or to their heirs or
estates. Such payments are not regarded as commissions or referral fees.

MARKETING PROFESSIONAL SERVICES

When a professional accountant in public practice solicits new work through advertising or
other forms of marketing, there may be potential threats to compliance with the fundamental
principles. For example, a self-interest threat to compliance with the principle of professional
behaviour is created if services, achievements or products are marketed in a way that is
inconsistent with that principle.
A professional accountant in public practice should not bring the profession into disrepute
when marketing professional services. The professional accountant in public practice should
be honest and truthful and should not:
a) Make exaggerated claims for services offers, qualifications possessed or experience
gained; or
b) Make disparaging references to unsubstantiated comparisons to the work of another.
If the professional accountant in public practice is in doubt whether a proposed form
of advertising or marketing is appropriate, the professional accountant in public
practice should consult with the relevant professional body.

ADVERTISING AND PUBLICITY

Advertising
The communication to the public of information as to the services or skills provided by
professional accountants in public practice with a view to procuring professional business.
A member should not advertise professional services or skills in such a way as to show
himself to be more qualified than other practicing accountants.
A member may place an advertisement under the following circumstances:
• When acting on behalf of the client.
• When acting in fiduciary or similar capacity.
• When seeking staff or salary employment.

59
A member may have paid announcements in the press for opening a new office, changing the
name, address or membership of his firm or for member's appointment. Publicity given to
member's activity both professional and otherwise is acceptable as it is publicity for the
professional activity of a firm. From the ethical guidance, it is unethical for an accountant to
seek professional work by advertising his services. One cannot therefore place an
advertisement in the media claiming he is a superior service provider than other accountants.

Advertisements should not contain comparisons with other members or firms, contain
testimonies or endorsements or bring the firm, members or the accountancy profession
discredit or dispute.
Although advertisements may refer to the basis on which fees are calculated and where they
contain any statements concerning the hourly rate charged by the firm, care should be taken to
,avoid giving the impression that lower quality performance is provided than that expected
from professional persons.

Obtaining professional work

A member should not in any circumstances obtain or seek professional work for himself or for
another party in unprofessional manner e.g. bargaining.
A practicing member should not give any commission, fee or reward to a third party in return
for introduction to a client. However, a partner who brings in business can be paid commission
by his own practice.
No member in practice shall comply with any request from a firm or company who is not a
client of that firm to submit a quotation for audit fees unless the existing auditors are aware
that such a request has been made by their client.

The Accountants Act

1. . The Accountants Act, as it stands presently, prohibits soliciting of clients and
professional work either directly or indirectly by circular, advertisement, personal
communication or interview or by any other means. It also prohibits advertisement of
attainment or services.
2. A member should not advertise his professional services or skills.
3. A member may place an advertisement when:
i. Seeking staff, a partnership or salaried employment; or, in the
professional press only, seeking sub-contract work;
ii. Acting on behalf of a client;
iii. Acting in fiduciary or similar capacity.
4. Paid announcements in the press are permitted for;
a) The opening of a new office, changes in the membership of a firm and
changes in the name or address of a firm;
b) Members' appointments.
5. Publicity given to members' activities, both professional and otherwise, is acceptable,
as is publicity for the professional activities of a firm.
6. Explanatory notes to the guide to professional ethics

Advertising and Publicity; Use of a member's name by a client

60
If a company or other client wishes to make use of the name and description of their auditor in
any business document or literature, other than their financial statements for which the auditor
accepts responsibility, the member should make it clear that his approval must be obtained.
It is only rarely that such permission can be justified. In those cases, the member should
ensure that his name is not given undue prominence in the document. In the same way,
member's name and description, either as auditor or in some other professional capacity,
should not be permitted to appear on a client's note paper.
Audit reports on headed notepaper in facsimile form should not be included in published
accounts.
The above applies only where the member is acting in some professional capacity. It does not
apply to a member who is appointed chairman, director, treasurer, secretary or other officer of
a company or as an employee, in which case his name and designatory letters may appear in
any document issued by the organisation.
A member making for publication a report on, for example, net sales or newspaper circulation
figures, should be careful to ensure that his report deals only with ascertained facts. If this
report is quoted in any literature by the organisation or in the press, it should not be presented
in such a way, either as to size or presentation, as to be capable of being regarded as an
advertisement for the member and should not include his practicing address. Such a, report on
headed notepaper should not be reproduced in a facsimile form.

Opinion shopping
The term 'opinion shopping' is generally understood to involve the search for an auditor
willing to support a proposed accounting treatment designed to help a company achieve its
reporting objectives even though that treatment might frustrate reliable reporting.
An auditor can be defined as lacking independence if he/she adopts a viewpoint that is biased
in favour of management. A lad< of auditor independence might be manifest in the design of
the audit programme, the volume and quality of audit evidence collected, and the audit opinion
issued. The threat of audit firm dismissal and the consequent loss of audit income relates
closely to the issue of auditor independence. An independent audit firm would not change its
opinion in response to a client's dismissal threat, whereas a firm that lacks independence might
bend to its client's wishes. Dismissal threats need not be explicitly stated in order for them to
be effective. If an audit firm is concerned that an unfavourable opinion would lead to the loss
of a client, it may be deterred from issuing an unfavourable opinion without explicit threats
from client management. Instead, there might be an implicit recognition by the client's
management and the audit firm that their economic interests are mutually dependent

TOPIC 4

PLANNING AND RISK ASSESMENT

OBTAINING CLIENTS ACCEPTANCE AND RETENTION

In the current business environment, it not only makes good business sense to consider client
due diligence, but certain client acceptance and continuance procedures are required by the
auditing and assurance standards.

61
ISA 210 Agreeing the terms of the audit engagement establishes the preconditions for
accepting an audit, which are:

 An acceptable financial reporting framework has been used in the preparation of the
financial statements
 Those charged with governance agree that they acknowledge and understand their
responsibilities.

If the preconditions for an audit are not present, the auditor must discuss the matter with those
charged with governance. Unless required by law or regulation to do so, the auditor must not
accept the engagement.
ISA 220 Quality control for an audit of financial statements deals with those aspects of
engagement acceptance that are within the control of the auditor. The engagement partner
must be satisfied that appropriate procedures regarding the acceptance and continuance of
client relationships and audit engagements have been followed, and must determine that
conclusions reached in this regard are appropriate.

Information such as the following assists the engagement partner in determining whether the
conclusions reached regarding the acceptance and continuance of audit engagements is
appropriate:

 the integrity of the principal owners, key management and those charged with
governance of the entity
 whether the engagement team is competent to perform the audit engagement and has
the necessary capabilities, including time and resources
 whether the firm and the engagement team can comply with relevant ethical
requirements
 Significant matters that have arisen during the current or previous audit engagement
and their implications for continuing the relationship.

Ethical requirements

Audit firms should expect the same commitment to quality and integrity on the part of their
clients as they do of themselves. As a result, many have developed and implemented improved
processes for approving new clients as well as reviewing relationships with existing clients.

An important part of the client acceptance process is for the prospective auditor to
communicate with the existing auditor in writing. A professional clearance letter enquires
whether there are any professional or other reasons why the engagement should not be
accepted. For example, one such reason may be a disagreement with some particular
accounting treatment the client wishes to adopt. However, before the existing auditor can pass
on any information to the prospective auditor, they must have the client’s authority to discuss
its affairs. If the client refuses permission then all the existing auditor can do is advise the
prospective auditor that there are matters they would like to discuss but the client has refused
permission for this, and this should speak volumes.

62
Adequate resources

Prior to acceptance or continuance of an audit engagement, the engagement partner must

determine that the audit team has the necessary technical expertise and sufficient resources
such as time and access to experts. The increasing complexity and regulation of audit requires
a significant investment of practice resources to maintain audit competence. Internal and
external reviews are an important mechanism to help practitioners decide whether they are
competent and adequately equipped to perform audits.

Key message

Typically the process of handling audit client acceptance and continuance varies with the size
of the firm, and such directives should be included in a firm's quality control manual. The
process should provide the audit firm with information to judge whether the entity meets or
exceeds the necessary standards of integrity and whether the firm has the capacity to perform a
quality audit if these standards are not clearly met, the engagement should not be accepted. If
a client no longer meets the firm's standards, or when the firm cannot commit sufficient
resources to deliver a quality audit to the client, the auditor should not accept the engagement.
As with any auditing procedure, the process should be documented and all correspondence
retained as audit evidence.

The cost of client due diligence is a small fraction of the value of the engagement, and if the
outcome is acceptance this cost should be passed onto the client as part of the audit fee. If the
prospective client is not accepted, then clearly this is time and money well spent. The key
message is that audit firms can turn work down, a firm does not have to accept an audit
engagement, it can say “no” to clients that do not fit the risk profile of the firm and capital will
go where it is deserved. This will contribute towards developing a healthy and profitable
business.

At a glance – red flag examples

1. Frequent changes of auditors – can mean an organisation is opinion shopping.

2. Poor financial history – prior failed business or bankruptcy could indicate a person who
takes unjustifiable risks.
3. Work/business history – is there unstable address, employment or professional history
4. Overly litigious as a plaintiff or defendant – signals a party who is not afraid to sue,
presents a risk of non-payment or who may not honour their agreements.
5. High turnover in upper management – can indicate a lack of internal stability.
6. Short operating history – where were the management team before they were at the
current organisation?
7. Foreign operations/plants – complex business structures may be concealing something.
8. Reluctance to provide references – if they are reluctant to disclose information now,
how will they be once they are a client?
9. Pressure to start work quickly – can be a sign that they do not want you looking into
their background.
10. Regulatory actions – can indicate poor internal controls or a management team ignoring

63
 internal controls.

Engagement letters
The engagement letter will be sent before the audit. It specifies the nature of the contract
between the audit firm and the client and minimises the risk of any misunderstanding of the
auditor's role.
It should be reviewed every year to ensure that it is up to date but does not need to be reissued
every year unless there are changes to the terms of the engagement. The auditor must issue a
new engagement letter if the scope or context of the assignment changes after initial
appointment.
ISA 210 requires the auditor to consider whether there is a need to remind the entity of the
existing terms of the audit engagement for recurring audits and many firms choose to send a
new letter every year, to emphasise its importance to clients.

The contents of the engagement letter

The contents of a letter of engagement for audit services are listed in ISA 210 Agreeing the
Terms of Audit Engagements. They should include the following:
 The objective and scope of the audit;
 The responsibilities of the auditor;
 The responsibilities of management;
 The identification of an applicable financial reporting framework; and
 Reference to the expected form and content of any reports to be issued_

In addition to the above the engagement letter may also make reference to:
 The unavoidable risk that some material misstatements may go undetected due to the
inherent limitations in an audit;
 Arrangements regarding the planning and performance of the audit;

 The expectation that management will provide written representations;

 The agreement of management to make available to the auditor draft financial
statements and other information in time to complete the audit in accordance with the
proposed timetable;
 The agreement of management to inform the auditor of facts that may affect the
financial statements;
 The basis on which fees are computed and billing arrangements;
 A request for management to acknowledge receipt of the engagement letter and to agree
the terms outlined;
 Agreements concerning the involvement of auditors experts and internal auditors; and
 Restrictions to the auditor's liability.

Recurring Audits
On recurring audits, the auditor should consider whether circumstances require the terms of
the engagement to be revised and whether there is a need to remind the client of the existing
terms of the engagement.
The auditor may decide not to send a new engagement letter each period. However, the

64
following factors may make it appropriate to send a new letter:
 Any indication that the client misunderstands the objective and scope of the audit. Any
revised or special terms of the engagement.
 A recent change of senior management or those charged with governance.
 A significant change in ownership.
 A significant change in nature or size of the client's business.
 Legal or regulatory requirements.

Acceptance of a Change in Engagement

An auditor who, before the completion of the engagement, is requested to change the
engagement to one which provides a lower level of assurance, should consider the
A request from the client for the auditor to change the engagement may result from a change
in circumstances affecting the need for the service, a misunderstanding as to the nature of an
audit or related service originally requested or a restriction on the scope of the engagement,
whether imposed by management or caused by circumstances. The auditor would consider
carefully the reason given for the request, particularly the implications of a restriction on the
scope of the engagement.
A change in circumstances that affects the entity's requirements or a misunderstanding
concerning the nature of service originally requested would ordinarily be considered a
reasonable basis for requesting a change in the engagement. In contrast a change would not be
considered reasonable .if it appeared that the change relates to information that is incorrect,
incomplete or otherwise unsatisfactory.
Before agreeing to change an audit engagement to a related service, an auditor who was
engaged to perform an audit in accordance with ISAs would consider, in addition to the above
matters, any legal or contractual implications of the change.

If the auditor concludes that there is reasonable justification to change the engagement and if
the audit work performed complies with the ISAs applicable to the changed engagement, the
report issued would be that appropriate for the revised terms of engagement. In order to avoid
confusing the reader, the report would not include reference to:
a) The original engagement; or
b) Any procedures that may have been performed in the original engagement, except
where the engagement is changed to an engagement to undertake agreed-upon
procedures and thus reference to the procedures performed is a normal part of the report

Where the terms of the engagement are changed, the auditor and the client should agree on the
new terms.
The auditor should not agree to a change of engagement where there is no reasonable
justification for doing so. An example might be an audit engagement where the auditor is
unable to obtain sufficient appropriate audit evidence regarding receivables and the client asks
for the engagement to be changed to a review engagement to avoid a qualified audit opinion or
a disclaimer of opinion.
If the auditor is unable to agree to a change of the engagement and is not permitted to continue
the original engagement, the auditor should withdraw and consider whether there is any
obligation, either contractual or otherwise, to report to other parties, such as those charged
with governance or shareholders, the circumstances necessitating the withdrawal.

65
UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT

The objective of the auditor is to identify and assess the risks of material misstatement,
whether due to fraud or error, at the financial statement and assertion levels, through
understanding the entity and its environment, including the entity's internal control, thereby
providing a basis for designing and implementing responses to the assessed risks of material
misstatement.

Risk assessment procedures are performed at the planning stage of an audit to obtain an
understanding of the entity being audited and to identify any areas of concern which could
result in material misstatements in the financial statements. They allow the auditor to assess
the nature, timing and extent of audit procedures to be performed.

ISA 315 Risk Assessments and Internal Controls states that the auditor should obtain an
understanding of the accounting and internal control systems sufficiently to plan the audit and
develop an effective audit approach. The auditor should use professional judgment to assess
audit risk and to design audit procedures to ensure it is reduced to an acceptably low level.

Sources of audit evidence that can be used as part of risk assessment procedures.
 Inquiries of management
 Prior year financial statement
 Current year management accounts and budgets
 Analytical procedures
 Observation and inspection

Definitions
For purposes of the ISAs, the following terms have the meanings attributed below:
a) Assertions — Representations by management, explicit or otherwise, that are
embodied in the financial statements, as used by the auditor to consider the different
types of potential misstatements that may occur.
b) Business risk - A risk resulting from significant conditions, events, circumstances,
actions or inactions that could adversely affect an entity's ability to achieve its
objectives and execute its strategies, or from the setting of inappropriate objectives and
strategies.
c) Internal control — The process designed, implemented and maintained by those
charged with governance, management and other personnel to provide reasonable
assurance about the achievement of an entity's objectives with regard to reliability of
financial reporting, effectiveness and efficiency of operations, and compliance with
applicable laws and regulations. The term "controls" refers to any aspects of one or
more of the components of internal control.
d) Risk assessment procedures: - The audit procedures performed to obtain an understanding of the
entity and its environment, including the entity's internal control, to identify and assess the risks of material
misstatement, whether due to fraud or error, at the financial statement and assertion levels.
e) Significant risk -- An identified and assessed risk of material misstatement that, in the
auditor's judgment, requires special audit consideration.

66
RISK ASSESSMENT PROCEDURES AND RELATED ACTIVITIES

 The auditor shall perform risk assessment procedures to provide a basis for the
identification and assessment of risks of material misstatement at the financial statement
and assertion levels. Risk assessment procedures by themselves, however, do not provide
sufficient appropriate audit evidence on which to base the audit opinion.
 The risk assessment procedures shall include the following:
a) Inquiries of management, of appropriate individuals within the internal audit function
(if the function exists), and of others within the entity who in the auditor's judgment
may have information that is likely to assist in identifying risks of material
misstatement due to fraud or error.
b) Analytical procedures.
c) Observation and inspection.
 The auditor shall consider whether information obtained from the auditor's client
acceptance or continuance process is relevant to identifying risks of material misstatement.

 If the engagement partner has performed other engagements for the entity, the engagement
partner shall consider whether information obtained is relevant to identifying risks of
material misstatement.
 Where the auditor intends to use information obtained from the auditor's previous
experience with the entity and from audit procedures performed in previous audits, the
auditor shall determine whether changes have occurred since the previous audit that may
affect its relevance to the current audit.
 The engagement partner and other key engagement team members shall discuss the
susceptibility of the entity's financial statements to material misstatement, and the
application of the applicable financial reporting framework to the entity's facts and
circumstances. The engagement partner shall determine which matters are to be
communicated to engagement team members not involved in the discussion.

The Required Understanding of the Entity and Its Environment, Including the Entity's

Internal Control

The Entity and Its Environment

The auditor shall obtain an understanding of the following:
a) Relevant industry, regulatory, and other external factors including the applicable
financial reporting framework.
b) The nature of the entity, including:
i. its operations;
ii. 0 its ownership and governance structures;
iii. the types of investments that the entity is making and plans to make,
including investments in special-purpose entities; and
iv. The way that the entity is structured and how it is financed, to enable the
auditor to understand the classes of transactions, account balances, and

67
 disclosures to be expected in the financial statements.
c) The entity's selection and application of accounting policies, including the reasons for
changes thereto. The auditor shall evaluate whether the entity's accounting policies are
appropriate for its business and consistent with the applicable financial reporting
framework and accounting policies used in the-relevant industry.
d) The entity's objectives and strategies, and those related business risks that may result in
risks of material misstatement.
e) The measurement and review of the entity's financial performance.

The Entity's Internal Control

The auditor shall obtain an understanding of internal control relevant to the audit. Although
most controls relevant to the audit are likely to relate to financial reporting, not all controls
that relate to financial reporting are relevant to the audit. It is a matter of the auditor's
professional judgment whether a control, individually or in combination with others, is
relevant to the audit.

Nature and Extent of the Understanding of Relevant Controls

When obtaining an understanding of controls that are relevant to the audit, the auditor shall
evaluate the design of those controls and determine whether they have been implemented, by
performing procedures in addition to inquiry of the entity's personnel.

Components of Internal Control

Control environment
The auditor shall obtain an understanding of the control environment. As part of obtaining this
understanding, the auditor shall evaluate whether:
a. Management, with the oversight of those charged with governance, has created and
maintained a culture of honesty and ethical behavior; and
b. The strengths in the control environment elements collectively provide an appropriate
foundation for the other components of internal control, and whether those other
components are not undermined by deficiencies in the control environment.

The entity's risk assessment process

The auditor shall obtain an understanding of whether the entity has a process for:
a) Identifying business risks relevant to financial reporting objectives;
b) Estimating the significance of the risks;
c) Assessing the likelihood of their occurrence; and
d) Deciding about actions to address those risks

If the entity has established such a process (referred to hereafter as the "entity's risk
assessment process"), the auditor shall obtain an understanding of it, and the results thereof. If
the auditor identifies risks of material misstatement that management failed to identify, the
auditor shall evaluate whether there was an underlying risk of a kind that the auditor expects
would have been identified by the entity's risk assessment process. If there is such a risk, the
auditor shall obtain an understanding of why that process failed to identify it, and evaluate
whether the process is .appropriate to its circumstances or determine if there is a significant
deficiency in internal control with regard to the entity's risk assessment process ......... „

68
If the entity has not established such a process or has an ad hoc process, the auditor shall
discuss with management whether business risks relevant to financial reporting objectives
have been identified and how they have been addressed. The auditor shall evaluate whether
the absence of a documented risk assessment process is appropriate in the circumstances, or
determine whether it represents a significant deficiency in internal control.

AUDITING

The information system, including the related business processes, relevant to financial
reporting, and communication
The auditor shall obtain an understanding of the information system, including the related
business processes, relevant to financial reporting, including the following areas:
a. The classes of transactions in the entity's operations that are significant to the financial
• statements;

b. The procedures, within both information technology (IT) and manual systems, by
which those transactions are initiated, recorded, processed, corrected as necessary,
transferred to the general ledger and reported in the financial statements;
c. The related accounting records, supporting information and specific accounts in the
financial statements that are used to initiate, record, process and report transactions;
this includes the correction of incorrect information and how information is transferred
to the general ledger. The records may be in either manual or electronic form;
d. How the information system captures events and conditions, other than transactions,
that are significant to the financial statements;
e. The financial reporting process used to prepare the entity's financial statements,
including significant accounting estimates and disclosures; and
f. Controls surrounding journal entries, including non-standard journal entries used to
record non-recurring, unusual transactions or adjustments.
 The auditor shall obtain an understanding of how the entity communicates financial
reporting roles and responsibilities and significant matters relating to financial reporting,
including:
a) Communications between management and those charged with governance; and
b) External communications, such as those with regulatory authorities.

Control activities relevant to the audit

- The auditor shall obtain an understanding of control activities relevant to the audit,
being those the auditor judges it necessary to understand in order to assess the risks of
material misstatement at the assertion level and design further audit procedures
responsive to assessed risks. An audit does not require an understanding of all the
control activities related to each significant class of transactions, account balance, and
disclosure in the financial statements or to every assertion relevant to them.
- In understanding the entity's control activities, the auditor shall obtain an
understanding of how the entity has responded to risks arising from IT.

69
Monitoring of controls
- The auditor shall obtain an understanding of the major activities that the entity uses to
monitor internal control relevant to financial reporting, including those related to those
control activities relevant to the audit, and how the entity initiates remedial actions to
deficiencies in its controls.
- If the entity has an internal audit function the auditor shall obtain an understanding of
the nature of the internal audit function's responsibilities, its organizational status, and
the activities performed, or to be performed.
- The auditor shall obtain an understanding of the sources of the information used in the
entity's monitoring activities, and the basis upon which management considers the
information to be sufficiently reliable for the purpose.

Identifying and Assessing the Risks of Material Misstatement

- The auditor shall identify and assess the risks of material misstatement at:
a. the financial statement level; and
b. the assertion level for classes of transactions, account balances, and disclosures,
to provide a basis for designing and performing further audit procedures.

- For this purpose, the auditor shall:

a. Identify risks throughout the process of obtaining an understanding of the entity and
its environment, including relevant controls that relate to the risks, and by
considering the classes of transactions, account balances, and disclosures in the
financial statements;
b. Assess the identified risks, and evaluate whether they relate more pervasively to the
financial statements as a whole and potentially affect many assertions;
c. Relate the identified risks to what can go wrong at the assertion level, taking account
of relevant controls that the auditor intends to test; and
d. Consider the likelihood of misstatement, including the possibility of multiple
misstatements, and whether the potential misstatement is of a magnitude that could
result in a material misstatement.

Risk's that Require Special Audit Consideration

As part of the risk assessment, the auditor shall determine whether any of the risks identified
are, in the auditor's judgment, a significant risk. In exercising this judgment, the auditor shall
exclude the effects of identified controls related to the risk.
In exercising judgment as to -which risks are significant risks, the auditor shall consider at
leak the following:
a. Whether the risk is a risk of fraud;
b. Whether the risk is related to recent significant economic, accounting or other
developments and, therefore, requires specific attention;
c. The complexity of transactions;
d. Whether the risk involves significant transactions with related parties;
e. The degree of subjectivity in the measurement of financial information related to
the risk, especially those measurements involving a wide range of measurement
uncertainty; and

70
 f. Whether the risk involves significant transactions that are outside the normal
course of business for the entity, or that otherwise appear to be unusual.

If the auditor has determined that a significant risk exists, the auditor shall obtain an
understanding of the entity's controls, including control activities, relevant to that risk.

Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate
Audit Evidence
In respect of some risks the auditor may judge that it is not possible or practicable to obtain,
sufficient appropriate audit evidence only from substantive procedures. Such risks may relate
to the inaccurate or incomplete recording of routine and significant classes of transactions or
account balances, the characteristics of which often permit highly automated processing with
little or no manual intervention. In such cases, the entity's controls over such risks are relevant
to the audit and the auditor shall obtain an understanding of them.

Revision of Risk Assessment

The auditor's assessment of the risks of material misstatement at the assertion .level may
change during the course of the audit as additional audit evidence is obtained. In
circumstances where the auditor obtains audit evidence from performing further audit
procedures, or if new information is obtained, either of which is inconsistent with the audit
evidence on which the auditor originally based the assessment, the auditor shall revise the
assessment and modify the further planned audit procedures accordingly.
Documentation
The auditor shall include in the audit documentation:
a) The discussion among the engagement team and the significant decisions reached:
b) Key elements of the understanding obtained regarding each of .the aspects of the
entity and its environment specified in and of each of the internal control
components; the sources of information from which the understanding was
obtained; and the risk assessment procedures performed;
c) The identified and assessed risks of material misstatement at the financial statement
level and at the assertion level and
d) The risks identified, and related controls about which the auditor has obtained an
understanding

Risk Assessment Procedures and Related Activities

Obtaining an understanding of the entity and its environment, including the entity's internal
control (referred to hereafter as an "understanding of the entity"), is a continuous, dynamic
process of gathering, updating and analyzing information throughout the audit. The
understanding establishes a frame of reference within which the auditor plans the audit and
exercises professional judgment throughout the audit, for example, when:
 Assessing risks of material misstatement of the financial statements;
 Determining materiality in accordance with ISA 320;
 Considering the appropriateness of the selection and application of accounting
policies, and the adequacy of financial statement disclosures;
 Identifying areas where special audit consideration may be necessary, for example,
related party transactions, the appropriateness of management's use of the going

71
 concern assumption, or considering the business purpose of transactions;
 Developing expectations for use when performing analytical procedures;
 Responding to the assessed risks of material misstatement, including designing and
performing further audit procedures to obtain sufficient appropriate audit evidence;
and
 Evaluating the sufficiency and appropriateness of audit evidence obtained, such as the
appropriateness of assumptions and of management's oral and written representations.

Information obtained by performing risk assessment procedures and related activities may be
used by the auditor as audit evidence to support assessments of the risks of material
misstatement. In addition, the auditor may obtain audit evidence about classes of transactions,
account balances, or disclosures, and related assertions, and about the operating effectiveness
of controls, even though such procedures were not specifically planned as substantive
procedures or as tests of controls. The auditor also may choose to perform substantive
procedures or tests of controls concurrently with risk assessment procedures because it is
efficient to do so.
The auditor uses professional judgment to determine the extent of the understanding required.
The auditor's primary consideration is whether the understanding that has been obtained is
sufficient to meet the objective stated in this ISA. The depth of the overall understanding that
is required by the auditor is less than that possessed by management in managing the entity.
The risks to be assessed include both those due to error and those due to fraud, and both are
covered by this ISA.. However, the significance of fraud is such that further requirements and
guidance are included in ISA 240 in relation to risk assessment procedures and related
activities to obtain information that is used to identify the risks of material misstatement due to
fraud.
Although the auditor is required to perform all the risk assessment procedures above in the
course of obtaining the required understanding of the entity, the auditor is not required to
perform all of them for each aspect of that understanding. Other procedures may be performed
where the information to be obtained therefrom may be helpful in identifying risks of material
misstatement.

Examples of such procedures include:

 Reviewing information obtained from external sources such as trade and economic
journals; reports_ by analysts, banks, or rating agencies; or regulatory or financial
publications.
 Making inquiries of the entity's external legal counsel or of valuation experts that the
entity has used.

Inquiries of Management, the Internal Audit Function and Others within the Entity
Much of the information obtained by the auditor's inquiries is obtained from management and
those responsible for financial reporting. Information may also be obtained by the auditor
through inquiries with the internal audit function,- f the entity has such a function and others
within the entity.
The auditor may also obtain information, or a different perspective in .identifying risks of
material misstatement, through inquiries of others within the entity and other employee's with
different levels of authority.

72
For example:
 Inquiries directed towards those charged with governance may help the auditor
understand the environment in which the financial statements are prepared. ISA 260
identifies the importance of effective two-way communication in assisting the auditor
to obtain information from those charged with governance in this regard.

 Inquiries of employees involved in initiating, processing or recording complex or

unusual transactions may help the auditor to evaluate the appropriateness of the
selection and application of certain accounting policies.
 Inquiries directed toward in-house legal counsel may provide information about such
matters as litigation, compliance with laws and regulations, knowledge of fraud or
suspected fraud affecting the entity, warranties, post-sales obligations, arrangements
(such as joint ventures) with business partners and the meaning of contract terms.
 Inquiries, directed towards marketing or sales personnel may provide information about
changes in the entity's marketing strategies, sales trends; or contractual arrangements
with its customers.
 Inquiries directed to the risk management function (or those performing such roles)
may provide information about operational and regulatory risks that may affect
financial reporting.
 Inquiries directed to information systems personnel may provide information about
system changes, system or control failures, or other information system-related risks.

As obtaining an understanding of the entity and its environment is a continual, dynamic

process, the auditor's inquiries may occur throughout the audit engagement.

Inquiries of the Internal Audit Function

If an entity has an internal audit function, inquiries of the appropriate individuals within the
function may provide information that is useful to the auditor in obtaining an understanding of
the entity and its environment, and in identifying and assessing risks of material misstatement
at the financial statement and assertion levels. In performing its work, the internal audit
function is likely to have obtained insight into the entity's operations and business risks, and
may have findings based on its work, such as identified control deficiencies or risks, that may
provide valuable input into the auditor's understanding of the entity, the auditor's risk
assessments or other aspects of the audit. The auditor's inquiries are therefore made whether or
not the auditor expects to use the work of the internal audit function to modify the nature or
timing, or reduce the extent, of audit procedures to be performed.
Inquiries of particular relevance may be about matters the internal audit function has raised
with those charged with governance and the outcomes of the function's own risk assessment
process. if, based on responses to the auditor's inquiries, it appears that there are findings that
may be relevant to the entity's financial reporting and the audit, the auditor may consider it
appropriate to read related reports of the internal audit function. Examples of reports of the
internal audit function that may be relevant include the function's strategy and planning
documents and reports that have been prepared for management or those charged with
governance describing the findings of the internal audit function's examinations.
In addition, in accordance with ISA 240, if the internal audit functions provides information to
the auditor regarding any actual, suspected or alleged fraud, the auditor-takes this into account

73
in the auditor's identification of risk of material misstatement due to fraud.
Appropriate individuals within the internal audit function with whom inquiries are made are
those who, in the auditor's judgment, have the appropriate knowledge, experience and
authority, such as the chief internal audit executive or, depending on the circumstances, other
personnel within the function. The auditor may also consider it appropriate to have periodic
meetings with these individuals.

Analytical Procedures
Analytical procedures performed as risk assessment procedures may identify aspects of the
entity of which the auditor was unaware and may assist in assessing the risks of material
misstatement in order to provide a basis for designing and implementing responses to the
assessed risks. Analytical procedures performed as risk assessment procedures may include
both financial and non-financial information, for example, the relationship between sales and
square footage of selling space or volume of goods sold.

Analytical procedures may help identify the existence of unusual transactions or events, and
amounts, ratios, and trends that might indicate matters that have audit implications. Unusual or
unexpected relationships that are identified may assist the auditor in identifying risks of
material misstatement, especially risks of material misstatement due to fraud.
However, when such analytical procedures use data aggregated at a high level (which may be
the situation with analytical procedures performed as risk assessment procedures), the results
of those analytical procedures only provide a broad initial indication about whether a material
misstatement may exist. Accordingly, in such cases, consideration of other information that
has been gathered when identifying the risks of material misstatement together with the results
of such analytical procedures may assist the auditor in understanding and evaluating the
results of the analytical procedures.

Observation and Inspection

Observation and inspection may support inquiries of management and others, and may also
provide information about the entity and its environment. Examples of such audit procedures
include observation or inspection of the following:
• The entity's operations.
• Documents (such as business plans and strategies), records, and internal control
manuals.
• Reports prepared by management (such as quarterly management reports and interim
financial statements) and those charged with governance (such as minutes of board of
directors' meetings).
• The entity's premises and plant facilities.

Information Obtained in Prior Periods

The auditor's previous experience with the entity and audit procedures performed in previous
audits may provide the auditor with information about such matters as:
 Past-misstatements and whether they were corrected on a timely basis.
 The nature of the entity and its environment, and the entity's internal control (including
deficiencies in internal control)..
 - Significant changes that the entity or its operations may have undergone since the prior

74
 financial period, which may assist the auditor in gaining a sufficient understanding of
the entity to identify and assess risks of material misstatement.

The auditor is required to determine whether information obtained in prior periods remains
relevant, if the auditor intends to use that information for the purposes of the current audit.
This is because changes in the control environment, for example, may affect the relevance of
information obtained in the prior year. To determine whether changes have occurred that may
affect the relevance of such information; the auditor may make inquiries and perform other
appropriate audit procedures, such as walk-troughs of relevant systems.

Industry; Regulatory and Other External Factors

Industry Factors
Relevant industry factors include industry conditions such as the competitive environment,
supplier and customer relationships, and technological developments. Examples of matters the
auditor may consider include:
 The market and competition, including demand, capacity, and price competition.
 Cyclical or seasonal activity.
 Product technology relating to the entity's products.
 Energy supply and cost.

The industry in which the entity operates may give rise to specific risks of material
misstatement arising from the nature of the business or the degree of regulation. For example,
long-term contracts may involve significant estimates of revenues and expenses that give rise
to risks of material misstatement. In such cases, it is important-that the engagement team
include members with sufficient relevant knowledge and experience.

Regulatory Factors
Relevant regulatory factors include the regulatory environment. The regulatory environment
encompasses, among other matters, the applicable financial reporting framework and the legal
and political environment.

Examples of matters the auditor may consider include:

 Accounting principles and industry-specific practices. A Regulatory framework for a
regulated industry.
 Legislation and regulation that significantly affect the entity's operations, including direct
supervisory activities.
 Taxation (corporate and other).
 Government policies currently affecting the conduct of the entity's business, such as
monetary, including foreign exchange controls, fiscal, financial incentives (for example,
government aid programs), and tariffs or trade restrictions policies.

ENGAGEMENT RISK

Engagement risk—this is the risk that the practitioner expresses an inappropriate conclusion
when the subject matter information is materially misstated.
- Engagement risk does not refer to or include the practitioner's business risks such as

75
loss from litigation, adverse publicity, or other events arising in connection with subject
matter information reported on.
In general, engagement risk can be represented by the following components, although not all
of these components will necessarily be present or significant for all assurance engagements:
(a) Risks that the practitioner does not directly influence, which may consist of:
i. The susceptibility of the subject matter information to a material misstatement
before consideration of any related controls (inherent risk); and
ii. The risk that a material misstatement that occurs in the subject matter
information will not be prevented, or detected and corrected, on a timely basis
by the appropriate party(ies)'s internal control (control risk); and

(b) Risks that the practitioner does directly influence, which may consist of:
i. The risk that the procedures performed by the practitioner will not detect a
material misstatement (detection risk); and
ii. In the case of a direct engagement, the risks associated with the practitioner's
measurement or evaluation of the underlying subject matter against the
applicable criteria.

The degree to which each of these components is relevant to the engagement is affected by the
engagement circumstances;, in particular:
i. The nature of the underlying subject matter and the subject matter information.
For example, the concept of control risk may be more useful when the underlying
subject matter relates to the preparation of information about an entity's
performance than when it relates to information about the effectiveness of a
controls or the existence of a physical condition.
ii. Whether a reasonable assurance or a limited assurance engagement is being
performed. For example, in limited assurance attestation engagements the
practitioner may often decide to obtain evidence by means other than tests of
controls, in which case consideration of control risk may be less relevant than in a
reasonable assurance attestation engagement on the same subject matter
information.
iii. Whether it is a direct engagement or an attestation engagement. While the concept
of control risk is relevant to attestation engagements, the broader concept of
measurement or evaluation risk is relevant to direct engagements.
iv. The consideration of risks is a matter of professional judgment, rather than a
matter capable of precise measurement.

Reducing engagement risk to zero is very rarely attainable or cost beneficial and, therefore,
reasonable assurance is less than absolute assurance, as a result of factors such as the
following:
• The use of selective testing.

• The inherent limitations of internal control.

• The fact that much of the evidence available to the practitioner is persuasive rather
than conclusive.
• The use of professional judgment in gathering and evaluating evidence and forming
conclusions based on that evidence.
• In some cases, the characteristics of the underlying subject matter when evaluated b

76
 measured against the applicable criteria.

Significant Risks

Identifying Significant Risks

 Significant risks often relate to significant non-routine transactions or judgmental
matters. Non-routine transactions are transactions that are unusual, due to either size or
nature, and that therefore occur infrequently.
 Judgmental matters may include the development of accounting estimates for which
there is significant measurement uncertainty. Routine, noncomplex transactions that are
subject to systematic processing are less likely to give rise to significant risks.
 Risks of material misstatement may be greater for significant non-routine transactions
arising from matters such as the following:
 Greater management intervention to specify the accounting treatment.
 Greater manual intervention for data collection and processing.
 Complex calculations or accounting principles.
 The nature of non-routine transactions, which may make it difficult for the
entity to implement effective controls over the risks.
 Risks of material misstatement may be greater for significant judgmental matters that
require the development of accounting estimates, arising from matters such as the
following:
 Accounting principles for accounting estimates or revenue recognition
may be subject to differing interpretation.
 Required judgment may be subjective or complex, or require assumptions
about the effects of future events, for example, judgment about fair value.
 ISA 330 describes the consequences for further audit procedures of identifying a risk as
significant.
 Significant risks relating to the risks of material misstatement due to fraud
 ISA 240 provides further requirements and guidance in relation to the identification and
assessment of the risks of material misstatement due to fraud.

Understanding Controls Related to Significant Risks

Although risks relating to significant non-routine or judgmental matters are often less likely to
be subject to routine controls,' management may have other responses intended to deal with-
such risks. Accordingly, the auditor's understanding of whether the entity has designed and
implemented controls for significant risks arising from non-routine or judgmental matters
includes whether and how management responds to the risks. Such responses might in chide:
 Control activities such as a review of assumptions by senior management or experts.

 Documented processes for estimations.

 Approval by those charged with governance.

For example, where there are one-off events such as the receipt of notice of a significant
lawsuit, consideration of the entity's response may include such matters as whether it has been

77
referred to appropriate experts (such as internal or external legal counsel), whether an
assessment has been made of the potential effect, and how it is proposed that the
circumstances are to be disclosed in the financial statements.
In some cases, management may not have appropriately responded to significant risks of
material misstatement by implementing controls over these significant risks. Failure by
Management to implement such controls is an indicator of a significant deficiency in internal
control.

Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate
Audit Evidence
Risks of material misstatement may relate directly to the recording of routine classes of
transactions or account balances, and the preparation of reliable financial statements_ Such
risks may include risks of inaccurate or incomplete processing for routine and significant
classes of transactions such as an entity's revenue, purchases, and cash receipts or cash
payments.
Where such routine business transactions are subject to highly automated processing with little
or no manual intervention, it may not be possible to perform only substantive procedures in
relation to the risk. For example, the auditor may consider this to be the case in circumstances
where a significant amount of an entity's information is initiated, recorded, processed, or
reported only in electronic form such as in an integrated system. In such cases:
 Audit evidence may be available only in electronic form, and its sufficiency and
appropriateness usually depend on the effectiveness of controls over its accuracy and
completeness.
 The potential for improper initiation or alteration of information to occur and not be
detected may be greater if appropriate controls are not operating effectively.

Revision of Risk Assessment

During the audit, information may come to the auditor's attention that differs significantly
from the information on which the risk assessment was based. For example, the risk
assessment may be based on an expectation that certain controls are operating effectively. In
performing tests of those controls, the auditor may obtain audit evidence that they were not
operating effectively at relevant times during the audit.
Similarly, in performing substantive procedures the auditor may detect misstatements in
amounts or frequency greater than is consistent with the auditor's risk assessments. In such
circumstances, the risk assessment may not appropriately reflect the true circumstances of the
entity and the further planned audit procedures may not be effective in detecting material
misstatements.

Documentation
The manner in which the requirements are documented is for the auditor to determine using
professional judgment. For example, in audits of small entities the documentation may be
incorporated in the auditor's documentation of the overall strategy and audit plan.
Similarly, for example, the results of the risk assessment may be documented separately, or
may be documented as part of the auditor's documentation of further procedures.
For example, where there are one-off events such as the receipt of notice of a significant
lawsuit, consideration of the entity's response may include such matters as whether it has been

78
referred to appropriate experts (such as internal or external legal counsel), whether an
assessment has been made of the potential effect, and how it is proposed that the
circumstances are to be disclosed in the financial statements.
In some cases, management may not have appropriately responded to significant risks of
material misstatement by implementing controls over these significant risks. Failure by
Management to implement such controls is an indicator of a significant deficiency in internal
control.

Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate
Audit Evidence
Risks of material misstatement may relate directly to the recording of routine classes of
transactions or account balances, and the preparation of reliable financial statements. Such
risks may include risks of inaccurate or incomplete processing for routine and significant
classes of transactions such as an entity's revenue, purchases, and cash receipts or cash
payments.
Where such routine business transactions are subject to highly automated processing with little
or no manual intervention, it may not be possible to perform only substantive procedures in
relation to the risk. For example, the auditor may consider this to be the case in circumstances
where a significant amount of an entity's information is initiated, recorded, processed, or
reported only in electronic form such as in an integrated system. In such cases:
 Audit evidence may be available only in electronic form, and its sufficiency and
appropriateness usually depend on the effectiveness of controls over its accuracy and
completeness.
 The potential for improper initiation or alteration of information to occur and not be
detected may be greater if appropriate controls are not operating effectively.

Revision of Risk Assessment

During the audit, information may come to the auditor's attention that differs significantly
from the information on which the risk assessment was based. For example, the risk
assessment may be based on an expectation that certain controls are operating effectively. In
performing tests of those controls, the auditor may obtain audit evidence that they were not
operating effectively at relevant times during the audit.
Similarly, in performing substantive procedures the auditor may detect misstatements in
amounts or frequency greater than is consistent with the auditor's risk assessments. In such
circumstances, the risk assessment may not appropriately reflect the true circumstances of the
entity and the further planned audit procedures may not be effective in detecting material
misstatements.

Documentation
The manner in which the requirements are documented is for the auditor to determine using
professional judgment. For example, in audits of small entities the documentation may be
incorporated in the auditor's documentation of the overall strategy and audit plan.
Similarly, for example, the results of the risk assessment may be documented separately, or
may be documented as part of the auditor's documentation of further procedures.
The form and extent of the documentation is influenced by the nature, size and complexity of
the entity and its internal control, availability of information from the entity and the audit
methodology and technology used in the course of the audit.

79
For entities that have uncomplicated businesses and processes relevant to financial reporting,
the documentation may be simple in form and relatively brief. It is not necessary to document
the entirety 01 the auditor's understanding of the entity and matters related to it. Key elements
of understanding documented by the auditor include those on which the auditor based the
assessment of the risks of material misstatement.
The extent of documentation may also reflect the experience and capabilities of the members
of the audit engagement team. Provided the requirements of ISA 230 are always met, an audit
undertaken by an .engagement team comprising less experienced individuals may require
more detailed documentation to assist them to obtain an appropriate understanding of the
entity than one that includes experienced individuals.
For recurring audits, certain documentation may be carried forward,- updated as necessary to
reflect changes in the entity's business or processes.

Control Environment

The control environment encompasses the following elements:

(a) Communication and enforcement of integrity and ethical values.
The effectiveness of controls cannot rise above the integrity and ethical values of the people
who create, administer, and monitor them.
Integrity and ethical behaviors is the product of the entity's ethical and behavioral standards,
how they are communicated, and how they are reinforced in practice.
The enforcement of integrity and ethical values -includes, for example, management actions to
eliminate or mitigate incentives or temptations that might prompt personnel to engage in
dishonest, illegal, or unethical acts. The communication of entity policies on -integrity and
ethical values may include the communication of behavioral standards to personnel through
policy statements and codes of conduct and by example. .
(b) Commitment to competence. Competence is the knowledge-- and skills necessary to
accomplish tasks that define the individual's job.
(c) Participation by those charged with governance. An entity's control consciousness
is influenced significantly by those charged with governance. The importance of the
responsibilities of those charged with governance is recognized in codes of practice and other
laws and regulations or guidance produced for the benefit of those charged with governance.
Other responsibilities of those charged with governance include oversight of the design and
effective operation of whistle blower procedures and the process for reviewing the
effectiveness of the entity's internal control.

(d) Management's philosophy and operating style. Management's philosophy and

operating style encompass a broad range of characteristics. For example, management's
attitudes and actions toward financial reporting may manifest themselves through conservative
or aggressive selection from available alternative accounting principles, or conscientiousness
and conservatism with which accounting estimates are developed.
(e) Organizational structure. Establishing a relevant organizational structure includes
considering key areas of authority and responsibility and appropriate lines of reporting. The
appropriateness of an entity's organizational structure depends, in part, on its size and the
nature of its activities.
(f) Assignment of authority and responsibility. The assignment of authority and

80
responsibility may include policies relating to appropriate .business practices, knowledge and
experience of key personnel, and resources provided for carrying out duties. In addition, it
may include policies and communications directed at ensuring that all personnel understand
the entity's objectives, know how their individual actions interrelate and contribute to those
objectives, and recognize how and for what they will be held accountable.
(g) Human resource policies and practices. Human resource policies and practices often
demonstrate important matters in relation to the control consciousness of an entity. For
example, standards for recruiting the most qualified individuals — with emphasis on
educational background, prior work experience, past accomplishments, and evidence of
integrity and ethical behavior — demonstrate an entity's commitment to competent and
trustworthy people. Training policies that communicate prospective roles and responsibilities
and include practices such as training schools and seminars illustrate expected levels of
performance and behavior.
Promotions driven by periodic performance appraisals demonstrate the entity's commitment to
the advancement of qualified personnel to higher levels of responsibility.

Entity's Risk Assessment Process

For financial reporting purposes, the entity's risk assessment process includes how
management identifies business risks relevant to the preparation of financial statements in
accordance with the entity's applicable financial reporting framework, estimates their
significance, assesses the likelihood of their occurrence, and decides upon actions to respond
to and manage them and the results thereof. For example, the entity's risk assessment process
may address how the entity considers the possibility of unrecorded transactions or identifies
and analyzes significant estimates recorded in the financial statements.
Risks relevant to reliable financial reporting include external and internal events, transactions
or circumstances that may occur and adversely affect an entity's ability to initiate, record,
process, and report financial data consistent with the assertions of management in the financial
statements.
Management may initiate plans, programs, or actions to address specific risks or it may decide
to accept a risk because of cost or other considerations. Risks can arise or change due to
circumstances such as the following:
 Changes in operating environment. Changes in the regulatory or operating
environment can result in changes in competitive pressures and significantly different
risks.

 New personnel. New personnel may have a different focus on or understanding of

internal control.
 New or revamped information systems. Significant and rapid changes in information
systems can change the risk relating to internal control.
 Rapid growth. Significant and rapid expansion of operations can strain controls and
increase the risk of a breakdown in controls.
 New technology. Incorporating new technologies into production processes or
information systems may change the risk associated with internal control.
 New business models, products, or activities. Entering into business areas or
transactions with which an entity has little experience may introduce new risks
associated with internal control.

81
  Corporate restructurings. Restructurings may be accompanied by staff reductions
and changes in supervision and segregation of duties that may change the risk
associated with internal control.
 Expanded foreign operations. The expansion or acquisition of foreign operations
carries new and often unique risks that may affect internal control, for example,
additional or changed risks .from .foreign currency transactions.
 New accounting pronouncements. Adoption of new accounting 'principles or
changing accounting ,principles may affect risks in preparing financial statements.

Information System, Including the Related Business Processes, Relevant to Financial

Reporting, and Communication
An information system consists of infrastructure (physical and hardware components),
software, people, procedures, and' data. Many information systems make extensive use of
information technology (IT).
The information system relevant to financial reporting objectives, which includes the financial
reporting system, encompasses methods and records that:
 Identify and record all valid transactions.-:
 Describe on a timely basis the transactions in sufficient detail to permit proper
classification of transactions for financial reporting.
 Measure the value of transactions in a manner that permits recording their proper
monetary value in the financial statements.
 Determine the time period in which transactions occurred to permit recording of
transactions in the proper- accounting period.
 Present properly the transactions and related disclosures in the financial statements.

The quality of system-generated information affects management's ability to make appropriate

decisions in managing and controlling the entity's activities and to prepare reliable financial
reports_
Communication, which involves providing an understanding of individual roles and
responsibilities pertaining to internal control over final-Ida] reporting, play takes such forms
'as policy manuals, accounting and financial reporting manuals, and memoranda.
Communication also can be made electronically, orally, and through the actions of
management.

Control Activities
Generally, control activities that may be relevant to an audit may be categorized as policies
and procedures that pertain to the following:
 Performance reviews. These control activities include reviews and analyses of actual
performance versus budgets, forecasts, and prior period performance; relating different
sets of data — operating or financial — to one another, together with analyses of the
relationships and investigative --and corrective actions; comparing internal data with
external sources of information; and review of functional or activity performance.
 Information processing. The two broad groupings of information systems control
activities are application controls, which apply to the processing of individual
applications, and general IT controls, which are policies and procedures that relate to
many applications and support the effective functioning of application controls by

82
 helping to ensure the continued proper operation of information systems.
 Examples of application controls include checking the arithmetical - accuracy of,
records, maintaining and reviewing accounts and trial balances, automated controls
such as edit checks of input data and numerical sequence checks, and manual follow-up
of exception reports. Examples of general IT controls are program change controls,
controls that restrict access to programs or data, controls over the implementation of
new releases of packaged software applications, and controls over system software that
restrict access to or monitor the use of system utilities that could change financial data
or records without leaving an audit trail.
 Physical controls. Controls that encompass:
- The physical security of assets, including adequate safeguards such as secured
facilities over access to assets and records.
- The authorization for access to computer programs and data files.
- The periodic counting and comparison with amounts shown on control records
(for example, comparing the results of cash, security and inventory counts with
accounting records). The extent to which physical controls intended to prevent
theft of assets are relevant to the reliability of financial statement preparation, and
therefore the audit, depends on circumstances such as when assets are highly
susceptible to misappropriation.
 Segregation of duties. Assigning different people the responsibilities of authorizing
transactions, recording transactions, and maintaining custody of assets. Segregation of
duties is intended to reduce the opportunities to allow any person to be in a position to
both perpetrate and conceal errors or fraud in the normal course of the person's duties.
- Certain control activities may depend on the existence of appropriate higher level
policies established by management or those charged with governance.
- For example, authorization controls may be delegated under established guidelines,
such as investment criteria set by those charged with governance; alternatively, non-
routine transactions such as major acquisitions or divestments may require specific high
level approval, including in some cases that of shareholders.

Monitoring of Controls
An important management responsibility is to establish and maintain internal control on an
ongoing basis. .Management's monitoring of controls includes considering whether they are
operating as intended and that they are modified as appropriate for changes in conditions.
Monitoring of controls may include activities such as management's review of whether bank
reconciliations are being prepared on a timely basis, internal auditors' evaluation of sales
personnel's compliance with the entity's policies on terms of sales contracts, and a legal
department's oversight of compliance with the entity's ethical or business practice policies.
Monitoring is done also to ensure that controls continue to operate effectively over time.
For example, if the timeliness and accuracy of bank reconciliations are not monitored,
personnel are likely to stop preparing them.
Internal auditors or personnel performing similar functions may contribute to the monitoring
of an entity's controls through separate evaluations.
Ordinarily, they regularly provide information about the functioning of internal control,
focusing considerable attention on evaluating the effectiveness of internal control, and
communicate information about strengths and deficiencies in internal control and

83
recommendations for improving internal control.
Monitoring activities may include using information from communications from external
parties that may indicate problems or highlight areas in need of improvement. Customers
implicitly corroborate billing data by paying their invoices or complaining about their charges.
In addition, regulators may communicate with the entity concerning matters that affect the
functioning of internal. Control for example, communications concerning examinations by
bank regulatory agencies. Also, management may consider communications relating to
internal control from external auditors in performing monitoring activities.

PLANNING AN AUDIT

International Standard on Auditing (ISA) 300, Planning an Audit of Financial

Statements Introduction
ISA 300 requires the auditor to plan the audit so that the engagement is performed in an
effective manner. Planning also helps the firm perform the engagement efficiently. Planning
involves establishing and documenting the overall audit strategy for the engagement and
developing and documenting an audit plan, in order to reduce audit risk to an acceptably low
level.
Effective audit planning ensures:
- That appropriate attention is devoted to key audit areas and significant risks.
- That potential problem are identified and resolved on a timely basis.
- That the engagement is properly organised and managed in order to be performed in an
effective and efficient manner.
- Proper assignment of work to the engagement team and also makes the engagement
team aware of their responsibilities.
- Proper direction and supervision of the engagement team and review of their work, and
assists, where applicable, in the coordination of work done by the auditors of
components and experts.

Planning is not a discrete .phase of an audit, but a continual process that often begins shortly
after the completion of the previous audit and continues until the completion of the current
audit engagement. Planning should in any case start before then accounting year-end to take -
into account year end procedures which need to be carried out e.g. attendance at the annual
inventory count or circularisation of receivables. The nature and extent of planning will vary'
according to the size and complexity of the entity, previous experience with the entity and
changes in circumstances that occur during the engagement.

Initial engagements
In case of initial engagements, while the planning elements remain the same as for recurring
engagements, the auditor may need to expand the planning activities as the auditor does not
necessarily have the previous experience with the entity that is considered when planning
recurring engagements.
Additional matters that may be considered in planning initial engagements include:
- Where possible and where not prohibited by law, consider arrangements with the
previous auditor to review the working papers.

84
 - Review any major issues, including the application of accounting principles or auditing
and reporting, standards, discussed with management or those charged with governance
in connection with the initial selection_ as auditors, and how these affect the audit
strategy and audit plan.
- Obtaining sufficient appropriate audit evidence regarding opening balances.
- Involvement of another partner or a senior individual to review the overall audit
strategy prior to commencing significant audit procedures or to review reports prior to
their issuance.

Once the overall audit strategy has been established the auditor can commence the
development of a more detailed audit plan to address the various matters identified in the
strategy. Although the auditor establishes the overall audit strategy before developing the audit
plan, the two activities are not necessarily sequential processes but closely inter-related since
changes in one may result in changes to the other.
In case of audits of smaller entities where the audit is conducted by a very small audit team,
the development of an audit strategy need not be a complex process and a brief memorandum
prepared at the completion of the previous audit, based on a review of the working papers and
highlighting the issues identified, updated and changed in the current period based on
discussions with the management, can serve as the basis for planning the current audit
engagement.

The Role and Timing of Planning

Planning an audit involves establishing the overall audit strategy for the engagement and
developing an audit plan. Adequate planning benefits the audit of financial statements in
several ways, including the following:
 Helping the auditor to devote appropriate attention to important areas of the audit.
 Helping the auditor identify and resolve potential problems on a timely basis.
 Helping the auditor properly organize and manage the audit engagement so that it is
performed in an effective and efficient manner.

 Assisting in the selection of engagement team members with appropriate levels of

capabilities and competence to respond to anticipated risks, and the proper assignment
of work to them.
 Facilitating the direction and supervision of engagement team members and the review
of their work.
 Assisting, where applicable, in coordination of work done by auditors of components
and experts the objective of the auditor is to plan the audit so that it will be performed in
an effective manner.

Time Budgeting
Time budgets are an essential tool for monitoring the progress of an engagement, in
determining actual performance against the budget and to assist in future planning of audits.
The aim of preparing budgets is:
- To aid in planning, so that the engagement team may use their time efficiently.
- To monitor the actual costs of the engagement.
- To estimate and negotiate the fees.

85
When preparing budgets, the following factors should be considered:
- The level of detail i.e. whether the budget is to be broken down into individual audit
areas or prepared for the assignment as a whole.
- The time to be spent in planning, review and completion procedures.
- Any additions in the scope of the engagement.
- Contingency factors such as future staff salary increases.
- A. comparison of last years' time spent with this year's budget. Any significant
differences should be explained.

When conducting the audit, the engagement team should aim to keep within the budget in so
far as is possible, but should never compromise the standard of his audit work, to keep within
budget. If it appears that there will be significant discrepancies between the budgeted time and
the actual time, the senior / manager should inform the manager/ partner as soon as possible,
particularly where additional time arises due to the client's shortcomings.
Time summaries should be prepared for all engagements and the total time spent should be
compared with the budgeted time and reasons given for significant variances. A record should
be kept of work which the engagement team has had to complete as a result of client
shortcomings, as a basis for additional charges if necessary.

Requirements

Involvement of Key Engagement Team Members

- The engagement partner and other key members of the engagement team shall be
involved in planning the audit, including planning and participating in the discussion
among engagement team members.
- The involvement of the engagement partner and other key members of the engagement
team in planning the audit draws on their experience and insight, thereby enhancing the
effectiveness and efficiency of the planning process

Preliminary Engagement Activities,

The auditor shall undertake the following activities at the beginning of the current audit
engagement:
a. Performing procedures required by ISA 220 regarding the continuance of the client
relationship and the specific audit engagement;
b. - Evaluating compliance with relevant ethical requirements, including independence, its
-accordance with ISA 220; and
c. Establishing an understanding of the terms of the engagement, as required by ISA 210.
- Performing the preliminary engagement activities at the beginning of the current
audit engagement assists the auditor in identifying and evaluating events or
circumstances that may adversely affect the auditor's ability to plan and perform the
audit engagement.
- Performing these preliminary engagement activities enables the auditor to plan an
audit engagement for which, for example:
 The auditor maintains the necessary independence and ability to perform the
engagement.
 There are no issues with management integrity that may affect the auditor's

86
 willingness to continue the engagement.
 There is no misunderstanding with the client as.to the terms of the engagement.

The auditor's consideration of client continuance and relevant ethical requirements, including
independence, occurs throughout the audit engagement as conditions and changes in
circumstances occur. Performing initial procedures on both client continuance and evaluation
of relevant ethical requirements (including independence) at the beginning of the current audit
engagement means that they are completed prior to the performance of other significant
activities for the current audit engagement. For continuing audit engagements, such initial
procedures often occur shortly after (or, in connection with) the completion of the previous
audit.

Review of last year's file

The last year's audit file should be reviewed for:
- Points brought forward to be considered during the engagement..
- Any areas where time or cost savings could be made, any unnecessary audit work and
any other ways in which the effectiveness of the audit could be improved.
- Any previously unidentified areas of audit risk.

Planning - Audit Plan

The audit plan includes the nature, timing and extent of the audit procedures to be performed
by the engagement team in order to obtain sufficient appropriate audit evidence to reduce the
audit risk to an acceptably low level. Audit planning is evidenced in two ways by the:
i. Audit plan
ii. Audit programme.

i) The Audit Plan

The audit plan documents the assessment of risk and the response to assessed risk by setting
out the nature, timing and extent of the overall audit procedures to be performed by the
engagement team in order to obtain sufficient appropriate audit evidence to reduce the audit
risk to an acceptably low level. The plan also reflects the auditor's decision on whether to test
the operating effectiveness of controls and the extent of planned substantive procedures.
The audit plan will often be prepared by the manager, although preparation of parts or all of it
may be delegated to the senior. In case of high risk audits the partner may also be involved in
preparing the plan, particularly in the areas of materiality, risk assessment and approach to
assessed risk and sample sizes. The plan together with the tailored audit programmes setting
out the nature, timing and extent of the audit procedures to be adopted during the engagement
should be completed and approved by the partner prior to commencement of the engagement.
In case of a sole proprietorships or small audit firms, the partner may be actively involved in
developing the audit plan and programmes.

ii) Audit Programme

The audit programme documents the nature, timing and extent of audit procedures to be
performed at the assertion level for each material class of transactions, account balance and
disclosure. The programme sets out the nature, timing and extent of the audit procedures
required to implement the overall plan and serves as a set of instructions to the engagement
team and as a means to control and record the proper execution of the audit.

87
The audit programme will often be drafted by the senior and reviewed by the manager and
approved by the engagement partner. However, the extent of the manager's role will depend on
the senior's previous experience and knowledge of the entity in preparing the audit
programme, consideration should be given to the specific assessment of risk and the level of
assurance to be provided by substantive procedures.

The use of unedited programmes does not constitute adequate planning as it could expose the
auditor to risks not covered in detail by the programme or result in the auditor carrying out
unnecessary tests thereby resulting, in inefficiencies.

Planning Activities
The auditor shall establish an overall audit strategy that sets the scope, timing and direction of
the audit, and that guides the development of the audit plan.
In establishing the overall audit strategy, the auditor shall:
a) Identify the characteristics of the engagement that define its scope;
b) h) Ascertain the reporting objectives of the engagement to plan the timing of the audit-
and the nature of the communications required;
c) Consider the factors that, in the auditor's professional judgment, are significant in
directing the engagement team's efforts;
d) Consider the results of preliminary engagement activities and, where applicable,
Whether knowledge gained on other engagements performed by the engagement
partner for the entity is relevant; and
e) Ascertain the nature, timing and extent of resources necessary to perform the
engagement.

THE OVERALL AUDIT STRATEGY

The process of establishing the overall audit strategy assists the auditor to determine, subject
to the completion of the auditor's risk assessment procedures, such matters as:
 The resources to deploy for specific audit areas, such as the use of appropriately
experienced team members for high risk areas or the involvement of experts on complex
matters;
 The amount of resources to allocate to specific audit areas, such as the number of team
members assigned to observe the inventory count at material locations, the extent of
review of other auditors' work in the case of group audits, or the audit budget in hours to
allocate to high risk areas;
 When these resources are to be deployed, such as whether at an interim audit stage O at
key cutoff dates; and
 How such resources are managed, directed and supervised, such as when team briefing
and debriefing meetings are expected to be held, how engagement partner and manager
reviews are expected to take place (for example, on-site or off-site), and whether to
complete engagement quality control reviews.

The development and documentation of the overall audit strategy sets the scope, timing and
direction of the audit, and guides the development of the more detailed audit plan. It also helps
to ascertain the nature, timing and extent of the 'resources necessary to perform the
engagement. In developing the audit strategy, the engagement team may consider the

88
experience gained on other engagements performed for the entity.
The key components of an audit strategy include:
- Review and updating the client background information.
- Location of the components of the entity.
- Financial reporting framework used and industry specific reporting requirements.
- The timing of the audit and reporting deadlines.
- Key dates for communicating with the management and those charges with governance materiality.
- Identification of areas where there may be higher risk of material misstatement.
- Preliminary identification of material components and account balances.
- Preliminary indication of whether the auditor may plan to obtain evidence regarding the
effectiveness of internal controls.
- Identification of recent significant entity-specific, industry, financial reporting or other
developments.
- Initial assessment of the overall resource requirements including the use of experts on
complex matters.
- Initial assessment of resource allocation to specific audit areas, e.g. the allocation of
team members to observe inventory count at material locations, extent of review of the
other auditor's work in the case of group audits.

Discussion with client

Discussions with the client will be an essential aid to developing the audit strategy. The
discussions would usually take place before the accounting year-end. It would be preferable to
have a, pre-audit meeting but in some cases a telephone conversation may be adequate. One of
the primary aims of such discussions is to enable the auditor to update his knowledge of the
client's business. An auditor should have sufficient knowledge of the business to enable him to
identify and understand the events and activities that may have a significant effect on the
financial statements.
Discussions should also aim to:
- Obtain the latest financial information to help in setting materiality levels and in
performing preliminary analytical review work.
- Agree a timetable (including inventory counts and visits) and any specific deadlines.
- Agree schedules requirements and on any other accounting work to be produced by the
client.
- Find out the actions taken on the points raised in last year's management letter.. Agree
settlement of any outstanding fees.
- Identify any specific areas of concern to the client and their impact on the audit scope.

Once the overall audit strategy has been established, an audit plan can be developed to address
the various matters identified in the overall-audit strategy, taking into account the need to
achieve the audit objectives through the efficient use of the auditor's resources.
The establishment of the overall audit strategy and the detailed audit plan are not necessarily
discrete or sequential processes, but are closely inter-related since changes in one may result in
consequential changes to the other.

Changes to Planning Decisions during the Course of the Audit

As a result of unexpected events, changes in conditions, or the audit evidence obtained from
the results of audit procedures, the auditor may need to modify the overall audit strategy and

89
audit plan and thereby the resulting planned nature, timing and extent of further audit
procedures, based on the revised consideration of assessed risks. This may be the case when
information comes to the auditor's attention that differs significantly from the information
available when the auditor planned the audit procedures. For example, audit evidence obtained
through the performance of substantive procedures may contradict the audit evidence obtained
through tests of controls.
The auditor shall plan the nature, timing and extent of direction and supervision of
engagement team members and the review of their work.

Direction, Supervision and Review

The nature, timing-aid extent of the direction and supervision of engagement team members
and review of their work vary depending on many factors, including:
• The size and complexity of the entity.
• The area of the audit.
• The assessed risks of material misstatement (for example, an increase in the assessed
risk of material misstatement for a given area of the audit ordinarily requires a
corresponding increase in the extent and timeliness of direction and supervision of
engagement team members, and a more detailed review of their work).
• The capabilities and competence of the individual team members performing the audit
work.

DOCUMENTATION

The auditor shall include in the audit documentation:

a. The overall audit strategy;
b. The audit plan; and
c. Any significant changes made during the audit engagement to the overall audit
strategy or the audit plan, and the reasons for such changes.

The documentation of the overall audit strategy is a record of the key decisions considered
necessary to properly plan the audit and to communicate significant matters to the engagement
team. For example, the auditor may summarize the overall audit strategy in the form of a
memorandum that contains key decisions regarding the overall scope, timing and conduct of
the audit.
The documentation of the audit -plan is a record of the planned nature, timing and extent of
risk assessment procedures and further audit procedures at the assertion level in response to
the assessed risks. It also serves as a record of the proper planning of the audit procedures that
can be reviewed and approved prior-to their performance. The auditor may use standard audit
programs or audit completion checklists, tailored as needed to reflect the particular
engagement circumstances.
A record of the significant changes to the overall audit strategy and the audit plan, and
resulting changes to the planned nature, timing and extent of audit procedures, explains why
the significant changes were made, and the overall strategy and audit plan finally adopted for
the audit. It also reflects the appropriate response to the significant changes occurring during
the audit.
The auditor must record or document all the information gathered as audit evidence in forming

90
an opinion on the financial statements. The evidence is recorded in the form of working papers
which are prepared by the auditor or obtained during the audit. The working papers are
retained by the auditors in connection with the performance of an audit. Audit working papers
should always be sufficiently complete and detailed to enable an inexperienced auditor having
no previous connection to the audit to ascertain work that was performed to support the
conclusion reached.
The auditor should record all relevant information known to him at the time, the conclusion
reached based on that information and the views of management.

The need for good working papers

- The reporting partner needs to satisfy himself that the work delegated by him has been
properly performed. This is only possible by reviewing detailed working papers
prepared by the audit staff that performs the work. This also aids in supervision and
review of work done by audit assistants. Working papers provide details of problems
encountered together with evidence of work performed and conclusion reached. They can also
serve as a good reference point for future audit.
- Preparation of working papers enables to auditor to adopt a methodical approach to his
work.
- Working papers assist in planning and performance of audit in future financial periods.
- If sued for negligence, the auditor can use the working papers as evidence for work
done.
- Working papers can be used for training of audit staff. They contain audit programme
and specimen schedules which audit assistants can refer to when conducting the audit.

Auditing guidelines do not define precisely, the form of working papers but it indicates what
might typically be contained therein.
- Information of continuing importance to the audit such as letter of engagement and
memorandum of association.
- Planned audit approach as contained in the planning memorandum.
- Auditor's assessment of client's accounting system, his review and evaluation of
internal controls. Details of work carried out, not as of errors or exceptions noted and
action taken together with conclusion drawn by audit staff.
- Evidence that the work of staff has been properly reviewed.
- Record of relevant balances and other financial info that is subject to the audit
- Analysis of significant ration and trends
- Copies of communications with other auditors, expects and other third parties.
- Letters of representation received form management.
- Working papers are divided into the current audit file (CAF) and the permanent audit
file (PAF)

The permanent audit file

This contains documents and matters of continuing importance which are required for more
than one financial period.
It contains:
- Statutory material governing the conduct of the audit e.g. for companies, the companies
Act Cap 486 and for quoted companies in Nairobi Stock Exchange, the NSE booklet of

91
 regulation are required.
- Rules and regulations of the entity e.g. articles of association or a partnership deed.
- Copies of documents of continuing importance and relation to the auditors e.g. minutes
of meetings that recorded the appointment of the auditor, guarantees and indemnities
entered into. Address of registered office and all other premises with a short description
of the work carried at each of those premises.
- Organizational chart showing the principal departments and subdivision thereof and
names of officials and their responsibilities showing clearly the lines of authority.
- A list of directors, their shareholding and service contracts.
- A list of company’s advisors, bankers, lawyers, stock brokers and valuers
- An outline of history of the organization reserves and share capital.
- Accounting policies used on material areas such as stock and depreciation.

The current audit file

This file contains matters pertinent to the current year's audit and contains:
- A copy of the accounts being audited which must be signed by the directors.
- A file index showing contents of the file.
- A detailed description of internal control system in form of flow charts, questionnaires
or any other form of suitable documentation.
- Audit programme showing the audit objective and planned audit procedures for each of
the areas to be audited.
- A schedule of each item in the balance sheet showing the balance at beginning of the
year, changes during the year and balance at the end of the year. The schedule also
shows details of work performed on each balance, the result and conclusion made.
- A schedule_ of the items in the profit and loss account. It will show the details of work
performed on each balance the result and conclusion reached.
- A check list for compliance with statutory disclosure requirements and accounting
standards. A record of questions raised during the audit and those raised in the previous
audit.
- A schedule of important statistics such as net profit margin, liquidity ratios and
composition of sales
- A record or an abstract form minutes of all director's meetings and of any internal
committee whose deliberations are important to the auditor.
- The management letter setting out weakness of the internal control system.
- Letters of representation obtained from client's management.

Standardized working papers

This refers to a predetermined format of presenting and documenting audit findings
formulated by individual audit firms e.g. check lists and specimen letters which are filled with
standard wording and .gaps_ left to fill in the relevant details of the client.

Advantages of standardized Working Papers

- This improves the efficiency with which working papers are prepared because they will
be used for many clients.
- They act on guidelines for instructions to audit staff and facilitate delegation of work.
- They provide a means to control the quality of audit work by ensuring that minimum
quality standards are maintained.

92
 - Ensures that all relevant issues in the audit are addressed.

Disadvantages
- It is not appropriate to follow mechanically, a standardized approach to the conduct
and_ documentation of audit work as the auditor in some cases will need to exercise his
own judgment.
- The initiative of auditor staff may be restricted because the need to exercise judgment
in preparing working papers is eliminated.
- The client staff may become familiar with the method and perpetuate fraud in areas not
covered by the standard working papers.
- The audit work becomes very mechanical with use of standardized working papers.

ASSESSING AUDIT RISK

Audit risks (ISA 320)

Audit risk refers to the risk that the auditors will express an inappropriate audit opinion when
the financial statements are materially misstated.
Audit risk therefore could be defined as the chance of damage to the audit firm as a result of
giving an opinion that is wrong in some particular. Or put another way, it could be explained
as the possibility that financial statements contain material miss-statements which had
escaped detection by both an internal control on which the auditor has relied and on the
auditor's own substantive tests and other work.
It could be looked at also as: the possibility that the auditor may be required to pay damages to
the client or other persons as a consequence of:
1. The financial statements containing a miss-statement;
2. The complaining party suffering a loss as a direct consequence of relying on the
financial statement and
3. Negligence by the auditor in not detecting any reporting on the miss-statement which
can be demonstrated.

Damage to the audit firm or the auditor may be in the form of monetary damages paid to the
complainant as compensation or simply damage to their reputation with a client or the
business community.
All audits involve an element of risk such that however strong the audit evidence and however
careful the auditor, there is always a possibility of an error or a fraud going undetected. It is
generally known that the auditor who organises his office and staff in a competent manner an
follows auditing standards and guidelines is unlikely to be found negligent and to pay damages
as a consequence of fraud or error not being discovered by him.
Audit risks facing the auditor when material assets are stated at fair values instead of historical
costs include:
 Inherent risk is the susceptibility of an assertion to a misstatement that could be
material, either individually or when aggregated with other misstatements, assuming
that there are no related controls.
 Control risk is the risk that a misstatement that could occur in an assertion and that
could be material either individually or when aggregated with other misstatements, will
not be prevented or detected and corrected on a timely basis by the entity's internal
control. Control risk is a function of the effectiveness of the design and operation of

93
 internal control in achieving the entity's objectives relevant to the preparation of the
entity's financial statements.
 Detection risk is the risk that the auditor will not detect a material misstatement that
exists in an assertion that could be material either individually or when aggregated with
other misstatements. Detection risk is a function of the effectiveness of an audit
procedure and its application by the auditor.

Key audit risks may include

1. The management should install an internal control system to detect material errors and
correct them. In this case management should implement controls around receivables,
work in progress and inventory to ensure that any materials errors are detected before
they make it to the financial statements.
2. Some material errors may fail to be detected by the controls and others may completely
by-pass the controls. The value of inventory depends on the valuation by the chief
engineer of the firm, who despite all the controls may under or overstate the value of
inventory to suit the management intentions.
3. The auditor is expected to carry out audit procedures to provide reasonable assurance that
material errors will be detected and removed from the financial statements. Despite the
audit. Procedures and the controls, there will be the-possibility that some misstatements
will be undetected. The management makes provisions for warranties based on estimates
of the costs incurred in repairing the machines.

Audit risk can be either normal or higher than normal.

Normal audit risk

Indications that an audit is a normal risk audit are:
a) The client having management and staff who are competent and have integrity;
b) Where the client has an accounting system that is well designed, works and is subject
c) to strong internal controls;
d) Where the client has no special financial problems;
e) The auditor's past experience;
f) Where the client is old, well established and the business of the entity is not subject to
g) rapid change;
h) If the client's board of directors are actively engaged in the company and they provide
i) control and leadership of a good quality;
j) If the board of directors has competent non-executive directors:
k) If the organization has an audit committee....

When the auditor is faced with the normal audit risk, the audit approach adopted is usually one
of reliance on key controls supported by substantive tests, compliance tests and analytical
review.

Higher than normal risk

Several audit assignments involve high audit risk and usually in any client there will always be
at least one high risk area. Indications that an audit has an element of higher than normal audit

94
risk include:
a. Poor management with lack of control and poor book-keeping;
b. Liquidity problems and high gearing;
c. The opposite of all the factors mentioned in the normal risk above;
d. Recent changes in ownership, control or key staff;
e. Changes in accounting policies or procedures;
f. Future plans to seek quotation on the Nairobi Stock Exchange;
g. Over-reliance on a few products, customers, suppliers and investments in new
ventures or products;
h. Problems inherent in the nature of the business for example difficulties in stock
counting or valuation, difficulties in determining the extent of claims and
i. The existence of put upon enquiry situations, dominance by the single person
and lack of involvement of directors or proprietors. In such a situation, the
auditor approaches his audit in a manner that is:
 Collection of audit evidence in each area from a wide range of sources
 Taking extreme care in the preparation of audit working papers
 Investigating thoroughly high risk and problematic areas
 Exercising extreme care in drafting the audit report

In addition to normal risk and higher than normal risk discussed above, the auditor can also be
exposed by sub-standard work such as:
 His failure to recognise put upon enquiry situation
 His failure to draw correct inferences from audit evidence and the analytical
review
 His use of wrong procedures in a particular situation
 His failure to perform necessary audit work because of time and cost
consideration
 His failure to detect errors or fraud because of poor sampling methods or the
selection
 of inadequate sample sizes

It is essential that an audit firm should organize itself in such a way that it can minimise the
risk of suffering any damage. We can look at these measures from two points of view. Broad
measures taken by the profession as a whole and measures to be taken by the individual
auditor in minimising this audit risk.
This approach requires the auditor to determine what are the very important business risks
which the client faces. This line of approach both helps the client and also enables the auditor
to appreciate and understand his clients business and appreciate all aspects of the business
activities. It is then for the auditor to determine where the risks are likely or unlikely and
whether the risks are likely to produce serious consequences. This enable the audit to be
focused on those matters where there is a possibility of misstatement. This is the basis of
revised auditing standards.

The big firms have largely adopted this approach within their audit methodology.
The history of auditing shows a gradual change over time as detailed testing of transactions
moved to system audits. The next development was the audit risk model which focuses the

95
audit and the extent of audit procedures on to the areas of an audit where the auditor was most
at risk of giving an inappropriate opinion.
ISA 220, Quality Control for an Audit of Financial Statements,
 Environmental requirements affecting the industry and the entity's business.

 ISA 250 includes some specific requirements related to the legal and regulatory
framework applicable to the entity and the industry or sector in which the entity
operates.

Other External Factors

Examples of other external factors affecting the entity that the auditor may consider include
the general economic conditions, interest rates and availability of financing, and inflation or
currency revaluation.
Nature of the Entity
An understanding of the nature of an entity enables the auditor to understand such matters as:
 Whether the entity has a complex structure, for example, with subsidiaries or other
components in multiple locations. Complex structures often introduce issues that may
give rise to risks of material misstatement. Such issues may include whether goodwill,
joint ventures, investments, or special-purpose entities are accounted for appropriately.
 The ownership, and relations between owners and other people or entities. This
understanding assists in determining whether related party transactions have been
identified and accounted for appropriately:
 ISA 550 establishes requirements and provides guidance on the auditor's considerations
relevant to related parties.

Examples of matters that the auditor may consider when obtaining an understanding of the
nature of the entity include:
 Business operations such as:
- Nature of revenue sources, products or services, and markets, including
involvement in electronic commerce such as Internet sales and marketing
activities.
- Conduct of operations (for example, stages and methods of production, or
activities exposed to environmental risks).
- Alliances, joint ventures, and outsourcing activities.
- Geographic dispersion and industry segmentation.
- Location of production facilities, warehouses, and offices, and location and
quantities of inventories.
- Key customers and important suppliers of goods and services, employment
arrangements (including the existence of union contracts, pension and other post-
employment benefits, stock option or incentive bonus arrangements, and
government regulation related to employment matters).
- Research and development activities and expenditures.
- Transactions with related parties.
 Investments and investment activities such as:
- Planned or recently executed acquisitions or divestitures:
- o. Investments and dispositions of securities and loans
- Capital investment activities

96
 -Investments in non-consolidated entities, including partnerships, joint ventures
and special-purpose entities
 Financing and financing activities such as:

-Major subsidiaries and associated entities, including consolidated and non-

consolidated structures.
- Debt structure and related terms, including off-balance-sheet financing
arrangements and leasing arrangements.
- Beneficial owners (local, foreign, business reputation and experience) and related
parties.
- Use of derivative financial instruments.
 Financial reporting such as:
- Accounting principles and industry-specific practices, including industry-specific
significant categories (for example, loans and investments for banks, or research
and development for pharmaceuticals).
- Revenue recognition practices.
- Accounting for fair values.
- Foreign currency assets, liabilities and transactions.
- Accounting for unusual or complex transactions including those in controversial
or emerging areas (for example, accounting for stock-based compensation).

Significant changes in the entity from prior periods may give rise to, or change, risks of
material misstatement.

Nature of Special-Purpose Entities

A special-purpose entity (sometimes referred to as a special-purpose vehicle) is an entity that
is generally established for a narrow and well defined purpose, such as to effect a lease or a
securitization of financial assets, or to carry out research and development activities. It may
take the form of a corporation, trust, partnership or unincorporated entity. The entity on behalf
of which the special-purpose entity has been created may often transfer assets to the latter (for
example, as part of a de-recognition transaction involving financial assets), obtain the right to
use the latter's assets, or perform services for the latter, while other parties may provide the
funding to the latter. As ISA 550 indicates, in some circumstances, a special purpose entity
may be a related party of the entity.
Financial reporting frameworks often specify detailed conditions that are deemed to amount to
control, or circumstances under which the special purpose entity should be considered for
consolidation. The interpretation of the requirements of such frameworks often demands a
detailed knowledge of the relevant agreements involving the special-purpose entity.

The Entity's Selection and Application of Accounting Policies

An understanding of the entity's selection and application of accounting policies may
encompass such matters as:
 The methods the entity uses-to account for significant and unusual transactions..
 The effect of significant accounting policies in controversial or emerging areas for
which there is a lack of authoritative guidance or consensus.
 Changes in the entity's accounting policies.
 Financial reporting standards and laws and regulations that are new to the entity and

97
 when and how the entity will adopt such requirements.

The Business Risk Approach to Auditing

Business risk is the threat that an event or action will adversely affect a business's ability to
achieve its ongoing objective. It can be split between external and internal factors.

TAXATION OF INCOMES OF PERSONS

The business risk approach to auditing involves examining the business in it's entirely and
evaluating the various risks to which it is exposed. The business risks are factors which affect
the company's ability to meet its goals. The risks may be controllable (to some extent) or
uncontrollable (for example, external factors). It may be possible to trade-off some risks (e.g.
insurance). The auditor is concerned about those risks which may impact upon the financial
statements and therefore needs a full understanding of the business and its risks in order to do
this. The auditor will then plan the audit strategy with these business risks clearly focused in
mind.

The Effects of the Business Risk Approach

There are some general points which can be made about the business risk approach and the
effect it has had on the auditing process.
i. This 'top down' approach to the audit, beginning with business risk and ending with the
financial statements
ii. There is still a lack of clarity in the relationship between business risk and audit risk
iii. The ideas of inherent risk and control risk have tended to merge into the larger concept
of business risk.
iv. The ideas of inherent risk and control risk can be called residual risk which has to be
minimized by audit action. An audit action carries with it detection risk.
v. The approach is very much a high level approach and should include consideration of
all .matters which are critical to the business. For example, 'could the client lose the
vi. XYZ franchise and what would be the possible consequences for the company and its
financial statements?'
vii. Because of the high level of understanding required of a client's business it is possible
to use analytical procedures more frequently as a procedure for verification of financial
statement assertions
viii. It is an aid to the firm's acceptance and continuation procedures for clients (do we want
this client?)
ix. Business failure risk is an important aspect of overall business risk. The assessment of
business failure risk will assist the auditor when considering the going concern status of
the clients business.
x. The audit needs to be tailor made and a generalized approach to audits is neither
productive nor economical
xi. Auditors need more understanding of business and to that end the larger firms set up
larger databases of information about the economy and the business world
xii. The concept implies a continuing relationship with the client rather than a one off view
with each year being separate. .

98
As should be evident from this summary the business risk approach is a more holistic
approach to the audit. The business risk approach starts at a stage back from the traditional
audit risk model and offers more benefit to auditors and clients alike.
Business Risk results from significant conditions, events, circumstances or actions that could
adversely affect the entity's ability to achieve its objectives and execute its strategies. Even
though such risks are likely to eventually have an impact on an entity's financial statements,
not every business risk will translate directly in a risk of a material misstatement in the
financial statements, which is often referred to as audit risks. There are 3 categories of
business risk.
 Financial risk- this is the risk that the firm will not be able to meet its short term
maturing obligations as a when they fall due.
 Operational risk- these are risks arising with regard to operations for instance, the
risk that a major supplier will lay longer be able to supply the company with the
key raw materials.
 Compliance risk- Risk that arises from non-compliance with laws and regulations
under which the business operates for example, environmental issues.

Objectives and Strategies and Related Business Risks

The entity conducts its business in the context of industry, regulatory and other internal and
external factors. To respond to these factors, the entity's management or those charged with
governance define objectives, which are the overall plans for the entity. Strategies are the
approaches by which management intends to achieve its objectives. The entity's objectives and
strategies may change over time.
Business risk is broader than the risk of material misstatement of the financial statements,
though it includes the latter. Business risk may arise from change or complexity. A failure to
recognize the need for change may also give rise to business risk. Business risk may arise, for
example, from
 The development of new products or services that may fail;
 A market which, even if successfully developed, is inadequate to support a
product or service; Or
 Flaws in a product or service that may result in liabilities and reputational risk.

An understanding of the business risks facing the entity increases the likelihood of identifying
risks of material misstatement, since most business risks will eventually have financial
consequences and, therefore, an effect on the financial statements. However, the auditor does
not have a responsibility to identify or assess all business risks because not all business risks
give rise to risks of material misstatement.
Examples of matters that the auditor may consider when obtaining an understanding of the
entity's objectives, strategies and related business risks that may result in a risk of material
misstatement of the financial statements include:
• Industry developments (a potential related business risk might be, for example, that the
entity does not have the personnel or expertise to deal with the changes in the industry).
• New products and services (a potential related business risk might be, for example, that
there is increased product liability).

• Expansion of the business (a potential related business risk might be, for example, that

99
 the demand has not been accurately estimated).
• New accounting requirements (a potential related business risk might be, for example,
incomplete or improper implementation, or increased costs).
• Regulatory requirements (a potential related business risk might be, for example, that
there is increased legal exposure).
• Current and prospective financing requirements (a potential related business risk might
be, for example, the loss of financing due to the entity's inability to meet requirements).
• Use of IT (a potential related business risk might be, for example, that systems and
processes are incompatible).
• The effects of implementing a strategy, particularly any effects that will lead to new
accounting requirements (a potential related business risk might be, for example,
incomplete or improper implementation).

A business risk may have an immediate consequence for the risk of material misstatement for
classes of transactions, account balances, and disclosures at the assertion level or the financial
statement level. For example, the business risk arising from a contracting customer base may
increase the risk of material misstatement associated with the valuation of receivables.
However, the same risk, particularly in combination with a contracting economy, may also
have a longer-term consequence, which the auditor considers when assessing the
appropriateness of the going concern assumption. Whether a business risk may result in -a risk
of material misstatement is, therefore, considered in light of the entity's circumstances.
Usually, management identifies business risks and develops approaches to address them. Such
a risk assessment process is part of internal control...

ERRORS, FRAUD AND OTHER IRREGULARITIES

Error

An error is an unintentional mistake in presenting the financial information which can occur at
any time during processing and recording of transactions. These include
• Mathematical or clerical mistakes
• Overnight or misrepresentation of facts
• Misapplication of accounting policies

Types of errors

i. Errors of commission. These are errors that do not show in the trial balance because it
still balances. This is where the correct amount for a transaction is recorded but in the
wrong person’s account e.g. for debtors the correct class of accounts may be used but
the wrong personal entries entered.
ii. Errors or omissions. This is where transactions are completely omitted from books of
accounts.
iii. Errors of principle. This is where an item is entered in the wrong class of account e.g. a
fixed asset is debited to the expense account.

iv. Compensating errors. This is where errors cancel each other out. The errors occur
usually on opposite sides of the accounts i.e. on credit and debits sides with equal

100
 amounts and are totally independent from each other.
v. Errors of original entry. These occur when the original figure is incorrect and the
double entry system is still observed.
vi. Complete reversal entries. These occurs where correct accounts are used but each items
shown on wrong side of the account e.g. crediting sales in debtors account and debiting
sales account.

Fraud

A fraud is an intentional misrepresentation of financial information by one or more individual

among management, employees and third parties involving use of deception to obtain unjust
or illegal advantage. The main difference between a fraud and error is that a fraud is
intentional and aimed at either misleading people or misappropriating company assets. There
are two types of intentional misstatements i.e. misstatements resulting from fraudulent
financial reporting and misstatements resulting from misappropriation of company assets.
Fraudulent financial reporting involves management’s override of controls that otherwise
appear to operating efficiently.

Common types of fraud include:

• Manipulating, forgery, alteration or falsification of accounting records or supporting
documents from which financial statements are prepared
• Misappropriation of company assets e.g. using a company vehicle for private
undertakings, stealing physical assets and embezzling receipts.
• Misapplication of accounting policies e.g. classifying a capital expenditure and revenue
expenditure.
• Inappropriate adjusting assumptions and changing judgments used to estimate account
balances. E.g. the management may insist on providing a 5% provision for bad and
doubtful debts even where past debt collection history shows that the actual default rate
is about 15%.
• Suppression or omission of effects of a transaction on accounting record e.g. placing a
genuine debtor well known bad debts in the balance sheet thus misrepresenting the
financial position of the company.

Fraudulent financial reporting may be committed because management is under pressure from
outside or inside the entity to report unrealistic profit levels. A perceived opportunity for
fraudulent financial reporting or misappropriation of company assets may exist when an
individual believes that an internal control can be overridden. This could be because an
individual is in a position of trust or has knowledge of specific weaknesses in the internal
control system.

The distinction between fraud and error is of little importance so far as audit procedure are
concerned. This is because the audit procedure used to detect errors is the same used to detect
fraud. The only difference may arise where the auditor may be required by law to disclose
certain illegal acts to the regulatory authority.

101
Responsibility for detection of fraud and error

The primary responsibility for the detection and prevention of fraud and error rests with the
management of the company. This responsibility is fulfilled through the implementation and
continuous operation of adequate system of internal controls. Such system reduces but does
not eliminate the possibility of fraud and error. The auditor on his part seeks reasonable
assurance that fraud and error which may be material to the financial statements has not
occurred or if it has occurred, the effect is properly reflected in the financial statements. At
this point, the auditor should plan his work so that he has reasonable expectation of detecting
material misstatements in the financial information resulting from fraud and error. It is
important to emphasis that the auditor cannot be held responsible for failing to detect errors
and frauds. However, he is expected to carry out his work in a manner that he is in a position
to detect material errors and frauds. Failure to detect such material errors implies that the
financial statements are materially misstated.

Expectations gap

This is the gap that exists between external auditor’s understanding of their role and duty and
the expectations of various users of the financial statements and the general public regarding
the process and the outcome of the external audit. I.e. the expectation by users of financial
statements that auditor should detect and prevent error and fraud as a duty, while actually it is
not his duty but of the directors.

The public may conceive the auditor’s role as including;

• Protecting the company against fraud and irregularities
• Providing early warning of future insolvency i.e. certifying the company as a going
concern.
• Providing useful general assurance of the financial wellbeing of the company and its
continued profitability.

Most users of financial statements believe that the auditor has prepared the statements and
should therefore be in a position to explain the performance results of the company. Some
other users of the financial statements do not understand the audit opinion issue.

Possible means of reducing the expectations gap include:

Expanding the audit report to include more information explaining what auditors actually do.
ISA 700 (Audit reports on financial statements) now requires auditors to include a paragraph
explaining the nature and scope of the audit conducted and also explaining the respective
responsibility of management and auditor in relation to preparation of the financial statements.

It has also been suggested that the role of the auditor should be broadened especially in areas
of fraud. ISA 240(fraud and error), requires that the auditor should report to the users of the
financial statements if there is material misstatements as a result of fraud and any other
irregularities.

There should be attempts to improve the knowledge and understanding of auditor’s role and

102
responsibility through public education.

Risk of fraud and error

In addition to weaknesses in the accounting and internal control system, events which also
increase risk of fraud and error are:
• Questions regarding the integrity and competence of management. Where management
is not honest and could misappropriate company assets, the risk of fraud and error
increases.
• Unusual pressure within the company e.g. pressure on organization to attain a certain
level or profitability. This could tempt the managers to manipulate the financial
statement so as to achieve the set profit level.
• Unusual transactions. Such could be carried out with intention of manipulating the
financial performance of the company e.g. a very large purchase of stock at the year
end to increase level of closing stock and subsequently increase profits.

Difficulties in obtaining sufficient, appropriate audit evidence especially where management is

reluctant to provide the necessary information to the auditor.

If circumstances indicate possible existence of fraud and error, the auditor should consider the
potential effect of financial statements. If the effect is material, the auditor should perform
additional procedures to dispel the suspicion. Where fraud or error is confirmed, the auditor
should satisfy himself that the effect of fraud or error is properly reflected in the financial
statements or the error corrected. The auditor should communicate his findings to management
on timely basis if:
• He believes fraud may exist even if the potential effect would be immaterial.
• Fraud or error is actually found to exist.

Inherent limitations of an audit

An audit is subject to the avoidable risk that some material misstatements will not be detected,
even though the audit is properly planned and performed in accordance with ISAs. The risk of
not detecting misstatements resulting from fraud is higher than the risk of not detecting
material misstatements resulting from errors. This is because fraud involves acts designed to
conceal it such as forgery and deliberate failure to record transactions. When the audit reveals
evidence to the contrary, the auditor is entitled to accept representations from management as
truthful and documents as genuine. However, the auditor should plan and perform his work
with professional skepticism, recognizing that conditions or events may be found that indicate
that fraud or error may exist. Existence of a strong internal control system reduces the
probability of misstatements in the financial reporting occurring due to fraud or error but there
is always a risk that the system may fail to operate as designed.
The following procedures could be applied as general leads to where fraud or error may have
occurred.
• Comparison of the company’s current balance sheet with those of previous years.
• Calculation of profitability, leverage, activity and performance ratios for the current and
previous years.

103
 • Using search inquiry to pose questions to management and accounting staff.
• Auditing in depth to establish the audit trail. This facilitates checking a transactions
recording process from initial to final stage.
• Using surprise checks and visits.
• Comparing budgeted and actual results of the company and investigating any variances
noted.

Errors and frauds in specific areas in business

This is the method by which the deficiencies of cash are concealed for some time.
When cash is received from some debtor, it is not recorded in the cash books and is
misappropriate. Later on, when cash is received from any other debtor, his account is not
credited but the account of the first debtor is credited and cash is debited, again later on, when
cash is received from their debtor, his account is not credited but that of the second debtor in
credited and cash is debited.

This process goes or the fraud is discovered. This method of fraud is known as short banking
or delayed accounting of money received or lapping. This is method by which the past
defalcations are covered up by the present receipt. If remittances are received by means of
cheques, then cheques will have to be split up. This process is known as splitting
cheques,because by encashing the cheques, less amount is credited to the debtor and rest
amount is misappropriated.

We can detect such frauds with the help of auditors. The auditor should find out what is the
internal check system regarding cash. If there is any weak point, he must probe into the matter.
The cashier should not have access to ledger. Auditor should check the counterfoils of the
receipts with the cash book paying particular attentions to the dates.

(a) Sales & debtors Potentials errors

• Goods dispatched without being invoiced, services rendered without being invoiced,
goods in transit or a consignment not recognized in books.
• Goods being sold to bad credit risk customer.
• Overdue accounts without follow up.
• Sales invoiced but not recorded in the books.
• Cash sales not being recorded.
• Improper crediting of debtor account..

Implications
• Understated sales, wrong management accounts, loss of assets of the company and
accounts without true and fair view.
• Bad debts
• Misappropriation of cash, exposure to theft and loss of interest due to delayed banking.
• Unreliable records and disputes between the company and customers.

(b) Purchases and Creditor.

Potential errors
• Liabilities being set up for goods not received or not authorized

104
 • Liabilities being incurred but not recorded.
• Making payments without proper documents and authorization.
• Misallocation of funds to the wrong general ledger accounts
• Goods being returned without being recorded.

Implications
• Loss of company resources because of paying for goods never received
• Understanding of liabilities hence disputes with suppliers.
• Paying for services and goods not received
• Overstatement of expenses and creditors.
• Misstatement of various expense accounts hence unreliable records.
• Overstatement of purchases

(c) Wages

Potential errors

• Dummy workers in the payroll or fraudulent double payment of workers, payment for
work not done and unclaimed wages being misappropriated.
• Occurrence of payroll errors.
• Improper deductions being made or being misappropriated
• Inflation of the payroll in other ways.

Implications
• Overvaluation of stocks because using wrong labour costs.
• Overstatement of stocks
• Misstatement of various expense accounts
• Unreliable records.

How is internal control system helps prevent and detect fraud and error
• Supervision. This serves to prevent fraud or error by boosting the awareness of senior
employees who will refrain from committing fraud and error by virtue of constant
review of operations.

• Physical controls. These limit access to the assets of the company thus preventing them
from damage, misuse or theft.
• Segregation of duties. This boosts automatic checks, accountability and supervision at
all stages of processing transactions, minimizing chances of error and fraud.
• Arithmetic and accounting controls. Proper recording of transactions according to the
principles of ISAs will prevent errors and frauds such as manipulation of accounts.
• Personnel. Engaging qualified, competent and efficient personnel will reduce chances
of errors. The company’s staff should be motivated and properly remunerated to
prevent temptations of fraud.
• Routine and automatic checks. These minimize fraud by boosting awareness that work
will be continuously checked, accountability will be increased and importance of being
honest will be emphasized.

105
 TOPIC 5

OVERVIEW OF FORENSIC ACCOUNTING

NATURE PURPOSE AND SCOPE OF FORENSIC ACCOUNTING

Definition
Forensic accounting is the use of accounting skills to investigate fraud or embezzlement and to
analyze financial information for use in legal proceedings
Forensic accounting in its present state can be broadly classified into two categories
encompassing litigation support and investigative accounting.
1. Litigation support - is the provision of assistance of an accounting nature in a matter
involving existing or pending litigation. It is primarily focused on issues relating to the
quantification of economic damages, which means a typical litigation support
assignment would involve calculating the economic loss or damage resulting from a
breach of contract. However, it also extends to other areas involving valuations, tracing
assets, revenue recovery, accounting reconstruction and financial analysis. Litigation
support also works closely with lawyers in matters involving, but not limited to,
contract disputes, insolvency litigation, insurance claims, royalty audits, shareholders
disputes and intellectual property claims

2. Investigative accounting - in contrast, investigative accounting is concerned with

investigations of a criminal nature. A typical investigative accounting assignment could
be one involving employee fraud, securities fraud, insurance fraud, kickbacks and
advance fee frauds. No doubt in many assignments, both litigation support and
investigative accounting services are required.

Nature of forensic accounting

Forensic accounting is the specialty area of the accountancy profession which describes
engagements that result from actual or anticipated disputes or litigation. „Forensic" means
suitable for use in a court of law" and it is to that standard and potential outcome that forensic
accountants generally have to work. It is often said „Accountants look at the numbers but
Forensic accountants look behind the numbers. Forensic accountants are trained to look
beyond the numbers and deal with the business realities of the situation. Analysis,
interpretation, summarization and presentation of complex financial and business related
issues are prominent features of the profession Bhasin 2007.

The services provided by Forensic Accountants are as follows

1. Business valuations
2. Divorce proceedings and matrimonial disputes
3. Personal injury and fatal accident claims
4. Professional negligence
5. Insurance claims evaluations

106
 6. Arbitration
7. Partnership and corporation disputes
8. Shareholder disputes (minority shareholders claiming
9. Civil and criminal actions concerning fraud and financial irregularities - cross
examination, formulate questions
10. Fraud and white-collar crime investigations

Principal Duties of a Forensic Accountant

A forensic accountant's primary duty is to analyze, interpret, summarize and present complex
financial- and business-related issues in a manner that is both understandable by the layman
and properly supported by the evidence.
Forensic accountants are engaged by both government and private agencies cutting across
industries ranging from insurance companies, banks, police forces, regulatory agencies and
other financial and business organizations.
The services rendered by forensic accountants cover a wide spectrum of which the following
are commonly provided:
1. Investigation and analysis of financial evidence;
2. Development of computerized applications to assist in the analysis and presentation of
financial evidence;
3. Communication of findings in the form of reports, exhibits and collections of
documents;
4. Assistance in legal proceedings, including testifying in court as expert witness and
preparing visual aids to support trial evidence.

To properly carry out these functions, the forensic accountant must also be familiar with legal
concepts and procedures, including the ability to differentiate between substance and form
when struggling with any issue.

Specific Assistance in Investigative Accounting and Litigation Support

The forensic accountant can provide more specific assistance in the following ways.

Investigative accounting
1. Reviewing the factual situation and providing suggestions on alternative course of
action.
2. Assisting in the preservation, protection and recovery of assets.
3. Co-ordinating with other experts, including private investigators, expert document
examiners, consulting engineers and other industry specialists;
4. Assisting in the tracing and recovery of assets through civil, criminal and other
administrative or statutory proceedings.

Litigation support

1. Assisting in securing documentation necessary to support or rebut a claim.

2. Reviewing relevant documentation to provide a preliminary assessment of the case and
identify potential areas of loss and recovery.
3. Assisting in the examination and discovery process, including the formulation of

107
 relevant questions regarding financial evidence.
4. Attending to the examination and discovery process to review the testimony, assisting
with understanding the financial issues and formulating additional questions for
counsel.
5. Reviewing the opposing expert's reports on damages and the strengths and weaknesses
of the positions taken.
6. Assisting in settlement meetings and negotiations.
7. Attending the trial to hear testimony of opposing experts and assisting in the cross-
examination process.

Why Engage a Forensic Accountant?

A logical question to pose is why bring in a forensic accountant and his team when the
organisation's internal auditor and management team can handle the situation which can range
from a simple employee fraud to a more complex situation involving management itself? The
answer would be ' obvious when management itself is involved and the fallout to the discovery
of the fraud leads to low employee morale, adverse public opinion and perception of the
company's image and organisational disorganization generally. Engaging an external party can
have distinct advantages from conducting an internal investigation.

Key Benefits of Using Forensic Accountants

1. Objectivity and credibility - there is little doubt that an external party would be far more
independent and objective than an internal auditor or company accountant who
ultimately reports to management on his findings. An established firm of forensic
accountants and its team would also have credibility stemming from the firm's
reputation, network and track record.
2. Accounting expertise and industry knowledge - an external forensic accountant would
add to the organisation's investigation team with breadth and depth of experience and
deep industry expertise in handling frauds of the nature encountered by the
organisation.
3. Provision of valuable manpower resources - an organisation in the midst of
reorganisation and restructuring following a major fraud would hardly have the full-
time resources to handle a broad-based exhaustive investigation. The forensic
accountant and his team of assistants would provide the much needed experienced
resources, thereby freeing the organisation's staff for other more immediate
management demands. This is all the more critical when the nature of the fraud calls for
management to move quickly to contain the problem and when resources cannot be
mobilised in time.
4. Enhanced effectiveness and efficiency - this arises from the additional dimension and
depth which experienced individuals in fraud investigation bring with them to focus on
the issues at hand. Such individuals are specialists in rooting out fraud and would
recognise transactions normally passed over by the organisation's accountants or
auditors.

Different roles of a forensic accountant

(i) Criminal Investigations
Practicing forensic accountants could be called upon by the police to assist them in

108
 criminal investigations which could either relate to individuals or corporate bodies.
The forensic accountant would use his/her investigative accounting skills to examine
the documentary and other available evidence to give his/her expert opinion on the
matter. Their services could also be required by Government departments, the
Revenue Commissioners, the Fire Brigade, etc. for investigative purposes.

(ii) Personal Injury Claims

Where losses arise as a result of personal injury, insurance companies sometimes
seek expert opinion from a forensic accountant before deciding whether the claim is
valid and how much to pay.

(iii) Fraud Investigations

Forensic accountants might be called upon to assist in business investigations which
could involve funds tracing, asset identification and recovery, forensic intelligence
gathering and due diligence review. In cases involving fraud perpetrated by an
employee, the forensic accountant will be required to give his/her expert opinion
about the nature and extent of fraud and the likely individual or group of individuals
who have committed the crime. The forensic expert undertakes a detailed review of
the available documentary evidence and forms his/her opinion based on the
information gleaned during the course of that review.

(iv) Professional Negligence

The forensic accountant might be approached in a professional negligence matter to
investigate whether professional negligence has taken place and to quantify the loss
which has resulted from the negligence. A matter such as this could arise between
any professional and their client. The professional might be an accountant, a lawyer,
an engineer etc. The forensic expert uses his/her investigative skills to provide the
services required for this assignment

(v) Expert Witness Cases

Forensic accountants often attend court to testify in criminal court hearings, as
expert witnesses. In such Cases, they attend to present investigative evidence to the
court so as to assist the presiding judge in deciding the outcome of the case.

(vi) Meditation and Arbitration

Some forensic accountants because of their Specialist training they would have
received in legal mediation and arbitration, have extended their forensic accounting
practices to include providing Alternative Dispute Resolution (ADR) services to
clients. This service involves the forensic accountant resolving both mediation and
arbitration disputes which otherwise would have been expensive and time consuming
for individuals or businesses involved in commercial disputes with a third party.

(vii) Litigation Consultancy

Working with lawyers and their clients engaged in litigation and assisting with
evidence, strategy and case preparation

109
What characteristics/skills should forensic accountant possess?
A forensic accountant is expected to be a specialist in accounting and financial systems yet,
as companies continue to grow in size and complexity, uncovering fraud requires a forensic
accountant to become proficient in an ever-increasing number of professional skills and
competencies.
The major skills can be divided in to two:
I. Core skills (specialized skills and knowledge).
II. Non-core skills (personal skills).

I. Core skills:

1. Ability to critically analyze financial statements. These skills help Forensic

Accountants to uncover abnormal patterns in accounting information and recognize
their source.
2. Ability to grasp internal control systems of the client and to set up a system that
achieves management objectives informs employees of their control responsibility
and monitors the quality of program and changes made to them. ‘
3. Proficiency in Information technology and computer network systems. These skills
assist accountants to conduct investigations in the "E-Areas" (E-banking, Ecommerce
etc) and computerized accounting systems.
4. Knowledge of psychology in order to understand the thinking and motive behind
criminal behavior and to set up prevention programmes that motivate and encourage
employees.
5. An in-depth understating of the fraud schemes such as misappropriations, money
laundering, bribery and corruption.
6. Thorough insight and knowledge into company's governance policies and laws that
regulate these policies.
7. Interpersonal and communication skills, which aid in acquiring information about the
companies ethical policies and assist forensic accountants to conduct interviews and
obtain crucially, needed information,
8. Command of criminal and civil laws, legal system and court procedures.

II. Non-core skills: includes, but are not limited to

1. Sound professional judgment.
2. Look beyond numbers and grasp substance of situation.
3. A "sixth" sense that can be used to reconstruct details of past accounting transactions
is also beneficial.
4. A photographic memory that helps when trying to visualize and reconstruct these past
events.
5. Curiosity, persistence and creativity.
6. Pay attention to smallest of detail, observe and listen carefully
7. Ability to maintain his composure when detailing these events on the witness stand.

Who retains a forensic accountant:

Forensic Accountants are often retained by the following groups:
1. Lawyers;
2. Police Forces;

110
 3. Insurance Companies;
4. Government Regulatory Bodies and Agencies;
5. Banks;
6. Courts; and
7. Business Community.

Emergence of computer forensics

The proliferation of e-commerce has led to an increase in e-fraud in recent times, which in
turn has meant an increasing demand for forensic IT services aimed at identifying
unauthorised or unethical IT activities. Computer forensics is simply the application of
computer science to the investigative process. As investigative accounting is an important
aspect of forensic accounting, computer forensics and its sub-disciplines are important tools
for the forensic accountant in his task of retrieving and analysing evidence for the purposes
of uncovering a fraud or challenging any financial information critical to the outcome of
any dispute. Sub-disciplines of computer forensics, like computer media analyses, imagery
enhancement, video and audio enhancements and database visualisation, are tools,
techniques and skills are becoming more critical in the field of forensic accounting in
general and investigative accounting in particular. Fraud detection services and the
techniques of data matching and data mining would be impossible without the application
of computer forensics.

Advantages of .Forensic Accounting

1) Fraud Identification and Prevention:*

Fraud is quite common in big organizations where the number of daily financial
transactions is huge. In such an environment, an employee can easily undertake fraudulent
activities without being caught. Forensic accounting helps in analyzing whether the
company's accounting policies are followed or not, and whether all the transactions are
clearly stated in the books of accounts. Any deviation observed in the books of accounts can
help in identifying fraud, and necessary measures can be taken to prevent it in the future.

2) Making Sound Investment Decisions:-

As forensic accounting helps in analyzing the financial standing and weaknesses of a

business, it provides a path for investors to make thoughtful investment decisions. A
Company dealing with fraud is definitely not a good option for investment. Therefore, the
reports of forensic accountants act as a guide for potential investors of a company. Many
organizations also apply for loans from various financial institutions. By performing an
analysis, such institutions can come to a decision on whether they would like to fund a
company or not.

3) Formulation of Economic Policies:-

Various cases of fraud that becomes evident after forensic analysis act as a reference for the
government to formulate improved economic policies that would be able to curb such
fraudulent activities in the future. By doing so, the government can strengthen the economy
and prevent such illegal activities in the country.

111
 Rewarding Career Opportunity
As a career, forensic accounting is extremely rewarding, as it not only involves regular
accounting activities, but also involves identification, analysis, and reporting of the findings
during an audit. The acceptance of reports generated by a forensic accountant by the court
of law, gives them an upper hand as compared to other accountants.

Disadvantages of Forensic Accounting

1) Confidentiality Issue

Since the scrutiny of a company's financial records is done by an external forensic

accountant, the chances of leakage of confidential matter are always there. It is true that
their code of ethics clearly mentions that forensic accountants and other members involved
in the scrutiny must not engage in disclosing confidential data to outsiders, but the
possibility of disclosure cannot be nullified.

2) Increased Chances of Threats and Negative Publicity

If the analysis of a company's financial statements points out the involvement of a particular
person in fraudulent activities, there is a significant chance that the person will try to
threaten the company to safeguard himself from the trial, Also, any trial that confirms a
fraud happening in the company comes under public eye and gains negative publicity,
which directly affects the reputation and investor relations of the company,

3) Costs a Lot of Money

Forensic accounting can be an expensive affair because the procedures which accountants
use involve high-end accounting software. If study results have to be presented in a trial, the
overall expenditure goes up even further, because the fees of forensic accountants are quite
high. This can be a matter of concern for the organization
.
4) Losing Employee Trust

It is quite obvious for employees to feel offended when they come to know that their job is
under scrutiny by a third person. If no fraud is identified, employees are left with the feeling
that the employer does not have faith in them. Lost trust can be difficult to regain in such
cases.

5) Limited Use of Services

Federal regulations limit the use of services from a single accounting firm. Suppose a
company has tied up with one firm for auditing, it cannot ask the firm to provide other
services to it. Therefore, a company has to reach out to several firms for carrying out its
accounting tasks.
Despite the disadvantages associated with forensic accounting, it is, and will continue to be
an important part in the world of business. This is because it helps organizations and
individuals to figure out whether their financial accounts are accurate or fabricated to hide

112
illegal activities going on within the organization.

TYPES OF FORENSIC INVESTIGATIONS

The forensic accountant could be asked to investigate many different types of fraud. It is
useful to categorize these types into three groups to provide an overview of the wide range
of investigations that could be carried out. The three categories of frauds are corruption,
asset misappropriation and financial statement fraud

Corruption
There are three types of corruption fraud: conflicts of interest, bribery, and extortion.
Research shows that corruption is involved in around one third of all frauds.
 In a conflict of interest fraud, the fraudster exerts their influence to achieve a personal
gain which detrimentally affects the company. The fraudster may not benefit
financially, but rather receives an undisclosed personal benefit as a result of the
situation. For example, a manager may approve the expenses of an employee who is
also a personal friend in order to maintain that friendship, even if the expenses are
inaccurate.
 Bribery is when money (or something else of value) is offered in order to influence a
situation. 
 Extortion is the opposite of bribery, and happens when money is demanded (rather
than offered) in order to secure a particular outcome. 

Asset misappropriation
 By far the most common frauds are those involving asset misappropriation, and
there are many different types of fraud which fall into this category: The common
feature is the theft of cash or other assets from the company, for example:
 Cash theft - the stealing of physical cash, for example petty cash, from the premises
of a company.
 Fraudulent disbursements - company funds being used to make fraudulent
payments. Common examples include billing schemes, where payments are made to
a fictitious supplier, and payroll schemes, where payments are made to fictitious
employees (often known as 'ghost employees').
 Inventory frauds ^ the theft of inventory from the company,

 Misuse of assets - employees using company assets for their own personal interest.
Financial statement fraud

This is also known as fraudulent financial reporting, and is a type of fraud that causes a
material misstatement in the financial statements. It can include deliberate falsification of
accounting records; omission of transactions, balances or disclosures from the financial
statements; or the misapplication of financial reporting standards. This is often carried out
with the intention of presenting the financial statements with a particular bias, for example
concealing liabilities in order to improve any analysis of liquidity and gearing.

113
 CONDUCTING AN INVESTIGATION

The process of conducting a forensic investigation is, in many ways, similar to the process
of conducting an audit, but with some additional considerations. The various stages are
briefly described below.

Accepting the investigation

The forensic accountant must initially consider whether their firm has the necessary skills
and experience to accept the work. Forensic investigations are specialist in nature, and the
work requires detailed knowledge of fraud investigation techniques and the legal
framework. Investigators must also have received training in interview and interrogation
techniques, and in how to maintain the safe custody of evidence gathered.
Additional considerations include whether or not the investigation is being requested by an
audit client. If it is, this poses extra ethical questions, as the investigating firm would be
potentially exposed to self review, advocacy and management threats to objectivity. Unless
robust safeguards are put in place, the firm should not provide audit and forensic
investigation services to the same client. Commercial considerations are also important, and
a high fee level should be negotiated to compensate for the specialist nature of the work,
and the likely involvement of senior and experienced members of the firm in the
investigation.

Planning the investigation

The investigating team must carefully consider what they have been asked to achieve and plan
their work accordingly. The objectives of the investigation will include:
 identifying the type of fraud that has been operating, how long it has been operating
for, and how the fraud has been concealed
 identifying the fraudster(s) involved
 quantifying the financial loss suffered by the client
 gathering evidence to be used in court proceedings
 Providing advice to prevent the reoccurrence of the fraud.
The investigators should also consider the best way to gather evidence - the use of computer
assisted audit techniques, for example, is very common in fraud investigations.

Gathering evidence
In order to gather detailed evidence, the investigator must understand the specific type of
fraud that has been carried out, and how the fraud has been committed. The evidence should
be sufficient to ultimately prove the identity of the fraudster(s), the mechanics of the fraud
scheme, and the amount of financial loss suffered. It is important that the investigating team
is skilled in collecting evidence that can be used in a court case, and in keeping a clear chain
of custody until the evidence is presented in court.
If any evidence is inconclusive or there are gaps in the chain of custody, then the evidence
may be challenged in court, or even become inadmissible. Investigators must be alert to
documents being falsified, damaged or destroyed by the suspect(s).
Evidence can be gathered using various techniques, such as:
 testing controls to gather evidence which identifies the weaknesses, which allowed

114
 the fraud to be perpetrated
 using analytical procedures to compare trends over time or to provide comparatives
between different segments of the business
 applying computer assisted audit techniques, for example to identify the timing and
location of relevant details being altered in the computer system
 discussions and interviews with employees
 Substantive techniques such as reconciliations, cash counts and reviews of
documentation. 

The ultimate goal of the forensic investigation team is to obtain a confession by the
fraudster, if a fraud did actually occur. For this reason, the investigators are likely to avoid
deliberately confronting the alleged fraudster(s) until they have gathered sufficient evidence
to extract a confession. The interview with the suspect is a crucial part of evidence gathered
during the investigation.

Reporting
The client will expect a report containing the findings of the investigation, including a
summary of evidence and a conclusion as to the amount of loss suffered as a result of the
fraud. The report will also discuss how the fraudster set up the fraud scheme, and which
controls, if any, were circumvented. It is also likely that the investigative team will
recommend improvements to controls within the organisation to prevent any similar frauds
occurring in the future.
Opportunities to Commit Financial Reporting Fraud
1. The absence of a segregation of duties or unclear job descriptions resulting in a lack of
clarity of ownership allowing an individual to manipulate data to achieve a desired
result.
2. The absence of effective supervision allowing an individual (s) to manipulate data to
present a desired result or avoid detection of an improper activity (e.g. remote
locations; specialized or complex businesses; recently acquired entities or outsourced
activities).
3. The ability to create transactions to achieve a desired result (e.g. inter-company
transactions; fictitious receivables; improper reserves; or manipulation of cut-off
procedures).
4. Existence of manual processes that are susceptible to manipulation.
5. The absence of sufficient resources allowing one or more individuals to circumvent
established processes.
6. Failure to perform sufficient background checks resulting in an individual(s) with the
propensity or motivation to commit fraud assuming positions within the Company that
allow them to manipulate data for their personal benefit.

FRAUD PREVENTION AND DETERRENCE

1. Implement internal controls to reduce fraud risk: Many businesses depend on one
person to process payments and invoices, make bank deposits, handle petty cash, and

115
 reconcile bank statements. This is asking for trouble. Your business should implement a
system that spreads and, if possible, rotates the financial duties of the business among
two or more employees. Insist that all employees, especially those with financial
responsibilities, take a mandatory vacation of at least one week of consecutive days.

2. Tone at the Top: An effective way to prevent fraud in your business is to create a
positive work culture. It is important that the business owner and senior management
serve as role models of honesty and integrity. Set clear standards example zero
tolerance policy for fraud.

3. The directors should lead by Example by

 Behaving ethically and openly communicate expectations to employees

 Treat all employees equally
4. Management should create a positive workplace environment by:
 Focus on employee morale
 Empower employees
 Communicate to employees
Management should hire and promote appropriate employees
 Conduct background investigations before hiring or promoting
 Cheek candidate's education, employment history, references
 Continuous and objective evaluation of compliance with entity values
 Violations addressed immediately

The Code of Conduct should;

 Formalized and founded on integrity
 Defines acceptable employee behavior
 Communicated to all employees
 All employees are held accountable for compliance

Discipline in the organization should

 Send a strong message throughout the entity
 Should be appropriate and consistent
 Consequences of committing fraud clearly communicated throughout the entity

Whistle blower: Every company should establish a system that makes it easy for
employees, vendors and customers to anonymously report suspected fraud activities.
 Work with Professionals: Consider hiring a professional to conduct both regularly
scheduled and surprise audits. Audits can serve as a deterrent because when
employees are aware that there will be checks of their areas, they are more likely to
stay honest.

Common Accounting Fraud Areas

Usually in any typical fraud investigation, the forensic accountant and his team would
encounter similar factual scenarios or frauds, which are not peculiar to any organisation.

116
 The more common types are illustrated in the following table:

Accounting items Possible Fraud Scenarios

Revenue Recognition a) Premature recognition of sales

(b) Phantom sales- ghost sales )
(c) Improperly valued transactions

Reserves (a) Bad faith estimates

(b) One time charges
Inventory (a) Over-valuation
(b) Non-existent inventory

Expenses (a) Delayed expense recognition

(b) Improper capitalisation of expenses

Others (a) Related party transactions

(b) Acquisition accounting

TOPIC 6

INTERNAL CONTROL SYSTEMS

Introduction

When carrying out the audit, the auditor first needs to carry out an evaluation of the internal
control systems and evaluate its operating effectiveness and its efficiency. This will help the
auditor to ascertain the degree of reliance he or she is going to place on the controls and hence
the level of the level of tests the needs to be carried on the final balances. To ascertain the
effectiveness of these controls, the auditor carries out tests of control. The tests of control will
also help the auditor have a better understanding of the entity. Internal control is covered by
the International Standard on Auditing (ISA) 315 on Understanding the entity and its
environment and assessing the risk of material misstatement.
Internal audit is normally set up by the management to help in the risk assessment process and
to ensure the company adheres to good corporate governance. This function can either be
carried out in-house whereby the employees of the company employed as the internal auditors
or it can be outsourced. Internal auditing is covered by the International Standard of Auditing
(ISA) 610 on considering the work of internal auditing.
ISA 400 defines an accounting system as the series of tasks and procedures by which
transaction are procedures as a means of maintaining proper financial records. The accounting
system identifies, assembles, analyses, defines, records and summarizes transactions of an
entity the management requires complete and accurate accounting and other records to assist in
executing their responsibilities which are:

117
  Safeguarding the company assets and preventing fraud and error
 Selecting suitable accounting policies and applying them consistently
 Ensuring that the company keeps proper accounting records as per the Companies Act.
 Delivering to the government agency, court or stock exchange a copy of the company’s
auditor financial statements within the specified period after year-end.
 Stating whether applicable accounting standards have been followed subject to any
material departure disclosed and explained in the financial statements.
 Prepare the financial statements on a going concern basis unless it is appropriate to
presume that the company will continue operations.
 Setting up an internal control system to enable all the above responsibilities to be
carried out as required.

ISA 400 defines internal control system as all the policies and procedures adopted by
management to in achieving objectives as far as practicable. The objectives of an internal
control system are: -
 Orderly and efficient conduct of business.
 Adherence to management policies.
 Safeguarding of company assets

 Prevention and detection of fraud and error.

 Accuracy and completeness of accounting records.
 Timely preparation of reliable financial information.

Component of accounting and internal control system

These are:-
1. Risk assessment
2. Control environment
3. Control procedures

1. Risk assessment
Audit risk means the risk that the auditor may give an inappropriate audit opinion i.e. the
auditor may report that the financial statements show a true and fair view while in reality they
are materially misstated.
Audit risk is composed of:
a) Inherent risk
b) Control risk
c) Detection risk
d) Inherent risk

a) Inherent risk
This is the risk that the account balances are transactions could be materially misstated
assuming that there were no internal control system. Inherent risk could increase a result of an
adverse attitude of managers on the internal control system i.e. if they view internal control

118
system as unimportant.
b) Control risk
This is the risk that a material misstatement could occur in an account balance or clan of
transactions which will not be prevented or detected in a timely manner by the entity’s
accounting and internal control system.
c) Detection risk
This is the risk that the auditor’s tests of balances and transactions will not detect a material
misstatement that exists in an accounts balance or class of transactions. This implies that
detection risk is the only component of audit risk under the auditor’s control.

Risk based audit

This audit uses a model called audit risk model. If inherent risk and control risk are assessed to
be high, then to remain within an overall acceptable audit risk, the level of acceptable
detection risk must be low meaning that the level of tests of balances and transactions must be
relatively high. If inherent and control risks are assessed to be low, then the level of acceptable
detection risk may be higher leading to relatively lower level of tests of balances and
transactions. Therefore the assessment of inherent and control risk is an essential part in
deciding the overall approach to an audit.

For the audit model, audit risk equals inherent risk multiplied by the control risk and detection
risk.

Advantages of audit risk model

 Helps eliminate over or under auditing because the nature, extent and timing of audit
procedures performed is determined by the risk assessment carried out.
 The results appear more rational and defensible than if the model was not used. i.e. in
case the auditor is called upon to support his decisions in a court of law, he can justify
the level of reliance on the internal control system and the amount of substantive tests
carried out
 Helps allow work to be delegated to junior members of audit staff who will be able to
carry on without having to rely too much on their own judgment.
 The increased use of computer in business has made the calculations of audit risk easier
leading to more efficient and effective audit.

Disadvantages
 The model gives an impression of accuracy which is unrealistic as in practice it’s
difficult to put a quantitative value on inherent risk.
 For the model to be useful, the number of items being tested need to be sufficiently
large to allow for valid statistical conclusions to be made. This rule out the use of the
model in many small audits.
 The model has a danger of adapting an overly mechanistic approach and that the
auditor may lose his „feel‟ for the audit assignment.
 It requires proper knowledge of the burden to be able to assess the audit risk.
 A wrong assessment of inherent and control risk will lead to over or under auditing.

119
 2. Control Environment
ISA 400 refers control environment as being the overall attitude, awareness and actions of
directors and management regarding the internal control system and its importance to the
entity.
The control environment has an effect on the effectiveness of the specific control procedures.
A strong control environment i.e. one with tight budgetary control and an effective internal
audit function can significantly complement specific control procedures. Thus the control
environment sets the tone of the entity by influencing the control consciousness of people. It
may be viewed as the foundation of other components of internal control.

Factors influencing the control of environment

 The function of the board of directors or the audit committee. The control environment
is significantly influenced by the effectiveness of the board of directors or the audit
committee. This effectiveness is determined by the extent of its independence from
management, experience and status of members and the extent to which it raises and
pursues difficult matters with management and also its relationship with internal and
external auditors.
 Management philosophy, style and ease with which managers could override controls.
Management philosophy refers to whether the management likes taking risk in business
or has a conservative approach. This has an impact on the overall reliability of financial
statements. If they are risk takers, losses are likely and may want to hide them. If they
are conservative to risk, there may be no business hence low profits and this may lead
to falsification of financial statements.
 The implementation of organizational structure and methods of assigning authority and
responsibility. This determines how well employees understand the limits placed upon
their powers and responsibilities. The objective is to separate responsibility for
authorizing a transaction, keeping records for the transaction and custody of assets
acquired from the transaction.
 Personnel policies and procedures. Employees should be recruited on basis of skills and
knowledge essential for the performance of their jobs and if necessary, be trained

3. Control procedures
These are the policies and procedures in addition to the control environment, which the
management has established to achieve the entity’s specific objectives. The mix of types of
controls implemented by management will depend on the control objectives and the size of the
entity.
a) Organizational plan chart
Companies should have proper organization plans. An organized plan shows clearly the
various departments within the company, their functions and persons charged with ensuring
that such functions are fulfilled. They seek to ensure that the entity is properly
departmentalized preventing duplication of duties across departments and boosting
accountability within the entity. Delegation and limits of authority should be well and clearly
defined.
b) Segregation of duties.

120
This refers to separation of various duties and responsibilities such that one person cannot
process and record a complete transaction from beginning to the end without being checked by
another person. E.g. in purchase of fixed assets, an individual should not authorize the
purchase, place the order, receive the assets, record the transaction and keep custody of the
assets. To minimize risk of error and or intention the following should be performed by
different individuals and departments as much as practicable.
 Initiation of transaction. This is where if an item is found to be out of stock and a
requisition is made.
 Authorization Different levels of management should be given limits as to what they
can authorize or to what extent they can commit company resources.

 Execution. Person’s independent from those who authorize the transactions should
execute them.
 Recording. Segregation of duties also includes an internal check which refers to the
activities of one person being complementary to those of another person.

c) Physical controls
These are security measures concerned with the custody of company’s assets by limiting
access to authorized people only. Direct physical controls include keeping assets under lock
and key, employment of security guards, building fences and use of closed circuit cameras.
Indirect physical controls include use of a fixed asset movement registers and use of
computers to record utilization of company vehicles.
d) Authorization and approval.
Transactions that commit the organizations resources should be subject to authorization and
approval by a responsible official. The limits for authorization should also be specified.
e) Arithmetic and accounting control.
These are controls within the accounting function which check that transactions are authorized
and accurately recorded. These are aimed at ensuring completeness and accuracy of the
accounting records. The key features are;
 Use of pre numbered documents in processing transactions.
 Issuing of documents in sequence when processing transactions.
 Monitoring movement of documents by use of a register in which all the people in
possession of specific documents have signed that they are possession of those
documents.
 Production of exception reports e.g. where a local purchase order (LPO) has been raised
and the order has not been fulfilled by the supplier.
 Reconciliation of different accounts and the related control accounts e.g. bank
reconciliation. Reconciliations would only be effective if prepared by independent
persons and non-reconciling items resolved in a timely manner.

f) Personnel.
The proper functioning of any system is dependent on the competence and integrity of those
operating it. The company must therefore recruit competent staff with integrity and
intelligence. Staff should be assigned responsibilities that match their capability and undergo
training where necessary.

121
g) Supervision.
Transactions and their recording should be subjected to supervision by competent and
responsible officials. Supervision is necessary because it gives the chance of correcting errors
and also because lower level employees generally tend to be indiscipline if not closely
supervised.

h) Management controls.
These are controls exercised by management in addition to daily routines of the system. They
include comparison of actual performance with budgets review of management accounts e.g.
budgets and internal audit function.

i) Rotation of duties.
Duties should be rotated between personnel at the same organizational level e.g. payroll staff
and credit control staff. Staff should be encouraged to take annual leave to provide an
opportunity for their work to be checked by an independent person.

j) Routine and automatic checks.

These are conducted on routine duties and operations to ensure that they are operating
efficiently.
Such checks are conducted on surprise basis to minimize errors and frauds. Examples may
include surprise cash counts and physical inspection of fixed assets.

k) Internal audit
This is a control function set up by management to review the accounting and internal control
system. Internal audit carries out continuous evaluation of operating effectiveness of the
internal control policies and procedures. The findings and recommendations are then reported
to management.

l) Limitations of internal control system

No internal control system however elaborate can by itself guarantee efficient administration
and completion and accuracy of the recorded nor can it be proof against fraud. This is due to
the following inherent limitations of accounting and internal control systems;
a. Cost-benefit analysis. Management has to ensure that the benefits expected from an
internal control system outweigh the cost of installing and maintaining the internal
control system. As a result certain important controls may not be put in place due to the
costs involved e.g. a small company may not have the resources to employ efficient
staff to ensure segregation of duties.
b. Limited coverage. Most internal controls tend to be directed towards routine
transactions rather than non-routine transactions leaving room for fraud and error as the
non-routine transactions will not be subjected to the appropriate controls e.g. if stock is
damaged by fire and needs to be replaced immediately, there will be no controls
available for such an emergency.
c. Human error. Human beings are prone to carelessness, distraction, mistakes of
judgment and misunderstanding instructions. This undermines the effectiveness of the

122
 internal control system because the most important component of internal control
system is people.
d. Abuse of responsibility. Senior managers could override controls thereby creating
negative perception of the internal control system to the lower level employees.
e. Corruption. A member of management or employee could circumvent controls through
collusion with persons within or without the company e.g. where an internal control on
purchasing requires a quotation to be submitted, an employee can leak the prices in the
quotations to his preferred supplier in exchange for a kick back.
f. The possibility that procedures may become inadequate due to changes in conditions of
the burden e.g. expansion of business without corresponding increase in number of staff
may require some staff member to perform more tasks than previously. This dilutes the
extent of segregation of duties.

An example of internal control system over sales and debtors

When designing internal controls, it is important to identify the various stages followed in
processing the transaction and controls that address the issues that arise in each of the stages.
a. Customers should be approved before a credit facility is granted. The credit limit
granted should be formally authorized after seeking references on the customer’s
ability to pay. Such references are normally provided by banks suppliers and credit
reference bureaus.
b. Customers should be approved for sales only when the customer’s credit limit has not
been exceeded. The sales personnel should ensure that they have up to date records of
customers‟ outstanding balances.
c. Goods only be dispatched against a valid and an authorized sales order.
d. All dispatches of goods and return inwards should be accurately recorded
e. All dispatches should be involved. This can be achieved by checking copies of the sales
order to the dispatch records the use of sequentially numbered documents would ensure
that all sales are invoiced.
f. Invoices and credit notes should be accurately prepared from approved price list and all
discounts or price deduction should be properly approved. Price list and all trade
discounts and price deduction should be properly authorized.
g. Creditors‟ notes and other adjustments should only be prepared against authorized
return inwards or other appropriate documents. To prevent fraud, there should be
proper segregation of duties such that the person who authorizes a sale is not able to
authorize the issue of a credit note or other adjustments.
h. All bad debts written off should be properly authorized and recorded. Persons involved
with original authorization of sales and granting credit to customers should not be
involved in the authorization of bad debts write offs.
i. Stock’s records should be accurately updated with all sales and sales returns
j. All transactions should be accurately posted to the ledger
k. Sales ledger balances should be regularly reconciled to sales ledger control balances to
ensure completeness and accuracy of the ledger.
l. Sales ledger balances should be periodically aged and reviewed by the credit control
staff. Overdue accounts should be identified and followed up for collection. The aged
list of debtors would assist management and the auditor in assessing adequacy of bad
debt provisions.

123
Key objectives in sales and debtors internal control system
 Credit should be extended to credit worthy customers.
 Goods should not be dispatched without an invoice being raised.
 Overdue accounts should be promptly followed up.
 Receipt from cash sales should be properly controlled.
 No unauthorized credit entries should be made to debtors account balances.
 There should be sufficient segregation of duties between sales function and credit
control function in the entity

Ascertaining, Evaluating, recording and confirming internal control system

The auditor will need to ascertain, evaluate, record and confirm the internal control system to
be able to determine the effectiveness of its component controls and to decide on the extent of
his reliance thereon.

Ascertaining
This refers to the auditors attempt to identify and understand the internal controls that
management has put in place. This is carried out in the following ways:-
 Utilizing clients accounting and control manuals which describe the accounting and
internal control system.
 Obtaining and relying on system records and description prepared by internal audit for
organizations with inter audit functions.
 Interviewing procedures being performed e.g. stock taking in order to clearly
understand the nature of the controls involved.
 Relying on prior year’s system notes which can be obtained from the previous auditor’s
working papers.

The auditor’s objective in evaluating the internal control system is to determine the degree of
reliance which he may place on the information contained in the accounting records. If he
obtains reasonable assurance by means of compliance tests that the internal controls are
effective in ensuring the completeness and accuracy of accounting records and the validity of
entries therein, he may limit the extent of substantive testing. Because of the inherent
limitation of even the most effective internal control system, it will be impossible for the
auditor to rely solely on its operation as a basis of his opinion on the financial statements.

Recording
Having identified the controls that management has put in place, it is important to create
documented records of the internal control system. This will enhance the auditor’s
understanding of the system and provide documentary evidence of work done. The following
are methods used in recording the system.

 Flow Charts: These are diagrammatic representations of the company’s procedures

and processes and are designed to show the movement of documents and information
through the accounting system from initiation of transactions to final recording in the
books of accounts. Standardized symbols are used to represent the flow of documents
and information through the system. This use of visual description eliminates use of lengthy

124
 narratives in explaining the system.

 Questionnaires. These comprise a list of questions designed to determine whether the

internal control system has desirable controls that cover each of the major transaction
cycles. The questions are structured such that the client will be required to respond by
giving either a yes or no answer. There are two types of questionnaires:

i. Internal control questionnaires (ICQ). These are lists of questions that are
designed to establish whether the company has put in place desirable controls to ensure
that the affairs of the company are carried out in an orderly and efficient manner.
ii. Internal control evaluating questionnaires (ICEQ). These are lists of
questions that seek to establish whether specific errors or fraud could occur rather than
establishing whether certain desirable controls are present. E.g. is there reasonable
assurance that sales are properly authorized? Yes / No.

 Narratives. These refer to recording of the internal control system in narrative form or
explanatory notes. They are preferable for simple systems where all the transactions
and documentation are handled by one person only. They require little formal training
of staff and are best suited to small and simple system description or to explain
peripheral aspects of a larger system not dealt with by other techniques. Narratives are
too easy to record but difficult to change.

Confirming
Having recorded the system, the auditor then needs to confirm whether the system recorded
exists, is operational and that the auditor has correct understanding of the system. This is done
by use of walk through tests. A walk through test refers to the process where the auditor
selects the particular transaction and traces it through the accounting information system from
the time it was first captured and input as data to its final recording in the financial statements.
The purpose of walk through tests may be either for auditor to identify specific control
procedures or to confirm an existing understanding of internal control procedure in the internal
control system.

Evaluating
Having recorded and confirmed the internal control system, the auditor will commence his
evaluation. The auditor evaluates the client’s internal control system in order to decide
whether the system is suitably designed and constitutes a reliable basis for preparation of
financial statements. Evaluation is normally carried out simultaneously with recording.
Evaluation will be assisted by the use of documentation designed to help identify the internal
controls on which the auditor may wish to place reliance. The auditor uses internal control
evaluation questionnaires (ICEQ) in evaluating the system based on key control questions.
Examples of key control questions that could be applied in evaluating internal control system
for sales and debtors are:

 Can goods be dispatched without being involved?

 Can goods be sold to a bad credit risk?
 Can sales be invoiced but not recorded?

125
For wages and salaries
 Can employees be paid for work not done?
 Can bonuses or commissions be wrongly paid?
 Can pay as you earn (PAYE) and other statutory deductions be inflated by inclusion of
ghost workers?
 Can wages and salaries be paid at the wrong rates?

TESTS OF CONTROL

After the system has been evaluated as being suitably designed the auditor then plans to carry
out tests of control which are also called compliance tests. Compliance tests are procedures
performed to obtain audit evidence about the effectiveness of the:
 Design of the accounting and internal control system i.e. whether it is suitably designed
to prevent and correct material misstatements.
 Operation of the internal controls consistently throughout the financial period.

The Auditor carries out tests of control to determine whether these controls have worked
effectively throughout the financial period and can be relied upon to ensure complete, accurate
and reliable accounting records.
Some of the procedures performed to obtain an understanding of the accounting and internal
control system may not have been specifically planned as tests of control but may provide
audit evidence about the effectiveness of the design and operation of the internal controls
relevant to certain assertions and consequently serve as tests of control.

Tests of control include:

 Inspection: Documents supporting transactions and other events are inspected to gain
assurance that internal controls have operated properly.
 Inquiry: Inquiries about internal controls which have no audit trail need to be done e.g.
inquiring whether appropriate security measures are undertaken during payment of
wages.
 Re-performance of internal controls. E.g. reconciliation of the bank accounts to ensure
clients bank accounts to ensure clients bank reconciliation statements is accurately
prepared.
 Observation. This entails observing control procedures being performed e.g. physical
counting of stock will enable the auditor confirm that the exercise is being conducted
properly. Such observation will provide evidence that a control is operating effectively
as designed. When obtaining audit evidence about the effectiveness of internal controls,
the auditors considers how they were applied and the consistency with which they were
applied. The concept of effective operational controls recognizes that some deviation from
prescribed control may occur. This may be due to changes in key personnel, human error and
significant fluctuation in the volume of transactions.

126
Actions taken when internal control system is identified as weak
 The auditor should bring to the attention of the management all the weaknesses he has
identified and discuss with them the possible remedies and corrective measures
immediately.
 The auditor should consider changing his audit approach by increasing the level of
detailed substantive testing. This is because the weaknesses imply that the system is not
operating as designed and therefore cannot be relied upon.
 The auditor should increase the sample size i.e. test as many entries as is considered
necessary to avoid any error or fraud undetected.
 The auditor should record significant weakness in the management letter and give his
recommendations to management on how the weaknesses can be corrected.
 If the internal control system is extremely weak such that he cannot depend upon it to
apply any test, then he should qualify his report or at best give a disclaimer opinion.

The extent of reliance on internal control system by the auditor will depend on factors as: -
 His past experience with the company’s internal control system. Any fluctuation in
volume of business transactions
 Changes in line managers or top management officials.
 Changes in accounting policies and practices.
 Changes in size of the company.

COMMUNICATION ON INTERNAL CONTROL (MANAGEMENT LETTER)

Although the statutory reporting requirements of the Companies Act only calls for the auditor
to make a report to the members as to whether the financial statements show a true and fair
view. In addition to this, auditors provide management with a summary of their findings
concerning strengths and weaknesses of accounting and internal control system as well as
material issues arising from review of the financial statements. This summary is called the
management letter.

Purposes of management Letter

 Enables the auditor to give his comments on the accounting records that he has
examined during the course of the audit. Areas of weakness in internal control system
which my result to material errors will be highlighted and brought to management’s
attention together with advice as to their improvement.
 Provides management with other constructive advice regarding areas where efficiency
may be improved.

 Communicates matters arising during the audit so that there is a written record of all
such matters. In case of litigation, the auditor may rely on the management letter for
defense.
 Ensures auditor’s comments on the accounting on the internal control system reach
those responsible members of management who have powers to act on the findings.

A report to management will normally be a natural way of adding value to the client and the
auditor should incorporate the need to report in the planning of the audit. Before documenting

127
the weaknesses in management letter, the auditor should discuss these with the appropriate
officials. This eliminates the possibility that the auditor may have misunderstood. The
operation of the system and will also enable the company make quick corrective actions. The
management letter should be addressed to the board of directors or the audit committee.
The timing of the management letter will vary. It will often be useful to complete the
compliance tests before its submission, so that weaknesses in internal control system may be
included. However, serious weaknesses discovered should be reported immediately. This may
make it necessary to submit more than one management letter.
The management letter acts as effective feedback that assists management in running the
company more efficiently and thus promotes constructive relationship between the auditor and
management which may be useful in future audits. The management letter should be both
objective and constructive. The auditor should request for comments from management as to
all the matters rose indicating what actions management intends to take regarding the matters
raised.

INFORMATION TECHNOLOGY THREATS AND CONTROL

An entity's mix of manual and automated elements in internal control varies with the nature
and complexity of the entity's use of IT.
The use of IT affects the way that control activities are implemented. From the auditor's'
perspective, controls over IT systems are effective when they maintain the integrity of
information and the security of the data such systems process, and include effective general IT
controls and application controls. General IT controls are policies and procedures that relate to
many applications and support the effective functioning of application controls.
They apply to mainframe, miniframe, and end-user environments. General IT controls that
maintain the integrity of information and security of data commonly include controls over the
following:
 Data center and network operations.
 System software acquisition, change and maintenance.
 Program change.
 Access security.
 Application system acquisition, development, and maintenance.

Generally, IT benefits an entity's internal control by enabling an entity to:

• Consistently apply predefined business rules and perform complex calculations in
processing large volumes of transactions or data;
• Enhance the timeliness, availability, and accuracy of information;
• Facilitate the additional analysis of information;
• Enhance the ability to monitor the performance of the entity's activities and its policies
and procedures;
• Reduce the risk that controls will be circumvented; and
• Enhance the ability to achieve effective segregation of duties by implementing security
controls in applications, databases, and operating systems.

IT also poses specific risks to an entity's internal control, including, for example:

128
 • Reliance on systems or programs that are inaccurately processing data, processing
inaccurate data, or both.
• Unauthorized access to data that may result in destruction of data or improper changes
to data, including the recording of unauthorized or non-existent transactions, or
inaccurate recording of transactions.
• Particular risks may arise where multiple users access a common database.
• The possibility of IT personnel gaining access privileges beyond those necessary to
perform their assigned duties thereby breaking down segregation of duties.
• Unauthorized changes to data in master files.
• Unauthorized changes to systems or programs.
• Failure to make necessary changes to systems or programs.
• Inappropriate manual intervention.
• Potential loss of data or inability to access data as required.

Manual elements in internal control may be more suitable where judgment and discretion are
required such as for the following circumstances:
• Large, unusual or non-recurring transactions.
• Circumstances where errors are difficult to define anticipate or predict.
• In changing circumstances that require a control response outside the scope of an
existing automated control.
• In monitoring the effectiveness of automated controls

Manual elements in internal control may be less reliable than automated elements because they
can be more easily bypassed, ignored, or overridden and they are also more prone to simple
errors and mistakes. Consistency of application of a manual control element cannot therefore
be assumed. Manual control elements may be less suitable for the following circumstances:
• High volume or recurring transactions, or in situations where errors that can be
anticipated or predicted can be prevented, or detected and corrected, by control
parameters that are automated
• Control activities where the specific ways to perform the control can be adequately
designed and automated

The extent and nature of the risks to internal control vary depending on the nature and
characteristics of the entity's information system. The entity responds to the risks arising from
the use of IT or from use of manual elements in internal control by establishing effective
controls in light of the characteristics of the entity's information system

TOPIC 7

AUDIT EVIDENCE
FINANCIAL STATEMENT ASSERTIONS AND AUDIT EVIDENCE

Financial Statement Assertions are the implicit or explicit claims and representations made
by the management responsible for the preparation of financial statements regarding the
appropriateness of the various elements of financial statements and disclosures.

129
Financial Statement Assertions are also known as Management Assertions and Audit
Assertions.

In preparing financial statements, management is making implicit or explicit claims (i.e.

assertions) regarding the recognition, measurement and presentation of assets, liabilities,
equity, income, expenses and disclosures in accordance with the applicable financial reporting
framework (e.g. IFRS).
For example, if a balance sheet of an entity shows buildings with carrying amount of sh.10
million, the auditor shall assume that the management has claimed that:
 The buildings recognized in the balance sheet exist at the period end;
 The entity owns or controls those buildings;
 The buildings are valued accurately in accordance with the measurement basis;
 All buildings owned and controlled by the entity are included within the carrying
amount of sh.10 million.

Types & Examples

Assertions may be classified into the following types:

Assertions relating to classes of transactions

Assertions Explanation Examples: Salaries & Wages Cost

Salaries & wages expense has been incurred during

Transactions recognized in the
the period in respect of the personnel employed by the
Occurrence financial statements have
entity. Salaries and wages expense does not include
occurred and relate to the entity.
the payroll cost of any unauthorized personnel.

All transactions that were

supposed to be recorded have Salaries and wages cost in respect of all personnel
Completeness
been recognized in the financial have been fully accounted for.
statements.
Salaries and wages cost has been calculated
Transactions have been recorded
accurately. Any adjustments such as tax deduction at
Accuracy accurately at their appropriate
source have been correctly reconciled and accounted
amounts.
for.

Salaries and wages cost recognized during the period

Transactions have been
relates to the current accounting period. Any accrued
Cut-off recognized in the correct
and prepaid expenses have been accounted for
accounting periods.
correctly in the financial statements.

130
 Salaries and wages cost has been fairly allocated
between:
Transactions have been
-Operating expenses incurred in production activities;
Classification classified and presented fairly in
-General and administrative expenses; and
the financial statements.
-Cost of personnel relating to any self-constructed
assets other than inventory.

Assertions relating to assets, liabilities and equity balances at the period end
Assertions Explanation Examples: Inventory balance
Assets, liabilities and equity Inventory recognized in the balance sheet exists at the
Existence
balances exist at the period end. period end.
All assets, liabilities and equity
All inventory units that should have been recorded
balances that were supposed to
have been recognized in the financial statements. Any
Completeness be recorded have been
inventory held by a third party on behalf of the audit
recognized in the financial
entity has been included in the inventory balance.
statements.
Entity has the right to
Audit entity owns or controls the inventory
ownership or use of the
recognized in the financial statements. Any inventory
Rights & recognized assets, and the
held by the audit entity on account of another entity
Obligations liabilities recognized in the
has not been recognized as part of inventory of the
financial statements represent
audit entity.
the obligations of the entity.
Inventory has been recognized at the lower of cost
and net realizable value in accordance with IAS 2
Inventories. Any costs that could not be reasonably
Assets, liabilities and equity allocated to the cost of production (e.g. general and
Valuation balances have been valued administrative costs) and any abnormal wastage
appropriately. have been excluded from the cost of inventory. An
acceptable valuation basis has been used to value
inventory cost at the period end (e.g. FIFO, AVCO,
etc.)

Assertions relating to presentation and disclosures

Examples: Related Party
Assertions Explanation
Disclosures
Transactions with related parties
Transactions and events disclosed
disclosed in the notes of financial
Occurrence in the financial statements have
statements have occurred during the
occurred and relate to the entity.
period and relate to the audit entity.

131
 All related parties, related party
All transactions, balances, events
transactions and balances that should
and other matters that should have
Completeness have been disclosed have been
been disclosed have been disclosed
disclosed in the notes of financial
in the financial statements.
statements.
The nature of related party
Disclosed events, transactions,
transactions, balances and events has
balances and other financial
been clearly disclosed in the notes of
matters have been classified
financial statements. Users of the
Classification & appropriately and presented clearly
financial statements can clearly
Understandability in a manner that promotes the
determine the financial statement
understandability of information
captions affected by the related party
contained in the financial
transactions and balances and can
statements.
easily ascertain their financial effect.
Transactions, events, balances and Related party transactions, balances
Accuracy & other financial matters have been and events have been disclosed
Valuation disclosed accurately at their accurately at their appropriate
appropriate amounts. amounts.

AUDIT EVIDENCE

Audit evidence refers to the information obtained by the auditor in arriving at the conclusions
on which audit opinion on the financial statements is based. Audit evidence comprises of
source documents and accounting records underlying the financial statements. The accounting
records generally include:

 Records of initial entries and supporting records

 Records of electronic fund transfers, invoices, contracts and cheques.
 General and subsidiary ledgers, journal entries and other adjustments to the financial
statements not reflected in the journal entries
 Records such as work sheets and spread sheets supporting cost allocations,
computations and reconciliations.

Other information the auditor can use as audit evidence are:

 Minutes of meetings
 Confirmations form third parties
 Analysis reports
 Comparable data about competitors.
 Control annuals.
 Information obtained by auditor from audit procedure such as observation and
enquiries.

The sources and amount of evidence needed to achieve the required level of assurance is
determined by the auditor’s judgment. The auditor’s judgment will be influenced by the

132
materiality of item being examined, the relevance and reliability of evidence available from
each source and cost involved in obtaining it. Audit evidence is obtained through an
appropriate mix of tests of controls and substantive procedures where internal control system
is considered weak; evidence may be obtained entirely from substantive procedures.

Substantive tests are procedures carried out to test the accuracy and validity of accounting
records. They are of two types i.e. analytical review procedure and test of detail.

Qualities of audit evidence

ISA 500 requires that „the auditor should obtain sufficient audit evidence to be able to draw
reasonable conclusions on which to base the audit opinion.‟

What do we mean by:

a) Sufficiency
b) Appropriate

Sufficient means that there needs to be enough evidence. What is enough is a matter of
professional judgment.

Appropriate break down into:

a) Relevance.
Relevance of audit evidence should be considered in relation to the overall audit objective of
forming an opinion and reporting on financial statements. It therefore refers to the ability of
the evidence to assist the auditor in testing management assertions.

b) Reliability

Reliability of audit evidence refers to the credibility of that evidence the credibility is
influenced by its source and its nature

Use of assertions in generating audit evidence

When preparing financial statements the management makes certain implicit or explicit
assertions about the financial affairs of the company.

Consequently, when the auditor is obtaining evidence from a substantive procedure, he is

concerned about testing or substantiating the truth of these assertions. The assertions are
categorized as follows;

1. Assertions about hinting of transactions and events for the period under audit i.e.

 Occurrence transaction and events that have been recorded have occurred and pertain to
the entity.
 Completeness

133
  Cut off. Transactions and events have been recorded in the appropriate accounting
period
 Accuracy Amounts and other data relating to the recorded transactions have been
recorded appropriately.
 Classification. Transactions and events have been recorded in the correct period

2. Assertions about account balances at the year end.

 Existence. Assets or liabilities exist at a given date

 Rights and obligations
 completeness
 valuation and allocation

3. Assertions about presentation and disclosure.

 Occurrence and rights and obligation. Disclosed events and transactions and other
matters have occurred and pertained to the entity
 Completeness All disclosures that should have been included e.g. compositions of
director’s fees.
 Measurement and valuation. Financial and other information are disclosed fairly and at
appropriate amounts
 Classification and understandability. Financial information is appropriately presented
and described, and disclosures are clearly expressed

The auditor may use the assertions described above or may express them differently provided
all aspects described above have been covered.

Methods of obtaining audit evidence

The auditor may rely on sufficient appropriate evidence obtained by substantive testing to
form his opinion. Alternatively he may be able to obtain assurance from presence of a reliable
internal contrast system and therefore reduce the extent of substantive testing the auditor
obtains evidence in performing compliance and substantive procedures using the following
methods.

a) Inspection.

This consists of examining records, documents or tangible assets. The reliability of the
evidence obtained from inspection depends on nature, source and effectiveness of the internal
control system. Inspection of tangible assets provides evidence with the respect to the
existence but not to their value and ownership.

b) Observation

This involves looking at procedures being performed by others e.g. stock counting by client
personnel.

134
c) Inquiry and confirmation.

Inquiry consists of seeking information from knowledgeable persons inside and outside the
company. It ranges from formal written inquires addressed to the third parties to oral inquiries
addressed to persons within the entity. The information may be new to the auditor or may
corroborate evidence from other sources. Confirmation is the response to inquiry to
corroborate information contained in financial statements e.g. debtors circularization.

d) Recalculation and re-performance

This involves checking the arithmetic accuracy of source documents and accounting records or
performing independent computations e.g. re-computing amount of provision for depreciation
and comparing this against that computed by client.

e) Analytical procedures.

This is the analysis of relationships such as between items of financial data to identify
consistency and predicted patterns or significant fluctuations, unexpected relationships and
results of investigations thereof.

AUDIT EVIDENCE PROCEDURES/TECHNIQUES

Analytical procedures

Nature and purpose of analytical procedures

They are mainly used at 3 stages of the audit:

 As part of the planning process
 At the final review stage
 As substantive procedures

Analytical procedures are involved in evaluation of financial statements information by a

study of relationships among financial and non-financial information. A basic premise
underlying the application of analytical procedures is that logical or plausible relationship
among data may be expected to exist and continue in the absence of conditions to the contrary.
Therefore the auditor can use these relationships to obtain evidence of the financial statements
amounts. A simple analytical procedure is to compare revenue and expenses amounts for the
current year to those of prior periods noting any significant differences. Essentially, the
process of performing analytical procedures consists of four steps.

 Develop an expectation of account balance or ratio

 To determine the amount of difference from expectation that can be accepted without
investigation
 Comparison of company’s account balances or ratios with the expected.
 Investigate and evaluate significant ratio differences from the expectation

135
1. Developing an expectation.

A variety of types of information are available to the auditor to develop an expectation for
analytical procedures including;

 Financial information for comparable priority periods.

 Anticipated results such as budgets and forecasts.
 Relationships among elements of financial information within a period e.g. level of
debtors and credit sales.
 Information derived from similar firms in the same industry e.g. industry wage average.
 Relationships between financial and non-financial data e.g. wage expenses and a
number of employees. In establishing these relationships, the auditor may use shillings
amount, physical quantities ratios or percentages.

To increase the precision of the analytical procedures, separate relationships may be computed
for each department or product line. Industrial averages provide a potentially rich source of
information in developing expectation for analytical procedures, since industry statistics may
alert auditors to classification error, improper application of accounting principles or other
miss-statements in specific items in client’s financial statements. However there may be
problems of lack of comparability among companies and inability to obtain current industry
data.

Methods of developing expectation on account balances and ratios

a) Trend analysis. This includes review of changes in an account balance over time e.g.
review of clients sales for the past six years may reveal a growth rate of 5%. This
information could assist auditor in developing an expectation of sales for the current
year.
b) Ratio analysis. This involves comparison of relationships between two or more
financial statement account balances or comparisons of an account balance to non-
financial data e.g. revenue per sale order. The typical financial ratios are liquidity,
profitability, leverage and activity ratios.

Because ratio analysis involves examination relationships between two or more variables and
may involve industrial data, it is often a richer analysis than trend analysis. There are two
basic approaches to ratio analysis;

 Horizontal analysis. This involves review of client’s ratios and trends over time
 Cross sectional analysis. This involves comparisons of ratios of similar firms at a given
point in time.

2. The amount of acceptable difference.

The amount of acceptable difference between the expectation and the financial statements

136
balance that can be accepted without investigation is determined primarily by the amount that
is considered to be a material misstatement However; this amount must be consistent with the
degree of assurance from the procedure. When trend or ratio analysis is used, the auditor
typically uses professional judgment to specify an absolute amount of difference or percentage
difference that will result into investigation.

3. Comparison of the account balance or ratio with the expected balance or ratio.
Once the auditor has determined the expectation and amount of acceptable difference, he
makes the actual comparison to determine where significant difference lies.

4. Investigation and evaluation of significant differences.

The auditor must investigate any significant differences and his expectation and the client’s
financial statements balance or ratio to determine whether they represent misstatements. This
involves reconsidering the methods and factors used in developing the expectation. Inquiry to
management can be useful in this regard. Management explanations however must be ordinary
be supported with other audit evidence. If the explanations are not tallying with other audit
evidence, the editor will often be required to expand his tests of related financial amounts to
determine whether or not they are materially misstated.

Timing of analytical procedures

ISAs require the application of analytical procedures at the planning and overall review stages
of the audit. The auditor may also decide to use them during the audit on substantive tests to
provide evidence as to the reasonableness of specific account balances. Analytical procedures
performed in planning the audit are used to determine the nature, timing and extent of audit
procedures that will be used to obtain evidence about specific accounts. They are also used in
understanding the client’s business at the planning stage.

Analytical procedures must be used as part of the overall review stage of an audit to assist the
auditor in assessing the adequacy of the evidence gathered and the validity of conclusions
reached. At the final review stage of an audit, the analytical procedures generally include
reviewing the financial statements and re-computing ratios if necessary to identify any unusual
or unexpected balance or that have not been previously identified and explained.

Where the auditors are not required to use analytical procedure as substantive tests, they are
usually most efficient tests of certain assertions .e.g. performing analytical procedures is the
most efficient way to evaluate competence of various revenue and expense accounts.

Extent of analytical procedures

Auditors must consider cost and likely effectiveness of analytical procedures in determining
how much they may be used for a particular audit. A primary measure of the effectiveness of
analytical procedures is its precision. Precision depends on a number of factors including the
predictability of the relationship, the techniques used to develop the expectation and the
reliability of the underlying data used. Monthly data is more precise than yearly data.

137
Management representations ISA580

a) Oral representations.

Throughout an audit the auditors ask many questions to the officials and employees of Client
Company. Oral inquiries are made on an endless range of topics from the location of records
and document, reasons for unusual account procedures and probability of collecting overdue
accounts receivable. In making inquiries, the auditor should consider the knowledge,
objectivity, experience, responsibility and qualifications of individuals being questioned and
use carefully structured questions to address relevant issues. Client replies should be carefully
evaluated as appropriate and followed up with additional questions.

Generally, oral client representations are not sufficient themselves but they may be useful in
disclosing situations that require investigation or in corroborating other forms of evidence e.g.
after making careful analysis of all accounts receivable, the auditor normally discusses with
the credit manager, the prospects of collecting specific accounts.

b) Written representations.

The auditor must also obtain written representations from the client in accordance with
provisions of ISA 580. At conclusion of the audit, the auditor obtains from the client a written
representation letter. This letter summarizes the most important oral representations made by
management during the audit. Many specific items are included in this representation letter
e.g. Management represents that all liabilities known to exist are reflected in the
financial statements. The representations generally fall into the following broad
categories;

 All accounting records, financial data and minutes of director’s meetings have been
made available to the auditor.
 The financial statements are complete and were prepared in conformity with generally
accepted accounting principles.
 Management believes that adjusting entries brought to the attention by the auditor and
not recorded are not material individually or collectively.
 All items requiring disclosures such as contingencies, illegal acts and related parties
transactions have been properly disclosed.

ISA 580 requires the auditor to obtain representations letter on every engagement and provide
suggestions as to its form, content and guidance on how it is to be used as audit evidence and
actions to be taken if client refuses to provide representations. These letters are dated as of the
date of the auditor’s report ordinarily the last day of field work and are usually signed by both
the client chief executive officer and the chief accountant. A client representations letter
should never be used as a substitute for performing other audit procedures. The financial
statements already constitute written representations by the client hence representation letter
does little more than assert that the original representations were correct.

138
Purposes of representations letter

 To remind the client’s directors of their primary responsibilities for the financial
statements.
 Documents in the audit working papers, client responses to the significant questions
asked by the auditor during the engagement.
 At times a representation letter may be the only evidence available in respect to
management future intentions e.g. whether a maturing debt is classified as a current or
long term liability will depend on whether management has both the ability and intent
to refinance the debt.

Management may be unwilling to sign letters of representation or pass minutes required by the
auditor. If management declines, the auditor should inform the management that he will
himself prepare a statement in writing setting out his understanding of any representations that
they have been made during the course of the audit and send this statements to management
with a request for confirmation that the auditor’s understanding of the representations is
correct.

If management disagrees with the auditor’s statement of representations, discussions should be

held to clarify the matters in doubt and if necessary a revised statement prepared and agreed.
Should management fail to reply, the auditor should follow up the matter to ensure the
position as set out in his statement is correct

In rare circumstances, the auditor may be completely unable to obtain written representations
which he requires e.g. because of the refusal by management to cooperate or because
management declines to give proper representations required on the ground of its own
uncertainty regarding that particular issue. In such circumstances, the auditor may have to
conclude that he has not received all information and explanations required and consequently
may need to consider qualification his audit report an ground of limitation in scope of the
audit.

AUDIT SAMPLING AND OTHER MEANS OF TEXTING

This International Standard on Auditing (ISA 530) applies when the auditor has decided to use
audit sampling in performing audit procedures. It deals with the auditor’s use of statistical and
non-statistical sampling when designing and selecting the audit sample, performing tests of
controls and tests of details, and evaluating the results from the sample.

Objective

The objective of the auditor, when using audit sampling, is to provide a reasonable basis for
the auditor to draw conclusions about the population from which the sample is selected.

Definitions

For purposes of the ISAs, the following terms have the meanings attributed below:

139
a) Audit sampling (sampling) – The application of audit procedures to less than 100% of
items within a population of audit relevance such that all sampling units have a chance of
selection in order to provide the auditor with a reasonable basis on which to draw
conclusions about the entire population.

b) Population – The entire set of data from which a sample is selected and about which the
auditor wishes to draw conclusions.

c) Sampling risk – The risk that the auditor’s conclusion based on a sample may be
different from the conclusion if the entire population were subjected to the same audit
procedure. Sampling risk can lead to two types of erroneous conclusions:
i. In the case of a test of controls, that controls are more effective than they actually
are, or in the case of a test of details, that a material misstatement does not exist
when in fact it does. The auditor is primarily concerned with this type of erroneous
conclusion because it affects audit effectiveness and is more likely to lead to an
inappropriate audit opinion.
ii. In the case of a test of controls, that controls are less effective than they actually
are, or in the case of a test of details, that a material misstatement ISA 500, “Audit
Evidence.” exists when in fact it does not. This type of erroneous conclusion
affects audit efficiency as it would usually lead to additional work to establish that
initial conclusions were incorrect.

d) Non-sampling risk – The risk that the auditor reaches an erroneous conclusion for any
reason not related to sampling risk.

e) Anomaly – A misstatement or deviation that is demonstrably not representative of

misstatements or deviations in a population.

f) Sampling unit – The individual items constituting a population.

g) Statistical sampling – An approach to sampling that has the following characteristics:

i. Random selection of the sample items; and
ii. The use of probability theory to evaluate sample results, including measurement
of sampling risk.

A sampling approach that does not have characteristics (i) and (ii) is considered non-
statistical sampling

h) Stratification – The process of dividing a population into sub-populations, each of which

is a group of sampling units which have similar characteristics (often monetary value).

i) Tolerable misstatement – A monetary amount set by the auditor in respect of which the
auditor seeks to obtain an appropriate level of assurance that the monetary amount set by
the auditor is not exceeded by the actual misstatement in the population.

140
 j) Tolerable rate of deviation – A rate of deviation from prescribed internal control
procedures set by the auditor in respect of which the auditor seeks to obtain an
appropriate level of assurance that the rate of deviation set by the auditor is not exceeded
by the actual rate of deviation in the population.

Reasons for sampling

i. A complete check for all transactions and balances a business is no longer possible
owing to the numerous numbers of transactions.
ii. Time factor. Examining all the transactions will take a lot of time. The cost of doing
this will be prohibitive because audit fees are largely based on amount of time spent on
assignment. Also a complete check will take so long that the accounts will be ancient
history before users saw them.
iii. The objective of an audit is to express an opinion as to whether the financial statements
show a true and a fair view. It is possible for the auditor to obtain the assurance without
examining all transactions. The use of sampling with properly set out objectives and properly
constructed tests allows more valid conclusions to be reached than when many transactions as
possible are tested. This is because detailed testing is done on a sample.
iv. A complete check would bore the audit staff so much that their work would become
ineffective and errors would remain unidentified.

Cases where sampling is inappropriate

i. When population is small, statistical sampling will create an unacceptable margin of

error. If the population is not sufficiently large, then statistical methods are invalid.
Instances where transactions or balances are small in number but material in relation to
financial statements e.g. directors fees should never be sampled and any transactions
involving a large capital expenditures.
ii. Any situation where the auditor is put on high alert a result of earlier tests or
information is received indicating material fraud in a certain accounting areas.
iii. For statutory disclosure items such as director’s salaries, a full audit check is desirable
because materiality consideration does not apply in this case.
iv. Where population is not homogenous and requires stratification, it is not possible to
select a representative sample.
v. When the population has not been maintained in a manner suitable for audit sampling
e.g. if sales invoices are filed according to customer name as opposed to a numerical
order.

Stages in audit sampling

a) Planning the sample

When planning how to carry out sampling, the auditor considers the following:

141
 i. Objectives of tests and combinations of audit procedures which are likely to achieve the
objectives e.g. objective to verify compliance of the debtors balances.
ii. The population and sampling units should be appropriate to the objectives of sampling
e.g. if auditors objective is to test overstatement of debtors, an appropriate population
would be a list of total debtors.
iii. Definition of errors is substantive testing and deviation in compliance testing. Before
performing testing on a chosen sample, the auditor should define clearly test results and
conditions that will be considered errors or deviations by reference to audit objective.
For substantive testing, the auditor should project errors found in the sample to
population and consider the effect of projected errors on a particular test objective.

b) Determination of sample size.

The auditor needs to determine the appropriate size of the sample on which audit procedures
will be applied. Sample size is determined by;

i. The tolerable error. The larger the tolerable error, the smaller the sample size
required for a given test.
ii. Auditor’s assessment of the inherent risk. The higher the assessment of inherent
risk, the larger the sample size is required. Higher inherent risk implies that there is
a greater risk of an account balance being misstated and this may be reduced by
testing a larger sample.
iii. Auditor’s assessment of control risk. A higher control risk implies that little reliance
can be placed on effectiveness of operations of internal controls and the sample size
needs to be increased.
iv. Auditor’s required confidence level. The greater the degree of confidence level the
auditor requires, the larger the sample size needs to be so that the results of the
sample are in fact representative of the actual amount of error in the population.

c) Selecting items to be tested.

The sample selected should be a true representative of the population so that the auditor can
draw conclusions about the entire population. All sampling units should have an equal chance
of being selected. Common sampling methods are;

i. Random sampling. This is done by use of random number tables or use computers to
select sampling units
ii. Systematic selection. In this type of sampling, units in the population are divided by the
sample size to give sampling intervals e.g. if the population to be sample has 600 items
and sample size is 50, the sampling interval will be 12. One of the first 12 items will be
selected as the starting point and thereafter, every twelfth item will be selected i.e. if the
first item selected is third item, every 15th, 27 th, 39 th and so on items will be picked.
However, the auditor needs to determine that sampling units within the population are
not structured in a way that sampling intervals corresponds to a particular pattern in the
population.
iii. Haphazard selection. The auditor selects a sample without following structured
techniques. The auditor should avoid conscious bias and predictability in selecting

142
 items in attempt to ensure that all items in the population have a chance of being
selected. This technique is not suitable for statistical sampling.
iv. Block selection. This involves selecting a group of continuous items within the
population e.g. all sales transactions for August. Block sampling cannot be ordinarily
used in audit sampling because most populations are structured such that items in a
sequence can be expected to have similar characteristics therefore the sample selected
may not be representative of the population.

d) Testing.

After selecting the sample items the auditor should carry out the predetermined test on each
item.

e) Evaluating results of the test.

The following procedures should be followed.

i. The auditor should estimate the expected error or deviation rate in the whole population
by projecting the results of the sample to the population. This is then compared with
the tolerable error.
ii. The auditor should assess the risk of an incorrect conclusion. In general, expected error
is rarely a precise measure of the actual error in the population. Actual error may be
greater or smaller than projected error. The auditor most therefore consider on the basis
of his sample results and relevant evidence from other sources, the possible levels
which actual error or deviation might take.

Main approaches to audit sampling

a) Judgmental sampling
This is also called non-statistical sampling. It involves using experience and knowledge of
client’s business and circumstances to select and taste a sample without using any
mathematical of or statistical tools. The auditor does not rely on probability theory and uses
judgment in making sampling decisions.

Advantages of judgmental sampling

i. It is well understood and refined by experience
ii. Opportunity to use expertise and knowledge in selecting sample units i.e. no special
knowledge and statistics is required. The auditor simply uses his judgment in making
sampling deacons
iii. No time is wasted on the mechanics of statistical tools. The time which could have been
spent on constructing sample and computing mathematical implications of results
obtained is spent on auditing sample units.

Disadvantages of judgmental sampling

i. Unscientific. The approach does not form a strong basis of defense. It is difficult to

143
 justify why the auditor selected some items and left out others.
ii. Wasteful as large simples need to be selected. This is because in effort to reduce the
sampling risk, the auditor attempts to select as many items as possible as opposed to
statistical sampling where sample size is determined using probability theory.
iii. Samples may not be representative of the population and thus results cannot be
projected to the population.
iv. There is danger of personal bias in selecting samples.

b) Statistical sampling.
This involves two steps;
i. Use of random selection to pick a sample.
ii. Use of probability theory to determine the sample size, evaluate quantitatively the
sample results and measure sampling risk. Statistical sampling differs from non-
statistical sampling in that the auditor uses probability theory to measure the
sampling risk and evaluate the sample results.

Advantages of statistical sampling

i. It is scientific and defensible. The auditor can justify the items selected because
these are selected randomly.
ii. Elimination of personal bias. The sample selected is unbiased which increases
reliability of audit evidence.
iii. Small samples are selected which improve the efficiency of the exercise. This is
because probability theory helps determine a precise sample size.

Disadvantages of statistical sampling

i. It is difficult to extract samples especially if documents are not sequentially

numbered.
ii. The need to follow a predetermined statistical report may reduce initiative and the
need to apply judgment by the auditor.
iii. The result may be misunderstood if audit staff is not properly trained on use of the
techniques.
iv. It may not be suitable for all applications. Probability theory works best for large
populations and therefore cannot be applied for small populations.
v. It is expensive because extensive staff training is required and the use of
information technology.

Factors considered before adopting statistical sampling

i. The number of clients to whom a technique as appropriate. This is because the set
up and training costs are high.
ii. Whether large population exists. Statistics is the science of large numbers. Where
organizations are small with few transactions, a statistical approach is inappropriate.
iii. Adequate controls must exist where they are no controls it is impossible to use
statistical techniques because of increased statistical errors
iv. The population being tested must be homogenous.

144
 v. Sampling units must be separately identifiable and therefore sequential numbering
is essential.
vi. The expectation of the error must be low i.e. the internal control system of
organization must be reliable.
vii. The risk factors. The level of risk allowable and the degree of risk attached to an
item being tested must be considered.

Qualities of a good sample

i. It should be representative of the population. The sample should be representative of
the differing items in the whole population.
ii. The size of the sample should be appropriate given the various risk considerations
i.e. where the expected error is high, a large sample is chosen.
iii. Unpredictable. The client should not be able to know in advance which items will
be examined.

Sampling methods
1. Estimation sampling for variables.
2. Estimation sampling for attributes.
3. Acceptance sampling.
4. Discovery sampling

1. Estimation sampling for variables

This method seeks the estimate the total value of some population e.g. total value of debtors,
stock or loose tools. The procedure is to extrapolate estimate or form an opinion using the
facts that are valid for one situation (sample) supposing that they will be valid in the new
situation. This estimate can be compared with the book value and if any difference is within
the materiality limits pre-established, the auditor has evidence for the book value of the item.

2. Estimation sampling for attributes

This method seeks to estimate the proportion of a population having particular characteristic
e.g. overdue debts or damaged inventory.

3. Acceptance sampling

This method seeks to discover the error rate in a population to determine a maximum error
rate.
Its uses include;
i. Whether a control can be relied upon. If noncompliance is greater than the
acceptable rate, the control will not be relied upon and other audit tests will have to
be applied.
ii. Used to test whether stock calculation can be relied upon. If the error rate is greater
than some acceptable proportion, the auditor will have to request the client to redo
the calculations.

145
 4. Discovery sampling

This method extends acceptance sampling to an acceptance level of zero. E.g. a system with
controls exists in an investment trust company to ensure that all bonus issues are recorded.
Even if one bonus has not been recorded, the auditor will be unable to accept the controls and
will have to seek other evidence. This method requires a large sample. A form of discovery
sampling is monetary unit sampling.

Monetary unit sampling

Monetary unit sampling is appropriate for use with large variance population e.g. debtors or
stock where individual units have widely different sizes or values. This method is suited to a
population where errors are not expected and it implicitly takes into account the auditor’s
concept of materiality.

Procedure of monetary unit sampling

i. Determine the sample size taking into account the size of the population and the
minimum acceptable error rate.
ii. List the items of population e.g. list of debtors could be as

Debtor Amount (Sh) Cumulative

amount
TMK& Co. 500 500
AQ & Sons 20 520
T Ltd 1,450 1,970
W Co. 4,420 6,390
: :
240,000
Total 240,000
iii. Assume that the total numbers of debtors is 1500. If sample size chosen is 100
items, then a random start of say Shs 1000 can be chosen and every Shs 2100th item
thereafter i.e. using systematic sampling with random start. The idea is that the
population of debtors is not 1500 but Shs 240000 with single units of Shs 1.
Therefore, we chose to sample to be picked from the cumulative shillings amount.
iv. At the end of the process, evaluate the result which might be a conclusion that the
auditor is 95% confident that the debtors are overstated by more than Shs. X where
X is the materiality factor chosen.
v. If the conclusion is that the auditor finds that the debtors are overstated by more
than Shs X, then he may take a large sample or investigate the debtors fully.

Disadvantages of monetary unit sampling

i. Does not cope easily with errors of understatement. A debtors balance which is
understated will have a smaller chance of being selected than if it was correctly

146
 valued hence there is a reduced chance of selecting that balance and discovering the
error.
ii. It can be difficult to select samples where a computer cannot be used e.g. where the
accounting system of an organization is manual. Manual selection will involve
adding items cumulatively through the entire population which is very tiring.
iii. It is not possible to extend a sample if the error rate turns out to be higher than the
expected error. In such cases an entirely new sample must be selected and
evaluated.
iv. Monetary unit sampling is useful especially in testing for overstatements where
significant understatements are not expected i.e. when dealing with debtors, fixed
assets and stock it is clearly not suitable for testing creditors where understatement
is the primary characteristic to be tested.

AUDIT TESTING

Types of Audit Tests

1. Risk Assessment Procedures
2. Test of Controls
3. Substantive Tests of Transactions
4. Analytical Procedures
5. Tests of Details of Balances

Risk Assessment Procedures

Collectively, procedures performed to obtain an understanding of the entity and its

environment, including internal controls, represent the auditor's risk assessment procedures;
Performed to assess the risk of material misstatement in the financial statements; a major part
of the auditor's risk assessment procedures are done to obtain an understanding of internal
control

Tests of Controls

The auditor's understanding of internal controls is used to assess control risk for each
transaction-related audit objective;

Two Types of Evidence for Tests of Controls

a. Inquiries of appropriate client personnel

b. Examining documents, records, and reports

Substantive Tests of Transactions

Substantive Tests are procedures designed to test for dollar misstatements that directly affect
the correctness of financial statement balances; Substantive tests of transactions are used to
determine whether all six transaction related audit objectives have been satisfied for each class
of transactions

147
Two types of Evidence for Substantive Tests of Transactions
a. Verifying the recording and summarizing of sales and cash receipts transactions
b. Making sure recorded sales transactions exist and existing sales are recorded
Analytical Procedures

Analytical Procedures

Comparisons of recorded amounts to expectations developed by the auditor; must be done

during planning and completing the audit; two most important purposes of analytical
procedures in the audit of account balances are to indicate possible misstatements and provide
substantive evidence.

Two types of Evidence for Analytical Procedures

a. Calculating the gross margin in the completing and planning phases
b. Predicting the ending balance and comparing the recorded balance to the prediction

Tests of Details of Balances

Focus on the ending general ledger balances for both balance sheet and income statement
accounts; emphasis is mostly on the balance sheet; help establish the monetary correctness of
the accounts they relate to and therefore are substantive test; the extent of these tests depends
on the results of tests of controls, substantive tests of transactions, and substantive analytical
procedures

Two Types of Evidence for Tests of Details of Balances

a. Confirmation of customer balances for accounts receivable
b. Physical examination of inventory

AUDIT OF SPECIFIC ITEMS

AUDIT PROCEDURES FOR TANGIBLE NON-CURRENT ASSETS

Tangible non-current assets, is a key area of the statement of financial position. Key areas
when testing tangible non-current assets are:
i. Confirmation of ownership
ii. Inspection of non-current assets
iii. - Valuation by third parties
iv. Adequacy of depreciation rates

Assertion: Completeness

 Obtain or prepare a summary of tangible non-current assets showing how:

 Gross book value

148
  Accumulated depreciation
 Net book value reconcile with the opening position.
 Compare non-current assets in the general ledger with the non-current assets register
and obtain explanations for differences.
 For a sample of assets which physically exist agree that they are recorded in the non-
current asset register.
 If a non-current asset register is not kept, obtain a schedule showing the original costs
and present depreciated value of major non-current assets.
 Reconcile the schedule of non-current assets with the general ledger.

Existence

 Confirm that the company physically inspects all items in the non-current asset register
each year.
 Inspect assets, concentrating on high value items and additions in-year.
 Confirm that items inspected:
 Exist
 Are in use
 Are good condition
 Have correct serial numbers
 Review records of income-yielding assets.
 Reconcile opening and closing vehicles by numbers as well as amounts.

Valuation

 Verify valuation to valuation certificate.

 Consider reasonableness of valuation, reviewing:
 Experience of valuer
 Scope of work
 Methods and assumptions used
 Valuation bases are in line with accounting standards
 Reperform calculation of revaluation surplus.
 Confirm whether valuations of all assets that have been revalued have been updated
regularly (lull valuation every five years and an interim valuation in year three
generally) by inquiries of Finance Director and inspection of previous financial
statements.
 Inspect draft accounts to check that client has recognised in the statement of
comprehensive income revaluation losses unless there is a credit balance in respect of
that asset in equity, in which case it should be debited to equity to cancel the credit. All
revaluation gains should be credited to equity.
 Review depreciation rates applied in relation to:
 Asset lives
 Residual values
 Replacement policy
 Past experience of gains and losses on disposal

149
  Consistency with prior years and accounting policy
 Possible obsolescence
 Review non-current assets register to ensure that depreciation has been charged on all
assets with a limited useful life.
 For revalued assets, ensure that the charge for depreciation is based on the revalued
amount by recalculating it for a sample of revalued assets.
 Reperform calculation of depreciation rates to ensure it is correct.
 "Compare ratios of depreciation to non-current assets (by category) with:
 Previous years
 Depreciation policy rates
 Scrutinise draft accounts to ensure that depreciation policies and rates are disclosed in
the accounts.
 Review insurance policies in force for all categories of tangible non-current assets and
consider the adequacy of their insured values and check expiry dates.

Rights and obligations

- Verify title to land and buildings by inspection of:
• Title deeds
• Land registry certificates
• Leases
- Obtain a certificate from solicitors/bankers:
• Stating purpose for which the deeds are being held (custody only)

• Stating deeds are free from mortgage or lien.

- Inspect registration documents for vehicles held, confirming that they are in client's
name.
- Confirm all vehicles are used for the client's business.
- Examine documents of title for other assets (including purchase invoices, architects'
certificates, contracts, hire purchase or lease agreements).
- Review for evidence of charges in statutory books and by company search.
- Review leases of leasehold properties to ensure that company has fulfilled covenants
therein.
- Examine invoices, received after year-end, orders and minutes for evidence of capital
commitments

Additions

These tests are to confirm rights and obligations, valuation and completeness.
- Verify additions by inspection of architects' certificates, solicitors' completion
statements, suppliers' invoices etc.
- Review capitalisation of expenditure by examining for non-current assets additions and
items in relevant expense categories (repairs, motor expenses, sundry expenses) to
ensure that:
- Capital/revenue distinction is correctly drawn
- Capitalisation is in line with consistently applied company policy
- Inspect non-current asset accounts for a sample of purchases to ensure they have been

150
 properly allocated.
- Check purchases have been authorised by directors/senior management by reviewing
board minutes.
- Ensure that appropriate claims have been made for grants, and grants received and
receivable have been received, by inspecting claims documentations and bank
statements.
- Check additions have been recorded by scrutinising the non-current asset register and
general ledger.

Self constructed assets

These tests are to confirm valuation and completeness.

- Verify material and labour costs and overheads to invoices, wage records etc.
- Ensure expenditure has been analysed correctly and properly charged to capital.
- Expenditure should be capitalised if it:
• Enhances the economic benefits of the asset in excess of its previously assessed
standard of performance
• Replaces or restores a component of the asset that has been treated separately for
depreciation purposes, and depreciated over its useful economic life

• Relates to a major inspection or overhaul that restores the economic benefits of

the asset that have been consumed by the entity, and have already been reflected
in depreciation

- Review costs to ensure that no profit element has been included.

- Review accounts to ensure that finance costs have been capitalised or not capitalised on
a consistent basis, and costs capitalised in period do not exceed total finance costs for
period.

Disposal

These tests are to confirm rights and Obligations, completeness, occurrence and accuracy.
- Verify disposals with supporting documentation,, checking transfer of title, sales
price and dates of completion and payment.
- Recalculate profit or loss on disposal.
- Check that disposals have been authorised by reviewing board’s minutes.
- Consider whether proceeds are reasonable.
- If the asset was used as security, ensure release from security has been correctly
made.

Classification and understandability

- Review non-current asset disclosures in-the financial statements to ensure they meet
lAS 16 criteria.
- For a sample of fully depreciated assets, inspect the register to ensure no further

151
 depreciation is Charged.
- Inspect draft accounts to ensure that depreciation policies and rates are correctly
disclosed

AUDIT PROCEDURE FOR INTANGIBLE NON-CURRENT ASSETS

Key assertions for intangible non-current assets are existence and valuation.
The key assertions relating to intangible are existence (not so much 'do they exist`?', hut, are
they genuinely assets?) and valuation.

AUDIT PLAN

Goodwill
- Agree the consideration to sales agreement by inspection.
- Consider whether asset valuation is reasonable.
- Agree that the calculation is correct by recalculation.
- Review the impairment review and discuss with management.

- Ensure valuation of goodwill is reasonable/there has been no impairment not adjusted

through discussion with management.

Research and development costs

- Confirm that capitalised development costs conform to lAS 38 criteria by inspecting
details of projects and discussions with technical managers.
- Confirm feasibility and viability by inspection of budgets.
- Recalculate amortisation calculation, to ensure it commences with production/is
reasonable. Inspect invoices to verify expenditure incurred on R&D projects:

Other intangible assets

- Agree purchased intangibles to purchase documentation agreement by inspection.
- Inspect specialist valuation of intangibles and ensure it is reasonable.
- Review amortisation calculations and ensure they are correct by recalculation.

AUDIT OF RECEIVABLES

Receivables are usually audited using a combination of tests of detail and analytical
procedures.
The audit of receivables is important as this is likely to be a material area: A combination of
analytical procedures and tests of detail are used, with sales also being tested in conjunction
with trade receivables.

The following assertions apply:

152
Assertions about classes of transactions

- Occurrence: All sales transactions recorded have occurred and relate to the entity
- Completeness: All sales transactions that should have been recorded have been
recorded
- Accuracy: Amounts relating to transactions have been recorded appropriately
- Cut-off: All transactions have been recorded in the correct period
- Classification: All transactions are recorded properly

Assertions about account balances at the period-end

- Existence: Recorded receivables exist

- Rights and obligations: The entity controls the rights to receivables and related
accounts
- Completeness: All receivables that should have been recorded have been recorded
- Valuation and allocation: Receivables are included in the accounts at the correct
amounts

Assertions about presentation and disclosure

- Occurrence, rights and obligations: All disclosed events and transactions relating to
receivables have occurred and pertain to the entity
- Completeness: All disclosures required have been included
- classification and understandability: Financial information is appropriately presented
and described and I disclosures clearly expressed
- Accuracy and valuation: Financial and other information is disclosed fairly and at
appropriate amounts

Audit procedures for receivables

Existence, completeness and valuation are key assertions relating to the audit of receivables.
Audit procedures for receivables are set out in the table below. This covers the audit of sales
and prepayments as well as trade receivables. Receivables are often tested in conjunction with
sales. The key assertions for sales are occurrence, completeness and accuracy.

Completeness

- Agree the balance from the individual sales ledger accounts to the aged receivables'
listing and vice versa.
- Match the total of the aged receivables' listing to the sales ledger control account.
- Cast and cross cast the aged trial balance before selecting any samples to test.
- Trace a sample of shipping documentation to sales invoices and into the sales and
receivables' ledger.
- Complete the disclosure checklist to ensure that all the disclosures relevant to

153
 receivables have been made
- Compare the gross profit percent by product line with the previous year and industry
data.
- Compare the level of prepayments to the previous year to ensure the figure is materially
correct and complete.

Existence

- Perform a receivables' circularisation on a sample of year-end trade receivables

- Follow up all balance disagreements and non-replies to the receivables' confirmation,
- Perform alternative procedures for any exceptions and non-replies to the receivables
confirmation, such as:
- Review after-date cash receipts by inspecting bank statements and cash receipts
documentation.
- Examine the customer's account and .customer correspondence to assess whether the
balance outstanding represents specific invoices and confirm their validity.
- Examine the underlying documentation (purchase order, dispatch documentation,
duplicate sales invoice etc).
- Inquire from management explanations for invoices remaining unpaid after subsequent
ones have been paid.
- Observe whether the balance on the account is growing and if so, find out why by
discussing with management.

Rights and obligations

- Review bank confirmation for any liens on receivables.

- Make inquiries of management, review loan agreements and review board minutes for
any evidence of receivables being sold (e.g. to factors).

Valuation and allocation

- Compare receivables' turnover and receivables' days to the previous year and/or to
industry data.
- Compare the aged analysis of receivables from the aged trial balance
- Review the adequacy of the allowance for uncollectable accounts through discussion
with management.
- Compare the bad debt expense as a percent of sales to the previously and/or to industry
data
- Compare the allowance for uncollectable accounts as a percent of receivables or credit
sales to the previous year and/or to industry
- Examine large customer accounts individually and compare to the previous year's
balances.
- For a sample of old debts on the aged trial balance, obtain further information regarding
their recoverability by discussions with management and review of customer
correspondence.
- For a sample of prepayments from the prepayments' listing, recalculate the amount

154
 prepaid to ensure that it has been accrual calculated.

Cut off
- For a sample of sales invoices around the year-end, inspect the dates and compare with-
the dates of dispatch and the dates recorded in ledger for application of correct cut-off.
- For sales returns, select a sample of returns documentation around the year-end and
trace to the related credit entries.
- Perform analytical procedures on sales returns, comparing the ratio of sales returns to
sales. Review material after-date invoices, credit notes and adjustments' ensure that
they are recorded correctly in the relevant financial period

Classification
Take a sample of sales invokes and examine for proper classification into revenue accounts

Accuracy
- For a sample of sales invoices, compare the prices and terms to the authorised price list
and terms of trade documentation
- Test whether discounts have been properly applied by recalculating them for a sample
of invoices
- Test the correct calculation of tax on a sample of invoices

Occurrence
For a sample of sales transactions recorded in the ledger, vouch the sales invoice back to
customer orders and dispatch documentation.

Occurrence and rights and obligations

Determine, through discussion with management, whether any receivables have been pledged,
assigned or discounted and whether such items require disclosure in the financial statements.

Classification and understandability

- Review the aged analysis of receivables for any large credits, non-trade receivables and
long-term receivables and consider whether such items require separate disclosure.
- Read the disclosure notes relevant to receivables in the draft finance' statements and
review for understandability

Accuracy and valuation

Read the disclosure notes to ensure the information is accurate and properly presented at the
appropriate amounts.

THE RECEIVABLES CONFIRMATION

A confirmation of receivables is a major procedure, usually achieved by direct contact with

customers.
Receivables are usually audited using a combination of tests of detail and analytical
procedures. Existence, completeness and valuation are key assertions relating to the audit of

155
receivables.
A confirmation of receivables is a major procedure, usually achieved by direct contact with
customer. There are two methods of confirmation: positive and negative.

Objectives of confirmation
Part of ISA 505 External Confirmation states that, when it is reasonable to expect customers to
respond, the auditors should ordinarily plan to obtain direct confirmation of receivables to
individual entries in an account balance.

The verification of trade receivables by direct confirmation is therefore the normal means of
providing audit evidence to -satisfy the objective of checking whether customers exist and
owe bona fide amounts to the company (existence and rights and obligations).

Confirmation will produce for the current audit file a written statement from each respondent
that the amount owed at the date of the confirmation is correct. This is, prima facie, reliable
audit evidence, being from an independent source and in documentary form. The confirmation
of receivables on a test basis should not be regarded as replacing other normal audit tests, such
as the testing in-depth of sales transactions, but the results may influence the scope of such
tests.

Timing of confirmation
Ideally the confirmation should take place immediately after the year-end and hence cover the
year-end balances to be included in the balance sheet. However, time constraints may make it
impossible to achieve this ideal.

In these circumstances it may be acceptable to carry out the confirmation prior to the year-end
provided that confirmation is no more than three months before, the year-end and internal
controls are strong.

Client's mandate
Confirmation is essentially an act of the client, who alone can authorise third parties to divulge
information to the auditors.

The ISA outlines what the auditors' response should be when management refuses permission
for the auditors to contact third parties for evidence. Note that this applies to all such external
confirmations, not just trade receivables' circularisations.

If management asks the auditor not to seek the confirmation, the auditor should consider if
there are valid grounds for the request and obtain evidence to support this. If the auditor-
agrees not to seek external confirmations, other procedures should be carried out to obtain
'sufficient appropriate audit evidence. If the auditor does not accept the validity of
management's request and is prevented from undertaking the confirmations, this may impact
on the auditor's report.

Positive v negative confirmation

When confirmation is undertaken the method of requesting information from the customer

156
may be either positive or negative.

Under the positive method the customer is requested to confirm the accuracy of the balance
shown or state in., what respect he is in disagreement..
Under the negative method the customer is requested to reply only if the amount stated is
disputed.

The positive method is generally preferable as it is designed to encourage definite replies from
those contacted.

The negative method may be used if the client has good internal controls, with a large number
of small accounts. In some circumstances, say where there are a small number of large
accounts and a large number of small accounts, a combination of both methods may be
appropriate.

The statements will normally be prepared by the client's staff, from which point the auditors,
as a safeguard against the possibility of fraudulent manipulation, must maintain strict control
over the preparation and dispatch of the statements.

Sample Selection
Auditors will normally only contact a sample of accounts receivable. If this sample is to yield
a meaningful result, it must be based upon a complete list of all accounts receivable. In
addition, when constructing the sample, the following classes of account should receive
special attention:
- Old unpaid accounts
- Accounts written off during the period under review
- Accounts with credit balances
- Accounts settled by -round sum payments
- Accounts with nil balances
- Accounts which have been paid by the date of the examination

Follow-up procedures
Auditors will have to carry out further work in relation to those receivable who:
- Positive and negative confirmation - Disagree with the balance stated
- Negative confirmation — Do not respond
In the case of disagreements, the customer response should have identified specific amounts
which are disputed

Reasons for disagreement

There is a dispute between the client and the customer. The reasons for the dispute would have
to be identified, and provision made if appropriate against the debt.
- Cut-off problems exist, because the client records the following year's sales in the
current year or because goods returned by the customer in the current year are not
recorded in the current year. Cut-off testing may have to be extended.
- The customer may have sent the monies before the year-end, but the monies were not

157
 recorded by the client as receipts until after the year-end. Detailed cut-off work maybe
required on_ receipts.
- Monies received may have been posted to the wrong account or a cash-in-transit
account.
- Auditors should check if there is evidence of other mis-posting. If the monies have been
posted to a cash-in-transit account, auditors should ensure this account has been cleared
promptly.
- Customers who-are also suppliers may net-off balances owed and owing. Auditors
should check that this is allowed.
- Teeming and lading, stealing monies and incorrectly posting other receipts so that no
particular customer is seriously in debt is a fraud that can arise in this area. If auditors
suspect teeming and lading has occurred, detailed testing will be required on cash
receipts, particularly on prompt posting of cash receipts.

When the positive confirmation method is used the auditors must follow up by all practicable
means those receivables who fail to respond. Second requests should be sent out in the event
of no reply being received within two or three weeks and if necessary this may be followed by
telephoning the customer, with the client's permission.

After two, or even three, attempts to obtain confirmation, a list of the outstanding items will
normally be passed to a responsible company official, preferably independent of the sales
accounting department, who will arrange for them to be investigated

The receivables' confirmation provides good audit evidence of the existence of receivables,
but not necessarily of their valuation. Therefore, in a question on the audit of receivables,
remember to include other audit procedures such as analytical procedures.

AUDIT OF CASH AND BANK

'Cash' in the financial statements represents cash in-hand and cash on deposit in bank
accounts. Most accounting transactions pass through the cash account so cash is affected by all
of the entity's business processes, and is particularly impacted by the sales and purchases
processes. We consider the substantive audit testing applied to the year-end cash figure.

Audit objectives for cash

The following table demonstrates the audit objectives for cash balances and how these are
related to the financial statement assertions relevant to this account area. The audit procedures
described in the remainder of this chapter are undertaken to provide audit evidence to support
these financial statement assertions.

Financial statement assertion and the Audit objective

- Existence: Recorded cash balances exist at the period-end
- Completeness: Recorded cash balances include the effects of all transactions that have
occurred

158
 - Rights and obligations: The entity has legal title to all cash balances shown at the
period-end
- Valuation: Recorded cash balances are realisable at the amounts stated

Assertions relating to presentation and disclosure (classification and understandability,

occurrence and rights and obligations, accuracy and valuation, completeness) -
Disclosures relating to cash are adequate and in accordance with accounting standards
and legislation

BANK
Bank balances are usually confirmed directly with the bank in question.

Bank confirmation procedures

The audit of bank balances will need to cover completeness, existence, rights and obligations
and valuation. All of these assertions can be audited directly by obtaining third party
confirmations from the client's banks and reconciling these with the accounting records,
having regard to cut-off.

The audit objectives linking these assertions are as follows:

- existence: Recorded cash balances exist at the year-end completeness: Recorded cash
balances include the effects of all transactions that occurred
- cut-off: Year-end transfers are recorded in the correct period
- valuation and allocation: Recorded balances are realisable at the amounts stated
- rights and obligations: The entity has legal title to all cash balance shown at the year-
end

This type of audit evidence is valuable because it comes directly from an independent source
and; therefore, provides greater assurance of reliability than that obtained solely from the
client's own records.

The-bank letter is mentioned as a source of external third party evidence in ISA 505 .External
Confirmations and guidance to auditors is provided in ZAPS 1000 Inter-bank confirmation
procedures.

Confirmation requests
The bank confirmation letter can be used to ask a variety of questions, including queries about
outstanding interests, contingent liabilities and guarantees.

The auditors should decide from which bank or banks to request confirmation, having regard
to such matters as size of balance, volume of activity, degree of reliance on internal control,
and materiality within the context of the financial statements.
The auditors should determine which of the following approaches is the most appropriate in
seeking confirmation of balances or other information from the bank:
- Listing balances and other information, and requesting confirmation of their accuracy
and completeness, or
- Requesting details of balances and other information, which can then be compared with

159
 the requesting client's records
In determining which of the above approaches is the most appropriate, the auditors should
weigh the quality of audit evidence they require in the particular circumstances against the
practicality of obtaining a reply from the confirming bank.

Difficulty may be encountered in obtaining a satisfactory response even where the client
company submits information for confirmation to the confirming bank. It is important that a
response is sought for all confirmation requests. Auditors should not usually request a response
only if the information submitted is incorrect or incomplete.

Preparation and dispatch of requests and receipt of replies

Control over the content and dispatch of confirmation requests is the responsibility of the
auditors. However, it will be necessary for the request to be authorised by the client entity.
Replies should be returned directly to the auditors and to facilitate such a reply, a pre-
addressed envelope should be enclosed with the request.

Content of confirmation requests

The form and content of a confirmation request letter will depend on the purpose for which it
is required and on local practices.

The most commonly requested information is in respect of balances due to or from the client
entity on current, deposit, loan and other accounts. The request letter should provide the
account description number and the type of currency for the account.

It may also be advisable to request information about nil balances on accounts, and accounts
which were closed in the 12 months prior to the chosen confirmation date. The client entity
may ask for confirmation not only of the balances on accounts but also, where it may be
helpful, other information, such as the maturity and interest terms on loans and overdrafts,
unused facilities, lines of credit/standby facilities, any offset or other rights or encumbrances,
and details of any collateral given or received.

The client entity and its auditors are likely to request confirmation of contingent liabilities,
such as those arising on guarantees, comfort letter, bills and so on.
Banks often hold securities and other items in safe custody on behalf of customers. A request
letter may thus ask for confirmation of such items held by the bank.
The procedure is simple but important, and outlined below.
a. The banks will require explicit written authority from their client to disclose the
information requested.
b. The auditors' request must refer to the client's letter of authority and the date thereof.
c. Alternatively it may be countersigned by the client or it may be accompanied by a
specific letter of authority.
d. In the case of joint accounts, letters to authority signed by all parties will be necessary.
e. Such letters of authority may either give permission to the bank to disclose
information for a .specific request or grant permission for an indeterminate length of
time.
f. The request should reach the branch manager at least one month in advance of the

160
 client's year
g. The auditors should themselves check that the bank response covers all the
information in the standard and other responses.

Cut-off
Care must be taken to ensure that there is no window dressing, by auditing cut-off carefully.
Window dressing in this context is usually manifested as an attempt to overstate the liquidity
of the company by:
a. Keeping the cashbook open to take credit for remittances actually received after the
year-end, thus enhancing the balance at bank and reducing receivables
b. Recording cheques paid in the period under -review which are not actually dispatched
until after the year-cud, thus decreasing the balance at bank and reducing liabilities

A combination of (a) and (b) can contrive to present an artificially healthy looking current
ratio.
With the possibility of (a) above in mind, where lodgments have not been cleared by the bank
until the new period, the auditors should examine the paying-in slip to ensure that the amounts
were actually paid into the bank on or before the period-end date.

As regards (b) above, where there appears to be a particularly large number of outstanding
cheques at the year-end, the auditors should check whether these were cleared within a
reasonable time in the new period. If not, this may indicate that dispatch occurred after the
year-end.

AUDIT PLAN: BANK

(To confirm completeness, valuation, existence, cut-off and assertions related to disclosure)
- Obtain standard bank confirmations from each bank with which the client conducted
business during the audit period.
- Reperform arithmetic of bank reconciliation.
- Trace cheques shown as outstanding from the bank reconciliation to the cash book prior
to the year- 'end and to the after-date bank statements and obtain explanations for any
large or unusual items not cleared at the time of the audit.
- Compare cash book(s) and bank statements in detail for the last month of the year, and
check items outstanding at the reconciliation date to bank statements.
- Review bank reconciliation previous to the year-end bank reconciliation and check that,
all items are cleared in the last period or taken forward to the year-end bank
reconciliation.
- Obtain satisfactory explanations for all items in the cash book for which there are no
corresponding entries in the bank statement and vice versa by discussion with -finance
staff.
- Verify contra items appearing in the cash books or bank statements with original entry.
Verify by inspecting paying-in slips that uncleared bankings are paid in prior to the
year-end.
- Examine all lodgments in respect of which payment has been refused by the bank;
ensure that they are cleared on representation or that other appropriate steps have, been

161
 taken to effect recovery of the amount cue.
- Verify balances per the cash book according to the bank reconciliation by inspecting
cash book, bank statements and general ledger.
- Verify the bank balances with reply to standard bank letter and with the bank
statements. Inspect the cash book and bank statements before and after the year-end for
exceptional entries or transfers which have a material effect on the balance shown to be
in-hand.
- Identify whether any accounts are secured on the assets of the company by discussion
with management.
- Consider whether there is a legal right of set-off of overdrafts against positive bank
balances.
- Determine whether the bank accounts are subject to any restrictions by inquiries with
management.
- Review draft accounts to ensure that disclosures for bank are complete and accurate and
in accordance with accounting standards.

Remember that the bank confirmation letter contains the balance held by the client at the bank
per the bank's records. This must be reconciled to the balance held with the bank per the
client's records.

CASH
Cash balances should be verified if they are material or irregularities are suspected.
Cash balances/floats are often individually immaterial but they may require some audit
emphasis because of the opportunities for fraud that could exist where internal control is weak
and because they may be material in total.

However in enterprises such as hotels and retail organisations, the amount of cash-in-hand at
the period- end could be considerable. Cash counts may be important for internal auditors,
who have a role in fraud prevention.

Auditors will be concerned that the cash exists, is complete, and belongs to the company
(rights and obligations) and is stated at the correct value.

Where the auditors determine that cash balances are potentially material they may conduct a
cash count, ideally at the period-end. Rather like attendance at an inventory count, the conduct
of the count falls into three phases: planning, the count itself, and follow-up procedures.

Planning the cash count

Planning is an essential element, as it is important that all cash balances are counted at the
same time as far as possible. Cash in this context may include unbanked cheques received,
IOUs and credit card slips, in addition to notes and coins.

As part of their planning procedures the auditors will need to determine the locations where
cash is held and which of these locations warrant a count.
Planning decisions will need to be recorded on the current audit file including:
- The precise time of the count(s) and location(s)

162
 - The names of the audit staff conducting the counts
- The names of the client staff intending to be present at each location
- Where a location is not visited it may be appropriate to obtain a letter from the client
confirming the balance.

Cash count
The following matters apply to the count itself.
- All cash/petty cash books should be written up to date in ink (or other permanent form)
at the time of-the count.
- All balances must be counted at the same time.
- All negotiable securities must be available and counted at the time the cash balances are
counted.
- At no time should the auditors be left alone with the cash and negotiable securities.
- All cash and securities counted must be recorded on working papers subsequently filed
on the current audit file. Reconciliations should be prepared where applicable (for
example, petty cash float).

AUDIT PLAN: CASH COUNT

(To confirm completeness, valuation, existence and disclosure)
- Count cash balances held and agree to petty cash book or other record:
• Count all balances simultaneously
• All counting to be done in the presence of the individuals responsible
• Enquire into any IOUs or cashed cheques outstanding for -+a long period of
time

- Obtain certificates of cash-in-hand from responsible officials.

- Confirm that bank and cash balances as reconciled above are correctly stated in the
accounts.

Follow up
• Check certificates of cash-in-hand are obtained as appropriate.
• Verify unbanked cheques/cash receipts have subsequently been paid in and agree to the
bank reconciliation by inspection of the relevant documentation.
- Ensure IOUs and cheques cashed for employees have been reimbursed,.
- Check IOUs or cashed cheques outstanding for unreasonable periods of time have been
provided for.
- Verify the balances as counted are reflected in the accounts (subject to any agreed
amendments because of shortages and so on) by inspection of draft accounts.

Bank balances are usually confirmed directly with the bank in question.
The bank confirmation letter can be used to ask a variety of questions, including queries about
outstanding interests, contingent liabilities and guarantees.
Cash balances should be verified if they are material or irregularities are suspected.

AUDIT OF LIABILITIES AND CAPITAL

163
AUDIT PROCEDURES FOR TRADE PAYABLES AND-PURCHASES

Introduction
When auditing payables, the auditor must test for understatement (i.e. completeness). Rather
than circularising payables, it is more common to obtain audit evidence from suppliers'
statements.
The audit of provisions can be particularly complex due to the accounting treatment and the
degree of judgement involved in calculating the provision.

We examine the substantive audit of trade payables and accruals, long-term liabilities and
provisions and end with a brief look at capital. Purchases are often tested in conjunction with
the audit of trade payables and so are included in the section on trade payables. The following
sets out the financial statement assertions to which audit testing is directed.

Assertions about classes of transactions

- Occurrence: All purchase transactions recorded have occurred and relate to the entity
- Completeness: All purchase transactions that should have been recorded have been
recorded
- Accuracy: Amounts relating to transactions have been recorded appropriately
- Cut-off: Purchase transactions have been recorded in the correct period
- Classification: Purchase transactions are recorded properly in the accounts

Assertions about period —end account balances

- Existence: Trade payables and accrued expenses are valid liabilities
- Rights and obligations: Trade payables and accrued expenses are the obligations of
the entity
- Completeness: All liabilities have been recorded
- Valuation and allocation: All liabilities are included in the accounts at appropriate
amounts

Assertion about presentation and disclosure

- Occurrence and rights and obligations: Occurred and relate to the entity
- Completeness: All disclosures required have been included
- Classification and understandability: Financial information is appropriately
presented and described and disclosures clearly expressed
- Accuracy and valuation: Financial information is disclosed fairly and at appropriate
amounts

Audit procedures for trade payables and accruals

- The largest figure in current liabilities will normally be trade accounts payable which
are generally audited by comparison of supplier's statements with purchase ledger
accounts.

AUDIT PROCEDURES

164
As with accounts receivable, accounts payable are likely to be a material figure in the
statement of financial position of most enterprises.

Auditors should however be particularly aware, when conducting their work on the statement
of financial position, of the possibility of understatement of liabilities to improve liquidity and
profit (by understating the corresponding purchases). The primary objective of their work will
therefore be to ascertain whether liabilities existing at the year-end have been completely and
accurately recorded.

As regards trade accounts payable, this primary objective can be subdivided into two detailed
objectives is there a satisfactory cut-off between goods received and invoices received, so that
purchases and trade accounts payable are recognised in the correct year?
Do trade accounts payable represent the bona fide amounts due by the company?
Before we ascertain how the auditors design and conduct their tests with these objectives in
mind, we need to establish the importance of the list of balances.
The following table sets out audit procedures to test trade accounts payables and accruals.

AUDIT PLAN -ACCRUALS

Completeness
• Obtain a listing of trade accounts payables and agree the total to the general ledger by
casting and cross casting.
• Test for unrecorded liabilities by inquiries of management on how unrecorded liabilities
and accruals arc identified and examining post year-end transactions.
• Obtain selected suppliers' statements and reconcile these to the relevant suppliers'
accounts.
• Examine files of unmatched purchase orders and supplier invoices for any unrecorded
liabilities. Perform a confirmation. of accounts payables for a sample
• Complete the disclosure checklist to ensure that all the disclosures relevant to liabilities
have been made.
• Compare the current year balances for trade accounts payables and accruals to the
previous year.
• Compare the amounts owed to a sample of individual suppliers in the trade accounts
payables listing to amounts owed to these suppliers in the previous year.
• Compare the payables' turnover and payables' days to the previous year and industry
data.

Existence
• Vouch selected amounts from the trade accounts payables listing and accruals listing to
supporting documentation such as purchase orders and suppliers' invoices.
• Obtain selected suppliers' statements and reconcile these to the relevant suppliers'
accounts.
• Perform a confirmation of accounts payables for a sample.
• Perform analytical procedures comparing current year balances to the previous year to
confirm reasonableness, and also calculating payables' turnover and comparing to the

165
 previous year. Rights and obligations
• Vouch a sample of balances to supporting documentation such as purchase orders and
suppliers' invoices to obtain audit evidence regarding rights and obligations.

Valuation and allocation

• Trace selected samples from the trade accounts payables listing and accruals listing to
the supporting documentation (purchase orders, minutes authorising expenditure,
suppliers' invoices etc)
• Obtain selected suppliers' statements and reconcile these to the relevant suppliers'
accounts.
• For a sample of accruals, recalculate the amount of the accrual to ensure the amount
accrued is correct.
• Compare the current year balances for trade accounts payables and accruals to the
previous year.
• Compare the amounts owed to a sample of individual suppliers in the trade accounts
payables listing to amounts owed to these suppliers in the previous year.
• Compare the payables' turnover and payables' days to the previous year and industry
data.

Cut-off
 For a sample of vouchers, compare the dates with the dates they were recorded in the
ledger for application of correct cut-off.
• Test transactions around the year-end to determine whether amounts have been
recognised in the correct financial period.
• Perform analytical procedures on purchase returns, comparing the purchase returns as a p ercentage
of sales or cost of sales to the previous year.

Accuracy
Recalculate the mathematical accuracy of a sample of suppliers' invoices to confirm the
amounts are correct.

Occurrence
For a sample of vouchers, inspect supporting documentation such as authorised purchase
orders.

Classification and understandability

• Review the trade accounts payables listing to identify any large debits (which should be
reclassified as receivables or deposits) or long-term liabilities which should be
disclosed separately.
• Read the disclosure notes relevant to liabilities in the draft financial statements and
review for understandability.

Accuracy and valuation

Read the disclosure notes to ensure the information is accurate and properly presented at the
appropriate amounts.

166
CONFIRMATION OF TRADE PAYABLES

It is also possible to undertake confirmation of trade payables, although this is not used a great
deal in practice because the auditor can test trade payables by examining reliable, independent
evidence in the form of suppliers' invoices and suppliers' statements. However, where an
entity's internal controls are weak, suppliers' statements may not be available and in this
situation, it may be relevant to undertake confirmation procedures. Confirmation of trade
payables provides evidence primarily for the completeness assertion.

Where the entity has strong controls in place to ensure that all liabilities are recorded, the
confirmation will focus on large balances.

Where the auditor is concerned about the presence of unrecorded liabilities, regular suppliers
with small or zero balances on their accounts and a sample of other accounts will be confirmed
as well as large balances.

Auditors use a positive confirmation referred to as a blank or zero-balance confirmation. This

confirmation does not state the balance owed but requires the supplier to declare the amount
owed at the year-end and to provide a detailed statement of the account. When the
confirmation is received back, the amount must be reconciled with the entity's records.

The selection and sending out of accounts payables' confirmations should be controlled using
the same procedures as for the receivables' confirmation that we discussed previously.
Reconciliations of accounts payables with suppliers' statements

Many suppliers provide monthly statements to their customers. These may therefore be
available in the entity for examination. Because-they are a source of documentary evidence
originating outside of the entity, they are a reliable source of evidence to support suppliers'
balances and provide evidence as to the existence, completeness and valuation of balances.

Having said this, auditors do still need to be cautious when using them as they may have been
tampered with by the entity. The auditor should not rely on photocopies or faxed statements. If
there is any doubt; the auditor should request a copy directly from the supplier or confirm the
balance with the supplier (see above).

When selecting accounts for testing, the auditor should consider the volume of business during
the year; riot the balance outstanding at the year-end, because the risk is understatement of
balances. Most differences between balances on suppliers' statements and the year-end
accounts payables' listing are likely to be due to goods and cash-in-transit and disputed
amounts, however all differences need to be investigated thoroughly.

AUDIT OF NON-CURRENT LIABILITIES

Non-current liabilities are usually authorised by the board and should be well documented.

167
We are concerned here with non-current liabilities comprising debentures, loan inventory and
other loans repayable at a date more than one year after the year-end.

Auditors will primarily try and determine:

Completeness: whether all non-current liabilities have been disclosed

Accuracy: whether interest payable has been calculated correctly and in the correct
accounting period

Classification and understandability: whether long-term loans and interest have been
correctly disclosed in the financial statements

The major complication for the auditors is that debenture and loan agreements frequently
contain conditions with which the company must comply, including restrictions on the
company's total borrowings and adherence with specific borrowing ratios.

Audit Plan of Non-current Liabilities

- Obtain/prepare schedule of loans outstanding at the year-end date showing; for each
loan: name of lender, date of loan, maturity date, interest date, interest rate, balance at
the end of the period and security.
- Compare opening balances to previous year's papers.
- Test the clerical accuracy of the analysis.
- Compare balances to the general ledger.
- Agree name of lender etc, to register of debenture holders or equivalent (if kept)
- Trace additions and repayments to entries in the cash book.
- Confirm repayments 'are in accordance with loan agreement.
- Examine cancelled cheques and memoranda of satisfaction for loans repaid.
- Verify that borrowing limits imposed by agreements are not exceeded.
- Examine signed Board minutes relating to new borrowings/repayments,
- Obtain direct confirmation from lenders of the amounts outstanding, accrued interest
and what security they hold.
- Verify interest charged for the period and the adequacy of accrued interest..
- Confirm assets charged have been entered in the register of charges and notified to the
Registrar.
• Review restrictive covenants and provisions relating to default:
• Review any correspondence relating to the loan
• Review confirmation replies for non-compliance
• If a default appears to exist, determine its effect, and schedule findings
• Review minutes, cash book to confirm that all loans have been recorded.
- Review draft accounts to ensure that disclosures for non-current liabilities are correct
and in accordance with accounting standards. Any elements repayable within one year
should be classified under current liabilities.

AUDIT PROCEDURE OF PROVISIONS AND CONTINGENCIES

168
AUDIT OF CONTINGENCIES
The accounting treatments for provisions and contingencies are complex and involve
judgement and this can make them difficult to audit.

Accounting issues

Key terms
A provision is a liability of uncertain timing or amount.
A liability is a present obligation of the entity arising from past events, the settlement of which
is expected to result in an outflow from the entity of resources embodying economic benefits.

An obligating event is an event that creates a legal or constructive obligation that results in an
entity having no realistic alternative to settling that obligation.

A legal obligation is an obligation that derives from:

a) A contract (through its explicit or implicit terms),
b) Legislation, or
c) Other operation of law

A constructive obligation is an obligation that derives from an entity's actions where:

a. By an established pattern of past practice, published policies or a sufficiently specific
current statement, the entity has indicated to other parties that it will accept certain
responsibilities, and
b. As a result, the entity has created a valid expectation on the part of those other
parties that it will discharge those responsibilities.

A contingent liability is:

a. A possible obligation that arises from past events and whose existence will be
confirmed only by the occurrence or non-occurrence of one or more uncertain future
events not wholly within the control of the entity, or
b. A present obligation that arises from past events but is not recognised because:
 It is not probable that an outflow of resources embodying economic benefits
will be required to settle the obligation, or
 The amount of the obligation cannot be measured with sufficient reliability.

A contingent asset is a possible asset that arises from past events and whose existence will be
confirmed only by the occurrence or non-occurrence of one or more uncertain future events
not wholly within the control of the entity.

Under LAS 37 Provisions, contingent liabilities and contingent assets, an entity should not
recognise a contingent-asset or a contingent liability. However if it becomes probable that an
outflow of future economic benefits will be required for a previous contingent liability, a
provision should be recognised.

169
A contingent asset should not be accounted for unless its realisation is virtually certain; if an
inflow of economic benefits has become probable, the asset should be disclosed.

Examples of the principal types of contingencies disclosed by companies are:

- Guarantees (for group companies, of staff pension schemes, of completion of contracts)
- Discounted bills of exchange
- Uncalled liabilities on shares or loan inventory
- Lawsuits or claims pending
- Options to purchase assets

Obtaining audit evidence of contingencies

Part of ISA 501 Audit evidence - additional considerations for specific items, covers
contingencies relating to litigation and legal claims, which will represent the major part of
audit work on contingencies. Litigation and claims involving the entity may have a material
effect on the financial statements, and so will require adjustment to/disclosure in those
financial statements.

The auditor should carry out procedures in order to become aware of any litigation and claims
involving the entity which may have a material effect on the financial statements. Such
procedures would include the following.
• Make appropriate inquiries of management including obtaining written representations.
• Review board minutes and correspondence with the entity's lawyers.
• Examine legal expense accounts.
• Use any information obtained regarding the entity's business including information
obtained from discussions with any in-house legal department

When litigation or claims have been identified or when the auditor believes they may exist, the
auditor should seek direct communication with the entity's lawyers. This will help to obtain
sufficient appropriate audit evidence as to whether potential material litigation and claims are
known and management's estimates of the financial implications, including costs, are reliable.
The ISA discusses the form the letter to the entity's lawyer should take. The letter, which
should be prepared by management and sent by the auditor, should request the lawyer to
communicate directly with the auditor.

If it is thought unlikely that the lawyer will respond to a general enquiry, the letter should
specify the following.
a) A list of litigation and claims
b) Management's assessment of the outcome of the litigation or claim and its estimate of
the financial implications, including costs involved
c) A request that the lawyer confirms the reasonableness of management's assessments
and provides the auditor with further information if the list is considered by the lawyer
to be incomplete or incorrect

The auditors must consider these matters up to the date of their report and so a further,
updating letter may be necessary.

170
A meeting between the auditors and the lawyer may be required, for example where a complex
matter arises, or where there is a disagreement between management and the lawyer. Such
meetings should take place only with the permission of management, and preferably with a
management representative present.

If management refuses to give the auditor permission to communicate with the lawyers; this
may have an impact on the audit opinion.

AUDIT OF PROVISIONS

The following audit plan can be used in the audit of provisions.

Audit plan of Provisions/contingents

Obtain details of all provisions which have been included in the accounts and all contingencies
that have been disclosed.

Obtain a detailed analysis of all provisions showing opening balances, movements and closing
balances.

Determine for each material provision whether the company has a present obligation as a
result of past events by:
- Review of correspondence relating to the item
- Discussion with the directors. Have they created a valid expectation in other parties that
they will discharge the obligation?
- Determine for each material provision whether it is probable that a transfer of economic
benefits will be required to settle the obligation by:
- Checking whether any payments have been made in the post year-end period in respect
of the item by reviewing after-date cash
- Review of correspondence with solicitors, banks, customers, insurance company and
suppliers both pre and post year-end
- Sending a letter to the solicitor to obtain his views (where relevant)
- Discussing the position of similar past provisions with the directors. Were these
provisions eventually settled?
- Considering the likelihood of reimbursement
- Recalculate all provisions made.
- Compare the amount provided with any post year-end payments and with any amount
paid in the past for similar items.
- In the event that it is not possible to estimate the amount of the provision, check that a
contingent liability is disclosed in the accounts.
- Consider the nature of the client's business. Would you expect to see any other
provisions e.g. warranties? Consider the adequacy of disclosure of provisions,
contingent assets and contingent liabilities in accordance with IAS 37.

Capital and other issues

The main concern with share capital and reserves is that the company has complied with the

171
law. . The issued share capital as stated in the accounts must, be agreed in total with the share
register. An examination of transfers on a test basis should be made in those cases where a
company handles its own registration work. Where the registration work is dealt with by
independent registrars, auditors will normally examine the reports submitted by them to the
company, and obtain from them at the year-end a certificate of the share capital in issue.
Auditors should check carefully whether clients have complied with local legislation about
share issues or purchase of own shares. Auditors should take particular care if there are any
movements in reserves that cannot be distributed, and should confirm that these movements
are valid.

Share equity capital:

Agree the authorised share capital with the statutory documents governing the company's
constitution. Agree changes to authorised share capital with properly authorised resolutions:

Issue of Shares
Verify any issue of share capital or other changes during the year with general and board
minutes.
Ensure issue or change is within the terms of the constitution, and directors possess
appropriate authority to issue shares.

Confirm that cash or other consideration has been received or receivable{s} is included as
called-up share capital not paid_

Transfer of shares

Verify transfers of shares by reference to:

- Correspondence
- Completed and stamped transfer forms
- Cancelled share certificates
- Minutes of directors' meeting
Review the balances on shareholders' accounts in the register of members and the total list
with the amount of issued share capital in the general ledger.

Dividends
- Agree dividends paid and proposed to authority in minute books and check calculation
with total share capital issued to ascertain whether there are any outstanding or
unclaimed dividends.
- Agree dividend payments with documentary evidence (say, the returned dividend
warrants).
- Check that dividends do not contravene the distribution provisions of the legislation.
- Check that imputed tax has been accounted for to the taxation authorities and correctly
treated in the accounts

Reserves
- Agree movements on reserves to supporting authority
- Ensure that movements on reserves do not contravene the legislation and the company's

172
 constitution
- Confirm that the company can distinguish distributable reserves from those that are
non-distributable
- Ensure appropriate disclosures of movements on reserves are made in the company's
accounts by inspection of the financial statements.

Summary
The largest figure in current liabilities will normally be trade accounts payable which are
generally audited by comparison of suppliers' statements with purchase ledger accounts.
Non-current liabilities are usually authorised by the board and should be well documented.
The accounting treatments for provisions and contingencies are complex and involve
judgement and this can make them difficult to audit.

The main concern with share capital and reserves is that the company has complied with the
law

AUDIT OF INVENTORY

If inventory is material to the financial statements, the auditor shall obtain sufficient
appropriate audit evidence regarding the existence and condition of inventory by:

(a) Attendance at physical inventory counting, unless impracticable, to:

i. Evaluate management's instructions and procedures for recording and
controlling the results of the entity's physical inventory counting;
ii. Observe the performance of management's count procedures;
iii. Inspect the inventory; and
iv. Perform test counts; and
(b) Performing audit procedures over the entity's final inventory records to determine
whether they accurately reflect actual inventory count results.
(c) If physical inventory counting is conducted at a date other than the date of the
financial statements, the auditor shall, perform audit procedures to obtain audit
evidence about whether changes in inventory between the count date and the date of
the financial statements are properly recorded.
(d) If the auditor is unable to attend physical inventory counting due to unforeseen
circumstances, the auditor shall make or observe some physical counts on an
alternative date, and perform audit procedures on intervening transactions.
(e) If attendance at physical inventory counting is impracticable, the auditor shall
perform alternative audit procedures to obtain sufficient appropriate audit evidence
regarding the existence and condition of inventory. If it is not possible to do so, the
auditor shall modify the opinion in the auditor's report in accordance with ISA 705_
(f) If inventory under the custody and control of a third party is material to the financial
statements, the auditor shall obtain sufficient appropriate audit evidence regarding the
existence and condition of that inventory by performing one or both of the following:
- Request confirmation from the third party as to the quantities and condition
of inventory held on behalf of the entity.
- Perform inspection or other audit procedures appropriate in the

173
 circumstances.

Attendance at Physical Inventory Counting

- Management ordinarily establishes procedures under which inventory is physically
counted at least once a year to serve as a basis for the preparation of the financial
statements and, if applicable, to ascertain the reliability of the entity's perpetual
inventory system.
- Attendance at physical inventory counting involves:
• inspecting the inventory to ascertain its existence and evaluate its condition, and
performing test counts;
• Observing compliance with management's instructions and the performance of
procedures for recording and controlling the results of the physical inventory
count; and
• Obtaining audit evidence as to the reliability of management's count procedures

These procedures may serve as test of controls or substantive procedures depending on the
auditor's risk assessment; planned approach and the specific procedures carried out.

Matters relevant in planning attendance at physical inventory counting or in designing and

performing audit procedures include, for example:
• The risks of material misstatement related to inventory.
• The nature of the internal control related to inventory.
• Whether adequate procedures are expected to be established and proper instructions
issued for physical inventory counting.
• The timing of physical inventory counting.
• Whether the entity maintains a perpetual inventory system.
• The locations at which inventory is held, including the materiality of the inventory and
the risks of Material misstatement at different locations, in deciding at which locations
attendance is appropriate. ISA 600 deals with the involvement of other auditors and
accordingly may be -relevant if such involvement is with regard to attendance of
physical inventory counting at a remote location.'

Evaluate Management's Instructions and Procedures

Matters relevant in evaluating management's instructions and procedures for recording and
controlling the physical inventory counting include whether they address, for example:
• The application of appropriate control activities, for example, collection of used
physical inventory count records, accounting for unused physical inventory count
records, and count and re-count procedures.
• The accurate identification of the stage of completion of work in progress, of slow
moving, obsolete or damaged items and of inventory owned by a third party, For
example, on consignment.
• The procedures used to estimate physical quantities, where applicable, such as may be
needed in estimating the physical quantity of a coal pile.
• Control over the movement of inventory between areas and the shipping and receipt of
inventory before and after the cutoff date.

174
Observe the Performance of Management's Count Procedures
Observing the performance of management's count procedures, for example, those relating to
control over the movement of inventory before, during and after the count, assists the auditor
in obtaining audit evidence that management's instructions and count procedures are
adequately designed and implemented. In addition, the auditor may obtain copies of cutoff
information, such as details of the movement of inventory, to assist the auditor in performing
audit procedures over the accounting for such movements at a later date.

Inspect the Inventory

Inspecting inventory when attending physical inventory counting assists the auditor in
ascertaining the existence of the inventory (though not necessarily its ownership), and in
identifying, for example, obsolete, damaged or aging inventory.

Perform Test Counts

Performing test counts, for example, by tracing items selected from management's count
records to the physical inventory and tracing items selected from the physical inventory to
management's, count records, provides audit evidence about the completeness and the
accuracy of those records.

In addition to recording the auditor's test counts, obtaining copies of management's completed
physical inventory count records assists the auditor in performing subsequent audit procedures
to determine whether the entity's final inventory records accurately reflect actual inventory
count results.

Physical Inventory Counting Conducted Other than at the Date of the Financial Statements.
For practical reasons, the physical inventory counting may be conducted at a date, or dates,
other than the date of the financial statements. This may be done irrespective of whether
management determines inventory quantities by an annual physical inventory counting or
maintains a perpetual inventory system. In either case, the effectiveness of the design,
implementation and maintenance of controls over changes in inventory determines whether the
conduct of physical inventory counting at a date, or dates, other than the date of the financial
statements is appropriate for audit purposes. ISA 330 establishes requirements and provides
guidance on substantive procedures performed at an interim date.

Where a perpetual inventory system is maintained, management may perform physical counts
or-other tests to ascertain the reliability of inventory quantity information included in the
entity's perpetual inventory records. In some cases, management or the .auditor may identify
differences .between the perpetual inventory records and actual physical inventory quantities
on hand; this may indicate that the controls over changes in inventory are not operating
effectively.

Relevant matters for consideration when designing audit procedures to obtain audit evidence
about whether changes in inventory amounts between the count date, or dates, and the .final
inventory records are properly recorded include:

175
 • Whether the perpetual inventory records are properly adjusted.
• Reliability of the entity's perpetual inventory records.
• Reasons for significant differences between the information obtained during the
physical count and the perpetual inventory records.

Attendance at Physical Inventory Counting Is Impracticable

 In some cases, attendance at physical inventory counting may be impracticable. This may
be due to factors such as the nature and location of the inventory, for example, where
inventory is held in a location that may pose threats to the safety of the auditor. The
matter of general inconvenience to the auditor, however, is not sufficient to support a
decision by the auditor that attendance is impracticable. Further, as explained in ISA 200,
the matter of difficulty, time, or cost involved is not in itself a valid basis for the auditor
to omit an audit procedure for which there is no alternative or-to be satisfied with audit
evidence that is less-than persuasive. In some cases where attendance is impracticable,
alternative audit procedures, for example, inspection of documentation of the
subsequent sale of specific inventory items acquired or purchased prior to' the physical
inventory counting, may provide sufficient appropriate audit evidence about the
existence and condition of inventory. - In other cases, however, it may not be possible to
obtain sufficient appropriate audit evidence regarding the existence and condition of
inventory by performing alternative audit procedures. In such cases, ISA 705 requires the
auditor to modify the opinion in the auditor's report as a result of the scope of limitation.

Inventory under the .Custody and Control of a Third Party

Confirmation
ISA 505 establishes requirements and provides guidance for performing external confirmation
procedures.

Other Audit Procedures

Depending on the circumstances, for example, where information is obtained that raises doubt
about the integrity and objectivity of the third party, the auditor may consider it appropriate to
perform other audit procedures instead of or in addition to, confirmation with the third party.
Examples of other audit procedures include:

• Attending; or arranging for another auditor to attend, the third party's physical counting
of inventory, if practicable.
• Obtaining another auditor's report, or a service auditor's report, on the adequacy of the
third party's internal control for ensuring that inventory is properly counted and
adequately safeguarded.
• Inspecting documentation regarding inventory held by third parties, for example,
warehouse receipts.
 Requesting confirmation from other parties when inventory has been pledged as
collateral.

176
USING THE WORK OF OTHERS (INTERNAL AUDIT AND EXPERTS)

The auditor should obtain sufficient appropriate audit evidence that the work of the expert is
adequate for the purpose of the audit.

An expert is a person possessing specialized skills, knowledge and experience in another field
other than auditing and accounting. From his experience, an auditor only has general
knowledge on matters outside his profession and is not expected to have the skills of a person
trained or qualified to work in another profession .Consequently, the auditor may need the
advice of another expert for example, a pharmacist when verifying stock in the laboratory or
lawyers in arriving at the legal interpretation of legal cases against a client.

Situations where the auditor may require work of an expert

 The legal interpretation of contracts, laws and regulations

 Valuations of certain types of assets e.g. precious stones, minerals and buildings
 Actuarial valuation e.g. for pension funds
 When measuring the work to be completed in construction contracts.

In deciding whether to use the work of an expert the auditor should consider.

 The materiality of an item being examined in relation to the financial statements as a

whole.
 The nature and complexity of the item including the risk.
 The audit evidence available in respect with the item.

Factors considered before relying on the work of the expert

The auditor should consider;

 The skills and competence of the expert. The auditor should consider this by examining
the expert’s professional qualifications, licenses or membership of an appropriate
professional body. The experience and reputation of the expert in the field in which the
auditor is seeking evidence is very important.
 Objectivity and independence of the expert.. The auditor should consider whether the
expert is independent from the client. The risk of independence being impaired
increases where the expert is employed by the client. In such cases he owes his loyalty
to the client because there exists a financial relationship.
 The source of the data used by the expert in arriving at his opinion. If the source of the
data can be regarded as reliable, then the auditor can reasonably use the work of the
expert as audit evidence.
 The assumptions and methods used. The auditor should consider whether the methods
used by the expert in arriving at his opinion are appropriate to the circumstances. He
should also obtain an understanding of those assumptions and methods to determine that they
are reasonable based on the auditor’s knowledge of the client’s business and the results of his

177
 other audit procedures.

Communication with the expert

When consulting an expert the auditor should cover:

 Objectives and scope of his work

 An outline of the item the auditor expects to be covered in the report.
 The intended use of the expert work by the auditor and disclosure to third parties as to
the expert’s identity and extent of involvement
 Clarification of the expert’s relationship with the client.
 The confidentiality of the client information.
 Assumptions and the methods the expert intends to use. These will be evaluated for
reasonableness by the auditor.
 Recording of any further information as audit evidence.

COMPUTER ASSISTED AUDIT TECHNIQUES (CAATs)

There are two broad categories of CAAT:

1. Audit software; and

2. Test data.

Audit software

Audit software is used to interrogate a client's system. It can be either packaged, off-the-shelf
software or it can be purpose written to work on a client's system. The main advantage of these
programs is that they can be used to scrutinize large volumes of data, which it would be
inefficient to do manually. The programs can then present the results so that they can be
investigated further.

Specific procedures they can perform include:

 Extracting samples according to specified criteria, such as:

o Random;
o Over a certain amount;
o Below a certain amount;
o At certain dates.
 Calculating ratios and select indicators that fail to meet certain pre-defined criteria (i.e.
benchmarking);
 Check arithmetical accuracy (for example additions);
 Preparing reports (budget vs actual);
 Stratification of data (such as invoices by customer or age);
 Produce letters to send out to customers and suppliers; and
 Tracing transactions through the computerised system.

178
These procedures can simplify the auditor's task by selecting samples for testing, identifying
risk areas and by performing certain substantive procedures. The software does not, however,
replace the need for the auditor's own procedures.

Test data

Test data involves the auditor submitting 'dummy' data into the client's system to ensure that
the system correctly processes it and that it prevents or detects and corrects misstatements.
The objective of this is to test the operation of application controls within the system.

To be successful test data should include both data with errors built into it and data without
errors. Examples of errors include:

 codes that do not exist, e.g. customer, supplier and employee;

 transactions above pre-determined limits, e.g. salaries above contracted amounts, credit
above limits agreed with customer;
 invoices with arithmetical errors; and
 Submitting data with incorrect batch control totals. 

Data may be processed during a normal operational cycle ('live' test data) or during a special
run at a point in time outside the normal operational cycle ('dead' test data). Both has their
advantages and disadvantages:

 Live tests could interfere with the operation of the system or corrupt master
files/standing data;
 Dead testing avoids this scenario but only gives assurance that the system works when
not operating live. This may not be reflective of the strains the system is put under in
normal conditions. 

Advantages of CAATs

CAATs allow the auditor to:

 Independently access the data stored on a computer system without dependence on the
client;
 Test the reliability of client software, i.e. the IT application controls (the results of
which can then be used to assess control risk and design further audit procedures);
 Increase the accuracy of audit tests; and
 Perform audit tests more efficiently, which in the long-term will result in a more cost
effective audit.

Disadvantages of CAATs

 CAATs can be expensive and time consuming to set up, the software must either be
purchased or designed (in which case specialist IT staff will be needed);
 Client permission and cooperation may be difficult to obtain;
 Potential incompatibility with the client's computer system;

179
  The audit team may not have sufficient IT skills and knowledge to create the complex
data extracts and programming required;
 The audit team may not have the knowledge or training needed to understand the
results of the CAATs; and
 Data may be corrupted or lost during the application of CAATs. 

Other techniques

There are other forms of CAAT that are becoming increasingly common as computer
technology develops, although the cost and sophistication involved currently limits their use to
the larger accountancy firms with greater resources. These include:

Integrated test facilities - this involves the creation of dummy ledgers and records to which
test data can be sent. This enables more frequent and efficient test data procedures to be
performed live and the information can simply be ignored by the client when printing out their
internal records; and

Embedded audit software - this requires a purpose written audit program to be embedded into
the client's accounting system. The program will be designed to perform certain tasks (similar
to audit software) with the advantage that it can be turned on and off at the auditor's wish
throughout the accounting year. This will allow the auditor to gather information on certain
transactions (perhaps material ones) for later testing and will also identify peculiarities that
require attention during the final audit.

TOPIC 8

OVERALL AUDIT REVIEW

SUBSEQUENT EVENTS REVIEWS

Subsequent events are transactions occurring after the balance sheet date, but before the
financial statements are either issued or available to be issued.
Auditors must take steps to ensure that any such events are properly reflected in the financial
statements.
To identify any such events, a subsequent events review is carried out.
There are two types of subsequent events:

1. Adjusting event
Event after the reporting period that provides further evidence of conditions that existed
at the end of the reporting period, including events that indicates that the going concern
assumption in relation to the whole or part of the enterprise is not
2. Non-adjusting event
Events after the reporting period that are indicative of a condition that arose after the
end of the reporting period.

Example 1

180
You are the trainee accountant of Gabriella Enterprises Co and are preparing the financial
statements for the year-ended 30 September 2012. The financial statements are expected to be
approved in the Annual General Meeting, which is to be held on Monday 29 November 2010.
Today’s date is 22 November 2010. You have been made aware of the following matters:

1. On 14 October 2010, a material fraud was discovered by the bookkeeper. The payables
ledger assistant had been diverting funds into a fictitious supplier bank account, set up
by the employee, which had been occurring for the past six months. The employee was
immediately dismissed, legal proceedings against the employee have been initiated and
the employee’s final wages have been withheld as part-reimbursement back to the
company.
2. On 20 September 2010, a customer initiated legal proceedings against the company in
relation to a breach of contract. On 29 September 2010, the company’s legal advisers
informed the directors that it was unlikely the company would be found liable;
therefore no provision has been made in the financial statements, but disclosure as a
contingent liability has been made. On 29 October 2010, the court found the company
liable on a technicality and is now required to pay damages amounting to a material
sum.
3. On 19 November 2010, a customer ceased trading due to financial difficulties owing
$2,500. As the financial statements are needed for the board meeting on 22 November
2010, you have decided that because the amount is immaterial, no adjustment is
required. The auditors have also confirmed that this amount is immaterial to the draft
financial statements.

Required:
(a) For each of the three events above, you are required to discuss whether the financial
statements require amendment.

Answer:
When presented with such scenarios, it is important to be alert to the timing of the events in
relation to the reporting date and to consider whether the events existed at the year-end, or not.
If the conditions did exist at the year-end, the event will become an adjusting event. If the
event occurred after the year-end, it will become a non-adjusting event and may simply
require disclosure within the financial statements.

1. Fraud
Clearly the fraud committed by the payables ledger clerk has been ongoing during, and
beyond the financial year. Fraud, error and other irregularities that occur prior to the year-end
date – but which are only discovered after the year-end – are adjusting items, and therefore the
financial statements would require amendment to take account of the fraudulent activity up to
the year-end.

2. Legal proceedings
At the year-end, the company had made disclosure of a contingent liability. However,
subsequent to the year-end (29 October 2010), the court found the company liable for breach
of contract. The legal proceedings were issued on 20 September 2010 (some 10 days before
the year-end). This is, therefore, evidence of conditions that existed at the year-end. IAS 10

181
requires the result of a court case after the reporting date to be taken into consideration to
determine whether a provision should be recognised in accordance with IAS 37, Provisions,
Contingent Liabilities and Contingent Assets at the year-end. In this case, the financial
statements will require adjusting because:

 the conditions existed at the year-end

 the recognition criteria for a provision in accordance with IAS 37 have been met.

3. Loss of customer
A customer ceasing to trade so soon after the reporting period indicates non-recoverability of a
receivable at the reporting date and therefore represents an adjusting event under IAS 10,
Events After the Reporting Period. Assets should not be carried in the statement of financial
position at any more than their recoverable amount and, therefore, an allowance for
receivables should be made.

The auditor should obtain sufficient appropriate audit evidence about whether events occurring
between the date of the financial statements and the date of the auditor's report that require
adjustment of, or disclosure in, the financial statements are appropriately reflected in those
financial statements in accordance with the applicable financial reporting framework;

Subsequent events reviews — what auditors need to do

ISA 560 Subsequent Events details the responsibilities of the auditors with respect to
subsequent events and the procedures they can use. As auditors are responsible for their audit
work right up to the date that the financial statements are issued, they should perform
subsequent event reviews until that date has passed.
However, the nature of their responsibility changes at the point the audit report is signed.
Procedures undertaken in performing a subsequent events review might include any of the
following:
• Enquiring into management procedures/systems for the identification of subsequent
events.
• Reading minutes of members' and directors' meetings and of audit and executive
committee meetings, and enquiring about matters not yet put in the minutes.
• Reviewing accounting records including -budgets, forecasts and interim information.
• Making enquiries of directors to ask if they are aware of any subsequent events,
adjusting or non-adjusting, that have not yet been included or disclosed in the financial
statements.
• `Normal' post balance sheet work performed in order to verify yearend balances:
 checking after date receipts from receivables verifying the value of accrued
expenses by checking invoices when received
 checking inventory valuations are at lower cost and net realisable value by testing
to eventual selling prices.
• Obtaining, from management, a letter of representation.

Subsequent events review — changes triggered by the signing of the audit report
The stage of completion of the annual financial statements determines the procedures the
auditor must undertake in performing subsequent event reviews.

182
1. Events Up to signing the audit report
Auditors have an active duty to search for all material events between the balance sheet date
and the date the audit report is signed.
The auditor shall perform audit procedures designed to obtain sufficient appropriate audit
evidence that all events occurring between the date of the financial statements and the date of
the auditor's report that require adjustment of, or disclosure in, the financial statements have
been identified. The auditor is not, however, expected to perform additional audit procedures
on matters to which previously applied audit procedures have provided satisfactory
conclusions.
The auditor shall perform the procedures required so that they cover the period from the date
of the financial statements to the date of the auditor's report, or as near as practicable thereto.
The auditor shall take into account the auditor's risk assessment in determining the nature and
extent of such audit procedures, which shall include the following:
a) Obtaining an understanding of any procedures management has established to ensure
that subsequent events are identified.

b) Inquiring of management and, where appropriate, those charged with governance as to

whether any subsequent events have occurred which might affect the financial
statements.
c) Reading minutes, if any, of the meetings of the entity's owners, management and those
charged with governance that have been held after the date of the financial statements
and inquiring about matters discussed at any such meetings for which minutes are not
yet available.
d) Reading the entity's latest subsequent interim financial statements, if any.

If, as a result of the procedures performed as above, the auditor identifies events that require
adjustment of, or disclosure in, the financial statements, the auditor shall determine whether
each such event is appropriately reflected in those financial statements in accordance with the
applicable financial reporting framework.
The auditor shall request management and, where appropriate, those charged with governance,
to provide a written representation in accordance with ISA 580 that all events occurring
subsequent to the date of the financial statements and for which the applicable financial
reporting framework requires adjustment or disclosure have been adjusted or disclosed.

2. Between signing the audit report and issuing the financial statements
 Auditors have a passive duty.
 Auditors only have to act if they are made aware of something — but once they are
aware, they have a duty to take the necessary action.

The auditor has no obligation to perform any audit procedures regarding the financial
statements after the date of the auditor's report. However, if, after the date of the auditor's
report but before the date the financial statements are issued, a fact becomes known to the
auditor that, had it been known to the auditor at the date of the auditor's report, may have
caused the auditor to amend the auditor's report, the auditor shall:
a) Discuss the matter with management and, where appropriate, those charged with
governance;

183
 b) Determine whether the financial statements need amendment and, if so,
c) Inquire how management intends to address the matter in the financial statements

If amendment is required to the financial statements and management makes the necessary
changes, the auditor must carry out a number of procedures:
 Undertake any necessary audit procedures on the changes made.
 Extend audit procedures for identifying subsequent events that may require adjustment
of or disclosure in the financial statements to the date of the new auditor's report.
 Provide a new auditor's report on the amended financial statements.

If management does not amend the financial statements:

 If the auditor's report has not yet been provided to the entity, the auditor shall modify
the opinion and then provide the auditor's report.
 If the auditor's report has already been provided to the entity, the auditor shall notify
management and those charged with governance not to issue the financial statements
before the amendments are made; but if the financial statements are issued anyway, the
auditor shall take action to seek to prevent reliance on the auditor's report.

Example
A few days after signing an audit report, but before the client's financial statements have been
approved by the shareholders at the AGM, the auditors receive a phone call from a director
indicating a material error in the financial statements.

In such circumstances, a number of things may happen.

Client produces a revised set of financial statements.

Where this happens, the auditor needs to produce a new audit report, as the audit report must
always be dated on or after the date that the financial statements are signed by the directors.
The auditor will therefore need to extend 'active duties' on all other matters from the original
date of the audit report to the new date..

Client refuses to change the financial statements.

Now the financial statements are materially wrong, but the initial audit report said they were
true and fair. The auditor should ask for the audit report back, so that a new qualified report
can be issued. However, the client may refuse this as well.
In such circumstances, the auditor should obtain legal advice, consider resignation, and speak
at the AGM to notify shareholders.

3. Facts Which Become Known To The Auditor After The Financial Statements Have
Been Issued
After the financial statements have been issued, the auditor has no obligation to perform any
audit procedures regarding such financial statements. However, if, after the financial
statements have been issued, a fact becomes known to the auditor that, had it been known to
the auditor at the date of the auditor's report, may have caused the auditor to amend the
auditor's report, the auditor shall;-
a) Discuss the matter with management and, where appropriate, those charged with

184
 governance;
b) Determine whether the financial statements need amendment; and, if so,
c) Inquire how management intends to address the matter in the financial statements.

GOING CONCERN REVIEW

Introduction
IAS 1 Presentation of Financial Statements recognizes the going concern assumption as one of
the fundamental assumptions that underlie the periodic financial statements of enterprises.
The meaning of going concern can be said to be that the financial statements assume that the
enterprise will continue in operational existence for the foreseeable future, or put another way
the financial statements assume no intention or necessity to liquidate or curtail significantly
the scale of operation or put more simply that the enterprise can meet its financial obligations
as they fall due.

Going Concern Assumption

- Under the going concern assumption, an entity is viewed as continuing in business for
the foreseeable future. General purpose financial statements are prepared on a going
concern basis, unless management either intends to liquidate the entity or to cease
operations, or has no realistic alternative but to do so.
- Special purpose financial statements may or may not be prepared in accordance with a
financial reporting framework for which the going concern basis is relevant (for
example, the going concern basis is not relevant for some financial statements prepared
on a tax basis in particular jurisdictions)..When the use of the going concern
assumption is appropriate; assets and liabilities are recorded on the basis that the entity
will be able to realize its assets and discharge its liabilities in the normal course of
business.

Responsibility for Assessment of the Entity's Ability to Continue as a Going Concern

 Some financial reporting frameworks contain an explicit requirement for management
to make a specific assessment of the entity's ability to continue as a going concern, and
standards regarding matters to be considered and disclosures to be made in connection
with going concern.
 For example, International Accounting Standard (IAS) l requires management to make
an assessment of an entity's ability to continue as a going concern. The detailed
requirements regarding management's responsibility to assess the entity's ability to
continue as a going concern and related financial statement disclosures may also be set
out in law or regulation.
 In other financial reporting frameworks, there may be no explicit requirement for
management to make a specific assessment of the entity's ability to continue as a going
concern. Nevertheless, since the going concern assumption is a fundamental principle
in the preparation of financial statements, the preparation of the financial statements
requires management to assess the entity's ability to continue as a going concern even
if the financial reporting framework does not include an explicit requirement to do so.
 Management's assessment of the entity's ability to continue as a going concern
involves making a judgment, at a particular point in time, about inherently uncertain
future outcomes of events or conditions. The following factors are relevant to that

185
 judgment:

 The degree of uncertainty associated with the outcome of an event or condition

increases significantly the further into the future an event or condition or the
outcome occurs. For that reason, most financial reporting frameworks that
require an explicit management assessment specify the period for which
management is required to take into account all available information.
 The size and complexity of the entity, the nature and condition of its business
and the degree to which it is affected by external factors affect the judgment
regarding the outcome of events or conditions.
 Any judgment about the future is based on information available at the time at
which the judgment is made. Subsequent events may result in outcomes that are
inconsistent with judgments that were reasonable at the time they were made.

Responsibilities of the Auditor

 The auditor's responsibility is to obtain sufficient appropriate audit evidence about the
appropriateness of management's use of the going concern assumption in the
preparation of the financial statements and to conclude whether there is a material
uncertainty about the entity's ability to continue as a going concern. This responsibility
exists even if the financial reporting framework used in the preparation of the financial
statements does not include an explicit requirement for management to make a specific
assessment of the entity's ability to continue as a going concern.
 However, as described in ISA 200, the potential effects of inherent limitations on the
auditor's ability to detect material misstatements are greater for future events or
conditions that may cause an entity to cease to continue as a going concern. The auditor
cannot predict such future events or conditions.
 Accordingly, the absence of any reference to going concern uncertainty in an auditor's
report cannot be viewed as a guarantee as to the entity's ability to continue as a going
concern. Objectives

The objectives of the auditor are:

a) To obtain sufficient appropriate audit evidence regarding the appropriateness of
management's use of the going concern assumption in the preparation of the financial
statements;
b) To conclude, based on the audit evidence obtained, whether a material uncertainty
exists related to events or conditions that may cast significant doubt on the entity's
ability to continue as a going concern; and
c) To determine the implications for the auditor's report.

Risk Assessment Procedures and Related Activities

When performing risk assessment procedures as required by ISA 315, the auditor shall
consider whether there are events or conditions that may cast significant doubt on the entity's
ability to continue as a going concern. In so doing, the auditor shall determine whether
management has already performed a preliminary assessment of the entity's ability to continue
as a going concern, and:

186
 a) if such an assessment has been performed, the auditor shall discuss the assessment with
management and determine whether management has identified events or conditions
that, individually or collectively, may cast significant doubt on the entity's ability to
continue as a going concern and, if so, management's plans to address them; or
b) If such an assessment has not yet been performed, the auditor shall discuss with
management the basis for the intended use of the going concern assumption, and
inquire of management whether events or conditions exist that, individually or
collectively, may cast significant doubt on the entity's ability to continue as a going
concern.

The auditor shall remain alert throughout the audit for audit evidence of events or conditions
that may cast significant doubt on the entity's ability to continue as a going concern.

Evaluating Management's Assessment

The auditor shall evaluate management's assessment of the entity's ability to continue as a
going concern. In evaluating management's assessment of the entity's ability to continue as a
going concern, the auditor shall cover the same period as that used by management to make its
assessment as required by the applicable financial reporting framework, or by law or
regulation if it specifies a longer period.
If management's assessment of the entity's ability to continue as a going concern covers less
than twelve months from the date of the financial statements as defined in ISA 560, the auditor
shall request management to extend its assessment period to at least twelve months from that
date. In evaluating management's assessment, the auditor shall consider whether management's
assessment includes all relevant information of which the auditor is aware as a result of the
audit.

Period beyond Management's Assessment

The auditor shall inquire of management as to its knowledge of events or conditions beyond
the period of management's assessment that may cast significant doubt on the entity's ability to
continue as a going concern.

Additional Audit Procedures When Events or Conditions Are Identified

If events or conditions have been identified that may cast significant doubt on the entity's
ability to continue as a going concern, the auditor shall obtain sufficient appropriate audit
evidence to determine whether or not a material uncertainty exists through performing
additional audit procedures, including consideration of mitigating factors.
These procedures shall include:
a) Where management has not yet performed an assessment of the entity's ability to
continue as a going concern, requesting management to make its assessment.
b) Evaluating management's plans for future actions in relation to its going concern
assessment, whether the outcome of these plans is likely to improve the situation and
whether management's plans are feasible in the circumstances.
c) Where the entity has prepared a cash flow forecast, and analysis of the forecast is a
significant factor in considering the future outcome of events or conditions in the
evaluation of management's plans for future action: Evaluating the reliability of the
underlying data generated to prepare the forecast; and whether there is adequate support for
the assumptions underlying the forecast.

187
 d) Considering whether any additional facts or information have become available since
the date on which management made its assessment.
e) Requesting written representations from management and, where appropriate, those
charged with governance, regarding their plans for future action and the feasibility of
these plans.

Audit Conclusions and Reporting

- Based on the audit evidence obtained, the auditor shall conclude whether, in the
auditor's judgment, a material uncertainty exists related to events or conditions that,
individually or collectively, may cast significant doubt on the entity's ability to
continue as a going concern.
- A material uncertainty exists when the magnitude of its potential impact and
likelihood of occurrence is such that, in the auditor's judgment, appropriate
disclosure of the nature and implications of the uncertainty is necessary for:
a) In the case of a fair presentation financial reporting framework, the fair
presentation of the financial statements, or
b) In the case of a compliance framework, the financial statements not to be
misleading.

Use of Going Concern Assumption Appropriate but a Material Uncertainty Exists

If the auditor concludes that the use of the going concern assumption is appropriate in the
circumstances but a material uncertainty exists, the auditor shall determine whether the
financial statements:
a) Adequately describe the principal events or conditions that may cast significant doubt on
the entity's ability to continue as a going concern and management's plans to deal with
these events or conditions; and
b) Disclose clearly that there is a material uncertainty related to events or conditions that
may cast significant doubt on the entity's ability to continue as a going concern and,
therefore, that it may be unable to realize its assets and discharge its liabilities in the
normal course of business.
- If adequate disclosure is made in the financial statements, the auditor shall express an
unmodified opinion and include an Emphasis in the auditor's report to:
a) Highlight the existence of a material uncertainty relating to the event or
condition that may cast significant doubt on the entity's ability to continue as a
going concern; and
b) Draw attention to the note in the financial statements that discloses the matters
- If adequate disclosure is not made in the financial statements, the auditor shall express a
qualified opinion or adverse opinion, as appropriate, in accordance with ISA 705

The auditor shall state in the auditor's report that there is a material uncertainty that may cast
significant doubt about the entity's ability to continue as a going concern.

If the financial statements have been prepared on a going concern basis but, in the auditor's
judgment, management's use of the going concern assumption in the financial statements is
inappropriate, the auditor shall express an adverse opinion.

188
Management Unwilling to Make or Extend Its Assessment
If management is unwilling to make or extend its assessment when requested to do so by the
auditor, the auditor shall consider the implications for the auditor's report.

Communication with Those Charged with Governance

Unless all those charged with governance are involved in managing the entity,7 the auditor
shall communicate with those charged with governance events or conditions identified that
may cast significant doubt on the entity's ability to continue as a going concern. Such
communication with those charged with governance shall include the following:
a) Whether the events or conditions constitute a material uncertainty;
b) Whether the use of the going concern assumption is appropriate in the preparation of
the financial statements; and
c) The adequacy of related disclosures in the financial statements.

Significant Delay in the Approval of Financial Statements

If there is significant delay in the approval of the financial statements by management or those
charged with governance after the date of the financial statements, the auditor shall inquire as
to the reasons for the delay. If the auditor believes that the delay could be related to events or
conditions relating to the going concern assessment, the auditor shall perform those additional
audit procedures necessary, as well as consider the effect on the auditor's conclusion regarding
the existence of a material uncertainty.

Risk Assessment Procedures and Related Activities

Events or Conditions That May Cast Doubt about Going Concern Assumption
The following are examples of events or conditions that, individually or collectively, may cast
significant doubt about the going concern assumption. This listing is not all-inclusive nor does
the existence of one or more of the items always signify that a material uncertainty exists.

Financial
 Net liability or net current liability position.
 Fixed-term borrowings approaching maturity without realistic prospects of renewal or
repayment; or excessive reliance on short-term borrowings to finance long-term assets.
 Indications of withdrawal of financial support by creditors.

Negative operating cash flows indicated by historical or prospective financial statements.

 Adverse key financial ratios.
 Substantial operating losses or significant deterioration in the value of assets used to
generate cash flows.
 Arrears or discontinuance of dividends.
 Inability to pay creditors on due dates.

 Inability to comply with the terms of loan agreements.

 Change from credit to cash-on-delivery transactions with suppliers.
 Inability to obtain financing for essential new product development or other essential
investments.

189
Operating
 Management intentions to liquidate the entity or to cease operations.
 Loss of key management without replacement.
 Loss of a major market, key customer(s), franchise, license, or principal supplier(s).
 Labor difficulties.
 Shortages of important supplies.
 Emergence of a highly successful competitor.

Other
 Non-compliance with capital or other statutory requirements.
 Pending legal or regulatory proceedings against the entity that may, if successful, result
in claims that the entity is unlikely to be able to satisfy.
 Changes in law or regulation or government policy expected to adversely affect the
entity.
 Uninsured or underinsured catastrophes when they occur.

The significance of such events or conditions often can be mitigated by other factors. For
example, the effect of an entity being unable to make its normal debt repayments may be
counter-balanced by management's plans to maintain adequate cash flows by alternative
means, such as by disposing of assets, rescheduling loan repayments, or obtaining additional
capital. Similarly, the loss of a principal supplier may be mitigated by the availability of a
suitable alternative source of supply.
The risk assessment procedures help the auditor to determine whether management's use of the
going concern assumption is likely to be an important issue and its impact on planning the
audit. These procedures also allow for more timely discussions with management, including a
discussion of management's plans and resolution of any identified going concern issues.

CONTIGENCIES AND COMMITMENTS

In inquiring of management and, where appropriate, those charged with governance, as to

whether any subsequent events have occurred that might affect the financial statements, the
auditor may inquire as to the current status of items that were accounted for on the basis of
preliminary or inconclusive data and may make specific inquiries about the following matters:
 Whether new commitments, borrowings or guarantees have been entered into.
 Whether sales or acquisitions of assets have occurred or are planned.
 Whether there have been increases in capital or issuance of debt instruments, such as the
issue of new shares or debentures, or an agreement to merge or liquidate has been made
or is planned.

 Whether any assets have been appropriated by government or destroyed, for example,
by fire or flood.
 Whether there have been any developments regarding contingencies.
 Whether any unusual accounting adjustments have been made or are contemplated.
 Whether any events have occurred or are likely to occur that will bring into question the
appropriateness of accounting policies used in the financial statements, as would be the

190
 case, for example, if such events call into question the validity of the going concern
assumption.
 Whether any events have occurred that is relevant to the measurement of estimates or
provisions made in the financial statements.
 Whether any events have occurred that are relevant to the recoverability of assets_

In the public sector, the auditor may read the official records of relevant proceedings of the
legislature and inquire about matters addressed in proceedings for which official records are
not yet available.

MANAGEMENT REPRESENTATIONS
It should be normal practice at the end of an audit to send a letter to the client setting out
weaknesses in the system of internal control. Certain rules should be observed when preparing
such a letter (known as the management letter, the letter of weakness, the internal control
memorandum, the letter of recommendations or the constructive service letter).
If management refuses to provide a representation then this constitutes a • limitation in scope
and consideration should be given to expressing a qualified opinion or a disclaimer of opinion.

Objective of the auditor

a) To obtain written representations from management that management believes that it
has fulfilled the fundamental responsibilities that constitute the premise on which an
audit is conducted;
b) To support other audit evidence relevant to the financial statements or specific
assertions in the financial statements by means of written representations if determined
necessary by the auditor-or required by other ISAs; and
c) To respond appropriately to written representations provided by management or if
management does not provide the written representations requested by the auditor.

ISA 580 states, "The auditor should obtain audit evidence that management acknowledges its
responsibility for the fair presentation of the financial statements in accordance with the
applicable financial reporting framework, and has approved the financial statements".

Scope of this ISA

1. This International Standard on Auditing (ISA) deals with the auditor's responsibility to
obtain written representations from management and, where appropriate, those charged
with governance.
2. The specific requirements for written representations of other ISAs do not limit the
application of this ISA. Written Representations as Audit Evidence

3. Audit evidence is all the information used by the auditor in arriving at the conclusions
on which the audit opinion is based. Written representations are necessary information
that the auditor requires in connection with the audit of the entity's financial statements.
4. Accordingly, similar to responses to inquiries, written representations are audit
evidence.
5. Although written representations provide necessary audit evidence, they do not provide
sufficient appropriate audit evidence on their own about any of the matters with which
they deal. Furthermore, the fact that management has provided reliable written

191
 representations does not affect the nature or extent of other audit evidence that the
auditor obtains about the fulfillment of management’s responsibilities, or about specific
assertions.

Representations as Audit Evidence

The engagement team should obtain written representations from management on matters
material to the financial statements when other sufficient appropriate audit evidence cannot
reasonably be expected to exist.
The team should obtain written representation from management that:
a) It acknowledges its responsibility for the design and implementation of internal control
to prevent and detect error; and
b) It believes the effects of those uncorrected financial statement misstatements
aggregated by the auditor during the audit are immaterial, both individually and in the
aggregate, to the financial statements taken as a whole. A summary of such items
should be included in or attached to the written representations.

In certain instances, the only audit evidence that can be available to the auditor is that obtained
from inquiry. Therefore, the need to obtain written representations from management arises.
Where representations relate to matters that are material to the financial statements, the
engagement team should:
- Seek corroborative audit evidence from sources inside or outside the entity;
- Evaluate the reasonableness of management representations and consistency with other
audit evidence; and
- Consider whether the individuals making the representations are knowledgeable on
those particular matters.

Where' other audit evidence could reasonably be expected to be available, management

representations cannot be substituted for that audit evidence. For example, a representation by
management as to the cost of an asset is not a substitute for the audit evidence of such cost that
an engagement team would ordinarily expect to obtain.
Where audit evidence is reasonably expected to be available, relating to a matter that is
material to the financial statements, and the engagement team is unable to obtain such
evidence, consideration should be given to modifying the auditor's report with a limitation of
scope paragraph. This will be the case even if management representation on that particular
matter has been received.
Where management representations are contradicted by other audit evidence, the engagement
team should investigate the circumstances and, if need be, reconsider the reliability of other
representations made by management.

Documentation
In Audit Evidence, documentary evidence is more reliable than oral evidence. Thus,
management's representations should be obtained in a written form. This also reduces the
possibility of misunderstandings between the engagement team and management.
The basic elements of the management representation letter are:
- It should be addressed to the auditor.
- It is dated the same date as the auditor's report.
- It is normally signed by members of management who have responsibility for the entity

192
 and its financial aspects (normally the directors), based on the best of their knowledge
and belief.

General points of good practice are as follows:

a) It should make clear that the object of the audit is not to discover fraud, but to report on
the financial statements. The matters referred to have been discovered incidentally to
the main objective.
b) The points should be listed logically.
c) There is no point in drawing attention to a weakness which is inherent in the nature or
size of the business, or it's totally trivial.
d) Only the weakness should be noted. It should not be implied that no fraud is taking
place although the possible consequences of the weaknesses can be expanded upon.
e) Recommendations for improvements should be made in respect of each weakness. 0
Communications in respect of recommendations should be made on a timely basis.

The management letter will normally be a natural by-product of the audit, and the auditor
should incorporate the need to issue the letter in the planning of the audit. The letter should be
sent as soon as possible after completion of the audit procedures giving rise to the need to
comment.

Where audit work is carried out in more than one stage it may be appropriate to issue a letter at
the interim audit stage as well as the final audit stage.

It is important that the management letter is sent and responded to on a timely basis (at the
audit completion stage) in order to have impact, be effective and acted upon by the client. It is
important to discuss all the points in the letter with management before the letter is issued.
Any significant matters should be brought to management's attention immediately first
verbally followed up in writing. It is essential that the contents of the letter are considered by
the management. A copy of the letter with replies should be kept on the file. Significant
matters should be followed up after the client's response by way of discussion or the
performance of system tests. Normally, it is usual for the auditor to review points made in
previous years at the first subsequent audit visit.

When a group of companies is involved, the management of the holding company may want to
be informed of significant points arising in the reports of the management of the subsidiaries.
The auditor must obtain permission from the management of the subsidiary before releasing
such information.

Any report made to management should be regarded as confidential communication. The

auditor should therefore not normally reveal the contents of the report to any third party
without the prior written consent of the management of the company.

In practice, the auditor has little control over what happens to the report once it has been
dispatched.

Occasionally, management may provide third parties e.g. their bankers, with copies of the
report.

193
The auditor can use a disclaimer of liability against foreseen liability to third parties but this
may not give full protection from liability where the auditor knows or ought to know that a
report to management may be passed to a third party who would rely on it.

QUALITY CONTROL AND REVIEW

Engagement Quality Control Review

For audits of financial statements of listed entities, and those other audit engagements, if any,
for which the firm has determined that an engagement quality control review is required, the
engagement partner shall:
a) Determine that an engagement quality control reviewer has been appointed;
b) Discuss significant matters arising during the audit engagement, including those
identified during the engagement quality control review, with the engagement
quality control reviewer; and
c) Not date the auditor's report until the completion of the engagement quality
control review.

The engagement quality control reviewer shall perform an objective evaluation of the
significant-judgments made by the engagement team, and the conclusions reached in
formulating the auditor's report.
This evaluation shall involve:
a) Discussion of significant matters with the engagement partner;
b) Review of the financial statements and the proposed auditor's report;
c) Review of selected audit documentation relating to the significant judgments the
engagement team made and the conclusions it reached; and
d) Evaluation of the conclusions reached in formulating the auditor's report and
consideration of whether the proposed auditor's report is appropriate

For audits of financial statements of listed entities, the engagement quality control reviewer,
on performing an engagement quality control review, shall also consider the following:
a. The engagement team's evaluation of the firm's independence in relation to the audit
engagement;
b. Whether appropriate consultation has taken place on matters involving differences of
opinion or other difficult or contentious matters, and the conclusions arising from those
consultations; and

c. Whether audit documentation selected for review reflects the work performed in
relation to the significant judgments and supports the conclusions reached.

If differences of opinion arise within the engagement team, with those consulted or, where
applicable, between the engagement partner and the engagement quality control reviewer, the
engagement team shall follow the firm's policies and procedures for dealing with and
resolving differences of opinion.
An effective system of quality control includes a monitoring process designed to provide the
firm with reasonable assurance that its policies and procedures relating to the system of quality

194
control are relevant, adequate, and operating effectively. The engagement partner shall
consider the results of the firm's monitoring process as evidenced in the latest information
circulated by the firm and, if applicable, other network firms and whether deficiencies noted in
that information may affect the audit engagement.

ROLE OF AUDITORS IN RECEIVERSHIPS AND LIQUIDATION

The meaning of insolvency

A company is insolvent if the value of its assets is less than its liabilities — in other words, the
statement of financial position shows a position of net liabilities. If all of the company's assets
were sold at book value, the existing liabilities could not be paid. This is a more fundamental
problem than simply being short of cash.
Company directors are charged with monitoring financial position and performance. This is
especially important when the company is experiencing financial difficulties, as a company
experiencing cash flow problems can quickly turn insolvent. When a company is facing
insolvency, the directors must consider the interests of creditors (payables), shareholders and
other stakeholders,, which is impossible to do without up-to-date financial information.
Directors must, therefore, prepare and monitor financial statements and cash flow and profit
forecasts on a regular basis in order to determine the financial position of the company.
Auditors may be asked to advise on whether a company is insolvent, or to review historic or
projected financial information. Having up-to-date financial information and taking
professional advice may also help to protect directors from legal claims such as wrongful
trading or misfeasance.

Options available
The directors of an insolvent company face a difficult decision. Should they continue to trade, in
the hope that the company's performance and position will improve, or should they cut their
losses and wind up the company? This is a dilemma that the auditor may be asked to help
resolve by evaluating the advantages and disadvantages of the options available, and
considering the impact of each on the relevant parties, including creditors, shareholders,
management and employees. The auditor may also be asked to explain the procedures
involved in placing a company into administration or liquidation, as directors will usually have
limited knowledge in this area.

Administration
If the directors decide to try to save the company, it can be placed into administration, which
offers some breathing space and legal protections while a rescue plan is formulated to try to
preserve the company's going concern status. The main advantage of administration is that
once an administrator is appointed, a moratorium over the company's debts commences
meaning that it is not possible for a winding up petition to be presented at court by the
company's creditors (payables) — thus allowing time for the rescue plan to be designed and
initiated.
A company in administration is under the control of the appointed administrator who is given
a short period of time (usually eight weeks) to set out a proposal for achieving the aim of the
administration, or to decide that it is not reasonable that the company can be rescued. A

195
creditors' meeting is called, at which the proposals are accepted or rejected. The administrator
takes over management of the company and has the power to appoint and remove directors.
The process for appointment of an administrator varies, and may or may not involve a court
order. A company, its directors or one or more creditors (payables) can apply to the court for
the appointment of an administrator. The court will grant an administration order only if it is
satisfied that the company is — or is likely to become insolvent, and that the administration
process is likely to achieve its purpose of rescuing the company as a going concern. It is also
possible for an administrator to be appointed without a court order, either by a floating charge
holder, or by the company or its directors.

Liquidation
If the company cannot be saved, then liquidation or 'winding up' is likely to be initiated. The
company will cease to trade, assets are sold, liabilities are paid (to the extent allowed by the
proceeds from the sale of assets and by applying the rules for allocation of assets), and
eventually the company will be dissolved. Once liquidation proceedings are under way share
dealings must stop, and the directors lose their power to manage the company:
The procedures involved in placing a company into liquidation are complicated by the fact that
there are different ways that the process is initiated — compulsory liquidation, members'
voluntary liquidation, and creditors' voluntary liquidation. Compulsory liquidation is usually
initiated by one or more creditors, who apply to the court and must demonstrate that the
company is unable _to, pay its debts. A creditor who is owed and who has served the company
with a written demand for payment that has not been settled, has grounds to apply to the court
for compulsory liquidation. In less common circumstances, a member (shareholder) who is
dissatisfied with the directors' management of the company may petition the court for the
company to be wound up on the just and equitable ground. For this to be successful, the
member has to demonstrate to the court that winding up is the only remedy available.
Voluntary liquidation can occur through two different routes — a member's voluntary
liquidation, or a creditors' voluntary liquidation. The former is used where the company is
solvent, and can only take place when the directors have made a declaration of solvency.
Creditors have no involvement with this type of liquidation, as the declaration of solvency
means that they will be paid in full and therefore have no risk exposure. Shareholders pass a
resolution to wind up the company and appoint a liquidator, who is responsible for closing
down the company.

Voluntary liquidation can occur through two different routes — a member's voluntary
liquidation, or a creditors' voluntary liquidation. The former is used where the company is
solvent, and can only take place when the directors have made a declaration of solvency.
Creditors have no involvement with this type of liquidation, as the declaration of solvency
means that they will be paid in full and therefore have no risk exposure. Shareholders pass a
resolution to wind up the company and appoint a liquidator, who is responsible for closing
down the company.
In contrast, in a creditors' voluntary liquidation the creditors are heavily involved with
proceedings, as in this case the company is not solvent, and therefore creditors face the risk
that they will not be paid the full amount owing to them. The process is started by a
shareholders' meeting where a resolution is passed to agree that the company should be wound
up, but subsequently, the creditors' wishes over the appointment of the liquidator and the

196
process of winding up will override the wishes of the shareholders.
Allocating company assets an important issue arising on liquidation is the order of priority for
allocating company assets. This is especially important for creditors and shareholders because,
by definition, an insolvent company cannot pay everything that is owed. The amounts that will
be paid on liquidation depend on matters such as whether debts are secured or unsecured,
whether charges over assets are fixed or floating in nature, whether shareholders own
preference or equity shares, the costs suffered by the liquidator (which are generally paid first)
and the amount of preferential creditors (including employees' salaries and other benefits in
arrears). In most liquidations equity shareholders receive very little, and usually nothing, as
they rank last in the order of priority in allocating company assets. The auditor of an insolvent
or potentially insolvent company may be asked to advice on the allocation of company assets

TOPIC 9

AUDIT REPORT

7th SCHEDULE PROVISIONS ON AUDIT REPORT

Companies Act stipulates the statements that should be expressly stated in the auditor’s
report. These are;
1. Whether they have obtained all the information and explanations which to the best of
their knowledge and belief were necessary for the purposes of their audit.
2. Whether in their opinion, proper books of account have been kept by the company, so
far as appears from their examination of those books, and proper returns adequate for
the purposes of their audit have been received from branches not visited by them.
3.
- Whether the company's balance sheet and (unless it is framed as a consolidated profit
and loss account) profit and loss account dealt with by the report are in agreement
with the books of account and returns.
- Whether, in their opinion and to the best of their information and according to the
explanations given to them, the said accounts give the information required by this
Act in the manner so required and give a true and fair view—
(a) in the case of the balance sheet, of the state of the company's affairs as at the
end of its financial year; and
(b) in the case of the profit and loss account, of the profit or loss for its financial
year; or, as the case may be, give a true and fair view thereof subject to the non-
disclosure of any matters (to be indicated in the report) which by virtue of Part
III of the Sixth Schedule are not required to be disclosed.
4. In the case of a company which is a holding company and which submits group
accounts whether, in their opinion, the group accounts have been properly prepared in
accordance with the provisions of this Act so as to give a true and fair view of the state
of affairs and profit or loss of the company and its subsidiaries dealt with thereby, so far
as concerns members of the company, or, as the case may be, so as to give a true and
fair view thereof subject to the non-disclosure of any matters (to be indicated in the
report) which by virtue of Part III of the Sixth Schedule are not required to be

197
 disclosed.

When financial statements are finalised, they usually must contain an evaluation – an auditor's
report - from a licensed accountant or auditor. This report provides an overview of the
evaluation of the validity and reliability of a company or organization’s financial statements.

The goal of an auditor's report is to document reasonable assurance that a company’s financial
statements are free from error.

An audit of a company’s financial statements should result in a report wherein the accountant
or auditor is free to share their opinion about the validity and reliability of a company’s
financial statements.

In this report, the auditor should provide an accurate picture of the company and their financial
statements. The auditor should also state whether they are externally or internally connected to
the company.

Within the report, the auditor can share any reservations about the condition of the company’s
finances or relevant additional information. Reservations could arise if the auditor disagrees
with something found in the financial statements, e.g. if the auditor disagrees with
management about the valuation of an asset because they believe that this has a more
significant impact on the financial statements.

In the report there are rules concerning what an auditor's report should include and the order in
which various items should be reported.

Auditor's reports must adhere to accepted standards established by governing bodies. The
governing bodies help to assure external users that the auditor's opinion on the fairness of
financial statements is based on a commonly accepted framework.

BASIC ELEMENTS

The Companies Act does not stipulate the form the auditor’s report should take. The auditing
standards seek to ensure that the auditor’s report is clear and unambiguous. To this end, it
seeks to standardize the form of the auditor’s report. It does this by giving the basic elements
of the auditor’s report.

i. Appropriate report title

Auditing standards require that the report be titled and that the title includes the word
“independent‟ e.g. independent auditor’s report‟. The requirement that the title includes the
word independent is intended to convey to users that the audit was unbiased in all aspects.

ii. Address

The report is usually addressed to the company, its stockholders or the board of directors. For

198
practical reasons, it limits the users of auditor’s report.

iii. Introductory paragraph

The first paragraph has three purposes, fist, it makes a statement that the practice did an audit.
Secondly, it lists all the financial statements that were audited including the balance sheet
dates and accounting periods for the income statement and cash flow statement. The wording
of the financial statements in the report should be identical to those used by management on
the financial statements. Thirdly, the introductory paragraph states that the statements are the
responsibility of management and that the auditor’s responsibility is to express an opinion on
the statements based on the audit.

iv. Scope paragraph

This paragraph is a factual statement about what the auditor did in the audit. This paragraph
states how the audit was planned and performed in accordance with ISAs and states that the
audit is designed to obtain reasonable assurance whether the financial statements are free of
material misstatements.

v. Opinion paragraph

This final paragraph states the auditors conclusions based on the results of the audit. This part
of the report is so important that often the audit report is simply called the auditor’s opinion.
The opinion paragraph is stated as an opinion rather than a statement of absolute fact or a
guarantee.

vi. Audit report date

The appropriate date for the report is the one on which the auditor has completed the most
important audit procedures in the field. This date is important to users of financial statements
as it indicates the last day of auditor’s responsibility for review of significant events that have
occurred after date of financial statements.

vii. Name of audit firm

The firm’s name is used because the entire firm has the legal responsibility to ensure that the
quality of audit meets professional standards.

TYPES OF OPINIONS
a) Unqualified opinion.
b) Disclaimer opinion
c) Qualified opinion
d) Adverse opinion

199
Unqualified opinion

This is issued when the auditor is satisfied in all material aspects that enable him express the
required opinion on financial statements without any reservation. This is sometimes called a
clean opinion. It is expressed when the auditor concludes that the financial statements give a
true and fair view in accordance with the relevant financial reporting standards.

Emphasis on matter report

There are occasions when the auditor has no reservation as to the financial statements but
where they exists unusual events, conditions or accounting policies and he feels that unless the
reader may not reach a proper understanding of the financial position and results. In such
circumstances, the auditor should express an unqualified opinion including an extra paragraph
called „emphasis of the matter paragraph‟ to draw attention of the reader to the unusual
matter.

The addition of such an emphasis of matter paragraph does not lead to a qualification of the
audit opinion but is intended to enable the reader obtain a better understanding. To avoid this
being understood as a qualification, the emphasis of the matter paragraph should contain the
phrase “without qualifying our opinion‟.

Practical circumstances requiring emphasis of matter paragraph are:

i. Unusual condition would include destruction of assets after balance sheet date but the
company remains a going concern.

ii. The company being insolvent on the face of its own balance sheet but the auditor has
letters of support which he is satisfied can be fulfilled by the other party thus he will
accept appropriateness of the going concern assumption. Unusual events could also
include changes in the legislation that could have a material impact on the entity’s
business operations subsequent to the balance sheet date. Unusual accounting policies
that may lead to emphasis of matter paragraph would involve those matters not covered
by any accounting standard.

iii. Inherent uncertainties that may call for emphasis of matter paragraph would include
contingencies at the balance sheet date which have not been resolved at the date of
signing the auditor’s report.

iv. Negotiations for financing which have not been financed by date of signing of the
auditor’s report.

The format of the unqualified audit report

Here is the illustrative unqualified report from ISA 700

Auditor’s Report

(APPROPRIATE ADDRESSEE)

200
We have audited the accompanying balance sheet of the ABC Company as of December
31, 20x1, and the related statements of income, and cash flows for the year then ended.
These financial statements are the responsibility of the Company’s management. Our
responsibility is to express an opinion on these financial statements based on our audit.

We conducted our audit in accordance with International Standards on Auditing (or refer
to relevant national standards or practices). Those standards require that we plan and
perform the audit to obtain reasonable assurance about whether the financial statements
are free of material misstatement. An audit includes examining, on a test basis, evidence
supporting the amounts and disclosures in the financial statements. An audit also
includes assessing the account principles used in significant estimates made by the
management, as well as evaluating the overall financial statement presentation. We
believe that our audit provides a reasonable basis for our opinion.

In our opinion, the financial statements give a true and view of (or „present fairly, in all
material respects,‟) the financial position of the Company as of December 31, 20x1 and
of results of its operations and its cash flows for the year then ended in accordance with
… (and comply with ….)

AUDITOR

Date

Address‟

Footnotes:
1. Reference may be by page numbers
2. Indicate IASs or relevant national standards
3. Refer to relevant statues or law

Qualifications of audit reports

When the auditor has reservation on any matter that is considered material to the financial
statements, he may introduce qualifying remarks in the audit report. The auditor’s reservation
could arise out of the following;
 Limitation on the scope of his work.
 Disagreement with management.
 Significant uncertainty affecting financial statements, the resolution of which is
dependent upon future events.

b) Qualified audit opinion or except for opinion.

This is expressed when auditor concludes that unqualified opinion cannot be expressed but
that the effect of any disagreement with management or limitation in scope is not so material
and pervasive as to require an adverse opinion or disclaimed opinion. A qualified opinion

201
implies that all aspects of the financial statements are okay except for the effects of the matters
which the qualifications relate.

c) Disclaimer of opinion.

This is issued when the possible effect of a limitation in scope or uncertainty is so material or
pervasive that the auditor has not been able to obtain sufficient appropriate audit evidence, as a
result he is unable to express an opinion on financial statements. A disclaimer of opinion
implies that the auditor is unable to form an opinion because sufficient audit evidence could
not be obtained.

d) Adverse opinion.

This is expressed when the effects of a disagreement is so material and pervasive to the
financial statements that the auditor concludes that a qualification of the report is not adequate
to disclose the misleading and incomplete nature of the financial statements. The auditor states
that due to the nature of the disagreement in his opinion, the financial statements do not show
true and fair view.

Limitation of scope

If for any reason the auditor is unable to receive all the information and explanations he
deems necessary for the purposes of his audit, then there is a limitation in scope of his work.
It means that the auditor to conclude his work objectively. This could arise due to the
following reasons;
 Refusals by management to allow the auditor examine certain documents or records.
 If the auditor is denied the opportunity to carry out an auditing procedure he considers
important and he cannot conclude through alternative procedures, then there is
limitation of scope in auditor’s work.
 Destruction of accounting records or documents through fire of other disaster meaning
that such documents or records are not available for examination by the auditor.
 Being appointed auditor after the year end with the result that certain evidence will not
be collected.

Effects of limitation in scope on the auditor’s opinion

If the possible effect of limitation in scope of an audit is material but not fundamental to the
financial statements, the auditor issues a qualified opinion. (Except for opinion.)

If the possible effect of limitation in scope of an audit is of fundamental importance that the
auditor is unable to express an opinion on the financial statements, the auditor issues a
disclaimer of opinion as mentioned above.

When there is a limitation in scope of auditor’s work that requires the expression of a
qualified opinion or a disclaimer of opinion, the auditor should describe the nature of the

202
limitation in his report and indicate the possible adjustments to the financial statements that
might have been determined to be necessary, had the limitation not existed.

Examples of modified reports

(a) Limitation on scope

(i) Limitation on scope – qualified person

„We have audited … (remaining words are the same as illustrated in the introductory
paragraph of the unqualified above).

Except as discussed in the following paragraph, we conducted our audit in accordance

with….(remaining words are the same as illustrated in the scope paragraph of the
unqualified report above).

We did not observe the counting of the physical inventories as of December 31, 20x1,
since that date was prior to the time we were initially engaged as auditors’ fir the
company. Owing to the nature of the company’s records, we were unable to satisfy
ourselves as to inventory quantities by other audit procedures.

In our opinion, except for the effects of such adjustments, if any, as might have been
determined to be necessary had we been able to satisfy ourselves as to physical
inventory quantities, the financial statements give a true and (remaining words are the
same as illustrated in the opinion paragraph of the unqualified report above).‟

(ii) Limitation on scope – disclaimer of opinion

„We are engaged to audit the accompanying balance sheet of the ABC Company as of

December 31 20x1 and the related statements of income, and cash flows for the year then
ended. These financial statements are the responsibility of the Company’s management.

(Omit the sentence stating the responsibility of the auditor).

(The paragraph discussing the scope of the audit would either be omitted or amended
according to the circumstances.)

(Add a paragraph discussing the scope limitations as follows:)

We were not able to observe all physical inventories and confirm accounts receivable due
to limitations placed on the scope of our work by the company.

Because of the significance of the matters discussed in the preceding paragraph we do not
express an opinion on the financial statements.

203
 Inherent uncertainties

Inherent uncertainties result from circumstances in which it is impossible for the auditor to
reach any objective conclusion as to the outcome of a situation due to the circumstances
themselves rather than a limitation of scope of the audit. Such uncertainties are only resolved
through the passage of time e.g. to wait for the outcome of a litigation. However, time is a
great constraint and financial statements must be prepared within the required time. The
auditor should form an opinion on the adequacy of the accounting treatment of such
uncertainties. This will involve consideration of:
 The appropriateness of any accounting policies adopted by the management in
treating the effect of such uncertainties.

 The reasonableness of the estimates included in the financial statements.

 The adequacy of disclosure of the uncertainties.

Some inherent uncertainties are fundamental. These are uncertainties where the degree of
uncertainty and its potential impact on the view given by the financial statements may very
great.
In determining whether an uncertainty is fundamental, the auditor considers the following:
 The risk of the estimate included in the balance sheet being subject to change.
 The range of possible outcomes.
 The consequences of those outcomes on the view given by the financial statements.
Inherent uncertainties are considered fundamental when they involve a significant level
of concern about the validity of the going concern assumption or other matters whose
potential effect on the financial statements is usually great.

Disagreement

Under disagreement, the auditor is able to conclude objectively that he has received all the
information and explanations he considers necessary for the purpose of the audit. But his
conclusion is at variance with the position adopted by the management or the view given by
the financial statements. Circumstances giving rise to disagreements include;

 Application of inappropriate records by the management.

 Some facts or amounts included in the financial statements e.g. the auditor may feel
that the amount provided for as a contingent loss arising from a lawsuit against the
company is too low.
 Interpretation of accounting policies or legislation.
 Manner, mode or extent of disclosure of facts or amounts in the financial statements.

Whether the auditor agrees with the accounting treatment or disclosure of a matter in the
financial statements and in the auditor’s opinion, the effect of that disagreement is material to
the financial statements, the auditor should;
 Include in his report a description of all the factors giving rise to the disagreement.
 The implications of such factors on the financial statements.

204
  A quantification of the effect on the financial statements.

Examples

(i) Disagreement on Accounting Policies- Inappropriate Accounting method – Qualified

Opinion
„We have audited ….(remaining words are the same as illustrated in the introductory
paragraph of the unqualified report above.)

We conducted our audit in accordance with … (remaining words are the same as
illustrated in the scope paragraph of the unqualified report above).

As discussed in Note X to the financial statements, no depreciation has been provided in

the financial statements which practice, in our opinion, isn’t in accordance with
International

Accounting Standards. The provision for the year ended December 31, 20x1 should be
based on the straight line method of depreciation using annual rates of 5% for the
building and 20% for the equipment. Accordingly the non-current assets should be
reduced by the accumulated depreciation of xxx and the loss for the year and
accumulated deficit should be increased by xxx and xxx respectively.

In our opinion, except for the effect on the financial statements of the matter referred to
in the preceding paragraph, the financial statements give a true and …. (Remaining words
are the same as illustrated in the opinion paragraph of the unqualified report above).

(ii) Disagreement on Accounting Policies – inadequate disclosure – qualified opinion

„We have audited … (remaining words are the same as illustrated in the introductory
paragraph of the unqualified report above).

We conducted our audit in accordance with…. (Remaining words are the same as
illustrated in the scope paragraph of the unqualified report above.

On January 15, 2OO7, the company issued debentures in the amount of xx for the
purpose of financing plant expansion. The debenture agreement restricts the payment
of future cash dividends to earnings after December 31, 20x1. In our opinion,
disclosure of this information is required by …. (Insert reference to statutory or
regulatory requirement).

In our opinion, except for the omission of the information included in the preceding
paragraph, the financial statements give a true and … (remaining words are the same as
illustrated in the opinion paragraph of the unqualified report above).

205
(iii) Disagreement on Accounting Policies – inadequate disclosure – adverse opinion

We have audited … (remaining words are the same as illustrated in the introductory
paragraph of the unqualified report above).

We conducted our audit in accordance with.. (Remaining words are the same as illustrated
in the scope paragraph of the unqualified report above.

In our opinion, because of the effects of the matters discussed in the preceding
paragraph(s), the financial statements do not give a true and fair of (or do not „present
fairly‟) the financial position of the company as at December 31, 20x1, and of result of its
operations and its cash flows for the year then ended in accordance with (insert relevant
IASs or national standards) ..
And do not comply with …… (Insert relevant statutes or law).

Effects of disagreements on auditor’s opinion

When the auditor concludes that the effect of the matter giving rise to disagreement is so
fundamental that the financial statements are misleading, the auditor should issue an adverse
opinion.

If the nature of the disagreement is material but not fundamental, the auditor should issue a
qualified opinion indicating that all other aspects of the financial statements are okay except
for the matter giving rise to the disagreement.

Material but not pervasive

The auditor may not include qualifying remarks in his audit report unless the matter is
material. Material but not pervasive means that the reservation the auditor has is material in
the context of a segment of the financial statements but not to the financial statements taken
as a whole.

Material and pervasive

A matter becomes material and pervasive when it is material in the context of the financial
statements taken as a whole. A limitation of scope becomes pervasive when it makes the
financial statements misleading for decision making purposes or of little value for decision
making purposes. A disagreement becomes pervasive when it makes the financial statements
taken as a whole to be totally misleading.

Qualification matrix

Nature of circumstance Material but not significant Fundamental

206
Limitation of scope or Qualified opinion (except for opinion) Disclaimer of opinion
uncertainty
Disagreement Qualified opinion (except for opinion) Adverse opinion

Going Concern (ISA 570)

The going concern concept is a fundamental concept of IAS 1 (disclosure of accounting

policies) which governs the preparation and presentation of financial statements. This concept
states that the transactions and the financial statements have to be recognized and prepared in
such a way that the entity shall continue with operations for the foreseeable future period and
shall not cease to be in existence, stop or curtail is present production either currently or in the
near future.

The auditor when reporting on the financial statements is categorically concerned of the going
concern concept because;
 It affects true and fair view of the financial statements
 It facilitates qualification of audit reports.
 It confirms compliance of financial statements with the generally accepted accounting
principles and policies.
 The auditor’s main interest will be that all material matters affecting the financial
statements have been disclosed.
If fundamental accounting principles governing the financial statements have been properly
observed in all material aspects, the financial statements presented show a true and fair view.

Appropriateness of going concern assumption

The auditor should consider the risk that the going concern assumption may no longer be
appropriate. Indications of the risk that the continuance as a going concern may be
questionable could come from the financial statements or from other sources. Examples of
such indications are as follows:

a. Financial indicators.
 Changes of the financial position of the company drastically within a short period of
time especially from bad to worse.
 Financial difficulties affecting the company’s production process and sales.
 Changes of credit policies especially from credit to cash on delivery.
 Difficulties in paying salaries and wages of employees.
 Increased financial borrowing.

b. Non financial indicators.

 High staff turnover in key accounting and managerial officials and finance personnel
especially without replacement.

207
  Unfriendly environment between management and management and employees
 Unusual pressure within the entity for no apparent reason.
 Circumstances of labour disputes e.g. strikes by employees leading to demonstrations
ad protests.
 Where the entity relies heavily on a customer for sale of its products or for marketing
its output.
 Pending legal proceedings against the entity that may, if successful, result in
judgements that could not be met.
 Noncompliance with capital and other statutory requirements.

The significance of such indications can often be mitigated by other factors. For example, the
effect of an entity being unable to make its normal debt repayments may be counterbalanced
by management’s plans to maintain adequate cash flows by alternative means, such as by
disposal of assets, rescheduling of loan repayments, or obtaining additional capital. Similarly,
the loss of a principal supplier may be mitigated by the availability of a suitable alternative
source of supply.

TOPIC 10

AUDITING IN THE PUBLIC SECTOR

INTRODUCTION TO AUDITING IN THE PUBLIC SECTOR; REGULATORY

PROVISIONS

Objectives of public-sector auditing

1. The public-sector audit environment is that in which governments and other public-
sector entities exercise responsibility for the use of resources derived from taxation and
other sources in the delivery of services to citizens and other recipients. These entities
are accountable for their management and performance, and for the use of resources,
both to those that provide the resources and to those, who depend on the services
delivered using those resources, for example citizens, Public-sector auditing helps to
create suitable conditions and reinforce the expectation that public-sector entities and
public servants will perform their functions effectively, efficiently, ethically and in
accordance with the applicable laws and regulations.

2. In general public-sector auditing can be described as a systematic process of objectively

obtaining and evaluating evidence to determine whether information or actual
conditions conform to established criteria. Public-sector auditing is essential in that it
provides legislative and oversight bodies, those charged with governance and the
general public with information and. independent and objective assessments concerning
the stewardship and performance of government policies, programs or operations.
3. Supreme Audit Institutions serve this aim as important pillars of their national
democratic systems and governance mechanisms and play an important role in
enhancing public-sector administration by emphasizing the principles of transparency,

208
 accountability, governance and performance.

Public-sector auditing contributes to good governance by:

1. Providing the intended users with independent, objective and reliable information,
conclusions or opinions based on sufficient and appropriate evidence relating to public
entities;

2. Enhancing accountability and transparency, encouraging continuous improvement and

sustained confidence in the appropriate use of public funds and assets and the
performance of public administration;

3. Reinforcing the effectiveness of those bodies within the constitutional arrangement that
exercise general monitoring and corrective functions over government, and those
responsible for the management of publicly-funded activities;

4. Creating incentives for change by providing knowledge,- comprehensive analysis and

well- founded recommendations for improvement.

Types of public-sector audit

In general, public-sector audits can be categorized into three main types: audits of financial
statements, performance audits and audits of compliance with authorities.
1. Financial audit focuses on determining whether an entity's financial information is
presented in accordance with the applicable financial reporting and regulatory
framework. This is accomplished by obtaining sufficient and appropriate audit evidence
to enable the auditor to express an opinion as to whether the financial information is
free from material misstatement ^ due to fraud or error.
2. Performance audit focuses on whether interventions, programmes and institutions are
performing in accordance with the principles of economy, efficiency and effectiveness
and whether there is room for improvement. Performance is examined against suitable
criteria, and the causes of deviations from those criteria or other problems are analyzed.
The aim is to answer key audit questions and to provide recommendations for
improvement.
3. Compliance audit focuses on whether a particular subject matter is in compliance with
authorities identified as criteria. Compliance auditing is performed by assessing
whether activities, financial transactions and information are, in ail material respects, in
compliance with the authorities which govern the audited entity. These authorities may
include rules, laws and regulations, policies, established codes, agreed terms or the
general principles governing sound public-sector financial management and the conduct
of public officials.

ELEMENTS OF PUBLIC-SECTOR AUDITING

209
All public-sector audits have the same basic elements: the auditor, the responsible party,
intended users (the three parties to the audit), the subject matter and the criteria for assessing
the subject matter.
1. The auditor: In public-sector auditing the role of auditor is fulfilled by the Head of the
SA1 and by persons to whom the task of conducting the audits is delegated. The overall
responsibility for public-sector auditing remains as defined by the SAI's mandate.
2. The responsible party: In public-sector auditing the relevant responsibilities are
determined by constitutional or legislative arrangement. The responsible parties may be
responsible for managing the subject matter or for addressing recommendations, and
may be individuals or organizations.
3. Intended users: The individuals, organizations or classes thereof for whom the auditor
prepares the audit report. The intended users may be legislative or oversight bodies,
those charged with governance or the general public.
4. Subject matter refers to the information, condition or activity that is measured or
evaluated against certain criteria. It can take many forms and have different
characteristics depending on the audit objective. An appropriate subject matter is
identifiable and capable of consistent evaluation or measurement against the criteria,
such that it can be subjected to procedures for gathering sufficient and appropriate audit
evidence to support the audit opinion or conclusion.
5. The criteria are the benchmarks used to evaluate the subject matter. Each audit should
have criteria suitable to the circumstances of that audit. In determining the suitability of
criteria the auditor considers their relevance and understandability for the intended
users, as well as their completeness, reliability and objectivity. The criteria used may
depend on a range of factors, including the objectives and the type of audit. Criteria can
be specific or more general, and may be drawn from various sources, including laws,
regulations, standards, sound principles and best practices. They should be made
available to the intended users to enable them to understand how the subject matter has
been evaluated or measured

Types of engagement

There are two types of engagement:

 In attestation engagements the responsible party measures the subject matter against the
criteria and presents the subject matter information, on which the auditor then gathers
sufficient and appropriate audit evidence to provide a reasonable basis for expressing
an opinion on the reasonableness of a certain assertion.

 In direct reporting engagements it is the auditor who measures or evaluates the subject
matter against the criteria. The auditor selects the subject matter and criteria, taking into
consideration risk and materiality. The outcome of measuring the subject matter against
the criteria is presented in the audit report in the form of findings, conclusions,
recommendations or an opinion. The audit of the subject matter may also provide new
information, analyses or insights.

Confidence and assurance in public-sector auditing

210
The need for confidence and assurance
The Intended users will wish to be confident about the reliability and relevance of the
information which they use as the basis for taking decisions. Audits therefore provide
information based on sufficient and appropriate evidence, and auditors should perform
procedures to reduce or manage the risk of reaching inappropriate conclusions. The level of
assurance that can be provided to the intended user should be communicated in a transparent
way. Due to inherent limitations, however, audits can never provide absolute assurance.

Forms of providing assurance

Depending on the audit and the users' needs, assurance can be communicated in two
ways:
 Through opinions and conclusions which explicitly convey the level of assurance. This
applies to ah attestation engagements and certain direct reporting engagements.

 In other forms in some direct reporting engagements the auditor does not give an
explicit statement of assurance on the subject matter. In such cases the auditor provides
the users with the necessary degree of confidence by explicitly explaining how
findings, criteria and conclusions were developed in a balanced and reasoned manner,
and why the combinations of findings and criteria result in a certain overall conclusion
or recommendation.

Levels of assurance
Assurance can be either reasonable or limited. Reasonable assurance is high but net absolute.
The audit conclusion is expressed positively, conveying that, in the auditor's opinion, the
subject matter is or is not compliant in all material respects, or, where relevant, that the subject
matter information provides a true and fair view, in accordance with the applicable criteria.
When providing limited assurance, the audit conclusion states that, based on the procedures
performed, nothing has come to the auditor's attention to cause the auditor to believe that the
subject matter is not in compliance with the applicable criteria. The procedures performed in a
limited assurance audit are limited compared with what is necessary to obtain reasonable
assurance, but the level of assurance is expected, in the auditor's professional judgement, to be
meaningful to the intended users. A limited assurance report conveys the limited nature of the
assurance provided.

PRINCIPLES OF PUBLIC-SECTOR AUDITING

General principles
1. Ethics and independence- Auditors should comply with the relevant ethical
requirements and be independent Ethical principles should be embodied in an auditor's
professional behaviour. The SAIs should have policies addressing ethical requirements
and emphasising the need for compliance by each auditor. Auditors should remain
independent so that their reports will be impartial and be seen as such by the intended

211
 users.

2. Professional judgement, due care and skepticism- Auditors should maintain

appropriate professional behaviour by applying professional skepticism, professional
judgment and due care throughout the audit. The auditor's attitude should be
characterized by professional skepticism and professional judgement, which are to be
applied when forming decisions about the appropriate course of action. Auditors should
exercise due care to ensure that their professional behaviour is appropriate. Professional
skepticism means maintaining professional distance and an alert and questioning attitude when
assessing the sufficiency and appropriateness of evidence obtained throughout the audit. It also
entails remaining open-minded and receptive to all views and arguments. Professional
judgement implies the application of collective knowledge, skills and experience to the audit
process. Due care means that the auditor should plan and conduct audits in. a diligent manner.
Auditors should avoid any conduct that might discredit their work.

3. Quality control- Auditors should perform the audit in accordance with professional
standards on quality control An SAI's quality control policies and procedures should
comply with professional standards, the aim being to ensure that audits are conducted at
a consistently high level. Quality control procedures should cover matters such as the
direction, review and supervision of the audit process and the need for consultation in
order to reach decisions on difficult or contentious matters.

4. Audit team management and skills- Auditors should possess or have access to the
necessary skills. The individuals in the audit team should collectively possess the
knowledge, skills and expertise necessary to successfully complete the audit. This
includes an understanding and practical experience of the type of audit being conducted,
familiarity with the applicable standards and legislation, an understanding of the entity's
operations and the ability and experience to exercise professional judgement. Common to
all audits is the need to recruit personnel with suitable qualifications, offer staff
development and training, prepare manuals and other written guidance and instructions
concerning the conduct of audits, and assign sufficient audit resources. Auditors should
maintain their professional competence through ongoing professional development.

5. Audit risk- Auditors should manage the risks of providing a report that is inappropriate
in the circumstances of the audit. The audit risk is the risk that the audit report may be
inappropriate. The auditor performs procedures to reduce or manage the risk of reaching
inappropriate conclusions, recognising that the limitations inherent to all audits mean
that an audit can never provide absolute certainty of the condition of the subject matter.
When the objective is to provide reasonable assurance, the auditor should reduce audit
risk to an acceptably low level given the circumstances of the audit. The audit may also
aim to provide limited assurance, in which case the acceptable risk that criteria are not
complied with is greater than in a reasonable assurance audit. A limited assurance audit
provides a level of assurance that, in the auditor's professional judgment, will be
meaningful to the intended users.

6. Materiality- Auditors should consider materiality throughout the audit process

212
 Materiality is relevant in all audits. A matter can be judged material if knowledge of it
would be likely to influence the decisions of the intended users. Determining
materiality is a matter of professional judgement and depends on the auditor's
interpretation of the users' needs. This judgement may relate to an individual item or to
a group of items taken together. Materiality is often considered in terms of value, but it
also has other quantitative as well as qualitative aspects. The inherent characteristics of an item
or group of items may render a matter material by its very nature. A matter may also be material
because of the context in which it occurs.

7. Documentation- Auditors should prepare audit documentation that is sufficiently

detailed to provide a dear understanding of the work performed, evidence obtained and
conclusions reached Audit documentation should include an audit strategy and audit
plan. It should record the procedures performed and evidence obtained and support the
communicated results of the audit. Documentation should be sufficiently detailed to
enable an experienced auditor, with no prior knowledge of the audit, to understand the
nature, timing, scope and results of the procedures performed, the evidence Obtained in
support of the audit conclusions and recommendations, the reasoning behind all
significant matters that required the exercise of professional judgement, and the related
conclusions.

8. Communication- Auditors should establish effective communication throughout the

audit process it is essential that the audited entity be kept informed of all matters
relating to the audit. This is key to developing a constructive working relationship.
Communication should include obtaining information relevant to the audit and
providing management and those charged with governance with timely observations
and findings throughout the engagement. The auditor may also have a responsibility to
communicate audit-related matters to other stakeholders, such as legislative and
oversight bodies.

Principles related to the audit process

Planning an audit
1. Auditors should ensure that the terms of the audit have been clearly established Audits
may be required by statute, requested by a legislative or oversight body, initiated by the
SAI or carried out by simple agreement with the audited entity, in all cases the auditor,
the audited entity's management, those charged with governance and others as
applicable should reach a common formal understanding of the terms of the audit and
their respective roles and responsibilities, important information may include the
subject, scope and objectives of the audit, access to data, the report that will result from
the audit, the audit process, contact persons, and the roles and responsibilities of the
different parties to the engagement.

2. Auditors should obtain an understanding of the nature of the entity/programme to be

audited. This includes understanding the relevant objectives, operations, regulatory
environment, internal controls, financial and other systems and business processes, and

213
 researching the potential sources of audit evidence. Knowledge can be obtained from
regular interaction with management, those charged with governance and other relevant
stakeholders. This may mean consulting experts and examining documents (including
earlier studies and other sources) in order to gain a broad understanding of the subject matter to
be audited and its context.

3. Auditors should conduct a risk assessment or problem analysis and revise this as
necessary in response to the audit findings. The nature of the risks identified will vary
according to the audit objective. The auditor should consider and assess the risk of
different types of deficiencies, deviations or misstatements that may occur in relation to
the subject matter. Both general and specific risks should be considered. This can be
achieved through procedures that serve to obtain an understanding of the entity or
programme and its environment, including the relevant internal controls. The auditor
should assess the management's response to identified risks, including its
implementation and design of internal controls to address them, in a problem analysis
the auditor should consider actual indications of problems or deviations from what
should be or is expected. This process involves examining various problem indicators
in order to define the audit objectives. The identification of risks and their impact on
the audit should be considered throughout the audit process.

4. Auditors should identify and assess the risks of fraud relevant to the audit objectives
Auditors should make enquiries and perform procedures to identify and respond to the
risks of fraud relevant to the audit objectives. They should maintain an attitude of
professional skepticism and be alert to the possibility of fraud throughout the audit
process.

5. Auditors should plan their work to ensure that ’fee audit is conducted m an effective
and efficient manner

Planning for a specific audit includes strategy and operational aspects.

Strategically, planning should define the audit scope, objectives and approach. The
objectives refer to what the audit is intended to accomplish. The scope relates to the
subject matter and the criteria which the auditors will use to assess and report on the
subject matter, and is directly related to the objectives. The approach will describe
the nature and extent of the procedures to be used for gathering audit evidence. The
audit should be planned to reduce audit risk to an acceptably few fever.

Operationally, planning entails setting a timetable for the audit and defining the nature,
timing; and extent of the audit procedures. During planning, auditors should assign the
members of their team as appropriate and identify other resources that may be required,
such as subject experts

Conducting an audit

1. Auditors should perform audit procedures that provide sufficient appropriate audit
evidence to support the audit report. The auditor's decisions on the nature, timing and
extent of audit procedures will impact on the evidence to be obtained. The choice of
procedures will depend on the risk assessment or problem analysis.

214
 2. Auditors should evaluate me the audit evidence and draw conclusions after completing
the audit Procedures, the auditor will review the audit documentation in order to
determine whether the subject matter has been sufficiently and appropriately audited.
Before drawing conclusions, the auditor reconsiders the initial assessment of risk and
materiality in the light of the evidence collected and determines whether additional
audit procedures need to be performed.

Based on the findings, the auditor should exercise professional judgement to reach a
conclusion on the subject matter or subject matter information.

Reporting and follow-up

Auditors should prepare a report based on the conclusions reached. The audit process involves
preparing a report to communicate the results of the audit to stakeholders, others responsible
for governance and the general public. The purpose is also to facilitate follow-up and
corrective action. In some SAIs, such as courts of audit with jurisdictional authority this may
include issuing legally binding reports or judicial decisions. Reports should be easy to
understand, free from vagueness or ambiguity and complete. They should be objective and
fair, only including information which is supported by sufficient and appropriate audit
evidence and ensuring that findings are put into perspective and context. The form and content
of a report will depend on the nature of the audit, the intended users, the applicable standards
and legal requirements. The SAIs mandate and other relevant laws or regulations may specify
the layout or wording of reports, which can appear in short form or long form.
Attestation engagements. In attestation engagements the audit report may express an opinion
as to whether the subject matter information is, in all material respects, free from misstatement
and/or whether the subject matter complies, in all material respects, with the established
criteria, in an attestation engagement the report is generally referred to as the Auditor
general’s report

Direct engagements in direct engagements the audit report needs to state the audit objectives
and describe how they were addressed in the audit, it includes findings and conclusions on the
subject matter and may also include recommendations. Additional information about criteria,
methodology and sources of data may also be given, and any limitations to the audit scope
should be described.
The audit report should explain how the evidence obtained was used and why the resulting
conclusions were drawn, this will enable it to provide the intended users with the necessary
degree of confidence.

Opinion
When an audit opinion is used to convey the level of assurance, the opinion should be in a
standardized format. The opinion may be un modified or modified. An unmodified opinion is
used when either limited or reasonable assurance has been obtained. A modified opinion may
be:
 Qualified (except for) - where the auditor disagrees with, or is unable to obtain
sufficient and appropriate audit evidence about, certain items in the subject matter
which could be material but not pervasive;

215
  Adverse ~ where the auditor, having obtained sufficient and appropriate audit evidence,
concludes that deviations or misstatements, whether individually or in the aggregate,
are both material and pervasive;
 Disclaimer of opinion - where the auditor is unable to obtain sufficient and appropriate
audit evidence due to an uncertainty or scope limitation which is both material and
pervasive.

ESTABLISHMENT AND MANDATE OF KENAO

The Office of the Auditor General draws its mandate from the Constitution of Kenya. Chapter
12, Part 6, Article 229 establishes the Office of the Auditor General. Article 229 states:
1. There shall be an Auditor-General who shall be nominated by the President and, with
the approval of the National Assembly, appointed by the President.
2. To be qualified to be the Auditor-General, a person shall have extensive knowledge of
public finance or at least ten years' experience in auditing or public finance
management.
3. The Auditor-General holds office, subject to Article 251, for a term of eight years and
shall not be eligible for re-appointment.
4. Within six months after the end of each financial year, the Auditor-General shall audit
and report, in respect of that financial year, on:-
 The accounts of the national and county governments;
 The accounts of all funds and authorities of the national and county governments;
 The accounts of all courts;
 The accounts of every commission and independent office established by this
Constitution;
 The accounts of the National Assembly, the Senate and the county assemblies; p
The accounts of political parties funded from public funds;
 The public debt; and
 The accounts of any other entity that legislation requires the Auditor-General to
audit
5. The Auditor General may audit and report on the accounts of any entity that is funded
from public funds.
6. An audit report shall confirm whether or not public money has been applied lawfully
and in an effective way.

7. Audit reports shall be submitted to Parliament or the relevant county assembly.

8. Within three months after receiving an audit report, Parliament or the county assembly
shall debate and consider the report and take appropriate action.

THE ROLE OF INTERNAL AUDITING

 Internal audit is an objective assurance and consulting activity that is independently

216
 managed within an organization and guided by philosophy of adding value to improve
the operations of the organization.
 It helps an organization accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management, control, and
governance processes. It achieves this by:

a) consultancy that aims to identify the obstacles which prevent the conduct of
normal course of processes, establishment of causes, the determination of
consequences, presenting solutions for their elimination;
b) facilitating understanding in order to obtain additional information for in-depth
knowledge of the operation of a standard or a normative provisions, necessary
for the personnel carrying out their implementation;
c) Training and professional development to provide theoretical and practical
knowledge by organizing courses and seminars on financial management, risk
management and internal control.
 Internal auditing may analyze strengths and weaknesses of an organization's internal
control, considering its governance, organizational culture, and related threats and
opportunities for improvement which can affect whether the organization is able to
achieve its goals. The analysis assesses whether risk management identifies the risks
and puts controls in place to manage public funds in an effective and efficient manner
 Internal auditing works with those charged with governance, 1 such as board, audit
committee, senior management or, where appropriate, an external oversight body, in
ensuring that appropriate systems of internal control are designed and implemented. As
such, internal auditing can provide assistance regarding accomplishment of goals and
objectives, strengthening controls, and improving the efficiency and effectiveness of
operations and compliance with authorities. It is important to clarify that while internal
auditing can provide ' assistance on internal control, it should not perform management
or operational duties.
 The internal audit’s role is to contribute to the proper end efficient management of
public funds. The internal auditor has to inform the public entity's management with
respect to any evidence of fraud found during the course of an audit missions
 The internal auditor has a large degree of involvement and fairness, he solves problems
and improves performances, helps the entity function properly and achieve
performances, following the possible problems in the future, and he offers the entity a
state of safety and comfort.

RELATIONSHIP BETWEEN EXTERNAL AND INTERNAL AUDITORS IN THE

PUBLIC SECTOR

Oversight
Auditors assist decision-makers in exercising oversight by evaluating whether public sector
entities are doing what they are supposed to do, spending funds for the intended purpose, and
complying with laws and regulations. Audits focusing on oversight answer the questions, "Has
the policy been implemented as intended?" and "Are managers implementing effective
controls to minimize risks?" Auditing supports the governance structure by verifying agencies'
and programs' reports of financial and programmatic performance and by testing their

217
adherence to the organization's rules and aims. Moreover, oversight audits contribute to public
accountability by providing access to this performance information to stakeholders within and
outside of the organization under audit. Elected and appointed officials as well as public sector
managers are responsible for setting direction and defining organizational objectives. In
addition, managers have the duty to assess risks and establish effective controls to achieve
objectives and avert risks. In their oversight role, government auditors assess and report on the
success of these efforts.

Detection
Detection is intended to identify inappropriate, inefficient, illegal, fraudulent, or abusive sets
that have already transpired and to collect evidence to support decisions regarding criminal
prosecutions, disciplinary actions, or other remedies. Detection efforts can take many forms
including:
 Audits or Investigations based on suspicious circumstances or complaints that include
specific procedures and tests to Identify fraudulent, wasteful or abusive activity.
Alternatively, red flags that appear during the course of an audit initiated for unrelated
reasons may result in added procedures to specifically identify acts of fraud, waste, or
abuse.
 Audits such as payroll accounts payable, or information systems security audits, that
test an organization’s disbursements and related internal control.
 Audits requested by law enforcement officials that analyze and interpret complex
financial statements and transactions for use in investigating evidentiary cases against
perpetrators
 Reviews of potential conflicts of interest during the development and implementation
of laws, rules, and procedures.

Deterrence
Deterrence is intended to identify and reduce the conditions that allow corruption. Auditors
seek to deter fraud, abuse, and other breaches of public trust by:
 Assessing controls for existing or proposed functions
 Assessing organizational or audit specific risks.
 Reviewing proposed changes to existing laws, rules, and implementation procedures.
 Renewing contracts for potential conflict of interest.

Insight
Auditors provide insight to assist decision-makers by assessing which programs and policies
are working and which are not, sharing best practices and benchmarking information, and
looking horizontally across public sector entities and vertically among the levels of the public
sector to find opportunities to borrow, adapt, or reengineer management practices. The audit
activity helps institutionalize organizational leaning by providing ongoing feedback to adjust
policies. Auditors conduct their work systematically and objectively to develop a detailed
understanding of operations and draw conclusions based on evidence. Therefore, audits can
provide an insightful description of problems, resources, roles, and responsibilities that,
combined with understanding of the root cause of the problem and useful recommendations,
can encourage stakeholder’s to rethink solutions to problems, not only can the performance of
the specific program under audit be improved, but working through the issues brought to light

218
by a particular audit can enhance the capacity of the public sector and the public to deal with
similar problems. Audits focusing on insight contribute importantly to answering the broader
question, "Has the policy brought about the intended, results'?" Concurrently with, the
accountability function, audits contribute to improving the operations of the public sector.

Foresight
Auditors also help their organizations look forward by identifying trends and bringing
attention to emerging challenges before they become crises. The audit activity can highlight
challenges to come — such as from demographic trends, economic conditions, or changing
security threats — and identifying risks and opportunities arising from rapidly evolving
science and technology, the complexities of modern society, international events, and changes
in the nature of the economy. These issues often represent long-term risks that may far exceed
the terms of office for most elected or appointed officials, and can sometimes receive low
priority for attention where scarce resources drive more short-term focus on urgent concerns.
Additionally, a common audit approach — risk-based auditing — focuses the cuds: on the
organization's: overall risk management framework, which can help identify and deter
unacceptable risks. Through risk-based auditing, the audit activity provides useful and relevant
information to the organization or managing its risks.

INTERNATIONAL STANDARD ON SUPREME AUDITING INSTITUTIONS

The international Standards for Supreme Audit Institutions (ISSAIs) is a framework of

standards within INTOSAI (The international Organization of Supreme Audit institutions).

Benefits of implementing ISSAIs

The purpose of the ISSAIs is to support INTOSAI members by providing standards and
guidelines aimed to safeguard independent and effective auditing, furthermore, the ISSAIs are
intended to provide members with guidance in the development c: their professional standards
and methods on the basis of their specific mandate- The guidelines provide INTOSAI
members with a common language and approach in the areas of financial, compliance and
performance audit. Using 2 common frameworks of standards and guidance will allow
auditors to share experiences and benchmarks. It will also simplify cooperation in training and
implementation activities across borders. The standards also provide a framework against
which it is possible to measure SAI performance.

Quality
Carrying out audits in accordance with globally accepted standards will ensure a certain level
of quality and consistency m audits. All SAIs strive to earn the trust of citizens and
stakeholders alike. Applying internationally accepted standards in audits is one important step
in the direction of earning this trust. A high-quality standard will reduce auditor’s risk. The
credibility of all audit organizations is built on the quality achieved in its audits. The use of
globally accepted standards will simplify benchmarking, regional quality assurance initiative
and peer reviews as well as the sharing of experiences in other ways. Using similar audit
methods in different countries can inspire organizations to continuous improvement.

219
Credibility
Using globally accepted standards will strengthen the credibility of both the audit organization
and its auditors, external stakeholders will gain increased confidence and trust in the work of
auditors using globally accepted standards. The results and conclusions of an audit conducted
in accordance with globally accepted standards can stand up to external scrutiny. The
transparency provided by using standards well-known to audited organizations and other
stakeholders also leads to increased credibility of the audit results

Professionalism
Standards form the basis for professionalization of auditors and audit organizations by
providing a structured process for the audit work. Common standards can improve
opportunities for exchange of professional views and experiences across national and sector
borders. Joint training activities and sharing experiences will be easier if auditors apply the
same set of professional standards. Globally I accepted standards also provide a common
language between public and private sector auditors in areas of similar responsibilities.
Applying globally accepted standards will strengthen the audit profession in general.

Considerations when implementing ISSAls

It is important to recognize that there may be challenges facing a SAI when implementing the
ISSAls. Those challenges will differ depending on the development level of the SAI, the
context in which it operates, the legal requirements, available resources including personnel,
technical resources and funding, and the ambitions of the office. Below you will find some
examples of such challenges, but it is very important for each office to make its own
assessment to be well prepared for the implementation process.

220