Professional Documents
Culture Documents
The Audit Process
The Audit Process
INDUSTRIAL CONTEXT
Quality control is primarily the responsibility of the management. However the auditor has
also
the responsibility of controlling the quality of his work. This is done through proper planning
of hid audit work and delegation of duties to qualified and competent staff.
ii. Planning and subsequently controlling the audit. Procedures would include
preparation of an “audit memorandum” setting out work to be done and timing and staff
requirements. A preliminary review of the client’s management accounts and previous
audit files would also have been required.
iii. Ascertaining, evaluating and testing the client’s accounting systems and internal
controls. There are several ways of dealing with this. A modern way is to ascertain by
asking `grass roots’ staff; recording the facts by means of low charts etc. and evaluating
by the use of the `key’ questions and criteria questions using a hypothetical or normative
model of the appropriate systems.
iv. Carrying out tests on the systems to determine if they are effective and are
consistently applied at all relevant times. This is done by means of “compliance”
tests preferably operated on a statistically valid basis.
v. Verifying the existence, title and amounts included in the balance sheet in
respect of assets, liabilities and capital. This is done by a variety of means including
assessment of internal control procedures and by means of “substantive” tests which give
direct evidence of the items to the auditor, e.g. bank letter, and debtors circularisation.
vi. Checking the inancial statement with the accounting records. This is a requirement
of the 7th Schedule of the Companies Act and is achieved by simply making such a
comparison.
vii. Examining the income statement to confirm that it reflects the results of the
operations of the enterprise. This is achieved by assessment of internal control
procedures and the quality of the records, by seeking direct evidence, and by seeking
out and probing anomalies or differences from expectations.THETH
viii. Examining the financial statements for conformity with acceptable accounting
practices and for compliance with legal and other disclosure requirements. This
is achieved by the use of check lists.
ix. Considering the financial statements as a whole and reviewing the audit work and
conclusions drawn there from in order to determine whether such statements
give a true and fair view. This is achieved by a review conducted by experienced
personnel considering the audit working papers; any revealed anomalies and any
uncertainties and any disagreements with directors or other parties responsible for the
preparation of the accounts.
x. The drafting of an auditor’s report giving the auditor’s opinion on the truth and
fairness and compliance with statute of the accounts. The wording of the report
will depend on the conclusion drawn by the auditor from his audit, and the report may
be qualified or unqualified.E
Introduction to planning
The primary objective of an audit is the expression of an expert and independent opinion on
the truth and fairness of the information contained in the annual financial statements
expressed in the audit report and the ascertainment and evaluation of the accounting systems
as the basis for the preparation of financial statements.
It is for the auditor to decide the extent of audit work he considers necessary in order to
support
his opinion.
ISA 200 Objectives and General Principles governing an audit of financial statements states
that the auditor should carry out an audit in accordance with ISAs and ethical principles to
provide reasonable assurance that the financial statements are free from material
misstatement.
The auditor should plan the audit work so that the audit will be performed in an effective
manner
“Planning” means developing a general strategy and a detailed approach for the expected
nature, timing and extent of the audit. The auditor plans to perform the audit in an efficient
and
timely manner.
International Standard on Auditing (ISA) 300 Planning establishes standards and provides
guidance on planning an audit of financial statements.
An audit is an assignment. To complete the assignment efficiently and effectively in an
economical and cost effective manner then it must be planned for in some detail before
commencement and the strategy constantly reviewed as the audit progresses. Planning
consists of determining what is to be done, determining when it is to be done, determining
who is to do it; and determining what it will cost in terms of hours and money.
2. Section 2 would consist of the history or a brief background of the client and any
major changes that have taken place since the previous audit visit. Accordingly, this
paragraph will cover such matters as the kind of business the client is in, the products,
the spread of the company’s products, the location from which the client operates,
changes in key personnel, accounting policies and procedures, legislation and even
changes in the industry structure.
If the company is a part of a group, then a summary of the relationship with other
companies in the group may also be provided.
3. Section 3 would summarize those areas with high inherent risk. These are those
areas whereby because of the nature of the business environment, in which the client
operates, there is a high chance of misstatement or misreporting those are areas
where the auditor could reach a wrong conclusion unless special audit procedures are
adopted.
4. Section 4 could summarize the financial position and results. This normally involves
summarizing the balance sheet and the profit and loss account for the last audited year
and having alongside those figures the latest a management accounts figures as well
as the budgeted figures. The auditor then carries out a ratio analysis on the financial
information to identify other audit risk areas or areas where apparently there have been
new developments or significant changes that require investigation and explanations.
5. Section 5 could consist of a listing of incomes, expenses, assets and liabilities i.e.
the significant components of the financial statements and a brief description of the
methods to be adapted to verify them.
6. Section 6 is materiality levels, which would be set for every material component of the
financial statements and the related audit approach.
7. An outline of the proposed audit approach. The aspects that would be covered here
include:
• The expected client staff assistance in the preparation of supporting schedules
• The expected reliance on the Internal Control Systems (ICS)
This section would also highlight the expected levels of assurance to be derived from:
- tests of control
- analytical review procedures
- substantive procedures of details
8. Section 8 could consist of a timetable on timing of key events or activities such as the
proposed date of the AGM, the date of audit clearance, the date of the stock take and
the date of the various audit units.
9. Section 9 could deal with the staffing arrangements, identifying the partner responsible
for the audit, the manger, the accountant in charge and the audit assistants.
10. Section 10 could be for the budget and a fee quotation. This would show for every staff
member, the number of man hour as well as the cost of throe hours.T
Controlling
The auditor carries out his work using different levels of staff. To achieve the plan requires
control at all stages. The elements of control are:
(a) Directing or Direction: Staff must have the instructions to follow. This could be
Formalised audit programmes clearly setting out what the
staff must do.
(b) Supervision: Every member of the audit team should be subject to supervision by his
superior to ensure that the plan is being carried out as expected and all necessary work is
being
done.
(c) Reviewing: The work done would be reviewed at all levels and evidence of this review
should be available.
(d) Recording: The entire audit process must be properly documented in the form of working
papers.
Matters to be considered by the auditor in developing the overall audit plan include the
following;
AUDIT PROGRAM
The auditor should develop and document an audit program setting out the nature, timing and
extent of planned audit procedures required to implement the overall audit plan.
The audit program serves as a set of instructions to assistants involved in the audit and as a
means to control and record the proper execution of the work. The audit program may also
contain the audit objectives for each area and a time budget in which hours are budgeted for
the various audit areas or procedures.
In preparing the audit program, the auditor would consider the specific assessments of
inherent
and control risks and the required level of assurance to be provided by substantive
procedures.
The auditor would also consider the timing of tests of controls and substantive procedures,
the
coordination of any assistance expected from the entity, the availability of assistants and the
involvement of other auditors or experts.
Substantive procedures
This involves creating and using audit programs for material account balances and
transactions.
The two categories of substantive testing include tests of detail of transactions and balances
and analytical procedures.
Statement of Financial Position Approach
This approach is based on the assumption that the statement of financial position is the most
important aspect of the financial statements and therefore if the statement of financial
position is correct, the other statements must be correct. It is suitable for small companies and
larger property companies. It concentrates audit testing on the account balances with limited
testing of the profit and loss account.
Audit Risk Approach
AUDIT RISK
As we have seen many parties rely on the audit opinion to make decisions, and therefore it is
now a well-established fact that if the auditor gives an audit opinion that is wrong in some
particular then they stand a chance of suffering some damage.
Audit risk therefore could be defined as the chance of damage to the audit firm as a result of
giving an opinion that is wrong in some particular. Or put another way, it could be explained
as the possibility that financial statements contain material mis-statements which had escaped
detection by both an internal control on which the auditor has relied and on the auditor’s own
substantive tests and other work.
It could be looked at also as: the possibility that the auditor may be required to pay damages
to the client or other persons as a consequence of:
1. The financial statements containing a mis-statement;
2. The complaining party suffering a loss as a direct consequence of relying on the financial
statement and
3. Negligence by the auditor in not detecting any reporting on the mis-statement which
can be demonstrated.
Damage to the audit firm or the auditor may be in the form of monetary damages paid to the
complainant as compensation or simply damage to their reputation with a client or the
business
community.
All audits involve an element of risk such that however strong the audit evidence and
however
careful the auditor, there is always a possibility of an error or a fraud going undetected. It is
generally known that the auditor who organises his office and staff in a competent manner
and
follows auditing standards and guidelines is unlikely to be found negligent and to pay
damages
as a consequence of fraud or error not being discovered by him.
Audit risk can be either normal or higher than normal.
(i) The existence of put upon enquiry situations, dominance by the single person and
lack of involvement of directors or proprietors. In such a situation, the auditor
approaches his audit in a manner that is:
Sceptical, relying on high calibre staff
Collection of audit evidence in each area from a wide range of sources
Taking extreme care in the preparation of audit working papers
Investigating thoroughly high risk and problematic areas
Exercising extreme care in drafting the audit report
In addition to normal risk and higher than normal risk discussed above, the auditor can also
be exposed by sub-standard work such as:
iv. His failure to perform necessary audit work because of time and cost consideration
v. His failure to detect errors or fraud because of poor sampling methods or the selection
of inadequate sample sizes
It is essential that an audit firm should organize itself in such a way that it can minimise the
risk of suffering any damage. We can look at these measures from two points of view. Broad
measures taken by the profession as a whole and measures to be taken by the individual
auditor
in minimising this audit risk.
a) Getting an understanding of the entity as a whole in order to see the accounting system
in proper perspective and thus be able to assess how effective and appropriate the
system is;
c) Record the system that he has ascertained either in the form of narrative notes, low
charts, check lists or answers to the ICQ;
d) If the auditor intends to rely on the internal control then he further has to record the
system of controls in detail;
e) If the system’s record was provided by the client or was obtained through reading
manuals, then the auditor must perform walk through tests to confirm the correctness
of the record and also his own understanding of the system;
f) The auditor then performs a preliminary assessment of the system, and if he is relying
on controls then he performs a preliminary evaluation of those controls;
g) If the system of controls and accounting seems adequate and the auditor feels that he
can rely upon the controls he then designs and performs compliance tests. However,
if he does not wish to rely on the controls then he performs substantive tests on the
records;
h) He has to evaluate his evidence and form an opinion on whether proper books of
accounts have been kept and whether the books of accounts form a reliable basis for
the preparation of the financial statements.
The big firms have largely adopted this approach within their audit methodology.
The history of auditing shows a gradual change over time as detailed testing of transactions
moved to system audits. The next development was the audit risk model which focuses the
audit and the extent of audit procedures on to the areas of an audit where the auditor was
most at risk of giving an inappropriate opinion.
Here we consider concept of risk from the view point of the business as a whole:
In recent years the broader concept of business risk has been developed by the larger firms. It
was the subject of the ICAEW auditing road show ‘Tomorrow’s audit today’ in the late 1990s
in the UK. The concept has not been fully reined but its main principles are now well
established.
Business risk is the threat that an event or action will adversely affect a business’s ability
to achieve its ongoing objective. It can be split between external and internal factors.
The business risk approach to auditing involves examining the business in it’s entirely and
evaluating the various risks to which it is exposed. The business risks are factors which affect
the company’s ability to meet its goals. The risks may be controllable (to some extent) or
uncontrollable (for example, external factors). It may be possible to trade-off some risks (e.g.
insurance). The auditor is concerned about those risks which may impact upon the financial
statements and therefore needs a full understanding of the business and its risks in order to
do this. The auditor will then plan the audit strategy with these business risks clearly focused
in mind.
The ideas of inherent risk and control risk can be called residual risk which has to be
minimized by audit action. An audit action carries with it detection risk.
The approach is very much a high level approach and should include consideration of
all matters which are critical to the business. For example, ‘could the client lose the
XYZ franchise and what would be the possible consequences for the company and its
financial statements?’
It is an aid to the firm’s acceptance and continuation procedures for clients (do we want
this client?)
Business failure risk is an important aspect of overall business risk. The assessment of
business failure risk will assist the auditor when considering the going concern status of
the clients business.
The audit needs to be tailor made and a generalized approach to audits is neither
productive nor economical
Auditors need more understanding of business and to that end the larger firms set up
larger databases of information about the economy and the business world
§ The concept implies a continuing relationship with the client rather than a one off view
with each year being separate.
As should be evident from this summary the business risk approach is a more holistic
approach
to the audit. The business risk approach starts at a stage back from the traditional audit risk
model and offers more benefit to auditors and clients alike.
Whereas the audit risk model encompasses the last two aspects the business risk approach
starts with examining the business activity and identifies the risk relating to it, before examining
the risks of the information and subsequently the financial statements being misstated.
The consequences of the business risk approach should be a more efficient and focused
performed by a more knowledgeable auditor resulting in a better auditor – client relationship. For
example, the audit will have less emphasis on transactions. The auditor may well provide other
benefit to the client given this greater understanding of the business and its risk profile.
External risks
Internal Risks
Businesses are at risk if their business objectives are not achieved. It is therefore desirable for
the management to identify all business risks and if necessary to amend the plan to
accommodate the risks or make contingency plans to survive.
For example, a company which has over reliance on one customer might decide actively to
seek new customers or markets, perhaps by acquisition. Another example would be a company
which is totally reliant on is computer system should have backup facilities.
Individual business risk can be low or high impact and low or high likelihood. Here are some
examples for a satirical magazine.
What can management do about risks once they are identified? Clearly what to do depends on
the risk and there are an infinite variety of risks. One possible classification of potential
reactions by management is as follows:
Do nothing and hope for the best
Develop internal controls
Develop quality controls over production of goods, production of services,
staff
recruitment
Join in government schemes like Famine Relief or Poverty Reduction
Train staff
Diversify – acquisition, new products, multiple sourcing, adding to customer
base perhaps by exporting
Risk reduction – raising staff awareness of risk, tighter discipline in all areas,
physical measures such as sprinklers. Diversified computer systems instead of
one complex one
In the end, the business of the entrepreneur is risk raking and all risk cannot be removed. The
basic economic truism is that there is a correlation between risk and return and high returns
are
not possible without risk.
Below is a checklist of the possible planning implications for the audit of business risk
Is the control environment good?
Does the management manage risk effectively?
Is the accounting system adequate?
Do any risks threaten the going concern status of the company?
Do any of the risks have implications for cash low?
Is there a high risk of fraud – e.g. poor controls, management override, overwhelming
ambition and arrogance in the chief executive?
Are there related parties with different agendas?
Is the business under threat of being taken over, with the risk of management
misstating financial statements?
Is there a risk of litigation against the company?
Is there any risk of withdrawal of support by loan or trade payables?
Ultimately many of the audit risks come down to the following factors or a combination
of them.
Possible misstatements due to lack of controls. Recent company failures (often
shortly after clean audit reports) have been caused by overvaluation of inventory
under
allowance for bad debtors etc.
Working capital shortage leading to cash low difficulties and technical insolvency,
often due to expansion which has been rapid.
Inappropriate accounting policies. These can often lead to overstatement of assets or
understatement of liabilities.
Suppression of liabilities
Fraud by management
Related parties’ transactions or activities
Going concern appropriateness
Computer failures
Litigation or regulatory problems
During the initial meeting you have ascertained the following information:
The company’s turnover has increased by about 30% a year for the last three years
Mr. Alfred is a dominating personality who seems tireless and has limitless ambition
The company has two major customers and a few small ones
The largest customer has recently announced major expansion plans and Harbridge
have already purchased additional land and have signed a contract for more building
to
increase production. You have read in The Daily Times that the customer’s expansion
plans are viewed with some skepticism by the city which seems to doubt the
company’s
viability.
Harbridge has borrowed heavily from its bank and a major repayment of the loan is
due shortly. The company is already on its overdraft limit and has yet to fund the new
building construction. Mr. Alfred is in negotiation with a Middle Eastern bank for
further finance.
Many of the company’s parts are sourced in a country with an exchange rate which is
very favourable to the UK. The financial press has lately suggested that this rate may
change in the near future.
The company recently purchased a very large and very complex computer system to
control all its affairs. Mr. Alfred admits that his admin staff (headed by his brother,
who
has recently returned from ive years back packing abroad) does not really have the
competence to run it properly.
The company recently purchased a company jet aircraft which Mr. Alfred says he
finds
essential for visiting customers and suppliers. Mr. Alfred pilots the aircraft himself.
He
has just been to Miami where there are neither customers nor suppliers.
§ Mr. Alfred admitted that the company had recently been issued with writs alleging
that the company had breached a patent in one of its vital processes and that the
company had failed to pay the sum due to a supplier. Mr. Alfred did not consider this
as serious and said that failure to pay was because the new computer system had not
agreed the amount due with the supplier’s statement
The company has no formal management accounting system. The new computer
system is supposed to remedy that but nothing has been done as yet.
Mr. Alfred has plans to float the company in the near future.
Required
(a) Identify and describe the principal business risks relating to Harbridge Lorry
Components ltd.
(b) Justify an appropriate audit strategy for the first audit of Harbridge Lorry
Components Ltd.
(c) Suggest some procedures that Harbridge could implement immediately to improve
is accounting procedures and financial controls.
Business risk is the risk that the audited entity will fail to achieve its objectives. This
approach is said to offer a top down, rational, value added, focused and economical
audit with good coverage of audit work. The business risk approach is to be preferred
because it should result in a more efficient and focused audit performance by a more
knowledgeable auditor resulting in a better auditor client relationship.
The term systems audit refers to the typical audit approach to medium and large companies
and is based on the assumption that such companies have internal control systems which will
hopefully constitute a reliable base for the preparation of the accounts. In other words, the
characteristic of a systems audit is an examination of internal control.
We have already established that many small companies cannot achieve satisfactory internal
control and it is hence clearly futile for the auditor to seek to rely on controls if they don’t
exist or are patently unreliable. For such enterprises the auditor has no alternative but to carry
out a so called ‘substantive audit’ involving extensive verification of transactions followed by
a detailed examination of the balance sheet (verification of assets and liabilities and review of
the financial statements).
Directional Testing
The concept of directional testing recognises that it is the purpose of the audit test which will
determine the direction of the test.
EXAM QUESTIONS
Question one
You are the audit manager at Zabuko and Associates responsible for the audit of the books
of account of Ziwani Spares Ltd. In the course of the audit of the financial statements for the
year ended 30 June 2020, your preliminary evaluation of the internal controls indicated that
reliance could be placed on the system. However, compliance tests carried out during the
audit
disclosed that the system was not operating effectively. This situation has necessitated
various
amendments and additions to your original audit plan.
Required:
Describe the changes to be effected:
(Total: 20 marks)
Question two
The Board of D Ltd., a company quoted on the stock exchange, has decided to introduce an
internal audit function. As a first step, the Board wishes to outsource the service and has
invited
your audit firm to tender for the contract. The terms of reference will entail a range of
activities
including:
• Review accounting, internal control and risk management systems.
• Examination of financial and operating information.
Your firm has provided a number of services to this client for many years including, he
statutory audit of the annual financial statements and on-going consultancy work.
Required:
(a) Explain the importance of the concept of independence to external auditing. (6 marks)
(b) Identify and discuss the threats to your audit firm’s independence which may arise from
the provision of all the services outlines above and suggest how these treats may be resolved
by your firm. ( 14
marks)
( Total 20
marks)
Question three
You are the manager responsible for the audit of BCD Stores Ltd. which has a number of
stores
which sell household products to the general public, including furniture, electrical equipment,
cooking equipment and carpets. The company has annual sales of about $1,600 000. In
previous years’ audits, there have been problems with:
The company has a small internal audit department, the staff of which visit branches and
perform appropriate audit work at the head office.
Required:
(a) Describe the work you will carry out and the matters you will consider in planning the
audit prior to the commencement of the detailed audit work, including consideration of
the timetable for the audit. ( 12
marks)
(b) Describe the procedure you will carry out to control the audit including reviewing the
work
of the audit staff. (8
marks)
(Total: 20 marks)