1.

Three parties
CHAPTER 4 - CONTROLS 1. Practitioner - Auditor
2. User - Shareholders
Assurance Engagement 3. Preparers - Management / directors
The practitioner expresses a conclusion that 2. Subject matter
enhances the degree of confidence that the intended The financial statements
users the than the responsible party have of the 3. Sufficient & Appropriate evidence
conclusion of the measurement of a subject matter against Through financial review & audit procedures
criteria. 4. Compliance
eg: External (statutory) audit 5. Audit report
Env. Audit Conclusion on whether its “Fair & true”.
Fraud investigation
Due diligence
Projection review Need
- Shareholders finance companies & may not involve in
EXTERNAL AUDIT ENGAGEMENT day-to-day activities
- Directors are in behalf of the shareholders
Purpose : To enhance the degree of confidence of the
financial statements to its intended users. - Directors present financial statements to shareholders
- Incentives will make the directors manipulate the financial
Objectives : performance
1. Opinion on whether financial statements are fair in all
- Therefore an external audit by an independent party is
material aspects
2. Opinion on whether the financial Statements are in needed
accordance to the financial reporting framework
Benefits
An auditors objectives :
1. Reputation
1. Reasonable assurance - Free from frauds &
2. Quality & reliability
misstatements
3. Detection & prevention of bias & fraud
2. Review compliance 4. Enhance creditability of financial statements
3. Report & communicate 5. Highlights deficiencies of internal control systems
Elements

1
BA4 Nov. 2020 – Controls Short Note – Boopathy Kahathuduwa
 Expectations Gap
Difference of what we expect & what we get.
eg :
- We believe that the auditors checks all the transactions
and balances
- We expect that the auditor will detect all the errors and
frauds
- Believing that the auditor is responsible in preparing
the financial statements
Limitations
1. Financial statements include judgments & estimates
2. Internal control system limitations apply as well
3. Representations from management may be the only
evidence in some areas
4. Evidence is Persuasive not conclusive
5. Does not test all transactions
Rights of auditors
1. Access to accounting reports
2. Access to explanations & information if needed
3. Rights regarding their removal, resignation & retirement
4. To receive notice of, attend and speak at shareholders
meetings
Materiality convention
The auditors cannot test all transactions & balances.
Therefore they will select a sample to test based on their
assessment on where a high risk of material
misstatement lies.
BA4 Nov. 2020 – Controls Short Note – Boopathy Kahathuduwa
Why plan an audit
1. Detects & resolves potential problems
2. Gives attention to important areas
3. Team is well formed
4. Supervising & review of the work
5. Effective & efficient performance
6. Coordinates with work of others
Testing
1. Controls testing
Assesses the reliability of the accounting system
and if this work is satisfactory they will rely on this test.
2. Substantive testing
If controls testing is not reliable a more detailed test is
carried on.
Audit risk
The risk that the auditor will come to an incorrect
opinion.
Why do we need a risk assessment ?
1. Make sure the audit is more efficient
2. Fewer inappropriate opinions
3. Fewer negligence claims
2
 AUDIT RISK - “DIC RISK”
AR = DR X IR X CR
Auditor unable to
detect any Financial statements including any
material material misstatements Evidence
misstatements 1. Sufficient
- Should have “enough” evidence ( Quantity )
Reasons :
• Knowledge of the auditor
- Insufficient
work Misstatements Client controls • Size of the sample
- Inappropriate taking place in the don't detect the • Size of the population
work
first place misstatements • Reliability of evidence
- Poor judgement • Risk of the misstatement

2. Appropriate
DETECTION INHERENT CONTROLS
- Reliable
RISK ( DR ) RISK ( IR ) RISK ( CR )
• Original form
Risk that the Likelihood that a Risk that the • Documentary form
auditor won't be material material
• Independent external source
able to detect the misstatements will misstatement will
material take place not be detected, • Directly obtained by the auditor
misstatement irrespective of the prevented or - Relevance
internal control in corrected by the • Completeness
place internal control • Existence
system
To reduce the - Balance level (
audit risk the Isolated to one
auditor can only balance )
manipulate the
- Industry level
DR
- Equity level

3
BA4 Nov. 2020 – Controls Short Note – Boopathy Kahathuduwa
 Relationship of auditor & company Engagement letter
- Agency • Sent by the auditor to management.
• Principle : Shareholder • Letter which specifies the nature of contract
Agent : Auditor
• Sent before commencing the audit
• Confidence & trust
• Purpose :
- Stewardship - Minimize risk of misunderstanding
Auditors are accountable to the S/H during their - Confirm acceptance of engagement
period of office - Set out the T&C of engagement
• Reviewed once a year. No need to reissue every year
unless changes in scope or context happen.

Contents :
- Management responsibilities
- Auditor responsibilities
- Objective & scope of audit
- Application of financial reporting framework
- Referenced reports or forms
Additional ;
- Fees calculation
- Audit limitations
- Limits of audit liability

4
BA4 Nov. 2020 – Controls Short Note – Boopathy Kahathuduwa
 Reporting to “those charged with governance” Written Representation Letter
• “Those charged with governance” : Directors of the • Sent by the management to the auditor
company & Members of the audit committee • Purpose :
Matters communicate to them : • evidence that the management takes responsibility in
preparing the financial statements
- Significant findings - Complies with financial reporting framework
- Any matters that affect auditor independence - Access to relevant info and reports
- Auditor responsibilities - All transactions are reflected in the financial
- Overview of scope and time period of audit statements
Management letter • Support other audit evidence
• Letter that includes the deficits which were identified in • Sometimes the auditor drafts this letter and is printed on
the course of audit. the managements letter head and signed by the client.
• Parts : • Date should be the date which the financial statements
- Covering letter were authorized
- Appendix -
Deficiency
Implementation
recommendation

• When reporting deficiencies :

- Its for the sole use of the company
- Cannot be disclosed unless authorized by the
auditor
- No responsibility is assumed by third party
- Its only a list of deficiencies. Its not comprehensive

5
BA4 Nov. 2020 – Controls Short Note – Boopathy Kahathuduwa
 Audit report Audit Report Governance Code

Unmodified audit report : • Published : 2010

If the statements are prepared in compliance and theres no
• By : Financial Reporting Council ( FRC )
matter to pay attention to this is issued.
Institute of Charted Accountants of England &
Content : Whales ( ICAEW )
- Title & addressee • Result of : 2007 , FRC’s report of Markets participation
- Introductory paragraph group
- Management responsibility • Applicable to : Firms that audit more than 20 listed
- Auditor responsibility companies
- Opinions • Purpose : Provide a formal benchmark of good
- Other responsibilities governance practice against which some auditors will
- Signature, date & address report for the benefit of the shareholders
Other audit reports : • Content :
1. Modified without modifying the opinion • 5 sections
Everything is okay but theres something that the • 20 principles
shareholders must give special attention to • 31 provisions
2. Modified with modifying the opinion
Everything is not okay and that there is no evidence Some of the principles :
to come to a conclusion
• Leadership
• Values
• Independent non-executives
• Operations
• Reporting
• Dialogue

6
BA4 Nov. 2020 – Controls Short Note – Boopathy Kahathuduwa
 Types
INTERNAL AUDIT ENGAGEMENT 1. Project audit
2. Operations audit
3. Value for money audit
• Example of management control 4. Social & Env audit
• Reviews financial controls & checking compliance with 5. Financial audit
legislation 6. Management audit
• Aim : Supervise other controls in the company are
Limitations
working correctly
1. When employees are part of the internal audit
• Sometimes is a legal requirement. But the CG code department they may not bring up issues because they
recommends might loose their job
2. When the IAD is part of the finance function they are
Roles
reluctant to show their deficiencies
1. Review the financial statements
3. If the IAD staff has worked for long, there will be a
2. Examine financial operations
familiarity threat
3. Identifying risks
4. Reviewing the effectiveness, efficiency & economy of To have an independent audit
operations - value for money 1. Proper reporting channels
5. Special investigation 2. Independent reviews
6. Checking compliance with legislation 3. Outsourcing IA
Need of IA Qualities of a good IA
1. Size of operations 1. Independent & objective
2. Complexity of operations 2. Well organized
3. Number of employees 3. Reduced management bias
4. Cost/benefit considerations 4. Sufficiently resourced
5. Desire of senior management 5. No operational responsibilities
6. No limitations on the scope of their work

7
BA4 Nov. 2020 – Controls Short Note – Boopathy Kahathuduwa
 Outsourcing IA Distinction
Advantages Disadvantages External Audit Internal Audit
More independent Loose control Objective Comment on the Review & improve
fairness & effectiveness &
Broader expertise Lack of knowledge of the
truthfulness of efficiency of
objectives and culture of the
financial statements internal controls
org
Reporting To shareholders To management
Cost efficiency Less flexible & available
or BOD
Access to new market focus Pressure on independence
Availability Publicly Management only
technologies
Scope Verify truth & Wider scope &
Management saves time Blur in the roles of IA & EA
fairness of financial depends on
statements management
requirements
Reporting
- Terms of reference Appointment & By shareholders By BOD or audit
The requirement removal committee
- Executives summary Company Independent Employees (
Of the risks & recommendations relationship limited
- Body of the report independence ) or
Work performed & it’s results outsourced (
independent )
- Appendix
Other relevant information

8
BA4 Nov. 2020 – Controls Short Note – Boopathy Kahathuduwa
 ERRORS FRAUDS

• Not intentional • Intentional : theft by deception

Types Types
- Errors of omission - Theft of cash or other assets
- Errors of commission : doesn't affect the statements - Frauds against government
- Errors of principle : affects the statements - Frauds against financial institutions
- Frauds against investors
Prevention
- Frauds against customers
- Authorization procedures - authorizing at specific levels
- Employee fraud against employer
- Documentation - properly filled & referenced
- E-crime
- Organizing staff - segregation of duties
- Safeguarding assets - insuring, proper storing, valuing… Prevention
- Detecting errors - Anti-fraud culture
- Spot check - Risk awareness
- Whistleblowing
- Sound internal control system
Detection
- Regular checks
- Warnings
Response
- Criminal prosecution
- Civil litigation
- Disciplinary action

9
BA4 Nov. 2020 – Controls Short Note – Boopathy Kahathuduwa