Executive summary

Auditing has developed over many years, but it was not until the late nineteenth century with the

formation of joint stock companies, the predecessors to present day limited liability companies

that auditing became widely accepted in the Bangladesh to get true picture of the company to

public. Individual firms of accountants have refined their approach to auditing from time to time.

So in the assignment it is important to know about the auditing properly on the assignment I have

learned some factors that an independent auditor follow proper judgment of the firm, material

misstatements, management control, risk assessment, internal control of an auditor, monitoring ,

audit program, audit opinion etc. all those issues are the core component of the Auditing. So a

independent auditor should follow issues in order to maintain good picture of the firm to the

public.

1
Introduction
Audit was originally confined to ascertaining whether the accounting party had properly

accounted for all receipts and payments on behalf of his principal, and was in fact merely a cash

audit. Modern audit not only examine cash transactions, but also verify the purport to which the

cash transactions relate. Audit is, therefore, an examination of accounting records undertaken

with a view to establishing whether they correctly and completely reflect the transactions to

which they purpose to relate. The Auditing describes the internal & external audit processes. It

covers the planning, conducting and reporting of the results. The objective of an audit is to find

improvement in project management, delivery and quality assurance processes. The primary

function of audit is to verify the accuracy and completeness of accounts to secure that all revenue

and receipts collected are brought to account under the proper head, that all expenditure and

disbursements are authorized, vouched and correctly classified and the final account represents a

complete and a true statement of the financial transactions it purports to exhibit. It is the function

of audit to verify that financial rules and orders satisfy the provisions of Law and or otherwise

free audit objections and the rules & orders are properly applied.

Now we have some basic idea what audit is in the paper I have tried to focus on internal audit,

effective planning of an auditor (how auditor plane effectively). I have also learned how to write

a audit opinion and I have learned how risk identified in auditing and how to overcome those

risk.

2
Question 1 “How can you make an effective planning of Audit”.
Discuss in detail in support of your opinion?

When we talk about audit itself is a big term. Because an auditor have to go through huge
information for a particular company so for that reason an independent auditor need an planning
for the successful auditing. So after the auditors finish the done the arrangement understand the
audit clients business and industry, and obtain the unaudited financial statement, certain planning
tools can be used as an effective audit planning.

Audit Planning

Preliminary risk assessment

Preliminary materiality decisions

Preliminary analytical procedure

Understand internal control

Audit programs

3
Also auditors follow some terms for effective planning

 Perform procedures regarding the continuance of the client relationship and the specific
audit engagement
 Evaluate compliance with ethical requirements, including independence
 Establish an understanding of the terms of the engagement

Now I will describe by the table accordingly.

 Preliminary risk assessment

The auditor uses knowledge gained from the strategic understanding of the client
business and industry to assess client business risk, the risk that client will fail to achieve
its objectives. It is management responsibility to identify the business risks facing the
company and respond accordingly to those risks. The auditor’s main concern is the risk
of material misstatement in the financial statements due to client business risk. It is
important to note that not all business risks will turn into risks leading to material
misstatement in the financial statements.

 Preliminary materiality decisions

When planning an audit, auditors should think about “Planning Materiality” as the largest
amount of uncorrected Taka misstatements that could exist published financial
statements. Though they could still fairly present the comoanys financial and results of
operations in conformity with GAAP. This explains materiality judgments and the
concept of tolerable misstatements.

 Preliminary analytical procedure

Analytical procedures applied at the planning stage can assist the auditor in gaining an
understanding of the client’s business and in assessing client business risk. International
standard on auditing (ISA) 520 states, “The auditor should apply analytical procedures at
the planning and overall review stages of the audit.” ISA 520 Analytical Procedures

4
 states that analytical procedures include the consideration of comparisons of the entity‟s
financial information with, for example:

 Comparable information for prior periods

 Anticipated results of the entity, such as budgets or forecasts, or expectations of
the auditor, such as an estimate for depreciation
 Similar industry information, such as comparison of the entity‟s ratio of sales to
receivables with industry averages or with other entities of comparable size in the
same industry.
Application of analytical procedures may indicate aspects of the business of which the
auditor was unaware. In order to gain a better understanding of the client’s business and
industry, the auditor will calculate typical ratios and compare the company ratios to those
of the industry. Analytical procedures identify significant deviation from predicted
amounts, which show the auditor where to increase procedures to obtain corroborative
evidence. Preliminary analytical procedure is another important aspect of audit planning

 Understand internal control

Before auditing the firm an auditor needs to know the internal control porcess. How
management controls the internal control process. So by the book definition “Internal
control is the process, effected by an entity's Board of Trustees, management, and other
personnel, designed to provide reasonable assurance regarding the achievement of
objectives in the following categories:

 Reliability of financial reporting,

 Effectiveness and efficiency of operations, and
 Compliance with applicable laws and regulations.”

So for the proper planning an independent auditor should follow those issues on the other
hand internal control of an audit has some components that an auditor need to know for
the internal control of the firm. Because Internal Control components are desired goals or
conditions for a specific event cycle which, if achieved, minimize the potential that
waste, loss, unauthorized use or misappropriation will occur.  They are conditions which

5
 we want the system of internal control to satisfy.  For a internal control components to be
effective, compliance with it must be measurable and observable.

So there are five components of internal control

Internal Control Environment

Information and
Risk Assessment Control Activities Monitoring
Communication

So the essence of the effectively controlled organization lies in the attitude of its
management. If top management believes that control is important, others in the
organization will sense that and respond by consciently observing the control established.
on the other hand it is clear to members of the organization that control is not an
important concern to top management and it is given lip service rather than meaningful
support, it is almost certain that management’s control objective will not be effectively
achieved.

 Audit programs
Last but not the least the audit program is ordinarily maintained in a separate file to
improve the coordination integration of all parts of the audit, although some firms also
include a copy of the audit program for each audit section with that sections working
papers. As the audit progresses, each auditor initials the program for the audit procedure
performed and indicated the date of completion. The inclusion in the working papers of a
well designed audit program completed in a conscientious manner is evidence of a high
quality audit.

6
So in the last of the audit plan we have learned the overall audit strategy includes consideration
of planned audit responses to specific risks through the development of the audit plan. The
overall audit strategy also helps the auditor determine the resources required for the engagement,
including engagement staffing. Therefore, at a minimum the following matters should be
included in the overall audit strategy:
 Relevant characteristics of the audit engagement, such as the reporting framework used in
order to set the scope of the engagement.
 Key dates for reporting and other communications
 Setting of materiality
 Preliminary risk assessment and whether internal controls are to be tested
 Consideration of resources available and how they are to be used

Question 2 How
would you write your opinion in an audit report?
Prepare a Dummy audit report?
An audit reports other than the standard unqualified audit report usually are called qualified
reports because they contain an opinion paragraph that does not give the positive assurance they
rather give reasonable assurance that everything in the financial statements is in conformity with
GAAP. The qualified, adverse, and disclaimer reports contain different opinion message about
the degree of responsibility the auditor is taking. Before going to the audit opinion we should
know The accounts of listed companies are almost always given an unqualified opinion on the
audit report. Potential problems will be identified and dealt with ahead of the release of the
financial statements.

Even an unqualified audit opinion is an opinion, not a guarantee. Auditors check the accounts,
but they usually rely on the management of the company to some extent: an auditor can be
fooled by extensive falsifying of the accounts, especially if it is systematically organised by the
management.

7
 INDEPENDENT AUDITOR’S REPORT

Board of Directors, Stockholders, Owners, and/or Management of

Mutual Trust Bank Limited
MTB Centre, 26 Gulshan Avenue
Plot 5, Block SE(D), Gulshan 1, Dhaka 1212

We have audited the accompanying Balance Sheet of the Mutual Trust Bank Limited as of
December __, ____ And the related Profit and Loss Account, the statement of Cash Flows and
Changes in Equity for the year then ended. The preparation of the financial statements is the
responsibility of the bank’s management. Our responsibility is to express an opinion on these
financial statements based on our audit.

Excepts as discussed in the following paragraphs, we conducted our audit in accordance with
Bangladesh Standards on Auditing (BSA). Those Standards require that we plan and perform the
audit to obtain reasonable assurance about whether the financial statements are free of material
misstatement. An audit includes examining, on a test basis, evidence supporting - the amounts
and disclosures in the financial statements. An audit also includes assessing the accounting
principles used and significant estimates made by management, as well as evaluating the overall
financial statement presentation. We believe that our audit provides a reasonable basis for our
opinion.

In our opinion, except for the effect on the financial statements of the matter referred to in the
preceding Paragraphs, the financial statements, prepared in accordance with Bangladesh
Accounting Standards except BAS 19, give a true and fair view of the state of the company’s
affairs as of December __, ____ and of the results of its Operations and it’s cash flows for the
year then ended and comply with the applicable sections of Bank Company Act 1991, the rules
and regulations issued by the Bangladesh Bank, the Companies Act 1994, the Securities and
Exchange Rules 1987 and other applicable laws and regulations.
We also report that:

8
 1. We have obtained all the information and explanations which to the best of our
knowledge and Belief were necessary for the purposes of our audit and made due
verification thereof;
2. In our opinion, proper books of account as required by law have been kept by the bank so
far as it appeared from our examination of those books and proper returns adequate for
the purposes of our audit have been received from branches not visited by us.
3. The company’s balance sheet and profit and loss account dealt with by the report are in
agreement with the books of account and returns,
4. The expenditure incurred was for the purposes of the company’s business;
5. The financial position of the bank at December 31, 2007 and the profit for the year then
ended have been properly reflected in the financial statements; the financial statements
have been prepared in accordance with the generally accepted accounting principles;
6. The financial statements have been drawn up in conformity with the Bank Company Act
1991 and in accordance with the accounting rules and regulations issued by the
Bangladesh Bank;
7. Adequate provisions have been made for advances which are in our opinion, doubtful of
recovery.
8. The financial statements conform to the prescribed standards set in the accounting
regulations issued by the Bangladesh Bank after consultation with the professional
accounting bodies of Bangladesh.
9. the records and statements submitted by the branches have been properly maintained and
consolidated in the financial statements;
10. The information and explanations required by us have been received and found
satisfactory.

HOWLADAR YUNUS & CO Dhaka, Bangladesh

Chartered Accountants. Dated: April __, ____

9
Question 3 How auditor can review and reliance on Internal Control
System?

Internal control evaluation and control risk assessment is a very important part of the work in
every audit of financial statements. Generally accepted auditing standards (GAAS) emphasizes
internal control in the second field work standard: “a sufficient understanding of the internal
control structure is to be obtained to plan the audit and to determine the nature, timing, and
extent of tests to e preformed” (SAS 1, AU 150; AU 319).so Broadly defined, internal control is a
process, effected by an entity's board of directors, management and other personnel, designed to
provide reasonable assurance regarding the achievement of objectives in the following
categories:
o Effectiveness and efficiency of operations.
o Reliability of financial reporting.
o Compliance with applicable laws and regulations.
Effective internal control is perhaps the most important deterrent to fraud. Strong internal control
can prevent or detect most types of fraud, waste and abuse. During our assessment of the current
system of internal control, not only were we concerned with the controls in place but just as
importantly whether those controls were operating as prescribed. As we identified fraud
exposures and controls in a given area, we created procedures to test for compliance.
1. Objectives of internal control
 Transactions are executed in accordance with management's general or specific
authorization
 All transactions and other events are promptly recorded in the correct amount, in the
appropriate accounts and in the proper accounting period so as to permit preparation
of financial statements in accordance with the applicable accounting standards, other
recognized accounting policies and practices and relevant statutory requirements, if
any, and to maintain accountability for assets
 Assets and records are safeguarded from unauthorized access, use or disposition
 Recorded assets are compared with the existing assets at reasonable intervals and
appropriate action is taken with regard to any differences
 Systems and procedures are effective in design and operation

10
  Risks are mitigated to a reasonable extent
2. Purpose and Types of Internal Controls
Internal controls are a system consisting of specific policies and procedures designed to provide
management with reasonable assurance that the goals and objectives it believes important to the
entity will be met. "Internal Control System" means all the policies and procedures (internal
controls) adopted by the management of an entity to assist in achieving management's objective
of ensuring, as far as practicable, the orderly and efficient conduct of its business, including
adherence to management policies, the safeguarding of assets, the prevention and detection of
fraud and error, the accuracy and completeness of the accounting records, and the timely
preparation of reliable financial information. The internal audit function constitutes a separate
component of internal control with the objective of determining
Whether other internal controls are well designed and properly operated.
o Internal control system consists of interrelated components as follows:
o Control (or Operating) environment.
o Risk assessment.
o Control objective setting.
o Event identification..
o Control activities.
o Information and communication.
o Monitoring.
o Risk response.

3. Internal Control Process

Internal control consists of five interrelated components as follows:

Internal Control Process

Control (or Operating) environment

Risk assessment Control activities
Information and communication Monitoring

11
 1) Control Environment
The control environment is the control consciousness of an organization; it is the
atmosphere in which people conduct their activities and carry out their control
responsibilities. An effective control environment is an environment where
competent people understand their responsibilities, the limits to their authority,
and are knowledgeable, mindful, and committed to doing what is right and doing
it the right way. They are committed to following an organization's policies and
procedures and its ethical and behavioral standards.The control environment
encompasses technical competence and ethical commitment; it is an intangible
factor that is essential to effective internal control.

2) Risk Assessment
I. Determine Goals and Objectives
The central theme of internal control is (1) to identify risks to the achievement of
an organization's objectives and (2) to do what is necessary to manage those risks.
Thus, setting goals and objectives is a precondition to internal controls.
At the highest levels, goals and objectives should be presented in a strategic plan
that includes a mission statement and broadly defined strategic initiatives. At the
department level, goals and objectives should support the organization's strategic
plan
II. Identify Risks after Determining Goals
Risk assessment is the identification and analysis of risks associated with the
achievement of operations, financial reporting, and compliance goals and
objectives. This, in turn, forms a basis for determining how those risks should be
managed.

3) Control Activities
Control activities are actions, supported by policies and procedures that, when
carried out properly and in a timely manner, manage or reduce risks.

4) Information and Communication

Information and communication are essential to effecting control; information
about an organization's plans, control environment, risks, control activities,

12
 and performance must be communicated up, down, and across an
organization. Reliable and relevant information from both internal and
external sources must be identified, captured, processed, and communicated to
the people who need it--in a form and timeframe that is useful. Information
systems produce reports containing operational, financial, and compliance-
related information that makes it possible to run and control an organization.

5) Monitoring
Monitoring is the assessment of internal control performance over time; it is
accomplished by ongoing monitoring activities and by separate evaluations of
internal control such as self-assessments, peer reviews, and internal audits.
Internal control
Is effective if management and interested stakeholders have reasonable
assurance that:
 They understand the extent to which operations objectives are being
achieved.
 Published financial statements are being prepared reliably.
 Applicable laws and regulations are being compiled.

Though it has always been part of normal audit procedure to test the internal control system, but
since there is no rule relating to that, the eternal auditor may adopt the most minimal sample for
the test. The scope of such test has now increased since the auditors are required to report on
their findings following a complete review of the system of internal control. So by following
those steps an auditor can review and rely on internal control system.

13
Question 4: What type of Risks are identified and analyzed by the
internal control department? What actions are taken by
management to manage the risks?

The auditor should critically review all the areas of high risk in order to ensure that the planned
procedures adequately cover such areas and that competent staff have been assigned to these
areas. High risk areas may relate to the nature of the items, such as cash for a retail establishment
with numerous collection points and outdoor disbursement locations. Risk may also relate to a
high probability of error. Although some level of risk will have to be accepted, in practice, a firm
will need to quantify its acceptable level of audit risk.
At the planning stage, the auditor should assess the risk of material errors or misstatements in the
following areas:
o In the financial statements as a whole; and
o In each of the component items in the financial statemens, such as Cash, Stocks, Debtors,
Creditors and (in the balance sheet) and Sales, Expenses and Purchases (in the profit and
loss account).

Determination of Audit Risk

A firm’s audit risk is derived from an assessment of the following elements:
A. Inherent risk: This derives from the characteristics of the client’s products or services it
deals in. It derives from the type of industry in which the client operates and will vary
according to the accounts item being examined.an internal auditor should kept in mind
(i) The company’s performance and profitability;
(ii) The nature of the business, its services and the susceptibility of its products or
services to market forces;
(iii) The financial stability of the company at present time and in the foreseeable future;
(iv) The incidence of related party and unusual transactions;
(v) The susceptibility of the company’s assets to fraud and misappropriation;
(vi) The auditors previous experience with the company as regards the records reliability
and the explanations given by the management;

14
 (vii) Circumstances that may exert undue influence upon the company’s management.
For example, the pressure to meet budgeted profits; and
(viii) The likelihood that error could have a material effect upon the financial statements.
B. Control risk: This is the risk that the internal control system may not prevent or detect
material misstatements or errors. Also in the control risk some factors should remember
in mind.
(i)The strength, quality and effectiveness of its management
(ii) Whether the company has an effective internal audit department;
(iii) The internal controls of the company and the competenceof the accounting
personnel;
(iv) The degree of supervision exercised by the management of the company; and
(v) The nature of the accounting methods in operation. For example manual or
computerized records
C. Detection risk: This is the risk that the auditors substantive audit tests and procedures
and his review of the financial statements will not detect material misstatements or errors.
Some factors should remember in detection risk.
(i) Recruitment procedures of the audit firm;
(ii) Use of latest audit techniques and procedures;
(iii) The qualifications, experience and competence of the engagement team; and
(iv) The method and timing of the audit review procedure

Benefits of Audit Risk Assessment

The benefits of audit risk assessment are:
(a) It saves audit cost and fees;
(b) It ensures that the audit work is completed expeditiously and economically;
(c) It removes all avoidable pitfalls in the audit procedure;
(d) It reduces the possibility of under or over auditing;
(e) It results in a more effective and efficient audit work;
(f) It focuses the auditors attention on factors which are more likely to result in
misstatement; and
(g) It facilitates the use of sampling and the attendant benefits derived there from.

15
Limitations of Audit Risk Assessment
The limitations of audit risk assessment include the following:
(a) Subjective values have to be placed on inherent and control risk
(b) It may result in a mechanical approach which leads to a loss of auditor’s judgment
(c) The auditor may spend more time on the mechanic of the process and assessment at
the expense of time spent obtaining audit evidence
(d) The assignments of risk levels are often not suitably specific which puts into question
the validity of any conclusions reached.

Risk Management
The process of risk management involves:
 understanding organizational objectives;
 identifying the risks associated with achieving or not achieving them and assessing the
likelihood and potential impact of particular risks;
 developing programmes to address the identified risks; and
 monitoring and evaluating the risks and the arrangements in place to address them.
Risk may affect many areas of activity, such as strategy, operations, finance, technology and
environment. In terms of specifics it may include, for example, loss of key staff, substantial
reductions in financial and other resources, severe disruptions to the flow of information and
communications, fires or other physical disasters, leading to interruptions of business and/or loss
of records. More generally, risk also encompasses issues such as fraud, waste, abuse and
mismanagement.

16
 Now I will show Fundamentals of Good Risk Management and Internal Control

Keeping Risk
It simple Awareness
Emphasis Fundamental controls
On changing
Behavior

GOOD RISK
Reliable business MANAGEMENT AND INTERNAL CONTROL
Consultation
Information response Throughout
The company

Early warning Continual application

Mechanisms and Awareness of business objectivesOf control strategies
Quick response

Documentation of the audit as evidence of work done is equally important by compiling good
quality audit working papers. Aside from gathering evidence within the client’s operating
environment, the auditor may also look for evidence elsewhere by making contacts with experts.
Audit risk assessment is an important aspect of audit; the result will determine the nature, extent
and timing of the auditor’s substantive audit test programme. Where the assessment shows that
the risk is high, the auditor is expected to pay particular attention to the transaction caption and
design detailed level of substantive test programme. In carrying out the assessment, the auditor is
Expected to take into consideration the client’s operating environment and the controls in
operation.

17
Conclusion

18